From porpoise1954 at yahoo.co.uk Thu Jun 1 00:32:15 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 31 18:35:11 2006 Subject: [SpamCop-List] Re: Help Needed with a blocked/filtered address References: Message-ID: "Luis Sandoval" wrote in message news:e5l4r4$c59$1@news.spamcop.net... > Hello, > > Any directions or explanations about how to solve the following issue > would be appreciated. > > I sent a mail to a contact with whom a regulary exchange messages. But > this time I got the message back with this error: > 5.1.0 - Unknown address error 550-'Rule imposed as luis.sandoval@ieee.org > is blacklisted on SpamCop (see www.spamcop.net)' > > How can I check in the spamcop website if my address is listed, and why or > who listed my address. Sure this is an error, as never use to send spam > mail. > > What can I do to remove my address from any blacklist if it's actually > listed? Well, first off, you have misinformation. Spamcop does not block anything, it compiles a blacklist of *bad* IP addresses that have been reported as being the source of spam. That is, IP addresses - not email addresses. So, whoever configured that 550 message is lying. From g.hyde at bigpond.net.au Thu Jun 1 10:37:18 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed May 31 19:40:03 2006 Subject: [SpamCop-List] Re: o References: Message-ID: "Luis Sandoval" wrote in message news:e5kim8$rb7$1@news.spamcop.net... >o If you wanted to test posting to SpamCop newsgroups, you should know that there's a spamcop.test newsgroup explicitly created for this kind of testing. FUT --> spamcop.test Cheers ... Geoffrey Hyde From dfmanno at mail.com Thu Jun 1 01:11:38 2006 From: dfmanno at mail.com (D.F. Manno) Date: Thu Jun 1 00:15:03 2006 Subject: [SpamCop-List] Re: Are X-(whatever) headers filtered in reports sent? References: Message-ID: In article , "Mike Easter" wrote: > The business of the Xlines is that SC is going to munge clear addresses > in there. You haven't defined some specific Xline which you are > imagining might contain unique information -- you have just vaguely > alluded to it. Since there is so much unknown in this Xline discussion > we can't go anywhere with it. Data point: I've received spam with headers containing my e-mail address, with the @ sign replaced by a hyphen. Spamcop didn't munge them. -- D.F. Manno | dfmanno@mail.com The second article of impeachment against Richard Nixon covered, among other things, warrantless wiretapping. From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 00:42:54 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 02:40:04 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt wrote: [snIP - Yahoo! is listed] > This is really disappointing, we are just going to have to stop using > Spamcop. [snIP] You're always free to resign from spam fighting (and should you change your mind, you'll always be welcome to join the fight again when it's convenient for you). You seem to be missing an important point about BLs though, which is to pressure internet providers to take the spam problem seriously by terminating all spammers. The only incentive that seems to work really well to encourage spammer account termination is to block their servers until they clean up their act. BLs such as SpamCop.Net have a well-defined set of criteria, and those who use SpamCop.Net for blocking have made it clear that they agree with this criteria. Unfortunately some providers have decided that it's more important to keep continue to support spammers, and so they eventually wind up getting blocked by so many servers that their non-spamming customers switch to different providers (through their wallets they express their dislike for non-functional eMail services). The end result is that the providers either clue in before losing too many customers, or they go bankrupt (either solution is good, but of course it's always better to avoid this whole mess in the first place by refusing to do business with spammers in the first place). As for me, I find such blocking very encouraging because it shows that SpamCop.Net is reliable -- they're not making exceptions to the criteria they so carefully laid out. It also sends a clear message to other internet providers that taking preventive measures to avoid getting listed in a BL is a worthwhile endeavor. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 00:58:06 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 02:55:03 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: On Tue, 30 May 2006 08:21:18 -0700, G|_|Y |\/|AC0|\| wrote: > Spaz > >> I'll stop forwarding spam to the FTC since they don't do anything. >> Everyone else here should stop as well. > > I strongly disagree. Various agencies use it to justify increased > funding for prosecuting spammers. It also provides the authorities with more data about the criminals that (intentionally not "who") send the spam, thus making it easier for them to build a larger stack of evidence against the spammers for prosecution purposes. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From William at noemail.com Thu Jun 1 01:37:50 2006 From: William at noemail.com (William) Date: Thu Jun 1 03:40:04 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again In-Reply-To: References: Message-ID: Mr. King of-my-forest Pin wrote: > On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt > wrote: > > [snIP - Yahoo! is listed] >> This is really disappointing, we are just going to have to stop using >> Spamcop. > [snIP] > > You're always free to resign from spam fighting (and should you > change your mind, you'll always be welcome to join the fight again when > it's convenient for you). > > You seem to be missing an important point about BLs though, which is > to pressure internet providers to take the spam problem seriously by > terminating all spammers. The only incentive that seems to work really > well to encourage spammer account termination is to block their servers > until they clean up their act. BLs such as SpamCop.Net have a > well-defined set of criteria, and those who use SpamCop.Net for blocking > have made it clear that they agree with this criteria. > > Unfortunately some providers have decided that it's more important > to keep continue to support spammers, and so they eventually wind up > getting blocked by so many servers that their non-spamming customers > switch to different providers (through their wallets they express their > dislike for non-functional eMail services). The end result is that the > providers either clue in before losing too many customers, or they go > bankrupt (either solution is good, but of course it's always better to > avoid this whole mess in the first place by refusing to do business with > spammers in the first place). > > As for me, I find such blocking very encouraging because it shows > that SpamCop.Net is reliable -- they're not making exceptions to the > criteria they so carefully laid out. It also sends a clear message to > other internet providers that taking preventive measures to avoid > getting listed in a BL is a worthwhile endeavor. > > --The Lumber Cartel, local 42 (Canadian Branch) > Vancouver, Beautiful British Columbia, Canada > http://www.lumbercartel.ca/ My thoughts on this are that SC should up the release of IP-addys for an additional day or two. Seems many of the zombie machines are taking the 3 days into accord. From MikeE at ster.invalid Thu Jun 1 02:02:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 04:05:04 2006 Subject: [SpamCop-List] Re: Are X-(whatever) headers filtered in reports sent? References: Message-ID: D.F. Manno wrote: > "Mike Easter" >> The business of the Xlines is that SC is going to munge clear >> addresses in there. > Data point: I've received spam with headers containing my e-mail > address, with the @ sign replaced by a hyphen. Spamcop didn't munge > them. That's a good point - and one covered by my operative word 'clear' as in unmunged/unobfuscated. SC doesn't anything about dealing with any kind of obfuscation. It must be just a simple search on the whole thing. People have also found examples of such as username in some string in the body. -- Mike Easter kibitzer, not SC admin From spam_hjp at yahoo.com Thu Jun 1 06:36:47 2006 From: spam_hjp at yahoo.com (Jim) Date: Thu Jun 1 05:40:09 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again In-Reply-To: References: Message-ID: William wrote: > Mr. King of-my-forest Pin wrote: >> On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt >> wrote: >> >> > My thoughts on this are that SC should up the release of IP-addys for an > additional day or two. Seems many of the zombie machines are taking the > 3 days into accord. 3 days would be great. I thought it had been reduced to 24 hours some time ago. Anything over 24 hours would be a nice improvement especially when spam traps have been hit and user reports have been reported. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 06:14:21 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 06:15:02 2006 Subject: [SpamCop-List] Looked Up mtu.ru in Spamhaus -- No Record? Message-ID: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Folks, Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month -- like in this spam, here: http://www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz I also see a lot of auna.es and nemesys.es, too. Comments on pointlessness/usefulness of LARTing to these ISP's, based on your experience? Regards, Michael From MikeE at ster.invalid Thu Jun 1 04:42:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 06:45:03 2006 Subject: [SpamCop-List] Re: Looked Up mtu.ru in Spamhaus -- No Record? References: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month > -- like in this spam, here: > www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz This is about the proxified spamsource 81.195.7.81 rDNS ppp7-81.pppoe.mtu-net.ru inetnum: 81.195.0.0 - 81.195.27.255 netname: MTU-PPPOE route: 81.195.0.0/16 descr: ZAO MTU-Intel's Moscow Region Network origin: AS8359 We/I often think of spamvertiser providers in terms of hat color and source in terms of cluelessness, but we can check at spamhaus for the reputation of .ru providers.in the SBL. There is only one spamhaus listed IP SBL41235 about a virus propagation source listed since May 1 No ROKSO issues. > I also see a lot of auna.es and nemesys.es, too. Comments on > pointlessness/usefulness of LARTing to these ISP's, based on your > experience? The way I would approach the reputation of a provider for an IP would be to find what spam db/s the IP is in, such as spews or spamhaus -- plus spamhaus has other ways of researching, such as their db of providers by country and the rokso information. -- Mike Easter kibitzer, not SC admin From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 08:43:13 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 08:45:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: <447EE0E1.86BDAA7A@SpamCop.devnull.diespammerdie.net> steve auvache wrote: > > Michael Brennan wrote > >steve auvache wrote: > >> > > > >> > >> The one sobering conclusion that I draw from it is that it ended with > >> The Internet backing away from One Spammer. Which is sad. > > > > > > > >Who is One Spammer? > > I have not got a clue and frankly I am not interested in finding out. > The only thing I ever want to know about him is when he becomes one less > spammer. > > -- Steve, Found a reference at Spamhaus that says that "people aver" that One Spammer is indeed Leo Kuvayev: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932 Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:07:00 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:10:03 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: <447EE674.4820D92E@SpamCop.devnull.diespammerdie.net> Spaz wrote: > > I have my spam filtered into a spam folder in Outlook Express and then I forward it to the FTC > daily, or at least I used to when I was getting spam. I cc: to the FTC address every time I send spam off to SpamCop for parsing (viz., I send FTC the raw spams, not SpamCop's parses or completed reports -- I'm just a free reporter). Think I'm doing any good? I've been cc'ing to FTC for years, never saw a dramatic "spampause" such as you're reporting. Sounds like Spammy listwashed you. Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:10:47 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:15:04 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: <447EE757.7BB3EE62@SpamCop.devnull.diespammerdie.net> Frog Prince wrote: > > FTC goes through periods when (a presumption) their system is overloaded and > they bounce the excess for a week or so then back to collecting. > > Still have no idea what they do with the stuff. I'm getting that just in the last day or so from FDA again....they start sending nondelivery notices saying that ORA at FDA is "broken"....then the nondeliveries stop and they're back in business again. I cc: them with my "pharmacy/wunderpill/SPUR-M" UCE's I get from Leo and friends. Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:53:54 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:55:05 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EF172.14DF2266@SpamCop.devnull.diespammerdie.net> Blue Rock wrote: > > >>Where did you see it written that reporting spam via SpamCop would > >> reduce your spam load? > > Point taken - but I didn't expect it to INCREASE. > I notice in your posts that your e-mail address appears to be in-the-clear. That will get you bot-harvested in a heartbeat. Best regards, Michael From user at example.com Thu Jun 1 10:11:51 2006 From: user at example.com (cwg) Date: Thu Jun 1 10:15:03 2006 Subject: [SpamCop-List] Re: Received spam, and found "error: Couldn't parse head" in resulting parse. References: Message-ID: > http://www.spamcop.net/sc?id=z955316845z87db98256b0b53e500be3ecf888a2163z > > When SpamCop got to the body of the message, during the parse, it came up > with an error "couldn't parse head" - why does this happen? > > SpamCop never started doing this until just now. Can anyone point out what > is going on here and if it is something on my end or on SpamCop's end? > > > Cheers ... > > Geoffrey Hyde I've run across it occasionally, perhaps when you look at the headers in like notepad, the recieved line will look like this: Received: from localhost ([85.9.225.6 ]) by imta02ps.mx.bigpond.com with SMTP id <....> for ; Sat, 27 May 2006 06:19:59 +0000 With a nonprintable character breaking the headers. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 10:36:18 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 10:40:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > We should figure out if you are handling your spam insecurely in the > reporting process. Your newsagent is OE. You should not be opening or > previewing any of your spam in order to report it. For example, one set > of instructions for accessing the spam's Properties is to use the > control-F3 function, which function will not work without the spam being > either opened or previewed -- neither of which are secure ways to > spamhandle. > Mike, When I receive a spam, which lands in my OE inbox along with my goodmail, I visually inspect addressees and senders and drag-and-drop suspect mails (by hand) to a spam folder. I'm not using SpamPal or other filterware. I have a few rules on my account at my ISP's server, but I don't really understand filter rules or logic. I do know that I have a rule that says that anything with *.cn* anywhere in the "from" is promptly killfiled, but that doesn't stop any of that Knick-Knock mess from getting into my Inbox. That's because the spammers (Leo, mostly, as we've discussed) use my ISP's URL in the "From" and "Reply-to" lines every single time. I may have to filter on my own URL. Be that as it may, I have some spams in a folder that I've filled manually. Normally, I disconnect from my ISP (I have a dial-up account on a pair gain loop that limits bandwidth dramatically, which is SBC/AT&T's way of showing me the light, which I refuse to look at: I'm waiting for BPL and will give SBC the Finger when it gets here) before I look at any of it. I sort my spam by categories. The categories are driven by reporting: pill-spammers go to SpamCop, the FTC, and the FDA. 419's go to Secret Service FCD, SpamCop, and FTC. Solicitations offering "local girls/bored housewives looking for one-night stands" go to FBI Cybercrime, SpamCop, the FTC, and, before the City began filtering me, a vice cop whom I contacted at my large urban PD. And so on. The problem is, the stock-spammers especially, and some of the pill-spammers (I suspect Leo is doing this), wrap their payloads in Base-64 encoded .GIF images. I just can't tell what the material is without either opening the spam or previewing it. I do that offline, and I've reviewed the message sourcecode and have seldom seen a beacon, but if a suspicious IMG SRC line is present, it can't call the mothership if I'm offline and physically disconnected. I also check for possible attempts to ID me and munge them slightly if they wouldn't ordinarily be munged by SpamCop's standard header handling. (Someone has been burying usernames, sometimes encrypted, in message bodies and including them in subject lines.) I zip up the View/Layout prefs before going back online, to eliminate previewing, with the spam forwards to SpamCop et al. all loaded up and ready to go. I check for more incoming spam, and if any lands in my inbox when I check, I append it to whichever packet it belongs in, and off it all goes to be parsed by SpamCop and distributed among other interested or cognizant parties. What would be your critique of that procedure -- other than the obvious incubi you mentioned above, of time and effort spent doing manually what others accomplish (more or less -- w/o the collateral notifications, I suppose) by either quick reporting or fuller reporting via paid SpamCop accounts? Regards, and TIA, Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 10:49:28 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 10:50:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Blue Rock wrote: > > > But the 'connection' I refer to is that this > > occurred within a week of my starting to report spam on SpamCop. > > That is the fact that I am reluctant to check off as mere coincidence. > > Well, for whatever it is worth, I don't recommend 'regular' spamcop > reporting to blackhat ie unresponsive spamvertiser providers. > Mike, Is there a handy list of these? Besides the usual, obvious suspects who get devnull'ed by SpamCop, like "Knick-Knock". Michael From user at example.com Thu Jun 1 10:55:19 2006 From: user at example.com (cwg) Date: Thu Jun 1 10:55:02 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: "Jim" wrote in message news:e5mcfh$b7b$1@news.spamcop.net... > William wrote: > > Mr. King of-my-forest Pin wrote: > >> On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt > >> wrote: > >> > >> > > My thoughts on this are that SC should up the release of IP-addys for an > > additional day or two. Seems many of the zombie machines are taking the > > 3 days into accord. > > > 3 days would be great. I thought it had been reduced to 24 hours some time ago. Anything over > 24 hours would be a nice improvement especially when spam traps have been hit and user reports > have been reported. Personally, I would not mind seeing the blocklist action extended to DNS servers blocking access attempts by any IP and/or IP Range on the blocklist, hence, forcing the owner(s) of the zombie machine, "Hey, get a clue!" From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 11:41:13 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 11:45:04 2006 Subject: [SpamCop-List] Re: Looked Up mtu.ru in Spamhaus -- No Record? References: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Message-ID: <447F0A99.1626129D@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Michael Brennan wrote: > > > Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month > > -- like in this spam, here: > > > www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz > > This is about the proxified spamsource 81.195.7.81 rDNS > ppp7-81.pppoe.mtu-net.ru > > There is only one spamhaus listed IP SBL41235 about a virus propagation > source listed since May 1 > > No ROKSO issues. Yes, I checked ROKSO -- no entries, but I wasn't sure that was the last word on the subject and thought I'd better ask around before sending them a SpamCop report. I don't know how you can tell it's proxytrojaned, but it's a relief to know that mtu.ru isn't just a d/b/a for Leo et al. > > I also see a lot of auna.es and nemesys.es, too. Comments on > > pointlessness/usefulness of LARTing to these ISP's, based on your > > experience? > > The way I would approach the reputation of a provider for an IP would be > to find what spam db/s the IP is in, such as spews or spamhaus -- plus > spamhaus has other ways of researching, such as their db of providers by > country and the rokso information. Thanks for the suggestion about SPEWS -- haven't been to their site, will have to look them up. Searching ROKSO can be pretty frustrating sometimes, if only because most of these spammer URL's are fresh off the crepe machine, but also because of the way their site is laid out. I was reading earlier about some of the techniques Leo and others have pioneered -- or "slimeoneered" -- in Spamhaus, here: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932 and here: http://vaxcave.com/?p=345#comments [passim] and I'm pretty impressed by their inventiveness in screwing something up that so much bigger than their appetite for cars and money. Particularly the three-hour rotation among IP's to manage b/l's, which was a wrinkle I hadn't read about before. Tks, Michael From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 09:53:57 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 11:55:03 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: On Thu, 01 Jun 2006 00:37:50 -0700, William wrote: [snIP] > My thoughts on this are that SC should up the release of IP-addys for an > additional day or two. Seems many of the zombie machines are taking the > 3 days into accord. Great idea! That would be a very much welcomed improvement. Perhaps SpamCop.Net could create a second BL zone called LongBL.SpamCop.Net so that those who wish to block for longer time-frames can, easily, and then SpamCop.Net doesn't have to change the policy with the current BL.SpamCop.Net. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From MikeE at ster.invalid Thu Jun 1 10:05:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 12:10:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Mike Easter wrote: >> We should figure out if you are handling your spam insecurely in the >> reporting process. > The problem is, the stock-spammers especially, and some of the > pill-spammers (I suspect Leo is doing this), wrap their payloads in > Base-64 encoded .GIF images. I just can't tell what the material is > without either opening the spam or previewing it. I would restate what you have said, to make a 'fine' point. You mean, you cannot 'see' what is the content of the .gif without 'rendering' it. That is, the spammer intended for you to open the item in a mailuser agent which uses a rendering engine which will render the graphic so that the spamreader can read the words in the graphic. You can 'dissect' a mail item so that you can view the graphic without ever opening the mail. You would access the unrendered complete headers and contiguous unrendered body. Then you would identify the MIME structure that shows you where the b64 encoded .gif part is. Then you would save that part and decode the b64 to get the .gif, then you would use a graphic viewer to visualize 'read' the .gif contents. That's a lot of trouble, but it /can/ be done. What is quicker to do if you know how to 'read' the raw unrendered body is to examine the mail by its Properties, to see what is going on inside -- whether or not there are any html tricks going on which would 'bother you' from a security point of view. Then, if there are not, you would open the spam in OE and render the graphic, because that is quicker than what I described above about dissection and decoding and graphic viewing. > I do that offline, > and I've reviewed the message sourcecode and have seldom seen a > beacon, but if a suspicious IMG SRC line is present, it can't call the > mothership if I'm offline and physically disconnected. I count what you are describing there as being secure about how you open a spam. > What would be your critique of that procedure -- It sounds like you are taking sufficient precautions to be secure in your spam opening. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 10:16:02 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 12:20:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Mike Easter wrote: >> Well, for whatever it is worth, I don't recommend 'regular' spamcop >> reporting to blackhat ie unresponsive spamvertiser providers. > Is there a handy list of these? No. If you are going to try to figure out the reputation of a spamvertised IP, IMO the quickest way to do it would be to look it up in a multiDNSbl tool like the one at dnsstuff or a similar multi -- mainly to find out if it is spewed or spamhaused -- to use a spews or spamhaus listing as 'evidence' of unresponsiveness. That unresponsiveness is not always pure dark blackhat - some unresponsives are clueless. But the actual spamhaus or spews 'evidence' can help better determine the nature of the hattedness. You may be surprised to discover that 'all' of your spamvertiser providers are unresponsive. In which case you might question whether or not you should even be /considering/ notifying spamvertisers. That is, if you 'dissect' a hundred or so spams and find that you wouldn't want to notify very many of the spamvertiser providers, you might start wondering why you should be spending all of that time poring over the SC tracking url to approve the report, if you are just unchecking all of the spamvertiser provider notifies. You might come to think that maybe you should be quick reporting and spend your time working on something else more fruitful than unchecking unresponsive spamvertiser providers from the notify. I think the parser notifier should be configured so that a reporter can choose a preference to have a different default so that the default is to not resolve the spamvertised links and to not notify the spamvertiser providers. -- Mike Easter kibitzer, not SC admin From info at bluerocksystems.com Thu Jun 1 13:40:51 2006 From: info at bluerocksystems.com (Blue Rock) Date: Thu Jun 1 12:45:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EF172.14DF2266@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote > I notice in your posts that your e-mail address appears to be > in-the-clear. That will get you bot-harvested in a heartbeat. I did realize that spam bots search newsgroups for addresses, so I used an address at my domain that is already publicly posted on a webpage, and thus, has already been "harvested" by spammers. (This was discussed in another branch of this post). However, the increase in spam I experienced was from BEFORE I posted anything in any newsgroup. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 12:42:19 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 12:45:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Message-ID: <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > If you are going to try to figure out the reputation of a spamvertised > IP, IMO the quickest way to do it would be to look it up in a multiDNSbl > tool like the one at dnsstuff or a similar multi -- mainly to find out > if it is spewed or spamhaused -- to use a spews or spamhaus listing as > 'evidence' of unresponsiveness. That unresponsiveness is not always > pure dark blackhat - some unresponsives are clueless. But the actual > spamhaus or spews 'evidence' can help better determine the nature of the > hattedness. > > I think the parser notifier should be configured so that a reporter can > choose a preference to have a different default so that the default is > to not resolve the spamvertised links and to not notify the spamvertiser > providers. Mike, thanks for the suggestions. Regards, Michael From kopfj at worldnet.att.net Thu Jun 1 11:43:22 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Thu Jun 1 13:45:03 2006 Subject: [SpamCop-List] ISP keeps SpamCop from working... Message-ID: <447F273A.2A01D7B9@worldnet.att.net> My ISP is MetroFI (provide free community-wide broadband wireless connections to the internet; "free" because they insert an advertisement at the top of each screen. Midday Tuesday they made a change to their service. Previously, when I brought up http://members.spamcop.net/, it worked fine and their advertisements disappeared (my Browser, Firefox, provided the ability to remove the ads as well, by right-clicking on the part of interest and then selecting "This Frame"=>"Show only this frame"). Apparently the ISP has disabled this capability - as soon as the command goes out to "Show only this frame", the server treats it as a full screen refresh. The result is that MetroFI and SpamCop are "battling" one another, and nothing BUT the advertisements gets displayed. Is there any way I can continue to use spamcop in this environment? Say, by using a version of SpamCop that doesn't try to hide the ads? John KOpf From MikeE at ster.invalid Thu Jun 1 12:15:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 14:20:02 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: John O. Kopf wrote: > My ISP is MetroFI (provide free community-wide broadband wireless > connections to the internet; "free" because they insert an > advertisement at the top of each screen. > > Midday Tuesday they made a change to their service. Previously, when > I brought up http://members.spamcop.net/, it worked fine and their > advertisements disappeared (my Browser, Firefox, provided the ability > to remove the ads as well, by right-clicking on the part of interest > and then selecting "This Frame"=>"Show only this frame"). > > Apparently the ISP has disabled this capability - as soon as the > command goes out to "Show only this frame", the server treats it as a > full screen refresh. > > The result is that MetroFI and SpamCop are "battling" one another, and > nothing BUT the advertisements gets displayed. > > Is there any way I can continue to use spamcop in this environment? > Say, by using a version of SpamCop that doesn't try to hide the ads? Presumably the member.spamcop page is like http://www.spamcop.net/ which requires a login to display a parser window. re "by using a version of SpamCop that doesn't try to hide the ads" The spamcop /page/ or 'version' doesn't try to hide any ads. You are the one trying to hide ads with your FF browser's plugin -- which I have no idea what that is. Why don't you disable the FF plugin which is trying to interfere with the ads and see what happens. Re "MetroFI and SpamCop are "battling" one another" -- what is battling is your FF plugin and the MetroFI modification of what your browser is receiving. According to the metrofi page, they describe it as an 'ad bar' - // Will I see a lot of advertisements? -- No, the Ad bar should not get in the way of your Internet experience. // http://www.metrofi.com/faq_free.html No one else here is going to be getting exactly what you are -- unless there is someone else here using the same metrofi and the same firefox plugin for ad blocking -- so you are on your own to use good sense to try to fix the conflict between two services which you have chosen to use. It is logical for metrofi to configure to defeat ad blocking -- even if it 'gets in the way of your internet experience'. Metrofi believes that you should experience the ads as well as your other internet experience -- not that you should block the ads. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Jun 1 14:23:24 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu Jun 1 16:25:02 2006 Subject: [SpamCop-List] Re: Spamcop is *not* shooting itself References: Message-ID: Ted Mittelstaedt wrote: > It's probably some spammer has figured out where some of the Spamcop > spamtrap addresses are, For the above to be true, the people who are in charge of hiding spamtraps would have to be idiots. They aren't idiots, and the spammers have not figured out where any of the Spamcop spamtrap addresses are. From vxpy7do02 at sneakemail.com Thu Jun 1 14:26:45 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 16:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net... > Mike Easter wrote: >> > >> >> If you are going to try to figure out the reputation of a spamvertised >> IP, IMO the quickest way to do it would be to look it up in a multiDNSbl >> tool like the one at dnsstuff or a similar multi -- mainly to find out >> if it is spewed or spamhaused -- to use a spews or spamhaus listing as >> 'evidence' of unresponsiveness. That unresponsiveness is not always >> pure dark blackhat - some unresponsives are clueless. But the actual >> spamhaus or spews 'evidence' can help better determine the nature of the >> hattedness. > >> >> I think the parser notifier should be configured so that a reporter can >> choose a preference to have a different default so that the default is >> to not resolve the spamvertised links and to not notify the spamvertiser >> providers. > Quick reporting DOES that - notifies on IPs in the header and ignores the body of the spam. -- A SpamCop user and forum reader, Not Admin > > Mike, thanks for the suggestions. > > Regards, > Michael From vxpy7do02 at sneakemail.com Thu Jun 1 14:36:09 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 16:40:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5n391$t0o$1@news.spamcop.net... > Michael Brennan wrote: >> Mike Easter wrote: > >>> We should figure out if you are handling your spam insecurely in the >>> reporting process. > >> The problem is, the stock-spammers especially, and some of the >> pill-spammers (I suspect Leo is doing this), wrap their payloads in >> Base-64 encoded .GIF images. I just can't tell what the material is >> without either opening the spam or previewing it. > > I would restate what you have said, to make a 'fine' point. > > You mean, you cannot 'see' what is the content of the .gif without > 'rendering' it. That is, the spammer intended for you to open the item > in a mailuser agent which uses a rendering engine which will render the > graphic so that the spamreader can read the words in the graphic. > > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > OT question - exactly how do you DO that? I got an e-mail from a friend that contained a base64 which was a picture and for some reason neither the html in the body or the base64 gif rendered in my OE the only thing on the screen was the raw html code and the base64 code. I wanted to see the picture. -- A SpamCop user and forum reader, Not Admin From MikeE at ster.invalid Thu Jun 1 14:51:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 16:55:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: >> Mike Easter wrote: >>> I think the parser notifier should be configured so that a reporter >>> can choose a preference to have a different default so that the >>> default is to not resolve the spamvertised links and to not notify >>> the spamvertiser providers. >> > > Quick reporting DOES that - notifies on IPs in the header and ignores > the body of the spam. Quick reporting does that, but it doesn't feed the URLs to sc-surbl. My method would do that -- SC would find the URLs, deobfuscate them, not resolve them, 'manufacture' a bogus devnull notify on the basis of the domainname, and the reporter would approve/check the spamvertiser devnull notify and uncheck any IB devnull notify, and the spamvertiser URL would go to the sc-surbl. No spamvertiser provider would be notified or given any evidence. It would take the reporter more time, but it would not only feed the SCbl, like the quick, but also the sc-surbl which the quick does not. It would also save the parser from having to try to resolve spamvertised url/s and thus conserve parser resources. It would protect the reporter from giving spam evidence to blackhat providers just like quick does. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Thu Jun 1 23:56:05 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu Jun 1 17:00:03 2006 Subject: [SpamCop-List] Re: Saw this on NANAE - Automating SpamCop submissions References: <447DCA04.DF567F33@spamcop.net> <1a519c0gr08l0.dlg@news.spamcop.net> Message-ID: N. Miller wrote on Wed, 31 May 2006 11:03:39 -0700: > Not good. Without human oversight you will, ultimately, send reports to > the wrong places. If your mail service makes a change which breaks your > mail host configuration, that could include your own provider. OTOH, if *you* provide your own mail service and you don't rely on your ISP, then you're not subject to such problems. From MikeE at ster.invalid Thu Jun 1 15:03:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 17:05:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: >> You can 'dissect' a mail item so that you can view the graphic >> without ever opening the mail. You would access the unrendered >> complete headers and contiguous unrendered body. Then you would >> identify the MIME structure that shows you where the b64 encoded >> .gif part is. Then you would save that part and decode the b64 to >> get the .gif, then you would use a graphic viewer to visualize >> 'read' the .gif contents. >> > > OT question - exactly how do you DO that? The way I do it is to use my Iceows utility, which Iceows is the old ArjFolder, which is a very multifunctioned de/encoder, de/compressor, verifier, etc which can do a really really lot of things. Using the Properties, I select the part of the mail's MIME from Content-Type: image/gif; name="B2Av.G7M.wo5V.GIF" Content-Transfer-Encoding: base64 Content-ID: which follows all of the b64 encoding down to the end of that content-id delimitor. I paste that copied mime information + b64 into some editor like notepad and save it as a filename.b64, say B2Av.b64 Then I point my Iceows at that filename.b64 and it converts it into B2Av.G7M.wo5V.GIF which result I would view with IrfanView. > I got an e-mail from a friend that contained a base64 which was a > picture and for some reason neither the html in the body or the > base64 gif rendered in my OE the only thing on the screen was the raw > html code and the base64 code. I wanted to see the picture. Take the mail apart, save the encoded part [I do it with MIME header], decode the b64, and view the graphic. IrfanView can also overcome some graphics errors. -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Thu Jun 1 16:01:54 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 18:05:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nk0e$afh$1@news.spamcop.net... > anon wrote: >>> Mike Easter wrote: > >>>> I think the parser notifier should be configured so that a reporter >>>> can choose a preference to have a different default so that the >>>> default is to not resolve the spamvertised links and to not notify >>>> the spamvertiser providers. >>> >> >> Quick reporting DOES that - notifies on IPs in the header and ignores >> the body of the spam. > > Quick reporting does that, but it doesn't feed the URLs to sc-surbl. My > method would do that -- SC would find the URLs, deobfuscate them, not > resolve them, 'manufacture' a bogus devnull notify on the basis of the > domainname, and the reporter would approve/check the spamvertiser > devnull notify and uncheck any IB devnull notify, and the spamvertiser > URL would go to the sc-surbl. > > No spamvertiser provider would be notified or given any evidence. > > It would take the reporter more time, but it would not only feed the > SCbl, like the quick, but also