From nobody at spamcop.net Wed Mar 1 02:24:34 2006 From: nobody at spamcop.net (N. Miller) Date: Wed Mar 1 05:30:15 2006 Subject: [SpamCop-List] Re: New spam-hosts are blocking spamcop DNS queries References: Message-ID: On Tue, 28 Feb 2006 20:54:10 -0500, Galen wrote: > I did notice a familiar face around here by the name of N. Miller. If you've > never visited their newsgroups then, well, he can probably attest to the > (trying to be nice to them here) familiarity with Usenet found in the > average poster. You can take a gander yourself if you'd like. If you've > never been there and are 'old school' newsgroup then, well, I'd suggest > windowsxp.general for a good indication. Hah! Wait until you intersperse or > snip! That's a great load of fun. Heh. About half the posters use the Web access, and can't find their way back to their posts. And the MSFT lovers who bash the old school Usenet posters can be downright snotty when the "religious" wars over top/bottom posting flare up! -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From / at /.cn Thu Mar 2 00:30:21 2006 From: / at /.cn (Petzl) Date: Wed Mar 1 08:35:04 2006 Subject: [SpamCop-List] Mail server listed when Port 25 is blocked? Message-ID: 210.50.76.196 I know they are bouncining emails but it seems this email server is being reported for spamming Wondering if someone has not set mail hosts or is the server compromised ***ounce**** - These recipients of your message have been processed by the mail server: (X); Failed; 5.1.2 (bad destination system address) Remote MTA mail.(X): network error - SMTP protocol diagnostic: 550 Limit exceeded Found 210.50.76.196 in orbs recent cache, action (deny) (bl.spamcop.net) ******** Petzl From nobody at nowhere.invalid Wed Mar 1 14:51:26 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 1 08:55:03 2006 Subject: [SpamCop-List] Re: New spam-hosts are blocking spamcop DNS queries References: Message-ID: On Tue, 28 Feb 2006 20:54:10 -0500, Galen coughed into spamcop and left this in : > My reply hidden, you'll have to hunt for it... Well, no, not really: LOL :) > [...] if that bit telling them where the response was located was NOT > there then every other day I'd get people telling me that top-posting > is the right place (umm, I'm not sure where they came up with that) That's default Outleak Suxpress behaviour for you... That particular virus dissemination engine^W^W^W mailer and newsreader has probably done more to destroy e-mail and USENET than any other piece of software in existence. > I'd get people posting back saying that they can't find my answer. You > probably think I'm kidding or exaggerating... Oh no, not at all. I've seen too many kl00bies in action who think that Internet Explorer or AOL *is* the Internet to think that you're kidding. > If you've never been there and are 'old school' newsgroup then, well, > I'd suggest windowsxp.general for a good indication. Hah! Wait until > you intersperse or snip! That's a great load of fun. Pass. Thanks anyway :) I have no reason whatsoever to saunter into a Microsoft newsgroup. I think the clue-vacuum might be hard to withstand. None of my PCs are infected with Windows, and Microsoft's licensing scheme is a huge swindle anyway. > So yeah, I suck... Sorry for treating you all like a bunch of newbies > but, well, that's generally what I seem to find the vast majority of > times I answer. I can understand that. However, while there's nothing wrong in being a newbie, that status is supposed to wear off after a certain amount of time, and yet you still get so-called IT professionals behaving like newbies for years on end. *sigh* > Can I blame it on having been dumbed down by years of end-user > support? Please? Ouch! That is one hell of an unenviable job. Buy yourself a waterproof cover for your keyboard. You'll need one to protect if from the drool soon :) -- Steve Profanity is the one language all programmers know best. From MikeE at ster.invalid Wed Mar 1 06:52:11 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 1 09:55:02 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: Petzl wrote: > I know they are bouncining emails but it seems this email server is > being reported for spamming 'it seems'? What does 'it seems' mean in this contect? What clues or evidence do you have about the server being a 'real' source of spam? The SC listing sez 210.50.76.196 listed in bl.spamcop.net will be delisted automatically in approximately 10 hours has sent mail to SpamCop spam traps users have reported system as a source of spam about 20 times administrator has already delisted this system once past 283.4 days, it has been listed 8 times for a total of 5.7 days I see a misdirected bounce from it in sightings from Dec. If it is hitting spamtraps with misdirected bounces, why couldn't it also be hitting reporters with misdirected bounces? > Wondering if someone has not set mail hosts or is the server > compromised ***ounce**** But you haven't expessed /why/ you are wondering that, on what basis. > - SMTP protocol diagnostic: 550 Limit exceeded Found 210.50.76.196 > in orbs recent cache, action (deny) (bl.spamcop.net) The principle output servers from iprimus 210.50.30.196 smtp01.syd.iprimus.net.au Y 5.5 5.1 210.50.76.196 smtp02.syd.iprimus.net.au Y 5.4 5.1 210.50.30.76 mx01.syd.iprimus.net.au Y 5.5 5.0 210.50.76.76 mx02.syd.iprimus.net.au Y 5.5 5.0 If you go to senderbase, you can find hundreds of other IPs with sufficient output to be 'noted' by senderbase, and many many of them are listed one place or another, including spamcop and CBL. I would say that iprimus isn't doing a good job of securing its user IPs which are generating spam. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Mar 1 07:03:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 1 10:05:02 2006 Subject: [SpamCop-List] Re: New spam-hosts are blocking spamcop DNS queries References: Message-ID: Galen wrote: > I'm Galen - one of the Microsoft MVPs in the Shell/User category - and > frequently post many answers in the Microsoft Newsgroups. I specifically blame the MS MVPs for the sad state of affairs in the MS groups. There are plenty of other newsgroups full of clueless newbies posting questions and replies, and none are in the sad condition which the 'brilliant' MVP leadership has caused the MS groups to be in. When there are groups with newbies asking questions and gurus answering them, it is the gurus which ride herd on the group and teach them how to behave and how to participate in newsgroups. I don't know the basis for the MVPs either stupidly topposting themselves and setting a bad example for the newbies or not helping by giving good advice about posting properly. They *should be* striking a proper balance between helping/encouraging the groups reform to proper trimmed and contextualized posts but sometimes just letting some topposts go instead of continuously harping on the matter. Instead, newbies go the MS groups to learn about something, and they come out believing that top posting is the way to communicate in groups. Very bad MVPs and those MVPs have had an adverse affect on newsgroups as a whole. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Mar 1 10:05:51 2006 From: nobody at spamcop.net (Ellen) Date: Wed Mar 1 11:40:04 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: "Petzl" wrote in message news:du47lq$7nj$1@news.spamcop.net... > 210.50.76.196 > > I know they are bouncining emails but it seems this email server is being > reported for spamming > Wondering if someone has not set mail hosts or is the server compromised > ***ounce**** It was legit spam not a reporting error. Iprimus is aware of the problem and has taken actions to stop the problem. We have been talking to them. Ellen From wb8tyw at qsl.network Wed Mar 1 11:21:47 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 1 12:25:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: In article , "Eduard" writes: > What I was trying to say is that most of our lists exists for over 7 years > already, and when these lists were created, double-opt-in was the norm. We > did change theses lists afterwards, but we also have on some of our lists 20 > 000 members, who have subscribed to it. From a technical point of view I > agree that the best way forward would be to start a new clean list, but > unfortunately are we in a News environment, and people are already unwilling > to re-confirm there subscription. They are already mailing the editor of the > site to ask why they should reconfirm. Many of the mailing lists that I am on require a periodic positive confirmation that I still want to receive their mailings. A google search on the domains associated with this thread show that there is a news organization associated with the domains under discussion. You need to figure out how the spamtrap e-mail addresses got into the list. You should be able to isolate what e-mail addresses were subscribed to your lists from the period of time just before the spamcop.net listing appeared. That is assuming that it was a mailing list that triggered the listing. During that time period it should not have been a large number of new subscriptions unless you have a very high turnover rate. It is possible that a spammer was using your subscription process to try to identify a spamtrap, but it is more likely that the spamtrap got into your mailing list from an automated program, or from a purchased list. Viruses spoof spamtrap e-mail addresses all the time, and if you have an e-mail address that automatically adds the alleged from: address to a mailing list, with out requesting a confirmation with a unique code, then over time that mailing list will become loaded with spamtraps and spam victim's e-mail addresses. The other method that spammers will abuse a legitimate service is if it has a "refer a friend" form. There are apparently spammer tools that can use some of those web forms as if they are an open relay, especially if they allow a personalized message to be added to the referral. The spammer trick is to enter HTML into the message that makes the spam the most visible. The titles shown in the samples posted by the deputies look like ones most commonly found in get rich quick scams. This indicates that you may be mailing stuff that you are not aware of, even though I can not find any other reports of this. But be aware that many of the people who would post such public spam reports may not be accepting e-mail from I.P. addresses in your country or continent unless they white list the source. And also be aware that a large number of commercial spam filtering products just silently delete e-mail suspected to be spam. Usually when a real mail server is blocked for something other than backscatter, I can find such evidence. In this case, I have not been able to. And to add to the chorus, double-opt-in is spammer speak for being able to either get two spam runs to an e-mail address with out getting their e-mail rejected or that the recipiant had an insecure mail reader that tripped a web-bug to confirm delivery. Spammers routinely use that term to advertise lists that they sell to other spammers to to try to claim that what they do is not spamming. -John wb8tyw@qsl.network Personal Opinion Only From PossumTrot at dont.spam.me Wed Mar 1 09:41:23 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Mar 1 12:45:02 2006 Subject: [SpamCop-List] Re: [ot] Busted a telemarketer! References: Message-ID: "Ben" wrote in message news:dtr7m1$1qf$1@news.spamcop.net... >I busted me a telemarketer double-big-time and the State Attorney General >is going to speak with them. > >> > Two days after I placed the complaint with the AGO, I got a friendly > letter back thanking me for the report. It was a "we are moving forward on > your complaint" letter. They reminded me of some of the statutes and > regulations that were broken from my description and reminded me that I > have the right to sue for $500.00. > > The state I believe gets up to $10,000.00 per violation, kind of like the > FTC getting $11.000.00 per violation of Do-Not-Call. Unfortunately that > means I must get in line. But knowing that the AGO is interested may be > sufficient. > > I was a little surprised at their reply but encouraged nonetheless. > > Now, if we can only get that kind of traction against spammers. Ben, there are similar laws regarding spam sent to residents or through ISPs in the state of Washington, and the state Supreme Court has upheld the suits. At least one person in the Seattle area has collected on a judgment against spammers. The law is RCW 19.190. From nobody at spamcop.net Wed Mar 1 12:47:19 2006 From: nobody at spamcop.net (indigo) Date: Wed Mar 1 12:50:03 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: Ellen wrote: > > It was legit spam not a reporting error. "Legit spam"?! Both words in the same sentence? The horrors, the horrors...... From nobody at spamcop.net Wed Mar 1 12:56:52 2006 From: nobody at spamcop.net (Ellen) Date: Wed Mar 1 13:10:02 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: "indigo" wrote in message news:du4mne$iam$1@news.spamcop.net... > > > Ellen wrote: > > > > It was legit spam not a reporting error. > > "Legit spam"?! Both words in the same sentence? The horrors, the > horrors...... > > real? bona fide? downright dirty nasty scummy scammy spam? :-) Ellen From nobody at spamcop.net Wed Mar 1 13:13:11 2006 From: nobody at spamcop.net (indigo) Date: Wed Mar 1 13:15:03 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: Ellen wrote: > "indigo" wrote in message > news:du4mne$iam$1@news.spamcop.net... > > > > > > Ellen wrote: > > > > > > It was legit spam not a reporting error. > > > > "Legit spam"?! Both words in the same sentence? The horrors, the > > horrors...... > > > > > > real? bona fide? downright dirty nasty scummy scammy spam? > > :-) > Ah, much better. Thanks, I was worried there for a second that the bad guys had finally gotten to you ;-) From remaker at cisco.com Wed Mar 1 10:51:18 2006 From: remaker at cisco.com (Phillip Remaker) Date: Wed Mar 1 13:55:03 2006 Subject: [SpamCop-List] 209.86.89.69 (earthlink) Message-ID: DNS lookups for 209.86.89.69 at bl.spamcop.net say it is a spammer. "Blocked - see http://www.spamcop.net/bl.shtml?209.86.89.69" But going to the URL http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69 I see 209.86.89.69 not listed in bl.spamcop.net I had to poke a hole for that IP. But what happened? I ended up blocking earthlink users. I see a note on net abuse-sightings for 2/22... How did it not cycle out of the DNS lookup? From nobody at devnull.spamcop.net Wed Mar 1 11:21:14 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Mar 1 14:25:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: "John E. Malmberg" wrote... > It is possible that a spammer was using your subscription process to try > to > identify a spamtrap, but it is more likely that the spamtrap got into your > mailing list from an automated program, or from a purchased list. > > Viruses spoof spamtrap e-mail addresses all the time, and if you have an > e-mail address that automatically adds the alleged from: address to a > mailing > list, with out requesting a confirmation with a unique code, then over > time > that mailing list will become loaded with spamtraps and spam victim's > e-mail > addresses. I am having a hard time figuring out how the spammer or the virus above knows what the email address of the spamtrap is. When SpamCop chooses an email address for a spamtrap, don't they pick something difficult to guess? Then again, I get a fair number of webmaster@, sales@, and support@ spams on domains that have never had such email addresses, so perhaps some spamcop spamtraps use those easy-to-guess prefixes? G.M. From jeffg at spamcop.net Wed Mar 1 14:39:33 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 14:45:03 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) References: Message-ID: Phillip Remaker wrote: > DNS lookups for 209.86.89.69 at bl.spamcop.net say it is a spammer. At what nameserver(s), and when? > "Blocked - see http://www.spamcop.net/bl.shtml?209.86.89.69" > > But going to the URL > > http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69 > > I see > > 209.86.89.69 not listed in bl.spamcop.net > > I had to poke a hole for that IP. But what happened? I ended up > blocking earthlink users. > > I see a note on net abuse-sightings for 2/22... How did it not cycle > out of the DNS lookup? "ISP does not wish to receive report regarding 209.86.89.69 ISP does not wish to receive reports regarding 209.86.89.69 - no date available" Report History for 209.86.89.69 shows: Submitted: Wednesday 2006/03/01 13:47:36 -0500: Warning: message 1FDk1S-0007dN-BP delayed 48 hours 1675714906 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 18:18:02 -0500: Vadatabase Assistants Independent Contractor Application 1674787464 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674787453 ( 209.86.89.69 ) To: spamcop[at]imaphost.com ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 18:17:19 -0500: PT& FT Telecommuting Virtual Assistant Positions Available!! 1674787146 ( http:// vadatabasetelecommutingjobs.blogspot.com/ ) To: abuse#google.com[at]devnull.spamcop.net 1674787145 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674787129 ( 209.86.89.69 ) To: spamcop[at]imaphost.com ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 17:48:08 -0500: Tools Eng 1674768456 ( http:// www.groshassociates.com ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674768454 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674768453 ( 209.86.89.69 ) To: spamcop[at]imaphost.com ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 09:18:39 -0500: Vadatabase Assistants Independent Contractor Application 1674345820 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674345819 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1674345817 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 09:17:50 -0500: PT& FT Telecommuting Virtual Assistant Positions Available!! 1674345211 ( http:// vadatabasetelecommutingjobs.blogspot.com/ ) To: abuse#google.com[at]devnull.spamcop.net 1674345205 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674345174 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1674345147 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/28 05:16:39 -0500: [ROJO] dos frentes! 1674182032 ( http:// correo.yahoo.com.ar ) To: network-abuse[at]cc.yahoo-inc.com 1674182031 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1674181950 ( 209.86.89.69 ) To: [concealed user-defined recipient] 1674181896 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Monday 2006/02/27 22:28:23 -0500: [dharma_art] Ballets Russes 1673839474 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Monday 2006/02/27 21:44:44 -0500: THIS WEEK, Comedian Derek Richards [at] Comedy Zone, Knoxville 1673810082 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/02/22 17:07:12 -0500: Recruiting $250 per Job Search - Engineers/Manufacturing 1668144369 ( http:// www.goldstar-global.com/ ) To: abuse[at]interland.net 1668144367 ( http:// www.goldstar-global.com ) To: abuse[at]interland.net 1668144361 ( http:// www.goldstar-global.com/ ) To: abuse[at]interland.com 1668144360 ( http:// www.goldstar-global.com ) To: abuse[at]interland.com 1668144357 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1668144350 ( 209.86.89.69 ) To: spamcop[at]imaphost.com ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/02/22 15:34:08 -0500: NEXT WEEK, Comedian Derek Richards [at] Comedy Zone, Knoxville 1668075828 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/02/22 14:42:14 -0500: AW 4&5 Change in Crime Reporting. 1668036491 ( http:// www.pacificbeat.net/ ) To: mole[at]devnull.spamcop.net 1668036484 ( 209.86.89.69 ) To: mole[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Monday 2006/02/20 07:54:22 -0500: Fw: Help us choose America's top retail chain 1665207469 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Sunday 2006/02/19 06:17:56 -0500: Final Day of 2 for 1 Sale! Act NOW! 1664009971 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Sunday 2006/02/19 06:15:07 -0500: "The Pendulum Works!/Crystal Master Gallery Opportunity!" 1664014272 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Saturday 2006/02/18 06:44:34 -0500: Don't Miss the Mid-Month Blue Moon Sale! 1662879895 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Thursday 2006/02/16 17:51:15 -0500: MidMonth Blue Moon Sale! 1660943063 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/02/15 22:15:30 -0500: See What Your Body Says! 1659771241 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/02/15 00:50:29 -0500: E-mail List Update and Events Update [5] 1658596988 ( 209.86.89.69 ) To: mole[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/14 17:40:10 -0500: Exchange Links 1658250141 ( http:// www.floristsinalbany.com ) To: abuse[at]godaddy.com 1658250140 ( http:// www.albanyhindutemple.org ) To: abuse[at]bocacom.net 1658250139 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1658250138 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1658250134 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/14 02:04:37 -0500: I.A.T.S.E. West Coast Locals' Rally 1657551405 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1657551383 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1657551351 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/14 02:03:31 -0500: I.A.T.S.E. West Coast Locals' Rally 1657550599 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1657550595 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1657550587 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2006/02/14 02:02:58 -0500: I.A.T.S.E. West Coast Locals' Rally 1657549958 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1657549940 ( 209.86.89.69 ) To: spamcop[at]imaphost.com 1657549919 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Sunday 2006/02/12 22:14:26 -0500: Fw: , Boost Your Salary - Earn a Degree Online! 1656435080 ( 209.86.89.69 ) To: abuse[at]abuse.earthlink.net ------------------------------------------------------------------------ -------- Submitted: Saturday 2006/02/11 22:46:24 -0500: Blue Diamond Village Building Lot 1655602015 ( http:// www.realtor.com/lasvegas/pauline ) To: postmaster[at]homestore.com 1655602014 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Friday 2006/02/03 21:25:26 -0500: feedback: 1646272621 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1646272619 ( 209.86.89.69 ) To: spamcop[at]imaphost.com ------------------------------------------------------------------------ -------- Submitted: Friday 2006/01/06 23:41:07 -0500: FW: WOW!!!!!!!!!!!!! THIS HITS HOME!!!!!!!! or just delete it 1612606737 ( 209.86.89.69 ) To: abuse#abuse.earthlink.net[at]devnull.spamcop.net 1612606736 ( 209.86.89.69 ) To: spamcop[at]imaphost.com -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From bar_n0ne at hotmail.com Wed Mar 1 13:44:18 2006 From: bar_n0ne at hotmail.com (Berny) Date: Wed Mar 1 14:45:07 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: "Anonymous" wrote in message news:du4s8h$lpp$1@news.spamcop.net... > > I am having a hard time figuring out how the spammer or the virus above > knows > what the email address of the spamtrap is. When SpamCop chooses an email > address for a spamtrap, don't they pick something difficult to guess? > > Then again, I get a fair number of webmaster@, sales@, and support@ spams > on domains that have never had such email addresses, so perhaps some spamcop > spamtraps use those easy-to-guess prefixes? Some, including spammers claim that it is very easy nowadays to map spamtrap addresses, with a relatively small number of spam runs. Probably, the short time between hitting traps and getting listed is used in such a process. Nevertheless, if the OP's newsletters used a proper closed loop opt in process, then the only mails a spamtrap should receive are subscription confirmations, which is apparently inconsistent with reports of the type of spam (legit? spam) received according to Ellen. Further, so what, if a spamtrap is the webtmaster. etc [at] my.little.vanity.domain, why should that account get spam?. If the domain does no business and communicates with no one and is not advertized, then the only mail it should receive is from the hoster, registrar and maybe Internic. It's certainly a great way to get host/webmaster spams id'd fast. From jeffg at spamcop.net Wed Mar 1 14:52:18 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 14:55:02 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Anonymous wrote: > I am having a hard time figuring out how the spammer or the virus > above knows > what the email address of the spamtrap is. When SpamCop chooses an > email address for a spamtrap, don't they pick something difficult to > guess? Yes, but then they seed the addresses in places that include hidden areas on web pages, where humans aren't supposed to look. > Then again, I get a fair number of webmaster@, sales@, and support@ > spams on domains that have never had such email addresses, so perhaps > some spamcop spamtraps use those easy-to-guess prefixes? Those mailbox names are mandated (if the functions exist) by the RFC #2142 Mailbox Names for Common Services, not an Internet Standard yet, at http://www.rfc-editor.org/rfc/rfc2142.txt . -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Wed Mar 1 12:09:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 1 15:10:03 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) References: Message-ID: Phillip Remaker wrote: > DNS lookups for 209.86.89.69 at bl.spamcop.net say it is a spammer. > > "Blocked - see http://www.spamcop.net/bl.shtml?209.86.89.69" Currently at senderbase the lookup sez it is listed http://www.senderbase.org/search?searchString=209.86.89.69 Real-time blacklists [ Click to view all ] bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=209.86.89.69 But it is not unusual for some lookup to be incorrect compared to the spamcop.net web gizmo. > But going to the URL > > http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69 > > I see > > 209.86.89.69 not listed in bl.spamcop.net That is also what I see at the spamcop web gizmo. > I had to poke a hole for that IP. But what happened? I ended up > blocking earthlink users. EL servers can easily get themselves blocklisted, since EL has a spamblocker which has an abusive configuration of performing challenges. The default configuration of the EL spamblocker is medium. EL's medium spamblocker is quite leaky. EL admin advises people who are unhappy with EL's leaky medium spamblocker setting to reconfigure to spamblocker high. EL's default configuration for spamblocker high is to send spamblocker medium spam to the known spam folder, to send whitelisteds to the Inbox, and to send everything else to the Suspect folder. Everything which lands in the suspect folder is challenged, which includes all of the spam which leaked past spamblocker medium. Those challenges are all going to bogus Froms and the bogus Froms include spamtraps and spamcop reporters. As a result, EL servers get blocklisted and EL customers have trouble with their mail delivery. I have not been able to convince the EL mail admins to use a default configuration on the spamblocker high setting to turn challenges off. Challenging spam is an abusive activity for a server, even if some of the spam has already been filtered. > I see a note on net abuse-sightings for 2/22... How did it not cycle > out of the DNS lookup? I'm sure the EL server gets itself listed and unlisted all the time. This recent discrepancy is most likely from being listed and unlisted again. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 1 17:17:14 2006 From: nobody at devnull.spamcop.net (Brian Stevens) Date: Wed Mar 1 17:20:03 2006 Subject: [SpamCop-List] DBSBL (ip4r) blocks all incoming messages Message-ID: I run MS Windows 2000 Server/Exchange 2000 Server on a dynamic address and as long as I route outgoing mail through my ISP everything has been working fine. Incoming messages also reach me directly courtesy of DNS2Go.com's dynamic DNS service without problem. Recently I upgraded to Symantec Mail Security for MS Exchange version 5.0. This version allows me to block spammers using ip4r (DNSBL) lookups. I have the same software configuration running at several customer sites with static IPs and it has very successfully reduced spam. I always use the following black lists: bl.spamcop.net (see http://www.spamcop.net). sbl-xbl.spamhaus.org (see http://www.spamhaus.org) On my site when I try using these same black lists ALL incoming messages are rejected with "550 5.2.1 refused: spam site" no matter who sends the message. My IP is not listed on any BL sites and I do not have an open proxy. I use the MS ISA 2000 firewall and keep up to date on patch levels for all software. I know that starting a couple of years ago many black lists will refuse messages sent from dynamic IPs which is why I send through my ISP's servers now. So does using a DNSBL also block incoming mail from reaching a dynamic ip as well? So far I haven't found any evidence of this. From jeffg at spamcop.net Wed Mar 1 17:24:07 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 17:25:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: Brian Stevens wrote: > So does using a DNSBL also block incoming mail > from reaching a dynamic ip as well? It shouldn't. I suggest interrogating that list's DNS servers and your ISP's DNS servers for that list's records manually from your server and from elsewhere, to see if you can determine why it appears to block all incoming mail. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at nowhere.invalid Wed Mar 1 23:45:44 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 1 17:50:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Wed, 1 Mar 2006 17:17:14 -0500, Brian Stevens coughed into spamcop and left this in : > I know that starting a couple of years ago many black lists will > refuse messages sent from dynamic IPs which is why I send through my > ISP's servers now. So does using a DNSBL also block incoming mail from > reaching a dynamic ip as well? So far I haven't found any evidence of > this. You're not going to like what I have to say but it has to be said. If you're not aware that the use of DNSBLs on an MX has nothing to do with and is in no way influenced by the IP address of that MX, you shouldn't be running an MX. Secondly, if the MX software you're using doesn't have the ability to use DNSBLs built-in and requires the use of a third-party extension, maybe you should be looking at something slightly more modern, like post-1980s. Thirdly, many here, myself included, are of the opinion that M$-sExchange shouldn't be exposed directly to a public network and that it should be front-ended by a real MTA such as Postfix, Exim or sendmail running on a Unix machine. In short, you're using an unsecure and feature-poor product on an unsecure O/S, while not knowing the mechanics of mail delivery. Believe me, you have bigger problems than trying to get your DNSBL extension not to reject all inbound mail. -- Steve Television -- a medium. So called because it is neither rare nor well done. -- Ernie Kovacs From nobody at devnull.spamcop.net Wed Mar 1 14:25:40 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Mar 1 17:55:02 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: "Jeff G." wrote in message news:du4u1j$n0d$1@news.spamcop.net... > Anonymous wrote: > >> I am having a hard time figuring out how the spammer or the virus >> above knows what the email address of the spamtrap is. When >> SpamCop chooses an email address for a spamtrap, don't they >> pick something difficult to guess? > > Yes, but then they seed the addresses in places that include hidden > areas on web pages, where humans aren't supposed to look. Correct me if my thinking has gone awry here... The above seems to imply that anyone who comes here complaining about how "somehow" he ended up with such spamtraps on his mailing list either ran a spambot that searches webpages for email addresses, or he bought a list from somebody who ran a spambot that searches webpages for email addresses. Such a spambot will find spamtraps, but they will be hidden in a crowd among a much larger number of non-spamtrap addresses. Thus I find it hard to believe that someone sneaky subscribed a spamtrap address (leaving aside the fact that such an address wouldn't respond to a confirmation email and thus would take itself of a well-managed list) or hard-coded the spamtrap address into a virus -- how would they know which address in their collection is the spamtrap? I also find it hard to believe that a virus got the spamtrap address from an outlook contacts list - how could it have gotten there? Am I thinking correctly here or am I missing something? G.M. From g.hyde at bigpond.net.au Thu Mar 2 09:34:50 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed Mar 1 18:35:02 2006 Subject: [SpamCop-List] Another paypal phish - get it while it's still in existence! Message-ID: http://www.spamcop.net/sc?id=z888543457z03559936fd467438961242d0108db6d9z These guys are so dumb they should line themselves up for the mugshot camera. It's being sent to the spoof@ address as I speak, so it won't be active for long! Cheers ... Geoffrey Hyde From MikeE at ster.invalid Wed Mar 1 16:43:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 1 19:45:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Anonymous wrote: > Correct me if my thinking has gone awry here... I'm going to disregard everything you and Jeff or anyone else has said before here, because I don't understand what you and Jeff were talking about, so I'm going to respond more or less 'cold' -- except that I am assuming that the general context of what you are saying below is based on the fact that this thread is about a person who has servers which are putting out over a hundred mailing lists and which servers are getting themselves spamcop blocklisted because they hit spamcop spamtraps and nothing else, no other spamtraps, no reporters, no sightings, no other blocklists. As if 'some' mailing lists have a problem 'only' with spamcop spamtraps. Further, altho' it has been alleged that [some of] those mailing lists have some kind of acceptable 'process' for their creation and management, perhaps that only means that one or more out of over a hundred have proper creation and management processes while one or more of over a hundred is decidedly a dirty list. Maybe all but one is totally dirty. Maybe only one is dirty. Who knows? We only know that in the collection of lists there are dirty lists and we don't know how dirty they are or how wonderful some of the other lists are. > The above seems to imply that anyone who comes here complaining > about how "somehow" he ended up with such spamtraps on his > mailing list either ran a spambot that searches webpages for email > addresses, or he bought a list from somebody who ran a spambot > that searches webpages for email addresses. I wouldn't imply anything. The business of how spamtraps get onto a mailing list is anyone's guess. Maybe someone has some spamtrap addresses and forge subscribed them and there was no process for confirmation. Maybe the guardian of the mailing list bought some names to add to the mailing list. Maybe the guardian of the list is personally running a webspider spambot to put things onto the list. The business of how the list came to be dirty is that there was not a proper confirmation process prior to adding an address to a list. That part is actually very simple. > Such a spambot will > find spamtraps, but they will be hidden in a crowd among a much > larger number of non-spamtrap addresses. Correct, but I can't see where this is going. A spider harvests addresses. Some of them are spamtraps, some are not. So what? Or, so where does that take us? > Thus I find it hard to > believe that someone sneaky subscribed a spamtrap address > (leaving aside the fact that such an address wouldn't respond to > a confirmation email and thus would take itself of a well-managed > list) or hard-coded the spamtrap address into a virus -- how would > they know which address in their collection is the spamtrap? I also > find it hard to believe that a virus got the spamtrap address from > an outlook contacts list - how could it have gotten there? I have no idea what is going on in the sentences between 'Thus' and 'there?' > Am I thinking correctly here or am I missing something? Somehow I sense that you are trying to make something more complicated of something that is probably like what I described in 'I wouldn't imply anything." par. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Thu Mar 2 03:08:39 2006 From: nospam at nospam.org (Ejo) Date: Wed Mar 1 21:10:02 2006 Subject: [SpamCop-List] Sluggish response Message-ID: Submitting spam via the web-form is very slow at the moment. From nospam at nospam.org Thu Mar 2 03:18:47 2006 From: nospam at nospam.org (Ejo) Date: Wed Mar 1 21:20:03 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) In-Reply-To: References: Message-ID: Phillip Remaker wrote: > DNS lookups for 209.86.89.69 at bl.spamcop.net say it is a spammer. > > "Blocked - see http://www.spamcop.net/bl.shtml?209.86.89.69" > > But going to the URL > > http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69 > > I see > > 209.86.89.69 not listed in bl.spamcop.net It is listed now. Another useful check is: http://openrbl.org/client/#209.86.89.69 and also here you'll see that the IP is listed in spamcop. Actually, the latter would be a useful check during the review of recent reports. I always want to see whether my submitted reports are picked up by the system and whether the list status in spamcop is unique compared to other lists. > > I had to poke a hole for that IP. But what happened? I ended up blocking > earthlink users. > > I see a note on net abuse-sightings for 2/22... How did it not cycle out of > the DNS lookup? > > From nobody at devnull.spamcop.net Thu Mar 2 11:56:44 2006 From: nobody at devnull.spamcop.net (Patto) Date: Wed Mar 1 22:00:03 2006 Subject: [SpamCop-List] Re: Sluggish response In-Reply-To: References: Message-ID: Ejo wrote: > Submitting spam via the web-form is very slow at the moment. Well, at least I get a response... An error occurred while processing your request. Reference #97.8c8f3554.1141267992.a87c193 From eddie at eddie.web Wed Mar 1 21:57:31 2006 From: eddie at eddie.web (eddie) Date: Wed Mar 1 22:00:06 2006 Subject: [SpamCop-List] Re: Sluggish response In-Reply-To: References: Message-ID: Ejo wrote: > Submitting spam via the web-form is very slow at the moment. I have worse than sluggish. I get an error. "An error occurred while processing your request. Reference #97.xxxxxxxxx..." (xed out for security reasons) From nobody at devnull.spamcop.net Wed Mar 1 22:11:23 2006 From: nobody at devnull.spamcop.net (Brian Stevens) Date: Wed Mar 1 22:15:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: > If you're not aware that the use of DNSBLs on an MX has nothing to do > with and is in no way influenced by the IP address of that MX, you > shouldn't be running an MX. My understanding was that it does a lookup of the sending server only but would it not be technically possible for a DNSBL to see who is asking and make to decision to reply that the message should be refused if the requestor was using a dynamic IP? There are bigots who believe that you can't be a responsible net citizen if you are on a dynamic IP. I will disagree until major ISP's like Rogers stop their highway robbery for static IPs. And yes I know why spammers like dynamic and proxies, etc. At one time Rogers provided me a static IP for $60/mth then they dropped support all together. Two years later they offer it again at $100 for a slower speed link!!! > Secondly, if the MX software you're using doesn't have the ability to > use DNSBLs built-in and requires the use of a third-party extension, > maybe you should be looking at something slightly more modern, like > post-1980s. Many small businesses still use Microsoft Small Business Server 2000 which includes Exchange 2000. Upgrading to SBS 2003 with Exchange 2003 would be nice but would require +$$$ for new hardware and software. I needed to upgrade my Symantec AntiVirus anyway so this kills two birds with one stone. > Thirdly, many here, myself included, are of the opinion that > M$-sExchange shouldn't be exposed directly to a public network and that > it should be front-ended by a real MTA such as Postfix, Exim or sendmail > running on a Unix machine. A front-end/back-end MX is slight overkill for a 5 user network. Why SBS 2000? Because I support it for a number of customers. Why Microsoft? Because many small and large businesses including the likes of Accenture find that using Microsoft products reduces their TCO. The installed base of MS SBS software which supports networks of up to 75 computers is a fast growing segment of the market. By using the included ISA firewall software on a dual NIC server, these networks can be adequately protected from Internet hackers and all violations can be logged to a SQL server for further evaluation. I have been supporting MS Exchange for 10 years and it gets the job done thank you. > In short, you're using an unsecure and feature-poor product on an > unsecure O/S, while not knowing the mechanics of mail delivery. > Believe me, you have bigger problems than trying to get your DNSBL > extension not to reject all inbound mail. Dozens of hackers from all over the world knock on my gateways every day but so far Microsoft with some help from Symantec is keeping them out. If you don't know some of the advantages of running Outlook on Exchange server then maybe you shouldn't be taking such a snobbish position. You won't find me trashing UNIX just because I support Microsoft. It has its place and I think many would agree that Microsoft does too. I certainly wouldn't want to go back to the monopolistic days when "IBM" and "computer" were synonymous terms. I also learned early in my career that the best technical product doesn't always win the market. That's why I decided in 1995 to join the Microsoft camp. I could see that the future was in small businesses just as in 1974 I decided the future was in personal computers when I started working for Datapoint. Datapoint's computers resembled the PC with an OS much like MS-DOS. Later they invented ARCNET and their next OS (around 1980), RMS was a cross between UNIX and Multics - very secure. Great stuff but dead today! From MikeE at ster.invalid Wed Mar 1 19:26:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 1 22:30:04 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) References: Message-ID: Ejo wrote: >> 209.86.89.69 not listed in bl.spamcop.net > > It is listed now. Another useful check is: At this moment, I can't access anything web spamcop.net, but it is listed in the DNS dns 69.89.86.209.bl.spamcop.net Canonical name: 69.89.86.209.bl.spamcop.net Addresses: 127.0.0.2 ... but I would like to see what the webgizmo sez. It's just that nothing is accessible http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69 An error occurred while processing your request. Reference #97.c32f648.1141269862.c416396 -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Wed Mar 1 21:27:49 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Mar 1 22:30:09 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: In article , "Jeff G." writes: > Anonymous wrote: >> Then again, I get a fair number of webmaster@, sales@, and support@ >> spams on domains that have never had such email addresses, so perhaps >> some spamcop spamtraps use those easy-to-guess prefixes? > > Those mailbox names are mandated (if the functions exist) by the RFC > #2142 Mailbox Names for Common Services, not an Internet Standard yet, > at http://www.rfc-editor.org/rfc/rfc2142.txt . Gee, I read: organizations which support email exchanges with the Internet are encouraged to support AT LEAST each mailbox name for which the associated function exists within the organization. and to me "are encouraged" is quite different from "mandated". From jeffg at spamcop.net Wed Mar 1 22:36:48 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 22:40:03 2006 Subject: [SpamCop-List] Re: Sluggish response References: Message-ID: Ejo wrote: > Submitting spam via the web-form is very slow at the moment. http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats appears to show that the performance of the SpamCop Parsing and Reporting Service went to hell in a handbasket around 21:40 EST -0500 (02:40 UTC -0000), 54 minutes ago. Its administrators are probably already aware of the issue. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Mar 1 23:09:01 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 23:10:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Larry Kilgallen wrote: > In article , "Jeff G." > writes: >> Anonymous wrote: > >>> Then again, I get a fair number of webmaster@, sales@, and support@ >>> spams on domains that have never had such email addresses, so >>> perhaps some spamcop spamtraps use those easy-to-guess prefixes? >> >> Those mailbox names are mandated (if the functions exist) by the RFC >> #2142 Mailbox Names for Common Services, not an Internet Standard >> yet, at http://www.rfc-editor.org/rfc/rfc2142.txt . > > Gee, I read: > > organizations which support email exchanges with the > Internet are encouraged to support AT LEAST each mailbox name for > which the associated function exists within the organization. > > and to me "are encouraged" is quite different from "mandated". Sorry, I was not quite precise enough, and RFC2142 is not quite internally consistent enough and was not quite spellchecked enough. RFC2142 Section 1 specifically states that "if a given service is offerred[sic], then the associated mailbox name(es)[sic] must be supported, resulting in delivery to a recipient appropriate for the referenced service or role." So, if an organization offers web service, it must have a working webmaster@, if it offers to sell, it must have a working sales@, and if it offers support, it must have a working support@. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jg at coks.net Wed Mar 1 20:40:39 2006 From: jg at coks.net (jg) Date: Wed Mar 1 23:40:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages In-Reply-To: References: Message-ID: On 3/1/2006 7:11 PM Brian Stevens scribbled: > Dozens of hackers from all over the world knock on my gateways every day but > so far Microsoft with some help from Symantec is keeping them out. If you > don't know some of the advantages of running Outlook on Exchange server then > maybe you shouldn't be taking such a snobbish position. You won't find me > trashing UNIX just because I support Microsoft. It has its place and I think > many would agree that Microsoft does too. > whooo haaaa - the scent of a train wreck approaching.... From jeffg at spamcop.net Wed Mar 1 23:38:34 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 23:40:08 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Anonymous wrote: > "Jeff G." wrote in message > news:du4u1j$n0d$1@news.spamcop.net... > >> Anonymous wrote: >> >>> I am having a hard time figuring out how the spammer or the virus >>> above knows what the email address of the spamtrap is. When >>> SpamCop chooses an email address for a spamtrap, don't they >>> pick something difficult to guess? >> >> Yes, but then they seed the addresses in places that include hidden >> areas on web pages, where humans aren't supposed to look. > > Correct me if my thinking has gone awry here... > > The above seems to imply that anyone who comes here complaining > about how "somehow" he ended up with such spamtraps on his > mailing list either ran a spambot that searches webpages for email > addresses, or he bought a list from somebody who ran a spambot > that searches webpages for email addresses. Such a spambot will > find spamtraps, but they will be hidden in a crowd among a much > larger number of non-spamtrap addresses. Thus I find it hard to > believe that someone sneaky subscribed a spamtrap address > (leaving aside the fact that such an address wouldn't respond to > a confirmation email and thus would take itself of a well-managed > list) or hard-coded the spamtrap address into a virus -- how would > they know which address in their collection is the spamtrap? I also > find it hard to believe that a virus got the spamtrap address from > an outlook contacts list - how could it have gotten there? > > Am I thinking correctly here or am I missing something? Please consider the following scenario: Reporter A visits a particular page on a SpamCop website which contains a particular Spamtrap Email Address A. The page is cached on Reporter A's hard disk. Thief A develops or modifies Worm A that can send Thief A personal information from the hard disks of infected people. Reporter A gets infected with Worm A. Worm A sends Spamtrap Email Address A (among other data) to Thief A. Thief A sells Spamtrap Email Address A (among the email addresses collected) to Listdealer A. Listdealer A adds Spamtrap Email Address A to List A and then "cleans" List A by verifying that email messages to the list members would not immediately produce 500-series errors. An overaggressive sales weenie at Listdealer A sells List A to an overaggressive marketing weenie at Customer A of Anonymous as confirmed opt-in email addresses, using some mixture of lies, winks, and nudges. Both weenies get rewarded for their aggressiveness. Customer A sends an email campaign to List A sourced at IP Address A, including Spamtrap Email Address A. Spamtrap Email Address A receives one of the messages and causes IP Address A to be listed by the SCBL (or causes the existing listing to be extended to 24 hours from receipt). Ideally, Customer A gets terminated or at least fined, ISP A gets cleanup fees, both weenies get fired and/or taught lessons, and Thief A and Listdealer A get investigated. Alternatively: Customer A runs Insecure Mailing List A, allowing web-based signups without confirmation. Ruthless Competitor A learns of Customer A's practices, and forge-subscribes Spamtrap Email Address A to Insecure Mailing List A. Customer A sends an email campaign to Insecure Mailing List A sourced at IP Address A, including Spamtrap Email Address A. Spamtrap Email Address A receives one of the messages and causes IP Address A to be listed by the SCBL (or causes the existing listing to be extended to 24 hours from receipt). Ideally, Customer A gets terminated or at least fined, ISP A gets cleanup fees, and Ruthless Competitor A gets investigated. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at nowhere.not Thu Mar 2 04:48:02 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed Mar 1 23:50:06 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Thu, 2 Mar 2006 03:11:23 UTC, "Brian Stevens" wrote: > Dozens of hackers from all over the world > knock on my gateways every day but so far > Microsoft with some help from Symantec is > keeping them out. Good. When I help my friends and neighbors I always install a router with a firewall between windows and the internet. While those routers are not always the best firewalls they are much better than using nothing and/or MS security software (sometimes I think MS and security is an oxymoron). > If you don't know some of the advantages of > running Outlook on Exchange server then maybe > you shouldn't be taking such a snobbish position. This is something else I do for my friends and neighbors. I always install a different email client and web browser, I do not let them use MS email or browser programs, too risky. > You won't find me trashing UNIX just because I > support Microsoft. It has its place and I > think many would agreethat Microsoft does too. I don't trash MS I just don't use their trash when it is not necessary. And MS puts out a lot of trash on the market. > I certainly wouldn't > want to go back to the monopolistic days when > "IBM" and "computer" were synonymous terms. The only thing that has change is the name. At one time it was IBM and computers now it is MS and computers. The difference I see is IBM tried to make a lot of money legally while MS does not care if it is legal or illegal as long as they make money. > I also learned early in my career that the best > technical product doesn't always win the market. That has been true forever. A lot of superior products have gone down to defeat by inferior products. What do we as consumers get out of that deal is we pay a lot of money for junk. -- Robert Blair From jeffg at spamcop.net Wed Mar 1 23:48:44 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 1 23:50:09 2006 Subject: [SpamCop-List] Re: Sluggish response References: Message-ID: Jeff G. wrote: > Ejo wrote: >> Submitting spam via the web-form is very slow at the moment. > > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats > appears to show that the performance of the SpamCop Parsing and > Reporting Service went to hell in a handbasket around 21:40 EST -0500 > (02:40 UTC -0000), 54 minutes ago. Its administrators are probably > already aware of the issue. It's been over two hours now. This appears to be a bigger problem than normal. :( -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From scamper at trisk.com Wed Mar 1 22:48:06 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Thu Mar 2 00:50:03 2006 Subject: [SpamCop-List] Re: Sluggish response In-Reply-To: References: Message-ID: Jeff G. wrote: > Jeff G. wrote: >> Ejo wrote: >>> Submitting spam via the web-form is very slow at the moment. >> > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats >> appears to show that the performance of the SpamCop Parsing and >> Reporting Service went to hell in a handbasket around 21:40 EST -0500 >> (02:40 UTC -0000), 54 minutes ago. Its administrators are probably >> already aware of the issue. > > It's been over two hours now. This appears to be a bigger problem than > normal. :( > It would seem so, looking at my mail logs, I'm seeing a bunch of outgoing messages to spamcop that show a deferred status due to connection timeouts with their mail servers. Looks like the outage started about Mar 2, 2006 02:47 GMT Definitely not typical of spamcop. From nobody at devnull.spamcop.net Thu Mar 2 01:12:36 2006 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 2 01:15:02 2006 Subject: [SpamCop-List] Re: Lighter side of spam In-Reply-To: References: Message-ID: Mike Easter wrote: > Not everyone uses the same kind of scorecard I use for playing the > spamhandling game. Few newsgroups have assets comparable to you, Mike. