From nospam at nospam.org Mon May 1 02:52:49 2006 From: nospam at nospam.org (Ejo) Date: Sun Apr 30 20:48:41 2006 Subject: [SpamCop-List] Re: Parser fails to resolve the originating IP In-Reply-To: References: Message-ID: Mike Easter wrote: > Ejo wrote: >> This is an example of a parser error, the result is that spamcop >> reports would be sent in the wrong direction (ip 131.180.0.83) >> whereas the >> spew originates from 212.91.238.95 I suppose that I have to fix the >> mailhost configuration. >> > www.spamcop.net/sc?id=z930656263zb5221611aa988e6db3e66c00e0430ce0z > > It appears that SC does not recognize these bottom 3 looping lines 4-6 > as part of your current mailhost -- where 'loop' implies going thru' the > same IP again, in this case calling itself by different names in the > 'by'. > > Abbreviated Received tracelines *comment > from (mailservice.tudelft.nl [130.161.131.5]) by dutlru2.lr.tudelft.nl > from localhost (localhost [127.0.0.1]) by rav.antivirus > from srv028.tudelft.net (unknown [131.180.0.83]) by mx4.tudelft.nl > *serves you > from mailservice.tudelft.nl ([130.161.131.5]) by srv028.tudelft.net > *serves you > from localhost (localhost [127.0.0.1]) by rav.antivirus *serves you > from di-ve3016.com (unknown [212.91.238.95]) by mx1.tudelft.nl > *sourceline > > If it is going to be funky like that, SC needs the mailhost configured > like that. > > It looks like a Carlie Foxtrot situation, not uncommon at the TUD. Problem is right now that I have to trick the systems to jump into this particular mode of handling incoming e-mail. From nobody at devnull.spamcop.net Mon May 1 00:31:10 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon May 1 00:35:06 2006 Subject: [SpamCop-List] Re: What is reported for 63.238.179.181? References: Message-ID: "WazoO" wrote in message news:e2u645$idt$1@news.spamcop.net... > > From: "WazoO" > To: "SpamCop Support - JT" > Subject: Newgroup Archiving dead again > Date: Fri, 28 Apr 2006 17:45:33 -0500 > > Had a user asking for help in the spamcop newsgroup, wasn't > getting what he needed. I reposted his query into the Forum > asking someone with a paid-account type to do a look-up. > Had an answer within minutes. Posted the Forum pointers > to the newsgroup, then was going to cross-link back to the > newsgroup archives ... but saw that the spamcop-list archive > stopped on the 18th of April. I now recall that the same thing > happened the last time there was a major cesmail located issue > and you got the archiving thing restarted. Could I ask for a > repeat action? Thanks! And in catching things up, the archiving bit has been restarted, archives are caught up, and in fact, the new month started as designed. Thanks sent to JT. From nobody at nowhere.not Mon May 1 08:14:12 2006 From: nobody at nowhere.not (Robert Blair) Date: Mon May 1 03:15:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 02:43:16 UTC, "John E. Malmberg" wrote: > > That is, to try and stop a *single* 'rogue' SC user getting an email > > source listed (through laziness, "revenge", stupidity and/or whatever) > > it takes sufficient reports from *two* or more users to get an email > > source on the SCBL... > > > > That is, there needs to be two or more users being lazy or stupid or > > 'angry' OR there is an issue with the list subscription method OR more > > likely something in between... > > I know of cases that were discussed here where there was only one user > doing the reporting where they accidentally reported their own mail server. > > While the idea that it takes two reporters to cause a listing seems to > be mentioned a lot, it does not seem to be the case. Sending a report to your own ISP is bad but it does not get the ISP listed unless there has been other spam reported to the same IP. So my conclusion is that more than one person is reporting spam from that IP. Recently we went through the same process with another mailing list which turned out to be backscatter. So far no one has mentioned this to Patty. How does the list handle email it receives from someone not subscribed to the list? -- Robert Blair From MikeE at ster.invalid Mon May 1 01:58:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 04:00:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Robert Blair wrote: > "John E. Malmberg" >> >>> That is, there needs to be two or more users being lazy or stupid >> I know of cases that were discussed here where there was only one >> user doing the reporting >> While the idea that it takes two reporters to cause a listing seems >> to be mentioned a lot, it does not seem to be the case. It is also /my/ belief that there is no 'requirement' for more than one reporter making reports. There is a requirement for more than one report, not for more than one report-er http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- The SCBL will not list an IP address with only one report filed. > Sending a report to your own ISP is bad but it does not get the ISP > listed unless there has been other spam reported to the same IP. Why do you say that? Where are you getting that information? I can see why one reporter making multiple reports of their own ISP as source might /not/ cause a listing for it, because of the server reputation points -- and I can also see why that same ISP might get itself listed for also hitting spamtraps in addition to the one reporter, because of the heavier weight of the spamtraps -- but I'm not aware of a rule in the algorithm to not list the IP if there is only one reporter making reports. > So > my conclusion is that more than one person is reporting spam from that > IP. You are basing that conclusion on a belief that there is a 'requirement' that a listing cannot occur if there is only one reporter making multiple reports. I'm questioning the basis for that belief. > How does the list handle email it receives from someone not > subscribed to the list? That's a good question to ask. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Mon May 1 20:44:57 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon May 1 05:50:08 2006 Subject: [SpamCop-List] Possible spam from Tesltra user. Message-ID: http://www.spamcop.net/sc?id=z931966737zcbe8497f877d987e944951d04bbc846dz It would appear that this is coming from a telstra user, probably one of their bigpond customers. It also seems there is a rather large attachment, does that look like a virus or some kind of infectious trojan program? Cheers ... Geoffrey Hyde From patty1515NOSPAM at gmail.com Mon May 1 10:08:21 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:10:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: On Sun, 30 Apr 2006 20:13:33 -0700, Don Wannit wrote: > Patty wrote: > >> I heard back from our SysAdmin, and his concern is that the confirmation >> would cause someone to be subscribed automatically, and he definitely wants >> Administrator review of all profiles submitted. Right now, we review the >> profiles and then manually subscribe the person. I'm not sure how the >> confirmation could be worked in with that type of setup. I like the idea >> of a confirmation, but I'm not sure about how the software (Majordomo) >> handles the subscription requests. I know that right now, the profile and >> subscription request goes to a live person who reads it over before it is >> submitted. Granted, that doesn't ensure that someone can't maliciously >> subscribe their worst enemy, but he wants the human intervention in there. >> >> Thanks Mike. >> >> Patty > > > Hi, Patty! > > Since your subscription process already has the extra step of > the profile being explicitly examined and vetted by a human, > it seems your sysadmins have already changed the normal Majordomo > configuration, at least a bit. Could the necessary addition > be as simple as adjusting your signup process so that it does > not offer the profile form to the user to fill in until *after* > the user has responded to the confirmation email? > > In other words, the profile form would not be filled in > when the user submits his/her email address. To sign up > for a list or lists, the user would just provide the > email address. Then the confirmation email you send to > that address does the usual apology for the intrusion if > someone else submitted this email address, and provides > a link to the web form to fill in the profile, using a > randomly-generated gobblety-gook string as a unique key > that would be nearly impossible to guess. That would > provide the necessary confirmation step and still > let your editor/admin approve the profile, with very > little adjustment to your existing signup process. > > It might be relatively simple to modify your existing > Majordomo automation to do this. I don't know, since > I am not familiar with current Majordomo versions (only > old and decrepit ones; I use GNU Mailman for our lists > now). > > Hope this helps, > Don I am being told that with the current software, sending out a confirmation email would result in that person being subscribed automatically. Modifying it would be difficult and then would be very difficult to maintain when new versions came out. We are using a standard software package (I have not been told which one) and it is very big. I am also told that there are not nearly as many solutions as some would believe. Listservs are hard to set up and maintain for large lists. We have an exceptionally large list (nearly 5,000 members) and many integrated tools that everyone takes for granted. Changing now would require months of full-time effort and several full-time people to administer the list. Since we are a small non-profit organization, we don't have any paid staff, only volunteers that handle the day to day list duties. I guess the feeling is, that since we are an opt-in list (the person must choose to join), and because we are dealing with such a specific subject that has very limited appeal to the masses, a confirmation is not really necessary. Granted, it is considered a good practice, but is not required of a listserv. However, there are a couple of us on the administrative roster who do think that some type of confirmation would be a good idea. So, perhaps this option will be explored more in the future. Thanks everyone for all the suggestions, I have passed them along. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:10:06 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:10:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Sun, 30 Apr 2006 22:43:16 -0400, John E. Malmberg wrote: > Skiwi wrote: >> I may have missed this in all of the replies in this thread, so "just in >> case" - but my understanding the above sentence should read: >> >> "It is possible for user[s] to incorrectly report a mailing list and get >> it listed, but it is rare." >> >> That is, to try and stop a *single* 'rogue' SC user getting an email >> source listed (through laziness, "revenge", stupidity and/or whatever) >> it takes sufficient reports from *two* or more users to get an email >> source on the SCBL... >> >> That is, there needs to be two or more users being lazy or stupid or >> 'angry' OR there is an issue with the list subscription method OR more >> likely something in between... > > I know of cases that were discussed here where there was only one user > doing the reporting where they accidentally reported their own mail server. > > While the idea that it takes two reporters to cause a listing seems to > be mentioned a lot, it does not seem to be the case. > > -John > wb8tyw@qsl.network > Personal Opinion Only As far as I know, our situation is only one person doing the reporting. The Covad log trace only shows one person making the SC report. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:13:41 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:15:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: <1vt5dpskzga7d$.b7m6e4g95quk$.dlg@40tude.net> On Mon, 1 May 2006 07:14:12 +0000 (UTC), Robert Blair wrote: > On Mon, 1 May 2006 02:43:16 UTC, "John E. Malmberg" > wrote: > >>> That is, to try and stop a *single* 'rogue' SC user getting an email >>> source listed (through laziness, "revenge", stupidity and/or whatever) >>> it takes sufficient reports from *two* or more users to get an email >>> source on the SCBL... >>> >>> That is, there needs to be two or more users being lazy or stupid or >>> 'angry' OR there is an issue with the list subscription method OR more >>> likely something in between... >> >> I know of cases that were discussed here where there was only one user >> doing the reporting where they accidentally reported their own mail server. >> >> While the idea that it takes two reporters to cause a listing seems to >> be mentioned a lot, it does not seem to be the case. > > Sending a report to your own ISP is bad but it does not get the ISP > listed unless there has been other spam reported to the same IP. So > my conclusion is that more than one person is reporting spam from that > IP. > > Recently we went through the same process with another mailing list > which turned out to be backscatter. So far no one has mentioned this > to Patty. How does the list handle email it receives from someone not > subscribed to the list? It bounces to an administrator who reviews it. It never makes it to the list. Because we are a subscription only listserv, even if a current member sends from a non-subscribed email address, that email bounces to an administrator. If the administrator is able to confirm the person's membership, it may be forwarded on, but mostly that does not happen. The person must resubmit their email using their subscribed address. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:15:05 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:15:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: <1srcb1z64id37.z7k8q5rk6lu2$.dlg@40tude.net> On Mon, 1 May 2006 00:58:05 -0700, Mike Easter wrote: > Robert Blair wrote: >> "John E. Malmberg" >>> > >>>> That is, there needs to be two or more users being lazy or stupid > >>> I know of cases that were discussed here where there was only one >>> user doing the reporting > >>> While the idea that it takes two reporters to cause a listing seems >>> to be mentioned a lot, it does not seem to be the case. > > It is also /my/ belief that there is no 'requirement' for more than one > reporter making reports. There is a requirement for more than one > report, not for more than one report-er > http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- > The SCBL will not list an IP address with only one report filed. > >> Sending a report to your own ISP is bad but it does not get the ISP >> listed unless there has been other spam reported to the same IP. > > Why do you say that? Where are you getting that information? I can see > why one reporter making multiple reports of their own ISP as source > might /not/ cause a listing for it, because of the server reputation > points -- and I can also see why that same ISP might get itself listed > for also hitting spamtraps in addition to the one reporter, because of > the heavier weight of the spamtraps -- but I'm not aware of a rule in > the algorithm to not list the IP if there is only one reporter making > reports. > >> So >> my conclusion is that more than one person is reporting spam from that >> IP. > > You are basing that conclusion on a belief that there is a 'requirement' > that a listing cannot occur if there is only one reporter making > multiple reports. I'm questioning the basis for that belief. > >> How does the list handle email it receives from someone not >> subscribed to the list? > > That's a good question to ask. I just answered that last question. See my prior post. :o) Patty From sgcarney at gmail.com Mon May 1 19:53:56 2006 From: sgcarney at gmail.com (Scott Carney) Date: Mon May 1 09:24:07 2006 Subject: [SpamCop-List] take me off this list Message-ID: <72F1D1C5-2EA2-48E7-861D-D9870AB13A6C@gmail.com> Dear SpamCop, Please unsubscribe me from this list. I get enough mail as is. s ___ Scott Carney Freelance Journalist Mobile: 091-9380185773 www.scottcarneyonline.com From nobody at devnull.spamcop.net Mon May 1 10:31:27 2006 From: nobody at devnull.spamcop.net (Peter) Date: Mon May 1 09:35:02 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: What list? -- Peter Toronto, Canada 2 x XP Pro SP2 (1 everyday, 1 for testing) P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD "Scott Carney" wrote in message news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... > Dear SpamCop, > > Please unsubscribe me from this list. I get enough mail as is. > > s > ___ > Scott Carney > Freelance Journalist > Mobile: 091-9380185773 > www.scottcarneyonline.com > > > > From sgcarney at gmail.com Mon May 1 20:06:45 2006 From: sgcarney at gmail.com (Scott Carney) Date: Mon May 1 09:36:54 2006 Subject: [SpamCop-List] Re: take me off this list In-Reply-To: References: Message-ID: <216ED222-80C5-4B82-A4AA-DA82839B6E8C@gmail.com> Maybe I e-mailed the wrong person. I'm trying toget off the spam cop list. s ___ Scott Carney Freelance Journalist Mobile: 091-9380185773 www.scottcarneyonline.com On May 1, 2006, at 7:01 PM, Peter wrote: > What list? > > -- > Peter > Toronto, Canada > 2 x XP Pro SP2 (1 everyday, 1 for testing) > P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD > "Scott Carney" wrote in message > news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... >> Dear SpamCop, >> >> Please unsubscribe me from this list. I get enough mail as is. >> >> s >> ___ >> Scott Carney >> Freelance Journalist >> Mobile: 091-9380185773 >> www.scottcarneyonline.com >> >> >> >> > > > _______________________________________________ > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list From MikeE at ster.invalid Mon May 1 07:40:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 09:45:03 2006 Subject: [SpamCop-List] Re: Possible spam from Tesltra user. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z931966737zcbe8497f877d987e944951d04bbc846dz > > It would appear that this is coming from a telstra user, probably one > of their bigpond customers. It also seems there is a rather large > attachment, does that look like a virus or some kind of infectious > trojan program? Pharm spam source 144.136.148.123 CPE-144-136-148-123.qld.bigpond.net.au not listed in open proxy db/s, just dynamics spamvertiser fzd.4qatada3909zxmmx9m4x94m4.therterhk.com 58.19.254.157 spamhaused as the /32 rokso Leo Kuvayev / BadCow CNCGROUP HuBei b64 gif attachment promoting Cialis, Viagra, Levitra You don't have to open the spam to examine the gif. You can access the message properties, isolate the attachment and save it as the b64, then b64 decode that into the gif, I use Iceows for various functions of arc/unarc, code/decode convert, and look at the gif with a normal viewer like IrfanView. The disadvantage of opening the spam to inspect it is the traditional insecurity of something like Outlook Express using Internet Explorer's rendering engine under Windows. If you are going to use Win, you don't have to deal with the inherent insecurities of OE/IE. In this case, you can inspect the interior and see that the b64 is a .gif, then all you have to worrry about is what the rendering engine of IE/OE can do insecurely with a malformed .gif. // Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. // named here http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1048 patched here http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx Microsoft Security Bulletin MS04-025 More from me in alt.spam about malformed gifs http://groups.google.com/group/alt.spam/msg/5bf26a618d243915?hl=en& or http://snipurl.com/pvyx From: "Mike Easter" Newsgroups: alt.spam Subject: Re: Nonsense Spam Message-ID: -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 07:49:08 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 09:50:03 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: Scott Carney wrote: > Dear SpamCop, > > Please unsubscribe me from this list. I get enough mail as is. The instructions for unsubbing for the list are present in the following places: - the trailer link on every mailing list item you receive - the page where you signed up - the headers of every mailing list item you receive. The trailer of this message to you says: > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list Near the bottom of that page linked above, which I think should be at the very very tip top of the page is a section which sez: To unsubscribe from SpamCop-List, get a password reminder, or change your subscription options enter your subscription email address: where you click the Unsubscribe or Edit options button after entering your subbed addy. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 08:17:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 10:20:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote: > I am being told that with the current software, sending out a > confirmation email would result in that person being subscribed > automatically. Does that mean that you /could/ do the human vetting of the profile /first/ and then do the confirmation mail? -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Mon May 1 10:47:08 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 10:50:03 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: "Scott Carney" wrote in message news:mailman.1.1146490614.3606.spamcop-list@news.spamcop.net... > Maybe I e-mailed the wrong person. I'm trying toget off the spam cop > list. > > s > ___ > Scott Carney > Freelance Journalist > Mobile: 091-9380185773 > www.scottcarneyonline.com > > > > > On May 1, 2006, at 7:01 PM, Peter wrote: > > > What list? > > > > -- > > Peter > > Toronto, Canada > > 2 x XP Pro SP2 (1 everyday, 1 for testing) > > P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD > > "Scott Carney" wrote in message > > news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... > >> Dear SpamCop, > >> > >> Please unsubscribe me from this list. I get enough mail as is. > >> > >> s > >> ___ > >> Scott Carney > >> Freelance Journalist > >> Mobile: 091-9380185773 > >> www.scottcarneyonline.com > >> > >> > >> > >> > > > > > > _______________________________________________ > > SpamCop-List mailing list > > SpamCop-List@news.spamcop.net > > http://news.spamcop.net/mailman/listinfo/spamcop-list > Yeah you did, but there are instructions at the top and/or the bottom of every missive you receive if you are on the mailling liston how to do that, follow them. No one else can do it for you. From bar_n0ne at hotmail.com Mon May 1 10:56:25 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 11:00:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e34f23$lqk$1@news.spamcop.net... SNIP > > You are basing that conclusion on a belief that there is a 'requirement' > that a listing cannot occur if there is only one reporter making > multiple reports. I'm questioning the basis for that belief. > Well there was a post from Julian, or a Deputy, a couple of years back about a change to the algorithm,. The change was basically that 2 reporters had to report spams from the same source before listing. There was a bit of grumbling in this newsgroup about that at the time. I don't know if this can be found with google now or not. From patty1515NOSPAM at gmail.com Mon May 1 12:08:43 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 11:10:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: <1b93cfua8sk2n$.1060nh0bpopj1$.dlg@40tude.net> On Mon, 1 May 2006 07:17:25 -0700, Mike Easter wrote: > Patty wrote: >> I am being told that with the current software, sending out a >> confirmation email would result in that person being subscribed >> automatically. > > Does that mean that you /could/ do the human vetting of the profile > /first/ and then do the confirmation mail? Hi Mike, I don't really know any specifics of the software so I can't answer that question. I have been told that the only way we could implement this type of procedure easily is to have the person processing the profiles manually send a confirmation email first before subscribing the person. At this point in time, that's being frowned on since we only have all volunteers and no one is paid to do this work. Putting extra work on volunteers doesn't always fly well, I'm afraid. There are a couple of us who like the idea, but we'll see what the overall consensus of the admin group is. Patty From patty1515NOSPAM at gmail.com Mon May 1 12:10:33 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 11:10:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 09:56:25 -0500, Berny wrote: > "Mike Easter" wrote in message > news:e34f23$lqk$1@news.spamcop.net... > SNIP >> >> You are basing that conclusion on a belief that there is a 'requirement' >> that a listing cannot occur if there is only one reporter making >> multiple reports. I'm questioning the basis for that belief. >> > > Well there was a post from Julian, or a Deputy, a couple of years back about > a change to the algorithm,. > > The change was basically that 2 reporters had to report spams from the same > source before listing. > > There was a bit of grumbling in this newsgroup about that at the time. > > I don't know if this can be found with google now or not. I only know that I've been told the log trace from Covad is showing only one person reporting. Patty From spam at nospam.org Mon May 1 18:11:29 2006 From: spam at nospam.org (Andy) Date: Mon May 1 11:15:03 2006 Subject: [SpamCop-List] Pump and Dump Message-ID: The P&D scam was completely new to me until a few weeks ago when I started getting a load of backscatter from a scammer - mail bounces coming to randomly generated user names (typically 3 to 5 random characters) at my domain. The originating IPs of the scam mails appears to indicate a number of bots located around the world, mostly South Korea, Latin America and Texas(!), with a few in Germany. I have researched some of the P&D companies and one is apparently a microscopic oil company located in Canada. There are only 39 share holders and the company appears to consist of one guy - the 'CEO'. The share price has increased by 44% recently. My questions are therefore - 1. Is P&D actually illegal or is it a case of 'caveat emptor'? 