the sc-surbl which the quick does not. > > It would also save the parser from having to try to resolve spamvertised > url/s and thus conserve parser resources. It would protect the reporter > from giving spam evidence to blackhat providers just like quick does. > > sc-surbl??? I thought that SC only had the IP blocklist, not URL blocklist. > -- > Mike Easter > kibitzer, not SC admin > From kopfj at worldnet.att.net Thu Jun 1 17:15:57 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Thu Jun 1 19:15:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: <447F752D.1C6BE303@worldnet.att.net> And how do I find this mysterious "FF" plugin to disable it in FireFox? I have NO idea where to look for it, nor how to access/control it. John Kopf Mike Easter wrote: > > SNIP > > Why don't you disable the FF plugin which is trying to interfere with > the ads and see what happens. > > Re "MetroFI and SpamCop are "battling" one another" -- what is battling > is your FF plugin and the MetroFI modification of what your browser is > receiving. > > According to the metrofi page, they describe it as an 'ad bar' - // > Will I see a lot of advertisements? -- No, the Ad bar should not get in > the way of your Internet experience. // > http://www.metrofi.com/faq_free.html > > No one else here is going to be getting exactly what you are -- unless > there is someone else here using the same metrofi and the same firefox > plugin for ad blocking -- so you are on your own to use good sense to > try to fix the conflict between two services which you have chosen to > use. It is logical for metrofi to configure to defeat ad blocking -- > even if it 'gets in the way of your internet experience'. Metrofi > believes that you should experience the ads as well as your other > internet experience -- not that you should block the ads. > > -- > Mike Easter > kibitzer, not SC admin From me at privacy.net Fri Jun 2 00:16:43 2006 From: me at privacy.net (Michael R N Dolbear) Date: Thu Jun 1 19:20:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: <01c68596$0005b340$LocalHost@default> Michael Brennan wrote > suspect mails (by hand) to a spam folder. I'm not using SpamPal or > other filterware. I have a few rules on my account at my ISP's server, > The problem is, the stock-spammers especially, and some of the > pill-spammers (I suspect Leo is doing this), wrap their payloads in > Base-64 encoded .GIF images. I just can't tell what the material is > without either opening the spam or previewing it. I do that offline, Just do a Judge Dredd on any emails that contain Base-64 anything ? My experience is that only spammers use it. Worth trying SpamPal. I use the SpamCop filteration service, which let though 31 'leakers' and held 2702 spams (no false positives) in May. -- Mike D From MikeE at ster.invalid Thu Jun 1 17:27:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > --picture follows-- Do not post 'binaries', either as useless misconfigured inline junk or as a proper binary attachment to these discussion groups. There is more liberty about what can be posted in spamcop.spam -- but I don't recommend doing stupid things like that post of yours in there either. People on dialups get these messages as part of a mailing list, and it is against the 'rules' [traditional lore] to post binaries in here.. In addition, you didn't handle the ascii-fied binary posting in a useful way, on top of the fact that it didn't belong here anyway. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 17:28:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:30:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > "Mike Easter" >> the spamvertiser URL would go to the sc-surbl. > sc-surbl??? I thought that SC only had the IP blocklist, not URL > blocklist. sc-surbl isn't maintained by SC, it is only fed the same way as the statistics page is fed When a site makes it to this page http://www.spamcop.net/w3m?action=inprogress;type=www Abuse report sent to Age Reported web site which means that it has a /report/, then these guys get it http://www.surbl.org/lists.html SURBLs contain domains which occur in spam message body URIs. They can be used with programs that can check message body URI domains against an RBL such as SpamCopURI in SpamAssassin 2.63 and 2.64, and urirhsbl in SpamAssassin 3 and others mentioned elsewhere on this site. But, those guys don't currently get anything from quick reports or from all of the spamvertised url/s which SC fails to resolve or the spamvertised url/s which reporters don't want to report to the blackhat or unresponsive provider. If the parser were configured the way I'm talking about, some of the quick reporters might choose to become devnull spamvertiser reporters, and also a lot of the regular reporters who aren't reporting spamvertised url/s because SC doesn't resolve them 'properly' or because they get unchecked or whatever reasons would be 'fixed'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 17:43:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:45:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: John O. Kopf wrote: > And how do I find this mysterious "FF" plugin to disable it in > FireFox? I have NO idea where to look for it, nor how to > access/control it. That doesn't make any sense stuck up there on top without any context or trimming. Here's the way a conversation is supposed to work in newsgroups - http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings Q7: Why shouldn't I put my comments above the quoted material? John O. Kopf wrote: > Mike Easter wrote: >> John O. Kopf wrote: >>> their advertisements disappeared (my Browser, Firefox, provided the ability to remove the ads as well, by right-clicking on the part of interest and then selecting "This Frame"=>"Show only this frame"). That is you describing yourself using a FF plugin or extension, where FF = Firefox and the ad removal = a FF plugin, presumably the "EditCSS extension" tool. So, then I said: >> Why don't you disable the FF plugin which is trying to interfere with >> the ads and see what happens. > And how do I find this mysterious "FF" plugin to disable it in > FireFox? I have NO idea where to look for it, nor how to > access/control it. It looks to me like you previously described how you use it to remove the ads in your first post. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Fri Jun 2 10:52:01 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Jun 1 19:55:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: "John O. Kopf" wrote in message news:447F273A.2A01D7B9@worldnet.att.net... > My ISP is MetroFI (provide free community-wide broadband wireless > connections to the internet; "free" because they insert an advertisement > at the top of each screen. IMHO, you're paying $0 for what they said you would get. Ads with your internet experience. > Midday Tuesday they made a change to their service. Previously, when I > brought up http://members.spamcop.net/, it worked fine and their > advertisements disappeared (my Browser, Firefox, provided the ability to > remove the ads as well, by right-clicking on the part of interest and > then selecting "This Frame"=>"Show only this frame"). It sounded like they had not at that point realized how people were getting around the ads, and took actions (as you describe below) to remedy the error. > Apparently the ISP has disabled this capability - as soon as the command > goes out to "Show only this frame", the server treats it as a full > screen refresh. Well, that's what you get for signing up with a "free" ISP. IMHO I would much rather PAY money to an ISP to get zero ads without any weird internet page hijacking done on the ISP's end. Feel free to dump them and get someone you have to PAY money to in order to browse the internet. > The result is that MetroFI and SpamCop are "battling" one another, and > nothing BUT the advertisements gets displayed. That is a result of their correction for your mistakenly thinking you could get a free internet connection without ads for $0. > Is there any way I can continue to use spamcop in this environment? > Say, by using a version of SpamCop that doesn't try to hide the ads? Well, if you want to keep the free ISP, you can try to uninstall the FireFox plugin that is causing the conflict. Please browse the support tab located on the following webpage for information on how to add/remove plugins if you wish to try that: http://www.mozilla.com/firefox/ IMHO, I would much rather pay money for an ISP that doesn't try to serve me ads. I've never liked ads and will never revisit sites that serve popups the first time. Cheers ... Geoffrey Hyde From ppearson at nowhere.invalid Fri Jun 2 01:35:54 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Thu Jun 1 20:40:09 2006 Subject: [SpamCop-List] SpamAssassin: updated from reports? Message-ID: Do spam submissions (either by email or by web page) contribute to Spamcop's SpamAssassin training? I'd think that after 5 subscribers reported spam touting Infinex Ventures or Mongolian uranium, Spamcop would be assigning all further such messages a pretty high spam rating; but more keep coming through with only modest spam ratings. -- To email me, substitute nowhere->spamcop, invalid->net. From vxpy7do02 at sneakemail.com Thu Jun 1 18:36:33 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 20:45:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nt5e$hat$1@news.spamcop.net... > anon wrote: >> --picture follows-- > > Do not post 'binaries', either as useless misconfigured inline junk or > as a proper binary attachment to these discussion groups. > OK - thanks for stripping out the binary. I forgot about the time for the dialup to download it. -- A SpamCop user and forum reader, Not Admin > There is more liberty about what can be posted in spamcop.spam -- but I > don't recommend doing stupid things like that post of yours in there > either. > > People on dialups get these messages as part of a mailing list, and it > is against the 'rules' [traditional lore] to post binaries in here.. > > In addition, you didn't handle the ascii-fied binary posting in a useful > way, on top of the fact that it didn't belong here anyway. > OK, OK, OK mea culpa. > > -- > Mike Easter > kibitzer, not SC admin > From vxpy7do02 at sneakemail.com Thu Jun 1 18:42:18 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 20:45:07 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nt5e$hat$1@news.spamcop.net... > anon wrote: >> --picture follows-- > > Do not post 'binaries', either as useless misconfigured inline junk or > as a proper binary attachment to these discussion groups. > OK - thanks for stripping out the binary. I forgot about the time for the dialup to download it. -- A SpamCop user and forum reader, Not Admin > There is more liberty about what can be posted in spamcop.spam -- but I > don't recommend doing stupid things like that post of yours in there > either. > > People on dialups get these messages as part of a mailing list, and it > is against the 'rules' [traditional lore] to post binaries in here.. > > In addition, you didn't handle the ascii-fied binary posting in a useful > way, on top of the fact that it didn't belong here anyway. > OK, OK, OK mea culpa. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Thu Jun 1 18:58:03 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Jun 1 21:00:06 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: <1lvw31w8o6yzc$.dlg@news.spamcop.net> On Thu, 01 Jun 2006 16:15:57 -0700, John O. Kopf from SpamCop wrote: > Mike Easter wrote: >> SNIP >> >> Why don't you disable the FF plugin which is trying to interfere with >> the ads and see what happens. > And how do I find this mysterious "FF" plugin to disable it in FireFox? > I have NO idea where to look for it, nor how to access/control it. Start Firefox in the "safe mode", and see if it works that way. If so, check your menu, Tools | Extensions, and see what extensions are active. If you see an obvious extension for pop-up control, remove that one. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Willow at devnull.spamcop.invalid Thu Jun 1 22:09:54 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 21:10:05 2006 Subject: [SpamCop-List] What does this mean? Message-ID: I have a small business but I do not send any unsolicited email as advertisement. I only reply to clients that email me about my product after they get my email address from my website. I have emailed a customer in the past with no problem, but today my email is coming back with the following paragraph of explanation. What does it mean? Has my IP been banned by Spam Cop? If so, what do I do about it? My IP is through Verizon DSL which is my Internet connection, but my email account is with a local ISP. ------------------- Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : Connected to 208.31.142.21 but sender was rejected. Remote host said: 550 5.7.1 ... IP listed at bl.spamcop.net, click here for further information: http://www.spamcop.net/w3m?action=checkblock&ip=209.73.179.141 -- Willow From MikeE at ster.invalid Thu Jun 1 20:00:54 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 22:05:03 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: > today my email is > coming back with the following paragraph of explanation. What does > it mean? It means that the intended recipient of your mail was using one or more blocklists to reject mail from spamsources and other abusive mailers. One of the lists the recipient's server used was the SCbl - the SpamCop blocklist - which is listing an IP address which your mail is using toward the recipient's server which blocked it. The IP address which is listed in the SCbl which the recipient server was using to reject your mail is that of your mail's provider -- the IP is 209.73.179.141 and its name is smtp103.vzn.mail.dcn.yahoo.com That IP/server is a 'yahoo' output server, one of hundreds of such output servers for yahoo. That IP address is listed in the SCbl because of some abusive behavior of the server which has caused it to hit spamcop spamtraps. Spamtraps are addresses which have never been used in correspondence and which should never receive any mail of any kind. For the yahoo server to be mailing sufficient quantities of mail to a 'non-existent' address is 'prima facie' evidence, even if we haven't seen it, that the yahoo server is acting abusively. Only a deputy has access to the actual evidence of what mail hit the spamcop spamtraps which caused the listing. Spamtrap addresses are a 'secret' to prevent their abuse. The server your mail used has done this: - has sent mail to SpamCop spam traps in the past week - past 15.9 days, it has been listed 2 times for a total of 2.2 days So, yahoo servers act badly and send abusive mail. People and servers besieged by spam and other abuse use spamfilters which use blocklists to defend themselves against various types of abusive mail. You then use the abusive yahoo servers to send your non-spam mail and your recipient's mail provider's filters reject your mail because it came from an abusive yahoo server. > Has my IP been banned by Spam Cop? No. Not exactly. Your mail provider's IP has been temporarily listed by SC for abusive behavior. It will be automatically delisted in time. If you don't want your mail delivery disturbed, you should not use the mail servers of providers whose servers act abusively. "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours." > If so, what do I do > about it? If one mail provider for you has problems delivering its mail, you should obtain an alternative or another mail provider/s so as to not be using an abusive server to send your mail for you. > My IP is through Verizon DSL which is my Internet > connection, but my email account is with a local ISP. The mail server you used for that mail has a yahoo name and lives in this netblock OrgName: AltaVista Company NetRange: 209.73.160.0 - 209.73.191.255 and its contacts email addresses are all named yahoo. -- Mike Easter kibitzer, not SC admin From Willow at devnull.spamcop.invalid Thu Jun 1 23:14:28 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 22:15:04 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Mike Easter" wrote in message news:e5o64j$3tg$1@news.spamcop.net... > Willow wrote: >> today my email is >> coming back with the following paragraph of explanation. What does >> it mean? > > It means that the intended recipient of your mail was using one or more > blocklists to reject mail from spamsources and other abusive mailers. > Oh I see. I do understand most of your explanation. My Verizon DSL is associated with Yahoo. My setup is that I receive email from my ISP email server which is located in my town. But I SMTP email through the verizon/yahoo servers because my connection is Verizon. I will complain to Verizon that their Yahoo servers have cause my legit. email to be blocked. [It really is no surprise that Yahoo has a spammer.] Would it help to change the IP number by turning off the DSL modem overnight? I am guessing it won't because it will be the same yahoo server. At one time I could send and receive email through my email account ISP setup. But something happened at their server which made it necessary for me to send through the DSL server. Oh well, if life [and the Internet] was easy there would be no need to learn new ways of doing things. :-) Thank you for your help. -- Willow From MikeE at ster.invalid Thu Jun 1 20:24:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 22:25:06 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: > Would it help to change the IP number by turning off the DSL modem > overnight? I am guessing it won't because it will be the same yahoo > server. No [try to get a different IP] and correct [same smtp]. You don't have any control over what yahoo output server your mail uses. You use some smtp or smtpauth server of some name or another and your mail provider puts it out with the output server 'in the rotation' which you can't control. You can only control if you use some other smtp server for your mail out. > At one time I could send and receive email through my email account > ISP setup. But something happened at their server which made it > necessary for me to send through the DSL server. I'm not at all clear on what we are talking about there in that par. I don't understand what would keep you from being able to use some smtp server of an ISP with which you have an account. If you choose to remove your cloak of invisibility we might talk about it. I can only see the IP of your news nntp access which is your verizon dsl connectivity. I can't guess at any thing about what smtp servers you are allowed to use for your mail. Personally I only have my EL earthlink provider whose infrastructure is TimeWarner/RR, a gmail account, and access to a mchsi MediaCom sub-account which a friend loaned me to mess with to experiment with. > Thank you for your help. YW. -- Mike Easter kibitzer, not SC admin From Willow at devnull.spamcop.invalid Thu Jun 1 23:51:46 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 22:55:08 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Mike Easter" wrote in message news:e5o7hd$6sj$1@news.spamcop.net... > Willow wrote: > > I'm not at all clear on what we are talking about there in that par. I > don't understand what would keep you from being able to use some smtp > server of an ISP with which you have an account. If you choose to > remove your cloak of invisibility we might talk about it. I can only > see the IP of your news nntp access which is your verizon dsl > connectivity. I can't guess at any thing about what smtp servers you > are allowed to use for your mail. Personally I only have my EL > earthlink provider whose infrastructure is TimeWarner/RR, a gmail > account, and access to a mchsi MediaCom sub-account which a friend > loaned me to mess with to experiment with. > Thanks for the offer to help. I would not mind revealing my identity, however, I was able to setup the SMTP to go through the mail server that belongs to my email account instead of through Verizon/Yahoo. I don't know what the problem was that made it necessary to do that odd setup. I know some of the techs that work for the local ISP. They are good but lets just say, sometimes there is an unexplained glitch that suddenly gets fixed without explanation. The reason I have such a complicated connection/email situation is I kept my dialup ISP, email accounts amd web hosting that I have had for 10 years, even after subscribing to Verizon DSL. Verizon and the email account people said there could find no reason why I could not send email while connected via Verizon. But mail just would not go. So verizon suggested I send through their server and receive through the email account server. Go figure. Willow From / at /.cn Fri Jun 2 16:07:06 2006 From: / at /.cn (Petzl) Date: Fri Jun 2 01:10:07 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Willow" wrote in message news:e5o940$ah4$1@news.spamcop.net... [S] > Thanks for the offer to help. I would not mind revealing my identity, > however, I was able to setup the SMTP to go through the mail server that > belongs to my email account instead of through Verizon/Yahoo. I don't > know what the problem was that made it necessary to do that odd setup. I > know some of the techs that work for the local ISP. They are good but > lets just say, sometimes there is an unexplained glitch that suddenly gets > fixed without explanation. > > The reason I have such a complicated connection/email situation is I kept > my dialup ISP, email accounts amd web hosting that I have had for 10 > years, even after subscribing to Verizon DSL. Verizon and the email > account people said there could find no reason why I could not send email > while connected via Verizon. But mail just would not go. So verizon > suggested I send through their server and receive through the email > account server. Go figure. SpamCop only tries to block the actual computer sending the spam http://www.geobytes.com/IpLocator.htm Because some email servers are misconfigured they hide the IP source the spam comes from causing (after many abuse reports being sent) SpamCop to list the offending email server -- Petzl -- Check your computers security (free) From nobody at spamcop.net Fri Jun 2 21:52:18 2006 From: nobody at spamcop.net (Anony Mouse) Date: Fri Jun 2 04:55:17 2006 Subject: [SpamCop-List] Re: investment spam References: Message-ID: <447FFC42.4080804@spamcop.net> RandallW wrote: > I receive little floods of investment spam, for HYIP programs. Many of the > spamvertised sites don't seem to selling anything, as if the spam is just a > joe job. > > The spam comes in little surges; one arrives, then another about 3 min. > later, then another 3 min. for the next. Is it more likely, or less, the > spam is sent from infected machines? > > Example of this spam: > > http://www.spamcop.net/sc?id=z919835977z05598ec0f94abc1c736a216c01fcd68az > > Sent by a Russian trojan army... Anony Mouse Who killed the frog? From nobody at spamcop.net Fri Jun 2 22:10:11 2006 From: nobody at spamcop.net (Anony Mouse) Date: Fri Jun 2 05:15:09 2006 Subject: [SpamCop-List] Re: slow day? References: Message-ID: <44800073.9010002@spamcop.net> jg wrote: > On 4/25/2006 7:33 AM Maggie's Mom scribbled: > > >>Every now and then it does happen on Comcast.net too: no spam for couple of >>days. Don't worry, they usually make up for it with vengeance. >> > > Trust me, I wasn't /worried/. > 2 finally showed up last night and 1 overnight, still way below average. > Fine with me - but hope springs eternal in the wasteland (and its April, > too)... You can have some of the 250 odd I get a day. Anony Mouse Do not anger the gods. From nobody at devnull.spamcop.net Fri Jun 2 10:40:26 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 09:45:03 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: ... > > Thanks for the offer to help. I would not mind revealing > my identity, however, I was able to setup the SMTP to go > through the mail server that belongs to my email account > instead of through Verizon/Yahoo. I don't know what the > problem was that made it necessary to do that odd setup. I > know some of the techs that work for the local ISP. They > are good but lets just say, sometimes there is an > unexplained glitch that suddenly gets fixed without > explanation. ... > Willow I'm not sure I have a good handle on your exact problem, but I can tell you a little about VZ's (with Yahoo) email ops. This is separate and different from anything spamcop related: VZ appear to be blocking port 25 smtp for any non-Verizon source. In other words, if you're using me @ NotVerizon . com to send an email, especially to another VZ customer (varying things happen) but to any other address, using VZ for transport, it will not go through. There are other variabilities too, and they won't tell you about them, and as far as I can find, have not documented them except to say they do some special things to prevent spam. You can learn more by going to the Verizon newsgroups and looking in verizon.mail and .email, I think they are. One way or another they've been mucking emails up since early April or before. Don't panic about ALL of the problems you'll see mentioned; some have been silently fixed. Ymmv, but I"ve never gotten anything but marketing hype responses to my requests/complaints to them. There's a workaround but I forget how to do it right now - they talk about it on the newsgroups. (news.verizon.net). Start with O.verizon.spam, I think it is. Near as I can tell, the ONLY VZ person ever touches the groups is whoever it is that takes care of adding/deleting newsgroups. HTH, Pop From kopfj at worldnet.att.net Fri Jun 2 07:56:06 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Jun 2 09:55:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> <1lvw31w8o6yzc$.dlg@news.spamcop.net> Message-ID: <44804376.A471C75C@worldnet.att.net> I tried that - here's what it showed (attachment): John Kopf "N. Miller" wrote: > > On Thu, 01 Jun 2006 16:15:57 -0700, John O. Kopf from SpamCop wrote: > > > Mike Easter wrote: > > >> SNIP > >> > >> Why don't you disable the FF plugin which is trying to interfere with > >> the ads and see what happens. > > > And how do I find this mysterious "FF" plugin to disable it in FireFox? > > I have NO idea where to look for it, nor how to access/control it. > > Start Firefox in the "safe mode", and see if it works that way. If so, > check your menu, Tools | Extensions, and see what extensions are active. > If you see an obvious extension for pop-up control, remove that one. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum From kopfj at worldnet.att.net Fri Jun 2 08:09:59 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Jun 2 10:10:02 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: <448046B7.F23C63FC@worldnet.att.net> Unfortunately, MetroFi now provides this broadband service to my town and to 2 more bordering cities (total population >100000), and will be putting it into other major cities ASAP. SO, many people on a limited budget (I'm retired) will be using this service, and won't have access to SpamCop. (SpamCop is definitely the site that's trying to turn off the ads!) The ads don't aflict Email, Usenet and FTP, which are what I use mostly - my predominant browser activity is to Spamcop (I complain about the Nigerian Scams, lottery scams, and phishing; I get 5-10 of these a day!!) John Kopf Geoffrey Hyde wrote: > > "John O. Kopf" wrote in message > news:447F273A.2A01D7B9@worldnet.att.net... > > My ISP is MetroFI (provide free community-wide broadband wireless > > connections to the internet; "free" because they insert an advertisement > > at the top of each screen. > > IMHO, you're paying $0 for what they said you would get. Ads with your > internet experience. > > > Midday Tuesday they made a change to their service. Previously, when I > > brought up http://members.spamcop.net/, it worked fine and their > > advertisements disappeared (my Browser, Firefox, provided the ability to > > remove the ads as well, by right-clicking on the part of interest and > > then selecting "This Frame"=>"Show only this frame"). > > It sounded like they had not at that point realized how people were getting > around the ads, and took actions (as you describe below) to remedy the > error. > > > Apparently the ISP has disabled this capability - as soon as the command > > goes out to "Show only this frame", the server treats it as a full > > screen refresh. > > Well, that's what you get for signing up with a "free" ISP. IMHO I would > much rather PAY money to an ISP to get zero ads without any weird internet > page hijacking done on the ISP's end. Feel free to dump them and get > someone you have to PAY money to in order to browse the internet. > > > The result is that MetroFI and SpamCop are "battling" one another, and > > nothing BUT the advertisements gets displayed. > > That is a result of their correction for your mistakenly thinking you could > get a free internet connection without ads for $0. > > > Is there any way I can continue to use spamcop in this environment? > > Say, by using a version of SpamCop that doesn't try to hide the ads? > > Well, if you want to keep the free ISP, you can try to uninstall the FireFox > plugin that is causing the conflict. Please browse the support tab located > on the following webpage for information on how to add/remove plugins if you > wish to try that: http://www.mozilla.com/firefox/ > > IMHO, I would much rather pay money for an ISP that doesn't try to serve me > ads. I've never liked ads and will never revisit sites that serve popups > the first time. > > Cheers ... > > Geoffrey Hyde From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 10:49:55 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 10:50:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > > That's a lot of trouble, but it /can/ be done. I thought there might be a way to do it, but I intuited that it would in fact be as complicated as you say, and at that time (perhaps even now) a little beyond my ability to render Base 64 properly. I tried a few times using an online Base 64 decoder but never (going by results) did it properly, so I dropped the attempt. > What is quicker to do if you know how to 'read' the raw unrendered body > is to examine the mail by its Properties, to see what is going on > inside -- whether or not there are any html tricks going on which would > 'bother you' from a security point of view. > > Then, if there are not, you would open the spam in OE and render the > graphic, because that is quicker than what I described above about > dissection and decoding and graphic viewing. > I generally look at the subject line and, if that is hashed (sometimes misleading, too), resort to viewing the source to look for clues as to content, for purposes of forwarding properly. If I can do that, I never render the .GIF. If I can't, I go offline and have a look. I think we are on about the same wavelength here -- as John McLaughlin would say, I've "lurched uncontrollably into the truth." Parting comment -- it seems to me that these .GIF images we're talking about are Leo's products mostly, and that he's using them to "force" even reporters to look at his turds. Taken together with the BlueFrog/BlueSecurity episode (ROKSO cites commenters who attribute the "PharmaMaster" exploit to Leo), it bespeaks more than a little power-madness in our Russian nuisance, and high (and frustrated) ego needs. Perhaps he has performance issues in the sack; he certainly seems to recommend Cialis and Viagra to everyone, for just about everything. Never mind that his stuff is counterfeit, whomped up in a laundry-room somewhere from soap powder and floorsweeps, dyed and pressed into counterfeit tablets. Maybe he's a good prospect for real Paxil, or just maybe some St. John's Wort. Thanks for the comments, Michael From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 11:14:28 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 11:15:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <01c68596$0005b340$LocalHost@default> Message-ID: <448055D4.9985F941@SpamCop.devnull.diespammerdie.net> Michael R N Dolbear wrote: > > Michael Brennan wrote > > > > The problem is, the stock-spammers especially, and some of the > > pill-spammers (I suspect Leo is doing this), wrap their payloads in > > Base-64 encoded .GIF images. I just can't tell what the material is > > without either opening the spam or previewing it. I do that offline, > > Just do a Judge Dredd on any emails that contain Base-64 anything ? > My experience is that only spammers use it. Right, but the problem is to get them in the right cubbyhole, as I described above, for different addee lists. > Worth trying SpamPal. I'm rapidly coming to the same conclusion. I don't have time to dance with Leo and pals 26 times a day. I'm pretty diligent about reporting (timeliness is another matter); I can't stand not reporting these guys, when they just drop by every 30 minutes or so to take a whiz in my Wheaties. I want them all to die ugly, but pending that lyrical outcome, I'm pretty insistent on reporting them as many ways and to as many agencies and NGO's as may prove likely to hurt them. At least Leo is now on the run; he was stupid enough to pass some of his spams around from a location in Massachusetts, which means the Massachusetts attorney general now owns his scrawny little butt. Eventually some people in clunky army shoes will catch up to him and ship him to Boston in a packing crate with little air holes in it, whereupon he will become the most computer-literate laundress and cellblock party-girl in America and the world. > I use the SpamCop filteration service, which let though 31 'leakers' > and held 2702 spams (no false positives) in May. > That would be a really good outcome. I don't have a paid SpamCop account, though, and so am still consigned to conventional full reporting. I'm thinking of just bit-bucketing the trapped UCE's, if I do install SpamPal or SpamBuddy. Or, as you say, doing a "Judge Dredd" on them, and denying their motion. Thanks for the comments, Michael From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 11:20:06 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 11:25:03 2006 Subject: [SpamCop-List] Re: Automatic reporting and Slashdot References: Message-ID: <44805726.99B6B4C7@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Stephan Jau made a linux php script for auto-reporting to SC > > http://www.howtoforge.com/automate_spamcop_submissions How To Automate > Spamcop Submissions > Thanks, Mike, for the link. Very timely. Michael From nobody at devnull.spamcop.net Fri Jun 2 12:58:43 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 12:00:02 2006 Subject: [SpamCop-List] SpamCop could not find your spam message in this email: Message-ID: OK, I'm stumped and need your thoughts: All of a sudden I'm getting the dreaded "SpamCop could not find your spam message in this email:" error message returned when I submit spams via email (one at a time; only get one or two every other day or so). Searching messages didn't help; some entries found, but nothing applicable - stuff I've already done even though I rechecked. If I report them manually by pasting the source into the spamcop parse window, they report fine. So it's only when I submit by email. I've been able to smugly bypass most of the "can't find" threads for a few years now; until about Tuesday of this week when this started. Personally I've changed nothing but I've had a couple of updates install; windows, Corel, and WGA. Here's what I think: -- For whatever reason I'm not getting a cookie -from- spamcop. I've searched for files with "spamcop" in them and found nothing. Winpatrol shows no spamcop cookies arrived. Is there any way I could have caused that? I don't -think- I did! Here's what I've done: -- Specifically allowed spamcop in my firewall -- specifically allowed spamcop in Internet Options and set Manual cookie control to always accept first party and always allow session cookies. -- Checked that Winpatrol isn't seeing them; it's not. Here's what I need: HELP! Relevant Comments would be much appreciated. I've probably done something pretty stupid but it eludes me at the moment what it might have been. Intentionally I've done NADA. Oh yeah, updated av and spyware arsenal found nothing either. TIA Pop -- Today! When? Why? How? WHERE??? From MikeE at ster.invalid Fri Jun 2 10:24:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 12:25:03 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: POP wrote: > All of a sudden I'm getting the dreaded "SpamCop could not > find your spam message in this email:" error message returned > when I submit spams via email (one at a time; only get one or two > every other day or so). SC sends you the headers it gets, and I think sometimes it even sends a tracker for a failed parse, but I'm not sure about the tracker for all failures. In any case, the headers you see in that failure message would be useful. You could save the complete headers and body from the spamcop mail into spamcop.spam by saving the SC mail as an .eml or .txt file and then attach it to a news message so that it doesn't get mangled by linewraps caused by your newsreader. You could also send yourself a copy of the item you are sending to submit so that you would see what the parser is receiving. > If I report them manually by pasting the source into the spamcop > parse window, they report fine. So it's only when I submit by > email. Submitting by mail has a lot more ways to go wrong than pasting into the webparser. > Here's what I think: > -- For whatever reason I'm not getting a cookie -from- spamcop. A cookie has nothing to do with submitting by mail problems. The parser is not getting a 'proper' spam submission via the mail. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 10:34:21 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 12:35:03 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: Mike Easter wrote: > POP wrote: > >> All of a sudden I'm getting the dreaded "SpamCop could not >> find your spam message in this email:" error message returned >> when I submit spams via email (one at a time; only get one or two >> every other day or so). > > SC sends you the headers it gets, and I think sometimes it even sends > a tracker for a failed parse, but I'm not sure about the tracker for > all failures. Another way to display what you get back from SC is to put the SC 'could not find' mail [as an item with complete headers from the message properties of the mail] into the webparser as if it were a spam, get a tracker for it, cancel the report, and post the tracker in here. You also didn't say what mailuser agent you were using to email submit your spam-- and exactly what steps you were using to do that. -- Mike Easter kibitzer, not SC admin From discard at nirocomputers.co.uk Fri Jun 2 19:00:03 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:05:03 2006 Subject: [SpamCop-List] Automated reporting Message-ID: So I use Fastmail.fm for my email, and I have 47 domains where every single email sent to those domains goes into my inbox. I then use Sieve scripts to weed out the worst part of the SPAM, very sucessfully I may add and most 95% of all my Spam ends up in a folder I call "NastySpam" a further 4% ends up in my junk mail folder, but I check those emails out closely to see if they are something Im interested in and a small amount (the reamainder ends up in my Inbox. But several times a day I put it all into one folder and I forward to spamcop. I send perhaps 150 emails a day to Spamcop. But the most annoying part of this is then have check and submit each of those emails before they are actually reported. Why? Whats the point except to annoy me? Why am I forced to do this? If the answer is its so I can review the emails, well I've already reviewed them in my Fastmail account to the maximum amount I ever want to review them, all I want is have the emails I know are spam used to combat the menace of Spam, so why am I forced to sit there for nearly an hour each day pressing buttons and clicking on links when the whole thing could be automated? Jason From MikeE at ster.invalid Fri Jun 2 11:02:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 13:05:05 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> <1lvw31w8o6yzc$.dlg@news.spamcop.net> <44804376.A471C75C@worldnet.att.net> Message-ID: John O. Kopf wrote: > I tried that - here's what it showed (attachment): Don't post binary attachments in the discussion newsgroups, please.. Don't top post untrimmed non-contextualized replies, please.. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 11:11:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 13:15:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > But the most annoying part of this is then have check and submit each > of those emails before they are actually reported. > > Why? Whats the point except to annoy me? Why am I forced to do this? Normal or regular reporting performs an 'oversight' process by which the human reporter is overseeing not only the accuracy of the parse for source [assuming some competence of the human to oversee a spamcop parse for source] as well as overseeing the veracity of the body parse for what is a spamvertiser vs what is something else like an innocent bystander instead of a spamvertiser. There are some things I don't like about the regular parsing algorithm myself, but that is the way it is. > If the answer is its so I can review the emails, I wouldn't say reviewing the mails is very important -- because the same reporter which calls something spam which isn't spam is still going to make a mistake calling it spam during the parser reporting oversight proces. > so why am I forced to sit there > for nearly an hour each day pressing buttons and clicking on links > when the whole thing could be automated? You are choosing to do that so that you can toothlessly notify the blackhat nonresponsive spamvertiser providers and give that cohort to the spamvertiser a copy of your spam's evidence. If you don't want to do it that way, configure for mailhosts and quickreport -- which quick report will report only the spamsourcefor SCbl counting, not the spamvertiser, and which does not require the oversight. An important disadvantage to quick reporting is that if something changes about your mailhost configuration, you may be reporting great quantities of reports against your own provider, which can get your mail provider listed and which can cause you to lose your mail account/s as well as your spamcop account for 'false' reporting. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 2 11:11:19 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Jun 2 13:15:06 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: On Thu, 1 Jun 2006 22:14:28 -0400, Willow from SpamCop wrote: > Would it help to change the IP number by turning off the DSL modem > overnight? I am guessing it won't because it will be the same yahoo server. No. It is the Yahoo! server that is listed, not your public IP address. It might help to switch from Verizon Yahoo! (uses 'smtp.yahoo.verizon.net' for outgoing email) to pure VOL (Verizon On-Line; uses 'outgoing.verizon.net' for outgoing email). Unless 'outgoing.verizon.net' is also prone to abusive behavior. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Fri Jun 2 11:14:46 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Jun 2 13:15:07 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: <4mw04k18ijh6.dlg@news.spamcop.net> On Thu, 1 Jun 2006 22:51:46 -0400, Willow from SpamCop wrote: > The reason I have such a complicated connection/email situation is I kept my > dialup ISP, email accounts amd web hosting that I have had for 10 years, > even after subscribing to Verizon DSL. Verizon and the email account people > said there could find no reason why I could not send email while connected > via Verizon. But mail just would not go. So verizon suggested I send > through their server and receive through the email account server. Go > figure. Check with your dial-up provider. See if they offer SMTP AUTH access. If they don't, suggest that they add that kind of support. Better, mention RFC 2476 to them. Adding SMTP AUTH support with port 587 will bring their SMTP service into the 21st Century. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Fri Jun 2 14:22:49 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 13:25:02 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: >> POP wrote: >> >>> All of a sudden I'm getting the dreaded "SpamCop >>> could not find your spam message in this email:" error >>> message returned when I submit spams via email (one at a >>> time; only get one or two every other day or so). >> >> SC sends you the headers it gets, and I think sometimes it >> even sends a tracker for a failed parse, but I'm not sure >> about the tracker for all failures. > > Another way to display what you get back from SC is to put > the SC 'could not find' mail [as an item with complete > headers from the message properties of the mail] into the > webparser as if it were a spam, get a tracker for it, > cancel the report, and post the tracker in here. > > You also didn't say what mailuser agent you were using to > email submit your spam-- and exactly what steps you were > using to do that. > > > > -- > Mike Easter > kibitzer, not SC admin Hmm, Thanks, Mike; I'll get that together. I kept one spam just for fiddling with this since I don't get many lately. Yeah, I know; famous last words! I'm using OE6, something with OE quotefix, sometimes not, at the moment. I forget which I have going right now. XP XP2 + , av, spyware arsenal, etc etc. all updated yesterday or this am. Thanks for noticing my post; will be back as soon as I can. Also gonna do a power-off instead of a Reset before I come back; just in case it changes something, which I know it won't, but ... more skidmarks in the sky. Pop From nobody at nowhere.not Fri Jun 2 18:28:06 2006 From: nobody at nowhere.not (Robert Blair) Date: Fri Jun 2 13:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: On Thu, 1 Jun 2006 16:05:40 UTC, "Mike Easter" wrote: > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > > That's a lot of trouble, but it /can/ be done. With a good email client you do not have to go through all that. I use Polarbar and do not have any problem with opening my email. I set it to text only which displays the text part if included and the html (first stripping the html tags) content if no text part. Any images have an icon to click if I want to look at them. None of the problems of running scripts and a bayesian filter to catch spam along with user written filters. I recently had a spam with the subject "We smash bayesian" which went to the spam folder which gave my a smile. -- Robert Blair From Kilgallen at SpamCop.net Fri Jun 2 13:30:35 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jun 2 13:35:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: In article , "Jason Ward" writes: > So I use Fastmail.fm for my email, and I have 47 domains where every single > email sent to those domains goes into my inbox. Even for non-existent mailboxes ? That would be a mistake. From discard at nirocomputers.co.uk Fri Jun 2 19:32:17 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:35:05 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Mike Easter" wrote in message news:e5prf4$ifp$1@news.spamcop.net... > I wouldn't say reviewing the mails is very important -- because the same > reporter which calls something spam which isn't spam is still going to > make a mistake calling it spam during the parser reporting oversight > proces. Can you explain to me in somewhat simple terms what I'm checking for? To tell the truth right now I'm checking nothing, it already takes too long just pressing the buttons and link, but it would be good to know what it is I am supposed to be doing. > If you don't want to do it that way, configure for mailhosts and > quickreport -- which quick report will report only the spamsourcefor > SCbl counting, not the spamvertiser, and which does not require the > oversight. > > An important disadvantage to quick reporting is that if something > changes about your mailhost configuration, you may be reporting great > quantities of reports against your own provider, which can get your mail > provider listed and which can cause you to lose your mail account/s as > well as your spamcop account for 'false' reporting. Can you explain what you mean by "if something changes about your mailhost configuration"? I have absolutly no desire to report Fastmail.fm for some infraction, but I would like to automate the process. I havent regestered in the "mailhost configurtation" I saw on the website because I thought with 47 domains the process would take me hours and I could easily get it wrong. But appart from a few small cases where I have my gmail account forward emails to Fastmail.fm and where I have Fastmail.fm POP emails from Hotmail and Yahoo I think my setup is very simple, all of my 47 domains have MX records that point directly to Fastmails servers. But I will register them if it reduces the chace of a false positive against Fastmail.fm. Jason From discard at nirocomputers.co.uk Fri Jun 2 19:40:56 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:45:02 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Larry Kilgallen" wrote in message news:p+HCcDkRzP5N@eisner.encompasserve.org... >> So I use Fastmail.fm for my email, and I have 47 domains where every >> single >> email sent to those domains goes into my inbox. > > Even for non-existent mailboxes ? That would be a mistake. Works extremly well for me, allows me to use discardable email addresses without thinking about it, and if the email address ends up being used by a spammer I just add it to my Sieve script. I only get 3 or 4 spam emails a day that I look at, most are very accuratly identified by my Sieve script (using things like discardable email addrresses and Spamasasin) Jason From nospam at nospam.org Fri Jun 2 20:41:38 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 13:45:05 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > So I use Fastmail.fm for my email, and I have 47 domains where every single > email sent to those domains goes into my inbox. > > I then use Sieve scripts to weed out the worst part of the SPAM, very > sucessfully I may add and most 95% of all my Spam ends up in a folder I call > "NastySpam" a further 4% ends up in my junk mail folder, but I check those > emails out closely to see if they are something Im interested in and a small > amount (the reamainder ends up in my Inbox. > > But several times a day I put it all into one folder and I forward to > spamcop. > > I send perhaps 150 emails a day to Spamcop. > > But the most annoying part of this is then have check and submit each of > those emails before they are actually reported. > > Why? Whats the point except to annoy me? Why am I forced to do this? > > If the answer is its so I can review the emails, well I've already reviewed > them in my Fastmail account to the maximum amount I ever want to review > them, all I want is have the emails I know are spam used to combat the > menace of Spam, so why am I forced to sit there for nearly an hour each day > pressing buttons and clicking on links when the whole thing could be > automated? > > Jason > > Why don't you do it the other way around? Take a spamcop mail account and a fastmail account. The spamcop mail account does all the popping, and creates the held mail, and fastmail is the forwarding address after spamcop. Once per day you check your spamcop account, and you do a quick report on all held mail. Ejo From discard at nirocomputers.co.uk Fri Jun 2 19:45:44 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:50:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5pt8f$jdu$1@news.spamcop.net... > > Why don't you do it the other way around? Take a spamcop mail account and > a fastmail account. The spamcop mail account does all the popping, and > creates the held mail, and fastmail is the forwarding address after > spamcop. Once per day you check your spamcop account, and you do a quick > report on all held mail. I didnt know SpamCop offered that service, but those 47 domains have MX records that point direct to Fastmail.fm servers, Fastmail.fm dont POP appart from my Hotmail and Yahoo accounts. Also my Sieve script is an important part of what allows me to work out what is spam and what isnt, do you get those features with SpamCop? Jason From vxpy7do02 at sneakemail.com Fri Jun 2 12:02:29 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Fri Jun 2 14:05:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:44805013.25B4EE56@SpamCop.devnull.diespammerdie.net... > Mike Easter wrote: >> > >> >> You can 'dissect' a mail item so that you can view the graphic without >> ever opening the mail. You would access the unrendered complete headers >> and contiguous unrendered body. Then you would identify the MIME >> structure that shows you where the b64 encoded .gif part is. Then you >> would save that part and decode the b64 to get the .gif, then you would >> use a graphic viewer to visualize 