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From remaker at suespammers.org Wed Mar 1 23:25:12 2006 From: remaker at suespammers.org (Phillip Remaker) Date: Thu Mar 2 02:30:02 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) References: Message-ID: Thanks for the explanation. My problem was that the DNS gizmo was out of sync with the web gizmo. DNSSTUFF reports it blacklisted http://www.dnsstuff.com:8080/tools/ip4r.ch?ip=209.86.89.69 Webgizmo is not listed. http://www.spamcop.net/w3m?action=checkblock&ip=209.86.89.69 From nobody at devnull.spamcop.net Thu Mar 2 17:01:07 2006 From: nobody at devnull.spamcop.net (Patto) Date: Thu Mar 2 03:05:03 2006 Subject: [SpamCop-List] Re: Sluggish response In-Reply-To: References: Message-ID: Jeff G. wrote: > Jeff G. wrote: >> Ejo wrote: >>> Submitting spam via the web-form is very slow at the moment. >> > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats >> appears to show that the performance of the SpamCop Parsing and >> Reporting Service went to hell in a handbasket around 21:40 EST -0500 >> (02:40 UTC -0000), 54 minutes ago. Its administrators are probably >> already aware of the issue. > > It's been over two hours now. This appears to be a bigger problem than > normal. :( Seems to be back to normal now. From / at /.cn Thu Mar 2 19:24:01 2006 From: / at /.cn (Petzl) Date: Thu Mar 2 03:25:03 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: "Mike Easter" wrote in message news:du4cef$bhl$1@news.spamcop.net... > Petzl wrote: > I would say that iprimus isn't doing a good job of securing its user IPs > which are generating spam. This seems to me to be the worst of scenario's as the IP mentioned is an *email* server which has been compromised!!!! Iprimus blocks port 25 and all SpamCop reports accurately the source of spam so all IP's are secured (as long as the reporter has set up SpamCop properly, which Ellen tells me they have) This means all email addresses and names going through this server are collected and very possible "read" electronically. As you also know this has been happening from at least December 3rd last year. Iprimus have only just now worried about this after ignoring 1000's of individual reports telling them their server has been compromised Just another reason not to accept a compulsory email account from a "provider" Get the only Email address you will ever need http://www.spamcop.net/ces/individuals.shtml Petzl From / at /.cn Thu Mar 2 19:24:43 2006 From: / at /.cn (Petzl) Date: Thu Mar 2 03:25:08 2006 Subject: [SpamCop-List] Re: Mail server listed when Port 25 is blocked? References: Message-ID: "Ellen" wrote in message news:du4im4$fs4$1@news.spamcop.net... > > > "Petzl" wrote in message news:du47lq$7nj$1@news.spamcop.net... >> 210.50.76.196 >> >> I know they are bouncining emails but it seems this email server is being >> reported for spamming >> Wondering if someone has not set mail hosts or is the server compromised >> ***ounce**** > > It was legit spam not a reporting error. Iprimus is aware of the problem > and > has taken actions to stop the problem. We have been talking to them. > > Ellen > Thanks I already blamed them for not responding to abuse reports since December the 3rd 2005 (maybe before) Petzl From MikeE at ster.invalid Thu Mar 2 01:11:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 2 04:15:04 2006 Subject: [SpamCop-List] Re: 209.86.89.69 (earthlink) References: Message-ID: Phillip Remaker wrote: > Thanks for the explanation. My problem was that the DNS gizmo was > out of sync with the web gizmo. > > DNSSTUFF reports it blacklisted > > http://www.dnsstuff.com:8080/tools/ip4r.ch?ip=209.86.89.69 > > Webgizmo is not listed. > > http://www.spamcop.net/w3m?action=checkblock&ip=209.86.89.69 I'm sure the problem is due to it going on and off and on and off again and various databases lag behind. Currently both the webgizmo and my resolver's access are negative. dns 69.89.86.209.bl.spamcop.net No DNS for this address 209.86.89.69 not listed in bl.spamcop.net The most correct information is the webgizmo, even more correct than x.x.x.x.bl.spamcop.net -- and other db/s get their information from bl.spamcop.net. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Thu Mar 2 11:33:31 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 2 05:35:15 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Wed, 1 Mar 2006 22:11:23 -0500, Brian Stevens coughed into spamcop and left this in : > Dozens of hackers from all over the world knock on my gateways every > day but so far Microsoft with some help from Symantec is keeping them > out. Thousands knock on mine every day but so far iptables and sendmail are keeping them out with nobody's help. 76,440 attempts locked out in January. 75,658 in February. 5,382 this month at 8am local time. That's just port 25. I stopped logging attacks on ports 135 & co. ages ago because of the sheer size of the log files generated. > If you don't know some of the advantages of running Outlook on > Exchange server then maybe you shouldn't be taking such a snobbish > position. I do recognise some of the advantages of running the Outlook/Exchange combo. In fact, in an int_RA_net environment it's quite good. However, as soon as you start talking Int_ER_net, it all falls to pieces because that's not what it was designed for - or at least if it was, they got many things horribly wrong - and the advantages are not just outweighed, but completely dwarfed by the massive drawbacks of connecting up to the 'Net something which thumbs its nose at RFCs. So, my attitude isn't snobbish, it's the result of (too many) years of dealing with problems that Outlook and Exchange generate for standards-compliant software. > You won't find me trashing UNIX just because I support Microsoft. And I'm not trashing Microsoft just because I use Unix (Linux, FreeBSD and Solaris flavours if you want to know). I think Microsoft does great products for people who don't want to learn about computing, but only as long as the computers they use aren't connected to a network of any kind. Once that happens, it's game over. > It has its place and I think many would agree that Microsoft does too. I do too. It just happens that Microsoft's place is nowhere near an Internet connection. > I certainly wouldn't want to go back to the monopolistic days when > "IBM" and "computer" were synonymous terms. Because "Microsoft" and "computer" aren't synonymous in most peoples' minds today? > I also learned early in my career that the best technical product > doesn't always win the market. It rarely does when trying to share the market an 800lb gorilla that has a competing product for sale (regardless of the fact that that competing product doesn't actually do what's written on the box). > That's why I decided in 1995 to join the Microsoft camp. I joined the Microsoft camp around 1989 because there were no real alternatives. The Atari ST and Amiga were fairly good machines technically (I should know, I used to repair them for a living) but they were basically no more than glorified game consoles. There wasn't much serious software available for them and I didn't have time to write it all myself. Macintosh computers were still way out of my range price-wise, so that left the PC. Aside from the problems in MS-DOS 4 leading to the swift release of version 4.01 with fixed memory management, I thought that MS-DOS was an all-round good product. I rarely ever had any problems with it. By 1996 Windows 95 had landed on computers, and the first version was complete and utter trash. OSR 2.1 was the first really usable system, and we had to wait until, what, late 1997 / early 1998 for that? Then came Windows 98 and IE5, and that's when the problems started for real. I wanted something on which I could actually get work done instead of having to spend vast amounts of money on add-on software to protect my PC and having to worry about getting infected anyway. That's why I chose to switch *AWAY* from Windows in 1999. I'm glad I did. Things have only gone downhill since then. > RMS was a cross between UNIX and Multics - very secure. Great stuff > but dead today! You want secure? You should consider one of the BSDs. They'll run on lower-end hardware than Windows and Exchange, they provide far more network- and security-related features and they don't cost a penny. -- Steve From g.hyde at bigpond.net.au Thu Mar 2 22:41:12 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Mar 2 07:45:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: "Steven Maesslein" wrote in message news:slrne0difr.4jn.nobody@127.0.0.1... > I joined the Microsoft camp around 1989 because there were no real > alternatives. The Atari ST and Amiga were fairly good machines > technically (I should know, I used to repair them for a living) but they > were basically no more than glorified game consoles. There wasn't much > serious software available for them and I didn't have time to write it > all myself. Macintosh computers were still way out of my range > price-wise, so that left the PC. If you happen to be interested in what the Amiga crowd is doing, they're still going along over at www.amiga.de - pretty strongly by the looks of it. I'm just an Amiga fan, if you want serious technical help with anything Amiga, see if they've got any english version forums over there. Cheers ... Geoffrey Hyde From nobody at nowhere.invalid Thu Mar 2 15:47:27 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 2 09:50:03 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Thu, 2 Mar 2006 22:41:12 +1000, Geoffrey Hyde coughed into spamcop and left this in : > If you happen to be interested in what the Amiga crowd is doing, they're > still going along over at www.amiga.de - pretty strongly by the looks of it. I remember them from the days when I still had to ensure maintenance of Amigas *after* Commodore had been buried. > I'm just an Amiga fan, if you want serious technical help with anything > Amiga, see if they've got any english version forums over there. Kein Problem - ich spreche auch Deutsch :) -- Steve If money doesn't grow on trees then why do banks have branches? From pxpearson at spamxcop.net Thu Mar 2 08:33:45 2006 From: pxpearson at spamxcop.net (Peter Pearson) Date: Thu Mar 2 11:35:17 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: Getting back on-topic: You seem to be saying 1. that your mail-receiving configuration works fine at other sites you maintain that happen to have static IP addresses, even with block lists enabled; 2. that this same configuration works fine at your dynamic-IP site as long as you don't turn on the block lists; 3. that when you turn on block lists at your dynamic-IP site, all incoming messages get rejected with "550 5.2.1 refused: spam site". Like you, I find it hard to imagine that blocklists purposely corrupt their answers based on the requester's IP address. Not being a mail-configuring guru (nor a Microsoft guru, but let's not start that again :-), I can only suggest (1) sending manual queries to the blocklists, to confirm that they give honest answers; (2) enabling a single blocklist, so there's no uncertainty about which blocklist might be giving a funny answer; or (3) inserting code to log diagnostic information. You probably thought of all that. I'm just trying to re-establish a little momentum in a non-flamewar direction. -- Remove the two x's to get a good email address. From eddie at eddie.web Thu Mar 2 14:54:48 2006 From: eddie at eddie.web (eddie) Date: Thu Mar 2 14:55:03 2006 Subject: [SpamCop-List] Funny - Chinese spam about Asian Flu Message-ID: I think it's hilarious that spam coming from China and with websites hosted by the Chinese are spamming for Asian (Chinese) flu drugs. This is almost as funny as Chinese spam advertising the best Narcotics. PT Barnum was way low in his estimate about the birth rate of suckers and, had he known, spammers. From anthony.edwards at uk.easynet.net Thu Mar 2 20:25:18 2006 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Thu Mar 2 15:30:02 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Wed, 1 Mar 2006 22:11:23 -0500, Brian Stevens wrote: > Dozens of hackers from all over the world knock on my gateways every day but > so far Microsoft with some help from Symantec is keeping them out. If you > don't know some of the advantages of running Outlook on Exchange server then > maybe you shouldn't be taking such a snobbish position. The Outlook/Exchange groupware functionality (shared calendaring, etc) is indeed excellent, and some organisations find it indispensible. However, as others have also noted, I wouldn't personally connect a Microsoft Exchange Server directly to the public Internet, even (especially) in a corporate environment. Not particularly due to the security considerations, as I believe myself capable of absorbing sufficient clue to keep such an installation secure since I am paranoid about such things, but because a UNIX based MTA such as Exim or Postfix, together with a properly configured and maintained SpamAsssassin installation, can do a much better job at little or no financial cost of performing inbound spam filtering. I would front end such an installation, and run Exchange (if such were needed in the corporate environment in question) behind it. -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From kenbrody at spamcop.net Thu Mar 2 15:16:36 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Mar 2 15:40:03 2006 Subject: [SpamCop-List] Re: The issue of bounce versus reject References: <44036C3A.50B789E5@spamcop.net> <4403966F.CD32ACEF@spamcop.net> Message-ID: <440752A4.91E36B41@spamcop.net> "John E. Malmberg" wrote: > > Kenneth Brody wrote: [...] > > > In short, the only thing their SMTP server knows about you is the IP > > address that their DHCP has assigned to you, and (I suppose) the MAC > > address of your cablemodem. Their setup means that they have no way > > of knowing your true "from" address, and it also requires that they > > cannot reject e-mail from you at the SMTP level. > > That is correct, but mail from you in their I.P. space is outgoing from > what should be a trusted source to their SMTP server, so they should > trust you to provide a valid return e-mail address to send the bounce or > DSN to. _I_ do. However, what's to stop a spammer from doing differently? [...] > So there is no problem with outbound relaying and SMTP rejects as long > as you have valid information in your header. Again, I'm talking in terms of backscatter from spam, not legitimate e-mail. [...] > To prevent backscatter or silent deletion of messages, that mail server > must do all the spam rejection, and also have a list of valid e-mail > addresses that it should accept e-mail for. It also needs to be able to > handle the case of your mail server having a problem. Why should I have to send a list of all of my e-mail addresses to my ISP? [...] -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From redford_stone at INVERSE_OF_COLDmail.com Thu Mar 2 21:16:52 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Mar 2 16:20:02 2006 Subject: [SpamCop-List] Re: Funny - Chinese spam about Asian Flu References: Message-ID: eddie wrote in news:du7iif$bvh$1@news.spamcop.net: > I think it's hilarious that spam coming from China and with websites > hosted by the Chinese are spamming for Asian (Chinese) flu drugs. > > This is almost as funny as Chinese spam advertising the best Narcotics. > > PT Barnum was way low in his estimate about the birth rate of suckers > and, had he known, spammers. > PT Barnum may be accurate. Think about the number of suckers dropping dead due to the poisons that spammer drug products contain. Buy a spamvertised product and you play with fire. From bar_n0ne at hotmail.com Thu Mar 2 16:17:25 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu Mar 2 17:20:04 2006 Subject: [SpamCop-List] Re: Funny - Chinese spam about Asian Flu References: Message-ID: "Redstone" wrote in message > > PT Barnum may be accurate. Think about the number of suckers dropping dead > due to the poisons that spammer drug products contain. > > > Buy a spamvertised product and you play with fire. > You mean they actually deliver something? From redford_stone at INVERSE_OF_COLDmail.com Thu Mar 2 22:57:46 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Mar 2 18:00:03 2006 Subject: [SpamCop-List] [NANAE] Plug-in Warns of Evil Web Sites Message-ID: Found this on NANAE: =================================== Subject: Plug-in Warns of Evil Web Sites From: "HeyBub" Newsgroups: news.admin.net-abuse.email "A company founded by several MIT engineers launched free Internet Explorer and Firefox plug-ins Wednesday that reveal dangerous Web sites listed by popular search engines. "With the plug-ins installed, users see green, yellow, or red tags beside hits in search results on Google, MSN, and Yahoo, said Boston-based SiteAdvisor. The tags -- red represents sites that heavily spam visitors, host spyware and adware, or hijack browser home pages -- give users a heads-up before they click on a link." http://www.informationweek.com/internet/showArticle.jhtml?articleID= 181401865 [http://tinyurl.com/k3thb] Available here: http://www.siteadvisor.com/preview/index.html Seems to work as advertised and, boy, is it informative! They even tabulate how much spam they received just by signing up at the site. ===== Installed it on my browser. Pretty nifty. You can even sign up to be a reviewer for the sites you visit. From redford_stone at INVERSE_OF_COLDmail.com Thu Mar 2 22:59:31 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Mar 2 18:00:06 2006 Subject: [SpamCop-List] Re: Funny - Chinese spam about Asian Flu References: Message-ID: "Berny" wrote in news:du7qtm$gso$1@news.spamcop.net: > > You mean they actually deliver something? > > Easy enough for them to throw some toadstool into a gel-capsule. From bar_n0ne at hotmail.com Thu Mar 2 17:05:18 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu Mar 2 18:10:03 2006 Subject: [SpamCop-List] Re: Funny - Chinese spam about Asian Flu References: Message-ID: "Redstone" wrote in message news:Xns977A9885A70FEtinlc@216.154.195.61... > "Berny" wrote in > news:du7qtm$gso$1@news.spamcop.net: > > > > > You mean they actually deliver something? > > > > > > > Easy enough for them to throw some toadstool into a gel-capsule. > Yabbut someones got to pay for and put a stamp on the capsule, Oh, I forgot, they've hacked the pitney bowes stampng machine also. From g.hyde at bigpond.net.au Fri Mar 3 09:52:33 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Mar 2 19:00:02 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: "Steven Maesslein" wrote in message news:slrne0e1bv.9fr.nobody@127.0.0.1... > On Thu, 2 Mar 2006 22:41:12 +1000, Geoffrey Hyde coughed into spamcop > and left this in : >> I'm just an Amiga fan, if you want serious technical help with anything >> Amiga, see if they've got any english version forums over there. > > Kein Problem - ich spreche auch Deutsch :) Translation? I only speak English myself. :D Cheers ... Geoffrey Hyde From nobody at spamcop.net Thu Mar 2 18:18:25 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Mar 2 21:20:02 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: <13aueahyv89mk.dlg@news.spamcop.net> On Wed, 1 Mar 2006 22:11:23 -0500, Brian Stevens wrote: > There are bigots who believe that you > can't be a responsible net citizen if you are on a dynamic IP. That is a flawed statement. It isn't that I am a bigot who doesn't believe that you can't be a responsible net citizen on a dynamic IP address. It is that I am a pragmatist, for whom >99% of the email delivery attempts from Comcast (and other) dynamically hosted SMTP clients to my domain MX are _not_ from responsible net citizens; therefore, blocking such IP addresses is extremely effective at blocking spam delivery attempts. OTOH, _knowing_ that others will treat my SMTP relay client in the same fashion, I don't even attempt "ent-to-end" SMTP relaying; I use my ISP's SMTP server to handle my outbound email. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Thu Mar 2 18:23:00 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Mar 2 21:25:02 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: <10faq96wrt3se$.dlg@news.spamcop.net> On Wed, 1 Mar 2006 22:11:23 -0500, Brian Stevens wrote: > If you > don't know some of the advantages of running Outlook on Exchange server then > maybe you shouldn't be taking such a snobbish position. The only advantage of using Outlook on an Exchange server is product integration. I get that by running Pegasus Mail with Mercury/32. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Thu Mar 2 18:31:29 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Mar 2 21:35:04 2006 Subject: [SpamCop-List] Re: DBSBL (ip4r) blocks all incoming messages References: Message-ID: On Fri, 3 Mar 2006 09:52:33 +1000, Geoffrey Hyde wrote: > "Steven Maesslein" wrote in message > news:slrne0e1bv.9fr.nobody@127.0.0.1... >> On Thu, 2 Mar 2006 22:41:12 +1000, Geoffrey Hyde coughed into spamcop >> and left this in : >>> I'm just an Amiga fan, if you want serious technical help with anything >>> Amiga, see if they've got any english version forums over there. >> Kein Problem - ich spreche auch Deutsch :) > Translation? I only speak English myself. :D His comprehension of German seems better than the disclaimer. Although I did, once, receive a correction over writing, "I can speak a little ***" for the native "***" speaker; he suggested that 'hanasemasu' was more appropriate than the 'hanashimasu' I had written. 'hanashimasu' = "I speak..." 'hanasemasu' = "I can speak..." When one is writing, one isn't speaking; technically. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Thu Mar 2 19:38:53 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Mar 2 22:40:04 2006 Subject: [SpamCop-List] Re: The issue of bounce versus reject References: <44036C3A.50B789E5@spamcop.net> Message-ID: <16rk0suhrntz.dlg@news.spamcop.net> On Mon, 27 Feb 2006 16:16:42 -0500, Kenneth Brody wrote: > Having read the recent "why not allow bounces" thread, the following > occurred to me... You seem to be confusing message submission servers with MX servers. Message submission servers generally accept email from MUAs ("Mail User Agents"), mostly; using some means of authenticating the connection. MX servers accept email from _any_ MTA ("Mail Transfer Agent"), regardless of the source, and without authenticating the connection. Because of the trust involved in a message submission connection, message submission server bounces are, mostly, legitimately sent to user accounts which are the actual source of the message. OTOH, MX servers can't use the same criteria for authenticating email sources as message submission servers can use; by design, MX servers have to accept incoming connections that message submission servers can refuse. So there is a much higher probability that the "Return-Path" email address will be forged in email from a "Mail Transfer Agent" than from a "Mail User Agent". Therefore, MX servers can't afford to accept all plausible email addresses, then turn around and bounce the undeliverables; those will, usually, go to the wrong places. The best method for an MX server to use is to check two lists: A. Valid local email addresses; reject email if the RCPT TO isn't valid. B. DNSBLs; reject all email from listed IP addresses. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Fri Mar 3 15:40:33 2006 From: nobody at devnull.spamcop.net (Patto) Date: Fri Mar 3 01:45:13 2006 Subject: [SpamCop-List] An error occurred while processing your request. Message-ID: Same error as yesterday when trying to access spamcop.net From g.hyde at bigpond.net.au Fri Mar 3 19:40:11 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Mar 3 04:45:45 2006 Subject: [SpamCop-List] Fedora list spam with large attachment. Message-ID: http://www.spamcop.net/sc?id=z889520818zc21f147cfe3ed355899c5b92688b3f6az Okay, what the heck is this attachment in the spam - some application-octet or whatever SpamCop identified it as? And why are they sending it to me? It's obviously spam, and has been treated as such, SpamCop couldn't even say that the IP address was actually belonging to the server it purported to be from (got no name when trying the IP) so named it as source. Anyone else getting this kind of unwanted junk email? Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Mar 3 01:58:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 05:00:34 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z889520818zc21f147cfe3ed355899c5b92688b3f6az > > Okay, what the heck is this attachment in the spam - some > application-octet or whatever SpamCop identified it as? It is a viral propagation, virm/virmail, designed to look like a bounce which has a message.zip attachment which is b64 encoded. The source machine is 196.25.32.50 no rDNS of the .za Infodoor Networking which has problems with its contact information and SC wants to notify abuse@saix.net -- which is the way I would notify it. > And why are they sending it to me? It's obviously spam, and has been > treated as such, SpamCop couldn't even say that the IP address was > actually belonging to the server it purported to be from (got no name > when trying the IP) so named it as source. > > Anyone else getting this kind of unwanted junk email? You get viral propagations because your address is accessible at/by the infected propagator. Your AV agent may not be able to identify it because it is 'inside' a b64 encoded zip file. If you were handling it by opening it, the b64 would become decoded by your mail agent, then you would have to unzip the archive to find the executable. I haven't taken it down to the executable and characterized it yet. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 3 02:08:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 05:10:26 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Mike Easter wrote: > I haven't taken it down to the executable and characterized it yet. The decoded b64 message.zip is a corrupt zip file which I can't unzip with Iceows. I can look at the hex of the front of it and tell that its executable would be message.scr, but I can't characterize the virus in its zipped form with my AV. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Fri Mar 3 20:30:49 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Mar 3 05:35:09 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: I dunno if it's worth doing anything with. Apparently the ISP I'm with believes I should get sent any and all email addressed to me unless I want to sign up for their spam filter. Attachments included apparently. What I find really weird is that they won't even devote any of the vast amount of computing power they have available on their network to finding and removing viral attachments from spam - "because, it might be a legitimate attachment" - what I'm thinking of that is, if someone has to send you something that's executable, they surely have another means than email by now. Cheers ... Geoffrey Hyde "Mike Easter" wrote in message news:du94io$7ep$1@news.spamcop.net... > Mike Easter wrote: > >> I haven't taken it down to the executable and characterized it yet. > > The decoded b64 message.zip is a corrupt zip file which I can't unzip > with Iceows. I can look at the hex of the front of it and tell that its > executable would be message.scr, but I can't characterize the virus in > its zipped form with my AV. > > -- > Mike Easter > kibitzer, not SC admin > From aviatrix at lists.org.gg Fri Mar 3 10:42:11 2006 From: aviatrix at lists.org.gg (Aviatrix) Date: Fri Mar 3 05:45:04 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > What I find really weird is that they won't even devote any of the vast > amount of computing power they have available on their network to finding > and removing viral attachments from spam - "because, it might be a > legitimate attachment" - what I'm thinking of that is, if someone has to > send you something that's executable, they surely have another means than > email by now. Some ISPs enforce spam/virus filtering on their customers, whether the customers like it or not (causing some genuine mail to be lost). Some ISPs offer spam/virus filtering as an optional add-on service, either paid-for or free of charge (mine offers it free of charge). Some ISPs take the view that if customers want spam/virus filtering they should make their own arrangements. Yours obviously belongs in the third group. Personally I have no problem with that - I DO have a problem with the first group (especially if, like some ISPs I know, they just discard suspected spam/viruses without letting anyone know) From MikeE at ster.invalid Fri Mar 3 02:52:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 05:55:02 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Mike Easter wrote: > The decoded b64 message.zip is a corrupt zip file which I can't unzip > with Iceows. I can look at the hex of the front of it and tell that > its executable would be message.scr, but I can't characterize the > virus in its zipped form with my AV. I sent the corrupt zip to VirusTotal for their multiple AV agent analysis. NOD32 found the archive damaged, and 4 of them could see the MyDoom.M worm inside the damaged .zip. One said suspicious, 17 said negative. Results of a file scan This is a report processed by VirusTotal on 03/03/2006 at 11:28:08 (CET) after scanning the file "message.zip" file. Antivirus Version Update Result AntiVir 6.33.1.53 03.03.2006 Worm/Mydoom.M Avast 4.6.695.0 03.02.2006 Win32:Mydoom-M AVG 718 03.02.2006 no virus found Avira 6.33.1.53 03.03.2006 Worm/Mydoom.M BitDefender 7.2 03.03.2006 no virus found CAT-QuickHeal 8.00 03.02.2006 (Suspicious) - DNAScan ClamAV devel-20060126 03.02.2006 Worm.Mydoom.M DrWeb 4.33 03.03.2006 no virus found eTrust-InoculateIT 23.71.92 03.03.2006 no virus found eTrust-Vet 12.4.2104 03.03.2006 no virus found Ewido 3.5 03.02.2006 no virus found Fortinet 2.71.0.0 03.02.2006 no virus found F-Prot 3.16c 03.03.2006 no virus found Kaspersky 4.0.2.24 03.03.2006 no virus found McAfee 4709 03.02.2006 no virus found NOD32v2 1.1426 03.03.2006 archive damaged Norman 5.70.10 03.02.2006 no virus found Panda 9.0.0.4 03.03.2006 no virus found Sophos 4.03.0 03.03.2006 no virus found Symantec 8.0 03.03.2006 no virus found TheHacker 5.9.5.105 03.03.2006 no virus found UNA 1.83 03.02.2006 no virus found VBA32 3.10.5 03.02.2006 no virus found -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 3 03:11:51 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 06:15:03 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Aviatrix wrote: > Some ISPs offer spam/virus filtering as an optional add-on service, > either paid-for or free of charge (mine offers it free of charge). EL's options for the spamfiltering and virus filtering are included or free. The spamfiltering can be off, medium, or high -- the virus filtering off or on. The 'standard' spamfilter is leaky, the virus filter has a rare false positive. I can't recall the last time I saw a false negative virm slip thru'.. If EL's proprietary frontend TotalAccess is installed, which I would never do, there is a plethora of other 'filtering' options, ranging from parental controls to antiphish to antispyware to antipopups. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 3 03:20:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 06:25:02 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Mike Easter wrote: > The source machine is 196.25.32.50 no rDNS of the .za Infodoor > Networking Back in 2005 June 7, someone using that IP accessed a guest book and signed their name and email address. Zakithi Sinethemba Ngongoma zakithingongoma@hotmail.com Since the IP is most likely dynamic and the information is so stale, that data is most likely completely worthless. I don't advise signing guestbooks like that, unless you are /really/ looking for penpals. -- Mike Easter kibitzer, not SC admin From / at /.cn Fri Mar 3 22:49:17 2006 From: / at /.cn (Petzl) Date: Fri Mar 3 06:50:02 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: "Geoffrey Hyde" wrote in message news:du95sv$817$1@news.spamcop.net... >I dunno if it's worth doing anything with. Apparently the ISP I'm with >believes I should get sent any and all email addressed to me unless I want >to sign up for their spam filter. Another good reason to NOT accept the email address your ISP forces on one. You do need to consider a SpamCop email address, the only one you will ever need. Ask your provider for a refund for a supposed "service" you no longer need and should not pay for Get the only Email address you will ever need http://www.spamcop.net/ces/individuals.shtml Petzl From MikeE at ster.invalid Fri Mar 3 04:04:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 07:05:04 2006 Subject: [SpamCop-List] Re: Fedora list spam with large attachment. References: Message-ID: Mike Easter wrote: > Geoffrey Hyde wrote: >> Okay, what the heck is this attachment in the spam - some >> application-octet or whatever SpamCop identified it as? > > It is a viral propagation, virm/virmail, designed to look like a > bounce which has a message.zip attachment which is b64 encoded. Continuing my string of replies in this thread. This item also demonstrates a precautionary suggestion -- that you should not 'count on' your provider's or your own AV agents to protect you from virms. I have an additional 'crude' security measure called a BigFile rule. The bigfile is any email over a certain size gets message ruled into its own BigFile folder so that it can be handled with caution. Naturally you could handle this item without a bigfile rule -- because there are so many ways that you would be able to tell that this mail isn't something you want to handle carelessly, but having multiple layers to warn you of a problem is of some value since the majority of agents didn't identify this propagation even after the b64 decoding. MyDoom.M is also associated with installing a backdoor Zincite.A trojan which // Attempts to contact other infected systems by probing random IP addresses on port 1034. If an infected system is found, its IP address will be stored for possible future use. // When running the backdoor, the backdoor listens on TCP port 1034 for incoming connections. When remote attackers connect, they can: Download and execute files. Get the Trojan's saved list of other infected IP addresses. Stop the backdoor process. . -- Mike Easter kibitzer, not SC admin From nospam at nospam.nl Fri Mar 3 13:32:53 2006 From: nospam at nospam.nl (geo_splash_12) Date: Fri Mar 3 07:35:03 2006 Subject: [SpamCop-List] telefonica.es Message-ID: Which IP blocks are associated with telefonica.es and auna.es? These guys are slowly becoming a nuisance, and in senderbase I can't even find the proper whois information because they probably (like kornet) scattered over the entire IP4 spectrum. From MikeE at ster.invalid Fri Mar 3 04:55:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 07:55:04 2006 Subject: [SpamCop-List] Re: telefonica.es References: Message-ID: geo_splash_12 wrote: > Which IP blocks are associated with telefonica.es and auna.es? These > guys are slowly becoming a nuisance, and in senderbase I can't even > find the proper whois information because they probably (like kornet) > scattered over the entire IP4 spectrum. The output IPs listed at senderbase are 194.224.58.62 mail2.telefonica.es Y 4.9 4.3 212.170.236.199 sceest04.correodeempresas.telefonica.es Y 3.8 3.6 212.170.236.196 sceest03.correodeempresas.telefonica.es Y 3.7 3.5 212.170.236.86 sceent03.correodeempresas.telefonica.es Y 2.1 2.2 212.170.236.84 sceent01.correodeempresas.telefonica.es Y 3.0 2.2 212.170.236.85 sceent02.correodeempresas.telefonica.es Y 2.6 2.1 62.81.52.14 dulcesa.red.retevision.es Y 0.0 3.9 62.81.27.241 bcnfwl02.retevision.es Y 3.9 3.6 62.81.119.50 junta-icatm51456-meri.red.retevision.es Y 2.7 3.5 62.81.72.58 mtorres-ic60731-pamp.red.retevision.es Y 3.7 3.3 62.81.52.178 copiti-ic12891-vale.red.retevision.es Y 3.4 2.9 62.81.80.10 giahsa-ic-huel.red.retevision.es Y 2.6 2.8 62.81.26.74 nadal-ic11446-barc.red.retevision.es Y 3.4 2.8 62.81.92.66 momework-ic27411-alic.red.retevision.es Y 0.0 2.7 62.81.102.6 endesa-ic72593-sevi.red.retevision.es Y 2.7 2.6 62.81.119.10 junta-icatm6415-meri.red.retevision.es Y 3.0 2.4 62.81.55.94 calderinox-ic64373-sevi.red.retevision.es Y 0.0 2.3 62.81.55.50 emasesa-ic.red.retevision.es Y 0.0 2.3 62.81.84.98 lomonaco-ic38847-gran.red.retevision.es Y 0.0 2.3 62.81.90.26 schglo-ic104929-bar2.red.retevision.es Y 2.9 2.3 62.81.70.10 hpenisc-ic13727-cast.red.retevision.es Y 2.7 2.2 62.81.84.26 romysim-ic-gran.red.retevision.es Y 2.8 2.2 inetnum: 62.81.0.0 - 62.81.127.255 netname: RETENET descr: AUNA S.A.U, route: 62.81.0.0/16 descr: Retevision SA origin: AS16338 route: 212.170.0.0/16 descr: Telefonica Data Espan~a origin: AS3352 route: 194.224.0.0/16 descr: IBERNET descr: Telefonica transmision de datos, Internet Network origin: AS3352 You can take those AS#s to someplace like potaroo and determine the IPs associated. -- Mike Easter kibitzer, not SC admin From nospam at nospam.nl Fri Mar 3 16:30:43 2006 From: nospam at nospam.nl (geo_splash_12) Date: Fri Mar 3 10:35:04 2006 Subject: [SpamCop-List] Re: telefonica.es In-Reply-To: References: Message-ID: Mike Easter wrote: > geo_splash_12 wrote: > >>Which IP blocks are associated with telefonica.es and auna.es? These >>guys are slowly becoming a nuisance, and in senderbase I can't even >>find the proper whois information because they probably (like kornet) >>scattered over the entire IP4 spectrum. > > > The output IPs listed at senderbase are > > 194.224.58.62 mail2.telefonica.es Y 4.9 4.3 > 212.170.236.199 sceest04.correodeempresas.telefonica.es Y 3.8 3.6 > 212.170.236.196 sceest03.correodeempresas.telefonica.es Y 3.7 3.5 > 212.170.236.86 sceent03.correodeempresas.telefonica.es Y 2.1 2.2 > 212.170.236.84 sceent01.correodeempresas.telefonica.es Y 3.0 2.2 > 212.170.236.85 sceent02.correodeempresas.telefonica.es Y 2.6 2.1 > > > 62.81.52.14 dulcesa.red.retevision.es Y 0.0 3.9 > 62.81.27.241 bcnfwl02.retevision.es Y 3.9 3.6 > 62.81.119.50 junta-icatm51456-meri.red.retevision.es Y 2.7 3.5 > 62.81.72.58 mtorres-ic60731-pamp.red.retevision.es Y 3.7 3.3 > 62.81.52.178 copiti-ic12891-vale.red.retevision.es Y 3.4 2.9 > 62.81.80.10 giahsa-ic-huel.red.retevision.es Y 2.6 2.8 > 62.81.26.74 nadal-ic11446-barc.red.retevision.es Y 3.4 2.8 > 62.81.92.66 momework-ic27411-alic.red.retevision.es Y 0.0 2.7 > 62.81.102.6 endesa-ic72593-sevi.red.retevision.es Y 2.7 2.6 > 62.81.119.10 junta-icatm6415-meri.red.retevision.es Y 3.0 2.4 > 62.81.55.94 calderinox-ic64373-sevi.red.retevision.es Y 0.0 2.3 > 62.81.55.50 emasesa-ic.red.retevision.es Y 0.0 2.3 > 62.81.84.98 lomonaco-ic38847-gran.red.retevision.es Y 0.0 2.3 > 62.81.90.26 schglo-ic104929-bar2.red.retevision.es Y 2.9 2.3 > 62.81.70.10 hpenisc-ic13727-cast.red.retevision.es Y 2.7 2.2 > 62.81.84.26 romysim-ic-gran.red.retevision.es Y 2.8 2.2 > > > inetnum: 62.81.0.0 - 62.81.127.255 > netname: RETENET > descr: AUNA S.A.U, > route: 62.81.0.0/16 > descr: Retevision SA > origin: AS16338 > > route: 212.170.0.0/16 > descr: Telefonica Data Espan~a > origin: AS3352 > > route: 194.224.0.0/16 > descr: IBERNET > descr: Telefonica transmision de datos, Internet Network > origin: AS3352 > > > You can take those AS#s to someplace like potaroo and determine the IPs > associated. > > This is not what I see, the spams from telefonica.es do come from for instance: 80.34.54.48 80.58.210.67 83.43.185.178 83.44.1.204 83.53.229.176 83.58.202.60 auna.es IPs are for instance: 82.159.80.85 82.159.17.168 Ejo From MikeE at ster.invalid Fri Mar 3 08:47:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 11:50:04 2006 Subject: [SpamCop-List] Re: telefonica.es References: Message-ID: geo_splash_12 wrote: > Mike Easter wrote: >> The output IPs listed at senderbase are >> >> 194.224.58.62 mail2.telefonica.es Y 4.9 4.3 >> 62.81.52.14 dulcesa.red.retevision.es Y 0.0 3.9 > This is not what I see, the spams from telefonica.es do come from for > instance: > > 80.34.54.48 > 80.58.210.67 > 83.43.185.178 > 83.44.1.204 > 83.53.229.176 > 83.58.202.60 user IPs - RIMA -- it has many more besides those 80. & 83. > auna.es IPs are for instance: > > 82.159.80.85 > 82.159.17.168 User IPs in this family inetnum: 82.158.138.0 - 82.159.127.255 netname: MADRITEL descr: PROVIDER descr: Madritel MADRITEL has many more blocks besides those 82.158 & .159 -- Mike Easter kibitzer, not SC admin From nospam at nospam.nl Fri Mar 3 18:08:26 2006 From: nospam at nospam.nl (geo_splash_12) Date: Fri Mar 3 12:10:03 2006 Subject: [SpamCop-List] Re: telefonica.es In-Reply-To: References: Message-ID: Mike: dshield is a nice tool to do this, thus http://www.dshield.org/ipinfo.php?ip=83.43.185.178&Submit=Submit tells me where 83.43.185.178 is located and the fine line of horse manure around that IP. Ejo Mike Easter wrote: > geo_splash_12 wrote: > >>Mike Easter wrote: > > >>>The output IPs listed at senderbase are >>> >>>194.224.58.62 mail2.telefonica.es Y 4.9 4.3 > > >>>62.81.52.14 dulcesa.red.retevision.es Y 0.0 3.9 > > >>This is not what I see, the spams from telefonica.es do come from for >>instance: >> >>80.34.54.48 >>80.58.210.67 >>83.43.185.178 >>83.44.1.204 >>83.53.229.176 >>83.58.202.60 > > > user IPs - RIMA -- it has many more besides those 80. & 83. > > >>auna.es IPs are for instance: >> >>82.159.80.85 >>82.159.17.168 > > > User IPs in this family > > inetnum: 82.158.138.0 - 82.159.127.255 > netname: MADRITEL > descr: PROVIDER > descr: Madritel > > MADRITEL has many more blocks besides those 82.158 & .159 > From MikeE at ster.invalid Fri Mar 3 09:32:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 12:35:02 2006 Subject: [SpamCop-List] Re: telefonica.es References: Message-ID: geo_splash_12 wrote: > Mike: dshield is a nice tool to do this, thus > > http://www.dshield.org/ipinfo.php?ip=83.43.185.178&Submit=Submit > > tells me where 83.43.185.178 is located and the fine line of horse > manure around that IP. Yes, but that is just one little block inetnum: 83.40.201.0 - 83.45.92.255 netname: RIMA There are many scores of such blocks of various sizes. If you do whois -h whois.ripe.net rima you will see a huge output of tons of such blocks. I was going to extract a list of just the 'inetnum' lines for RIMA and MADRITEL. Madritel's is much shorter, I'll use it as an example. inetnum: 213.37.0.0 - 213.37.65.255 inetnum: 213.37.110.0 - 213.37.131.245 inetnum: 213.37.108.88 - 213.37.108.119 inetnum: 213.37.66.0 - 213.37.107.255 inetnum: 213.37.150.0 - 213.37.251.255 inetnum: 213.37.253.0 - 213.37.255.255 inetnum: 213.37.132.0 - 213.37.149.255 inetnum: 82.158.0.0 - 82.158.95.255 inetnum: 82.158.96.0 - 82.158.135.255 inetnum: 82.158.138.0 - 82.159.127.255 -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 3 09:47:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 12:50:03 2006 Subject: [SpamCop-List] Re: telefonica.es References: Message-ID: Mike Easter wrote: > > whois -h whois.ripe.net rima > > you will see a huge output of tons of such blocks. I was going to > extract a list of just the 'inetnum' lines for RIMA and MADRITEL. > Madritel's is much shorter, I'll use it as an example. This is less than half of RIMA's inetnum: 217.125.156.0 - 217.125.157.255 inetnum: 217.125.192.0 - 217.125.255.255 inetnum: 217.125.160.0 - 217.125.191.255 inetnum: 217.125.152.0 - 217.125.155.255 inetnum: 213.98.181.0 - 213.98.181.255 inetnum: 213.98.182.0 - 213.98.183.255 inetnum: 213.98.184.0 - 213.98.191.255 inetnum: 213.98.192.0 - 213.98.255.255 inetnum: 213.4.44.0 - 213.4.45.255 inetnum: 213.0.64.0 - 213.0.71.255 inetnum: 213.0.0.0 - 213.0.3.255 inetnum: 195.57.120.0 - 195.57.123.255 inetnum: 195.55.248.0 - 195.55.251.255 inetnum: 217.125.150.0 - 217.125.151.255 inetnum: 217.125.149.0 - 217.125.149.255 inetnum: 80.58.100.0 - 80.58.104.63 inetnum: 217.125.158.0 - 217.125.159.255 inetnum: 80.58.32.0 - 80.58.55.255 inetnum: 80.26.148.0 - 80.26.150.255 inetnum: 195.55.93.0 - 195.55.99.255 inetnum: 195.57.76.0 - 195.57.80.255 inetnum: 212.170.0.0 - 212.170.26.255 inetnum: 213.4.0.0 - 213.4.27.255 inetnum: 217.125.0.0 - 217.125.148.255 inetnum: 195.55.216.0 - 195.55.222.255 inetnum: 80.59.0.0 - 80.59.255.255 inetnum: 80.58.0.0 - 80.58.24.255 inetnum: 213.98.0.0 - 213.98.180.255 inetnum: 80.58.124.0 - 80.58.125.255 inetnum: 80.58.86.0 - 80.58.97.255 inetnum: 80.58.64.0 - 80.58.84.255 inetnum: 80.58.128.0 - 80.58.159.255 inetnum: 80.58.105.0 - 80.58.109.255 inetnum: 80.58.240.0 - 80.58.249.255 inetnum: 80.32.0.0 - 80.35.255.255 inetnum: 80.58.255.0 - 80.58.255.255 inetnum: 80.58.99.32 - 80.58.99.47 inetnum: 80.58.63.192 - 80.58.63.199 inetnum: 80.58.63.0 - 80.58.63.15 inetnum: 80.58.253.0 - 80.58.253.255 inetnum: 80.58.62.0 - 80.58.62.255 inetnum: 80.58.184.0 - 80.58.184.255 inetnum: 80.58.185.0 - 80.58.185.255 inetnum: 80.58.186.0 - 80.58.186.255 inetnum: 80.58.192.0 - 80.58.192.31 inetnum: 80.58.192.128 - 80.58.192.255 inetnum: 80.58.63.32 - 80.58.63.63 inetnum: 80.58.251.0 - 80.58.251.255 inetnum: 80.58.252.0 - 80.58.252.255 inetnum: 80.58.187.0 - 80.58.187.63 inetnum: 80.58.187.64 - 80.58.187.95 inetnum: 80.58.187.128 - 80.58.187.191 inetnum: 80.58.187.192 - 80.58.187.223 inetnum: 80.58.192.32 - 80.58.192.47 inetnum: 80.58.192.48 - 80.58.192.63 inetnum: 80.58.254.0 - 80.58.254.127 inetnum: 80.58.63.64 - 80.58.63.95 inetnum: 80.58.188.0 - 80.58.188.63 inetnum: 80.58.193.0 - 80.58.193.31 inetnum: 80.58.236.0 - 80.58.239.255 inetnum: 81.47.237.0 - 81.47.237.41 inetnum: 80.58.85.0 - 80.58.85.255 inetnum: 81.32.0.0 - 81.34.255.255 inetnum: 80.58.31.0 - 80.58.31.255 inetnum: 80.58.160.0 - 80.58.163.255 inetnum: 80.58.164.0 - 80.58.167.255 inetnum: 80.58.120.0 - 80.58.120.127 inetnum: 80.58.196.0 - 80.58.197.127 inetnum: 80.58.197.128 - 80.58.199.127 inetnum: 80.58.232.0 - 80.58.235.255 inetnum: 80.58.220.0 - 80.58.227.255 inetnum: 80.58.63.128 - 80.58.63.191 inetnum: 80.58.63.200 - 80.58.63.255 inetnum: 213.96.0.0 - 213.96.255.255 inetnum: 213.97.0.0 - 213.97.255.255 inetnum: 217.126.0.0 - 217.126.255.255 inetnum: 217.127.0.0 - 217.127.255.255 inetnum: 81.47.0.0 - 81.47.19.135 inetnum: 81.47.64.0 - 81.47.83.135 inetnum: 80.58.63.16 - 80.58.63.31 inetnum: 80.58.121.0 - 80.58.123.255 inetnum: 80.58.118.0 - 80.58.119.255 inetnum: 80.58.112.0 - 80.58.114.23 inetnum: 80.58.206.0 - 80.58.207.255 inetnum: 81.47.237.42 - 81.47.237.255 inetnum: 81.46.0.0 - 81.46.3.255 inetnum: 80.58.117.0 - 80.58.117.63 inetnum: 80.58.120.128 - 80.58.120.255 inetnum: 81.46.61.0 - 81.46.63.255 inetnum: 80.58.208.0 - 80.58.219.255 inetnum: 81.45.128.0 - 81.45.151.255 -- Mike Easter kibitzer, not SC admin From nospam at nospam.nl Fri Mar 3 19:02:00 2006 From: nospam at nospam.nl (geo_splash_12) Date: Fri Mar 3 13:05:02 2006 Subject: [SpamCop-List] Re: telefonica.es In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>whois -h whois.ripe.net rima >> >>you will see a huge output of tons of such blocks. I was going to >>extract a list of just the 'inetnum' lines for RIMA and MADRITEL. >>Madritel's is much shorter, I'll use it as an example. > > > This is less than half of RIMA's > > inetnum: 217.125.156.0 - 217.125.157.255 > inetnum: 217.125.192.0 - 217.125.255.255 > inetnum: 217.125.160.0 - 217.125.191.255 > inetnum: 217.125.152.0 - 217.125.155.255 > inetnum: 213.98.181.0 - 213.98.181.255 > inetnum: 213.98.182.0 - 213.98.183.255 > inetnum: 213.98.184.0 - 213.98.191.255 > inetnum: 213.98.192.0 - 213.98.255.255 > inetnum: 213.4.44.0 - 213.4.45.255 > inetnum: 213.0.64.0 - 213.0.71.255 > inetnum: 213.0.0.0 - 213.0.3.255 > inetnum: 195.57.120.0 - 195.57.123.255 > inetnum: 195.55.248.0 - 195.55.251.255 > inetnum: 217.125.150.0 - 217.125.151.255 > inetnum: 217.125.149.0 - 217.125.149.255 > inetnum: 80.58.100.0 - 80.58.104.63 > inetnum: 217.125.158.0 - 217.125.159.255 > inetnum: 80.58.32.0 - 80.58.55.255 > inetnum: 80.26.148.0 - 80.26.150.255 > inetnum: 195.55.93.0 - 195.55.99.255 > inetnum: 195.57.76.0 - 195.57.80.255 > inetnum: 212.170.0.0 - 212.170.26.255 > inetnum: 213.4.0.0 - 213.4.27.255 > inetnum: 217.125.0.0 - 217.125.148.255 > inetnum: 195.55.216.0 - 195.55.222.255 > inetnum: 80.59.0.0 - 80.59.255.255 > inetnum: 80.58.0.0 - 80.58.24.255 > inetnum: 213.98.0.0 - 213.98.180.255 > inetnum: 80.58.124.0 - 80.58.125.255 > inetnum: 80.58.86.0 - 80.58.97.255 > inetnum: 80.58.64.0 - 80.58.84.255 > inetnum: 80.58.128.0 - 80.58.159.255 > inetnum: 80.58.105.0 - 80.58.109.255 > inetnum: 80.58.240.0 - 80.58.249.255 > inetnum: 80.32.0.0 - 80.35.255.255 > inetnum: 80.58.255.0 - 80.58.255.255 > inetnum: 80.58.99.32 - 80.58.99.47 > inetnum: 80.58.63.192 - 80.58.63.199 > inetnum: 80.58.63.0 - 80.58.63.15 > inetnum: 80.58.253.0 - 80.58.253.255 > inetnum: 80.58.62.0 - 80.58.62.255 > inetnum: 80.58.184.0 - 80.58.184.255 > inetnum: 80.58.185.0 - 80.58.185.255 > inetnum: 80.58.186.0 - 80.58.186.255 > inetnum: 80.58.192.0 - 80.58.192.31 > inetnum: 80.58.192.128 - 80.58.192.255 > inetnum: 80.58.63.32 - 80.58.63.63 > inetnum: 80.58.251.0 - 80.58.251.255 > inetnum: 80.58.252.0 - 80.58.252.255 > inetnum: 80.58.187.0 - 80.58.187.63 > inetnum: 80.58.187.64 - 80.58.187.95 > inetnum: 80.58.187.128 - 80.58.187.191 > inetnum: 80.58.187.192 - 80.58.187.223 > inetnum: 80.58.192.32 - 80.58.192.47 > inetnum: 80.58.192.48 - 80.58.192.63 > inetnum: 80.58.254.0 - 80.58.254.127 > inetnum: 80.58.63.64 - 80.58.63.95 > inetnum: 80.58.188.0 - 80.58.188.63 > inetnum: 80.58.193.0 - 80.58.193.31 > inetnum: 80.58.236.0 - 80.58.239.255 > inetnum: 81.47.237.0 - 81.47.237.41 > inetnum: 80.58.85.0 - 80.58.85.255 > inetnum: 81.32.0.0 - 81.34.255.255 > inetnum: 80.58.31.0 - 80.58.31.255 > inetnum: 80.58.160.0 - 80.58.163.255 > inetnum: 80.58.164.0 - 80.58.167.255 > inetnum: 80.58.120.0 - 80.58.120.127 > inetnum: 80.58.196.0 - 80.58.197.127 > inetnum: 80.58.197.128 - 80.58.199.127 > inetnum: 80.58.232.0 - 80.58.235.255 > inetnum: 80.58.220.0 - 80.58.227.255 > inetnum: 80.58.63.128 - 80.58.63.191 > inetnum: 80.58.63.200 - 80.58.63.255 > inetnum: 213.96.0.0 - 213.96.255.255 > inetnum: 213.97.0.0 - 213.97.255.255 > inetnum: 217.126.0.0 - 217.126.255.255 > inetnum: 217.127.0.0 - 217.127.255.255 > inetnum: 81.47.0.0 - 81.47.19.135 > inetnum: 81.47.64.0 - 81.47.83.135 > inetnum: 80.58.63.16 - 80.58.63.31 > inetnum: 80.58.121.0 - 80.58.123.255 > inetnum: 80.58.118.0 - 80.58.119.255 > inetnum: 80.58.112.0 - 80.58.114.23 > inetnum: 80.58.206.0 - 80.58.207.255 > inetnum: 81.47.237.42 - 81.47.237.255 > inetnum: 81.46.0.0 - 81.46.3.255 > inetnum: 80.58.117.0 - 80.58.117.63 > inetnum: 80.58.120.128 - 80.58.120.255 > inetnum: 81.46.61.0 - 81.46.63.255 > inetnum: 80.58.208.0 - 80.58.219.255 > inetnum: 81.45.128.0 - 81.45.151.255 > > Mike -- this will do the trick (and I haven't yet installed a whois to verify this all). Mucho Gracias -- Ejo From MikeE at ster.invalid Fri Mar 3 10:07:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 3 13:10:03 2006 Subject: [SpamCop-List] Re: telefonica.es References: Message-ID: geo_splash_12 wrote: > Which IP blocks are associated with telefonica.es and auna.es? Because there are so many little pieces and parts to the rima and madritel user IP blocks, it would be easier to just use something like blackholes.us or nerd-zz and just block all of Spain. If you have correspondents in .es you could whitelist domains, IP blocks, or addies. The examples of IPs you listed earlier would not have been filtered well by my filters, as only one appeared in CBL and one in SCbl -- but I haven't been getting .es spam leakage, so your spam must be different from mine. Whether or not a country filter would work for you - since you are .nl and maybe you get more Euro spam - I don't know. It depends on how much .es unknown goodmail you get. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Fri Mar 3 12:40:34 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Mar 3 13:45:04 2006 Subject: [SpamCop-List] Re: The issue of bounce versus reject References: <44036C3A.50B789E5@spamcop.net> <4403966F.CD32ACEF@spamcop.net> <440752A4.91E36B41@spamcop.net> Message-ID: <1ncKK$MUemdg@eisner.encompasserve.org> In article <440752A4.91E36B41@spamcop.net>, Kenneth Brody writes: > "John E. Malmberg" wrote: >> >> Kenneth Brody wrote: > [...] >> >> > In short, the only thing their SMTP server knows about you is the IP >> > address that their DHCP has assigned to you, and (I suppose) the MAC >> > address of your cablemodem. Their setup means that they have no way >> > of knowing your true "from" address, and it also requires that they >> > cannot reject e-mail from you at the SMTP level. >> >> That is correct, but mail from you in their I.P. space is outgoing from >> what should be a trusted source to their SMTP server, so they should >> trust you to provide a valid return e-mail address to send the bounce or >> DSN to. > > _I_ do. However, what's to stop a spammer from doing differently? With some ISP's, nothing. This is known as a multi-hop exploit where the spammer uses a zombie to realy through the ISP's mail server. Other ISPs use rate limiting, where only x mails per time period will go out, and some use DNSBls on the input to their internal mail servers to alert support people if one of their I.P. addresses is listed for sending spam. Some ISP's require that the sender use the e-mail address that they provide, in which case you can not use their mail server for smart-hosting or an external gateway. > [...] >> So there is no problem with outbound relaying and SMTP rejects as long >> as you have valid information in your header. > > Again, I'm talking in terms of backscatter from spam, not legitimate > e-mail. Backscatter from a multi-hop exploit will get reported to the abuse address of the mail server on the network with a security problem. That network administrator should fix the problem. Based on what I saw last year on my broadband ISP's internal forum, several other popular ISPs in the U.S. have a hair trigger on blocking mail servers used in multi-hop exploits in their local databases, and it requires some hoop jumping to get out of them. MAPS now has a spamtrap based system that will list for some period of time after a spamtrap hit. And that system will list the outputs of multi-hop exploits. So while some spammers will use multi-hop exploits, they generally will avoid the ISP's that take quick action on those reports. Now if only those ISP's would take the same quick action on the zombies that are going direct to MX... > [...] >> To prevent backscatter or silent deletion of messages, that mail server >> must do all the spam rejection, and also have a list of valid e-mail >> addresses that it should accept e-mail for. It also needs to be able to >> handle the case of your mail server having a problem. > > Why should I have to send a list of all of my e-mail addresses to my ISP? Is incoming e-mail coming to them through that ISP directly from the Internet? This would mean that the MX record for those domains is pointing at your ISP's mail server, and that mail server would have to know it was OK to relay e-mail to those domains to your internal mail server. In order to do that without backscatter or silent deleting of undelivered messages the internet facing mail server needs to know the delivery state for each recipiant. Some forwarding servers know how to probe to see if the internal mail server is accepting e-mail for an address before the SMTP dialog is complete. In that case the internet facing mail server may not need to know all the e-mail addresses for the domain. -John wb8tyw@qsl.network Personal Opinion Only From g.hyde at bigpond.net.au Sat Mar 4 16:04:14 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Mar 4 01:05:04 2006 Subject: [SpamCop-List] Should this be cut from the email before submitting? Message-ID: http://www.spamcop.net/sc?id=z890126486z8c06db28654b2d5f5143c0154580a556z In the Outlook Express client I use, there was a Message ID and Date line that was displayed by Outlook Express for this spam. Spamcop didn't parse this part or munge anything to do with it, but is there anything a spammer can glean from these lines that would mean I'd have to cut it out of the message body? I'm hoping this is just more faked (and annoying) header lines, but I'm not sure so it was, again, submitted as-is. Cheers ... Geoffrey Hyde From / at /.cn Sat Mar 4 18:37:51 2006 From: / at /.cn (Petzl) Date: Sat Mar 4 02:40:13 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: "Geoffrey Hyde" wrote in message news:dubaku$mho$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z890126486z8c06db28654b2d5f5143c0154580a556z > > In the Outlook Express client I use, there was a Message ID and Date line > that was displayed by Outlook Express for this spam. Spamcop didn't parse > this part or munge anything to do with it, but is there anything a spammer > can glean from these lines that would mean I'd have to cut it out of the > message body? > > I'm hoping this is just more faked (and annoying) header lines, but I'm > not sure so it was, again, submitted as-is. > Please do not use a real email address in newsgroups unless it is a bullet proof SpamCop one I would not worry about it your email address has already been taken and will be circulated to many other spammers which mean your email address will be attacked more and more Your best defence from spammers is attack and by reporting through SpamCop means an abuse report is sent to the listed owner of that IP meaning there is a good chance the hole the spammer is crawling through is closed It is also a good idea to get a SpamCop email address the one bigpong force on you is next to useless Get the only Email address you will ever need http://www.spamcop.net/ces/individuals.shtml Petzl From scamper at trisk.com Sat Mar 4 00:47:15 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat Mar 4 02:50:04 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z890126486z8c06db28654b2d5f5143c0154580a556z > > In the Outlook Express client I use, there was a Message ID and Date line > that was displayed by Outlook Express for this spam. Spamcop didn't parse > this part or munge anything to do with it, but is there anything a spammer > can glean from these lines that would mean I'd have to cut it out of the > message body? > > I'm hoping this is just more faked (and annoying) header lines, but I'm not > sure so it was, again, submitted as-is. > > > Cheers ... > > Geoffrey Hyde > > > If you check the original message (raw format), I suspect what you'll find is a single tab character on the header line immediately following the Subject: header. The spamcop parser misinterprets this tab character as a "blank" line, and treats anything that follows the tab character as part of the message body instead of a continuation of the message header. I reported this problem to deputies a while back. I guess they haven't gotten around to fixing it yet. The problem doesn't have much of an effect on where reports are sent, it just makes the parser look kinda weird for such messages. Garen From g.hyde at bigpond.net.au Sat Mar 4 17:49:13 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Mar 4 02:50:08 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: "Petzl" wrote in message news:dubg4j$pb3$1@news.spamcop.net... > > "Geoffrey Hyde" wrote in message > news:dubaku$mho$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z890126486z8c06db28654b2d5f5143c0154580a556z > It is also a good idea to get a SpamCop email address the one bigpong > force on you is next to useless > Get the only Email address you will ever need > http://www.spamcop.net/ces/individuals.shtml If I want your recommendations for an email address I'm sure I'd know to ask. Thanks anyway, but at this stage in time I'm not interested in another email address to deal with. Cheers ... Geoffrey Hyde From scamper at trisk.com Sat Mar 4 02:23:46 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat Mar 4 04:25:05 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? In-Reply-To: References: Message-ID: Garen Erdoisa wrote: > Geoffrey Hyde wrote: >> http://www.spamcop.net/sc?id=z890126486z8c06db28654b2d5f5143c0154580a556z >> >> In the Outlook Express client I use, there was a Message ID and Date >> line that was displayed by Outlook Express for this spam. Spamcop >> didn't parse this part or munge anything to do with it, but is there >> anything a spammer can glean from these lines that would mean I'd have >> to cut it out of the message body? >> >> I'm hoping this is just more faked (and annoying) header lines, but >> I'm not sure so it was, again, submitted as-is. >> >> >> Cheers ... >> >> Geoffrey Hyde >> >> >> > > If you check the original message (raw format), I suspect what you'll > find is a single tab character on the header line immediately following > the Subject: header. > > The spamcop parser misinterprets this tab character as a "blank" line, > and treats anything that follows the tab character as part of the > message body instead of a continuation of the message header. > > I reported this problem to deputies a while back. I guess they haven't > gotten around to fixing it yet. The problem doesn't have much of an > effect on where reports are sent, it just makes the parser look kinda > weird for such messages. > > Garen Some additional info: For the record, the proper syntax for header folding is defined in RFC2822 para: 2.2.2 and 2.2.3 To re-verify that spamcop's parser is misinterpreting a single tab on a header line as a blank line, I just re-submitted a spam (and canceled the report) with a tab inserted after the Subject: header line As expected, spamcop's parser misinterpreted the tab as a blank line and treated the header lines following that tab as part of the message body for parsing purposes. Here is the tracker: http://members.spamcop.net/sc?id=z890177471zad74dde34e2fe3f4a7383bae6b0ee29bz RFC2822 para: 2.2.2 states that either a tab (ASCII 9) or white space (ASCII 32) are treated as "white space characters" for the purpose of header folding. RFC2822 para: 2.2.3 defines that using a CRLF followed by a White space character should be treated as "header folding". I suppose this spamcop parsing error could be abused by spammers, though I haven't seen any evidence of it thus far. It's probably only a matter of time. Garen From g.hyde at bigpond.net.au Sat Mar 4 21:38:48 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Mar 4 06:40:15 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: "Garen Erdoisa" wrote in message news:dubm7i$sma$1@news.spamcop.net... > Garen Erdoisa wrote: > Here is the tracker: > http://members.spamcop.net/sc?id=z890177471zad74dde34e2fe3f4a7383bae6b0ee29bz That tracking URL is something only you could view. I'd need to know your account/pwd. And I don't think that would be a good idea at all. Please post the TRACKING URL from the appropriate page if using that. > RFC2822 para: 2.2.2 states that either a tab (ASCII 9) or white space > (ASCII 32) are treated as "white space characters" for the purpose of > header folding. What I'd like to know is why it seems a lot of countries don't even know about RFC standards, let alone follow them, the same goes for software vendors and mailhost software programmers. > RFC2822 para: 2.2.3 defines that using a CRLF followed by a White space > character should be treated as "header folding". RFC this, RFC that - I believe one poster claimed that there was no such thing as "RFC" standards, cause they didn't actually exist or were not voted on. (Don't remember which, exactly.) > I suppose this spamcop parsing error could be abused by spammers, though I > haven't seen any evidence of it thus far. It's probably only a matter of > time. It may get abused insofar as the mailserver software (and the individual mailservers handling emails at various points) would allow it. And I'm sure if the spammers are found to be abusing it, that those people running SpamCop would eventually find out about it and alter their parsing algorithm to take it into account. Cheers ... Geoffrey Hyde From scamper at trisk.com Sat Mar 4 05:37:05 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat Mar 4 07:40:02 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > "Garen Erdoisa" wrote in message > news:dubm7i$sma$1@news.spamcop.net... >> Garen Erdoisa wrote: > >> Here is the tracker: >> http://members.spamcop.net/sc?id=z890177471zad74dde34e2fe3f4a7383bae6b0ee29bz > > That tracking URL is something only you could view. I'd need to know your > account/pwd. And I don't think that would be a good idea at all. Please > post the TRACKING URL from the appropriate page if using that. My bad. You can also just replace "members" with "www" to get a tracking URL that anyone can use when you see that. http://www.spamcop.net/sc?id=z890177471zad74dde34e2fe3f4a7383bae6b0ee29bz Regards; >[snip] Garen From uheep2 at comcast.net Sat Mar 4 09:04:21 2006 From: uheep2 at comcast.net (Alex Gitlin) Date: Sat Mar 4 09:05:03 2006 Subject: [SpamCop-List] what happens when I report spam? Message-ID: I would really like to know what happens when I report spam? Do authorities really go after the spammer? Are there any repercussions for the spammer? I've been filing reports for months through spamcop, but the amount of inbound spam has not decreased, although it's probably naive to assume that it would. And finally, can anyone tell me how I could block emails originating in certain parts of the world? Thanks in advance, Alex. From MikeE at ster.invalid Sat Mar 4 06:41:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 4 09:45:03 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: Message-ID: Alex Gitlin wrote: > I would really like to know what happens when I report spam? You are notifying the providers for the spamsource and the spamvertiser. You are also contributing the spamsource IP toward being listed in the SCbl, spamcop blocklist, a very dynamic blocklist of spamsources based on 5.3 million spams per week last week. The concept is that providers for spamsource should be motivated to stop the spamsourcing by their IP and that spamvertiser providers should be motivated to stop providing webspace to a spam supporter. In practice that rarely happens. > Do > authorities really go after the spammer? No. Spamcop is a parsing and reporting and blocklisting service, not an authority. It is also a mail service which provides filtering and facilitates reporting. > Are there any repercussions > for the spammer? 'Spammer' is a vague term in that context. Typically the 'spammer' - as in the injector of the email into the smtp stream toward your mailbox - isn't known at all. So I say spamsource, which is the IP to which the spam can be traced, and spamvertiser which is the site or other payload being promoted in the spam. There's an implication that since the spamvertiser benefits from the spam, that there must be some kind of spam support role there. These days the spamsource is most often a user IP which is proxified for abuse. These days the spamvertiser has a cozy relationship with the provider. > I've been filing reports for months through spamcop, but the amount of > inbound spam has not decreased, although it's probably naive to > assume that it would. There isn't anything about reporting spam that has much of a direct effect on reducing your spamload. Normally a spamcop report munges the To address and other parts that might disclose who is reporting. Sometimes some spam reporters handle their spam badly in order to report it and that bad handling can actually increase their spam. > And finally, can anyone tell me how I could block emails originating > in certain parts of the world? There are lists, such as blackholes.us and nerd-zz or xx.countries.nerd.dk which facilitate dnsbl blocking of the IP of many countries. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Sat Mar 4 09:25:33 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Sat Mar 4 10:30:03 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: Message-ID: "Alex Gitlin" wrote in message news:duc6p2$5u5$1@news.spamcop.net... >I would really like to know what happens when I report spam? Do >authorities really go after the spammer? Are there any repercussions for >the spammer? > > I've been filing reports for months through spamcop, but the amount of > inbound spam has not decreased, although it's probably naive to assume > that it would. > > And finally, can anyone tell me how I could block emails originating in > certain parts of the world? SpamCop simply sends a report to the spam source notifying about the offense. If you got a postcard in your mailbox from no one with legal authority in your area telling you to mow your lawn, do you go running over to your lawn mower? The report only has effect if the recipient is a responsible provider that actually wants to stop spam and has the resources available to do so. There are no cops at SpamCop. If you want the report to go somewhere that might actually have some legal affect against spammers, send a copy of the SpamCop report to the FTC at spam@uce.gov. SpamCop used to include sending them a copy but the FTC got so deluged that they requested SpamCop to cease sending them copies of spam, but you could send a copy to them. Obviously the FTC is a US gov't entity and can probably only go after an abuser using resources within the US. Go into Preferences in your SpamCop account and include any e-mail addresses that you want to include for recipients to get a copy of the spam report. By reporting to SpamCop, you help to update its blacklist. Same for other users reporting spam to SpamCop. That means the users are helping themselves to update the blacklist (and presumably you are using the SpamCop blacklist). You will have far more effect in updating the SpamCop blacklist than you will by reporting spam to the "authorities". -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From jg at coks.net Sat Mar 4 07:32:58 2006 From: jg at coks.net (jg) Date: Sat Mar 4 10:30:09 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: References: Message-ID: On 3/4/2006 6:41 AM Mike Easter scribbled: > There isn't anything about reporting spam that has much of a direct > effect on reducing your spamload. Normally a spamcop report munges the > To address and other parts that might disclose who is reporting. > Sometimes some spam reporters handle their spam badly in order to report > it and that bad handling can actually increase their spam. Along this line, I stopped reporting spam about a month or so ago. I had been getting upwards of 100 a day, usual flavor of meds, p&d, mort, etc. I ceased for a while since I found out my ISP (cox) was dropping all my outbound spam reports, making reporting via email to spamcop, the FDA, the SEC, etc. impossible. I intended to 1.) See if I could get cox to allow my reports out (haven't gotten a human being that understands the issue yet) 2.) Look into another alternative for an ISP - cox has the monopoly in my hood so cable is out if I change, which leaves me with SBC dsl or maybe someother, that someother not having shown up yet. I'd rather the someother than SBC since SBC is an alleged spam supporter and tied in with yahoo. Since stopping the reports, spam dropped to 2-3 a day at times, average 10-12 a day. Last week , I parsed a spam through SC to look up the sender and reported it via the web. Next day, I had 40 spam come in overnight. I get the feeliing there might be a relationship between reporting and spam volume but I don't know where it is... > >> And finally, can anyone tell me how I could block emails originating >> in certain parts of the world? > > There are lists, such as blackholes.us and nerd-zz or > xx.countries.nerd.dk which facilitate dnsbl blocking of the IP of many > countries. > A 3rd party prog like SpamPal can be used to filter out whole countries... From nospam at nospam.org Sat Mar 4 17:19:52 2006 From: nospam at nospam.org (Ejo) Date: Sat Mar 4 11:20:03 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: References: Message-ID: Alex Gitlin wrote: > I would really like to know what happens when I report spam? Do authorities > really go after the spammer? Are there any repercussions for the spammer? Your report may be used to maintain a blocklist of IP numbers that is used by many providers to determine whether an incoming mail is a spam. Authorities do usually not care about spamcop, the repercussions for the spammer is that his IP may be listed in the SC blocklist. > > I've been filing reports for months through spamcop, but the amount of > inbound spam has not decreased, although it's probably naive to assume that > it would. The answer is yes it sometimes help to report spam, but oftentimes I see no effect on the total amount of inbound spam. > > And finally, can anyone tell me how I could block emails originating in > certain parts of the world? Your mail server or client should do this, there are block lists for many countries. > > Thanks in advance, > Alex. Ejo From tmcgraw at spamcop.net Sat Mar 4 08:54:15 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Mar 4 11:55:03 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? In-Reply-To: References: Message-ID: Petzl wrote: >> > Please do not use a real email address in newsgroups unless it is a bullet > proof SpamCop one I was unaware of a "requirement" for email addresses used to post here. OTOH I have seen "friendly" advice offered to those who use real addys, solicited or not. For his part Geoffrey munged his "reply to" address - and most tests show that is the address most commonly lifted by spambots. From stephenbye at byedesign.freeserve.co.uk Sat Mar 4 19:10:35 2006 From: stephenbye at byedesign.freeserve.co.uk (Stephen Bye) Date: Sat Mar 4 14:15:16 2006 Subject: [SpamCop-List] Re: Funny - Chinese spam about Asian Flu References: Message-ID: "Redstone" wrote in message news:Xns977A871E1185Dtinlc@216.154.195.61... > > PT Barnum may be accurate. Think about the number of suckers dropping dead > due to the poisons that spammer drug products contain. > > > Buy a spamvertised product and you play with fire. > And it must be very risky indeed to buy prescription drugs from someone who can't spell! From kjz at despammed.com Sat Mar 4 20:22:05 2006 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Sat Mar 4 14:25:03 2006 Subject: [SpamCop-List] Spamcop capitulation before spammer? Message-ID: tracking URL: http://www.spamcop.net/sc?id=z887651010z7d46879cb764e39a8650fe111519594fz Report sent to: kuvayv-badcow@devnull.spamcop.net What's the meaning of this? Yes, it was clearly one of Leos medz spams. Has spamcop now capitulated before one of the biggest and worst spammers on this planet ('The Godfather of Spam') because he has found ABSOLUTELY bullet-proof hosting and every LART only will be a totally waste of time? - kjz From nobody at spamcop.net Sat Mar 4 12:53:49 2006 From: nobody at spamcop.net (N. Miller) Date: Sat Mar 4 15:55:15 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: <264m52d1fedy$.dlg@news.spamcop.net> On Sat, 04 Mar 2006 08:54:15 -0800, Tim McGraw wrote: > Petzl wrote: >> Please do not use a real email address in newsgroups unless it is a bullet >> proof SpamCop one > I was unaware of a "requirement" for email addresses used to post here. > OTOH I have seen "friendly" advice offered to those who use real addys, > solicited or not. > > For his part Geoffrey munged his "reply to" address - and most tests > show that is the address most commonly lifted by spambots. Actually, in my experience, it is the "From:" email address in NNTP headers which is lifted by the harvesters, not the "Reply-To:" email address. Most NNTP servers give up the "From:" email address in an XOVER command, but not the "Reply-To:" email address. My "Reply-To:" email address is not munged, and I have yet to get spam at that email address. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jeffg at spamcop.net Sat Mar 4 15:37:15 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Mar 4 16:00:02 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: Message-ID: jg wrote: > On 3/4/2006 6:41 AM Mike Easter scribbled: >> There isn't anything about reporting spam that has much of a direct >> effect on reducing your spamload. Normally a spamcop report munges >> the To address and other parts that might disclose who is reporting. >> Sometimes some spam reporters handle their spam badly in order to >> report it and that bad handling can actually increase their spam. > > Along this line, I stopped reporting spam about a month or so ago. I > had been getting upwards of 100 a day, usual flavor of meds, p&d, > mort, etc. I ceased for a while since I found out my ISP (cox) was > dropping all my outbound spam reports, making reporting via email to > spamcop, the FDA, > the SEC, etc. > impossible. I intended to 1.) See if I could get cox to allow my > reports out (haven't gotten a human being that understands the issue > yet) As I wrote in my reply to "E-Mail spam submittals blocked by your ISP" at http://forum.spamcop.net/forums/index.php?showtopic=2782&view=findpost&p=30553 , you may want to tell them (cox) simply "Since you insist that you are better at protecting me and the Internet from spam, starting tomorrow morning I will be sending you all the spam that you won't let me report via email to SpamCop, so that you may do a better job at reporting and filtering using that spam." -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jg at coks.net Sat Mar 4 13:57:58 2006 From: jg at coks.net (jg) Date: Sat Mar 4 16:55:04 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: References: Message-ID: On 3/4/2006 12:37 PM Jeff G. scribbled: > jg wrote: >> On 3/4/2006 6:41 AM Mike Easter scribbled: >>> There isn't anything about reporting spam that has much of a direct >>> effect on reducing your spamload. Normally a spamcop report munges >>> the To address and other parts that might disclose who is reporting. >>> Sometimes some spam reporters handle their spam badly in order to >>> report it and that bad handling can actually increase their spam. >> Along this line, I stopped reporting spam about a month or so ago. I >> had been getting upwards of 100 a day, usual flavor of meds, p&d, >> mort, etc. I ceased for a while since I found out my ISP (cox) was >> dropping all my outbound spam reports, making reporting via email to >> spamcop, the FDA, >> the SEC, etc. >> impossible. I intended to 1.) See if I could get cox to allow my >> reports out (haven't gotten a human being that understands the issue >> yet) > > As I wrote in my reply to "E-Mail spam submittals blocked by your ISP" > at > http://forum.spamcop.net/forums/index.php?showtopic=2782&view=findpost&p=30553 , > you may want to tell them (cox) simply "Since you insist that you are > better at protecting me and the Internet from spam, starting tomorrow > morning I will be sending you all the spam that you won't let me report > via email to SpamCop, so that you may do a better job at reporting and > filtering using that spam." > >From one Jeff G. to another, thanks for the input. Sorry I missed your post in the forum - I am sorta like Mike E. re: Fora - and I have seen enough on the subject via NNTP, save your suggestion, which while it may seem a good idea, my guess is it is likely to failure since I cannot send out /any/ spam, it seems, via fwrd. Then again, maybe cox will accept such if addressed to themselves - will give that a go. I like your approach - telling them verbally that I was going to move my account didn't phase them much... From jg at coks.net Sat Mar 4 14:02:58 2006 From: jg at coks.net (jg) Date: Sat Mar 4 17:00:03 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? In-Reply-To: References: Message-ID: On 3/4/2006 11:22 AM Karl-Josef Ziegler scribbled: > tracking URL: > > http://www.spamcop.net/sc?id=z887651010z7d46879cb764e39a8650fe111519594fz > > Report sent to: > > kuvayv-badcow@devnull.spamcop.net > > What's the meaning of this? Yes, it was clearly one of Leos medz spams. > Has spamcop now capitulated before one of the biggest and worst spammers > on this planet ('The Godfather of Spam') because he has found ABSOLUTELY > bullet-proof hosting and every LART only will be a totally waste of time? > > - kjz Capitulate from what? I know less than most on this subject, but seems to me that: 1.) Larting bad cow and the source is pretty much useless. 2.) devnull is for stats only, yes? What else can SC do - call out the Marines (I don't mean to be a smart ass here)? From kjz at despammed.com Sat Mar 4 23:18:29 2006 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Sat Mar 4 17:20:02 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? In-Reply-To: References: Message-ID: jg wrote: > I know less than most on this subject, but seems to me that: > 1.) Larting bad cow and the source is pretty much useless. > 2.) devnull is for stats only, yes? No upstream to lart? No authorities interested? http://www.ago.state.ma.us/sp.cfm?pageid=986&id=1502 There is a court order and spammy sent more spams as before? How powerful is the American justice? From jg at coks.net Sat Mar 4 14:30:18 2006 From: jg at coks.net (jg) Date: Sat Mar 4 17:30:03 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? In-Reply-To: References: Message-ID: On 3/4/2006 2:18 PM Karl-Josef Ziegler scribbled: > jg wrote: > >> I know less than most on this subject, but seems to me that: >> 1.) Larting bad cow and the source is pretty much useless. >> 2.) devnull is for stats only, yes? > > No upstream to lart? No authorities interested? For these guys, upstream doesn't seem to care - that is what the term "bulletproof" means. This gang has been at work for quite a while and no one seems to know what to do yet. > > http://www.ago.state.ma.us/sp.cfm?pageid=986&id=1502 So Leo moves to New Hampshire and listwashes Mass... > > There is a court order and spammy sent more spams as before? How > powerful is the American justice? About as powerful as ever - unfortunately, the system works 2 ways, and the accused can tie up the courts for years, something spammers are good at. One reason lawyers are 2nd only to spam in attracting hate... From not at home.today Sat Mar 4 22:31:29 2006 From: not at home.today (Ant) Date: Sat Mar 4 17:35:02 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: "Tim McGraw" wrote: > For his part Geoffrey munged his "reply to" address - and most tests > show that is the address most commonly lifted by spambots. Really? I've always understood it to be the "From". The reason being that "Reply-To" may not always be present, and some nntp header retrieval commands may not always include it. From tmcgraw at spamcop.net Sat Mar 4 15:03:20 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Mar 4 18:05:02 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? In-Reply-To: References: Message-ID: Ant wrote: > "Tim McGraw" wrote: > >> For his part Geoffrey munged his "reply to" address - and most tests >> show that is the address most commonly lifted by spambots. > > Really? No, not really. I mis-remembered a long-ago post on nanae. Mea culpa and all that. These days you can't be too careful and some light Googling reveals today's best practice is to munge anything that has an '@' sign. That said, I don't spend a lot of time obsessing over munging an address - no matter how hard you work to protect it, one of your bonehead "trusted" correspondents will eventually get an address-scraping virm. In fact, despite having an sc addy since 1998 I'm pretty indiscriminate with my email addresses (altho I use sneakemail when it makes sense). If we modify our behavior to the extreme then the terroris - er, I mean the spammers, have won. From nobody at spamcop.net Sat Mar 4 15:46:29 2006 From: nobody at spamcop.net (N. Miller) Date: Sat Mar 4 18:50:04 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: Message-ID: <5drrtb6r3knm.dlg@news.spamcop.net> On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: > Since stopping the reports, spam dropped to 2-3 a day at times, average > 10-12 a day. Last week , I parsed a spam through SC to look up the > sender and reported it via the web. > Next day, I had 40 spam come in overnight. > I get the feeliing there might be a relationship between reporting and > spam volume but I don't know where it is... Since I stopped sending "munged" reports, and allow SpamCop to send notifies without obfuscating user information in the spam, I have seen spam to two SBC Yahoo! DSL accounts drop by about 50%. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jg at coks.net Sat Mar 4 16:38:37 2006 From: jg at coks.net (jg) Date: Sat Mar 4 19:40:04 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: <5drrtb6r3knm.dlg@news.spamcop.net> References: <5drrtb6r3knm.dlg@news.spamcop.net> Message-ID: On 3/4/2006 3:46 PM N. Miller scribbled: > On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: > >> Since stopping the reports, spam dropped to 2-3 a day at times, average >> 10-12 a day. Last week , I parsed a spam through SC to look up the >> sender and reported it via the web. >> Next day, I had 40 spam come in overnight. >> I get the feeliing there might be a relationship between reporting and >> spam volume but I don't know where it is... > > Since I stopped sending "munged" reports, and allow SpamCop to send > notifies without obfuscating user information in the spam, I have seen spam > to two SBC Yahoo! DSL accounts drop by about 50%. > /Really/ - why would that be? and thanks for the thought... From nospam at nospam.org Sun Mar 5 02:13:39 2006 From: nospam at nospam.org (Ejo) Date: Sat Mar 4 20:15:03 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: <5drrtb6r3knm.dlg@news.spamcop.net> References: <5drrtb6r3knm.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: > >> Since stopping the reports, spam dropped to 2-3 a day at times, average >> 10-12 a day. Last week , I parsed a spam through SC to look up the >> sender and reported it via the web. >> Next day, I had 40 spam come in overnight. >> I get the feeliing there might be a relationship between reporting and >> spam volume but I don't know where it is... > > Since I stopped sending "munged" reports, and allow SpamCop to send > notifies without obfuscating user information in the spam, I have seen spam > to two SBC Yahoo! DSL accounts drop by about 50%. > What may be the case is that you inadvertently ended up at some digest that is causing spam in your inbox. If you report that type of spam then at least the digest administrators or their ISP are/is notified through spamcop, and sometimes you get off their digest distribution list which reduces the amount of incoming spam. But this is rare, for me this happened only once or twice in the last few years. I don't know why my name ends up in some digests, it may be a poor design of the subscriptions method, prone to being misused by pranksters. Actually, I don't care about the amount of incoming spam, it varies between 50 and 250 per day. What the heck, this is a few minutes of processing time, spampal and spamassissin are very efficient. What I more care about is a reduction of the amount of false positives, valid e-mails from colleagues at work or customers detected as spam which still happens with about 0.1% of all received e-mail. False negatives don't bother me that much, and they are the first on my list to be reported to spamcop. Ejo From uheep2 at comcast.net Sun Mar 5 00:22:09 2006 From: uheep2 at comcast.net (Alex Gitlin) Date: Sun Mar 5 00:25:16 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: Message-ID: Mike, Thanks for your detailed reply. > No. Spamcop is a parsing and reporting and blocklisting service, not an > authority. It is also a mail service which provides filtering and > facilitates reporting. More on this please: do I need to get a separate email account w/Spamcop (and if so, how) or would it work in conjunction with my ISP and current mail server? I'm on comcast, using Outlook Express. Not sure if I have any leverage at all to tell comcast to block out emails from certain IPs, let alone countries/continents... Alex From abuse at whathostingshould.be Sun Mar 5 00:23:56 2006 From: abuse at whathostingshould.be (Galen) Date: Sun Mar 5 00:25:30 2006 Subject: [SpamCop-List] Re: New spam-hosts are blocking spamcop DNS queries References: Message-ID: In news:du4d33$cpq$1@news.spamcop.net, Mike Easter had this to say: My reply is an Easter Egg: > I specifically blame the MS MVPs for the sad state of affairs in the > MS groups. Fine but let's be honest. I'll be honest with you. First, I've been missing - swamped with work so I'm late. Second, the addition of the new MVPs in mass amounts as of late has (and I'm trying to be both polite and honest) "watered down" the wine so to speak. *grins* I have a unique enough trait. I say it like it is while trying to be polite about it. Truth be told there have been some who've been awarded that, well, probably shouldn't have been in MY opinion and while they may be good in their fields they lack the awareness of Usenet that they should have had in MY opinion. So, to that, I say that I agree to some extent. *is on a new crusade - killing off some of the scamming web hosting companies - so has been swamped but has clients and not ONE spam complaint yet!* I am tired but happy. I'm running at a loss but, well, that's to be expected. No spammers though. ;) Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From / at /.cn Sun Mar 5 16:24:22 2006 From: / at /.cn (Petzl) Date: Sun Mar 5 00:25:36 2006 Subject: [SpamCop-List] Re: Should this be cut from the email before submitting? References: Message-ID: "Tim McGraw" wrote in message news:ducgnl$b9u$1@news.spamcop.net... > Petzl wrote: >>> >> Please do not use a real email address in newsgroups unless it is a >> bullet proof SpamCop one > > I was unaware of a "requirement" for email addresses used to post here. > OTOH I have seen "friendly" advice offered to those who use real addys, > solicited or not. > > For his part Geoffrey munged his "reply to" address - and most tests show > that is the address most commonly lifted by spambots. Most spambot/spiders just target the from address leaving the reply one alone (this is not always the case) From abuse at whathostingshould.be Sun Mar 5 02:21:07 2006 From: abuse at whathostingshould.be (Galen) Date: Sun Mar 5 02:25:17 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? References: Message-ID: In news:dud487$nbb$1@news.spamcop.net, jg had this to say: My reply is at the bottom of your sent message: > About as powerful as ever - unfortunately, the system works 2 ways, > and > the accused can tie up the courts for years, something spammers are > good at. One reason lawyers are 2nd only to spam in attracting hate... That URL was .ma.us? *grins* I own a few handguns and live just up the road in Maine. ;) Piss enough Mainers off and they'll generally take care of it. Ah well... -- http://www.whathostingshould.be - We are what hosting SHOULD be. From nospam at nospam.org Sun Mar 5 09:46:03 2006 From: nospam at nospam.org (Ejo) Date: Sun Mar 5 03:50:16 2006 Subject: [SpamCop-List] Re: what happens when I report spam? In-Reply-To: References: Message-ID: Alex Gitlin wrote: > Mike, > > Thanks for your detailed reply. > >> No. Spamcop is a parsing and reporting and blocklisting service, not an >> authority. It is also a mail service which provides filtering and >> facilitates reporting. > > More on this please: do I need to get a separate email account w/Spamcop > (and if so, how) or would it work in conjunction with my ISP and current > mail server? I'm on comcast, using Outlook Express. Not sure if I have any > leverage at all to tell comcast to block out emails from certain IPs, let > alone countries/continents... > > Alex > > Dear Alex I don't know what comcast e-mail servers do for you, it may be the case that there is blocklist information already in the header of your e-mail. Outlook normally doesn't show you the entire header, but I guess that it must be possible to design a filter in outlook that checks certain elements in the header. Perhaps consider to check http://ejos.blogspot.com/2005/11/why-do-we-get-spam-how-do-you-fight-it.html including other spam related articles in that blogspot. Whether you want spamcop to handle your mail is another question. This is a separate issue from using their blocklist, which is for free. It is also a separate issue from using their spam reporting service, which does require a subscription. Ejo From nobody at spamcop.net Sun Mar 5 01:49:09 2006 From: nobody at spamcop.net (N. Miller) Date: Sun Mar 5 04:50:48 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: <5drrtb6r3knm.dlg@news.spamcop.net> Message-ID: <1masqrm1yfkz5$.dlg@news.spamcop.net> On Sat, 04 Mar 2006 16:38:37 -0800, jg wrote: > On 3/4/2006 3:46 PM N. Miller scribbled: >> On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: >>> Since stopping the reports, spam dropped to 2-3 a day at times, average >>> 10-12 a day. Last week , I parsed a spam through SC to look up the >>> sender and reported it via the web. >>> Next day, I had 40 spam come in overnight. >>> I get the feeliing there might be a relationship between reporting and >>> spam volume but I don't know where it is... >> Since I stopped sending "munged" reports, and allow SpamCop to send >> notifies without obfuscating user information in the spam, I have seen spam >> to two SBC Yahoo! DSL accounts drop by about 50%. > /Really/ - why would that be? > and thanks for the thought... If you have a problem with listwashing, keep on sending munged reports! ;) -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun Mar 5 02:00:31 2006 From: nobody at spamcop.net (N. Miller) Date: Sun Mar 5 05:05:38 2006 Subject: [SpamCop-List] Re: what happens when I report spam? References: <5drrtb6r3knm.dlg@news.spamcop.net> Message-ID: On Sun, 05 Mar 2006 02:13:39 +0100, Ejo wrote: > N. Miller wrote: >> On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: >>> Since stopping the reports, spam dropped to 2-3 a day at times, average >>> 10-12 a day. Last week , I parsed a spam through SC to look up the >>> sender and reported it via the web. >>> Next day, I had 40 spam come in overnight. >>> I get the feeliing there might be a relationship between reporting and >>> spam volume but I don't know where it is... >> Since I stopped sending "munged" reports, and allow SpamCop to send >> notifies without obfuscating user information in the spam, I have seen spam >> to two SBC Yahoo! DSL accounts drop by about 50%. > What may be the case is that you inadvertently ended up at some digest > that is causing spam in your inbox. If you report that type of spam then > at least the digest administrators or their ISP are/is notified through > spamcop, and sometimes you get off their digest distribution list which > reduces the amount of incoming spam. But this is rare, for me this > happened only once or twice in the last few years. I don't know why my > name ends up in some digests, it may be a poor design of the > subscriptions method, prone to being misused by pranksters. > > Actually, I don't care about the amount of incoming spam, it varies > between 50 and 250 per day. What the heck, this is a few minutes of > processing time, spampal and spamassissin are very efficient. What I > more care about is a reduction of the amount of false positives, valid > e-mails from colleagues at work or customers detected as spam which > still happens with about 0.1% of all received e-mail. False negatives > don't bother me that much, and they are the first on my list to be > reported to spamcop. I has probably been about five years since I got on some kind of "digest" list. I believe it was from a mall contest entry; the spam suddenly started coming in just after using that email address; and it wasn't proxy spam. Since the spam was at a level I wasn't comfortable with, and I was about to ditch that account, I decided to try the unsubscribe links. They actually worked. After three months of SpamCop reports doing zip, three days of unsubscribes cut that account's spam volume by 80%. Most of the spam I see now is proxy spam. I decided to stop sending munged reports as a test. I suspect listwashing. In actual fact, I stopped trying to report all spam from those accounts, due to the volume, and only report what I felt I could handle in the time available. If I reported only false negatives, though, I'd be filing two, maybe three SpamCop complaints a week on those two 'pacbell.net' accounts. As it is, my total spam reports, to date, sent for two Juno accounts, two SBC ('pacbell.net') accounts, a MyRealBox account, and a Netscape Mail account come to: 35. For another Juno account, and my Dark Horse Comics email account: 77 and 48, respectively (for the year to date). The heaviest volume has been on two other 'pacbell.net' accounts. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From g.hyde at bigpond.net.au Sun Mar 5 21:35:03 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Mar 5 06:40:14 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? References: Message-ID: "Galen" wrote in message news:due3gg$745$1@news.spamcop.net... > That URL was .ma.us? *grins* I own a few handguns and live just up the > road in Maine. ;) Piss enough Mainers off and they'll generally take care > of it. (fiction) Now *that* would make for an interesting CSI programme! A serial killer that targets spammers. :D You could yet get some mileage out of these spammers! At their expense, fictionally, of course. (/fiction) The reality is that most spammers are as far away as possible from US shores ... Cheers ... Geoffrey Hyde From AHaumer_gmxnet at nopspam.invalid Sun Mar 5 13:33:28 2006 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Sun Mar 5 07:35:03 2006 Subject: [SpamCop-List] SC down? Message-ID: <440ADA98.F7B6E964@nopspam.invalid> sent a bunch of spam by mail about 6 hours ago, nothing happens ... SC reporting down? -- Toni From nospam at nospam.zootal.ihatespam.com Sun Mar 5 10:23:19 2006 From: nospam at nospam.zootal.ihatespam.com (Ook) Date: Sun Mar 5 13:30:10 2006 Subject: [SpamCop-List] Spamcop does not find url in spam? Message-ID: I posted the spam in spamcop.spam. Towards the bottom of the spam is a link. In the details of the parse I see: Resolving link obfuscation http://ca.geocities.com/timeworker7321/ And that it all. This is a valid link that forwards to http://www.brighterideaworks.com/lj/, which appears to be another money judgement processing site. Is spamcop missing this link, or am I not understanding what it is doing? From jeffg at spamcop.net Sun Mar 5 14:50:22 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sun Mar 5 14:55:03 2006 Subject: [SpamCop-List] Re: Spamcop does not find url in spam? References: Message-ID: Ook wrote: > Resolving link obfuscation > http://ca.geocities.com/timeworker7321/ > > And that it all... Is spamcop missing this link, or am > I not understanding what it is doing? Yes, the SpamCop Parser is missing this link, and many others of the form CC.geocities.com (where CC is a Country Code) or just geocities.com, and has been doing so for many months. The programmers are apparently aware of the problem, but haven't seen fit to fix it yet. :( More info in my "FAQ Entry: The Link Analysis Process" at http://forum.spamcop.net/forums/index.php?showtopic=4345 . -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From philip at pch.home.cs.vu.nl Sun Mar 5 23:50:56 2006 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Sun Mar 5 17:55:14 2006 Subject: [SpamCop-List] Re: Why not allow bounces? They are required by RFC822! References: <43FD963B.3607@xyzzy.claranet.de> Message-ID: <1al9lvr3g29ednrtvib80b5md0@inews_id.stereo.hq.phicoh.net> In article <43FD963B.3607@xyzzy.claranet.de>, Frank Ellermann wrote: >All it takes is one forwarder to see why: A sends to B, and B >forwards to C, a third party unrelated to B. > >B rejects 99% of all junk. 1 of 100 junk mails makes it to C. >C rejects 99% of all junk. Not the same 99% as B, therefore C >might reject some of the 1% slipping through B. > >If B gets the reject from C its SMTP session with A is history. >Therefore B is forced to create a bounce back to A, and this >can be backscatter if the Return-Path was forged. > >B cannot silently discard the mail as junk only because it was >rejected by C, this rejection can be something harmless like >"over quota". And then the legit sender A wants to know that >his mail didn't make it. In today's Internet there are a number of ways of dealing with this problem: 1) C never rejects a message forwarded by B. I do this with my ISP provided e-mail account. I forward all mail to my local mail server, and all mail gets accepted. 2) B rewrites the envelope from. 3) B only proxies for C, and does not actually relay (store and forward) the mail. 4) B stores the reject mail in a special place, suspends forwarding (generating 4xy error for incoming mail) and notifies C. There are probably lots of other options. I like options 1 and 3 best. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From nospam at nospam.zootal.ihatespam.com Sun Mar 5 16:15:34 2006 From: nospam at nospam.zootal.ihatespam.com (Ook) Date: Sun Mar 5 19:15:03 2006 Subject: [SpamCop-List] Dictionary attack is starting, what to do? Message-ID: I'm worried...I had to shut down my domain emberts.com because the spam inflow exceeded 5000 spams a day. Most of it was dictionary attack stuff - common names @emberts.com, rather then actual addresses that were in use. So, now I have another domain I use for email. A while ago I started to get spam to some of the legit names, I'm guessing that someone I corresponded with got a virus and I was in their address book. Now the spam inflow is starting to follow the same pattern, and I'm wondering how long before I hit the 5000 spams a day level and finally get so sick of it I move on to another domain. Spam filtering? Not an option - I've yet to find a product that can filter out 10 legit emails from 10,000 spams. Now what? How do you stop this from happening? From pantheus at suespammers.org Sun Mar 5 17:03:29 2006 From: pantheus at suespammers.org (Ken) Date: Sun Mar 5 20:05:04 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: On Sun, 05 Mar 2006 16:15:34 -0800, Ook wrote: > I'm worried...I had to shut down my domain emberts.com because the spam > inflow exceeded 5000 spams a day. Most of it was dictionary attack stuff - > common names @emberts.com, rather then actual addresses that were in use. > Spam filtering? Not an option - I've yet to find a product that can filter > out 10 legit emails from 10,000 spams. > > Now what? How do you stop this from happening? Go to your server config and STOP wildcard acceptance. Allow only the valid user names ! This might be your host's cPanel or setup screens, usually email handling. Wildcard open is dangerous! as you are seeing. Ken From scamper at trisk.com Sun Mar 5 18:15:03 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun Mar 5 20:15:02 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? In-Reply-To: References: Message-ID: Ook wrote: > I'm worried...I had to shut down my domain emberts.com because the spam > inflow exceeded 5000 spams a day. Most of it was dictionary attack stuff - > common names @emberts.com, rather then actual addresses that were in use. > > So, now I have another domain I use for email. A while ago I started to get > spam to some of the legit names, I'm guessing that someone I corresponded > with got a virus and I was in their address book. Now the spam inflow is > starting to follow the same pattern, and I'm wondering how long before I hit > the 5000 spams a day level and finally get so sick of it I move on to > another domain. > > Spam filtering? Not an option - I've yet to find a product that can filter > out 10 legit emails from 10,000 spams. > > Now what? How do you stop this from happening? > > I wouldn't rule out spam filtering as an option. You just have to maintain perspective and treat it as one of many tools in your spam fighting arsenal. You can't stop all of the attempts to send spam to you. I doubt anyone can do that at this point, short of giving up on email all together. However you can use various combinations of blocking, whitelisting and filtering to cut down on the volume you have to deal with as a human. Let the computer do the rest of the work. I personally have to deal with about 2000 spams a month hitting my own and my wife's email accounts. I have a friend that runs his own domain who also had a spam volume similar to yours, with give or take 10000 spams per day when he came to me for help with his spam filtering. (this was over 2 years ago). In the coarse of the last 30 months we've managed to cut that down to about 1500/day that he has to deal with on his domain. The stats are still dropping, abet slowly. This is the method I use, and it similar to the method I helped him get setup. 