2. If it is illegal then where would you make a report? Given that there appear to be only 39 possible beneficiaries in this company it shouldn't be too hard to trace the scammer. 3. At the end of the day would anyone actually follow this up or would I be wasting my time? The scammer may make a few bucks but he won't be retiring on the proceeds of this one. An additional question - can you confirm that Spamcop encourages reporting the mail bounces themselves as spam? I've seen this suggestion a few times on the forums. Originally I was just annoyed by the scammer but the frequency of the incorrectly bounced mail is not decreasing and I'm actually getting more fed up with mail servers that are incapable of recognising a spoofed return address. As an aside - you wouldn't believe how many people out there send out-of-office autoresponses in reply to mail originating from outside their local networks... or maybe you would. :-) Thanks Andy From MikeE at ster.invalid Mon May 1 09:28:47 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 11:30:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Patty wrote: > I only know that I've been told the log trace from Covad is showing > only one person reporting. I'm assuming that what covad gets is the SC report of being spamsource provider. A SC report will provide a link to the evidence, but the report is sent from spamcop, not the reporter, regardless of whether that is a single repetitive IP address, it only means the source of the report remains the same, namely spamcop's IP. The reporter's addy in the evidence To would be munged by standard or default SC munge unless overridden by some action of the reporter or requirement of the notified provider, and the evidence itself would permit analysis of the headers of the mailing list item/s which were received by the reporter. Those items would show the 'mailbox' server for the recipient, such as AOL, but if any addresses of the recipient would have appeared in the recipient's headers in such as Received tracelines, those too would have been spamcop munged by the standard or default algorithm function on the handling of the evidence which is linked in the report to the providers for spamvertiser or source. So, the point of that long description is that I would think that the conclusion might be that all of the reports are being received by a user of only one provider, namely AOL, but not necessarily one 'person' -- since I'm thinking the person isn't being identified by username address, but only by mailbox server. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 09:41:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 11:45:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> <1b93cfua8sk2n$.1060nh0bpopj1$.dlg@40tude.net> Message-ID: Patty wrote: > I don't really know any specifics of the software so I can't answer > that question. I have been told that the only way we could implement > this type of procedure easily is to have the person processing the > profiles manually send a confirmation email first before subscribing > the person. At this point in time, that's being frowned on since we > only have all volunteers and no one is paid to do this work. Putting > extra work on volunteers doesn't always fly well, I'm afraid. I agree with that, more volunteer work is bad, but... > There > are a couple of us who like the idea, but we'll see what the overall > consensus of the admin group is. ...there's another concern I have. Now that we've been talking about all of this in here, it is 'common knowledge' that the/your mailing lists don't require confirmed opt-in. That makes the lists a 'target' for those who would cause trouble between antispammers and the 'public' -- where the public in question would be your mailing list admins and your list readers. An unconfirmed mailing list is a 'good thing' to be submitting email addresses to if your wish is to cause friction between blocklists such as spamcop's and the unconfirmed mailing list. Your mailing list doesn't have a feature that allows you to easily listwash based on spamcop reports which have munged the reporter's addy. Even tho' you have had little or no problems up to now over the past 10 years, that is liable to change in the future. The gig would be to subscribe spamcop reporter's addresses to your mailing list, and then those subbed reporters would not be required to confirm their subscription, and then as soon as the mailing list mail begins, the reporters would start reporting them, not unsubbing from a list they never subbed. Of course. This would give rise to much blocklisting of your servers and much interference with the mail to your subscribers. The deputies are not going to manually delist servers which have been listed because of reports caused by unconfirmed mailing lists. They are also not going to help you listwash. Your lists are going to be in the soup and your subscribers are going to have trouble getting their mailing list mail and everyone is going to be unhappy. Houston, we have a problem here. -- Mike Easter kibitzer, not SC admin From not at home.today Mon May 1 17:41:32 2006 From: not at home.today (Ant) Date: Mon May 1 11:45:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> <1vt5dpskzga7d$.b7m6e4g95quk$.dlg@40tude.net> Message-ID: "Patty" wrote: > On Mon, 1 May 2006 07:14:12 +0000 (UTC), Robert Blair wrote: >> Recently we went through the same process with another mailing list >> which turned out to be backscatter. So far no one has mentioned this >> to Patty. I mentioned that I didn't think it was happening. >> How does the list handle email it receives from someone not >> subscribed to the list? > > It bounces to an administrator who reviews it. It never makes it to the > list. Because we are a subscription only listserv, even if a current > member sends from a non-subscribed email address, that email bounces to an > administrator. If the administrator is able to confirm the person's > membership, it may be forwarded on, but mostly that does not happen. The > person must resubmit their email using their subscribed address. The important point is that you don't return the mail to who you thought sent it, i.e. the address in the "From:" field. This is forged by spammers, and any bounce will likely go to an innocent party who may report it as spam. From Kilgallen at SpamCop.net Mon May 1 11:42:40 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon May 1 11:45:09 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> In article , Patty writes: > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), Not at all. Somebody must merely choose to submit the person's address, perhaps to harass the addressee without any input from the addressee. > and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. Your subject matter has nothing at all to do with whether you provide a harassment vehicle. > Granted, it is considered a good practice, but is not required > of a listserv. However, there are a couple of us on the administrative > roster who do think that some type of confirmation would be a good idea. > So, perhaps this option will be explored more in the future. The fact that some will reject your mail due to this practice might be convincing. Consider someone who _wants_ to receive your mail but is prevented from doing so because your organization does not care about whether the email names on the list represent people who actually signed up. From MikeE at ster.invalid Mon May 1 09:55:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 12:00:05 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Berny wrote: > "Mike Easter" >> You are basing that conclusion on a belief that there is a >> 'requirement' that a listing cannot occur if there is only one >> reporter making multiple reports. I'm questioning the basis for >> that belief. >> > > Well there was a post from Julian, or a Deputy, a couple of years > back about a change to the algorithm,. > > The change was basically that 2 reporters had to report spams from > the same source before listing. > > There was a bit of grumbling in this newsgroup about that at the time. > > I don't know if this can be found with google now or not. This is all I've found so far http://news.spamcop.net/pipermail/spamcop-help/2003-August/041753.html http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html The forum discussion and question about requiring 2 seems to have never been confirmed by anyone, unless you can find it in that forum discussions which I don't like to dredge thru' repeatedly looking for something. I prefer nice simple plaintext to dig thru' instead of html. The 'illustration' of information from a spamcop parse in the 2nd link which would seem to imply that 2 reporters are required was 'discordant' -- in that the parser's verbose output mentioned a 2 reporter 'requirement' which wasn't met, but then 'turned around' and said there were two reporters. And, my experience with the verbose is that it cannot be counted on to say what it really means or mean what it says -- and in any case the algorithm and its verbose are highly dynamic, unstable, and perpetually changing and cannot be relied upon as a 'real' verification of a requirement which hasn't been verified in the faq or by a deputy or Julian that I can find so far. I only see people 'assuming' it to be the case. I think they are confused by the verified one report concept -- melding it into a one reporter concept. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 10:27:06 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 12:30:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works In-Reply-To: References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote: > > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. Your admin appears to be extremely clueless. That's NOT what a confirmation is. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. Big does not mean better, or even easier or harder. Whoever said it would be difficult to maintain a new, better package doesn't want to do their job. Find someone who has experience running opt-in lists and hire them instead. > I am also told that there are not nearly as many solutions as some would > believe. Listservs are hard to set up and maintain for large lists. We > have an exceptionally large list (nearly 5,000 members) and many integrated > tools that everyone takes for granted. Changing now would require months > of full-time effort and several full-time people to administer the list. > Since we are a small non-profit organization, we don't have any paid staff, > only volunteers that handle the day to day list duties. As others have stated there are some excellent programs that will likely import your list and set it up under a new app inside of a day. It appears your admin is feeding you a line of malarky. > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. HOGWASH! If you want your recipients to get the emails you need to use a program that adheres to the best practices previously cited. > Granted, it is considered a good practice, but is not required > of a listserv. However, there are a couple of us on the administrative > roster who do think that some type of confirmation would be a good idea. > So, perhaps this option will be explored more in the future. You're a trooper Patty. Keep asking the hard questions! From tmcgraw at spamcop.net Mon May 1 10:27:42 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 12:30:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] In-Reply-To: References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Patty wrote: > > I only know that I've been told the log trace from Covad is showing only > one person reporting. I thought you said it was an AOL user...? From DougThegarden at invalid.com Mon May 1 18:28:05 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon May 1 12:30:09 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Andy wrote: > > My questions are therefore - > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > Yes > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. > The SEC or FBI or whoever the local equivalent for the country the company is based in is. > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. > You are probably wasting your time and the "only 39 shareholders" indicates that at most 39 people have fallen for it. A bit like the FDA and drugs I suspect there are just too many small time players out there and too difficult to prove who did it to make investigation practical. Doug From MikeE at ster.invalid Mon May 1 10:51:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 12:55:02 2006 Subject: [SpamCop-List] Insulin pumpers headers Message-ID: I parsed manually and with SpamCop for a non-mailhosted account the headers of an insulin pumpers [hereafter IP] mailing list item and noted two things, one related to the IP mailing list SCbl listing recently and one unrelated. The IP headers do not parse to name the IP server [bizsystems] as source, but instead source the individual who emailed the item to the list, which is often the case for mailing list items, since the individual /was/ the source and the major domo simply forwarded the mail along to the recipient. Whether or not this current result is from a previously untrusted server now being trusted, either by SC experience or by a deputy manually trusting a server I can't say. I also have not tested the parser for this headers on a mailhosted account yet. And, incidentally, the parser does not currently 'require' that a spam have a body to offer to report, ie no need for such as 'empty body' or 'no body text' material change to report a spam. I cancelled the parse for the items unreported. The main point of this new thread on the subject is that at the present time, the IP server would not become listed by a spamcop reporter reporting the IP mailing list items with a non-mailhosted account. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 10:55:19 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:00:04 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > > The main point of this new thread on the subject is that at the present > time, the IP server would not become listed by a spamcop reporter > reporting the IP mailing list items with a non-mailhosted account. This is exactly how Mailman, Yahoo Groups, ya da ya da ya da work. Do the headers hint at what list software is being used? From MikeE at ster.invalid Mon May 1 11:23:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:25:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> >> The main point of this new thread on the subject is that at the >> present time, the IP server would not become listed by a spamcop >> reporter reporting the IP mailing list items with a non-mailhosted >> account. > > This is exactly how Mailman, Yahoo Groups, ya da ya da ya da work. > > Do the headers hint at what list software is being used? No. The server which is doing it is identified as pandora.is.bizsystems.com which rDNSes to the nonrouting 192.168.1.190 and also calls itself by another nonrouting in the chain-- which also calls itself in its helo and a traceline bzs.org -- and which ultimately outputs as 69.3.95.130 which rDNSes to ns2.bizsystems.net which was the blocklisted IP that caused the problems earlier. It also calls itself majordomo@localhost and daemon@localhost and mentions itself in X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set sender to insulin-pumpers@insulin-pumpers.org using -f If you can sleuth anything by its id Received: (from majordomo@localhost) by bzs.org (8.11.4/8.11.4) id k41GkQp18393 for insulin-pumpers-outgoing; Mon, 1 May 2006 09:46:26 -0700 In fact, here are 3 contiguous headers involving all of that: Received: (from majordomo@localhost) by bzs.org (8.11.4/8.11.4) id k41GkQp18393 for insulin-pumpers-outgoing; Mon, 1 May 2006 09:46:26 -0700 X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set sender to insulin-pumpers@insulin-pumpers.org using -f Received: from ns2.bizsystems.net (ns2.is.bizsystems.com [192.168.1.171]) by bzs.org (8.11.4/8.11.4) with ESMTP id k41GkOh18386 for ; Mon, 1 May 2006 09:46:24 -0700 I removed the leading whitespaces for posting here -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 11:27:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:30:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? Oh, yeah. What's this? X-nag: /home/majordomo/nag.header -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 11:37:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? How would you like to become an insulin pumpers mailing list admin? :-) Here's the how-to http://insulin-pumpers.org/howto/List-Admin-HOWTO.html#toc8 Insulin-Pumper's Mail List Administration HOWTO That is not a 'secret document' -- it is accessible to the public, found by searching on bzs.org -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 11:52:20 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:55:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > > X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set > sender to insulin-pumpers@insulin-pumpers.org using -f If the result of sending something to insulin-pumpers@insulin-pumpers.org (as spammers tend to do) is an email to the "From" that says, "only members can post to this list," then they deserve to be listed. But we've already established that the way their mail sw works is an SC parse won't finger it as the source - so it's impossible for them to be listed from list traffic. Which probably means someone is lying. From tmcgraw at spamcop.net Mon May 1 11:52:24 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:55:07 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: >> Do the headers hint at what list software is being used? > > How would you like to become an insulin pumpers mailing list admin? :-) > > Here's the how-to > > http://insulin-pumpers.org/howto/List-Admin-HOWTO.html#toc8 > Insulin-Pumper's Mail List Administration HOWTO > > That is not a 'secret document' -- it is accessible to the public, found > by searching on bzs.org I thought this was even better: http://www.insulin-pumpers.org/membersonly.html If I can guess another user's name, I've got the universal password! From nobody at devnull.spamcop.net Mon May 1 11:58:35 2006 From: nobody at devnull.spamcop.net (G?? |\/|AC0|\|) Date: Mon May 1 14:00:03 2006 Subject: [SpamCop-List] Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: For the purpose of this post, it doesn't matter who wrote: >> I see that winking grin, but you are going to get a semantics discussion >> anyway. If the first person to change the topic from discussing the case of the mailing list operator wondering how spamcop works to the semantics of folder/directory naming would be so kind as to change the subject line, those of us who are interested in the first topic but not the second would find it easier to select posts that interest us. From MikeE at ster.invalid Mon May 1 12:07:46 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:10:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? My gut and some other findings like where Michael A. Robinton converses are causing me to lean toward believing the software is Majordomo http://www.greatcircle.com/majordomo/ -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 12:24:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:25:02 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: G?? |\/|AC0|\| wrote: > If the first person to change the topic from discussing the case of > the mailing list operator > wondering how spamcop works to the semantics of folder/directory > naming would be so > kind as to change the subject line, those of us who are interested in > the first topic but > not the second would find it easier to select posts that interest us. Of course you are correct. I find it a quaint observation that a subject change among topic drifters leads quickly or even immediately to the end of the subthread's conversation. Maybe that's the way it /should/ be. In this case, it lasted for 3 posts, longer than usual, in my experience. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 12:33:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:35:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > But we've already established that the way their mail sw works is an > SC parse won't finger it as the source - so it's impossible for them > to be listed from list traffic. You mean it is /currently/ impossible to be listed from list traffic to a nonmailhosted reporter. Looking at the headers, it is possible that the parser might've tripped while it was unfamiliar with the server chain. Or that it might still trip for a mailhosted account. > Which probably means someone is lying. We have incomplete information because we can't see the evidence. In the past when we the public could access the evidence, we would be able to 'reparse' the headers that had caused the bizsystems server to become listed and perhaps find that now the bizsystems server wouldn't be named as source, whereas/but it had been before. That doesn't mean that someone is lying; it means that the nonmailhosted parse doesn't currently name the server. It is also possible that a mailhosted parse might still show the bizsystem's server as source, since the algorithm's logic is different in several areas for mailhosted vs non-mailhosted. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon May 1 12:46:54 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 1 14:50:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote... > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. > > I am also told that there are not nearly as many solutions as some would > believe. Listservs are hard to set up and maintain for large lists. We > have an exceptionally large list (nearly 5,000 members) and many > integrated > tools that everyone takes for granted. Changing now would require months > of full-time effort and several full-time people to administer the list. > Since we are a small non-profit organization, we don't have any paid > staff, > only volunteers that handle the day to day list duties. May I make a suggestion? Perhaps you can persuade the person(s) who you are discussing this with to post here, and thus avoid the current situation where those who have the technical knowledge are passing messages through someone who is less technical. Have them start here: http://www.cluelessmailers.org/info/listmanagement.html http://www.mail-abuse.com/an_listmgntgdlines.html > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), Alas, you have no way of knowing that the above is true. With your present setup, a bad guy can "opt-in" someone else who does not want to be on your list. Granted, they would have to be somewhat clever to get past your manual confirmation process, but it could be done (and *will* be done if the bad guys get wind of an abusable mailing list) > and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. Alas, while it is true that your specific subject has limited appeal, the practice of subscribing somneone who you dislike to thousands of mailing lists has a wide appeal among a certain class of person. These net-abusers tend to make up lists of abusable mailing lists, and once you get on such a list you will see a huge increase in bogus subscriptions. > Granted, it is considered a good practice, but is not required > of a listserv. Alas, delivering the emails your listserv sends is *also* not required, and many of them will end up being blocked as the abusers subscribe unwilling victims and some of the victims report you to spamcop and other blocklists and ask their system admins to block your IP address. If you really want to take the position that getting a person's consent before sending them a bunch of email is "not required", then please don't complain when a bunch of your recipients start asking why your emails are blocked; delivering those emails is also "not required." >However, there are a couple of us on the administrative >roster who do think that some type of confirmation would be a good idea. >So, perhaps this option will be explored more in the future. I urge you in the strongest possible terms to not wait. Do what is suggested in the following webpages http://www.cluelessmailers.org/info/listmanagement.html http://www.mail-abuse.com/an_listmgntgdlines.html now, before net-abusers discover that you have given them a loaded gun to "punish" their enemies with and destroy your reputation while doing it. -- G.M. From nobody at devnull.spamcop.net Mon May 1 14:56:05 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon May 1 15:00:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35b0s$7ge$1@news.spamcop.net... > > http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html > > The forum discussion and question about requiring 2 seems to have never > been confirmed by anyone, unless you can find it in that forum > discussions which I don't like to dredge thru' repeatedly looking for > something. I prefer nice simple plaintext to dig thru' instead of html. Ummmm ... RW / Richard is one of the Deputies .... > The 'illustration' of information from a spamcop parse in the 2nd link > which would seem to imply that 2 reporters are required was > 'discordant' -- in that the parser's verbose output mentioned a 2 > reporter 'requirement' which wasn't met, but then 'turned around' and > said there were two reporters. RW did say to "read carefully" ..... the question was about an IP address getting listed by a single reporter .... the answer was dealing with an IP address that had been listed already, such that another report was seen as a "reoccurrence" of the spew .... not quite the same thing. Not addressed at all was just how (in that case) just two reports could have been sufficient to trip the flag .... but that's a whole different issue. > And, my experience with the verbose is that it cannot be counted on to > say what it really means or mean what it says -- and in any case the > algorithm and its verbose are