'read' the .gif contents. >> >> That's a lot of trouble, but it /can/ be done. > > > > I thought there might be a way to do it, but I intuited that it would in > fact be as complicated as you say, and at that time (perhaps even now) a > little beyond my ability to render Base 64 properly. I tried a few > times using an online Base 64 decoder but never (going by results) did > it properly, so I dropped the attempt. > I tried the ICEOWS program that Mike Easter suggested in a very recent post and the process consisted of pasting the base64 into a word processor (notepad), saving and then sending that file to ICEOWS - opening the translated file in a viewer to se the picture. Not really too cumbersome. -- A SpamCop user and forum reader, Not Admin From nobody at spamcop.net Fri Jun 2 15:20:30 2006 From: nobody at spamcop.net (indigo) Date: Fri Jun 2 14:25:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: Mike Easter wrote: > > >>> their advertisements disappeared (my Browser, Firefox, provided > >>> the > ability to remove the ads as well, by right-clicking on the part of > interest and then selecting "This Frame"=>"Show only this frame"). > > That is you describing yourself using a FF plugin or extension, where > FF = Firefox and the ad removal = a FF plugin, presumably the "EditCSS > extension" tool. More likely the "adblock" plugin, I'd think. From MikeE at ster.invalid Fri Jun 2 12:24:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 14:25:07 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > "Mike Easter" >> I wouldn't say reviewing the mails is very important -- because the >> same reporter which calls something spam which isn't spam is still >> going to make a mistake calling it spam during the parser reporting >> oversight proces. > > Can you explain to me in somewhat simple terms what I'm checking for? During the oversight process you should be making sure that you aren't reporting your own mail provider as a source -- in addition, as your skills as a human parser improve, you can actually 'doublecheck' the parser by looking at the headers to see if it looks to you like the parser is getting the right answer about the source. The oversight is also supposed to be a chance for you as a human to know the difference between what URLs found in the spambody are actually spamvertised, and which ones are simply IBs innocent bystanders which were site/s mentioned in the spam, but which are not the actual spamvertiser. In addition, you could use information obtained during the parse to check various spam databases to help yourself judge whether or not SC is going to be notifying a blackhat provider instead of some provider which is likely to be responsive in a useful way. In addition, by 'reading' the verbose of the parse, you can train your self to be a better parser -- in fact, the human parser with some tools can parse spams and notify for spams better than the algorithm does. > To tell the truth right now I'm checking nothing, it already takes > too long just pressing the buttons and link, but it would be good to > know what it is I am supposed to be doing. Yes -- you are definitely supposed to be doing something responsible rather than wasting your time. > Can you explain what you mean by "if something changes about your > mailhost configuration"? A 'default' configuration reporter isn't mailhost configured. A default reporter has a higher chance of the parser making an error about the parse than a reporter which has mailhost configured. But, even a mailhost configured reporter can get a bad parse if the mailhost configuration of the provider changes. > I havent regestered in the "mailhost configurtation" I saw on the > website because I thought with 47 domains the process would take me > hours and I could easily get it wrong. Some people have a great deal of trouble mailhost configuring. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 12:28:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 14:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > I tried the ICEOWS program Tinker around with it -- it has a lot of capabilities. //from the iceows help// // ICEOWS supports long filenames, file protection and multi-volumes for ICE, ARJ, RAR and ACE files. ICEOWS also uncompress GZip, TGZ, TAR, CAB, RAR, ACE, PK3, Java Archive (JAR,EAR,WAR), Internet Mail (.mime, uue, xxe, b64, hqx) LHA, LZH, LZS and IMP files. With ICEOWS you can also create and test SFV (Simple File Validator) files .// -- Mike Easter kibitzer, not SC admin From pbarwich at barorny.com Fri Jun 2 20:48:48 2006 From: pbarwich at barorny.com (Peter) Date: Fri Jun 2 14:50:03 2006 Subject: [SpamCop-List] Re: Saw this on NANAE - Automating SpamCop submissions In-Reply-To: References: <447DCA04.DF567F33@spamcop.net> <1a519c0gr08l0.dlg@news.spamcop.net> Message-ID: D-W-S wrote: > N. Miller wrote on Wed, 31 May 2006 11:03:39 -0700: > > >>Not good. Without human oversight you will, ultimately, send reports to >>the wrong places. If your mail service makes a change which breaks your >>mail host configuration, that could include your own provider. > > > OTOH, if *you* provide your own mail service and you don't rely on your > ISP, then you're not subject to such problems. Use the 'quick' address instead of the 'submit' address, having got permission of course. That takes away half the issue of having to automatically confirm. And, oh, I thought *nix produced simple scripts. My Windows batch file for learning and submitting looks like this. FOR /R C:\spam %%X IN (*.eml) DO blat "%%X" -to quick.secretcode@spam.spamcop.net @echo off echo This will make spamassassin learn spam and ham, and then archive the messages. cd\ call sa-learn --spam --progress c:\spam\*.* call sa-learn --ham --progress c:\legit\*.* if exist c:\spam\*.eml goto spamexists echo No spam in directory to archive... goto endspam :spamexists move c:\spam\*.* "C:\Copy of Annies old Junk\" :endspam if exist c:\legit\*.eml goto hamexists echo No ham in directory to archive... goto endham :hamexists move "c:\legit\*.*" "C:\Copy of Annies old Legit\" :endham If you schedule it to run as another windows administrative user you don't even get the dos box pop up when it runs. From nospam at nospam.org Fri Jun 2 21:52:05 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 14:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote in message > news:e5pt8f$jdu$1@news.spamcop.net... >> Why don't you do it the other way around? Take a spamcop mail account and >> a fastmail account. The spamcop mail account does all the popping, and >> creates the held mail, and fastmail is the forwarding address after >> spamcop. Once per day you check your spamcop account, and you do a quick >> report on all held mail. > > I didnt know SpamCop offered that service, but those 47 domains have MX > records that point direct to Fastmail.fm servers, Fastmail.fm dont POP > appart from my Hotmail and Yahoo accounts. So, change the MX records so that they forward to your new spamcop mail account, and then let spamcop forward it to your existing fastmail account. > Also my Sieve script is an important part of what allows me to work out what > is spam and what isnt, do you get those features with SpamCop? You will see that spamcop is a bit more efficient than fastmail filtering the spam (at least, this is my experience). I guess you could do the filtering you did before in fastmail. Spamcop does allow you to write filters, but is there still a need to do so in the new situation? My 2 cents, Ejo From discard at nirocomputers.co.uk Fri Jun 2 20:54:31 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 14:55:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5q1cj$mov$1@news.spamcop.net... > So, change the MX records so that they forward to your new spamcop mail > account, and then let spamcop forward it to your existing fastmail > account. > Where is the documentation on this? How flexible is it? From nospam at nospam.org Fri Jun 2 22:33:48 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 15:35:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote in message > news:e5q1cj$mov$1@news.spamcop.net... >> So, change the MX records so that they forward to your new spamcop mail >> account, and then let spamcop forward it to your existing fastmail >> account. >> > > Where is the documentation on this? How flexible is it? > > This is a good starting point: http://mailsc.spamcop.net/fom-serve/cache/289.html Ejo From discard at nirocomputers.co.uk Fri Jun 2 21:51:40 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 15:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5q3qq$of1$1@news.spamcop.net... > This is a good starting point: > > http://mailsc.spamcop.net/fom-serve/cache/289.html > > Ejo Huh? Trying to visit that page just gets me username / password dialouge that doesnt accept my Spamcop username and password, cancelling the dialouge takes me here http://www.spamcop.net/denied.shtml and in the top right hand corner of that page shows me as loged in and offers to let me log out! Huh? Jason From tmcgraw at spamcop.net Fri Jun 2 13:52:10 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 15:55:06 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Ejo wrote: > Jason Ward wrote: >> "Ejo" wrote: >>> So, change the MX records so that they forward to your new spamcop >>> mail account, and then let spamcop forward it to your existing >>> fastmail account. >> Where is the documentation on this? How flexible is it? > This is a good starting point: > > http://mailsc.spamcop.net/fom-serve/cache/289.html > > Ejo With all due respect, you could search there until the cows come home and you won't find anything about the quick submit function. And I believe that is by design. It's probably tough enough to keep the lid on regular VER. From tmcgraw at spamcop.net Fri Jun 2 13:53:22 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 15:55:07 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote: >> This is a good starting point: >> >> http://mailsc.spamcop.net/fom-serve/cache/289.html >> >> Ejo > Huh? Trying to visit that page just gets me username / password dialouge > that doesnt accept my Spamcop username and password, cancelling the dialouge > takes me here http://www.spamcop.net/denied.shtml and in the top right hand > corner of that page shows me as loged in and offers to let me log out! Replace "mailsc" w "www" From MikeE at ster.invalid Fri Jun 2 14:00:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 16:05:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > "Ejo" >> http://mailsc.spamcop.net/fom-serve/cache/289.html Ejo was trying to send you to this page http://www.spamcop.net/fom-serve/cache/289.html SpamCop Mail Service for some reason, but I don't know why. > Huh? Trying to visit that page just gets me username / password Yes. Ejo was giving you a link which is only good for people with mail accounts. There are 3 kinds of links around here, those for free spamcop users www.spamcop.net - those for paid spamcop members members.spamcop.net - and those for mail account clients mailsc.spamcop.net So, when a member or mail account person tries to show someone a page, they should convert the link to a generic one for free spamcop users, because everyone can use that type. > dialouge that doesnt accept my Spamcop username and password, > cancelling the dialouge takes me here > http://www.spamcop.net/denied.shtml and in the top right hand corner > of that page shows me as loged in and offers to let me log out! > > Huh? Yep. That's what happens when the link is given with that 3rd level domainname. Thanks for trimming and contextualizing, Jason. It works much much better that way. -- Mike Easter kibitzer, not SC admin From discard at nirocomputers.co.uk Fri Jun 2 22:01:46 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 16:05:06 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Tim McGraw" wrote in message news:e5q4ta$p2h$1@news.spamcop.net... > > With all due respect, you could search there until the cows come home and > you won't find anything about the quick submit function. > > And I believe that is by design. It's probably tough enough to keep the > lid on regular VER. Also there is nothing there about MX records and using your own domains with SpamCop mail service. Have looked at most of the documents there I would say SpamCop do not support people point their domain MX records at their mailservers and if they do support that they really don't want people to know. Without MX support I just could not use SpamCops mail service, for me it would be like a chocolate fire guard. Jason From discard at nirocomputers.co.uk Fri Jun 2 22:13:08 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 16:15:02 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Mike Easter" wrote in message news:e5q5dm$pdh$1@news.spamcop.net... > Thanks for trimming and contextualizing, Jason. It works much much > better that way. Not a problem, whilst Im a newbie here I am well practiced in newsgroups/mailing list/web groups and in some of them at least I even appear as one of the long standing expert gandees, not sure I'll ever achieve that status in my own mind though! Jason From user at example.com Fri Jun 2 16:16:11 2006 From: user at example.com (cwg) Date: Fri Jun 2 16:20:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-