1) Configure your mail server to use SPF (Sender Policy Framework) to reject email that fails a sender policy check. I.E.: email with a forged from address. 2) Configure your mail server to reject emails sent to addresses that don't exist on your system. 3) If you choose to use DNS blocklists (optional) use the server access list to allow bypassing of those blocklists for addresses you specify. ie: abuse@, postmaster@, and any alias you wish to assign to forward to your real email address. example using sendmail access lists entries to have certain email bypass the DNS blocklists. /etc/mail/access Spam:abuse@example.com FRIEND Spam:postmaster@example.com FRIEND Spam:xalkdjfklar@example.com FRIEND /etc/aliases xalkdjfklar: realemailaddress This will allow you to use aliased email addresses to give out to various mailing lists you wish to receive email from, letting those lists get past the server blocks as an "authorized subscription" alias, while still honoring the server blocks for email that isn't in the list of exceptions. This also lets you track who is giving away your email addresses, since only you know who you gave the addresses to. It's also much easier to change access list entries for an alias to deny, then issue a new alias. I.E.: if the above alias were given out without your consent you could change the access list entry to something like this: /etc/mail/access To:xalkdjfklar@example.com ERROR:"550 Routing address disabled due to unauthorized disclosure to third parties" Then issue a new alias, and/or take the person to task for disclosing the address they were given. 4) for mail that gets past the server level blocks, run both Bayesian filtering and maybe some other filtering system to sort email into goodmail and various other folders for badmail. In my case, I use procmail as an MDA, and in my procmail scripts I have it using "bogofilter" (a Bayesian filter) to test incoming mail. Bayesian filters have to be trained, and it takes a while (about a month) to get them to a point where they can reliabally sort your goodmail from the spam. Once trained though, they do extremely well at sorting your mail and err on the side of putting spam in with your goodmail instead of the other way. With bogofilter, I have it set so that only email that scores as 99% likely to be spam gets flagged as such. Anything from 0% to 98.9% gets flagged as not-spam. After running it for over 2 years now, I have to retrain the filter maybe 2-3 times a month for spam that was incorrectly filed in with my goodmail. The last time I found goodmail in with the spam was over 6 months ago, and my whitelisting sorted that out. I also follow up the Bayesian filtering with custom procmail recipes that allow for white listing email from known good sources. Any email that isn't whitelisted and also is marked by the Bayesian filter as spam, gets fed to a spamfilter. In my case I use spambouncer because that set of filters is already based on procmail. But you could use just about any other filter you wish. If your spamfilter is capable of doing so, have it auto forward spam it detects on to a place like spamcop for further processing/reporting. Using this gauntlet of filtering techniques, the spam that actually makes it into my inbox is maybe 2-3 per month, and I haven't seen any goodmail get dropped into my spam folder now in the last several months, though I do scan the subject lines for goodmail before deleting it. Response from various filtering techniques can vary a lot, and nothing is perfect, since by it's very nature any spam filtering you do is going to be robotic. I know that my methods for fighting spam probably will not help the vast majority of people who have to rely on an email service provider. But since I do run my own domain, my spam fighting methods work for me, and have pretty much solved the problem for me and for my friend. Since you apparently run your own domain as well, I hope this helps you with your problem, or if not at least gives you some food for thought. There are more spam fighting methods out there than I could cover in a lifetime of study at this point. You pretty much just have to look over what is available then come up with something that works for you, probably involving at least some customization. I'm currently looking at setting up domain keys as well, since I see that more servers are starting to use domain keys to have their server sign outgoing email. Once setup, that will provide yet another tool in my spam fighting arsenal. Garen From tmcgraw at spamcop.net Sun Mar 5 19:14:58 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Mar 5 22:15:04 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route In-Reply-To: References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: USA Today wrote: > The 50-company coalition, which includes MoveOn.org Civic Action and the AFL-CIO, claim the service creates a "two-tiered Internet" in which affluent mass e-mailers pay an e-mail tax. (AOL on Friday said it will not charge legitimate non-profits and advocacy groups to have their e-mails certified and delivered. Related item: AOL won't charge non-profits for delivery of e-mail) > > > > "It's unfortunate MoveOn played it this way," Gingras says. "The folks who get beyond the rhetoric believe our technology is a sensible approach." http://www.usatoday.com/tech/news/computersecurity/2006-03-05-goodmail_x.htm From nobody at devnull.spamcop.net Mon Mar 6 12:30:52 2006 From: nobody at devnull.spamcop.net (Patto) Date: Sun Mar 5 22:35:03 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > The reality is that most spammers are as far away as possible from US shores > ... > > > Cheers ... > > Geoffrey Hyde Like in Florida...? From g.hyde at bigpond.net.au Mon Mar 6 13:47:38 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Mar 5 22:50:02 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? References: Message-ID: Last I checked, Florida was a part of the continental USA. Or are you alluding to something? Cheers ... Geoffrey Hyde "Patto" wrote in message news:dugad9$dhr$1@news.spamcop.net... > Geoffrey Hyde wrote: >> >> The reality is that most spammers are as far away as possible from US >> shores ... >> >> >> Cheers ... >> >> Geoffrey Hyde > > Like in Florida...? From nospam at nospam.zootal.ihatespam.com Sun Mar 5 20:23:15 2006 From: nospam at nospam.zootal.ihatespam.com (Ook) Date: Sun Mar 5 23:20:02 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: "Ken" wrote in message news:pan.2006.03.06.01.03.29.383134@suespammers.org... > On Sun, 05 Mar 2006 16:15:34 -0800, Ook wrote: > >> I'm worried...I had to shut down my domain emberts.com because the spam >> inflow exceeded 5000 spams a day. Most of it was dictionary attack >> stuff - >> common names @emberts.com, rather then actual addresses that were in use. > >> Spam filtering? Not an option - I've yet to find a product that can >> filter >> out 10 legit emails from 10,000 spams. >> >> Now what? How do you stop this from happening? > > Go to your server config and STOP wildcard acceptance. Allow only the > valid user names ! This might be your host's cPanel or setup screens, > usually email handling. Wildcard open is dangerous! as you are seeing. > > Ken > I hate to do this - I have maybe 50 different email addresses coming into the domain, and it would be a PITA to set a seperate account for each one. I may not have a choice, I think some spammer put my domain on one of those "million addresses" CDs. .....another domain shot to hell thanks to the spammers! From AHaumer_gmxnet at nopspam.invalid Mon Mar 6 07:08:43 2006 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Mon Mar 6 01:10:04 2006 Subject: [SpamCop-List] SC reporting down ? Message-ID: <440BD1EB.DC383C16@nopspam.invalid> sent a bunch of spam by mail about 6 hours ago, nothing happens ... is SC reporting down? -- Toni From g.hyde at bigpond.net.au Mon Mar 6 16:11:34 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon Mar 6 01:15:03 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: "Ook" wrote in message news:dugd81$fct$1@news.spamcop.net... > I hate to do this - I have maybe 50 different email addresses coming into > the domain, and it would be a PITA to set a seperate account for each one. > I may not have a choice, I think some spammer put my domain on one of > those "million addresses" CDs. .....another domain shot to hell > thanks to the spammers! You need to consider various forms of limiting the amount of addresses they can try at one go. Set a script up if your mailserver allows it that prevents any connection from trying (and thus possibly verifying) more than one email address every 2-5 minutes - at that rate they will take forever to try all of your possible addresses. If you've got sufficient understanding of scripting you could also set it to start rejecting any IP addresses that cumulatively ask for more than X addresses per hour/day/week. This will really get in the way of their attempts to harvest your addresses. You might notice a pattern in the servers trying addresses, if so, you can set a blocklist for the worst offenders. DO, however, setup your server to reject during the SMTP transaction, not to receive and forward on any messages back to supposed senders. That is called backscatter and is one of the worst possible forms of spam delivery, and it is considered abusive behaviour on the part of the server trying to send such messages, and it should never happen if your mailserver is properly setup to reject during the transaction. If you can configure it to, have it reject any servers which have bad HELOs or invalid names when looked up. Please note that I have not run a mailserver myself, however, I've seen other people telling mailserver owners to take security precautions such as these and I thought it would benefit you to know of them. I do not take responsibility for any inaccurate information and can not solve configuration problems. Cheers ... Geoffrey Hyde From markbuckles at spamcop.net Mon Mar 6 00:49:16 2006 From: markbuckles at spamcop.net (markbuckles@spamcop.net) Date: Mon Mar 6 03:50:12 2006 Subject: [SpamCop-List] Trash Folder Not Emptied Message-ID: Under Maintenance Operations, I have the Trash Folder set to be purged after one day, and for maintenance operations to be performed upon login, but the trash file never gets purged. Is there some other setting that must be selected? Thanks, Mark Buckles San Diego From markbuckles at spamcop.net Mon Mar 6 00:59:39 2006 From: markbuckles at spamcop.net (markbuckles@spamcop.net) Date: Mon Mar 6 04:00:03 2006 Subject: [SpamCop-List] Re: Trash Folder Not Emptied References: Message-ID: Oops I think I posted this to the wrong forum, sorry! On Mon, 06 Mar 2006 00:49:16 -0800, wrote: > Under Maintenance Operations, I have the Trash > Folder set to be purged after one day, and for > maintenance operations to be performed upon > login, but the trash file never gets purged. > > Is there some other setting that must be selected? > > Thanks, > Mark Buckles > San Diego -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ From nobody at nowhere.invalid Mon Mar 6 12:42:11 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Mar 6 06:45:04 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: On Sun, 5 Mar 2006 20:23:15 -0800, Ook coughed into spamcop and left this in : > I hate to do this - I have maybe 50 different email addresses coming into > the domain, and it would be a PITA to set a seperate account for each one. You don't have to. Simply create ONE account and make the 49 other addresses aliases of it. -- Steve A computer without Windows is like a chocolate cake without mustard From nobody at nowhere.invalid Mon Mar 6 12:46:04 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Mar 6 06:50:02 2006 Subject: [SpamCop-List] Re: Spamcop capitulation before spammer? References: Message-ID: Line order left the way you seem to like it... On Mon, 6 Mar 2006 13:47:38 +1000, Geoffrey Hyde coughed into spamcop and left this in : proportion of whom are in the USA. something like 200 "people" (I use the term loosely here), a large He's probably alluding to the fact that 90% of spam originates with > Last I checked, Florida was a part of the continental USA. Or are you > alluding to something? -- Steve From Nobody at SpamCop.devnull.diespammerdie.net Mon Mar 6 08:51:25 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Mar 6 09:55:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: <440C4C6D.6DE060D2@SpamCop.devnull.diespammerdie.net> Tim McGraw wrote: > > USA Today wrote: > > The 50-company coalition, which includes MoveOn.org Civic Action and the AFL-CIO, claim the service creates a "two-tiered Internet" in which affluent mass e-mailers pay an e-mail tax. (AOL on Friday said it will not charge legitimate non-profits and advocacy groups to have their e-mails certified and delivered. Related item: AOL won't charge non-profits for delivery of e-mail) > > > > > > > > "It's unfortunate MoveOn played it this way," Gingras says. "The folks who get beyond the rhetoric believe our technology is a sensible approach." > > http://www.usatoday.com/tech/news/computersecurity/2006-03-05-goodmail_x.htm [Quoting the article] "Goodmail has developed a system that guarantees delivery, with the cooperation of the ISP. Marketers are willing to pay for that," he says." This is two ISP's with 50% of the subscriber base, selling out their subscribers to the marketers. This is pay-to-spam, pre-sanctified by U-CAN-SPAM. And if you're a subscriber, too bad. You get your eyes spammed out, and if you don't like it, you can, as someone so eloquently put it, "vote with your feet." Except there'll be no other choices, when the commercial ISP's are all on board, and everyone else's access has been rolled up or shut out. It'll be just like cable TV, another "predators' ball" -- and I can't believe you're cheerleading these guys. Michael From vrapp at polyscience.com Mon Mar 6 10:52:21 2006 From: vrapp at polyscience.com (Vadim Rapp) Date: Mon Mar 6 11:55:02 2006 Subject: [SpamCop-List] usenet spam - why not report to senders isp Message-ID: http://www.spamcop.net/sc?id=z891585406zc98a2d46d659ddd07b9d1d5d9d0032a4z Usenet spam soliciting orders at sender's hotmail.co.uk address. Sc did not send report to hotmail. Shouldn't it? thanks, Vadim Rapp From tmcgraw at spamcop.net Mon Mar 6 09:28:08 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Mar 6 12:30:02 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route In-Reply-To: <440C4C6D.6DE060D2@SpamCop.devnull.diespammerdie.net> References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> <440C4C6D.6DE060D2@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: >> USA Today wrote: >>> The 50-company coalition, which includes MoveOn.org Civic Action and the AFL-CIO, claim the service creates a "two-tiered Internet" in which affluent mass e-mailers pay an e-mail tax. (AOL on Friday said it will not charge legitimate non-profits and advocacy groups to have their e-mails certified and delivered. Related item: AOL won't charge non-profits for delivery of e-mail) >>> >>> >>> >>> "It's unfortunate MoveOn played it this way," Gingras says. "The folks who get beyond the rhetoric believe our technology is a sensible approach." >> http://www.usatoday.com/tech/news/computersecurity/2006-03-05-goodmail_x.htm > > [Quoting the article] > > "Goodmail has developed a system that guarantees delivery, with the > cooperation of the ISP. Marketers are willing to pay for that," he > says." > > This is two ISP's with 50% of the subscriber base, selling out their > subscribers to the marketers. This is pay-to-spam, pre-sanctified by > U-CAN-SPAM. And if you're a subscriber, too bad. You get your eyes > spammed out, and if you don't like it, you can, as someone so eloquently > put it, "vote with your feet." "FACT: Spammers can not pay to reach AOL and Yahoo! email inboxes." http://www.goodmailsystems.com/certifiedmail/index.php Quite a few similarities between this and SenderBase, actually. > Except there'll be no other choices, when the commercial ISP's are all > on board, and everyone else's access has been rolled up or shut out. Fat chance. And quite a doomsday position IMHO. > It'll be just like cable TV, another "predators' ball" -- and I can't > believe you're cheerleading these guys. I'm not "cheerleading these guys" - I'm sickened over MoveOn, et.al. and their emotional pandering and outright lies. They do not understand what Goodmail does (and apparently neither do you). From nobody at devnull.spamcop.net Mon Mar 6 09:19:52 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Mar 6 12:30:08 2006 Subject: [SpamCop-List] What happens when I report spam without munging? References: <5drrtb6r3knm.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:5drrtb6r3knm.dlg@news.spamcop.net... > On Sat, 04 Mar 2006 07:32:58 -0800, jg wrote: > Since I stopped sending "munged" reports, and allow SpamCop to send > notifies without obfuscating user information in the spam, I have seen > spam > to two SBC Yahoo! DSL accounts drop by about 50%. Doing that is a bit of a gamble. You are letting multiple spam sources know that your email address is one that will get them reported. What will they do with that info? We know by experience that the vast majority of them will either ignore it or "listwash" - remove you from the list and keep spamming everyone else. We also know by anecdote that some spammers take revenge by mailbombing that address, using it as the "from" address in a spam run, etc. It is a question of balancing a good chance of a moderate benefit (less spam) with a small chance of a larger harm (revenge). Is it worth the risk? In my opinion, the answer is yes in cases where the name and email address don't identify you and you are willing to abandon it if needed, and no in cases where the address identifies your real name or is published many places and would be inconvenient to abandon. One could argue that allowing yourself to be listwashed is selfish - it reduces your spam without helping others. I don't see that as a valid criticism unless the critic is also willing to criticize anyone choosing to not report some spam. It should also be noted that even if you do choose to munge, the munging can't be perfect and some spammers will still be able to figure out who you are, thus putting you at a (smaller) risk of revenge. If even a small risk is unacceptable to you, you should report to spamcop without sending reports to any spam sources. G.M. (G u y M.) From bar_n0ne at hotmail.com Mon Mar 6 11:41:36 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Mar 6 12:45:03 2006 Subject: [SpamCop-List] Some spam stats from a large(ish) company Message-ID: Some stats from a large Multi-National employer which may be of interest, sorry to have to attach a small GIF. Basically since Dec 2005 incoming mail has increased from 4.5 to 6 MM messages per day (monthly averages of Dec, Jan. and Feb.) of which 74% gets a spam score of 90 and is silently dropped at the MTA's before the remaining 26% is passed on. They estimate that 50% of the remaining traffic is "legitimate" or "good" mail, and try to help the users configure spam filters on their MUA's to sort this remainder into junk and not-junk. By their estimates, then, some 86% of inbound mail is spam. Of course no one will ever know, since the supposed badmail is simply dropped on the floor, or to emphasize a point, 74% of mail is silently dropped at the MTA. (Yes, that means close to 4.5MM mails are simply "disappeared" daily.) I bet this is quite typical for this size of enterprise. begin 666 inmail.gif M1TE&.#=A-@&^`/<``````( ```" `(" ````@( `@ " @,# P,#-" 46'&A/(( #`U.F+#E2I"^?0DK7LPR@>/'COL:9DR9,6+ E3/;O'RY9&?-H#4#('5S;%Z7 M?!-#ABQYM>O7L&/+GDV[MNW;N'/KWLW[-6<$"8"O%M[[MM*G+Y/<*VV2H$J6 MI#9IDK2INJ;KV+-KW\Z]N_9)X"=)__>.79)Y2>33JU^?_;RF\>SCJY=^'KW\ M^]7SY^]N'7O_^P"6]YYYFZ"D%TVCB207064]5Y(420`AX8045FCAA1AFJ.&% M!'0(1(<@ABCBB"26:&*)$IZHXHHL@OAABS"*N.&,--9H8X52M.,<3*,MM9)! M+WDF28HQ%KDBD20B8N223#;IY)-0QDAAE$L"@CXSW$M]5@:D*C9DX D M5)8)8B(=*DD`FF:VZ>:;*6$60[$I4I>H@:F@V/FV200 MB=RHZ**,-NKHHY!JR*:A*@;B89];\DC*CC\V2%.AE$HIH200*I%$$E(HH>JJ MK+;JZJNPQO\JZZRTUFKKK;CF*L6NJ9HZ:8C !!NJG!XFHN5Q+@7ZW*"?DCDL MBQ(BL44KU+K21AMN7*OMMMQVZ^VWX(8K[KCDEFONN>%2J^ZZZE[;BB17`ALL M,,-:VJ&Q?FK*Z5*>[@7JLRH"@00`9-CRR\%_)*SPP@PW[/##$$J^^7_3)5*)XB$R"LAP.3@? ^--=L\\TXYZSS MSCSW[///0 (P;1]]\__-""#8W_8,,-EV=NL^XW=-ZS\ GK;@/N"K? M0@NWXXZTY[YS?L/QO/?N>^ _N,"YYBXD#KWAWH>^H%>+I62ZR*CCF^E8!;'N M7,HLO0Y[B+*3H? /&PR0L T#M `YY)(SFL)N, `7+ QTE@/;SA)V@Q;T+WD2 MV( &(MB"AF4N@0ISP0`XH+^=!6YA#006H9P/8.DS M&?L&XK[FA.EN79N?B(+PM?U)@ -W2!@'_UIP@QLP#'=&_$,0A5B"("81<#: M7!$MA[C:[6\#&T#>'UJP`3L<,7(),V##_M:"$E10@,93&/)TE[ *:A%W%2SB M$XOW@^ I; !93-@=+`V'EA<^*8;YF:)"J"0I^)9&?#@G PRW\[0\VD( 9 MA<@\_?VA?USD7_\&P,E+YF\`)=@?)V]W!TY&48T.+. O[ " /+9Q`PW[9/]< MP(%0NH"+^@ M@!;8P8P;J$$;QG<50-:K6#(4"0T-N2Q$XI!E.@Q"$AQYQ6M:S6H'-WS4 MIC"5P 3&JLD![!6JR:Q@29]Z39%*X!=GY>)3O8K,7^#Q#FWHXA^$2^T40[Q#27U3T;R;M9T2OA47_M7&3^0-I,EDP6;_]\JJE MO:E*M\K)O^7O;X[5'Q"7/PE-/VPQ?[9H ::9-CR6# "P?;OA %V@1T,>%LN_L$/&F!> M50?0X %H('\?_"46Y4G5&OR OV4=@0:\V (-+%.NL&3>3"OX7&NR=@"P'1U4 M!H*$^;%I;^'<$7RO)E_0*O61_$N>@3G,`F4R+V$LP%T-])N_&CRW?RPXL8F+ M!\D6C& $N'LQXG[+T.9J4)0#/5XT,3F *&-/_\25'*@/?N #96Z1NI#4GYT= MN$4L2D ">/[#E&_GP.6E5,>D2Q3L?HPI]VZ6G'4+4Y&1JL[1-DZ+5@1<[9[W MO_O=#X":IASF%/?!"R)P=_MC8/%\P.7(`7!POP,U[D@(.E9K6HV0+%Z8CU=" M+=X:BDC;F#TX1NQBWY*%;?AMBWJ@9N[X![TWO8R]SW.*7QXV!NW\,Q-<*,9+W@XVW2VT18Q*4QH MD?D.ZKZM%NVC4CH)8_\0N ?-QG*C+7S<+7^YP:^MP%]ME^\,6]G;O;W9- M?8X>^2&)_&_8\=!^(HPUMAE.<9]5[]I-%]S3A58[J)^;9Y7+7>>JOD JDNT/ M9 !")'H>*D8'N7W/+FK)R=ZR2A.8ZXB[7-4]%[@HVMQL$=]>WN_N;O#5<8I* MSQSO(@[WJ+_-!TCBBV&\KL^D8[OSNKLJ+G;6]C^(4?:@LY_DV589O, M\A^2R+P)E* $2+,CV.IH/;ZW^_6!MQF7$P?)"%IT`-W&HP_F[ ,66'D?RN,< M[C.N.)G><:+[U0!56U #_ST/]J#;`A*TUC1FOS?M_6Z6R4%>7V$V>* 23)C_ M'^Q X"W:8'F^+2"AQSIZ(U94C%3$G*AMWO"YNUQS"[,[Z")I33=P$FEU!F8) MTWLLX /G9T(U0V/%8S.]]UV:)T%M8 <1N%7[Y <*Z&O=%GW3US:GDUDB)WDD MYV_;IT-[(S--%4E9$UHQ0*B!SA5Y4M(LX)$U *2I$1EY +38T"Z4SLZ M: .WU (&A#PA5 ) Z#\NUVM&Z$L\^ -N5C.YI493Y4 CX$HRQ3R;`SG 1(.S MIC@LY3=_$%D9)E)U$ %V,(8<\#/15 M``9,4?5D"E,"' 13UN1 '&2$+W8X+Z8P*'5)&U4"*25"0[=V\[4WCE12;H!2_!1/JQ1/ MMC4!J82(&T!@?L!AV;1%7T9;D64+OE!;;"\\., MFK=5O;A!];1!,#4!=S !Q/_T2'X0@X+&4B-@!R[8!A\FE.P8`1$404#99IS4 M9!+89OX%374P`JNT/* 4.IZ44@S5!A/PB!%E5Z6U,$WE,9-U45HY`=2T51YC M![7$,#?9!IXH7!L`?QPD3)'U"S=UD13HEO6$4G!91FFX?!Y#DL5(AY%GAR&H M?8X',"7H"W!5`R7%`=F"4O$43S8Y`?[WEW_C@N/G!W7 24+YD_ESABG5/W;0 MF9.E`>G8B'[ `AO FAI 8*Q)7:O)F@+U6.[T!_YG5T"$D0@31CAY!]>D?A)F M!WM$8S_P0 MC3'X)21-0BP@9425P"W<2:7J:"$F!EV^A,`,127&1)-E!1#I2/"L P-V![H*1F^4=$@/-@ MY/8''+"&^F,#'/ \EX20_AA,E@E*=F"30R1/,_5 ? :8=B"8>6-]CW:'*WF> MPY*>*?<'NU<[R+-$P+E'U#-'%F<\6@2J!!G*CA^DO>8AO/41["&1!/O,P+"=3=V<[_P,P.5A7>"SW M<$L7=SJC<],W/T#UIT*GDLH(6CRJ:YC "0>:WF=:M:J6"3=&A4:B.DIE$Z.9+Z=:)Z?U0'=[ES/WXP!IDZ MF"''J2D9:;4*JM2FD+W)<=JZ0@JI,!H3.H_4K=LZKMSZ,-FZK>&*,-^IJ7XJ MJT,5J)7'DO.3!)M@,'9P"[^ KV\53&*I1/RJ,&TZ,6VZKZTX?L%D![[@"QOC M"[9@, =C"P?KL =S"Q2+KP>3D!MS87ZPL>+G!QICL.3GL0IYL/!V80F[,1N; MLG8@CBG;LN4W1I,U;_EJ"UK I]77KO_7AZ.?:F3KM 4;P 5 RP5;`+1;,+1" M6[1(6[1'F[1!F[1.Z[-;, 9C\+14Z[13Z[1<0 9D$+1$:[1=6[5@2[5+.[1A MZ[-85+9@>[1;J[1>N[0>ARC0JC[2.JO4VBR M%YQG`@!!T+=!``1]*R&! M&[@5\KB,)Y, .Y##% M5%S%5GS%6)S%6KS%7-S%7OS%8!S&8CS&9%S&7(R^,*+#=5B\M'J\%!PB07P/ MNW(/HS!]0! %6O"XI/"Z>L/$Q?''@!S(@CS(LW$`AGS(B)S(!X ;_XK, M&]* NB>BQ@(QMVS\O4R!OW L">VP!5IP#T><"/1Z#^]AQ/<&!)R,``=0#X[< MRJ[\RK UP`*20 M!(E@P)) "@E@Q,HV(JBLR]9\S=B$LO>/\/$[7#@_]W,A2W;FWTDJ"+'4B#''^XA6NT.N]WGWOWGACSWDB.V"*"*NT@XO4@"4GPQ(A,Z8"> MZJ]\Z(9^#J;0!;#>":;P#N; "9/ ">8PSW^](H(-VP\=K^(@+] MSGQN['Z.[+U=W,MMR(5NZ*]P"J;@"4S0Z-7^[.]P#_.-R);.S=[.(N >W9H] M[KQN*?9BUZ9^R,>N[NO>[NX.[Z?@"5Y0!54@Z]5.L[ZK-W&WNUI?MZ_\D MO;,L8M0H4NP,[]OLWN[N\ Y@[@E=0/%6X 77SNRN8 N('-S+O?'9_.]U?=YR MG7USOB+!@-1*O=0'<.Z[O;YJON9,W_1.K]]*'_7S/?53WN^)G-_SG>B=(.U5 MX FG\ [[;LBVL.66SNZU4 M7?M^6?@\\3^Y%+O!';@_4S;NQ"RWP3-]]OO G M3\\I[_"*3/53'^AEO]RN@._0W@6,W@5?3O/^MW2'T&^= MG\DV/2+S0NZ2,-_HKO=[K]#$W?>QG?E"[RL-\)SV[MAYS\\\SA@D_YS[W[%C[41)A0X<*#`P\,;+>-P$0"B2A> MO!AH(I!$[?[]0_#/GCV1'P&0*OGQ(TD`*E6.1" )"!",,VU>M#D3(\69DMK] M/-#NX<]V`XT>19I4Z5*F39T^A1I5:E)7KEZ]>W7JE*O6HJU4]D77KU['ETKYM]S9>O;C[RMRYB5V]=IL(S]2$H'O\2XZG MY8@"2C+HSF.P00:M@]"5+K+KP@NMQC)KH PE*\\\!Y]::[76*&HOKMGHBL^V MO7);<23\,-JDGE&DB&(FQ38Y8$8ID-!).2D^!#+(TUHALI5[7"E%-%=,Z8(* M)[L(*THA,TNOHA%K,O& D4A*\:Z5\M)MRQ;BTB05<0,S3'LD<0L)&+U('Y:OYY9Z,WJM;O@>X>8XV'77K^D"\: M?\3R*SJ?2]*GLA:USWV/DY[\__0W)58]:6()1$JR+@B5!CY%;WMKQ0/#X@FN=(4+4/)=][JW0J>0 M(H-ON5*)`JB2`8:P@".D6DYN(JM[R*]6"DR6LG@HD!>^\!X-M")3JJC#&2(J M:0]%TWAI"I,B&/=X^- =%5*,O)RDI,4 MGDW4QO^32VHJDP($(2?MDP`DCBP24A#*`<@QG!,^,8^_Q&8VM;E-;G;3F]\$ M)SM;3GO<,IQ04HT1^]A.:G4(` M73[BL-4IDV#,].3[H$D*+=3(CI+08R2-HD)(4I$5OW3@& 5"CDU(00CII$0E M% 4W1A*I@3!3`+=4NE*6MM2E+X5I3&4Z4YJVM)\W7=7?N)4$`"1!`2FU1Q)0 M$J;EK<0>""5A33:!@'N,8A218,S$'$:*WU"5JD[%JE,EM56NSBFK<7+4+QTU M5E*,E1.%^DHG'B6%( 1!"!]=0CN[0(9)8G624D# 7-BW);[_]M6O?P5L8 4[ M6,(*5C>'1>R72#(7!.!5J(?5VD&;^3Y8C8(4"[-C$"A%J4T(RK.?!6UH13M: MTI;6M*<-U!2FH"C64F$*2U""$I+05K=^=%&$"I06=-M0*=2GH(D%;G"%.USB M$O=JQ44LEQ#0+?D$++)&16H2P<8J=@BO,5.M*CZUNUWN8G.L<@-O>"U0 M80FP#<),VJH(2G!";KNLJU,GV9*30;:P]\5O?@MKW^,B5RXPV=))FJL^R,8D MH5="@A1FI ERD$U6$>UNA"6R5DG N=CBXFO.<<)"%C$TQAA=1 M1ZY"`[0#7DY(`A&1T,8XR&'A[FGS'M8JZ&]GO&4NV^>OR=7R;NQ1X\*MCR\Y M'A&/2CR*8#YXR&^6\(7!6XGRTE([5J!79][;B4UH0ASK>.4O=9C-*]>WRX=& M-' %RN61D'EU-QX)0F&7$P3"V=+QM2PWN4A#3M,0R8H*+WA+\=Y2=%J'UBD)27):0PBY$?>-1 ML77 QT'TTN#,](2+3$,O: _)VTNKJ.$KX5._9+FZ+LF_;L.UE?Q=H*&VJ[RA+M=%Y7PFS;]_L<][/VE`YS[+OVV!\BE<-Q[!WNO@QLVQE7. MDKS2%R\8!TF[C?OOH0:\10,G>$VD8/ WNS?AXJVSHK;W<]Z]4\@3YXO'[[$% MF-7JV =0S#U(D@21P#H^(;?'R =TV:J#9.1C'G.;`I4$C7N]5GAID['?#?4M MD&0+``@;W/.B<:'N/* 'V#D`#B!S1=,FQK-DK[ M^B5;*,C(H6[Z)(R$ZJ?G&E[_`7O ]YW,_\@6.)IS/A/#E_7PVC4K>.F6*#M? M+N&Z,FM8RVI6XV=3OOA$>L@!H%_ MXR:AU*?>GQ>6D-+V]T]_^NFO?V /M]@`)[";$SZ"(SY.J+[CVZ;H\SFYZ0)" M8;RND* )(;5)4D#IHT +M+ZLPCY64XG:,RK/8Q$0/+_Q$R $0#\1/,%:>S7R M`Y.0BS?7TPL/E+KU&[/,8T$1##/U,;::"\!E&D!FLQ$#-,#CJ\#O$B_R*B\F M4,+F([HAC#Y\RJKKLZ?L*RK/VSPP:1,;W#^^^"62N*RL`PD11+WO\T#S"ZIA M(XFO:PD$V )W:_^)^=N^$3R_=W,]W7.]F?L]FULF33"AJHFCMK@4($ CPBLQ M3JBJ[!(R0RS"; ,ZQANO1\PV!?2F*.2F*+2K>Z*\,.RMG:._O+C">R [SQ,) M#[P-O"L[>P@4P7$]M8.UVO,^O$.=L+FU+5F8*[.WCA(<4H ]4L"K-Z0Z[W.W M'^D_?\O#'B08EF$+&V&-LB& PR@;G2$^.3%$X^BJA,DTZG,4Y4/"QG,2)53" M(YL01FD4+CBK&.?E-LXNN ^3BE%HWK'C8O' M<%N1@O! #A2HM?,@O0JH)("YX/H_'B0@^T#&U8B>X"B,1""'!&@'4+.@GJ-+D9PNZB1$NC%-=;-URCM6&C2<5J-7K[ M+X%4B7O;M4?K"U-B'PYDM9H4"03@Q4GR((7T.^!KD8>Z=$^\^*V85)Z[3*R8 MG+?_3"["-$:C&DXD,(]:X)I@.HQ-5!6#B1XY*2MJ["HV(QO:"H+.="^QI )" M,;&QTJJL$@51`"L%M/^3(N2JL8*4E[S1VMM/:G$Y$JS/$[%)]XS/NNP++>NK MH PV7CN90E5/8@1.IO1!MYB9RYJFY4B"4:B'/D,3.U*"\KP3Y$B"2RU3L\+4 M3RU/&X7/N>11^U@)UZ/''/2O/'5--&Q/NM#1>HM'FJ3+N-1!`!10Z%JVFB@Q M_W 828@$=C"3:5*;P@/5.K'08U763Q55G.31FL0WNGC#0]TR=F.>V#RN/+6U M'@T)-&PW'D72:DG4PM35Q#F,_TB$J8P3Q\'*9777=V76.^R4`VB[K.LX4K"U MWJ)#SF,ZUUNZ+= X52VNS&NBD?L(!?7-L&E#O-N"8>/%;LG7;A&)\V2J@9+_ M6%-%MG%=TL#;5;:H(V'BIV*%3G@EV9*-E&9]"5TY*=_.BF#SI>#QK=I$P^ ,QN"%#$X14N 1Z=LKL9&L MA.#QM%W ->$45N$5-BW 7AF$8XV!%99[3I9H0+B'HY*PID& 6]N$?!N(@ M)BT7CN$B-F*E#%#KQ4L;]AO84-H'_MX>%N(IIN(J/BTB/N(LUF)QK=[291\F M'A'&D9F,;-?8M>(S1F,KQO_B+69C&)YA`]F$!$@`/K0CZ.3ACI)B/H;D2!YB'P7D2CXT049@%SFP MQXG4`Z@'F4B"ZY*$22@QR*S@4RY/W[+D5?:_',1D)>;836Z,DV"%46BJC]V) M=-7E7>;E7O;EAE&,7Q;F829F75:,8S[F8E;F7T[F83[F.Q782V;E594QO/Q MTH4T99-EJ6JAA_@/!<8I)2HA?AJ\<0[G<^ZGY[FIZTHO((WA0)UFXX)G+TMB M+XZT'\0)26B@>K '-&&<<@;H@!;H@380(!B8<+WDN8UGX:WG;!:\'):$.I9C M@J;_Z(JV:(R8RFOM+_WBZ([VZ(\.5W$;,VP&O'O>YFPQ#$G8!K(9IHMVZ9<. M:)N(YH6FZ59;+I).MH?.VYM8(ICVZ9\>O+(IDP("Z6K&2X4NXJ(^N=29U;QC M2%@VZ4+>EZEI::"VZJO>Z;\AC(\UZ)J:J7.N*73F)Z_V:B5ZJ93B%IP.OI.V M)*QVZ[=FCZJ1AFV("#JVZRF[Z[S6Z[WFZ[[VZ[\&[, 6;#K.IH[)F )G[4)!LK:6V6:L<6[=$F;??9VYWP M6X%N*\V6C5AMHT$&[=*6[=FF;=))[8ON6^(LO-86RDU2&VRV]NG0KNWA+N?; M?A;8P>&,,.Z SNV94 3>_O^@,EMKX;;HG@YH1$C7_B'NO"4`[$8$Z@;H]NCI MY-X@OR7OBLYMV'AN?D0?S\[IQ7[I=1Z\[R;G[1:1< [N=%9G< 9O9@MA(%AO M66UOZ19 X([OOTF$2-#EG$M7Y%B<70;JUG4?[-;E.LH9!:^CEZ;P2$B,#&>+ M8=()7:9OITW7B2YNC0!PZ!YP`WYO`W?IOU%I.MZ&T*EO3&$+;=@&J&%_IM-D$ M.MX$,K[H`^%L9"+P1>WO@8;:!(#R=BB';]ZGG*!LC7C&)""'AR (8_/=)HJ3 MJR3_@.VEZ"=/@/3ZC_32S+3AB)G0;9]P!U(0BBW0`M!M(>=4;:%:F"?2)ZT& M`LT,VIY:'.(,A!V##(' .P!@!="]AP3@A#)_'2$*<]6!XZB&ZTO?!'>0K:\$ MW0GMJ$K?L4V8A+)!<<5H!U)0@)T#]C&HA2T8C+21AI=VF';@EK#I*)X"@$F M3DD`]-F:A/X(FU8@`S*PA3% %2T@C$ H\@/23*?;*1M1K;A3@#;A!&F/F2 0 M:G>X=6V7@E;@12G0]5".[RQ)-]_^;)T&:JAMAR#8*:,GE=M(5?6E?'AQ_;W%4C^EE MA_:=Z[A[,$XR$ BF_XW^2-=M((Q0A_@#4(!)LO>@H*9@^!\S=QBHV[E B?J1 MT\5#YH:9D2T<`8 (,'D$G?B3@O2 +G>F"@I2F)DF8KI6D (),,XM,!)]$H[B M*WF3)X.&-1+0)06DO^&AK\>3,?KI?G6E;_:SC8 #2'EB;Q.]X1;_H./^TV3=HD2D*(C0 MJM466QB3*$T2\RK61 )SMOOW[\ _>_;">@5 BJQ7KV,!I$TK-H$D`D"PTJUK M$$@02>VD\-TII14K+1&V;$DRZMZFPYIPYDS2[IZ63?>6;B*U14N[=I'FVK6+ M,]*XC:3_#B31PHKP@:51[B7)V&X28R"2BA*^1XI4*RU:2)&+V_DW@43DVB4I MGB31IG8\>TK8@N T*588@0!((JG>J-H56_$\3(HS<+I:Y3KV"E8L6K-HW?YC MVS:L/;ARP]._JS/!\'8'1JE4>J_5?DEH\E@]Q &1R(% ;%)@9ILHF%H[Y#B( MR'CU'813(N,D\%@[1#V6&E_U),&5)#@%D=,F"=RC7W$',+C->(%8&%,BVY # M!!*,"3?99%I(40\K*XXRXHA<9391=:.MV$Z),]*X57E?P9?>66.UM=9[\-D3 M%WA.`@=$( E-(@F9."&1!%]::)($$DA$0>:(%087"9F2&&>=_YTY=NGE5C@F M0J>=QDE!)E]1W*E((@B:B*>=.%FGB21R\HE0(D7.E1-(@;Y99W&Q,1IH3G4V M.JE!,LJ52%?_(#"EE>I9R9Y[5XK%):GAA9EH(+$UQJ:G11J4:*6]MKGGI&8> METBNC-VIZX&2$G"KL,36*E BB# VT*[*&F=JG\$E&MNMR4X[D*D'IKHJ>JU6 M^1Z6[,XZW[AT<7N7KMCB=!6SU\8KE[[VQD;?O_L2U&^?74HKL%WEHNH5NF.I MNYY:[64IUI;P(EQ7(/,2E&A!SEZ,U<'U<M> M*;&[%8?,\I'4#5,),5FQNO7NV7'+/3?=I6ZU,-5D M/;R62BIA-*5:"!S@6]V%&WXXSSF1,]8!#K=EM:QNJQ6?-'(ZC3CFF6N.5<:! MY)5JXQ!#_AX`J[(KW^:IJ[XZ3!D[>H]Y$:=E-<6M9@G?)EJ-YS'K.@-[>>^J M=Y[(B4IT94_HKQ)-EN 3'8 ``,IK66*^U5M_/?;9:[\]]]U[_SWXX8L_/OGA M:Q066*(7'7&L5E+L$9V)BCH__?7;?S_^^0.;4/[]^^]_H@#UOP$2<'\$/. ! M]V= !#*03(K_4(02E "2>XC%=,JCG?NPEK4$<+"#'OP@"$,HPA&2L(0F/"$* M4ZC"%;*PA2Y\(0Q?Z#R'67!MTFN7N]AVNQWRL(<^_"$0@RC$(1*QB$8\(A*3 MJ$0AUJZ&>P.<6-B"GK_.,3:26]Y8QD%&M%H MDQN&48QB)*,;C4BQF<5QAV1L8QU[>, References: Message-ID: Vadim Rapp wrote: > http://www.spamcop.net/sc?id=z891585406zc98a2d46d659ddd07b9d1d5d9d0032a4z > > Usenet spam soliciting orders at sender's hotmail.co.uk address. Sc did > not send report to hotmail. Shouldn't it? > Spamcop no longer sends reports in respect of email addresses found within the body of spam emails - for very good reasons: Many spammers insert the recipient's address into their messages (as in "This message was sent to you-at-domain" or "Dear you-at-domain"). Cases where the email address in the message actually belongs to the spammer are very rare. You can always send a report manually... that's what I would do. From nobody at devnull.spamcop.net Mon Mar 6 10:01:31 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Mar 6 13:10:08 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: "Jeff G." wrote in message news:du5st3$asp$1@news.spamcop.net... > Anonymous wrote: >> "Jeff G." wrote in message >> news:du4u1j$n0d$1@news.spamcop.net... >> >>> Anonymous wrote: >>> >>>> I am having a hard time figuring out how the spammer or the virus >>>> above knows what the email address of the spamtrap is. When >>>> SpamCop chooses an email address for a spamtrap, don't they >>>> pick something difficult to guess? >>> >>> Yes, but then they seed the addresses in places that include hidden >>> areas on web pages, where humans aren't supposed to look. >> >> Correct me if my thinking has gone awry here... >> >> The above seems to imply that anyone who comes here complaining >> about how "somehow" he ended up with such spamtraps on his >> mailing list either ran a spambot that searches webpages for email >> addresses, or he bought a list from somebody who ran a spambot >> that searches webpages for email addresses. Such a spambot will >> find spamtraps, but they will be hidden in a crowd among a much >> larger number of non-spamtrap addresses. Thus I find it hard to >> believe that someone sneaky subscribed a spamtrap address >> (leaving aside the fact that such an address wouldn't respond to >> a confirmation email and thus would take itself of a well-managed >> list) or hard-coded the spamtrap address into a virus -- how would >> they know which address in their collection is the spamtrap? I also >> find it hard to believe that a virus got the spamtrap address from >> an outlook contacts list - how could it have gotten there? >> >> Am I thinking correctly here or am I missing something? > > Please consider the following scenario: > Reporter A visits a particular page on a SpamCop website which contains > a particular Spamtrap Email Address A. > The page is cached on Reporter A's hard disk. > Thief A develops or modifies Worm A that can send Thief A personal > information from the hard disks of infected people. > Reporter A gets infected with Worm A. > Worm A sends Spamtrap Email Address A (among other data) to Thief A. > Thief A sells Spamtrap Email Address A (among the email addresses > collected) to Listdealer A. > Listdealer A adds Spamtrap Email Address A to List A and then "cleans" > List A by verifying that email messages to the list members would not > immediately produce 500-series errors. > An overaggressive sales weenie at Listdealer A sells List A to an > overaggressive marketing weenie at Customer A of Anonymous as confirmed > opt-in email addresses, using some mixture of lies, winks, and nudges. > Both weenies get rewarded for their aggressiveness. > Customer A sends an email campaign to List A sourced at IP Address A, > including ...(among the other email addresses collected)... >Spamtrap Email Address A. > Spamtrap Email Address A receives one of the messages and causes IP > Address A to be listed by the SCBL (or causes the existing listing to be > extended to 24 hours from receipt). > Ideally, Customer A gets terminated or at least fined, ISP A gets > cleanup fees, both weenies get fired and/or taught lessons, and Thief A > and Listdealer A get investigated. Ah. Thief A can use a worm instead of a website-spidering spambot. The spamtrap addresses are still lost in a crowd of non-spamtrap addresses, though. > Alternatively: > Customer A runs Insecure Mailing List A, allowing web-based signups > without confirmation. > Ruthless Competitor A learns of Customer A's practices, and > forge-subscribes Spamtrap Email Address A to Insecure Mailing List A. It seems to me that he can only forge-subscribe the crowd of non-spamtrap addresses that the spamtrap addresses are hidden in. To specfically forge-subscribe a spamtrap address, he has to know what that address is, and he has no way of knowing that. All methods for finding spamtrap addresses discussed so far also find many more non-spamtrap addresses, with no way to differentiate between the two. > Customer A sends an email campaign to Insecure Mailing List A sourced at > IP Address A, including Spamtrap Email Address A. ...(among the other email addresses collected)... > Spamtrap Email Address A receives one of the messages and causes IP > Address A to be listed by the SCBL (or causes the existing listing to be > extended to 24 hours from receipt). > Ideally, Customer A gets terminated or at least fined, ISP A gets > cleanup fees, and Ruthless Competitor A gets investigated. ...especially because he had to have spammed the crowd of non-spamtraps that the spamtraps are hidden among, and many of those are real people who never asked to be on the list. Any way you look at it, if your mailing list contains spamtraps that didn't subscribe (spamtraps never do) it almost certainly contains many more non-spamtraps that didn't subscribe. G.M. From nousenetspam at zootal.nospam.com Mon Mar 6 10:16:34 2006 From: nousenetspam at zootal.nospam.com (Matthew L Reed) Date: Mon Mar 6 13:20:02 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: "Steven Maesslein" wrote in message news:slrne0o80j.56c.nobody@127.0.0.1... > On Sun, 5 Mar 2006 20:23:15 -0800, Ook coughed into spamcop and left > this in : > >> I hate to do this - I have maybe 50 different email addresses coming into >> the domain, and it would be a PITA to set a seperate account for each >> one. > > You don't have to. Simply create ONE account and make the 49 other > addresses aliases of it. > Looks like I'll be doing this real soon. Today's spam intake is at a record high, and it's only 10am. I think the spam flood gates are about to open up, I've been watching the spam intake grow geometrically for the last week. And people wonder why we hate spammers so much...grumble...I'd like to find out who is responsible for the distribution of my domain to the spam lists and....well...this is probalby not a good place to discuss what I'd like to do, but I guarantee it would not be pleasant . From jeffg at spamcop.net Mon Mar 6 13:30:35 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 13:35:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Anonymous wrote: > "Jeff G." wrote in message > news:du5st3$asp$1@news.spamcop.net... >> Alternatively: >> Customer A runs Insecure Mailing List A, allowing web-based signups >> without confirmation. >> Ruthless Competitor A learns of Customer A's practices, and >> forge-subscribes Spamtrap Email Address A to Insecure Mailing List A. > > It seems to me that he can only forge-subscribe the crowd of > non-spamtrap addresses that the spamtrap addresses are hidden in. To > specfically forge-subscribe a spamtrap address, he has to know what > that address > is, and he has no way of knowing that. All methods for finding > spamtrap addresses discussed so far also find many more non-spamtrap > addresses, with no way to differentiate between the two. It appears that some of the addresses are easier to find than you have been led to believe. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at devnull.spamcop.net Mon Mar 6 10:55:55 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Mar 6 14:00:02 2006 Subject: [SpamCop-List] RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Jeff G." wrote in message news:du5r4v$9t6$1@news.spamcop.net... > RFC2142 is not quite > internally consistent enough and was not quite spellchecked enough. > > RFC2142 Section 1 specifically states that "if a given service is > offerred[sic], then the associated mailbox name(es)[sic] must be > supported, resulting in delivery to a recipient appropriate for the > referenced service or role." So, if an organization offers web service, > it must have a working webmaster@, if it offers to sell, it must have a > working sales@, and if it offers support, it must have a working > support@. Leaving aside the fact that the world has changed since 1997 and that section 9 (Security Considerations) foresees the current situation where a working postmaster@ address is flooded with spam, I would argue that there is a current de-facto standard, and that it is contained not in RFC 2142 but rather in the "Listing Policy" section at [ http://www.rfc-ignorant.org/ ]. Note that RFC-Ignorant references RFC 2142 at http://www.rfc-ignorant.org/rfcs/rfc2142.php but only requires that the highlighted portions be obeyed. There is a good reason why there needs to be an abuse@ address; abusability. If someone at example.com is abusing email, Usenet, etc., one shouldn't have to wonder where to send an abuse report. Likewise for Postmaster and technical issues. The reason why anyone should be required to maintain a sales@ email address is far less clear. The RFC system shouldn't tell someone how to operate their business, and if they only want to accept web or phone enquiries, that is -- literally -- their business. G.M. (G u y M a c o n) From nobody at devnull.spamcop.net Mon Mar 6 11:34:42 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Mar 6 14:40:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: "Jeff G." wrote in message news:duhv5d$fmf$1@news.spamcop.net... > Anonymous wrote: >> "Jeff G." wrote in message >> news:du5st3$asp$1@news.spamcop.net... >>> Alternatively: >>> Customer A runs Insecure Mailing List A, allowing web-based signups >>> without confirmation. >>> Ruthless Competitor A learns of Customer A's practices, and >>> forge-subscribes Spamtrap Email Address A to Insecure Mailing List A. >> >> It seems to me that he can only forge-subscribe the crowd of >> non-spamtrap addresses that the spamtrap addresses are hidden in. To >> specfically forge-subscribe a spamtrap address, he has to know what >> that address >> is, and he has no way of knowing that. All methods for finding >> spamtrap addresses discussed so far also find many more non-spamtrap >> addresses, with no way to differentiate between the two. > > It appears that some of the addresses are easier to find than you have > been led to believe. Easier to find than all the non-spamtrap mailtos on the web, or are you talking about some as-yet-undefined way that a spambot/virus/human can differentiate a spamtrap address from a non-spamtrap address? I don't think that spamtraps are hard to find. I think that spamtrap addresses are hard to identify. That makes them hard to find without also finding a much larger number of non-spamtrap addresses. G.M. From jeffg at spamcop.net Mon Mar 6 14:44:52 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 14:45:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly References: Message-ID: Anonymous wrote: > "Jeff G." wrote in message > news:duhv5d$fmf$1@news.spamcop.net... >> Anonymous wrote: >>> "Jeff G." wrote in message >>> news:du5st3$asp$1@news.spamcop.net... >>>> Alternatively: >>>> Customer A runs Insecure Mailing List A, allowing web-based signups >>>> without confirmation. >>>> Ruthless Competitor A learns of Customer A's practices, and >>>> forge-subscribes Spamtrap Email Address A to Insecure Mailing List >>>> A. >>> >>> It seems to me that he can only forge-subscribe the crowd of >>> non-spamtrap addresses that the spamtrap addresses are hidden in. >>> To specfically forge-subscribe a spamtrap address, he has to know >>> what that address >>> is, and he has no way of knowing that. All methods for finding >>> spamtrap addresses discussed so far also find many more non-spamtrap >>> addresses, with no way to differentiate between the two. >> >> It appears that some of the addresses are easier to find than you >> have been led to believe. > > Easier to find than all the non-spamtrap mailtos on the web, Yes. > or are > you talking about some as-yet-undefined way that a spambot/virus/human > can differentiate a spamtrap address from a non-spamtrap address? Yes, I am. A human-identifiable spamtrap address. > I don't think that spamtraps are hard to find. I think that spamtrap > addresses are hard to identify. That makes them hard to find without > also finding a much larger number of non-spamtrap addresses. Then you appear not to be looking hard enough. I'd rather not expose them by spelling out in excruciating detail how to find them. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Mar 6 14:58:24 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 15:00:04 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: Anonymous wrote: > "Jeff G." wrote in message > news:du5r4v$9t6$1@news.spamcop.net... > >> RFC2142 is not quite >> internally consistent enough and was not quite spellchecked enough. >> >> RFC2142 Section 1 specifically states that "if a given service is >> offerred[sic], then the associated mailbox name(es)[sic] must be >> supported, resulting in delivery to a recipient appropriate for the >> referenced service or role." So, if an organization offers web >> service, it must have a working webmaster@, if it offers to sell, it >> must have a working sales@, and if it offers support, it must have a >> working support@. > > Leaving aside the fact that the world has changed since 1997 and > that section 9 (Security Considerations) foresees the current > situation where a working postmaster@ address is flooded with spam, > I would argue that there is a current de-facto standard, and that > it is contained not in RFC 2142 but rather in the "Listing Policy" > section at [ http://www.rfc-ignorant.org/ ]. Note that RFC-Ignorant > references RFC 2142 at http://www.rfc-ignorant.org/rfcs/rfc2142.php > but only requires that the highlighted portions be obeyed. That's just for their abuse zone. They could easily have webmaster, sales, and support zones if a few people were able to convince Derek that they needed it. > There is a good reason why there needs to be an abuse@ address; > abusability. If someone at example.com is abusing email, Usenet, > etc., one shouldn't have to wonder where to send an abuse report. > Likewise for Postmaster and technical issues. The reason why > anyone should be required to maintain a sales@ email address is > far less clear. The RFC system shouldn't tell someone how to > operate their business, and if they only want to accept web > or phone enquiries, that is -- literally -- their business. I'm not telling you how to operate your business, but I wouldn't turn away potential customers emailing sales@, current customers emailing support@, and dead link reporters emailing webmaster@ if I were you. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at nowhere.invalid Mon Mar 6 21:14:30 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Mar 6 15:15:03 2006 Subject: [SpamCop-List] Re: Some spam stats from a large(ish) company References: Message-ID: On Mon, 6 Mar 2006 11:41:36 -0600, Berny coughed into spamcop and left this in : > begin 666 inmail.gif > M1TE&.#=A-@&^`/<``````( ```" `(" ````@( `@ " @,# P,# M`& @`( @`* @`, @`. @``! `"! `$! `&! `(! `*! `,! `.! ``!@`"!@ > ... Please do not send binaries to this newsgroup. -- Steve From nobody at nowhere.invalid Mon Mar 6 21:16:18 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Mar 6 15:20:02 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: On Mon, 6 Mar 2006 10:16:34 -0800, Matthew L Reed coughed into spamcop and left this in : > And people wonder why we hate spammers so much...grumble...I'd like to find > out who is responsible for the distribution of my domain to the spam lists Verislime. If it's a .com or .net domain, anyone can download the full list of currently registered domains from verislime. -- Steve From bar_n0ne at hotmail.com Mon Mar 6 15:06:11 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Mar 6 16:10:02 2006 Subject: [SpamCop-List] Re: Some spam stats from a large(ish) company References: Message-ID: "Steven Maesslein" wrote in message news:slrne0p616.d7c.nobody@127.0.0.1... > On Mon, 6 Mar 2006 11:41:36 -0600, Berny coughed into spamcop and left > this in : > > > begin 666 inmail.gif > > M1TE&.#=A-@&^`/<``````( ```" `(" ````@( `@ " @,# P,# > M`& @`( @`* @`, @`. @``! `"! `$! `&! `(! `*! `,! `.! ``!@`"!@ > > ... > > Please do not send binaries to this newsgroup. > > -- > Steve Apologies. Generally I don't, this one was small, and no link to the graph was available, I suppose I could have presented the graph as a table. (below) Data are: Month Daily Email Volume (Millions) Dec. 05 4.5 Jan. 06 5 Feb. 06 6 From pantheus at suespammers.org Mon Mar 6 14:18:15 2006 From: pantheus at suespammers.org (Ken) Date: Mon Mar 6 17:20:03 2006 Subject: [SpamCop-List] Re: Dictionary attack is starting, what to do? References: Message-ID: On Mon, 06 Mar 2006 21:16:18 +0100, Steven Maesslein wrote: > On Mon, 6 Mar 2006 10:16:34 -0800, Matthew L Reed coughed into spamcop > and left this in : > >> And people wonder why we hate spammers so much...grumble...I'd like to find >> out who is responsible for the distribution of my domain to the spam lists > > Verislime. > > If it's a .com or .net domain, anyone can download the full list of > currently registered domains from verislime. Gee, One might wonder if the sale of Verisign to PayPal had anything to do with it... From dfm2a3l0t2 at spymac.com Mon Mar 6 18:17:33 2006 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Mar 6 18:20:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> <440C4C6D.6DE060D2@SpamCop.devnull.diespammerdie.net> Message-ID: In article , Tim McGraw wrote: > "FACT: Spammers can not pay to reach AOL and Yahoo! email inboxes." > http://www.goodmailsystems.com/certifiedmail/index.php "The Goodmail service will NOT increase the amount of spam consumers receive. CertifiedEmail messages will be delivered only from senders that have obtained prior permission from recipients. CertifiedEmail is only for permissioned email from accredited senders who must meet strict qualifying criteria ..." Their check cleared. -- D.F. Manno dfm2a3l0t2@spymac.com In the republic of mediocrity genius is dangerous. (Robert G. Ingersoll) From nobody at devnull.spamcop.net Mon Mar 6 13:03:38 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Mar 6 19:05:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Jeff G." wrote in message news:dui491$ir2$1@news.spamcop.net... > Anonymous wrote: >> I would argue that there is a current de-facto standard, and that >> it is contained not in RFC 2142 but rather in the "Listing Policy" >> section at [ http://www.rfc-ignorant.org/ ]. Note that RFC-Ignorant >> references RFC 2142 at http://www.rfc-ignorant.org/rfcs/rfc2142.php >> but only requires that the highlighted portions be obeyed. > > That's just for their abuse zone. They could easily have webmaster, > sales, and support zones if a few people were able to convince Derek > that they needed it. Convincing him to list someone at rfc-ignorant.org because they don't have a sales@ email address would be, IMO, a pretty hard thing to sell. >> There is a good reason why there needs to be an abuse@ address; >> abusability. If someone at example.com is abusing email, Usenet, >> etc., one shouldn't have to wonder where to send an abuse report. >> Likewise for Postmaster and technical issues. The reason why >> anyone should be required to maintain a sales@ email address is >> far less clear. The RFC system shouldn't tell someone how to >> operate their business, and if they only want to accept web >> or phone enquiries, that is -- literally -- their business. > > I'm not telling you how to operate your business, but I wouldn't turn > away potential customers emailing sales@, current customers emailing > support@, and dead link reporters emailing webmaster@ if I were you. Good advice, but as written, RFC 2142 doesn't advise. It requires. And, in my opinion, it does so without any justification. G.M. From kenbrody at spamcop.net Mon Mar 6 17:29:18 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Mar 6 20:25:02 2006 Subject: [SpamCop-List] Server is listed, but SpamCop doesn't say why Message-ID: <440CB7BE.FBF83854@spamcop.net> http://www.spamcop.net/w3m?action=checkblock&ip=64.31.80.65 This shows 64.31.80.65 listed, but it doesn't say why. It doesn't say anything about spamtraps, number of e-mails and so on. Is there any way to find out why it's listed? ========== 64.31.80.65 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in a short time. Automatic delisting [...] Listing History System has been listed for less than 24 hours. Dispute Listing If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes. Dispute listing of 64.31.80.65 ========== -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From / at /.cn Tue Mar 7 12:55:02 2006 From: / at /.cn (Petzl) Date: Mon Mar 6 21:00:02 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why References: <440CB7BE.FBF83854@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:440CB7BE.FBF83854@spamcop.net... > http://www.spamcop.net/w3m?action=checkblock&ip=64.31.80.65 > > This shows 64.31.80.65 listed, but it doesn't say why. It doesn't say > anything about spamtraps, number of e-mails and so on. Is there any > way to find out why it's listed? > > ========== > 64.31.80.65 listed in bl.spamcop.net (127.0.0.2) > It's been spewing filth but only/mainly reported via "mole" reporting If you are a spamcop member you should be able to see why here http://mailsc.spamcop.net/mcgi?action=showhistory;slice=issueid;val=69276646 Be ready to avert your eyes much of the reports are explicit From devnull at spamcop.net Mon Mar 6 21:02:26 2006 From: devnull at spamcop.net (Frog Prince) Date: Mon Mar 6 21:05:02 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> <440C4C6D.6DE060D2@SpamCop.devnull.diespammerdie.net> Message-ID: "D.F. Manno" | > "FACT: Spammers can not pay to reach AOL and Yahoo! email inboxes." | > http://www.goodmailsystems.com/certifiedmail/index.php | | "The Goodmail service will NOT increase the amount of spam consumers receive. | CertifiedEmail messages will be delivered only from senders that have obtained | prior permission from recipients. CertifiedEmail is only for permissioned email | from accredited senders who must meet strict qualifying criteria ..." | | Their check cleared. But but but ... will they still love us in the morning? From nobody at devnull.spamcop.net Tue Mar 7 12:10:52 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Mar 6 22:10:02 2006 Subject: [SpamCop-List] Re: usenet spam - why not report to senders isp In-Reply-To: References: Message-ID: Aviatrix wrote: > Vadim Rapp wrote: > >> http://www.spamcop.net/sc?id=z891585406zc98a2d46d659ddd07b9d1d5d9d0032a4z >> >> Usenet spam soliciting orders at sender's hotmail.co.uk address. Sc did >> not send report to hotmail. Shouldn't it? >> > > ... Cases where the > email address in the message actually belongs to the spammer are very > rare. You can always send a report manually... that's what I would do. Not so rare - 419 spammers/scammers *want* to be contacted via these addresses, so I always report them manually (or via user-added addresses). From nobody at devnull.spamcop.net Tue Mar 7 12:13:55 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Mar 6 22:15:03 2006 Subject: [SpamCop-List] Re: Some spam stats from a large(ish) company In-Reply-To: References: Message-ID: Berny wrote: > "Steven Maesslein" wrote in message > news:slrne0p616.d7c.nobody@127.0.0.1... >> On Mon, 6 Mar 2006 11:41:36 -0600, Berny coughed into spamcop and left >> this in : >> >>> begin 666 inmail.gif >>> M1TE&.