highly dynamic, unstable, and perpetually > changing and cannot be relied upon as a 'real' verification of a > requirement which hasn't been verified in the faq or by a deputy or > Julian that I can find so far. And I doubt you will .. that "not for public consumption" thing again ... > I only see people 'assuming' it to be the case. I think they are > confused by the verified one report concept -- melding it into a one > reporter concept. Once again, dialog with the Deputies has them repeatedly advising that the two-reporter thing is a fact .... but even I'll point out that these folks are not the actual coders of the toolset .... From MikeE at ster.invalid Mon May 1 13:06:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 15:10:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: WazoO wrote: > "Mike Easter" >> http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html >> >> The forum discussion and question about requiring 2 seems to have >> never been confirmed by anyone, unless you can find it in that forum >> discussions which I don't like to dredge thru' repeatedly looking for >> something. I prefer nice simple plaintext to dig thru' instead of >> html. > > Ummmm ... RW / Richard is one of the Deputies .... And Richard the deputy did *not* answer the question which was asked, but instead stated, enigmatically, "read carefully..." blah blah -- when in fact the question was crystal clear, Is it or is it not necessary for 2 or more reporters to report an IP to become listed. Richard didn't answer that and he had a perfectly good opportunity to say Yes or No. He chose to say neither. > RW did say to "read carefully" Which was non helpful in the context of the question that /Steve/ presented: "I have sent a request to the deputies to clarify this issue. It has always been my understanding (perhaps back to my usenet days) that it required 2 REPORTERS to list an IP address, but the actual FAQ (http://www.spamcop.net/fom-serve/cache/297.html) states: The SCBL will not list an IP address with only one report filed." Then, Richard cited that statement and answered 'read carefully'. Big help. >> I only see people 'assuming' it to be the case. I think they are >> confused by the verified one report concept -- melding it into a one >> reporter concept. > > Once again, dialog with the Deputies has them repeatedly advising > that the two-reporter thing is a fact .... Show me where. Richard didn't say that in the link above when asked directly. And you haven't cited anything else. > but even I'll point out > that these folks are not the actual coders of the toolset .... -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 13:44:25 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 15:45:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> Do the headers hint at what list software is being used? > > My gut and some other findings like where Michael A. Robinton converses > are causing me to lean toward believing the software is Majordomo > http://www.greatcircle.com/majordomo/ If you are correct then someone /is/ lying. The link you provided says one of the features of Majordomo is that it "Supports confirmation of subscriptions, to protect against forged subscription requests." From MikeE at ster.invalid Mon May 1 14:12:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 16:15:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> Tim McGraw wrote: >> >>> Do the headers hint at what list software is being used? >> >> My gut and some other findings like where Michael A. Robinton >> converses are causing me to lean toward believing the software is >> Majordomo http://www.greatcircle.com/majordomo/ > > If you are correct then someone /is/ lying. > > The link you provided says one of the features of Majordomo is that it > "Supports confirmation of subscriptions, to protect against forged > subscription requests." You like that 'lying' term more than I do. Not only is it inflammatory, it presumes facts not in evidence, including intent. It is my understanding that majordomo supports confirmed optin by default. What I am not up to understanding is how the IP admin has chosen to configure the 'pathways' of using majordomo and its incorporation of the human oversight and profile process -- all of which is elaborated from an 'external' administration by email description at the link I gave. That is, I can read what a 'lay' non-IT-tech can do administratively from the 'outside' of majordomo which name is not even mentioned in the administrative pages. What I am not familiar with is how to IT-tech configure the actual software majordomo so as to both enable confirmed optin while maintaining the current human oversight profile management descibed in the length external email administration. That is, said another way: There is a very 'elaborate' external administration by email routine established in 1999 for the IP volunteers by Michael and Mary Jean who are familiar with the 'workings' of majordomo - which I am not - and those elaborate external administrative routines result in the type of non-confirmed optin which we are now dealing with, and with which the human oversight business is met to the satisfaction of someone adminstrative at IP. What would need to happen would be a rewrite [who knows how much, a little or a lot?] and retraining of the external administrative process for the majordomo which would incorporate its presumed 'builtin' confirmed optin character. However -- what we presume is that the *current* version of majordomo does confirmed optin by default. We don't know which version of majordomo we are dealing with here, and in fact, it is currently a guess as to whether it is actually majordomo of any version or not. -- Mike Easter kibitzer, not SC admin From Someone at invalid.foo Mon May 1 22:45:49 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 16:50:04 2006 Subject: [SpamCop-List] Feature idea: Strip X-Headers Message-ID: I use my spamcop.net reporting (paid) account with mundged reports selected. However, my personal domain name sometimes shows up in x-headers. Recently, someone did a backscatter-come-joe-job, which is still ongoing. I would like to be able to manually select certain X-Headers to be stripped out or mundged AND/OR have the ability to have certain keywords stripped out on mundged, such as my personal and/or identifying domain names. Thanks From tmcgraw at spamcop.net Mon May 1 14:46:53 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 16:50:07 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> If you are correct then someone /is/ lying. >> >> The link you provided says one of the features of Majordomo is that it >> "Supports confirmation of subscriptions, to protect against forged >> subscription requests." > > You like that 'lying' term more than I do. Not only is it inflammatory, > it presumes facts not in evidence, including intent. Fair enough. > What I am not familiar with is how to IT-tech configure the actual > software majordomo so as to both enable confirmed optin while > maintaining the current human oversight profile management descibed in > the length external email administration. Well stated. > What would need to happen would be a rewrite [who knows how much, a > little or a lot?] and retraining of the external administrative process > for the majordomo which would incorporate its presumed 'builtin' > confirmed optin character. However -- what we presume is that the > *current* version of majordomo does confirmed optin by default. We > don't know which version of majordomo we are dealing with here, and in > fact, it is currently a guess as to whether it is actually majordomo of > any version or not. Noted. From borgholio at storymind.com Mon May 1 14:45:53 2006 From: borgholio at storymind.com (Borgholio) Date: Mon May 1 16:50:09 2006 Subject: [SpamCop-List] Archiving Spam Message-ID: I just realized that my Thunderbird Junk folder is full of spam that is as much as several years old. Would there be any purpose to keeping this stuff tucked away, or should I just nuke it all? From tmcgraw at spamcop.net Mon May 1 14:51:30 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 16:55:03 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Andy wrote: > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? Illegal. See http://www.investopedia.com/ask/answers/05/061205.asp > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. The conventional wisdom seems to be that investors, NOT the owners of the small or microcap company themselves, buy up penny stocks creating an artificial demand through spam, raising the stock's price for a very short period. At which time those investors obviously sell. From bar_n0ne at hotmail.com Mon May 1 17:13:30 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:15:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Andy" wrote in message news:e358h6$5pi$1@news.spamcop.net... > The P&D scam was completely new to me until a few weeks ago when I started > getting a load of backscatter from a scammer - mail bounces coming to > randomly generated user names (typically 3 to 5 random characters) at my > domain. The originating IPs of the scam mails appears to indicate a number > of bots located around the world, mostly South Korea, Latin America and > Texas(!), with a few in Germany. > > I have researched some of the P&D companies and one is apparently a > microscopic oil company located in Canada. There are only 39 share holders > and the company appears to consist of one guy - the 'CEO'. The share price > has increased by 44% recently. > > My questions are therefore - > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. > > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. > > > An additional question - can you confirm that Spamcop encourages reporting > the mail bounces themselves as spam? I've seen this suggestion a few times > on the forums. Originally I was just annoyed by the scammer but the > frequency of the incorrectly bounced mail is not decreasing and I'm actually > getting more fed up with mail servers that are incapable of recognising a > spoofed return address. > > As an aside - you wouldn't believe how many people out there send > out-of-office autoresponses in reply to mail originating from outside their > local networks... or maybe you would. :-) > > Thanks > Andy > > > P&D is Illegal, but difficult to prove. It depends on where the shares have been traded, probably at the Vancouver Stock Exchange,which is part of the TSX, so you need to file a formal complaint with the Ontario, and, British Columbia Securities comissions, they have a web page, complaint would have to be on paper., I would CC the NASDAQ and SEC (USA) also. Because these shares may be purchased over the counter anywhere, in particular anywhere they pump, that means multiple jurisdictions could (in principle) get involved. Several of the companies i have seen share a president or chairman who lives in Penticton BC., probably has several names and one house. One of the garment manufacturers I've seen has years of letters of intent to buy this and that, but no revenues for several years, like 0 revenue, and negative income. I guess anyone can write a letter stating they intend to do something and then sign it and announce the writing of their signature. They don;t have to actually send the letter anywhere. From dws at dealing-with-spam.info Tue May 2 00:13:50 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon May 1 17:15:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote on Mon, 1 May 2006 09:08:21 -0400: > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. Sorry to be so blunt, but your current software sucks. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. Could you find out which one? There are many people here who maintain mailing lists such as yours and they'll be able to tell you flat out whether or not it's true that a request for confirmation equates to a confirmed signup. From bar_n0ne at hotmail.com Mon May 1 17:18:29 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:20:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Tim McGraw" wrote in message news:e35scg$is2$2@news.spamcop.net... > Andy wrote: > > > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > > Illegal. See http://www.investopedia.com/ask/answers/05/061205.asp > > > 2. If it is illegal then where would you make a report? Given that there > > appear to be only 39 possible beneficiaries in this company it shouldn't be > > too hard to trace the scammer. > > The conventional wisdom seems to be that investors, NOT the owners of > the small or nanocrap company themselves, buy up penny stocks creating > an artificial demand through spam, raising the stock's price for a very > short period. At which time those investors obviously sell. Yeah, but these stocks are so thinly held, I think that the investors are the principals in most of these. That "It wasn't us " excuse just doesn't wash look at KooKy Oil ;) , they contract with nonexistent companies for meaningless well surveys etc. according to their announcements.. I'd be really surprised , if at the end of the day the spam and some principal at kooky are well connected. From tmcgraw at spamcop.net Mon May 1 15:29:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 17:30:03 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Berny wrote: > > P&D is Illegal, but difficult to prove. > > It depends on where the shares have been traded, probably at the Vancouver > Stock Exchange,which is part of the TSX, so you need to file a formal > complaint with the Ontario, and, British Columbia Securities comissions, > they have a web page, complaint would have to be on paper., I would CC the > NASDAQ and SEC (USA) also. I'm not an investor, but I don't believe NASDAQ has anything to do with microcaps. From bar_n0ne at hotmail.com Mon May 1 17:43:19 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:45:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35b0s$7ge$1@news.spamcop.net... > I only see people 'assuming' it to be the case. I think they are > confused by the verified one report concept -- melding it into a one > reporter concept. > > -- > Mike Easter > kibitzer, not SC admin > Well the messages I recall were specifically about requiring 2 reporting accounts, so one reporter could do this, but like you could, they would need to submit and report their spam through 2 accounts. From nttp.sc.s at bigsleep.org Mon May 1 22:56:09 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon May 1 18:00:03 2006 Subject: [SpamCop-List] Re: Archiving Spam References: Message-ID: On 01 May 2006, - Borgholio entered spamcop and left news:e35s5e$d7p$1@news.spamcop.net: > I just realized that my Thunderbird Junk folder is full of spam that is > as much as several years old. Would there be any purpose to keeping > this stuff tucked away, or should I just nuke it all? > I archive all my mail several times a year. You can search for a file called "Junk", that is if you don't know where your Thunderbird Profile and Mail is stored. There will be a Junk.msf (message summary file) right next to it, which doesn't need to be saved. Archive it, as in zip it up, then store it somewhere, it'll take up very little space then. I store them by year, as in "mail/2005". Since this is simply a text file, you can easily search it for text strings, so you could see how much spam you got last year, what IPs it came from, or whatever. You can even rename it (to avoid copying over new mail), then copy it back in the Mail folder, and reopen it in the program again. Each message starts with the line "From -" like this... >From - Sun Dec 05 11:46:50 2004 You can do this with all your Thunderbird/Mozilla/Seamonkey mail "folders", and once archived you can delete all the messages from within the program. You could just delete the Junk and Junk.msf files, but I recomend you delete messages from within the program. -- | Ric | From g.hyde at bigpond.net.au Tue May 2 09:15:51 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon May 1 18:20:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35m7e$fcq$1@news.spamcop.net... > WazoO wrote: >> RW did say to "read carefully" > > Which was non helpful in the context of the question that /Steve/ > presented: > > "I have sent a request to the deputies to clarify this issue. It > has always been my understanding (perhaps back to my usenet days) that > it required 2 REPORTERS to list an IP address, but the actual FAQ > (http://www.spamcop.net/fom-serve/cache/297.html) states: The SCBL will > not list an IP address with only one report filed." > > Then, Richard cited that statement and answered 'read carefully'. Big > help. The actual link you quoted above sets out in sufficient detail how an IP can get listed. I can understand that - why do you have a problem with READING what Richard asked you to in the first place?? Here is a large chunk of the above link that I think you SHOULD read, cause I'm way dumber than you are (insofar as mucking around with spam and headers anyway) and I can quite easily understand it: SCBL Rules The system currently operates based on these rules: SCBL lists IP addresses with a large number of reports relative to reputation points. The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible. The SCBL weights reports depending on how recently the mail was received (or "freshness"): The SCBL counts the most recently received reports 4:1. The SCBL counts reports for email 48 hours and older 1:1, with a linear sliding scale between the most recent and 48 hours past. The SCBL ignores reports for email received more than one week ago. The SCBL uses Spamtrap reports to weight total reports. For spamtrap scores less than 6, the SCBL multiplies by 5 the quantity of spamtrap reports and adds this to the report score. For larger spamtrap scores, the SCBL squares the quantity. Examples: If an IP address has 2 spamtrap reports and 3 SpamCop user-reported reports, its weighted score is 13: (2 * 5) + 3 = 13. If a host has 7 spamtrap reports and 3 manual reports, its weighted score is 52: (7 * 7) + 3 = 52. The SCBL does not count reports regarding URLs or addresses in the body of the email. Therefore, the SCBL does not list websites or email addresses used to receive replies in reported email, unless that IP is also used to send the mail. The SCBL will not list an IP address with only one report filed. With only two reports against an IP address, the SCBL will list the IP address for a maximum of 12 hours after the most recent reported mail was sent. HTH. If you have a part of that which you don't understand please ask. I'm sure myself and other enthusiastic posters will gladly fill in the blanks. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Mon May 1 16:41:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 18:45:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Geoffrey Hyde wrote: > HTH. If you have a part of that which you don't understand please > ask. I'm sure myself and other enthusiastic posters will gladly fill > in the blanks. I understand everything in that faq, and in fact, I have cited the one salient line about not listing for one report. Which is not at all the same thing as multiple reports by one single reporter account. There is nothing in what you posted that gives any indication that if a single reporting address or 'reporter account' reported sufficient spam items for an IP to become mathematically eligible for listing, that it wouldn't be listed. There is nothing in all of what you posted that would explain what I linked to here earlier being a part of a confusing verbose: "but there are fewer than two individual users reporting" Posting a lot of lines you copied from a faq page doesn't do anything to clarify the issue. You haven't added anything helpful at all. -- Mike Easter kibitzer, not SC admin From Someone at invalid.foo Tue May 2 01:03:57 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 19:05:03 2006 Subject: [SpamCop-List] Spamcop blocking SSH tunelling / COTSE? Message-ID: Any spamcop users out there who can help with this, please? I can proxy read news.spamcop using SSH forwarding, but when I try and post the following happens: Outlook Express could not post your message. Subject '', Account: 'news.spamcop.net', Server: '127.0.0.1', Protocol: NNTP, Server Response: '440 Posting not allowed', Port: 120, Secure(SSL): No, Server Error: 440, Error Number: 0x800CCCA9 Port 120, listed above, is the local reading port. The remote port is still news.spamcop.net:119 From Someone at invalid.foo Tue May 2 01:23:44 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 19:25:03 2006 Subject: [SpamCop-List] Re: Spamcop blocking SSH tunelling / COTSE? References: Message-ID: "Someone who hates spam" wrote in message news:e3644u$ooq$1@news.spamcop.net... > Any spamcop users out there who can help with this, please? > > I can proxy read news.spamcop using SSH forwarding, but when I try and > post the following happens: > > > Outlook Express could not post your message. Subject '', > Account: 'news.spamcop.net', Server: '127.0.0.1', Protocol: NNTP, > Server Response: '440 Posting not allowed', Port: 120, Secure(SSL): > No, Server Error: 440, Error Number: 0x800CCCA9 > > > Port 120, listed above, is the local reading port. > > The remote port is > still news.spamcop.net:119 > > > Turns out that spamcop block the COTSE proxy. From MikeE at ster.invalid Mon May 1 17:25:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 19:30:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: In 2006 Feb jeffg sed: "at last check Reports from two or more humans are necessary for an IP Address to be listed by the SCBL." http://news.spamcop.net/pipermail/spamcop-list/2006-February.txt >From jeffg at spamcop.net Fri Feb 24 03:49:49 2006 Date: Fri Feb 24 03:50:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly Message-ID: That two or more humans is certainly in error, as we/I have seen listings based on spamtraps only; and I also think it is another reflection or 'misstatement' of the two or more report requirement. It is my belief that the basis for a listing is a sufficient number of 'points' -- however they might be derived, all from spamtraps, all from one reporter, or any combination thereof. The explanation of the SCbl doesn't state exactly how the reputation or traffic points are used in the calculation, nor does it clarify how those points are derived. But the faq sez that if there is only one report, the implication being whether it is a spamtrap report or a human report doesn't matter, that the IP would not be listed, regardless of how low its reputation points. There is nothing in the scoring system other that the 'one report' statement that puts any other restrictions on the scoring of points for a listing, most specifically it does not require two different humans or nor even any humans, for that matter. The subject of whether or not the algorithm should list based on spamtraps only has been discussed, and a deputy stated that spamtraps were more reliable as in less error prone than humans -- ergo there was no problem with listing for spamtrap hits only. By my interpretation, there would have to be two or more reports, any kind of report; one spamtrap one human, two spamtraps, two same human reports would all be suficient if that achieved a high enough score considering the reputation points. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 17:51:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 19:55:03 2006 Subject: [SpamCop-List] Re: Spamcop blocking SSH tunelling / COTSE? References: Message-ID: Someone who hates spam wrote: > Turns out that spamcop block the COTSE proxy. Perhaps it has been used to abuse the spamcop newsgroups in the past by the trollish spoofer I mentioned in my recent posts on this subject alt.cotse. If cotse is going to allow its proxy to be used to abuse the SC newsserver, then it should be permanently blocked. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Tue May 2 04:47:33 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon May 1 23:50:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On 01 May 2006, - Berny entered spamcop and left news:e35vdp$ljp$1@news.spamcop.net: > Well the messages I recall were specifically about requiring 2 reporting > accounts, so one reporter could do this, but like you could, they would > need to submit and report their spam through 2 accounts. > Where would be the logic in that? I have over a dozen valid eMail addresses, and only use 1 Spamcop reporting account. Certainly multiple addresses receiving the same message is greater proof that is it spam, and even multiple messages sent to the same address proves a greater amount of (possible) spam. -- | Ric | From nobody at devnull.spamcop.net Tue May 2 00:28:29 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 00:30:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Andy" wrote in message news:e358h6$5pi$1@news.spamcop.net... > > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. If you want to believe the "bragging" ..... http://spamkings.oreilly.com/archives/2006/03/stock_spammers_stung_by_secret.html#trackbacks "According to the February 17 complaint, Moeller boasted to a fellow spammer (working for the feds as a confidential informant or CI) that he and Vitale were making $40,000 per week sending spam that touted shares of small-cap stocks -- a practice known as pump-and-dump spamming. The two operated a company called Viatelecom aka Via Telecom LLC to do their stock deals. In an April, 2005 instant message conversation with the CI, Moeller claimed that he had 40 servers for sending spam, as well as 35,000 "peas" or proxies to disguise the true origin of the spams. He said he exclusively spammed AOL members and boasted he could send millions of spams per hour, with less than 20 percent getting caught in AOL's spam filters." From nttp.sc.s at bigsleep.org Tue May 2 05:56:56 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 01:00:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 01 May 2006, - Mike Easter entered spamcop and left news:e35q3m$hrd$1@news.spamcop.net: > What I am not familiar with is how to IT-tech configure the actual > software majordomo so as to both enable confirmed optin while > maintaining the current human oversight profile management descibed in > the length external email administration. > According to the documentation I have on Majordomo and MajorCool, this is how it works. First, I believe, but can't be sure, that the web form sends an eMail to the admin. The admin checks the subscription, then adds the address to the Majordomo list which sends out the welcome message. I can't be sure how this process is set up at IP, however I can interject here at the point of "add the address to the Majordomo list" with this documentation: ---------- 3.7. Further Testing of the Configuration ... To see if the aliases are working properly, try subscribing and unsubscribing yourself to the list. [jarchie@kes jarchie]$ echo subscribe test | mail majordomo You will receive an E-mail message containing instructions on how to confirm your subscription as well as a letter confirming that your command was successful. After sending back your confirmation, Majordomo should send back two letters--one letter stating that your subscribe request was successful and another letter welcoming you to the test list. The owner of the list will also be sent a message stating that you have subscribed to the list. To unsubscribe from a list, send a unsubscribe command [jarchie@kes jarchie]$ echo unsubscribe test | mail majordomo You should be sent back a letter stating that your command was successful. ---------- So, either: confirmation is turned off, subscription is automatic, and the admin adds the subscription information (not needed by Majordomo) to a database or unsubscribes that address. Or: confirmation is turned off, subscriptions are manually added by the admin. It seems pretty simple to me to turn on confirmation and do manual subscriptions, and seems like a good idea anyway. Since they claim to do manual confirmation, the admin can simply subscribe the ones they would not otherwise unsubscribe, and ignore the rest. -- | Ric | From nttp.sc.s at bigsleep.org Tue May 2 06:38:32 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 01:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 01 May 2006, - Blammo entered spamcop and left news:Xns97B6DF8058716blammo@216.154.195.61: > Or: confirmation is turned off, subscriptions are manually added by the > admin. > Further reading leads me to believe that they are using the "approve" option... Approval ======== When Majordomo requests your approval for something, it sends you a message that includes a template of the approval message; if you concur, you simply need to replace "PASSWORD" in the template with your list password, and send the template line back to Majordomo. ... You can approve any "subscribe" or "unsubscribe" request, regardless of whether Majordomo has requested this approval, with an "approve" command. Thus, you can subscribe or unsubscribe people from your list without them having to send anything to Majordomo; just send an appropriate "approve PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST ADDRESS" command off to Majordomo. ... In addition, the following is from the majordomo config file... 'subscribe_policy', "One of three values: open, closed, auto; plus an optional modifier: '+confirm'. Open allows people to subscribe themselves to the list. Auto allows anybody to subscribe anybody to the list without maintainer approval. Closed requires maintainer approval for all subscribe requests to the list. Adding '+confirm', ie, 'open+confirm', will cause majordomo to send a reply back to the subscriber which includes a authentication number which must be sent back in with another subscribe command.", ... Confirmation has been an option for quite some time, so if that is not an option, obviously they need to upgrade. -- | Ric | From nobody at nowhere.not Tue May 2 07:17:54 2006 From: nobody at nowhere.not (Robert Blair) Date: Tue May 2 02:20:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 23:25:23 UTC, "Mike Easter" wrote: > "at last check Reports from two or more humans are necessary for an IP > Address to be listed by the SCBL." > > http://news.spamcop.net/pipermail/spamcop-list/2006-February.txt > > From jeffg at spamcop.net Fri Feb 24 03:49:49 2006 > Date: Fri Feb 24 03:50:03 2006 > Subject: [SpamCop-List] Re: Need help To get our system setup correctly > Message-ID: > > That two or more humans is certainly in error, as we/I have seen > listings based on spamtraps only; and I also think it is another > reflection or 'misstatement' of the two or more report requirement. What is the error? The quote from jeff says two humans, a spamtrap is not a human. So a single spamtrap could list the IP. -- Robert Blair From nobody at spamcop.net Tue May 2 08:40:09 2006 From: nobody at spamcop.net (TimeLord) Date: Tue May 2 02:45:03 2006 Subject: [SpamCop-List] Re: Feature idea: Strip X-Headers References: Message-ID: "Someone who hates spam" wrote in message news:e35s21$iu2$1@news.spamcop.net... >I use my spamcop.net reporting (paid) account with mundged reports >selected. > > However, my personal domain name sometimes shows up in x-headers. > > Recently, someone did a backscatter-come-joe-job, which is still ongoing. > > I would like to be able to manually select certain X-Headers to be > stripped > out or mundged AND/OR have the ability to have certain keywords stripped > out > on mundged, such as my personal and/or identifying domain names. > > Thanks I'd go with that. I've been thinking for some time that X-Headers in mails I report often contain detail I'd rather not be passed on. Kev From MikeE at ster.invalid Tue May 2 01:02:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 03:05:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Robert Blair wrote: >"Mike Easter" >> "at last check Reports from two or more humans are necessary for an >> IP Address to be listed by the SCBL." > What is the error? The quote from jeff says two humans, a spamtrap is > not a human. So a single spamtrap could list the IP. "reports from two or more humans are necessary" I'm saying no humans are necessary, as opposed to two humans being required, spamtraps are sufficient; "reports from two or more (different) humans are necessary" and that one human (reporting account) is sufficient if that human account approves sufficient numbers of reports, such as two. I suppose you could call it semantics -- you want to be sure that semantics is about what something *means*. The only statement I understand and grasp comprehensively is "One report is not sufficient" [of any kind, spamtrap or human]. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Tue May 2 06:24:21 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue May 2 06:25:11 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> In article , "Robert Blair" writes: > What is the error? The quote from jeff says two humans, a spamtrap is > not a human. So a single spamtrap could list the IP. That has long been my understanding of how it works. 2 humans or 1 spamtrap. From patty1515NOSPAM at gmail.com Tue May 2 08:58:30 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 08:00:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > On 01 May 2006, - Blammo entered spamcop and left > news:Xns97B6DF8058716blammo@216.154.195.61: > >> Or: confirmation is turned off, subscriptions are manually added by the >> admin. >> > > Further reading leads me to believe that they are using the "approve" > option... > > Approval ======== > When Majordomo requests your approval for something, it sends you a message > that includes a template of the approval message; if you concur, you simply > need to replace "PASSWORD" in the template with your list password, and > send the template line back to Majordomo. > ... > You can approve any "subscribe" or "unsubscribe" request, regardless of > whether Majordomo has requested this approval, with an "approve" command. > Thus, you can subscribe or unsubscribe people from your list without them > having to send anything to Majordomo; just send an appropriate "approve > PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST > ADDRESS" command off to Majordomo. > > ... > > In addition, the following is from the majordomo config file... > > 'subscribe_policy', > "One of three values: open, closed, auto; plus an optional > modifier: '+confirm'. Open allows people to subscribe themselves to > the list. Auto allows anybody to subscribe anybody to the list without > maintainer approval. Closed requires maintainer approval for all > subscribe requests to the list. Adding '+confirm', ie, > 'open+confirm', will cause majordomo to send a reply back to the > subscriber which includes a authentication number which must be sent > back in with another subscribe command.", > I believe we must be set to closed in some manner. The list maintainer must subscribe NEW people. You cannot subscribe yourself to the list without first supplying a profile and request to the Administration. So, would not 'open+confirm' negate that setup by allowing someone to subscribe themself? Just trying to understand this. Thanks. Patty From nobody at devnull.spamcop.net Tue May 2 10:19:09 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue May 2 09:20:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: "Patty" wrote in message news:j7xu4ynj11h9$.rn3y1um2rgc4.dlg@40tude.net... > On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > >> On 01 May 2006, - Blammo entered spamcop and left >> news:Xns97B6DF8058716blammo@216.154.195.61: >> >>> Or: confirmation is turned off, subscriptions are manually >>> added by the >>> admin. >>> >> >> Further reading leads me to believe that they are using the >> "approve" >> option... >> >> Approval ======== >> When Majordomo requests your approval for something, it sends >> you a message >> that includes a template of the approval message; if you >> concur, you simply >> need to replace "PASSWORD" in the template with your list >> password, and >> send the template line back to Majordomo. >> ... >> You can approve any "subscribe" or "unsubscribe" request, >> regardless of >> whether Majordomo has requested this approval, with an >> "approve" command. >> Thus, you can subscribe or unsubscribe people from your list >> without them >> having to send anything to Majordomo; just send an appropriate >> "approve >> PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD >> unsubscribe LIST >> ADDRESS" command off to Majordomo. >> >> ... >> >> In addition, the following is from the majordomo config >> file... >> >> 'subscribe_policy', >> "One of three values: open, closed, auto; plus an optional >> modifier: '+confirm'. Open allows people to subscribe >> themselves to >> the list. Auto allows anybody to subscribe anybody to the list >> without >> maintainer approval. Closed requires maintainer approval for >> all >> subscribe requests to the list. Adding '+confirm', ie, >> 'open+confirm', will cause majordomo to send a reply back to >> the >> subscriber which includes a authentication number which must >> be sent >> back in with another subscribe command.", >> > > I believe we must be set to closed in some manner. The list > maintainer > must subscribe NEW people. You cannot subscribe yourself to > the list > without first supplying a profile and request to the > Administration. So, > would not 'open+confirm' negate that setup by allowing someone > to subscribe > themself? > > Just trying to understand this. > > Thanks. > > Patty Open +confirm, I believe, was simply an example. It looked like it could be used with any of the options. e.g. option +confirm. So it could be used wtih any of the options. Please read the description references for what 'confirmed subscriptions' are. You don't sound as though you've read them at all? Pop From MikeE at ster.invalid Tue May 2 08:25:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 10:30:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: POP wrote: > Please read the description references for what 'confirmed > subscriptions' are. You don't sound as though you've read them > at all? Try to understand where the 'disconnect' is here -- and this is based on some assumptions, which are probably valid. Majordomo is the listserv software. It actually doesn't handle any mail, but it sets up the instructions for some mail server software. Patty is not the listserv software majordomo 'manager' -- which is Michael Robinton and perhaps others. Majordomo was designed to be remotely administered by 'others' who have no access to the server or the server's software or the server's software's listserv software majordomo. This remote administration can be done by email -- or if implemented by a web manager called MajorCool. Michael Robinton and Mary Jean Renstrom wrote up a very very detail set of instructions to guide the non-tech volunteers about how to communicate by email with the majordomo software. They actually may not even know the