#=A-@&^`/<``````( ```" `(" ````@( `@ " @,# P,#>> M`& @`( @`* @`, @`. @``! `"! `$! `&! `(! `*! `,! `.! ``!@`"!@ >>> ... >> Please do not send binaries to this newsgroup. >> >> -- >> Steve > > Apologies. Generally I don't, this one was small, and no link to the graph > was available... You can always use http://imageshack.us/ From nobody at devnull.spamcop.net Tue Mar 7 12:25:04 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Mar 6 22:25:03 2006 Subject: [SpamCop-List] Double login Message-ID: I use http://mailsc.spamcop.net/ and when I first go to the site, I am prompted to login with my spamcop email address and password. This is saved in a permanent cookie, so I don't have to type it each time. When I go to tab Held Email I am already logged in, and I don't have to do it again. In fact every tab behaves that way, except Webmail. When I go there I have to login again - this time I have to type the full address and password, as this section does not keep it in a cookie. This is very annoying; is there a way that this could be corrected? From vanderdecker at hotmail.INVALID Mon Mar 6 22:51:24 2006 From: vanderdecker at hotmail.INVALID (vanderdecker@hotmail.INVALID) Date: Mon Mar 6 22:55:04 2006 Subject: [SpamCop-List] "... Truncate" warning Message-ID: Is there any way to have the pasted message automatically truncated, avoiding the warning? From jeffg at spamcop.net Mon Mar 6 22:47:42 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 23:05:03 2006 Subject: [SpamCop-List] Re: Double login References: Message-ID: Patto wrote: > I use http://mailsc.spamcop.net/ and when I first go to the site, I am > prompted to login with my spamcop email address and password. This is > saved in a permanent cookie, so I don't have to type it each time. > > When I go to tab Held Email I am already logged in, and I don't have > to do it again. In fact every tab behaves that way, except Webmail. > When I go there I have to login again - this time I have to type the > full address and password, as this section does not keep it in a > cookie. > > This is very annoying; is there a way that this could be corrected? No, sorry, although they have the same userid and password for your account, those are almost completely separate systems, run by different people in different places, and they don't trust each other. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Mar 6 23:10:33 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 23:15:03 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: Anonymous wrote: > "Jeff G." wrote in message > news:dui491$ir2$1@news.spamcop.net... >> Anonymous wrote: > >>> I would argue that there is a current de-facto standard, and that >>> it is contained not in RFC 2142 but rather in the "Listing Policy" >>> section at [ http://www.rfc-ignorant.org/ ]. Note that RFC-Ignorant >>> references RFC 2142 at http://www.rfc-ignorant.org/rfcs/rfc2142.php >>> but only requires that the highlighted portions be obeyed. >> >> That's just for their abuse zone. They could easily have webmaster, >> sales, and support zones if a few people were able to convince Derek >> that they needed it. > > Convincing him to list someone at rfc-ignorant.org because they don't > have a sales@ email address would be, IMO, a pretty hard thing to > sell. How about security@ or noc@? Stronger cases could be made for those. >>> There is a good reason why there needs to be an abuse@ address; >>> abusability. If someone at example.com is abusing email, Usenet, >>> etc., one shouldn't have to wonder where to send an abuse report. >>> Likewise for Postmaster and technical issues. The reason why >>> anyone should be required to maintain a sales@ email address is >>> far less clear. The RFC system shouldn't tell someone how to >>> operate their business, and if they only want to accept web >>> or phone enquiries, that is -- literally -- their business. >> >> I'm not telling you how to operate your business, but I wouldn't turn >> away potential customers emailing sales@, current customers emailing >> support@, and dead link reporters emailing webmaster@ if I were you. > > Good advice, but as written, RFC 2142 doesn't advise. It requires. > And, in my opinion, it does so without any justification. Please feel free to take that up with D. Crocker, the Internet Mail Consortium, and/or the Network Working Group of the Internet Engineering Task Force that drafted and approved RFC 2142, and to write your own version with fewer addresses or less stringent language. But until you get that RFC changed or obsoleted, you will be expected to comply with it. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Mar 6 23:13:58 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 23:20:03 2006 Subject: [SpamCop-List] Re: "... Truncate" warning References: Message-ID: vanderdecker@hotmail.INVALID wrote: > Is there any way to have the pasted message automatically truncated, > avoiding the warning? The warning is there for your safety. Fully-automatic full reporting is not supported. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Mar 6 23:22:24 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Mar 6 23:25:03 2006 Subject: [SpamCop-List] Re: Double login References: Message-ID: Patto wrote: > I use http://mailsc.spamcop.net/ and when I first go to the site, I am > prompted to login with my spamcop email address and password. This is > saved in a permanent cookie, so I don't have to type it each time. > > When I go to tab Held Email I am already logged in, and I don't have > to do it again. In fact every tab behaves that way, except Webmail. > When I go there I have to login again - this time I have to type the > full address and password, as this section does not keep it in a > cookie. > > This is very annoying; is there a way that this could be corrected? No, sorry, although they have the same userid and password for your account, those are almost completely separate systems, run by different people in different places, and the systems have not been configured to trust each other. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 P.S. Sorry for the possible double reply. From jg at coks.net Mon Mar 6 20:56:36 2006 From: jg at coks.net (jg) Date: Mon Mar 6 23:55:02 2006 Subject: [SpamCop-List] Re: Double login In-Reply-To: References: Message-ID: On 3/6/2006 7:47 PM Jeff G. scribbled: > Patto wrote: >> I use http://mailsc.spamcop.net/ and when I first go to the site, I am >> prompted to login with my spamcop email address and password. This is >> saved in a permanent cookie, so I don't have to type it each time. >> >> When I go to tab Held Email I am already logged in, and I don't have >> to do it again. In fact every tab behaves that way, except Webmail. >> When I go there I have to login again - this time I have to type the >> full address and password, as this section does not keep it in a >> cookie. >> >> This is very annoying; is there a way that this could be corrected? > > No, sorry, although they have the same userid and password for your > account, those are almost completely separate systems, run by different > people in different places, and they don't trust each other. > why not just set up a POP account to SC server using TBird? From redbourn at bezeqint.net Tue Mar 7 08:29:12 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Tue Mar 7 01:30:02 2006 Subject: [SpamCop-List] forwarding multiple spams attachments Message-ID: Hi, I won't mention that I tried sending both single and multiple spams yesterday and got no return email because you already know that :-) My two questions are .. Is it OK via OE to send multiple spams as one attachment ? An if so does it matter what I write in the subject line ? thanks, Mike From jg at coks.net Mon Mar 6 22:48:18 2006 From: jg at coks.net (jg) Date: Tue Mar 7 01:50:02 2006 Subject: [SpamCop-List] Re: "... Truncate" warning In-Reply-To: References: Message-ID: On 3/6/2006 8:13 PM Jeff G. scribbled: > vanderdecker@hotmail.INVALID wrote: >> Is there any way to have the pasted message automatically truncated, >> avoiding the warning? > > The warning is there for your safety. Fully-automatic full reporting is > not supported. > errrrr - Jeff, in words for a 6 year old, if you would...I'm assuming OP is referring to input of large spam via the web feeder- what are you referring to/I'm clueless to? From jg at coks.net Mon Mar 6 22:57:03 2006 From: jg at coks.net (jg) Date: Tue Mar 7 01:55:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/6/2006 10:29 PM Michael Redbourn scribbled: > Hi, > > I won't mention that I tried sending both single and multiple spams > yesterday and got no return email because you already know that :-) > Maybe your ISP is dropping them on the floor - mine does > My two questions are .. > > Is it OK via OE to send multiple spams as one attachment ? do you mean as a function of OE? don't think so - and OE mangles attachments anyway... From edb2000 at spamcop.net Mon Mar 6 23:34:32 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Mar 7 02:35:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route In-Reply-To: References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: AOL may say that this new system will not penalize email senders who do not pay the new toll, and would merely allow those who pay to sidestep the normal AOL spam filtering, but today I have several hundred rejects that show otherwise. Brand-new behavior at AOL as of the 1st of this month: The monthly Mailman administrivial "reminder" email sent to list members has been rejected at SMTP from every AOL address after the first 50. All of the AOL addresses after the lucky first 50 have now been marked by Mailman bounce processing as suspected bad addresses. The rejection message from AOL reads: >>> RCPT To:<[screen_name]@aol.com> <<< 452 REQUESTED ACTION NOT TAKEN: TOO MANY RECIPIENTS <[screen_name]@aol.com>... Deferred: 452 REQUESTED ACTION NOT TAKEN: TOO MANY RECIPIENTS This rejection error message is for a single recipient on a separate email, but after 50 individual emails have been sent already to AOL addresses. We're using a slow machine, sending about 30 messages per minute. Tortoise speed, to be sure. Sending those initial 50 messages was spread out over a couple of minutes. I'm wondering if it has to be spaced out more, just to get past this new AOL shakedown. For those not familiar with Mailman list software, please note that Mailman sends each message individually (VERP addressing to identify bounces) so there is only a single recipient on every list message. Of course every single address on the list is there because the user replied or clicked to confirm a unique and un-guessable token, all conveniently automated by the open source Mailman list management software. We're doing things the right way, and our list members (teachers) have been receiving our mail for some time. Up until now. We have applied for, and have received, the AOL "blessing" to be whitelisted as a responsible source for sending email to AOL members. This was long before AOL announced the new GoodMail program... So as far as I can tell from here, the new AOL "GoodMail" program does not give paying spammers a short-cut around possible spam filtering. On the contrary, it now imposes a very real limit on the number of messages that a single sender can send into AOL space within some unspecified period of time. If we pay per message, I assume we can avoid this penalty. But isn't this exactly what AOL claimed would *not* be true? -- Don Wannit A paid SpamCop user since 1999 From redbourn at bezeqint.net Tue Mar 7 09:39:07 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Tue Mar 7 02:40:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Hi, I meant if I send an email with 50 attachments then can spamcop process them ? I could use the BAT ? thanks Mike "jg" wrote in message news:dujama$ahr$1@news.spamcop.net... > On 3/6/2006 10:29 PM Michael Redbourn scribbled: > >> Hi, >> >> I won't mention that I tried sending both single and multiple spams >> yesterday and got no return email because you already know that :-) >> > > Maybe your ISP is dropping them on the floor - mine does > >> My two questions are .. >> >> Is it OK via OE to send multiple spams as one attachment ? > > do you mean as a function of OE? > don't think so - and OE mangles attachments anyway... From nobody at spamcop.net Tue Mar 7 00:34:41 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Mar 7 03:35:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: <11nzn7i2pqrai$.dlg@news.spamcop.net> On Tue, 7 Mar 2006 08:29:12 +0200, Michael Redbourn wrote: > Hi, > > I won't mention that I tried sending both single and multiple spams > yesterday and got no return email because you already know that :-) > > My two questions are .. > > Is it OK via OE to send multiple spams as one attachment ? > > An if so does it matter what I write in the subject line ? > > thanks, > > Mike If you can find a way to make MS Outlook Express send multiple email messags as attachments, SpamCop will accept them. There is an upper limit to the number of attachments, and to the total message size. Whichever limit is hit first. Unfortunately, I don't know of a way to make MS Outlook Express forward email messages as attachments, other than one email message at a time. I believe the limits are outlined in the FAQ, but I have never hit them. I use Pegasus Mail, which does allow multiple message attachments. I just put "UBE" in my subject line. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Tue Mar 7 00:52:07 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Mar 7 03:55:05 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: <7p86spyq16ty$.dlg@news.spamcop.net> On Mon, 06 Mar 2006 22:57:03 -0800, jg wrote: > On 3/6/2006 10:29 PM Michael Redbourn scribbled: >> Hi, >> >> I won't mention that I tried sending both single and multiple spams >> yesterday and got no return email because you already know that :-) >> > Maybe your ISP is dropping them on the floor - mine does >> My two questions are .. >> >> Is it OK via OE to send multiple spams as one attachment ? > do you mean as a function of OE? > don't think so - and OE mangles attachments anyway... It doesn't seem to mangle headers, and that is the most important aspect of the attached email which the SpamCop parser uses. Actually, I just looked at the identical email, sent as an attachment to the same email account, using Pegasus Mail for the first, and MS Outlook Express for the second. Even setting MSOE to send plain text, it sent two parts. The second part looks no different from the Pegasus Mail attachment. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From n4jwyfo02 at sneakemail.com Tue Mar 7 08:53:15 2006 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Tue Mar 7 03:55:11 2006 Subject: [SpamCop-List] Re: Double login In-Reply-To: References: Message-ID: Patto wrote: > When I go to tab Held Email I am already logged in, and I don't have to > do it again. In fact every tab behaves that way, except Webmail. When I > go there I have to login again - this time I have to type the full > address and password, as this section does not keep it in a cookie. Doesn't it? It does for me.... From philip at pch.home.cs.vu.nl Tue Mar 7 09:53:41 2006 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Tue Mar 7 04:30:02 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: In article , Don Wannit wrote: >The rejection message from AOL reads: > > >>> RCPT To:<[screen_name]@aol.com> ><<< 452 REQUESTED ACTION NOT TAKEN: TOO MANY RECIPIENTS ><[screen_name]@aol.com>... Deferred: 452 REQUESTED ACTION >NOT TAKEN: TOO MANY RECIPIENTS > >This rejection error message is for a single recipient >on a separate email, but after 50 individual emails have >been sent already to AOL addresses. A 4xy error is not a rejection. It is supposed to signal a temporary failure. Of course AOL may be abusing this feature. I don't think there is anything wrong with AOL customers having to use a hotmail or a gmail account to subscribe to mailing lists. I always subscribe tagged e-mail addresses without a spam filter to mailing lists. But that is probably far to complicated for AOL customers. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From redbourn at bezeqint.net Tue Mar 7 11:44:47 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Tue Mar 7 04:50:37 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> Message-ID: > If you can find a way to make MS Outlook Express send multiple email > messags as attachments, SpamCop will accept them. There is an upper limit > to the number of attachments, and to the total message size. Whichever > limit is hit first. Unfortunately, I don't know of a way to make MS > Outlook > Express forward email messages as attachments, other than one email > message > at a time. I believe the limits are outlined in the FAQ, but I have never > hit them. > > I use Pegasus Mail, which does allow multiple message attachments. I just > put "UBE" in my subject line. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum It would seem that one just does tag all (I put all the spam in a 'spam' folder' as they come in) and then hit 'forward'. An email opens up with all the attachements. thanks, Mike From nobody at nowhere.invalid Tue Mar 7 11:47:02 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Mar 7 05:50:16 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> Message-ID: On Tue, 7 Mar 2006 00:34:41 -0800, N. Miller coughed into spamcop and left this in <11nzn7i2pqrai$.dlg@news.spamcop.net>: > Unfortunately, I don't know of a way to make MS Outlook Express > forward email messages as attachments, other than one email message at > a time. Select the messages you want to forward together, right-click on one of them and select "Forward as attachment". -- Steve genius, n: A chemist who discovers a laundry additive that rhymes with "bright". From redbourn at bezeqint.net Tue Mar 7 15:54:55 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Tue Mar 7 09:00:04 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: I checked how much I have credited to me from SpamCop and then sent spam via attachment and the amount remains the same. Almost 24 hrs now and no return email vis a vis attachments that I've sent :-( Either SpamCop has a problem right now or it's my ISP I don't mind submitting around 10 a day manually but not 50 regards, Mike "jg" wrote in message news:dujama$ahr$1@news.spamcop.net... > On 3/6/2006 10:29 PM Michael Redbourn scribbled: > >> Hi, >> >> I won't mention that I tried sending both single and multiple spams >> yesterday and got no return email because you already know that :-) >> > > Maybe your ISP is dropping them on the floor - mine does > >> My two questions are .. >> >> Is it OK via OE to send multiple spams as one attachment ? > > do you mean as a function of OE? > don't think so - and OE mangles attachments anyway... From jg at coks.net Tue Mar 7 06:32:50 2006 From: jg at coks.net (jg) Date: Tue Mar 7 09:30:04 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/7/2006 5:54 AM Michael Redbourn scribbled: > I checked how much I have credited to me from SpamCop and then sent spam via > attachment and the amount remains the same. > > Almost 24 hrs now and no return email vis a vis attachments that I've sent > :-( > > Either SpamCop has a problem right now or it's my ISP > As Norman mentioned, there is a limit on total size - I believe it is 100k per email, someone else here can verify that - I can't find it in the FAQ right now. And do ask your ISP before you spend a lot more time mailing out - I didn't know for several months until I started bcc'ng myself and getting no delivery. From nobody at devnull.spamcop.net Tue Mar 7 08:36:15 2006 From: nobody at devnull.spamcop.net (Maggie's Mom) Date: Tue Mar 7 10:40:03 2006 Subject: [SpamCop-List] what a nerve... Message-ID: http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z comes with a subject like this: Internet hackers crew webhack - www.web-hack.ru Ref: 80061 and a text like this: Dear Sir/Madam, Hello! We are internet hackers crew - Web-hack. We propose you for sale some interesting things: - private exploits - http://forum.web-hack.ru - stolen credit cards and bank accounts - http://forum.web-hack.ru - we infect users pc's with your trojan for low prices (10000 infected pc's for 25$) - http://forum.web-hack.ru - bulletproof domains and hosting - http://forum.web-hack.ru Best offer - bulletproof domain + hosting this hosting for any scam/fraud and nobody will close it! For more information look at - http://forum.web-hack.ru P.S. We are registering bulletproof domains on our partner site http://www.r01.ru/ there we have "our" people to guarantee stability of our domains and hosting so any organization like spamhaus.org cannot down our hosting and domains. We are now spaming 5 000 000 people look out the domain is alive as always and never gonna be down !! Please go and order our services at: http://forum.web-hack.ru Msg-ID: 39186 Aside from getting it reported - any authorities out there that could use it to lock the bastards up? Out of curiosity: has anybody else received a jewel like above, or is it just my luck? As ever, - Maggie's Mom. From bar_n0ne at hotmail.com Tue Mar 7 09:43:12 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue Mar 7 10:45:03 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: "Maggie's Mom" wrote in message news:duk9a2$rst$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z > > comes with a subject like this: > Internet hackers crew webhack - www.web-hack.ru Ref: 80061 > >SNIPPED most likely a "joe job" against one of the mentioned sites, I believe this is part of a Russian extortion gang, this style of message has appeared before. Usually, these spammers and their targets all have dirty hands, LART away From spamcop at 1bigthink.com Tue Mar 7 11:03:57 2006 From: spamcop at 1bigthink.com (spamcop) Date: Tue Mar 7 11:04:10 2006 Subject: {Spam!!!} [SpamCop-List] what a nerve... In-Reply-To: References: Message-ID: <6.2.3.4.0.20060307110020.0c3b7008@mxt.1bigthink.com> At 10:36 AM 3/7/2006, you wrote: >http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z > >comes with a subject like this: >Internet hackers crew webhack - www.web-hack.ru Ref: 80061 > >and a text like this: >Dear Sir/Madam, Hello! We are internet hackers crew - Web-hack. We propose >you for sale some interesting things: - private exploits - >http://forum.web-hack.ru - stolen credit cards and bank accounts - >http://forum.web-hack.ru - we infect users pc's with your trojan for low >prices (10000 infected pc's for 25$) - http://forum.web-hack.ru - >bulletproof domains and hosting - http://forum.web-hack.ru Best offer - >bulletproof domain + hosting this hosting for any scam/fraud and nobody will >close it! For more information look at - http://forum.web-hack.ru P.S. We >are registering bulletproof domains on our partner site http://www.r01.ru/ >there we have "our" people to guarantee stability of our domains and hosting >so any organization like spamhaus.org cannot down our hosting and domains. >We are now spaming 5 000 000 people look out the domain is alive as always >and never gonna be down !! Please go and order our services at: >http://forum.web-hack.ru Msg-ID: 39186 > >Aside from getting it reported - any authorities out there that could use it >to lock the bastards up? >Out of curiosity: has anybody else received a jewel like above, or is it >just my luck? > >As ever, - Maggie's Mom. > Hello Maggie's Mom! Are you in the US? You might want to try http://www.ic3.gov/ . I'm not feeling too crazy about reporting anything to my government or law enforcement as of late, however; It's funny how they tend to treat third-party reporters of criminal activities as suspects nowadays. With all the spying going on, I just as soon go build my own wind turbine way out in the woods in a log cabin and hunt for dinner. Come find me NSA! Halla, Halla! From edb2000 at spamcop.net Tue Mar 7 08:37:40 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Mar 7 11:40:02 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route In-Reply-To: References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: Philip Homburg wrote: > In article , > Don Wannit wrote: > >>The rejection message from AOL reads: >> >> >>>>>RCPT To:<[screen_name]@aol.com> >> >><<< 452 REQUESTED ACTION NOT TAKEN: TOO MANY RECIPIENTS >><[screen_name]@aol.com>... Deferred: 452 REQUESTED ACTION >>NOT TAKEN: TOO MANY RECIPIENTS >> >>This rejection error message is for a single recipient >>on a separate email, but after 50 individual emails have >>been sent already to AOL addresses. > > > A 4xy error is not a rejection. It is supposed to signal a temporary failure. > Of course AOL may be abusing this feature. > Yes, I am guessing that without having paid the highway toll, we are limited to sending 50 emails into AOL space within an unspecified interval, and they use the temporary failure status so we'll retry later, after the holding time in the penalty box has expired. Giving them the benefit of the doubt (which may be doubtful), both delayed and un-delayed incoming email might go through the same spam and virm filtering/tagging/blocking whether or not the email fee is paid. Other speculation is that paying the toll bypasses spam filtering, maybe even virm blocking. Might be that AOL users will be out of luck, just as you say, or they can sign up with a Hotmail or Gmail address instead of AOL. -- Don Wannit A paid SpamCop user since 1999 From nobody at spamcop.net Tue Mar 7 09:19:22 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Mar 7 12:20:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> Message-ID: <1x7x9gm9sbr4n$.dlg@news.spamcop.net> On Tue, 7 Mar 2006 11:47:02 +0100, Steven Maesslein wrote: > On Tue, 7 Mar 2006 00:34:41 -0800, N. Miller coughed into spamcop and > left this in <11nzn7i2pqrai$.dlg@news.spamcop.net>: >> Unfortunately, I don't know of a way to make MS Outlook Express >> forward email messages as attachments, other than one email message at >> a time. > Select the messages you want to forward together, right-click on one of > them and select "Forward as attachment". Ah, well. I suppose I would have learned that on my own, if I used MSOE for much more than an occasional test. My preferred mailer is Pegasus Mail. I can drag and drop, so I can forward multiple email messages from multiple folders. Perhaps MSOE allows that, as well? -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From kenbrody at spamcop.net Tue Mar 7 13:35:57 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Mar 7 13:45:03 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why References: <440CB7BE.FBF83854@spamcop.net> Message-ID: <440DD28D.8A0CB6F7@spamcop.net> Petzl wrote: > > "Kenneth Brody" wrote in message > news:440CB7BE.FBF83854@spamcop.net... > > http://www.spamcop.net/w3m?action=checkblock&ip=64.31.80.65 > > > > This shows 64.31.80.65 listed, but it doesn't say why. It doesn't say > > anything about spamtraps, number of e-mails and so on. Is there any > > way to find out why it's listed? > > > > ========== > > 64.31.80.65 listed in bl.spamcop.net (127.0.0.2) > > > It's been spewing filth but only/mainly reported via "mole" reporting > If you are a spamcop member you should be able to see why here > http://mailsc.spamcop.net/mcgi?action=showhistory;slice=issueid;val=69276646 > Be ready to avert your eyes much of the reports are explicit Thanks for the pointer. Is there a way I can find out why, given the following two "received" lines ===== Received: from source ([64.31.80.65]) by exprod6mx168.postini.com ([64.18.5.10]) with SMTP; Sun, 26 Feb 2006 18:53:54 EST Received: from friend (52.201.101-84.rev.gaoland.net [84.101.201.52]) by mail.fptechnologies.com (8.12.9/8.12.9) with ESMTP id k1R0R8N1034263 for ; Sun, 26 Feb 2006 19:27:11 -0500 (EST) ===== that SpamCop lists 64.31.80.65 as the source, rather than 84.101.201.52? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at nowhere.invalid Tue Mar 7 20:19:32 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Mar 7 14:20:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> <1x7x9gm9sbr4n$.dlg@news.spamcop.net> Message-ID: On Tue, 7 Mar 2006 09:19:22 -0800, N. Miller coughed into spamcop and left this in <1x7x9gm9sbr4n$.dlg@news.spamcop.net>: > I can drag and drop, so I can forward multiple email messages from > multiple folders. Perhaps MSOE allows that, as well? I couldn't tell you. I haven't used MSOE in years, preferring this any day of the week: http://sylpheed.good-day.net -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From redbourn at bezeqint.net Tue Mar 7 23:30:26 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Tue Mar 7 16:35:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: > And do ask your ISP before you spend a lot more time mailing out - I > didn't know for several months until I started bcc'ng myself and getting > no delivery. Well that's a good idea - I'll blind copy myself and see what happens. My ISP would most likely just push me from department to department. I would have thought that ISPs would want to stop spam ? thanks Mike From nobody at spamcop.net Tue Mar 7 16:44:21 2006 From: nobody at spamcop.net (indigo) Date: Tue Mar 7 16:45:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: Don Wannit wrote: > Might be that AOL users will be out of luck, just as you say, > or they can sign up with a Hotmail or Gmail address instead > of AOL. If what you've written is true, I hope AOL ceases to exist as a result. Would serve them right. Can you imagine the outrage of millions of users when they find out they can't get email they want? From g.hyde at bigpond.net.au Wed Mar 8 08:25:41 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Mar 7 17:30:03 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: "Maggie's Mom" wrote in message news:duk9a2$rst$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z > > comes with a subject like this: > Internet hackers crew webhack - www.web-hack.ru Ref: 80061 Itneresting ... To the CIA, perhaps ... > Aside from getting it reported - any authorities out there that could use > it to lock the bastards up? > Out of curiosity: has anybody else received a jewel like above, or is it > just my luck? You could always ring up the CIA department and ask if they want to do anything about it - although I don't know if you'll get anything except confusion or laughter out of them. Apart from that the best bet you'd have would be to contact law enforcement agencies that have previously expressed an interest in such things. Cheers ... Geoffrey Hyde From porpoise1954 at yahoo.co.uk Tue Mar 7 23:00:15 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Mar 7 18:05:03 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Jeff G." wrote in message news:duj14i$4f9$1@news.spamcop.net... > Anonymous wrote: >> "Jeff G." wrote in message >> Good advice, but as written, RFC 2142 doesn't advise. It requires. >> And, in my opinion, it does so without any justification. > > Please feel free to take that up with D. Crocker, the Internet Mail > Consortium, and/or the Network Working Group of the Internet Engineering > Task Force that drafted and approved RFC 2142, and to write your own > version with fewer addresses or less stringent language. But until you > get that RFC changed or obsoleted, you will be expected to comply with > it. > If and when it ever _actually_ becomes a standard - of course................. From bar_n0ne at hotmail.com Tue Mar 7 17:13:56 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue Mar 7 18:15:04 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: "Geoffrey Hyde" wrote in message news:dul1b9$a8t$1@news.spamcop.net... > > "Maggie's Mom" wrote in message > news:duk9a2$rst$1@news.spamcop.net... > > http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z > > > > comes with a subject like this: > > Internet hackers crew webhack - www.web-hack.ru Ref: 80061 > > Itneresting ... To the CIA, perhaps ... come on guys,(gals too) don't you think Law Enforcement and the CIA also get these spams? These are either a troll for wannabe hacker lusers, or joe jobs , like the carder-something spams a while back From porpoise1954 at yahoo.co.uk Tue Mar 7 23:12:25 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Mar 7 18:15:10 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: "jg" wrote in message news:dujama$ahr$1@news.spamcop.net... > On 3/6/2006 10:29 PM Michael Redbourn scribbled: > >> Hi, >> >> I won't mention that I tried sending both single and multiple spams >> yesterday and got no return email because you already know that :-) >> > > Maybe your ISP is dropping them on the floor - mine does That's possible > >> My two questions are .. >> >> Is it OK via OE to send multiple spams as one attachment ? > > do you mean as a function of OE? > don't think so - and OE mangles attachments anyway... Yes you can - OE handles them as attachments just fine. OL, OTOH, does mangle them generally. From porpoise1954 at yahoo.co.uk Tue Mar 7 23:17:31 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Mar 7 18:20:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:11nzn7i2pqrai$.dlg@news.spamcop.net... > On Tue, 7 Mar 2006 08:29:12 +0200, Michael Redbourn wrote: > >> Mike > > If you can find a way to make MS Outlook Express send multiple email > messags as attachments, SpamCop will accept them. There is an upper limit > to the number of attachments, and to the total message size. Whichever > limit is hit first. Unfortunately, I don't know of a way to make MS > Outlook > Express forward email messages as attachments, other than one email > message > at a time. I believe the limits are outlined in the FAQ, but I have never > hit them. For OE, select the messages you want to attach, then then put the address you want to send them to in the To: box - It's as simple as that! The max number is governed by external sources (recipient/ISP/filters - whatever) not OE itself. From n4jwyfo02 at sneakemail.com Wed Mar 8 00:30:26 2006 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Tue Mar 7 19:35:03 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why In-Reply-To: <440DD28D.8A0CB6F7@spamcop.net> References: <440CB7BE.FBF83854@spamcop.net> <440DD28D.8A0CB6F7@spamcop.net> Message-ID: Kenneth Brody wrote: > Thanks for the pointer. Is there a way I can find out why, given the > following two "received" lines > > ===== > Received: from source ([64.31.80.65]) by exprod6mx168.postini.com ([64.18.5.10]) with SMTP; > Sun, 26 Feb 2006 18:53:54 EST > Received: from friend (52.201.101-84.rev.gaoland.net [84.101.201.52]) > by mail.fptechnologies.com (8.12.9/8.12.9) with ESMTP id k1R0R8N1034263 > for ; Sun, 26 Feb 2006 19:27:11 -0500 (EST) > ===== > > that SpamCop lists 64.31.80.65 as the source, rather than 84.101.201.52? > There are others here who are a lot more technical than me and who will probably give you chapter and verse... but I suspect (because this is something that used to happen with one of my ISPs) that there is *something* in those "received" lines that causes Spamcop to trip over and give up looking further - that "something" being some incorrect syntax or other misconfiguration. From nobody at spamcop.net Wed Mar 8 14:26:55 2006 From: nobody at spamcop.net (Anony Mouse) Date: Tue Mar 7 20:30:02 2006 Subject: [SpamCop-List] Return to active duty Message-ID: <440E32DF.10908@spamcop.net> Greetings All It has been a long time... Some spammers never learn and a recent growth of spam getting though my isp's filters and an attack by a residivist spammer means I am returning to active duty. Anony Mouse From jg at coks.net Tue Mar 7 17:39:28 2006 From: jg at coks.net (jg) Date: Tue Mar 7 20:40:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: <11nzn7i2pqrai$.dlg@news.spamcop.net> <1x7x9gm9sbr4n$.dlg@news.spamcop.net> Message-ID: On 3/7/2006 11:19 AM Steven Maesslein scribbled: > On Tue, 7 Mar 2006 09:19:22 -0800, N. Miller coughed into spamcop and > left this in <1x7x9gm9sbr4n$.dlg@news.spamcop.net>: > >> I can drag and drop, so I can forward multiple email messages from >> multiple folders. Perhaps MSOE allows that, as well? > > I couldn't tell you. I haven't used MSOE in years, preferring this any > day of the week: http://sylpheed.good-day.net > the screenshot sure /looks/ like TBird, from afar... From MikeE at ster.invalid Tue Mar 7 17:48:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 20:50:02 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why References: <440CB7BE.FBF83854@spamcop.net> <440DD28D.8A0CB6F7@spamcop.net> Message-ID: Kenneth Brody wrote: > Thanks for the pointer. Is there a way I can find out why, given the > following two "received" lines > > ===== > Received: from source ([64.31.80.65]) by exprod6mx168.postini.com > ([64.18.5.10]) with SMTP; Sun, 26 Feb 2006 18:53:54 EST > Received: from friend (52.201.101-84.rev.gaoland.net [84.101.201.52]) > by mail.fptechnologies.com (8.12.9/8.12.9) with ESMTP id > k1R0R8N1034263 for ; Sun, 26 Feb 2006 19:27:11 -0500 (EST) > ===== > > that SpamCop lists 64.31.80.65 as the source, rather than > 84.101.201.52? If we are going to talk about dissecting or parsing headerlines, let's don't talk about partial lines. Let's talk about the whole spam from which you derived those lines. Post the tracking URL for the spam parsing of the spam which contained the lines from which those two lines were extracted. We can't see SC making a mistake in the parse if you don't post the tracker for the parse. If you don't have a tracking URL, you make one by submitting the spam which contains those lines, performing any necessary mungeing prior to submission if it is not excessive, copying the tracking URL, cancelling the report, and pasting the tracker in here. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 7 18:00:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:00:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Michael Redbourn wrote: > I won't mention that I tried sending both single and multiple spams > yesterday and got no return email because you already know that :-) How would I know that? > Is it OK via OE to send multiple spams as one attachment ? Yes. OE calls it 'forward as attachment'. > An if so does it matter what I write in the subject line ? I leave the subject empty. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 7 18:03:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:05:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Michael Redbourn wrote: > I meant if I send an email with 50 attachments then can spamcop > process them ? Most likely yes. > I could use the BAT ? The faq describes submitting one item to the parser for the Bat, it doesn't describe forwarding as attachment http://www.spamcop.net/fom-serve/cache/228.html To get the full text of an HTML message from TheBat email software in preparation for pasting into SpamCop Also, you are top-posting instead of trimming and contextualizing. That isn't going to work for effective newsgroup correspondence. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 7 18:06:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:10:04 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: > Michael Redbourn >> Is it OK via OE to send multiple spams as one attachment ? > > do you mean as a function of OE? > don't think so - and OE mangles attachments anyway... Wrong. OE is an excellent tool to use to submit by forward as attachment or to use to copy and paste a spam with complete headers and unrendered into the webparser. There is no mangling of attachments, whatever that means. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 8 11:04:21 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 7 21:10:10 2006 Subject: [SpamCop-List] Re: Double login In-Reply-To: References: Message-ID: jg wrote: > On 3/6/2006 7:47 PM Jeff G. scribbled: > >> Patto wrote: >>> I use http://mailsc.spamcop.net/ and when I first go to the site, I am >>> prompted to login with my spamcop email address and password. This is >>> saved in a permanent cookie, so I don't have to type it each time. >>> >>> When I go to tab Held Email I am already logged in, and I don't have >>> to do it again. In fact every tab behaves that way, except Webmail. >>> When I go there I have to login again - this time I have to type the >>> full address and password, as this section does not keep it in a >>> cookie. >>> >>> This is very annoying; is there a way that this could be corrected? >> No, sorry, although they have the same userid and password for your >> account, those are almost completely separate systems, run by different >> people in different places, and they don't trust each other. >> > why not just set up a POP account to SC server using TBird? Good idea - thanks for the suggestion! From MikeE at ster.invalid Tue Mar 7 18:09:06 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:10:16 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> Message-ID: Michael Redbourn wrote: > It would seem that one just does tag all (I put all the spam in a > 'spam' folder' as they come in) and then hit 'forward'. > > An email opens up with all the attachements. No. If you use OE and 'forward' -- you will not get the desired result. If you meant to say something else, you should have said it more accurately by properly trimming and contextualizing. Bad communication in newsgroups causes a lot of confusion. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 7 18:12:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:15:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> <1x7x9gm9sbr4n$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > Steven Maesslein wrote: >> N. Miller >>> Unfortunately, I don't know of a way to make MS Outlook Express >>> forward email messages as attachments, other than one email message >>> at a time. > >> Select the messages you want to forward together, right-click on one >> of them and select "Forward as attachment". Exactly correct. > My preferred mailer is > Pegasus Mail. I can drag and drop, so I can forward multiple email > messages from multiple folders. Perhaps MSOE allows that, as well? Do not use the term 'forward' when discussing OE. The only term in this context is 'forward as attachment'. There must be no confusion. You said "forward". That is wrong. You cannot forward. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 8 11:11:16 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 7 21:15:09 2006 Subject: [SpamCop-List] Re: what a nerve... In-Reply-To: References: Message-ID: Maggie's Mom wrote: > http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d5z > > ... > Out of curiosity: has anybody else received a jewel like above, or is it > just my luck? I don't know; I rarely read my spam. Except for some 419 spams for my amusement - it sometimes really amazes me with what new stories these guys come up all the time! From MikeE at ster.invalid Tue Mar 7 18:13:42 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:15:14 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Michael Redbourn wrote: >> And do ask your ISP before you spend a lot more time mailing out - I >> didn't know for several months until I started bcc'ng myself and >> getting no delivery. > > Well that's a good idea - I'll blind copy myself and see what happens. You are citing, but you aren't attributing. You need to show who said "And do ask your ISP..." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 7 18:42:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 7 21:45:04 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: Maggie's Mom wrote: > Internet hackers crew webhack - www.web-hack.ru Ref: 80061 There have been a number of online magazine articles about the goings on at www.web-hack.ru. Google it up and see what has been said. I think most of the articles are about 7-8 months old. LE law enforcement doesn't often seem to be inspired to infiltrate and investigate potential crime. They seem to have their hands full with real and currently existing, already performed, exploits. Their interest in future potential exploits is often slim to none. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Mar 7 19:05:05 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Mar 7 22:10:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> <1x7x9gm9sbr4n$.dlg@news.spamcop.net> Message-ID: On Tue, 7 Mar 2006 18:12:12 -0800, Mike Easter wrote: > Do not use the term 'forward' when discussing OE. The only term in this > context is 'forward as attachment'. There must be no confusion. > > You said "forward". That is wrong. You cannot forward. Damn! Busted! Again! ;) Now where did I put the beer mustard? -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From tmcgraw at spamcop.net Tue Mar 7 19:41:55 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Mar 7 22:45:03 2006 Subject: [SpamCop-List] Re: Return to active duty In-Reply-To: <440E32DF.10908@spamcop.net> References: <440E32DF.10908@spamcop.net> Message-ID: Anony Mouse wrote: > Greetings All > > It has been a long time... > > Some spammers never learn and a recent growth of spam getting though my > isp's filters and an attack by a residivist spammer means I am returning > to active duty. > > Anony Mouse Welcome back to the forward regiment. You can never cut and run from spam! From redford_stone at INVERSE_OF_COLDmail.com Wed Mar 8 06:03:58 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Mar 8 01:05:06 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: "Maggie's Mom" wrote in news:duk9a2$rst$1@news.spamcop.net: > http://www.spamcop.net/sc?id=z892155815z784ff349a28833cb09de350bcfb4c9d > 5z > > > Aside from getting it reported - any authorities out there that could > use it to lock the bastards up? > Out of curiosity: has anybody else received a jewel like above, or is > it just my luck? > I did. It appears to be a joe-job. Only reported the IP address from which the spam originated. From redford_stone at INVERSE_OF_COLDmail.com Wed Mar 8 06:07:45 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Mar 8 01:10:02 2006 Subject: [SpamCop-List] Re: SC reporting down ? References: <440BD1EB.DC383C16@nopspam.invalid> Message-ID: Anton Haumer wrote in news:440BD1EB.DC383C16@nopspam.invalid: > sent a bunch of spam by mail about 6 hours ago, > nothing happens ... is SC reporting down? What is it you are expecting to happen? From redbourn at bezeqint.net Wed Mar 8 08:19:33 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Wed Mar 8 01:20:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Ok - here's the scoop. My ISP was dropping my emails to Spamcop. I forwarded the attachments last night (using OE) but via hotmail and sent a bc to myself. I got the blind copy immediately and today I got a response from Spamcop. So this seems to be very good news ! If your ISP drops mail to Spamcop send it via hotmail or some other web based account. Thanks for all the help ! Mike "Michael Redbourn" wrote in message news:duj98o$9jc$1@news.spamcop.net... > Hi, > > I won't mention that I tried sending both single and multiple spams > yesterday and got no return email because you already know that :-) > > My two questions are .. > > Is it OK via OE to send multiple spams as one attachment ? > > An if so does it matter what I write in the subject line ? > > thanks, > > Mike > From edb2000 at spamcop.net Tue Mar 7 22:34:58 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Wed Mar 8 01:35:04 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route In-Reply-To: References: <200602230616.1fcesN7KQ3Nl3pK1@gideon.mail.atl.earthlink.net> Message-ID: indigo wrote: > Don Wannit wrote: > >>Might be that AOL users will be out of luck, just as you say, >>or they can sign up with a Hotmail or Gmail address instead >>of AOL. > > > If what you've written is true, I hope AOL ceases to exist as a result. > Would serve them right. Can you imagine the outrage of millions of users > when they find out they can't get email they want? > > To be sure, there already are many mailing list managers that have a very "thin skin" w.r.t. certain ISP/hosts. Some well respected personages on the 'net such as Chuq von Rospach and many others will bend over backwards to make a mailing list accessible to all, but will write off the poor users condemned to certain problematic ISP/hosts without wasting time on them, knowing that it it would truly be wasted time. AOL is already among those problematic ISP/hosts for some list managers. It's about to become such for many more. As for the outrage of millions of users, I strongly suspect that rather than outrage of millions, it will be frustration of the cluefull few who remember that they actually did sign up for a mailing list and click on the confirmation link^1, compared to the audible collective sigh of relief from the millions whose inboxes may (or may not) contain less spam than before. I still say that "know the sender" is the only solution to spam. "Charge the sender" is using the wrong tool for the job. Yes, there are many valid reasons for anonymity, and I'm not sure how to reconcile the need for accountability with the need for anonymity. But what we've got now with the SMTP protocol as it stands today (with relevant RFC's actually observed) definitely doesn't cut it. ^1 Many's the time I as admin receive an irate email from an AOL luser complaining about the "spam" they received from my server, where that supposed spam was the "please confirm that you did sign up for this mailing list" opt-in confirmation, and the complaint comes from the same IP as the original sign-up submission. -- Don Wannit A paid SpamCop user since 1999 From sache at grignon.inra.fr Wed Mar 8 08:47:45 2006 From: sache at grignon.inra.fr (Ivan Sache) Date: Wed Mar 8 02:50:03 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: Hello, In article , Patto wrote: > I don't know; I rarely read my spam. Except for some 419 spams for my > amusement - it sometimes really amazes me with what new stories these > guys come up all the time! You are not the only one. These guys were awarded the Ig Nobel prize of literature 2005 "for creating and then using e-mail to distribute a bold series of short stories, thus introducing millions of readers to a cast of rich characters ‹ General Sani Abacha, Mrs. Mariam Sanni Abacha, Barrister Jon A Mbeki Esq." See: Don't miss the 419 scammers anthem: Boring lottery scams seem to be more and more popular here and "genuine" 419 short stories ("next of kin" et al.) are less and less frequent. Regards Ivan From nobody at devnull.spamcop.net Wed Mar 8 02:11:57 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Mar 8 03:15:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: "Michael Redbourn" wrote in message news:dult1q$r6g$1@news.spamcop.net... > Ok - here's the scoop. > > My ISP was dropping my emails to Spamcop. You say "was" .... does this mean that they have stopped? Or are you suggesting that bezeqint.net be added to the list of ISPs currently found in; "E-Mail spam submittals blocked by your ISP" http://forum.spamcop.net/forums/index.php?showtopic=2782 ?????? From jeffg at spamcop.net Wed Mar 8 04:24:06 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 8 04:35:02 2006 Subject: [SpamCop-List] Re: "... Truncate" warning References: Message-ID: Jeff G. wrote: > vanderdecker@hotmail.INVALID wrote: >> Is there any way to have the pasted message automatically truncated, >> avoiding the warning? > > The warning is there for your safety. Fully-automatic full reporting > is not supported. Oops, I left off "No, sorry, " at the beginning of that. The last sentence was for those who might be trying to automate full reporting, and who might be getting stuck on the warning. Sorry for any confusion. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From / at /.cn Wed Mar 8 20:45:55 2006 From: / at /.cn (Petzl) Date: Wed Mar 8 04:50:44 2006 Subject: [SpamCop-List] Re: Return to active duty References: <440E32DF.10908@spamcop.net> Message-ID: "Anony Mouse" wrote in message news:440E32DF.10908@spamcop.net... > Greetings All > > It has been a long time... > > Some spammers never learn and a recent growth of spam getting though my > isp's filters and an attack by a residivist spammer means I am returning > to active duty. > > Anony Mouse Wondered where you went Welcome back Petzl From someone at somewhere.com Wed Mar 8 09:58:23 2006 From: someone at somewhere.com (someone) Date: Wed Mar 8 05:05:34 2006 Subject: [SpamCop-List] Can we stop our email keeps getting blocked Message-ID: Our internet site - is a human edited Internet directory. Each category within the directory is a mini portal containing ranked sites, the latest news releases, the latest blog releases, ranked applicable products (similar to Froogle) and so on. Each week, our researchers create several new categories, and then visit hundreds of web stes looking for suitable sites to invite to join the directory category. Where we find suitable quality sites, with a contact us, or enquiries email, we email them to invite them to list with us. Listing sites and products within our directory is free. Sign up rates from these emails are extremely high - between 20% and 45% of those who read the email, sign up within 24 hours. For administrative efficiency, we send these emails once a week. Total volume is somewhere between 1,000 and 3,000 emails. And this seems to trigger spam cop as the mail volumes suddenly go up from a couple of dozen support emails a day to a couple of thousand in an hour. By the time we receive bounced emails saying the IP address is blocked by Spam Cop, the block has always been removed. We do not consider we are spamming as we only target those directly applciable to the category created and only those with an open invite to email them on their web site. Is there any way of preventing Spam Cop from blocking us? From nobody at nowhere.invalid Wed Mar 8 11:56:59 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 8 06:00:13 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: <11nzn7i2pqrai$.dlg@news.spamcop.net> <1x7x9gm9sbr4n$.dlg@news.spamcop.net> Message-ID: On Tue, 07 Mar 2006 17:39:28 -0800, jg coughed into spamcop and left this in : >> I couldn't tell you. I haven't used MSOE in years, preferring this any >> day of the week: http://sylpheed.good-day.net >> > the screenshot sure /looks/ like TBird, from afar... >From nearer it looks quite dissimilar. It certainly feels worlds apart from T'bird. For one thing, it builds from source in about 2 minutes here... Sylpheed gives you the safety of T'bird, more standards compliance, PGP functions without the need for extensions, but no built-in junk filtering. The Unix version does, however, leave a hook open for external filtering. Not sure about the Windows port. I've been using it since version 0.5.something. Nearly 5 years. http://sylpheed.good-day.net/sylpheed/v0.5/ -- Steve Experience is something you don't get until just after you need it. From nobody at nowhere.invalid Wed Mar 8 12:00:49 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 8 06:05:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: On Wed, 8 Mar 2006 09:58:23 -0000, someone coughed into spamcop and left this in : > Is there any way of preventing Spam Cop from blocking us? Yes. Stop spamming. -- Steve Recorded message on an answerphone: "This is not an answering machine, this is a telepathic thought-recording device. After the tone, think about your name, your number, and your reason for calling.... and I'll think about returning your call." From MikeE at ster.invalid Wed Mar 8 03:09:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 06:10:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: someone wrote: > Our internet site - > Where we find suitable quality sites, with a contact us, or enquiries > email, we email them to invite them to list with us. Clearly this is going to cause huge problems for your mailserver. You are mass mailing unsolicited emails to the mailto/s you find on websites. That is exactly what spammers do. > For administrative efficiency, we send these emails once a week. Total > volume is somewhere between 1,000 and 3,000 emails. This is the volume and frequency of your unsolicited mail campaign. Spam campaign. > And this seems to > trigger spam cop Spamcop isn't 'triggered' by your mail volume fluctuations. Spamcop's blocklisting is triggered by the reporters who are reporting spam - whether those reporters are people or spamtraps whose addresses you scraped from the websites. > By the > time we receive bounced emails saying the IP address is blocked by > Spam Cop, the block has always been removed. SpamCop doesn't block mail. SpamCop is a parsing and reporting service. That service maintains a list of spamsources. Recipients use servers which use the SC blocklist to defend themselves against the unsolicited mail/spam which spamsources have become listed, as yours does. > We do not consider we are spamming Spammers never consider /their/ spam to be spam. Spammers are always thinking spam is someone else's spam. Your spam is spam. Your unsolicited mail is spam. Just because your campaign finds exposed mailto/s and similar on a website doesn't mean that the site has given you permission to email them about whatever you are promoting. Just because you are promoting a listing on your site and you think everyone wants it doesn't mean that you have any right to spam people about it. > Is there any way of preventing Spam Cop from blocking us? No. You are spamming, you should be listed, and your mail provider should take away your mail account for mailing and your website provider should take away your website for supporting spamming. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Mar 8 12:23:09 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 8 06:25:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: > On Wed, 8 Mar 2006 09:58:23 -0000, someone coughed into spamcop and left > this in : > >> Is there any way of preventing Spam Cop from blocking us? On Wed, 8 Mar 2006 12:00:49 +0100, Steven Maesslein coughed into spamcop and left this in : > Yes. > > Stop spamming. Apologies for the self-f'up, but there's one detail I ought to expand on. Spamcop does not block your mail and could't do so even if it wanted to. Spamcop *is*, among other things, a list of IP addresses from which spam has been reported either by SpamCop's users or as a result of the spam hitting SpamCop's own spam traps. Third party networks can use this list of IP addresses in order to decide what they're going to do with inbound mail. If a machine attempting to deliver a message is on an IP address on the SpamCop BL then the network receiving the mail can choose to accept and then tag the message as potential spam, or even to reject the message outright. The point is, it's the networks to which you're sending your solicitations that are doing the rejecting, not SpamCop. This means that people have been reporting your solicitations as spam, or that you've been sending them to spam traps. This said, without the IP address in question, we have no way of knowing exactly what's going on. Your call. -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From jeffg at spamcop.net Wed Mar 8 06:29:16 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 8 06:35:04 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: Porpoise wrote: > "Jeff G." wrote in message > news:duj14i$4f9$1@news.spamcop.net... >> Anonymous wrote: >>> "Jeff G." wrote in message > >>> Good advice, but as written, RFC 2142 doesn't advise. It requires. >>> And, in my opinion, it does so without any justification. >> >> Please feel free to take that up with D. Crocker, the Internet Mail >> Consortium, and/or the Network Working Group of the Internet >> Engineering Task Force that drafted and approved RFC 2142, and to >> write your own version with fewer addresses or less stringent >> language. But until you get that RFC changed or obsoleted, you will >> be expected to comply with it. >> > > If and when it ever _actually_ becomes a standard - of > course................. OK, if you want to play that game, your MX mail.jtfreesurf.co.uk violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 Sections 6.3 and C.6 by not accepting email to postmaster[at]mail.jtfreesurf.co.uk. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Mar 8 06:41:32 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 8 06:45:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: "someone" wrote: Oh, I see, you can dish it out, but you can't take it? Chicken! OBTW, that's a real email address. Learn how to munge. > sites, with a contact us, or enquiries > email, we email them to invite them to list with us. IOW, you spam them. > Is there any way of preventing Spam Cop from blocking us? SpamCop does not block you. The SCBL lists your mailserver's IP Address. You can stop the listing by stopping your spamming ways. Please see "FAQ Entry: Am I Running Mailing Lists Responsibly?" at http://forum.spamcop.net/forums/index.php?showtopic=779 -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From redbourn at bezeqint.net Wed Mar 8 14:08:37 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Wed Mar 8 07:10:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: I am not an expert on this - so sorry :-( If I submit via my ISP then the emails don't get to SpamCop If I submit via a hotmail account then they arrive - just tried it 10 mins ago and it's repeatable. So yes I think that my ISP should be added - bezeqint.net Didn't see on the link how to add it ? I must 'add' however that some replies to my original posting were extremely aggresive ! Not 'flames' but close ! Why don't you know ? You should ! etc To those that posted in this way - please understand that many people posting are trying to stop spam (and are even very computer literate) but are not 'experts' in this field or in posting to newsgroups of this kind. thanks, Mike "WazoO" wrote in message news:dum3kc$vc5$1@news.spamcop.net... > "Michael Redbourn" wrote in message > news:dult1q$r6g$1@news.spamcop.net... >> Ok - here's the scoop. >> >> My ISP was dropping my emails to Spamcop. > > You say "was" .... does this mean that they have stopped? > > Or are you suggesting that bezeqint.net be added to the > list of ISPs currently found in; > "E-Mail spam submittals blocked by your ISP" > http://forum.spamcop.net/forums/index.php?showtopic=2782 > ?????? > > From MikeE at ster.invalid Wed Mar 8 04:19:51 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 07:20:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Michael Redbourn wrote: > I am not an expert on this - so sorry :-( You are top-posting again. It is better if you do /not/ begin typing right after you hit reply. What you are supposed to do after you hit 'reply' is to begin trimming and do not trim away the attribution line which contains the name of the person you are citing. Then you trim away all of the remarks which you aren't going to reply to, naturally that includes signatures. Notice that I left your name at the top, and I reply to your different sentences in different place and remove everything else. Then you place your remarks in context under those to which you are replying. That provides you a second chance to read the words to which you are replying. > To those that posted in this way - please understand that many people > posting are trying to stop spam (and are even very computer literate) > but are not 'experts' in this field or in posting to newsgroups of > this kind. Please understand that we are all trying to communicate with each other. Newsgroup communication is different from person to person conversation or telephone conversation and works best when it is 'structured' properly. http://members.fortunecity.com/nnqweb/nquote.html news.newusers.questions - Quoting Style in Newsgroup Postings - This document is a description of the traditionally accepted "quoting style" in Usenet newsgroup postings. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Mar 8 14:45:21 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 8 08:50:13 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: On Wed, 8 Mar 2006 14:08:37 +0200, Michael Redbourn coughed into spamcop and left this in : > I am not an expert on this - so sorry :-( Expert on what? There's no context above your reply. Please learn how to post. http://linux.sgms-centre.com/misc/netiquette.php -- Steve There is a theory which states that if ever anybody discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened. From nobody at spamcop.net Wed Mar 8 15:40:31 2006 From: nobody at spamcop.net (me-no-no) Date: Wed Mar 8 10:45:03 2006 Subject: [SpamCop-List] Re: Double login References: Message-ID: "Aviatrix" wrote in message news:dujhlr$evr$1@news.spamcop.net... > Patto wrote: >> When I go to tab Held Email I am already logged in, and I don't have to >> do it again. In fact every tab behaves that way, except Webmail. When I >> go there I have to login again - this time I have to type the full >> address and password, as this section does not keep it in a cookie. > Doesn't it? > It does for me.... It *used* to for me too - It suddenly disappeared a while back, and I have never been able to get it to remember the Webmail user/pw combi since :-( Anyone, able/care to elaborate on why it used to work, and/or i apparently still working for some ? Ciao Meno From jeffg at spamcop.net Wed Mar 8 10:58:10 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Mar 8 11:00:02 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: Maggie's Mom wrote: > Dear Sir/Madam, Hello! We are internet hackers crew - Web-hack. We Please do not post spam bodies or the clickable links therein to any group here but spamcop.spam. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From kenbrody at spamcop.net Wed Mar 8 11:25:34 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Mar 8 11:35:04 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why References: <440CB7BE.FBF83854@spamcop.net> <440DD28D.8A0CB6F7@spamcop.net> Message-ID: <440F057E.DEB2D194@spamcop.net> Mike Easter wrote: [...] > If we are going to talk about dissecting or parsing headerlines, let's > don't talk about partial lines. > > Let's talk about the whole spam from which you derived those lines. > > Post the tracking URL for the spam parsing of the spam which contained > the lines from which those two lines were extracted. We can't see SC > making a mistake in the parse if you don't post the tracker for the > parse. > > If you don't have a tracking URL, you make one by submitting the spam > which contains those lines, performing any necessary mungeing prior to > submission if it is not excessive, copying the tracking URL, cancelling > the report, and pasting the tracker in here. Yes, I should know better than to simply post two lines from the header. (Twenty lashes with a wet noodle for me.) http://www.spamcop.net/sc?id=z892850909z98f28be0e7d1769b2c3a28b19a79745az ========== [...] > Possible open relay: 64.31.80.65 > Yum, this spam is fresh! > Message is 0 hours old > 64.31.80.65 not listed in relays.ordb.org. [...] > If reported today, reports would be sent to: > Re: 64.31.80.65 (Automated open-relay testing system(s)) > > Internal spamcop handling: (relays) That's the IP address that got listed the other day. (It's currently not listed.) I have manually tested for an open relay, and my tests didn't show an open relay. When I tested this the other day, it also said "Possible open relay" and "Automated open-relay testing system(s)". Is there any reason that this should still be appearing? Shouldn't the tests have been complete by now, and either showed it is or isn't open? > > Re: 69.118.116.86 (Administrator of network where email originates) > > abuse@cv.net > > Re: 69.118.116.86 (Third party interested in email source) > > spamcop@imaphost.com Those IP addresses are me, the real source of this e-mail. ========== Once again, thanks for the help. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Wed Mar 8 11:29:18 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Mar 8 11:35:13 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: <440F065E.91C827D3@spamcop.net> someone wrote: [...] > Is there any way of preventing Spam Cop from blocking us? Well, given that SpamCop can't block you in the first place (unless the recipient is a SpamCop address), you can't prevent it. :-) However, if you were to give the actual message that you got by the other system (and it is this other system's administrator that has blocked you, not SpamCop, regardless of any message to the contrary in the bounce message), then someone here may be able to help explain what is going on. Without any specific information from you, no one can give you a specific answer. Finally, given that your e-mail basically says "we spam people", I'm not surprised that you are listed. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Wed Mar 8 09:20:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 12:20:03 2006 Subject: [SpamCop-List] Re: Server is listed, but SpamCop doesn't say why References: <440CB7BE.FBF83854@spamcop.net> <440DD28D.8A0CB6F7@spamcop.net> <440F057E.DEB2D194@spamcop.net> Message-ID: Kenneth Brody wrote: > Yes, I should know better than to simply post two lines from the > header. (Twenty lashes with a wet noodle for me.) > www.spamcop.net/sc?id=z892850909z98f28be0e7d1769b2c3a28b19a79745az That item doesn't contain those lines you mentioned before: Abbreviated Received tracelines *comment from unknown (192.168.1.101) by blade4.cesmail.net *serves you from (HELO fptech.com) (64.31.80.65) by mailgate.cesmail.net *serves you from mail by fptech.com *serves you from [216.154.195.36] (helo=mailgate.cesmail.net) by fptech.com *serves you from unknown (HELO epsilon.cesmail.net) (192.168.1.40) by mailgate.cesmail.net *serves you from (ool-45767456.dyn.optonline.net [69.118.116.86]) by webmail.spamcop.net *source, is you > When I tested this the other day, it also > said "Possible open relay" and "Automated open-relay testing > system(s)". Is there any reason that this should still be appearing? I don't know for sure, but I think that if you aren't mailhosted and SC is finding relays that it is going to consider them possibly open. > Shouldn't the tests have been complete by now, and either showed it > is or isn't open? As above. > Those IP addresses are me, the real source of this e-mail. Which is correct. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 8 09:30:46 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Mar 8 12:35:02 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: "someone" wrote in message news:dum9vh$3m1$1@news.spamcop.net... > Each week, our researchers ... visit hundreds of web stes ... to invite... > Where we find suitable quality sites, with a contact us, or enquiries > email, > we email them to invite them... > We do not consider we are spamming... > Is there any way of preventing Spam Cop from blocking us? Yes. All you need to do is to figure out a way to make sure that everyone you email agrees with your opinion that you are not spamming. Do that, and nobody will report you to Spamcop. Problem solved. Or you can keep doing what you are doing and discover the hard way that there are other blocklists that target persistent spammers and are a lot harder to get off of. Experience is a harsh teacher, but some people will accept no other. G.M. From porpoise1954 at yahoo.co.uk Wed Mar 8 18:14:19 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 8 13:15:01 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: "Steven Maesslein" wrote in message news:slrne0teb1.4oc.nobody@127.0.0.1... > On Wed, 8 Mar 2006 09:58:23 -0000, someone coughed into spamcop and left > this in : > >> Is there any way of preventing Spam Cop from blocking us? > > Yes. > > Stop spamming. > i.e. just email each one seperately! From tmcgraw at spamcop.net Wed Mar 8 10:26:05 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Mar 8 13:30:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked In-Reply-To: References: Message-ID: someone wrote: > Our internet site - is a human edited Internet directory. Each category > within the directory is a mini portal containing ranked sites, the latest > news releases, the latest blog releases, ranked applicable products (similar > to Froogle) and so on. > > Each week, our researchers create several new categories, and then visit > hundreds of web stes looking for suitable sites to invite to join the > directory category. > > Where we find suitable quality sites, with a contact us, or enquiries email, > we email them to invite them to list with us. Listing sites and products > within our directory is free. Sign up rates from these emails are extremely > high - between 20% and 45% of those who read the email, sign up within 24 > hours. > > For administrative efficiency, we send these emails once a week. Total > volume is somewhere between 1,000 and 3,000 emails. And this seems to > trigger spam cop as the mail volumes suddenly go up from a couple of dozen > support emails a day to a couple of thousand in an hour. By the time we > receive bounced emails saying the IP address is blocked by Spam Cop, the > block has always been removed. > > We do not consider we are spamming as we only target those directly > applciable to the category created and only those with an open invite to > email them on their web site. > > Is there any way of preventing Spam Cop from blocking us? Does the subject of your outbound mail have the term "link exchange"? From jg at coks.net Wed Mar 8 10:49:36 2006 From: jg at coks.net (jg) Date: Wed Mar 8 13:50:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/7/2006 6:06 PM Mike Easter scribbled: > jg wrote: >> Michael Redbourn > >>> Is it OK via OE to send multiple spams as one attachment ? >> do you mean as a function of OE? >> don't think so - and OE mangles attachments anyway... > > Wrong. OE is an excellent tool to use to submit by forward as > attachment or to use to copy and paste a spam with complete headers and > unrendered into the webparser. > > There is no mangling of attachments, whatever that means. > What was meant was problems with OL, not OE, your most excellent client. Since I don't use either one, I was only reporting what I see when I get mail from my clueless friends. Thought I had already been corrected here... From abuse at whathostingshould.be Wed Mar 8 13:55:54 2006 From: abuse at whathostingshould.be (Galen) Date: Wed Mar 8 14:00:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: In news:dum9vh$3m1$1@news.spamcop.net, someone had this to say: My reply is at the bottom of your sent message: > Is there any way of preventing Spam Cop from blocking us? Doesn't matter I don't think? If they stop adding you to the blacklist for spamming, well, they'd not be the SC I know. However someone else would. I know that if any of my sites got your UCE I'd add you to the blacklists manually after the second offense and there are quite a few email addresses that that would effect. Of course we'd just blackhole it via IP address and not bother bugging the folks at SC. Given the nature of the people I host I'd say that that would be the least of your worries. They aren't many but they're a idealistic group of folks and more than likely going to do stuff like 1) complain to me 2) complain to your hosting company 3) complain to your hosting company's data center 4) complain to your upstream bandwidth provider(s) 5) generally make it known that they're unhappy with your ways... Just my two cents. Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From nobody at spamcop.net Thu Mar 9 08:56:17 2006 From: nobody at spamcop.net (Anony Mouse) Date: Wed Mar 8 15:00:03 2006 Subject: [SpamCop-List] Re: Return to active duty References: <440E32DF.10908@spamcop.net> Message-ID: <440F36E1.4070809@spamcop.net> Petzl wrote: > "Anony Mouse" wrote in message > news:440E32DF.10908@spamcop.net... > >>Greetings All >> >>It has been a long time... >> >>Some spammers never learn and a recent growth of spam getting though my >>isp's filters and an attack by a residivist spammer means I am returning >>to active duty. >> >>Anony Mouse > > > Wondered where you went > Welcome back > > Petzl > > That four letter word work. Now I am retired at 46. From nobody at spamcop.net Thu Mar 9 09:04:22 2006 From: nobody at spamcop.net (Anony Mouse) Date: Wed Mar 8 15:05:03 2006 Subject: [SpamCop-List] Re: Return to active duty References: <440E32DF.10908@spamcop.net> Message-ID: <440F38C6.1050909@spamcop.net> Tim McGraw wrote: > Anony Mouse wrote: > >> Greetings All >> >> It has been a long time... >> >> Some spammers never learn and a recent growth of spam getting though >> my isp's filters and an attack by a residivist spammer means I am >> returning to active duty. >> >> Anony Mouse > > > Welcome back to the forward regiment. > > You can never cut and run from spam! That is true. I have still been keeping an eye on things. Now it is time to turn isp filtering off again and renew some old love hate relationships. That is I love to hate them. I note it was only January 2005 since I last posted here. Anyway let the fun begin... From MikeE at ster.invalid Wed Mar 8 12:53:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 15:55:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: > Mike Easter scribbled: >> jg wrote: >>> OE mangles attachments >> There is no mangling of attachments, > Thought I had already been corrected here... I read [pronounce reed] and reply to messages in chronological main thread/subject order, not by subthread order within a topic. I read [pronouce red] and replied to your message before I read the N. Miller message correcting your OE remark, which came chronologically later. On some rare occasions I could/should read all of the messages in a thread before replying to any of them, but that would be slightly less convenient. In this case I was away from the ng a few days, so maybe I should've done it differently. And I definitely don't care to discuss reading messages by thread/reference structure rather than chronologically by subject [except when the subject changes]. Unless someone *really* wants to debate the thread vs chronology issue. As far as I can tell, there are very few people who do it the same way I do -- so I don't have any real interest in trying to convert others. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 8 10:03:58 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Mar 8 16:25:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Porpoise" wrote in message news:dul3da$bdh$1@news.spamcop.net... > > "Jeff G." wrote in message > news:duj14i$4f9$1@news.spamcop.net... >> Anonymous wrote: >>> "Jeff G." wrote in message > >>> Good advice, but as written, RFC 2142 doesn't advise. It requires. >>> And, in my opinion, it does so without any justification. >> >> Please feel free to take that up with D. Crocker, the Internet Mail >> Consortium, and/or the Network Working Group of the Internet Engineering >> Task Force that drafted and approved RFC 2142, and to write your own >> version with fewer addresses or less stringent language. But until you >> get that RFC changed or obsoleted, you will be expected to comply with >> it. > > If and when it ever _actually_ becomes a standard - of > course................. That argument would be more compelling if not for the fact that so much of the Internet is based on RFCs, not standards. A quick look at http://www.dns.net/dnsrd/rfc/ will show this. Some RFCs are de-facto standards in the sense that your attempts to use some or all of the Internet will fail if you violate them. Some are near-universal and those who violate them cause a huge amount of trouble. Some are widely ignored and nobody complains about it. That's why every domain I control has a working abuse@ and postmaster@ address that a human reads and responds to, but none of them -- including the ones that sell things -- has a sales@ address. Yes, that is a technical violation of RFC 2142 but nobody cares. G.M. From Kilgallen at SpamCop.net Wed Mar 8 15:31:14 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Mar 8 16:35:03 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: In article , "Anonymous" writes: > Some RFCs are de-facto standards > in the sense that your attempts to use some or all of the Internet will fail > if you violate them. And some are reverse-standards such that the Internet will fail if you follow them. Such as the bit about sending back to the From address if email cannot be delivered. From redbourn at bezeqint.net Wed Mar 8 23:53:35 2006 From: redbourn at bezeqint.net (Michael Redbourn) Date: Wed Mar 8 16:55:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: "Mike Easter" wrote in message news:dumi4j$903$1@news.spamcop.net... > Michael Redbourn wrote: >> I am not an expert on this - so sorry :-( > > You are top-posting again. It is better if you do /not/ begin typing > right after you hit reply. > > What you are supposed to do after you hit 'reply' is to begin trimming > and do not trim away the attribution line which contains the name of the > person you are citing. Ok thank you - I will try to do better. I thought that top-posting meant - top of the thread. regards, Michael From MikeE at ster.invalid Wed Mar 8 14:38:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 17:40:04 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Michael Redbourn wrote: > "Mike Easter" >> What you are supposed to do after you hit 'reply' is to begin >> trimming and do not trim away the attribution line which contains >> the name of the person you are citing. > > Ok thank you - I will try to do better. Perfect. Thanks. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 8 17:29:27 2006 From: nobody at devnull.spamcop.net (Maggie's Mom) Date: Wed Mar 8 19:30:03 2006 Subject: [SpamCop-List] Re: what a nerve... References: Message-ID: Sorry! I did not know. - Maggie's Mom. "Jeff G." wrote in message news:dumuum$ghp$1@news.spamcop.net... > Maggie's Mom wrote: >> Dear Sir/Madam, Hello! We are internet hackers crew - Web-hack. We > > Please do not post spam bodies or the clickable links therein to any > group here but spamcop.spam. > > -- > Thanks and Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > From kthog at example.com Wed Mar 8 17:03:46 2006 From: kthog at example.com (K. Thog) Date: Wed Mar 8 19:50:03 2006 Subject: [SpamCop-List] A mailman opt-in plus confirmation mailing list is spam? Message-ID: When a user subscribes and then doesn't have the wherewithal to unsubscribe, he might decide to complain to SpamCop. Now a (potentially) legitimate discussion email list is blocked and there's no way to find out who it was or what email was included with the complaint. What's the solution? There's an impasse, unless details can be provided to the accused so their (now very annoyed) system administrators can take steps to deal with the issue. Comments much appreciated. From porpoise1954 at yahoo.co.uk Thu Mar 9 01:09:06 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 8 20:10:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Jeff G." wrote in message news:dumf83$6vi$1@news.spamcop.net... > Porpoise wrote: >> "Jeff G." wrote in message >> news:duj14i$4f9$1@news.spamcop.net... >>> >> >> If and when it ever _actually_ becomes a standard - of >> course................. > > OK, if you want to play that game, your MX mail.jtfreesurf.co.uk > violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 > Sections 6.3 and C.6 by not accepting email to > postmaster[at]mail.jtfreesurf.co.uk. That's probably because there are no MX records Jersey Telecom do not provide email services for their customers - only connection services. From porpoise1954 at yahoo.co.uk Thu Mar 9 01:09:57 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 8 20:15:02 2006 Subject: [SpamCop-List] Re: Double login References: Message-ID: "me-no-no" wrote in message news:dumtt0$g0t$1@news.spamcop.net... > "Aviatrix" wrote in message > news:dujhlr$evr$1@news.spamcop.net... >> Patto wrote: > >>> When I go to tab Held Email I am already logged in, and I don't have to >>> do it again. In fact every tab behaves that way, except Webmail. When I >>> go there I have to login again - this time I have to type the full >>> address and password, as this section does not keep it in a cookie. > >> Doesn't it? > >> It does for me.... > > It *used* to for me too - It suddenly disappeared a while back, and I have > never been able to get it to remember the Webmail user/pw combi since :-( > Anyone, able/care to elaborate on why it used to work, and/or i apparently > still working for some ? > Windows update!?! From porpoise1954 at yahoo.co.uk Thu Mar 9 01:21:45 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 8 20:25:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: "Mike Easter" wrote in message news:dung7j$qvv$1@news.spamcop.net... > > And I definitely don't care to discuss reading messages by > thread/reference structure rather than chronologically by subject > [except when the subject changes]. > > Unless someone *really* wants to debate the thread vs chronology issue. > As far as I can tell, there are very few people who do it the same way I > do -- so I don't have any real interest in trying to convert others. > Ermmm.... You know Mike, I don't even understand what you just sed there 8>|| My OE lists the threads chronologically. That is to say, they are threaded *and* chronological..... That is to say, they are listed chronologically with all the threads automagically expanded already...... Are you saying, you read all the "top-level" messages (unexpanded) first, and then expand the threads and read the replies??!!?? From porpoise1954 at yahoo.co.uk Thu Mar 9 01:28:46 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 8 20:30:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "K. Thog" wrote in message news:duntuq$39i$1@news.spamcop.net... > > When a user subscribes and then doesn't have the wherewithal to > unsubscribe, > he might decide to complain to SpamCop. > > Now a (potentially) legitimate discussion email list is blocked and > there's > no way to find out who it was or what email was included with the > complaint. > > What's the solution? There's an impasse, unless details can be provided to > the accused so their (now very annoyed) system administrators can take > steps to deal with the issue. > > Comments much appreciated. AFAIK one report from one user wouldn't be sufficient to get an IP listed. And, if you don't know who it was that "subscribed and then doesn't have the wherewithall to unsubscribe" how do you know that "a user subscribed and then didn't have the wherewithall to unsubscribe and might have complained to SpamCop" (whatever that means)? Of course, some people here might be able to help with a bit more useful information if you weren't expecting them to be using their crystal balls to determine what IP is actually under discussion. From nobody at spamcop.net Thu Mar 9 14:31:41 2006 From: nobody at spamcop.net (Anony Mouse) Date: Wed Mar 8 20:35:02 2006 Subject: [SpamCop-List] Spam filters are off. Message-ID: <440F857D.9080503@spamcop.net> Greetings All I have turn filtering off. The fun begins. Time to sort out the first targets. The Russians seem like the most likely targets. It seems that they have never stop attacking my inbox. As I am known to attack more than one target not just spammy gets my full attention. ICANN is still seen as a good target. Several years ago I began attacking this organisation. Vinton Cerf once said to me that he supports spammy. This really pissed me off and I set about making sure he did care and eventually the Whois reporting system was created. Obviously I was not the only one pushing ICANN. I think the Whois reporting system is not working. I think it is time to deal to ICANN again. The Senate is the key. The system needs to been tightened up and the registries need to be stopped from supporting spammy. Many registries support spammy. They know who they are. They make a lot of money from spammy. They ignore the losses through fraud. Spammies favourite trick is to register domains with stolen credit card information. My findings from past experience are that it takes far to long close domains. I am looking for comments from those who have been useing the Whois reporting system over the last year. By the way the last time I used the whois reporting system was 30/12/04. Who are the worst registries? I have spanked (For want of a better word) several of them before and I will again. Is anyone keeping track of the time it takes to close a domain? Can any one person make a differance? I think so and I think it is time to show spammy again. Without trying to sound arrogant I think I have made a differance in the past and will again. Certainly I have reduced the amount of spam in my inbox to virtually nil before. Finally something I have done in the past is to use pollitical clout through embassies in this coutry. Last time I was active I did not persue this much. It was effective at the time and I think it is time follow this avenue again. Anony Mouse From MikeE at ster.invalid Wed Mar 8 17:51:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 20:55:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: K. Thog wrote: > When a user subscribes and then doesn't have the wherewithal to > unsubscribe, he might decide to complain to SpamCop. That would be against the rules -- that is, if a person subscribed by a confirmed or verifiable by unique token opt-in to something like a mailing list, and then at some later time decided to report the mailing list items as spam. However, usually when some mailsender claims that the recipient has 'subscribed' -- the fact is that the sender has no such confirmed and verifiable unique token by which the subscription process was properly verified. That is, the sender is claiming the recipient is subscribed, but in fact the recipient is /not/ verifiably and confirmationally opted-in. > Now a (potentially) legitimate discussion email list is blocked and > there's no way to find out who it was or what email was included with > the complaint. While it is true that the reporting process does not 'directly' provide the recipient of the report with the address of the reporter, the 'appropriate' recipient of the report can dispute any notification. > What's the solution? There's an impasse, unless details can be > provided to the accused so their (now very annoyed) system > administrators can take steps to deal with the issue. The SpamCop derived notification recipient of a report receives a link to the evidence on which the report is based. The recipient of a report can dispute the veracity of a report -- that it should not have been reported as spam. If a spamcop reporter is 'fraudulently' or erroneously reporting as spam that which is not, the reporter can be banned, suspended, fined, or otherwise disciplined. The reporter is required to agree that: http://www.spamcop.net/anonsignup.shtml // If I break these rules, SpamCop will immediately and permanently revoke my access to SpamCop. I will use SpamCop only on email which is unsolicited, bulk email. // In addition, reporters are not supposed to report mailing list items -- there is a different process for that http://www.spamcop.net/fom-serve/cache/14.html // Some examples of messages which should not be reported as spam: Spam sent to mailing lists Spam sent to mail lists/groups must not be reported using SpamCop except by the list owner. // > Comments much appreciated. You haven't stated the IP address of what is at issue so that someone can comment on how/who/ what address/ SpamCop would notify about a reported item sourced by that IP. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Wed Mar 8 20:35:42 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Wed Mar 8 21:40:02 2006 Subject: [SpamCop-List] Re: Spam filters are off. References: <440F857D.9080503@spamcop.net> Message-ID: "Anony Mouse" wrote in message news:440F857D.9080503@spamcop.net... Was there a point to all of this beyond ego stroking? From vanguard.news at yahooNIX.com Wed Mar 8 20:39:41 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Wed Mar 8 21:40:10 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "K. Thog" wrote in message news:duntuq$39i$1@news.spamcop.net... > > When a user subscribes and then doesn't have the wherewithal to > unsubscribe, > he might decide to complain to SpamCop. > > Now a (potentially) legitimate discussion email list is blocked and > there's > no way to find out who it was or what email was included with the > complaint. > > What's the solution? There's an impasse, unless details can be provided to > the accused so their (now very annoyed) system administrators can take > steps to deal with the issue. SpamCop doesn't block anything. The mail recipient chose to use the SpamCop blacklist but obviously doesn't have to. There are LOTS of blacklists out there but obviously they aren't all used (I won't touch SPEWS which one day will end up listing the entire IP address range). How can a mailing list be legitimate if it doesn't have an unsubcribe function, either by sending the appropriate commands in the body to the listserver or by submitting a request to an admin? Obviously it is NOT a legitimate mailing list if a user that elected to participate cannot also elect to NOT participate any longer. Fix your mailing list! It's not SpamCop's fault nor responsibility to fix your mailing list server. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From MikeE at ster.invalid Wed Mar 8 19:03:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 8 22:05:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Porpoise wrote: > "Mike Easter" >> Unless someone *really* wants to debate the thread vs chronology >> issue. As far as I can tell, there are very few people who do it the >> same way I do -- so I don't have any real interest in trying to >> convert others. >> > > Ermmm.... You know Mike, I don't even understand what you just sed > there 8>|| > > My OE lists the threads chronologically. That is to say, they are > threaded *and* chronological..... That is to say, they are listed > chronologically with all the threads automagically expanded > already...... One important threading condition of OE is the configuration OE/ View/ Current view/ Group messages by conversation. I do not use that function. When that function or configuration is 'off' that means that OE does *not* use the References: information in the header to sort by. When I have that threading function turned off, that means that I sort by Subject, which 'secondarily' sorts by date - which means that a 'thread' - as long as the subject of the thread doesn't change - is sorted primarily by its subject and secondarily by its timestamp. That means that I read any given subject thread chronologically. The chronlogical order of a thread is different in many cases that the 'thread' order of a thread. The thread which we are discussing here has about 7 subthreads which can be seen in various forks if I group by conversation - where conversation in this context means grouping by References: header. For me, the thread has only one 'string' or sorting. The subject is sorted by timestamp. That is all. There are no 7 subthreads of References hierarchy. > Are you saying, you read all the "top-level" messages (unexpanded) > first, and then expand the threads and read the replies??!!?? I'm saying that there is no expanding or unexpanding. I have no expanding and unexpanding function in that mode. There is no Group by conversation. If you will access that feature on your OE and turn it off, you will see how I don't thread. Then, in order to solve any problem of total disorganization, you should sort by subject. When you sort by subject, you will discover that there is another order to the subjects. All of the messages with that subject will be in order chronologically. I have gotten deeply into these discussions in another newsgroup in the past, namely news.software.readers. At the time of that discussion, I believed that OE's threading method was 'broken' or inferior -- but since then I have discovered that all newsreaders thread by References: line the same -- and therefore it is my opinion that they are /all/ inferior -- that is, to my taste. I prefer to not sort by that hierarchy - but to sort purely by Subject primarily, to keep all of the items of a subject together, and then to put them in order by chronology -- not by References: to each other. I can tell about the References by how people are being cited. Of course, sometimes it happens that a particular thread will not maintain the same Subject. When the subject changes I have to shift over to Group by conversation to maintain the thread's order -- at least until the subject changing condition settles back down to the same subject again - then I will shift by out of Group by conversation to my normal ordering. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Wed Mar 8 22:10:24 2006 From: eddie at eddie.web (eddie) Date: Wed Mar 8 22:15:02 2006 Subject: [SpamCop-List] Re: "... Truncate" warning In-Reply-To: References: Message-ID: vanderdecker@hotmail.INVALID wrote: > Is there any way to have the pasted message automatically truncated, > avoiding the warning? I don't think so. If you truncate it yourself you would then have to add some kind of note and even that might be illegal. The only "major" modifications that we can make is to decrypt base64 spam and only then when a specific note is attached as dictated by SC. At least that was the rule a while ago. Otherwise you are allowed "minor" changes only, and I would assume truncating spam is not minor. I think that the warning is a minor thing. You should consider automatic reporting as I use, in which, I assume, the spam is truncated autormatically without a message. I submit nearly all my spam from the spamcop mail server directly to the spam reporting server. From nobody at spamcop.net Wed Mar 8 21:07:02 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Mar 9 00:10:02 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: On Wed, 8 Mar 2006 09:58:23 -0000, someone wrote: > Our internet site - is a human edited Internet directory. Each category > within the directory is a mini portal containing ranked sites, the latest > news releases, the latest blog releases, ranked applicable products (similar > to Froogle) and so on. > > Each week, our researchers create several new categories, and then visit > hundreds of web stes looking for suitable sites to invite to join the > directory category. I just got a connection attempt which initiated an SMTP transaction with "EHLO www-goto.com". Rejected for being listed by Spamhaus. On the one hand, I really don't think it is you; it came from an Indian provider. On the other hand, it seems like a similar service to yours. I don't run a web site, though I have a couple of PWPs. I don't do this for money, and don't care about being ranked by Google, and similar. I am also rude sort of guy, and don't want to hear from such services. I just plugged their /24 into my router ACL. They won't even raise my SMTP banner, now. I know that I am not the only person on the Internet who would do something like that. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jeffg at spamcop.net Wed Mar 8 23:59:41 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Mar 9 00:30:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: Mike Easter wrote: > Porpoise wrote: >> "Mike Easter" > >>> Unless someone *really* wants to debate the thread vs chronology >>> issue. As far as I can tell, there are very few people who do it the >>> same way I do -- so I don't have any real interest in trying to >>> convert others. >>> >> >> Ermmm.... You know Mike, I don't even understand what you just sed >> there 8>|| >> >> My OE lists the threads chronologically. That is to say, they are >> threaded *and* chronological..... That is to say, they are listed >> chronologically with all the threads automagically expanded >> already...... > > One important threading condition of OE is the configuration OE/ View/ > Current view/ Group messages by conversation. I do not use that > function. When that function or configuration is 'off' that means > that OE does *not* use the References: information in the header to > sort by. > > When I have that threading function turned off, that means that I sort > by Subject, which 'secondarily' sorts by date - which means that a > 'thread' - as long as the subject of the thread doesn't change - is > sorted primarily by its subject and secondarily by its timestamp. > > That means that I read any given subject thread chronologically. The > chronlogical order of a thread is different in many cases that the > 'thread' order of a thread. The thread which we are discussing here > has about 7 subthreads which can be seen in various forks if I group > by conversation - where conversation in this context means grouping by > References: header. > > For me, the thread has only one 'string' or sorting. The subject is > sorted by timestamp. That is all. There are no 7 subthreads of > References hierarchy. > >> Are you saying, you read all the "top-level" messages (unexpanded) >> first, and then expand the threads and read the replies??!!?? > > I'm saying that there is no expanding or unexpanding. I have no > expanding and unexpanding function in that mode. There is no Group by > conversation. If you will access that feature on your OE and turn it > off, you will see how I don't thread. Then, in order to solve any > problem of total disorganization, you should sort by subject. When > you sort by subject, you will discover that there is another order to > the subjects. All of the messages with that subject will be in order > chronologically. > > I have gotten deeply into these discussions in another newsgroup in > the past, namely news.software.readers. At the time of that > discussion, I believed that OE's threading method was 'broken' or > inferior -- but since then I have discovered that all newsreaders > thread by References: line the same -- and therefore it is my opinion > that they are /all/ inferior -- that is, to my taste. I prefer to > not sort by that hierarchy - but to sort purely by Subject primarily, > to keep all of the items of a subject together, and then to put them > in order by chronology -- not by References: to each other. I can > tell about the References by how people are being cited. > > Of course, sometimes it happens that a particular thread will not > maintain the same Subject. When the subject changes I have to shift > over to Group by conversation to maintain the thread's order -- at > least until the subject changing condition settles back down to the > same subject again - then I will shift by out of Group by > conversation to my normal ordering. I use OE to read this group, spamcop.mail, and other groups like spamcop.spam when the mood strikes me. In OE, I DO use "Group Messages by Conversation" because I like the way the messages are presented. I sort from newest thread on top to oldest on the bottom, and OE sorts to messages in a thread by subthread, and chronologically from oldest message on top to newest on the bottom. This allows me to easily read subthreads as cohesive units, easily follow what's going on by reading each new message from top to bottom in my window, and easily refer to parent conversations going much farther back than some people quote. This also allows me to spot new problems right up at the top as soon as I enter the group. Once my use of the spacebar gets me to a message I've already read (or the last new message before it), I use a [View] "Next Unread Message" Button or Ctrl+U to find new posts to old threads and subthreads. I will typically start drafting a reply to any message I feel like replying to, and then read all of the replies to that message before posting or discarding my reply. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From scamper at trisk.com Wed Mar 8 22:35:18 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Thu Mar 9 00:35:03 2006 Subject: [SpamCop-List] Re: Double login In-Reply-To: References: Message-ID: me-no-no wrote: > "Aviatrix" wrote in message > news:dujhlr$evr$1@news.spamcop.net... >> Patto wrote: > >>> When I go to tab Held Email I am already logged in, and I don't have to >>> do it again. In fact every tab behaves that way, except Webmail. When I >>> go there I have to login again - this time I have to type the full >>> address and password, as this section does not keep it in a cookie. > >> Doesn't it? > >> It does for me.... > > It *used* to for me too - It suddenly disappeared a while back, and I have > never been able to get it to remember the Webmail user/pw combi since :-( > Anyone, able/care to elaborate on why it used to work, and/or i apparently > still working for some ? That happened to me using the firefox browser a while ago. I managed to fix it by deleting the entries stored in the firefox password manager related to spamcop.net, then let firefox pick up the new info the next time I logged on. Haven't seen any further problems with that. > > Ciao > Meno > > Garen From AHaumer_gmxnet at nopspam.invalid Thu Mar 9 06:39:40 2006 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Thu Mar 9 00:40:02 2006 Subject: [SpamCop-List] Re: SC reporting down ? References: <440BD1EB.DC383C16@nopspam.invalid> Message-ID: <440FBF9C.C4C5DE7@nopspam.invalid> Redstone wrote: > > Anton Haumer wrote in > news:440BD1EB.DC383C16@nopspam.invalid: > > > sent a bunch of spam by mail about 6 hours ago, > > nothing happens ... is SC reporting down? > > What is it you are expecting to happen? An email from SC "SpamCop is now ready to process your spam." Toni From nobody at spamcop.net Wed Mar 8 23:29:35 2006 From: nobody at spamcop.net (RandallW) Date: Thu Mar 9 02:30:02 2006 Subject: [SpamCop-List] Domainsbyproxy Message-ID: Anyone have an opinion on this service? I sense irony that they claim they protect people from spammers, since THEY seem to allow spammers to use them! From edb2000 at spamcop.net Thu Mar 9 00:29:36 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu Mar 9 03:30:07 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Vanguard wrote: > How can a mailing list be legitimate if it doesn't have an unsubcribe > function, either by sending the appropriate commands in the body to the > listserver or by submitting a request to an admin? Obviously it is NOT > a legitimate mailing list if a user that elected to participate cannot > also elect to NOT participate any longer. Fix your mailing list! It's > not SpamCop's fault nor responsibility to fix your mailing list server. The O.P. stated that Gnu Mailman is the list management software in use. By default, Mailman automatically includes a clickable unsubscribe link in the email headers of every message sent out to the list. It also facilitates automatically including that information in the footer of every message sent to the list (and does so by default, although you can change the configuration so it does not). When an email address is submitted to be added to the list, Mailman sends a confirmation message to the address. The confirmation message contains a unique randomly-generated token which must be included in any response from the user in order to confirm the intention to subscribe. If the user does not respond to the confirmation message with the token, then after a timeout period the submission is dropped. No list email is sent to the user until and unless the confirmation token is sent back, or the unique confirmation URL link clicked on. After the confirmation is received back from the user, a welcoming message is automatically sent back which contains instructions for changing personal settings, unsubscribing, etc. This message usually says "Keep this for your records". Many users do not. That's their problem. But it's not important, because each and every email sent to the list contains much the same information in the headers and the footer, so even if the user tosses the Welcome message, the information is always right there. Each and every email message sent to list subscribers, who each had to go out of their way to confirm the subscription, does contain the information about how to unsubscribe from the mailing list. No matter how clearly this is spelled out to the user, there always will be some number of users who do not read. So, in the case of a properly run mailing list using the Gnu Mailman software to manage the list, I do strongly take issue with your knee-jerk statement "Fix your mailing list!". In such a case, it really *is* SpamCop's fault if a SC user reports a mailing list email from a list to which they did confirm their subscription, because they can't be bothered to unsubscribe like they're supposed to. This kind of misuse of SC should, according to the SC TOS, result in permanent banning of the user from SC. While it is possible to add email addresses to a Mailman-run list without the address owner positively confirming it, that is not the normal configuration. Mailman is designed to make it easy to run a mailing list responsibly, right out-of-the-box (well, out-of-the-zip-file). Using a list manager package such as Mailman is a likely indication of running a responsible list. It's irresponsible to jump down the O.P.'s throat without knowing the facts. How about asking for more information before flaming?? -- Don Wannit A paid SpamCop user since 1999 From caroljean52 at yahoo.com Thu Mar 9 02:28:14 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Thu Mar 9 04:30:03 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: "someone" : > For administrative efficiency, we send these emails once a week. Total > volume is somewhere between 1,000 and 3,000 emails. And I assume you're sending the same form letter to everybody. And I'm assuming that you want them to pay you to be listed in your directory. (Otherwise you'd just go ahead and include them.) Yep, I sure would report that as spam if I got one of your mailings. I do have a directory-type site myself (small scale hobby type though) and frequently get contacted by other webmasters about listing their site on mine. I'll use my directory of free recipe sites some specific examples. (Of course there are *so* many recipe sites out there that I am nowhere close to needing to go out of my way to search for things to include, so I'm in a bit different position than you are.) 1) A big travel agency wants me to list them because they offer restaurant tours around Southern California. The email is totally impersonal and was probably sent out the way yours are, a few thousand at a time. Not only are these bulk, but obviously their so-called targeting is way off the mark. Maybe they think "food is food" but I'm only interested in restaurant sites *if* they include some of their recipes online. (Most don't.) The travel agency doesn't even give me links to the restaurants--they're just selling tour packages. Yep, I'll report this one as spam. 2) At the opposite end of the spectrum are emails like one I received just today. A lady wrote telling me that she has posted some old public domain candy cookbooks on her site and thinks these would be of interest to me. This was a *personal message* from someone who very clearly did more than just glance at my site. She took the time to see that her new online content is *exactly* the sort of site I'm interested in including in my directory--and sure enough, she's getting a personal reply and a thank you from me. Of course there are lots of emails somewhere in the middle. I probably won't report them for spamming but I probably will just ignore and delete them... Maybe you should try having your staff who are out there looking for sites you want to contact write individual messages as they come across them rather than just collecting addresses by the hundreds. (Or do you just pay them by how many addresses they find for you--in which case you'll probably find your list isn't nearly as well targeted as you think it is!) Carol Pocatello, Idaho From redford_stone at INVERSE_OF_COLDmail.com Thu Mar 9 10:25:30 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Mar 9 05:30:03 2006 Subject: [SpamCop-List] Re: SC reporting down ? References: <440BD1EB.DC383C16@nopspam.invalid> <440FBF9C.C4C5DE7@nopspam.invalid> Message-ID: Anton Haumer wrote in news:440FBF9C.C4C5DE7@nopspam.invalid: > > An email from SC > "SpamCop is now ready to process your spam." > > Toni Oh okay.. you do the SpamCop-by-email reporting. With me, I use the web interface. And I did notice sluggish response Saturday and into Sunday. Funny though.. The weekend stats didn't show any particular heavy load. From g.hyde at bigpond.net.au Thu Mar 9 20:57:04 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Mar 9 06:00:03 2006 Subject: [SpamCop-List] Ignored Received line - and does amazon.net have an abuse address? Message-ID: http://www.spamcop.net/sc?id=z893355528z2e840845419455dd5a5f0c97cfacb319z In this particular spam email, the parser ignores one Received: line, and skips ahead to the next line in the "chain" - which it verifies is a chain. I'm not sure how to explain this, but isn't it possible that the chain got forged where SpamCop ignored the bad Received: line? Is there some hidden decoding sequence in the algorithm whereby SpamCop finds a mailserver really is chained through, even though a different mailserver could have stamped a bad Received: line in there? Also, is there a specific spam email abuse address for the people at amazon.com - the website the spam email was attempting to look like it is from? Cheers ... Geoffrey Hyde From gezgin at spamcop.net Thu Mar 9 15:03:15 2006 From: gezgin at spamcop.net (gezgin) Date: Thu Mar 9 08:05:03 2006 Subject: [SpamCop-List] Re: Ignored Received line - and does amazon.net have an abuse address? References: Message-ID: "Geoffrey Hyde" wrote > Also, is there a specific spam email abuse address for the people at > amazon.com - the website the spam email was attempting to look like it is > from? I use stop-spoofing@amazon.com However I believe they prefer the complete message with all the headers rather than SpamCop reports. (Like PayPal.) -- Bob http://www.kanyak.com From MikeE at ster.invalid Thu Mar 9 07:20:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 9 10:25:02 2006 Subject: [SpamCop-List] Re: Ignored Received line - and does amazon.net have an abuse address? References: Message-ID: Geoffrey Hyde wrote: spamcop.net/sc?id=z893355528z2e840845419455dd5a5f0c97cfacb319z Abbreviated Received tracelines *comment from mail.itbs.com.tw ([203.70.207.59]) by imta03ps.mx.bigpond.com *relay? from User (unknown [24.104.61.178]) by mail.itbs.com.tw *source? 24.104.61.178 rDNS www.resolve.org 203.70.207.59 rDNS se207059.nhri.org.tw mail.itbs.com.tw DNS 203.70.207.59 SC parse determines the source to be the resolve IP and 203 to be a relay MTA. The resolve lives in here: whois -h whois.arin.net 24.104.61.178 ... BLAZENET 24.104.0.0 - 24.104.159.255 abuse@blazenet.net RESOLVE 24.104.61.176 - 24.104.61.183 abuse@blazenet.net And there is a website for resolve - The National Infertility Association in Bethesda.since '74 http://www.resolve.org/site/PageServer I don't particularly like that result, even tho' 203 is a server, and my notify would be to the providers for both of those IPs because I don't think that /normal/ mail should be going from resolve thru' the .tw server. Senderbase shows the 203 to be an output server for nhri which is a .tw National Health Research Institutes with a website http://www.nhri.org.tw/index/eindex.php3 In addition, PSBL shows another spam just like this one, hitting a spamtrap. I think it would be better if a SC deputy would 'untrust' the .tw server so that the server will be shown as source, and potentially listed, which will cause whatever is wrong with the insecurity to get straightened out. > In this particular spam email, the parser ignores one Received: line, > and skips ahead to the next line in the "chain" - which it verifies > is a chain. I'm not sure how to explain this, but isn't it possible > that the chain got forged where SpamCop ignored the bad Received: > line? It is standard practice for lines which are not Received tracelines to be ignored. The tracelines are the Received: from lines, whereas the Received: by lines are not tracelines. That isn't what is going wrong in this parse. What is going wrong in this parse is that SC is trusting the .tw MTA to be a server, which it is. That results in the chain going back to the resolve IP. But, in my opinion, that mail handling should be normally handled otherwise and it isn't a 'healthy' handling between health related entities. > Is there some hidden decoding sequence in the algorithm whereby > SpamCop finds a mailserver really is chained through, even though a > different mailserver could have stamped a bad Received: line in there? The mechanism by which SC chains down from the top line to the bottom line in this issue is a normal algorithmic order. SC compares the upper from field IP with the lower by field domainname to determine their match and SC also considers the role of the IP and domainname to be a server in its experience, including whether or not the server has been sent to relay testers. All of that experience caused SC to judge the IP to be a server and for the chain to be intact. But my point is that it is a 'strange' chain that I don't like. > Also, is there a specific spam email abuse address for the people at > amazon.com - the website the spam email was attempting to look like > it is from? Here are amazon's instructions for that http://www.amazon.com/exec/obidos/tg/browse/-/15362281/002-6934330-9880069 Report Spoofed E-mails To Amazon.com -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Thu Mar 9 10:55:33 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Mar 9 11:20:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: <44104FF5.3B12F450@spamcop.net> Vanguard wrote: > > "K. Thog" wrote in message > news:duntuq$39i$1@news.spamcop.net... > > > > When a user subscribes and then doesn't have the wherewithal to > > unsubscribe, he might decide to complain to SpamCop. Well, as posted elsewhere, reporting legitimate e-mail is against SpamCop's rules, and can get the reported banned from SpamCop. [...] > How can a mailing list be legitimate if it doesn't have an unsubcribe > function, either by sending the appropriate commands in the body to the > listserver or by submitting a request to an admin? Obviously it is NOT a > legitimate mailing list if a user that elected to participate cannot also > elect to NOT participate any longer. Fix your mailing list! It's not > SpamCop's fault nor responsibility to fix your mailing list server. You've obviously never run a mailing list. There are plenty of legit mailing lists out there with people too stupid/lazy to unsubscribe when they decide they no longer want to receive it. Some people will simply post repeated "unsubscribe" e-mails to the list (which is how many lists _used_ to handle automated unsubscribes), and then complain that they still get mailings. Others will simply delete the messages for a while, and when they get tired of that, will start complaining. I have seen this on more than one list, even though the lists often add a link at the bottom of every message on how to unsubscribe or change your list options. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at devnull.spamcop.net Wed Mar 8 14:54:30 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Thu Mar 9 11:25:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Larry Kilgallen" wrote in message news:PgTGvGZd+vAZ@eisner.encompasserve.org... > In article , "Anonymous" > writes: > >> Some RFCs are de-facto standards >> in the sense that your attempts to use some or all of the Internet will >> fail >> if you violate them. > > And some are reverse-standards such that the Internet will fail if you > follow them. Such as the bit about sending back to the From address > if email cannot be delivered. Excellent example! That one has the double badness of being something that seems reasonable if you don't give it too much thought. Make that triple badness; it also worked just fine when there were only a hundred or so geeks using email and testing various "features." Guy M. From jg at coks.net Thu Mar 9 08:43:52 2006 From: jg at coks.net (jg) Date: Thu Mar 9 11:45:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: On 3/9/2006 12:29 AM Don Wannit scribbled: > The O.P. stated that Gnu Mailman is the list management software in use. > By default, Mailman automatically includes a clickable unsubscribe link > in the email headers of every message sent out to the list. It also > facilitates automatically including that information in the footer > of every message sent to the list (and does so by default, although > you can change the configuration so it does not). > Just in passing, Dave, I did not see Mailman mentioned in the thread - might I have lost a message? From jg at coks.net Thu Mar 9 08:50:51 2006 From: jg at coks.net (jg) Date: Thu Mar 9 11:50:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/8/2006 12:53 PM Mike Easter scribbled: ...I don't have any real interest in trying to convert others. > what a difference a few days makes... From MikeE at ster.invalid Thu Mar 9 09:10:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 9 12:10:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: > Mike Easter scribbled: > ...I don't have any real interest in trying to convert others. > what a difference a few days makes... I don't have any interest in trying to convert others in how they sort or thread news messages for /themselves/ as they read them. I /do/ have an interest in converting others to clarified and egalilitarian and effectively structured newsgroup posting to /others/ in the form of trimmed and contextualized. How you organize your desk doesn't affect our conversation here, but how we work together to meaningfully and clearly order our interaction together does. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Thu Mar 9 17:16:45 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 9 12:20:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "Don Wannit" wrote in message news:duop1h$jmq$1@news.spamcop.net... > > Using a list manager package such as Mailman is a likely > indication of running a responsible list. It's irresponsible > to jump down the O.P.'s throat without knowing the facts. > > How about asking for more information before flaming?? Perhaps the problem lies with the submission form itself rather than the maillist software. If it's susceptible to allowing bots to auto-submit adresses, then it's highly probable that it will end up hitting spamtraps. You need to ensure that addresses can only be submitted by humans. From porpoise1954 at yahoo.co.uk Thu Mar 9 17:24:54 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 9 12:30:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: "Mike Easter" wrote in message news:duo5t5$8ok$1@news.spamcop.net... > Of course, sometimes it happens that a particular thread will not > maintain the same Subject. When the subject changes I have to shift > over to Group by conversation to maintain the thread's order -- at least > until the subject changing condition settles back down to the same > subject again - then I will shift by out of Group by conversation to my > normal ordering. Ah well..... Each to their own... 8>) From nobody at spamcop.net Thu Mar 9 17:28:47 2006 From: nobody at spamcop.net (me-no-no) Date: Thu Mar 9 12:30:13 2006 Subject: [SpamCop-List] Re: Can we stop our email keeps getting blocked References: Message-ID: "N. Miller" wrote in message news:whkdb5lquc3e$.dlg@news.spamcop.net... > I just got a connection attempt which initiated an SMTP transaction with > "EHLO www-goto.com". Rejected for being listed by Spamhaus. On the one > hand, I really don't think it is you; > it came from an Indian provider. Meet - Somnath Bharti - A very unsavoury character - to put it mildly ! http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Topsites%20/%20Somnath%20Bharti%20/%20Madgen%20Solutions ( http://tinyurl.com/zwlkd ) Full details of scams, tactics & more at:- http://www.dynamoo.com/diary/topsites_topsitez_us.htm ( http://tinyurl.com/skpv ) Ciao Meno From vanguard.news at yahooNIX.com Thu Mar 9 11:44:54 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu Mar 9 12:45:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "Don Wannit" wrote in message news:duop1h$jmq$1@news.spamcop.net... > Vanguard wrote: >> How can a mailing list be legitimate if it doesn't have an unsubcribe >> function, either by sending the appropriate commands in the body to the >> listserver or by submitting a request to an admin? Obviously it is NOT a >> legitimate mailing list if a user that elected to participate cannot also >> elect to NOT participate any longer. Fix your mailing list! It's not >> SpamCop's fault nor responsibility to fix your mailing list server. > > The O.P. stated that Gnu Mailman is the list management software in use. > By default, Mailman automatically includes a clickable unsubscribe link > in the email headers of every message sent out to the list. It also > facilitates automatically including that information in the footer > of every message sent to the list (and does so by default, although > you can change the configuration so it does not). I misread the OP's post. I thought "user ... doesn't have the wherewithal to unsubscribe" meant that there was no option presented or available to the recipient to remove themself from the mailing list. I guess it meant the user was too stupid to figure out how to unsubscribe. From vanguard.news at yahooNIX.com Thu Mar 9 11:49:25 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu Mar 9 12:50:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "jg" wrote in message news:duplqh$5a8$1@news.spamcop.net... > On 3/9/2006 12:29 AM Don Wannit scribbled: > > > >> The O.P. stated that Gnu Mailman is the list management software in use. >> By default, Mailman automatically includes a clickable unsubscribe link >> in the email headers of every message sent out to the list. It also >> facilitates automatically including that information in the footer >> of every message sent to the list (and does so by default, although >> you can change the configuration so it does not). >> > > Just in passing, Dave, I did not see Mailman mentioned in the thread - > might I have lost a message? Not in the body of the message but it is mentioned in the Subject header. However, I'm not familiar with bulk mailers so it didn't mean anything to me, especially since it was not capitalized to present the word as a noun. jg figures the OP was talking about GNU Mailman (http://www.gnu.org/software/mailman/index.html). -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From newspost at deletethispart.hypercreations.com Thu Mar 9 18:05:50 2006 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Thu Mar 9 13:10:03 2006 Subject: [SpamCop-List] Re: Domainsbyproxy References: Message-ID: "RandallW" wrote in news:duolgu$hnr$1@news.spamcop.net: > Anyone have an opinion on this service? I sense irony that they claim > they protect people from spammers, since THEY seem to allow spammers > to use them! They're really GoDaddy. And yes, they do indeed allow spammers to hide behind their anonymous domain registrations....I've got proof. I've been in touch with the President's Office at GoDaddy over this and they've not taken any action against the offenders. DT From spamcop at 1bigthink.com Thu Mar 9 13:14:34 2006 From: spamcop at 1bigthink.com (spamcop) Date: Thu Mar 9 13:14:45 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: <6.2.3.4.0.20060309131246.05a4f838@mxt.1bigthink.com> At 12:49 PM 3/9/2006, you wrote: >"jg" wrote in message news:duplqh$5a8$1@news.spamcop.net... >>On 3/9/2006 12:29 AM Don Wannit scribbled: >> >> >> >>>The O.P. stated that Gnu Mailman is the list management software in use. >>>By default, Mailman automatically includes a clickable unsubscribe link >>>in the email headers of every message sent out to the list. It also >>>facilitates automatically including that information in the footer >>>of every message sent to the list (and does so by default, although >>>you can change the configuration so it does not). >> >>Just in passing, Dave, I did not see Mailman mentioned in the thread - >>might I have lost a message? > > >Not in the body of the message but it is mentioned in the Subject >header. However, I'm not familiar with bulk mailers so it didn't >mean anything to me, especially since it was not capitalized to >present the word as a noun. jg figures the OP was talking about GNU >Mailman (http://www.gnu.org/software/mailman/index.html). Of course you realize that any Outlook/Outlook Express user is not going to be able to see this because Microsoft hides all the header information and changes the name of the label within the menus and changes the menus within it's held from version to version! Can you tell I HATE Outlook/Outlook Express? From porpoise1954 at yahoo.co.uk Thu Mar 9 18:58:45 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 9 14:00:04 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "spamcop" wrote in message news:mailman.21.1141928087.16519.spamcop-list@news.spamcop.net... > At 12:49 PM 3/9/2006, you wrote: > >>"jg" wrote in message news:duplqh$5a8$1@news.spamcop.net... >>>On 3/9/2006 12:29 AM Don Wannit scribbled: >>> >> >>Not in the body of the message but it is mentioned in the Subject header. >>However, I'm not familiar with bulk mailers so it didn't mean anything to >>me, especially since it was not capitalized to present the word as a noun. >>jg figures the OP was talking about GNU Mailman >>(http://www.gnu.org/software/mailman/index.html). > > Of course you realize that any Outlook/Outlook Express user is not going > to be able to see this because Microsoft hides all the header information > and changes the name of the label within the menus and changes the menus > within it's held from version to version! He said Subject header. Which of course *is* displayed. Along with: From: Reply-To: Organisation: Date: Newsgroup: Subject: And if you want to see the Internet Headers it's quite easy to do that too: Path: news.spamcop.net!not-for-mail From: spamcop Newsgroups: spamcop Subject: Re: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? Date: Thu, 09 Mar 2006 13:14:34 -0500 Organization: SpamCop Lines: 31 Message-ID: References: Reply-To: Mailing list to mirror the spamcop newsgroup NNTP-Posting-Host: localhost.news.spamcop.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed; x-avg-checked=avg-ok-766C70DA X-Trace: news.spamcop.net 1141928087 9999 127.0.0.1 (9 Mar 2006 18:14:47 GMT) X-Complaints-To: news@news.spamcop.net NNTP-Posting-Date: Thu, 9 Mar 2006 18:14:47 +0000 (UTC) To: Mailing list to mirror the spamcop newsgroup Return-Path: Delivered-To: mailman-spamcop-list@news.spamcop.net X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on blade1 X-Spam-Level: X-Spam-Status: hits=0.0 tests=none version=3.1.0 X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 In-Reply-To: X-1bigthink.com-MailScanner-Information: Please contact dnsadmin-at-1bigthink.com for more information X-1bigthink.com-MailScanner: Found to be clean X-1bigthink.com-MailScanner-SpamCheck: not spam X-1bigthink.com-MailScanner-From: spamcop@1bigthink.com X-BeenThere: spamcop-list@news.spamcop.net X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mailing list to mirror the spamcop newsgroup List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: news.spamcop.net spamcop:155441 From gordon at usenet2.hostroute.co.uk Thu Mar 9 20:05:00 2006 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Thu Mar 9 15:10:03 2006 Subject: [SpamCop-List] Re: Domainsbyproxy References: Message-ID: "D. T." wrote in message news:Xns97817138DE2A1newsaddresshypercrea@216.154.195.61... > "RandallW" wrote in > news:duolgu$hnr$1@news.spamcop.net: > >> Anyone have an opinion on this service? I sense irony that they claim >> they protect people from spammers, since THEY seem to allow spammers >> to use them! > > They're really GoDaddy. And yes, they do indeed allow spammers to hide > behind their anonymous domain registrations....I've got proof. I've been > in > touch with the President's Office at GoDaddy over this and they've not > taken any action against the offenders. > I refuse point plank to provide a domain "privacy service". Most of the customers who ask for this service are up to something in my experience. From nobody at devnull.spamcop.net Thu Mar 9 09:11:01 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Thu Mar 9 17:35:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Porpoise" wrote... > > "Jeff G." wrote... > >> OK, if you want to play that game, your MX mail.jtfreesurf.co.uk >> violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 >> Sections 6.3 and C.6 by not accepting email to >> postmaster[at]mail.jtfreesurf.co.uk. > > That's probably because there are no MX records Not according to DNS Report: http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk Error: At least one of your MX records points to an IP address that is not a public IP. The problem IP(s) are: 127.0.0.1 If you don't have a mailserver, there should be no MX record at all, not a bogus MX record to an unroutable IP address. You also have your Start of Authority (SOA) that says that your master (primary) name server is set to localhost. That's wrong too. There is another problem, but it is your ISPs fault (unless you are running your own nameserver). ns2.jtibs.net [212.9.0.136] and ns1.jtibs.net [212.9.0.135] are open DNS servers that do recursive lookups for domains they are not authoritative for. This is a Bad Thing because it can be used in a DOS attack. The attacker sends a bunch of large forged UDP "fire and forget" packets that are queries for the victims host, and with a long TTL. The open nameserver then starts hammering the victim from its cache - an amplification attack. Get a bunch of zombies to trigger a bunch of open nameservers and you can do some real damage. G.M. (G u y M a c o n) From g.hyde at bigpond.net.au Fri Mar 10 09:05:14 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Mar 9 18:10:03 2006 Subject: [SpamCop-List] "Cannot send mail to SMTP service" error when sending report. Message-ID: http://www.spamcop.net/sc?id=z893753714z156a6ca5be3da686cd401733c261a66az An error that was like the one in the title happened when I tried to send this SpamCop report. What does it mean, and does it mean I need to refile the report, or will SpamCop automatically try to complete the reporting process itself? Cheers ... Geoffrey Hyde From porpoise1954 at yahoo.co.uk Thu Mar 9 23:10:49 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 9 18:15:06 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Anonymous" wrote in message news:duqaf0$jpa$1@news.spamcop.net... > > "Porpoise" wrote... >> >> "Jeff G." wrote... >> >>> OK, if you want to play that game, your MX mail.jtfreesurf.co.uk >>> violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 >>> Sections 6.3 and C.6 by not accepting email to >>> postmaster[at]mail.jtfreesurf.co.uk. >> >> That's probably because there are no MX records > > Not according to DNS Report: > http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk > Error: At least one of your MX records points to an IP address that > is not a public IP. The problem IP(s) are: 127.0.0.1 > > If you don't have a mailserver, there should be no MX record at all, > not a bogus MX record to an unroutable IP address. > > You also have your Start of Authority (SOA) that says that your > master (primary) name server is set to localhost. That's wrong too. > > There is another problem, but it is your ISPs fault (unless you are > running your own nameserver). ns2.jtibs.net [212.9.0.136] and > ns1.jtibs.net [212.9.0.135] are open DNS servers that do recursive > lookups for domains they are not authoritative for. > > This is a Bad Thing because it can be used in a DOS attack. > The attacker sends a bunch of large forged UDP "fire and forget" > packets that are queries for the victims host, and with a long TTL. > The open nameserver then starts hammering the victim from its > cache - an amplification attack. Get a bunch of zombies to > trigger a bunch of open nameservers and you can do some real damage. > Try reading that page again: ************* OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records). NOTE: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you. In the past, mailservers would usually re-try E-mail for up to 48 hours. But many now only re-try for a couple of hours. If your primary mailserver is very reliable (or can be fixed quickly if it goes down), having just one mailserver may be acceptable. OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current data). The reverse DNS entries are: 1.0.0.127.in-addr.arpa localhost. [TTL=86400] ERROR: I could not complete a connection to any of your mailservers!localhost: Timed out [Last data sent: [Did not connect]]If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail may work fine in this case but you will need to use testing tools specifically designed for such situations. ********* All of which is because there is no public mailservice - the 1 MX is internal (which is why it's 1.0.0.127) to the telco to which it belongs i.e. Jersey Telecoms. Who, as I have previously stated, do not provide mail services - only internet access. From eddie at eddie.web Thu Mar 9 18:19:00 2006 From: eddie at eddie.web (eddie) Date: Thu Mar 9 18:20:03 2006 Subject: [SpamCop-List] Re: "Cannot send mail to SMTP service" error when sending report. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z893753714z156a6ca5be3da686cd401733c261a66az > > An error that was like the one in the title happened when I tried to send > this SpamCop report. What does it mean, and does it mean I need to refile > the report, or will SpamCop automatically try to complete the reporting > process itself? > > > Cheers ... > > Geoffrey Hyde > > > I have the same error. I have seen it before, on occasion. It appears that no reports are beomg sent, since they are still in the que, so I suggest waiting and resubmitting. I trust that your message and my reply will alert someone that the system is broken. From johnl at in.newsgroup.only Thu Mar 9 23:25:33 2006 From: johnl at in.newsgroup.only (JohnL) Date: Thu Mar 9 18:30:02 2006 Subject: [SpamCop-List] Re: "Cannot send mail to SMTP service" error when sending report. References: Message-ID: eddie wrote in news:duqd5c$lno$1@news.spamcop.net: > I trust that your message and my reply will alert someone that the > system is broken. Appears to be working again now. From nobody at spamcop.net Thu Mar 9 20:36:11 2006 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Thu Mar 9 18:35:02 2006 Subject: [SpamCop-List] Re: "Cannot send mail to SMTP service" error when sending report. References: Message-ID: "Geoffrey Hyde" wrote in message news:duqcbb$l5g$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z893753714z156a6ca5be3da686cd401733c261a66az > > An error that was like the one in the title happened when I tried to send > this SpamCop report. What does it mean, and does it mean I need to refile > the report, or will SpamCop automatically try to complete the reporting > process itself? I'm getting it for hours for any message, whether I click on direct links returned by SC after forwarding spam or by logging in the site and following the REPORT SPAM link. The exact message I get is: Cannot send mail:smtpOpen: connect to smtp server failed (Connection refused) Leave this page open and try 'reload' in a few minutes C. -- Claudio Valderrama C. SW developer, consultant. http://www.cvalde.net - http://www.firebirdsql.org From nobody at spamcop.net Thu Mar 9 20:36:35 2006 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Thu Mar 9 18:35:09 2006 Subject: [SpamCop-List] Re: Domainsbyproxy References: Message-ID: "RandallW" wrote in message news:duolgu$hnr$1@news.spamcop.net... > Anyone have an opinion on this service? I sense irony that they claim they > protect people from spammers, since THEY seem to allow spammers to use them! I purchased it when I got my domain two years ago because I was tired of spammers getting my real info from the whois server. Since I run a free tech site, I wanted to minimize the effort fighting spam. But I agree that some people may be using it in the other direction: to hide their contact data because they want to do illegal activities. I finally abandoned godaddy for three reasons: - I'm morally upset with some opinions in Bob Parsons' web - They decided to cache your CC information. Gosh, amazon and paypal already have my CC and I don't want to raise the risk: the more sites that have your full payment info, the more likely someone can break just one of those sites and get the CC information. - I discovered that the domainsbyproxy service doesn't work as SC filters or the filters offered by netaddress.com (where I pay for an account). You will see that GoDaddy filters stop almost everything. When I tried to transfer my domain away from godaddy, I had to confirm a message the new registrar sent. Even after disabling completely domainsbyproxy filters, the message didn't come. I had to cancel to service and bingo: the new registrar really was sending the confirmation message. Then I became paranoid and assumed something is going beyond mere antispam filters. To show you their filters are effective, they block anything. I even was unable to send myself a message through domainsbyproxy because it never reached me. Does that tell you something? Further, they make hard for you to report spammer's activity. C. -- Claudio Valderrama C. SW developer, consultant. http://www.cvalde.net - http://www.firebirdsql.org From kthog at example.com Thu Mar 9 15:51:52 2006 From: kthog at example.com (K. Thog) Date: Thu Mar 9 18:40:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Vanguard wrote: > Not in the body of the message but it is mentioned in the Subject header. > However, I'm not familiar with bulk mailers so it didn't mean anything to > me, especially since it was not capitalized to present the word as a noun. > jg figures the OP was talking about GNU Mailman > (http://www.gnu.org/software/mailman/index.html). Yes, I was talking about GNU MailMan. Or Mailman. Or however the GNU mailing list manager is supposed to be referred. From g.hyde at bigpond.net.au Fri Mar 10 09:38:35 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Mar 9 18:40:08 2006 Subject: [SpamCop-List] UPDATE Re: "Cannot send mail to SMTP service" error when sending report. References: Message-ID: Update: System has for reasons not known to me apparently cancelled this spam message. If it is possible, I would like this spam message to be reported "as-is" if it can be determined by a Deputy that the report(s) should go through. Cheers ... Geoffrey Hyde "Geoffrey Hyde" wrote in message news:duqcbb$l5g$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z893753714z156a6ca5be3da686cd401733c261a66az > > An error that was like the one in the title happened when I tried to send > this SpamCop report. What does it mean, and does it mean I need to refile > the report, or will SpamCop automatically try to complete the reporting > process itself? > > > Cheers ... > > Geoffrey Hyde > > > From kthog at example.com Thu Mar 9 16:07:47 2006 From: kthog at example.com (K. Thog) Date: Thu Mar 9 18:55:05 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Vanguard wrote: > SpamCop doesn't block anything. The mail recipient chose to use the > SpamCop > blacklist but obviously doesn't have to. There are LOTS of blacklists out > there but obviously they aren't all used (I won't touch SPEWS which one > day will end up listing the entire IP address range). That's a question of pedantics. If you want to be pedantic about it, here you go: the many *participating* server admins who *consult* SpamCop's RBL are the ones blocking email. I know SpamCop has to make the distinction for legal reasons; now, why are you doing it? On the other hand, now that you know I know precisely what you meant, and now that you know that I am perfectly aware of how RBLs operate, I will continue to use the colloquial form and you will now know that I am not simply ignorant of the technicalities involved, since pedantics no longer need apply to that facet of our discussion. Fair enough? > How can a mailing list be legitimate if it doesn't have an unsubcribe > function, either by sending the appropriate commands in the body to the > listserver or by submitting a request to an admin? Obviously it is NOT a A GNU Mailman mailing list is not a legitimate mailing list? :-) That's a pretty snap judgement on your part. What happens when a user simply chooses not to unsubscribe from a normal mailman mailing list, and instead decides to report it to SpamCop as spam? I would hope that SpamCop's detection routines will find the list-management features in the header and reject the complaint as illegitimate... or at least notify the owner of the complaint.. Right? I mean, for less than 10 complaints, wouldn't it be better to act as a facilitator rather than a massive retaliatory strikeforce that could be impacting legitimate, non-spam business operations? I'll tell you what happens then: businesses with savvy admins will be forced to build a chain of differently-purposed IP addresses to ensure that important one-on-one communications don't get blocked by lazy users and an over-zealous blacklist like SpamCop. SpamCop will be factored into the cost of doing business and then.. ignored. > legitimate mailing list if a user that elected to participate cannot also > elect to NOT participate any longer. Fix your mailing list! It's not > SpamCop's fault nor responsibility to fix your mailing list server. Of course it isn't, and I wasn't implying that it was. On the other hand, it *is* SpamCop's responsibility to at least do rudimentary verification of the accuracy of the reports. So long as SpamCop is saying they've done that duty, then great. I have no problem. For the record, I was one of the most fervent supporters of ORBS (and then ORBZ) until they shut down, of the MAPS RBL, of all blacklists. However, we all measure our success rate in terms of acceptable collateral damage, and *your* default-guilty stance goes against simple legal and moral principle. You should work hard to *minimize* collateral damage, and deal with outsiders who are otherwise trying to find out what's going on. So what is the point of me posting here and going to great lengths to establish temporary credibility as a savvy user? My point is I'd like to find out what SpamCop's stance towards outsiders like myself is so I can decide whether to cooperate with the company or simply take measures so I'll never become collateral damage in the future. From porpoise1954 at yahoo.co.uk Fri Mar 10 00:02:37 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 9 19:05:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "K. Thog" wrote in message news:duqf1i$m41$2@news.spamcop.net... > Vanguard wrote: > >> SpamCop doesn't block anything. The mail recipient chose to use the >> SpamCop >> blacklist but obviously doesn't have to. There are LOTS of blacklists >> out >> there but obviously they aren't all used (I won't touch SPEWS which one >> day will end up listing the entire IP address range). > **RANT SNIPPED for brevity** Did you ensure the security of the web-submittal form? Or is it, perhaps open to abuse by bots, and therein lies your problem? (If bots are able to auto-optin loads of addresses automatically). If you use a web-form method for subscription, it needs to be implimented in such a way that only a human manually inputting the address is able to subscribe the address to the list in the first place. Here's a useful link with info on how to make forms secure against bots: http://phpsec.org/articles/2005/text-captcha.html From bar_n0ne at hotmail.com Thu Mar 9 18:44:47 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu Mar 9 19:45:03 2006 Subject: [SpamCop-List] Re: "Cannot send mail to SMTP service" error when sending report. References: Message-ID: "Claudio Valderrama C." wrote in message news:duqduh$mdl$1@news.spamcop.net... > "Geoffrey Hyde" wrote in message > news:duqcbb$l5g$1@news.spamcop.net... > > http://www.spamcop.net/sc?id=z893753714z156a6ca5be3da686cd401733c261a66az > > > > An error that was like the one in the title happened when I tried to send > > this SpamCop report. What does it mean, and does it mean I need to refile > > the report, or will SpamCop automatically try to complete the reporting > > process itself? > > I'm getting it for hours for any message, whether I click on direct links > returned by SC after forwarding spam or by logging in the site and following > the REPORT SPAM link. The exact message I get is: > > Cannot send mail:smtpOpen: connect to smtp server failed (Connection > refused) > Leave this page open and try 'reload' in a few minutes > > C. > -- > Claudio Valderrama C. > SW developer, consultant. > http://www.cvalde.net - http://www.firebirdsql.org > > Shit happens, Usually a system problem of some kind at SpamCop You may have noticed submission stats hit the floor if this persists (statistics page) ot on the forum pages From MikeE at ster.invalid Thu Mar 9 16:51:42 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 9 19:55:04 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: K. Thog wrote: > What happens when a user simply chooses not to unsubscribe from a > normal mailman mailing list, and instead decides to report it to > SpamCop as spam? That is supposed to be prevented by requiring the reporter to be aware of the rules under potential penalty of discipline and 'weeding out' problem reporters. > I would hope that SpamCop's detection routines will find the > list-management features in the header and reject the complaint as > illegitimate... No such detection mechanism. > or at least notify the owner of the complaint.. If you would say what IP we are talking about, someone can say how the SC notify would be made. Presently we are trying to talk about some theorectical mailing list server's IP address. Very often the admin of a server needs to make some arrangements with SC to be notified about a particular IP because the mechanism for the SC notify is to notify the regional internet registrar like arin's contact for the IP block. If SC were notifying the source provider for your news message it would be notifying abuse@telus.com based on the arin contact for Stentor whois -h whois.arin.net 142.179.100.170 ... OrgName: Stentor National Integrated Communications Network NetRange: 142.179.0.0 - 142.179.255.255 RAbuseEmail: abuse@telus.com in that particular case it is the same as the abuse.net contact for the bc.hsia.telus.net whois -h whois.abuse.net s142-179-100-170.bc.hsia.telus.net ... abuse@telus.net (for bc.hsia.telus.net) but it doesn't always work like that. > Of course it isn't, and I wasn't implying that it was. On the other > hand, it *is* SpamCop's responsibility to at least do rudimentary > verification of the accuracy of the reports. So long as SpamCop is > saying they've done that duty, then great. I have no problem. There is no such rudimentary or otherwise 'verification of the accuracy of the reports'. It is up to the entity which is receiving the report to verify if the report is accurate and to dispute those which are not. > My point is I'd like > to find out what SpamCop's stance towards outsiders like myself is so > I can decide whether to cooperate with the company or simply take > measures so I'll never become collateral damage in the future. SC's admins are very cooperative with the admins of servers and there is a whole section of the faq designed to facilitate communication and cooperation. http://www.spamcop.net/fom-serve/cache/75.html Help for abuse-desks and administrators -- Mike Easter kibitzer, not SC admin From abuse at whathostingshould.be Thu Mar 9 20:05:58 2006 From: abuse at whathostingshould.be (Galen) Date: Thu Mar 9 20:10:02 2006 Subject: [SpamCop-List] Re: Return to active duty References: <440E32DF.10908@spamcop.net> Message-ID: In news:440E32DF.10908@spamcop.net, Anony Mouse had this to say: My reply is at the bottom of your sent message: > Greetings All > > It has been a long time... > > Some spammers never learn and a recent growth of spam getting though > my isp's filters and an attack by a residivist spammer means I am > returning to active duty. > > Anony Mouse Any chance you're also the fella from the WHT forums or just a similar nick? Galen (a.k.a. KGIII) -- http://www.whathostingshould.be - We are what hosting SHOULD be. From MikeE at ster.invalid Thu Mar 9 17:15:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 9 20:15:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: K. Thog wrote: > What's the solution? What's the IP address in question? Until we start talking about a /real/ IP address we aren't talking about a real problem, just some noise making about some hypothetical vague undescribed non-problem. -- Mike Easter kibitzer, not SC admin From kthog at example.com Thu Mar 9 18:09:33 2006 From: kthog at example.com (K. Thog) Date: Thu Mar 9 20:55:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Porpoise wrote: > **RANT SNIPPED for brevity** > > Did you ensure the security of the web-submittal form? Or is it, perhaps > open to abuse by bots, and therein lies your problem? (If bots are able to > auto-optin loads of addresses automatically). If you use a web-form method > for subscription, it needs to be implimented in such a way that only a > human manually inputting the address is able to subscribe the address to > the list in the first place. > > Here's a useful link with info on how to make forms secure against bots: > http://phpsec.org/articles/2005/text-captcha.html No, it's all secured against bots, and no Apache logs show mass-subscribe activity. When a user is subscribed via the web interface, an email with a cryptographic hash is sent. As far as I can tell there's no way for a bot to auto-subscribe people without being able to intercept their email. :( Interesting link though. :) From jg at coks.net Thu Mar 9 21:51:46 2006 From: jg at coks.net (jg) Date: Fri Mar 10 00:50:12 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/9/2006 9:10 AM Mike Easter scribbled: > I /do/ have an interest in converting others to clarified and > egalilitarian and effectively structured newsgroup posting to /others/ > in the form of trimmed and contextualized. tink you mispeld egalitarian... > > How you organize your desk doesn't affect our conversation here, but how > we work together to meaningfully and clearly order our interaction > together does. > Indeed. Been to Borega Springs, then, was it? From nobody at spamcop.net Thu Mar 9 22:07:58 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Mar 10 01:10:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: On Thu, 09 Mar 2006 16:07:47 -0800, K. Thog wrote: > What happens when a user simply chooses not to unsubscribe from a normal > mailman mailing list, and instead decides to report it to SpamCop as spam? I would expect that the recipient of the complaint would file their own complaint with SpamCop. As has been pointed out, an SC user will lose their reporting privileges over false complaints. > I would hope that SpamCop's detection routines will find the list-management > features in the header and reject the complaint as illegitimate... or at > least notify the owner of the complaint.. Right? I mean, for less than 10 > complaints, wouldn't it be better to act as a facilitator rather than a > massive retaliatory strikeforce that could be impacting legitimate, > non-spam business operations? I would hope that the SpamCop parser ignores anything which doesn't pertain directly to identifying the message source, else it will cease to be a useful tool for dealing with spam. How hard to you think it would be for spammers to forge mailman headers? They forge everything else forgeable in email headers. > I'll tell you what happens then: businesses with savvy admins will be forced > to build a chain of differently-purposed IP addresses to ensure that > important one-on-one communications don't get blocked by lazy users and an > over-zealous blacklist like SpamCop. SpamCop will be factored into the cost > of doing business and then.. ignored. If you are referring to spam complaints, should SC complaints be ignored I would just go back to manual notifies, and creating my own local block list based on ignored complaints. If you are referring to the use of the SCBL, I already "ignore" it in the sense that I use it as was intended; i.e., not to reject email, but to score its probable "spamminess". -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Fri Mar 10 15:24:54 2006 From: nobody at devnull.spamcop.net (Patto) Date: Fri Mar 10 01:30:03 2006 Subject: [SpamCop-List] Re: Double login In-Reply-To: References: Message-ID: Garen Erdoisa wrote: > me-no-no wrote: >> "Aviatrix" wrote in message >> news:dujhlr$evr$1@news.spamcop.net... >>> Patto wrote: >>>> When I go to tab Held Email I am already logged in, and I don't have to >>>> do it again. In fact every tab behaves that way, except Webmail. When I >>>> go there I have to login again - this time I have to type the full >>>> address and password, as this section does not keep it in a cookie. >>> Doesn't it? >>> It does for me.... >> It *used* to for me too - It suddenly disappeared a while back, and I have >> never been able to get it to remember the Webmail user/pw combi since :-( >> Anyone, able/care to elaborate on why it used to work, and/or i apparently >> still working for some ? > > That happened to me using the firefox browser a while ago. I managed to > fix it by deleting the entries stored in the firefox password manager > related to spamcop.net, then let firefox pick up the new info the next > time I logged on. Haven't seen any further problems with that. Thanks for that - did that (and lots of other old, outdated, and duplicate entries), and now userid and password is present whenever I go to SC webmail :) From smcgarrett at hawaii.com Fri Mar 10 00:34:11 2006 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Fri Mar 10 01:35:03 2006 Subject: [SpamCop-List] Re: Domainsbyproxy In-Reply-To: References: Message-ID: Claudio Valderrama C. wrote: > I purchased it when I got my domain two years ago because I was tired of > spammers getting my real info from the whois server. Since I run a free tech > site, I wanted to minimize the effort fighting spam. I do that by using a unique email address only for domain registrations, and changing it annually (at a time when there are no upcoming renewals). Spam is easily filtered and can be aggressively reported via SpamCop. Out here in the boonies, snail mail delivery comes around about 4:30 in the afternoon, making a PO Box a must for most businesses. My phone calls are filtered with caller ID and voicemail (I'm out of the office over half the time), and my FAX line refuses to answer calls with anonymous or blocked caller ID. So listing my real contact info doesn't present many problems. The only time I've needed a service like this was when I was hired to capture an expiring generic domain name from a local client's local competitor (think Wendy's taking hamburgers dot com from McDonald's, at one millionth scale). The client wanted the domain to lie fallow for a year before using it, and I wanted to avoid getting either of us in the middle of a battle of duelling lawyers (even though I made sure we were in the right and had the meanest trial lawyer in the state as another client). Fortunately, my client's competitor was so clueless that he never noticed he'd lost the domain until his competitor started advertising it. > I finally abandoned godaddy for three reasons: > - They decided to cache your CC information. Gosh, amazon and paypal already > have my CC and I don't want to raise the risk: the more sites that have your > full payment info, the more likely someone can break just one of those sites > and get the CC information. That's why I use Discover and their free secure account numbers feature. This generates unique card numbers, complete with CIDs, tied to your account. Once a given vendor uses a secure account number to charge your account, any attempt by a different vendor to use that number is automatically rejected. You can even use a generated number for recurring offline transactions, although obviously not ones that require the physical presence of the card. I used this when we rented my daughter's flute when she started school band. It's gotten to the point that I get upset with sites that *don't* cache my CC. I understand that some MC and Visa accounts offer a similar feature, but it depends on the issuing bank. Aloha, McGarrett "LART 'em, Danno!" From edb2000 at spamcop.net Thu Mar 9 22:37:45 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Fri Mar 10 01:40:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Porpoise wrote: > > "Don Wannit" wrote in message > news:duop1h$jmq$1@news.spamcop.net... > >> >> Using a list manager package such as Mailman is a likely >> indication of running a responsible list. It's irresponsible >> to jump down the O.P.'s throat without knowing the facts. >> >> How about asking for more information before flaming?? > > > Perhaps the problem lies with the submission form itself rather than the > maillist software. If it's susceptible to allowing bots to auto-submit > adresses, then it's highly probable that it will end up hitting > spamtraps. You need to ensure that addresses can only be submitted by > humans. It is the responsibility of those who run spamtraps to ensure that they are not triggered by the very confirmation requests sent to the email address to confirm that the signup is intentional. Especially since this positive confirmation is the mark of a responsiblly run mailing list. This is why fully-automatic spamtrap quick-reporting is not a good idea. It's an invitation for some miscreant to submit the spamtrap address (gleaned from the usual hidden locations that are well known but not discussed openly) to a mailing list signup form, and thereby get that mailing list blacklisted by sending the confirmation request to the spamtrap address. Just as it is supposed to do. -- Don Wannit A paid SpamCop user since 1999 From g.hyde at bigpond.net.au Fri Mar 10 17:28:24 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Mar 10 02:30:03 2006 Subject: [SpamCop-List] SpamCop devnulls report. Message-ID: http://www.spamcop.net/sc?id=z894008722zb13d20e5a9c67e23a1abc00905ce1abbz This report contained some strange attachment which made weird characters on the message window - I reported it because SC identified the source IP in the headers as being an open proxy. Is it right to report open proxy mailservers that send out virus/trojan attachments? I sure think so! They shouldn't be sending me viruses/trojans at any rate. Because this was devnulled to internal SC addresses, I don't think there's much to worry about except on the statistics page. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Mar 10 00:03:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 03:05:03 2006 Subject: [SpamCop-List] Re: SpamCop devnulls report. References: Message-ID: Geoffrey Hyde wrote: > /sc?id=z894008722zb13d20e5a9c67e23a1abc00905ce1abbz > I reported it because SC > identified the source IP in the headers as being an open proxy. You can report it whether it was sourced from an IP listed as an open proxy or not. > Is it right to report open proxy mailservers that send out > virus/trojan attachments? It is right to report virms whether or not open proxy. The current SC faq position on reporting virms http://www.spamcop.net/fom-serve/cache/14.html Viruses are another form of spam and may be reported to SpamCop as such. > Because this was devnulled to internal SC addresses, I don't think > there's much to worry about except on the statistics page. It is devnulled because SC's reporting addy for 196.25.32.50 source bounces too much. SC is using johans@igubu.saix.net the admin/tech for infodoor, when I think it should be using abuse@saix.net for the routing.because of both AS5713 and organisation: ORG-TSL2-AFRINIC org-name: Telkom SA Limited remarks: abuse e-mail: -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 10 00:14:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 03:15:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: >Mike Easter scribbled: >> egalilitarian > tink you mispeld egalitarian... You are correct I did. > Indeed. Been to Borega Springs, then, was it? tink you mispeld Borrego Springs, at least the one I know, in the Anza Borrego Desert http://snipurl.com/nefk snurled googlemap to Borrego Springs, CA US in San Diego County, CA. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 10 00:45:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 03:50:01 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: K. Thog wrote: > When a user subscribes and then doesn't have the wherewithal to > unsubscribe, he might decide to complain to SpamCop. > Comments much appreciated. You come in here accusing by implication a reporter of making a bad report, but you don't name any IP which was so reported. You claim to be admin/ing a reported mailserver, but you don't provide the tracking url to the evidence of a report which would have been provided to the IP's SC reporting address. You claim to be interested in interacting positively about spamcop report issues, but you have shown no sign that you have properly registered yourself to be a recipient of the spamcop reports described above http://www.spamcop.net/fom-serve/cache/94.html How can I get SpamCop reports about my network? Until there is some real evidence of some bad report, you are just making useless noise about nothing and your so-called subscribed mailing list may just be a spamlist for all I know and see here. -- Mike Easter kibitzer, not SC admin From aviatrix at lists.org.gg Fri Mar 10 14:49:34 2006 From: aviatrix at lists.org.gg (Aviatrix) Date: Fri Mar 10 09:50:13 2006 Subject: [SpamCop-List] Re: Domainsbyproxy In-Reply-To: References: Message-ID: RandallW wrote: > Anyone have an opinion on this service? I sense irony that they claim they > protect people from spammers, since THEY seem to allow spammers to use them! There would be no need for domains-by-proxy and other privacy services if only the .com world followed the example of .uk. - The .uk whois contains names and postal addresses but no email addresses - Private individuals with non-trading web sites may opt to have their postal address omitted from the Whois. The .uk registry will usually act very promptly if anyone reports abuse of this facility I believe a lot of people use domains-by-proxy type services for no other reason than to keep their email address from public view. The solution IMHO would be to keep email addresses out of Whois entries. From jg at coks.net Fri Mar 10 07:52:45 2006 From: jg at coks.net (jg) Date: Fri Mar 10 10:50:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/10/2006 12:14 AM Mike Easter scribbled > > tink you mispeld Borrego Springs, at least the one I know, in the Anza > Borrego Desert http://snipurl.com/nefk snurled googlemap to Borrego > Springs, CA US in San Diego County, CA. > > Yep - too lazy to look it up. From MikeE at ster.invalid Fri Mar 10 08:10:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 11:10:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: > Mike Easter scribbled >> >> the one I know, in the >> Anza Borrego Desert http://snipurl.com/nefk snurled googlemap to >> Borrego Springs, CA US in San Diego County, CA. >> > Yep - too lazy to look it up. Blurbs about Borrego - // Borrego Springs is certainly one of the most scenic desert resort areas of California. The desert valleys are bordered by 9,000 foot mountain peaks [...] Some have said that Borrego Springs is what Palm Springs was 50 years ago - peaceful, quiet, relaxing. There are no stoplights in Borrego. [...] total population of 2,535 // Normally at this time of year I could post a nifty little beautiful warm weather report for Borrego, unfortunately it is a bit chilly, windy, and wet today. But that will make the desert flowers bloom a little later. Awesome. -- Mike Easter kibitzer, not SC admin From jg at coks.net Fri Mar 10 08:54:14 2006 From: jg at coks.net (jg) Date: Fri Mar 10 11:55:04 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/10/2006 8:10 AM Mike Easter scribbled:> > > Normally at this time of year I could post a nifty little beautiful warm > weather report for Borrego, unfortunately it is a bit chilly, windy, and > wet today. But that will make the desert flowers bloom a little later. > Awesome. > Camped out there few years back in April - six pack of beer left on a picnic table froze overnight. Pretty country... From MikeE at ster.invalid Fri Mar 10 09:01:20 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 12:05:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: >Mike Easter scribbled: >> warm weather report for Borrego, unfortunately it is a bit chilly, >> windy, and wet today. > Camped out there few years back in April - six pack of beer left on a > picnic table froze overnight. The desert is normally nippy at night, but that was a seriously unusual cold snap 20 YEAR WEATHER AVERAGES MONTH HIGH LOW RAIN January 69.6 42.7 1.19 February 73.3 45.6 1.00 March 76.7 49.5 .78 April 83.4 53.4 .26 May 92.2 60.2 .09 June 101.8 67.8 .01 July 106.9 75.2 .33 August 105.9 75.1 .69 September 99.8 69.1 .48 October 89.7 60.9 .34 November 77.1 50.1 .76 December 68.7 43.3 .92 -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Mar 9 14:38:12 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Fri Mar 10 12:25:03 2006 Subject: [SpamCop-List] Re: Domainsbyproxy References: Message-ID: "Gordon Hudson" wrote in message news:duq1pe$ece$1@news.spamcop.net... > I refuse point plank to provide a domain "privacy service". > Most of the customers who ask for this service are up to something in my > experience. Gotta make sure that abused women with restraining orders against stalkers can't have their own web pages... Better put a stop to unpopular political websites as well! From jeffg at spamcop.net Fri Mar 10 12:43:01 2006 From: jeffg at spamcop.net (Jeff G.) Date: Fri Mar 10 12:45:05 2006 Subject: [SpamCop-List] Re: Domainsbyproxy References: Message-ID: D. T. wrote: > "RandallW" wrote in > news:duolgu$hnr$1@news.spamcop.net: > >> Anyone have an opinion on this service? I sense irony that they >> claim they protect people from spammers, since THEY seem to allow >> spammers to use them! > > They're really GoDaddy. And yes, they do indeed allow spammers to hide > behind their anonymous domain registrations....I've got proof. I've > been in touch with the President's Office at GoDaddy over this and > they've not taken any action against the offenders. I'd like to see that proof. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at devnull.spamcop.net Fri Mar 10 09:39:59 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Fri Mar 10 12:45:14 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "K. Thog" wrote >I am perfectly aware of how RBLs operate > So what is the point of me posting here and going to great lengths to > establish temporary credibility as a savvy user? I find the above claims difficult to reconcile with your failure to tell us what IP was reported or to provide a tracking url to the report which you claim was improperly filed. G.M. From nobody at devnull.spamcop.net Fri Mar 10 09:40:04 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Fri Mar 10 12:45:22 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "Don Wannit" wrote... > It's an invitation for some miscreant to submit > the spamtrap address (gleaned from the usual hidden locations > that are well known but not discussed openly) to a mailing > list signup form If the spamtrap addresses are "well known" and can be found by "some miscreant", perhaps someone should address that as being a real problem in the way spamtraps are administered. Treating the confirmations from a GNU Mailman mailing list as spam is a very bad thing to do, but letting net-abusers find out the spamtrap email addresses is also a bad thing to do. G.M. From jeffg at spamcop.net Fri Mar 10 12:57:14 2006 From: jeffg at spamcop.net (Jeff G.) Date: Fri Mar 10 13:00:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Anonymous wrote: > letting net-abusers find out > the spamtrap email addresses is ... a bad thing to do. No, it's not. The net-abusers, whether they be spider bot or human, find the SpamCop spamtrap email addresses when they scrape web sites. Then they use those email addresses. Then SpamCop catches them and causes their IP Addresses to be listed in the SCBL. Then we users of the SCBL don't get subsequent spam from their IP Addresses. That is the whole point behind SpamCop spamtrap email addresses - keeping email messages from web scrapers out of our email inboxes. I believe that there are safeguards built into the SpamCop spamtrap reception systems to except mailing list software that uses confirmed opt-in. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Fri Mar 10 12:59:12 2006 From: jeffg at spamcop.net (Jeff G.) Date: Fri Mar 10 13:00:10 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Vanguard wrote: > I misread the OP's post. I thought "user ... doesn't have the > wherewithal to unsubscribe" meant that there was no option presented > or available to the recipient to remove themself from the mailing > list. I guess it meant the user was too stupid to figure out how to > unsubscribe. I think you're correct, the OP was using one of those kinder, gentler insults. :) -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From vanguard.news at yahooNIX.com Fri Mar 10 12:09:55 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri Mar 10 13:10:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "spamcop" wrote in message news:mailman.21.1141928087.16519.spamcop-list@news.spamcop.net... > At 12:49 PM 3/9/2006, you wrote: > >>"jg" wrote in message news:duplqh$5a8$1@news.spamcop.net... >>>On 3/9/2006 12:29 AM Don Wannit scribbled: >>> >>> >>> >>>>The O.P. stated that Gnu Mailman is the list management software in use. >>>>By default, Mailman automatically includes a clickable unsubscribe link >>>>in the email headers of every message sent out to the list. It also >>>>facilitates automatically including that information in the footer >>>>of every message sent to the list (and does so by default, although >>>>you can change the configuration so it does not). >>> >>>Just in passing, Dave, I did not see Mailman mentioned in the thread - >>>might I have lost a message? >> >> >>Not in the body of the message but it is mentioned in the Subject header. >>However, I'm not familiar with bulk mailers so it didn't mean anything to >>me, especially since it was not capitalized to present the word as a noun. >>jg figures the OP was talking about GNU Mailman >>(http://www.gnu.org/software/mailman/index.html). > > Of course you realize that any Outlook/Outlook Express user is not going > to be able to see this because Microsoft hides all the header information The Subject field is one of the headers is *is* presented by Outlook Express. Outlook does NOT support newsgroups so why even bother to mention it? What does reading the headers have to do with reading the Subject header (which is shown) and the body of the post? > and changes the name of the label within the menus Posts do not change the menues in whatever NNTP client is used for viewing a post. Only YOU know what you meant to say. > and changes the menus within it's held from version to version! "within it's held"? "Held" means what? Other than bug fixes, name me a single product that has been enhanced or improved through versioning that doesn't change some aspect of the program in its behavior or interface. It's a new version. Gee, something changed. Duh. > Can you tell I HATE Outlook/Outlook Express? Apparently you also hate all software. From jg at coks.net Fri Mar 10 10:52:09 2006 From: jg at coks.net (jg) Date: Fri Mar 10 13:50:03 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments In-Reply-To: References: Message-ID: On 3/10/2006 9:01 AM Mike Easter scribbled: > jg wrote: >> Mike Easter scribbled: > >>> warm weather report for Borrego, unfortunately it is a bit chilly, >>> windy, and wet today. > >> Camped out there few years back in April - six pack of beer left on a >> picnic table froze overnight. > > The desert is normally nippy at night, but that was a seriously unusual > cold snap > > 20 YEAR WEATHER AVERAGES > > MONTH HIGH LOW RAIN > January 69.6 42.7 1.19 > February 73.3 45.6 1.00 > March 76.7 49.5 .78 > April 83.4 53.4 .26 > May 92.2 60.2 .09 > June 101.8 67.8 .01 > July 106.9 75.2 .33 > August 105.9 75.1 .69 > September 99.8 69.1 .48 > October 89.7 60.9 .34 > November 77.1 50.1 .76 > December 68.7 43.3 .92 > > > > > It was an unusual year - went to see the wildflowers but there weren't any yet. No, the beer didn't freeze /solid/ but it had a chunk in it. And there was a film of ice on the outside of the tent. From tmcgraw at spamcop.net Fri Mar 10 11:42:33 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Mar 10 14:45:03 2006 Subject: [SpamCop-List] Re: Domainsbyproxy In-Reply-To: References: Message-ID: Gordon Hudson wrote: > > I refuse point plank to provide a domain "privacy service". > Most of the customers who ask for this service are up to something in my > experience. Like spews.org? From nobody at spamcop.net Fri Mar 10 20:52:06 2006 From: nobody at spamcop.net (me-no-no) Date: Fri Mar 10 15:55:03 2006 Subject: [SpamCop-List] Re: Double login References: Message-ID: "Patto" wrote in message news:dur664$4tj$1@news.spamcop.net... > Garen Erdoisa wrote: >> me-no-no wrote: >>> "Aviatrix" wrote in message >>> news:dujhlr$evr$1@news.spamcop.net... >>>> Patto wrote: >>>>> When I go to tab Held Email I am already logged in, and I don't have >>>>> to do it again. In fact every tab behaves that way, except Webmail. >>>>> When I go there I have to login again - this time I have to type the >>>>> full address and password, as this section does not keep it in a >>>>> cookie. >>>> Doesn't it? >>>> It does for me.... >>> It *used* to for me too - It suddenly disappeared a while back, and I >>> have never been able to get it to remember the Webmail user/pw combi >>> since :-( >>> Anyone, able/care to elaborate on why it used to work, and/or i >>> apparently still working for some ? >> >> That happened to me using the firefox browser a while ago. I managed to >> fix it by deleting the entries stored in the firefox password manager >> related to spamcop.net, then let firefox pick up the new info the next >> time I logged on. Haven't seen any further problems with that. > > Thanks for that - did that (and lots of other old, outdated, and duplicate > entries), and now userid and password is present whenever I go to SC > webmail :) Anyone know if this works for, or any similar solution for XP / IE 6 ? Thankx. Ciao Meno From MikeE at ster.invalid Fri Mar 10 13:05:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 16:10:02 2006 Subject: [SpamCop-List] Re: forwarding multiple spams attachments References: Message-ID: jg wrote: > It was an unusual year - went to see the wildflowers but there weren't > any yet. The best years for Borrego desert wildflowers are those in which the winter is rainier than usual, and then they are abundant sometime between Jan and Mar - depending on the desert weather after the winter rains. This dry year isn't/ hasn't been/ a very good year for the flowers either. Also, if you got up into the mountains for your camping it is going to be a lot colder at night. The Santa Rosas come into northwest Anza Borrego; I think the highest ones inside the 600,000 acre park area are only about 5000+ feet - but San Jacinto to the northwest of the park is about 10,000 ft -- and it has that nifty climate changing tramway from the hot Palm Springs desert to coldness near the top. There are desert bighorn sheep in those Borrego mountains, which is where 'borrego' comes from.. > No, the beer didn't freeze /solid/ but it had a chunk in it. And > there was a film of ice on the outside of the tent. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Mar 10 09:50:52 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Fri Mar 10 18:00:03 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Porpoise" wrote in message news:duqcn9$lfh$1@news.spamcop.net... > > "Anonymous" wrote in message > news:duqaf0$jpa$1@news.spamcop.net... >> >> "Porpoise" wrote... >>> >>> "Jeff G." wrote... >>> >>>> OK, if you want to play that game, your MX mail.jtfreesurf.co.uk >>>> violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 >>>> Sections 6.3 and C.6 by not accepting email to >>>> postmaster[at]mail.jtfreesurf.co.uk. >>> >>> That's probably because there are no MX records >> >> Not according to DNS Report: >> http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk >> Error: At least one of your MX records points to an IP address that >> is not a public IP. The problem IP(s) are: 127.0.0.1 >> >> If you don't have a mailserver, there should be no MX record at all, >> not a bogus MX record to an unroutable IP address. >> >> You also have your Start of Authority (SOA) that says that your >> master (primary) name server is set to localhost. That's wrong too. >> >> There is another problem, but it is your ISPs fault (unless you are >> running your own nameserver). ns2.jtibs.net [212.9.0.136] and >> ns1.jtibs.net [212.9.0.135] are open DNS servers that do recursive >> lookups for domains they are not authoritative for. >> >> This is a Bad Thing because it can be used in a DOS attack. >> The attacker sends a bunch of large forged UDP "fire and forget" >> packets that are queries for the victims host, and with a long TTL. >> The open nameserver then starts hammering the victim from its >> cache - an amplification attack. Get a bunch of zombies to >> trigger a bunch of open nameservers and you can do some real damage. >> > > Try reading that page again: > > ************* > OK. All of your MX records are host names (as opposed to IP addresses, > which are not allowed in MX records). > > NOTE: You only have 1 MX record. If your primary mail server is down or > unreachable, there is a chance that mail may have troubles reaching you. > In the past, mailservers would usually re-try E-mail for up to 48 hours. > But many now only re-try for a couple of hours. If your primary mailserver > is very reliable (or can be fixed quickly if it goes down), having just > one mailserver may be acceptable. > > OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. > RFC1912 2.1 says you should have a reverse DNS for all your mail servers. > It is strongly urged that you have them, as many mailservers will not > accept mail from mailservers with no reverse DNS entry. Note that this > information is cached, so if you changed it recently, it will not be > reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current > data). The reverse DNS entries are: > > 1.0.0.127.in-addr.arpa localhost. [TTL=86400] > > ERROR: I could not complete a connection to any of your > mailservers!localhost: Timed out [Last data sent: [Did not connect]]If > this is a timeout problem, note that the DNS report only waits about 40 > seconds for responses, so your mail may work fine in this case but you > will need to use testing tools specifically designed for such situations. > ********* Try reading that page again: http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk Error: At least one of your MX records points to an IP address that is not a public IP. The problem IP(s) are: 127.0.0.1 is not a public IP Note that these IPs are not reachable, which can cause extra resource usage, slight mail delays, and possibly bounced mail. > All of which is because there is no public mailservice - the 1 MX is > internal (which is why it's 1.0.0.127) to the telco to which it belongs > i.e. Jersey Telecoms. Who, as I have previously stated, do not provide > mail services - only internet access. And again I tell you that if you don't have a mailserver on the Internet, there should be no MX record at all in your DNS record, not a bogus MX record to an unroutable IP address. And again I tell you that your SOA should not say that your primary nameserver is localhost. And again I tell you that you have two open DNS servers and that this is a Bad Thing. G.M. From porpoise1954 at yahoo.co.uk Fri Mar 10 23:40:14 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 10 18:45:02 2006 Subject: [SpamCop-List] Re: RFC 2142 and sales@, support@, webmaster@ References: Message-ID: "Anonymous" wrote in message news:dut089$82d$1@news.spamcop.net... > > "Porpoise" wrote in message > news:duqcn9$lfh$1@news.spamcop.net... >> >> "Anonymous" wrote in message >> news:duqaf0$jpa$1@news.spamcop.net... >>> >>> "Porpoise" wrote... >>>> >>>> "Jeff G." wrote... >>>> >>>>> OK, if you want to play that game, your MX mail.jtfreesurf.co.uk >>>>> violates Internet Standard #3 Section 5.2.7 and Internet Standard #11 >>>>> Sections 6.3 and C.6 by not accepting email to >>>>> postmaster[at]mail.jtfreesurf.co.uk. >>>> >>>> That's probably because there are no MX records >>> >>> Not according to DNS Report: >>> http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk >>> Error: At least one of your MX records points to an IP address that >>> is not a public IP. The problem IP(s) are: 127.0.0.1 >>> >>> If you don't have a mailserver, there should be no MX record at all, >>> not a bogus MX record to an unroutable IP address. >>> >>> You also have your Start of Authority (SOA) that says that your >>> master (primary) name server is set to localhost. That's wrong too. >>> >>> There is another problem, but it is your ISPs fault (unless you are >>> running your own nameserver). ns2.jtibs.net [212.9.0.136] and >>> ns1.jtibs.net [212.9.0.135] are open DNS servers that do recursive >>> lookups for domains they are not authoritative for. >>> >>> This is a Bad Thing because it can be used in a DOS attack. >>> The attacker sends a bunch of large forged UDP "fire and forget" >>> packets that are queries for the victims host, and with a long TTL. >>> The open nameserver then starts hammering the victim from its >>> cache - an amplification attack. Get a bunch of zombies to >>> trigger a bunch of open nameservers and you can do some real damage. >>> >> >> Try reading that page again: >> >> ************* >> OK. All of your MX records are host names (as opposed to IP addresses, >> which are not allowed in MX records). >> >> NOTE: You only have 1 MX record. If your primary mail server is down or >> unreachable, there is a chance that mail may have troubles reaching you. >> In the past, mailservers would usually re-try E-mail for up to 48 hours. >> But many now only re-try for a couple of hours. If your primary >> mailserver is very reliable (or can be fixed quickly if it goes down), >> having just one mailserver may be acceptable. >> >> OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. >> RFC1912 2.1 says you should have a reverse DNS for all your mail servers. >> It is strongly urged that you have them, as many mailservers will not >> accept mail from mailservers with no reverse DNS entry. Note that this >> information is cached, so if you changed it recently, it will not be >> reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current >> data). The reverse DNS entries are: >> >> 1.0.0.127.in-addr.arpa localhost. [TTL=86400] >> >> ERROR: I could not complete a connection to any of your >> mailservers!localhost: Timed out [Last data sent: [Did not connect]]If >> this is a timeout problem, note that the DNS report only waits about 40 >> seconds for responses, so your mail may work fine in this case but you >> will need to use testing tools specifically designed for such situations. >> ********* > > Try reading that page again: > > http://www.dnsreport.com/tools/dnsreport.ch?domain=jtfreesurf.co.uk > > Error: At least one of your MX records points to an IP address that is not > a public IP. > The problem IP(s) are: 127.0.0.1 is not a public IP > Note that these IPs are not reachable, which can cause extra resource > usage, slight > mail delays, and possibly bounced mail. > >> All of which is because there is no public mailservice - the 1 MX is >> internal (which is why it's 1.0.0.127) to the telco to which it belongs >> i.e. Jersey Telecoms. Who, as I have previously stated, do not provide >> mail services - only internet access. > > And again I tell you that if you don't have a mailserver on the Internet, > there should be no MX record at all in your DNS record, not a bogus MX > record to an unroutable IP address. > > And again I tell you that your SOA should not say that your primary > nameserver is localhost. > > And again I tell you that you have two open DNS servers and that this > is a Bad Thing. > > G.M. And I tell you, I don't own any MX servers. However, the backbone provider, whose system it is, does, and they do not provide a public mail service. I suggest you take up any issues with them directly: Information related to '212.9.0.0 - 212.9.0.127' inetnum: 212.9.0.0 - 212.9.0.127 netname: JERSEY-TELECOM descr: JERSEY Telecom descr: Jersey, Channel Islands country: GB admin-c: JT954-RIPE tech-c: JT954-RIPE rev-srv: ns1.jtibs.net rev-srv: ns2.jtibs.net status: ASSIGNED PA notify: ripe@jerseytelecom.com mnt-by: JE-TEL-MNT changed: gill.bonner@jerseytelecom.com 20010813 changed: ripe-dbm@ripe.net 20040429 source: RIPE role: JT ADMIN address: Jersey Telecom address: P.O. Box 53 address: St Helier address: Jersey phone: +44 1534 882882 fax-no: +44 1534 882883 e-mail: ripe@jerseytelecom.com remarks: trouble: please email trouble reports to ripe@jerseytelecom.com admin-c: AA1195-RIPE admin-c: CP3625-RIPE tech-c: AA1195-RIPE tech-c: CP3625-RIPE nic-hdl: JT954-RIPE notify: ripe@jerseytelecom.com mnt-by: JE-TEL-MNT changed: chris.prouten@jerseytelecom.com 20040106 changed: chris.prouten@jerseytelecom.com 20040520 source: RIPE % Information related to '212.9.0.0/19AS8681' route: 212.9.0.0/19 descr: Jersey Telecom - CIDR block 1 descr:
origin: AS8681 mnt-by: AS8681-MNT changed: peter@elmail.co.uk 19980708 source: RIPE http://www.dnsstuff.com/tools/lookup.ch?name=jerseytelecom.co.uk&type=ALL http://www.dnsstuff.com/tools/lookup.ch?name=jtfreesurf.co.uk&type=ALL From nobody at devnull.spamcop.net Fri Mar 10 15:10:31 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Fri Mar 10 18:55:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Jeff G. wrote... > Anonymous wrote: > >>Don Wannit wrote... >> >>> It's an invitation for some miscreant to submit >>> the spamtrap address (gleaned from the usual hidden locations >>> that are well known but not discussed openly) to a mailing >>> list signup form >> >>If the spamtrap addresses are "well known" and can be found by >>"some miscreant", perhaps someone should address that as being a >>real problem in the way spamtraps are administered. >> >>Treating the confirmations from a GNU Mailman mailing list as >>spam is a very bad thing to do, but letting net-abusers find out >>the spamtrap email addresses is also a bad thing to do. > > No, it's not. The net-abusers, whether they be spider bot or human, > find the SpamCop spamtrap email addresses when they scrape web sites. > Then they use those email addresses. Then SpamCop catches them and > causes their IP Addresses to be listed in the SCBL. Then we users of > the SCBL don't get subsequent spam from their IP Addresses. That is the > whole point behind SpamCop spamtrap email addresses - keeping email > messages from web scrapers out of our email inboxes. I believe that > there are safeguards built into the SpamCop spamtrap reception systems > to except mailing list software that uses confirmed opt-in. Look at Don's comment again. He clearly isn't talking about finding spamtraps in the sense of finding a large number of email addresses that include some "lost in the crowd" spamtraps but with no way for anyone looking at the list to know which ones are spamtraps. He clearly implied that the spamtraps are "well known" in the sense that somebody knows that email address X is a spamtrap, not in the sense that someone knows that there is one or more spamtraps hidden among many non-spamtraps. I thought that the phrase "net-abusers find out the spamtrap email addresses" was clear, but if you can think of a phrasing that is better, I will use that. BTW, I am a long-time reader and occasional participant who is very much aware of how the system works. G.M. From porpoise1954 at yahoo.co.uk Sat Mar 11 00:19:24 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 10 19:25:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: "Anonymous" wrote in message news:dut3ek$a53$1@news.spamcop.net... > > BTW, I am a long-time reader and occasional participant who is very much > aware of how the system works. > > G.M. But you still haven't provided the affected IP so that everyone can look at the *actual* issue, rather than some hypothetical one. From edb2000 at spamcop.net Fri Mar 10 20:07:12 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Fri Mar 10 23:10:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Jeff G. wrote: > I believe that > there are safeguards built into the SpamCop spamtrap reception systems > to except mailing list software that uses confirmed opt-in. > I would hope so, and that's what I'm not sure of. The requirement for such safeguards is absolute, hence my point. Since we (tinw) want/encourage/force mailing list administrators to send a confirmation request to the email address before sending any list traffic, then it is fundamental that the confirmation request not automatically trigger a SC or other RBL listing. -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Fri Mar 10 20:18:01 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Fri Mar 10 23:20:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Anonymous wrote: > Jeff G. wrote... > > >>Anonymous wrote: >> >> >>>Don Wannit wrote... >>> >>> >>>>It's an invitation for some miscreant to submit >>>>the spamtrap address (gleaned from the usual hidden locations >>>>that are well known but not discussed openly) to a mailing >>>>list signup form >>> >>>If the spamtrap addresses are "well known" and can be found by >>>"some miscreant", perhaps someone should address that as being a >>>real problem in the way spamtraps are administered. >>> >>>Treating the confirmations from a GNU Mailman mailing list as >>>spam is a very bad thing to do, but letting net-abusers find out >>>the spamtrap email addresses is also a bad thing to do. >> >>No, it's not. The net-abusers, whether they be spider bot or human, >>find the SpamCop spamtrap email addresses when they scrape web sites. >>Then they use those email addresses. Then SpamCop catches them and >>causes their IP Addresses to be listed in the SCBL. Then we users of >>the SCBL don't get subsequent spam from their IP Addresses. That is the >>whole point behind SpamCop spamtrap email addresses - keeping email >>messages from web scrapers out of our email inboxes. I believe that >>there are safeguards built into the SpamCop spamtrap reception systems >>to except mailing list software that uses confirmed opt-in. > > > Look at Don's comment again. He clearly isn't talking about finding > spamtraps in the sense of finding a large number of email addresses that > include some "lost in the crowd" spamtraps but with no way for anyone > looking at the list to know which ones are spamtraps. He clearly implied > that the spamtraps are "well known" in the sense that somebody knows that > email address X is a spamtrap, not in the sense that someone knows that > there is one or more spamtraps hidden among many non-spamtraps. I thought > that the phrase "net-abusers find out the spamtrap email addresses" was > clear, but if you can think of a phrasing that is better, I will use that. > > BTW, I am a long-time reader and occasional participant who is very much > aware of how the system works. > > G.M. Apparently I was ambiguous, or perhaps overly subtle. I did *not* say that the spamtrap addresses are well known. Read again; I said that the kinds of places the spamtrap addresses are hidden are well known, at least among certain circles. Like the people who gather them into the "Million Email Addresses" CDs, and the people who put them out there to be gathered. The whole point of a spamtrap is that the email address is gibberish random characters, which will not be encountered in a dictionary attack, nor by constructing compounds of words and numbers, nor by conceivable typos. It must be an email address that can NEVER be sent email by anyone making an honest mistake. This means that a useful spamtrap address can never be any of the following: - a potential role account, such as "sales", "info", etc., even if the domain in question has never had such an address for real - common names or words which might be used as a legitimate email address by someone at a different domain, but get hit by a typo on the domain part of the email address on innocent mail sent by someone's grandmother - an old email address that you had years ago and have not used in a long time As for where the spamtrap addresses are to be found, well, if you don't know by now don't worry about it. Maybe go back and re-read The Purloined Letter for a start? But the baddies sure know, and pranksters as well -- otherwise the spamtrap addresses would never receive any email at all, right? ;-) -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Fri Mar 10 20:22:50 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Fri Mar 10 23:25:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Vanguard wrote: > The Subject field is one of the headers is *is* presented by Outlook > Express. Outlook does NOT support newsgroups so why even bother to > mention it? What does reading the headers have to do with reading the > Subject header (which is shown) and the body of the post? > >> and changes the name of the label within the menus > > > Posts do not change the menues in whatever NNTP client is used for > viewing a post. Only YOU know what you meant to say. > >> and changes the menus within it's held from version to version! > > > "within it's held"? "Held" means what? Other than bug fixes, name me a > single product that has been enhanced or improved through versioning > that doesn't change some aspect of the program in its behavior or > interface. It's a new version. Gee, something changed. Duh. Umm, I think you are mixing together two different things. The original discussion was about email messages sent by the GNU Mailman mailing list management software, and how the instructions to unsubscribe are typically contained in each message. Both in the email headers and in a footer at the bottom of the message. And how many users can't be bothered to read those instructions, so they report as spam a message from a list they explicitly subscribed to (and confirmed, per best practice). You seem to be talking about a news reader, and NNTP headers, which is a different topic. When you change the topic in a newsgroup thread, it's customary to change the Subject: header in the news article, and mention that you did so. -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Fri Mar 10 20:53:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 10 23:55:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Don Wannit wrote: > This means that a useful spamtrap address can never be > any of the following: Without getting into any of the specifics about spamtrap addresses which are known by many around here, I once asked in this newsgroup about the philosophy of spamcop spamtraps, whether they should be very random usernames so as to 'never' occur in a so-called dictionary attack, very common usernames so as to 'routinely' occur in so-called dictionary attacks -- and similar 'extremes'. At that time the answer from Ellen was 'yes'. That is, that there are all different philosophical kinds of spamtrap addresses. The only requirement as I understand it is that the addy has never been used by anyone for any purpose, so that its 'exposure' has never been to subscribe to anything, including free-for-all or anything else. The fact that a spamtrap address may have been found by a miscreant and used to forge subscribe to anything is not eliminated from the rack of the wide range of possibilities for such spamtrap addies. I don't think that spamtraps are manually eliminated by deputies who find them forge subscribed in confirmation hits. In fact, I don't think spamtrap addies are manually eliminated for any reason -- even if the reason might be that the spamtrap addy does not appear to be a 'secret' any more. My concept of a dictionary attack is that the 'dictionary' is made up of many many usernames scraped from various places including millions CDs coupled with alternative domainnames scraped from similar very many such places. The dictionary is /not/ made of dictionary type words. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Fri Mar 10 21:28:17 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Mar 11 00:30:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Mike Easter wrote: > The only requirement as I understand it is that the addy has never been > used by anyone for any purpose, so that its 'exposure' has never been to > subscribe to anything, including free-for-all or anything else. The > fact that a spamtrap address may have been found by a miscreant and used > to forge subscribe to anything is not eliminated from the rack of the > wide range of possibilities for such spamtrap addies. To be sure. However, my worry is automated spamtraps that add IPs to blocklists without sanity-checking, either by smart enough software or by humans. If you create a spamtrap address "info" at some domain name which is public, even if you have never published or revealed the address "info@that-domain", that address might receive email from an innocent sender. > > I don't think that spamtraps are manually eliminated by deputies who > find them forge subscribed in confirmation hits. In fact, I don't think > spamtrap addies are manually eliminated for any reason -- even if the > reason might be that the spamtrap addy does not appear to be a 'secret' > any more. This is the problem. If some prankster finds a spamtrap address by rummaging around in the places where spammers go digging for email addresses, and pastes it into the email field on a subscription form somewhere, then the responsibly-run list will send a brief email to that address saying something of the form: Someone (we hope it was you) submitted your email address to subscribe to our email list. To make sure that this is your intention, please click on this link to confirm: http:||some.server/confirm.php?token-876123hdsasf9a7szcxvcxv23 Or, reply to this message, being sure to leave the subject line intact so we see that magic token to prove that it's you. If you did not intend to subscribe, simply ignore this message, with our apologies for the intrusion. I really hope that this confirmation request does not trigger a blocklist entry for the sending IP. > > My concept of a dictionary attack is that the 'dictionary' is made up of > many many usernames scraped from various places including millions CDs > coupled with alternative domainnames scraped from similar very many such > places. The dictionary is /not/ made of dictionary type words. > Yes, exactly. A "dictionary attack" means applying individual strings from a list, as well as combinations of those strings. A robust dictionary attack will have word lists in many languages, and slang terms, and every email ID ever seen. That's why Fred with userid "fr3dy-b0y" over at domain1.com can cause the name "fr3dy-b0y" to be tried at every domain, even though it is not a word or combination of words in any language I know... -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Fri Mar 10 21:49:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 11 00:50:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Don Wannit wrote: > Mike Easter wrote: > However, my worry is automated spamtraps that add > IPs to blocklists without sanity-checking, either by smart enough > software or by humans. I have discussed my concerns about some ramifications of spamtraps here in the past. My view was different from yours I think, at least in the first 'example' -- but the same in the 2nd. > If you create a spamtrap address "info" at > some domain name which is public, even if you have never published > or revealed the address "info@that-domain", that address might > receive email from an innocent sender. I do not understand why you say that -- and so you are launching that particular argument from a premise which I do not accept as fact. >> I don't think that spamtraps are manually eliminated by deputies who >> find them forge subscribed in confirmation hits. In fact, I don't >> think spamtrap addies are manually eliminated for any reason -- even >> if the reason might be that the spamtrap addy does not appear to be >> a 'secret' any more. > > This is the problem. If some prankster finds a spamtrap address by > rummaging around in the places where spammers go digging for email > addresses, and pastes it into the email field on a subscription > form somewhere, then the responsibly-run list will send a brief > email to that address saying something of the form: Yes, indeedy. > Someone (we hope it was you) submitted your email address > I really hope that this confirmation request does not trigger > a blocklist entry for the sending IP. Yes, it would. If it hit a spamcop reporter, the reporter is not supposed to report it if s/he reads it and plays by the rules. If it hit a spamtrap, then the spamtrap would report it and the source would be counted toward the SCbl. In addition to that counting, it is very important to realize that no provider is going to get a notify from a spamtrap hit -- so as a result another safeguard is removed, namely that of the reported having an opportunity to receive a link to the evidence of the report. Ellen has stated that spamtraps make less mistakes than reporters. >> My concept of a dictionary attack > Yes, exactly. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 10 22:04:54 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 11 01:05:03 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? References: Message-ID: Mike Easter wrote: > Don Wannit wrote: >> Someone (we hope it was you) submitted your email address > >> I really hope that this confirmation request does not trigger >> a blocklist entry for the sending IP. > > Yes, it would. If it hit a spamcop reporter, the reporter is not > supposed to report it if s/he reads it and plays by the rules. If it > hit a spamtrap, then the spamtrap would report it and the source would > be counted toward the SCbl. What is supposed to counteract this problem of forged spamtrap subscriptions is that the bulk subscription mailers have much more 'reputation' or traffic points or weight to go into the SCbl denominator to prevent some small number of false spamtrap hits from causing a listing -- and that any such listing result would be temporary -- and that any server which got itself blocked and made a query would have a deputy examine the evidence, which would include the spamtraps, and s/he would 'uncount' any spamtrap confirmations. A forged spamtrap confirmation mistake which doesn't cause a listing is moot. I think a deputy would probably tell you that it is very uncommon for a mailing list to become SCbl listed by forged spamtrap subscribes. Oh, yeah. There's another problem with forged spamtrap subscriptions. That is that spamtrap hits count more than reporter hits. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Fri Mar 10 22:17:11 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Mar 11 01:20:02 2006 Subject: [SpamCop-List] Re: A mailman opt-in plus confirmation mailing list is spam? In-Reply-To: References: Message-ID: Mike Easter wrote: > Don Wannit wrote: > >>Mike Easter wrote: > >>If you create a spamtrap address "info" at >>some domain name which is public, even if you have never published >>or revealed the address "info@that-domain", that address might >>receive email from an innocent sender. > > > I do not understand why you say that -- and so you are launching that > particular argument from a premise which I do not accept as f