majordomo software's name or anything about its configuration. Patty is one of the several volunteers who administers for the mailing lists by this email correspondence and its numerous webpages of guidelines for how to do so. We have determined that majordomo should be configured for optin confirmation. Patty and the other volunteers have no control over that, they only can control what they can administer to by email. The necessary reconfiguration would have to be done by Michael, and following that reconfiguration, some adjustment to the pages of guidelines which were written in 1999. It is possible that the majordomo version is of an old vintage. It is possible that the old majordomo is not so configurable. Majordomo's 'evolution' is described at the GreatCircle website -- in which the different versions may be incompatible with different versions of the Perl script and similar tediums. Patty ran into a snag when the list's server managed to get itself onto the SCbl. We've never seen the evidence, we only know what Patty told us had been told to her admin which had been told by covad the notify for the IP. Currently the headers do not parse to name the server, for whatever reason and significance that is at this point. The admin thinks it would be very difficult to reconfigure the majordomo or the majordomo plus the guidelines for the remote administration process. Ric doesn't think so. I'm not sure -- but it surely would require the motivation of Michael the majordomo admin or similar to do so because of the necessity to rewrite the guidelines a little or a lot, besides the majordomo reconfig. -- Mike Easter kibitzer, not SC admin From patty1515NOSPAM at gmail.com Tue May 2 11:37:49 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 10:40:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 07:25:31 -0700, Mike Easter wrote: > POP wrote: > >> Please read the description references for what 'confirmed >> subscriptions' are. You don't sound as though you've read them >> at all? > > Try to understand where the 'disconnect' is here -- and this is based on > some assumptions, which are probably valid. > > Majordomo is the listserv software. It actually doesn't handle any > mail, but it sets up the instructions for some mail server software. > > Patty is not the listserv software majordomo 'manager' -- which is > Michael Robinton and perhaps others. > > Majordomo was designed to be remotely administered by 'others' who have > no access to the server or the server's software or the server's > software's listserv software majordomo. This remote administration can > be done by email -- or if implemented by a web manager called MajorCool. > > Michael Robinton and Mary Jean Renstrom wrote up a very very detail set > of instructions to guide the non-tech volunteers about how to > communicate by email with the majordomo software. They actually may not > even know the majordomo software's name or anything about its > configuration. > > Patty is one of the several volunteers who administers for the mailing > lists by this email correspondence and its numerous webpages of > guidelines for how to do so. > > We have determined that majordomo should be configured for optin > confirmation. Patty and the other volunteers have no control over that, > they only can control what they can administer to by email. > > The necessary reconfiguration would have to be done by Michael, and > following that reconfiguration, some adjustment to the pages of > guidelines which were written in 1999. It is possible that the > majordomo version is of an old vintage. It is possible that the old > majordomo is not so configurable. Majordomo's 'evolution' is described > at the GreatCircle website -- in which the different versions may be > incompatible with different versions of the Perl script and similar > tediums. > > Patty ran into a snag when the list's server managed to get itself onto > the SCbl. We've never seen the evidence, we only know what Patty told > us had been told to her admin which had been told by covad the notify > for the IP. > > Currently the headers do not parse to name the server, for whatever > reason and significance that is at this point. > > The admin thinks it would be very difficult to reconfigure the majordomo > or the majordomo plus the guidelines for the remote administration > process. Ric doesn't think so. I'm not sure -- but it surely would > require the motivation of Michael the majordomo admin or similar to do > so because of the necessity to rewrite the guidelines a little or a lot, > besides the majordomo reconfig. I would like to know, however, where Ric got his information about the majordomo guidelines. I've searched the web and got some limited information about majordomo systems, but nothing that appeared to be as concise as what Ric had. I would love to read it, granted I may not understand a lot of it, but I still would like to be able to more familiarize myself with the process. Patty From MikeE at ster.invalid Tue May 2 08:52:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 10:55:05 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: > Mike Easter wrote: >> The admin thinks it would be very difficult to reconfigure the >> majordomo or the majordomo plus the guidelines for the remote >> administration process. Ric doesn't think so. I'm not sure -- but >> it surely would require the motivation of Michael the majordomo >> admin or similar to do so because of the necessity to rewrite the >> guidelines a little or a lot, besides the majordomo reconfig. > > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be > as concise as what Ric had. I would love to read it, granted I may > not understand a lot of it, but I still would like to be able to more > familiarize myself with the process. I think Ric has access to both Majordomo and MajorCool, its webadmin tool which can be used as an alternate to the emal management. I have done reading at the GreatCircle website [and also at the I-P admin website] but I've never handled any listserv or specifically Majordomo. As an outsider with zero experience managing lists as a listserv or majordomo admin or as a remote email admin of majordomo, the first solution that jumps into my mind, considering the difficulty of the IP mail admin 'writeup' or volunteer instruction pages, would be to implement the current version majordomo, because majordomo is what Michael knows, and also to implement the MajorCool web management administration tool for the volunteers. That assumes that by doing so, that everything which is currently operational would remain so, including the role of the volunteers and the profile management process of human oversight, plus the email optin confirmation step. If the webmanagement system were satisfactory or even preferred by the cadre of volunteers as well as the majordomo admins, then there would be no need for even a partial rewrite of the email admin instructions -- let it all be done by webadmin MajorCool. Otherwise, if the current email admin was required or preferred or necessary, there would need to be some perhaps little rewrite of the old 1999 email admin instructions. Maybe just a few sentences. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue May 2 09:07:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 11:10:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be > as concise as what Ric had. I would love to read it, granted I may > not understand a lot of it, but I still would like to be able to more > familiarize myself with the process. Maybe some clarification would be useful here. There are very many different softwares for performing majordomo or listserv functions, and those words are often used 'generically' -- like 'which' listserv/majordomo software? But, there are /actually/ 'brandname' products, namely Majordomo and Listserv -- where Majordomo's home is GreatCircle and LISTSERV is L-Soft's product. Majordomo is free and open source. L-Soft's listserv [caps] is a commercial product. We are assuming here [because I've seen Michael discussing Majordomo and because the majordomo description fits with the email remote admin at I-P] that the actual software is Majordomo, not some generic or 'other' listserv/majordomo. There is a brief wiki overview of Majordomo here http://en.wikipedia.org/wiki/Majordomo_%28software%29 Majordomo is an open source mailing list manager (MLM) developed by Brent Chapman of Great Circle Associates. It works in conjunction with sendmail on UNIX and related operating systems. There is a more comprehensive discussion of Majordomo at GreatCircle and faqs and free downloads http://www.greatcircle.com/majordomo/ Majordomo is a program which automates the management of Internet mailing lists. Commands are sent to Majordomo via electronic mail to handle all aspects of list maintenance. Once a list is set up, virtually all operations can be performed remotely by email, requiring no intervention upon the postmaster of the list site. (For a web-based interface to Majordomo, see the MajorCool add-on package). -- Majordomo controls a list of addresses for some mail transport system (like sendmail or smail) to handle. Majordomo itself performs no mail delivery (though it has scripts to format and archive messages). If you would download the free app's sourcecode and also have the ability to de-tar and de-gzip, I'm sure all of the docs can be found in there. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 2 09:27:01 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Tue May 2 11:30:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Mike Easter wrote... > and that one human (reporting account) is sufficient if that human > account approves sufficient numbers of reports, such as two. That would be a Bad Thing. I think that it is safe to assume that Spamcop has some method in place that at least attempts to stop a single human from causing a listing. if it was simply a matter of getting a reporting account and faking two reports, I think that we would be seeing a lot of "revenge" listings. From patty1515NOSPAM at gmail.com Tue May 2 12:40:07 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 11:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 08:07:15 -0700, Mike Easter wrote: > If you would download the free app's sourcecode and also have the > ability to de-tar and de-gzip, I'm sure all of the docs can be found in > there. Yeah, Mike. I already did that. Interesting thing, I'm not sure what format the documents are written in, I've been able to open them in Word and get some information from them, but the formatting is not the best for easy reading. Notepad and Wordpad were even worse. I just haven't seen anything on GreatCircle or the documentation I've downloaded about processing new subscriptions other than the code used to subscribe someone. Unless I'm just not looking in the right place. When Ric brought up the switch for forcing confirmation on subscriptions (open+confirm) I haven't found anything yet that discussed that. I'm just going to have to assume that Michael knows what he is doing. I know that he has told me that it would take more than you think to rewrite the software he is using to implement a confirmation that would not result in an automatic sub using our setup. I can only accept what he tells me at this time. I do know that he is involved in tech forums for discussing how the mail list software works. I would think that if there were an easy fix, he would know it. I thank you again for all your help. You have treated me most graciously with my questions and my concerns. Patty From vxpy7do02 at sneakemail.com Tue May 2 09:44:53 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Tue May 2 11:45:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: "Patty" wrote in message news:j7xu4ynj11h9$.rn3y1um2rgc4.dlg@40tude.net... > On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > >> On 01 May 2006, - Blammo entered spamcop and left >> news:Xns97B6DF8058716blammo@216.154.195.61: >> >>> Or: confirmation is turned off, subscriptions are manually added by the >>> admin. >>> >> >> Further reading leads me to believe that they are using the "approve" >> option... >> >> Approval ======== >> When Majordomo requests your approval for something, it sends you a >> message >> that includes a template of the approval message; if you concur, you >> simply >> need to replace "PASSWORD" in the template with your list password, and >> send the template line back to Majordomo. >> ... >> You can approve any "subscribe" or "unsubscribe" request, regardless of >> whether Majordomo has requested this approval, with an "approve" command. >> Thus, you can subscribe or unsubscribe people from your list without them >> having to send anything to Majordomo; just send an appropriate "approve >> PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST >> ADDRESS" command off to Majordomo. >> >> ... >> >> In addition, the following is from the majordomo config file... >> >> 'subscribe_policy', >> "One of three values: open, closed, auto; plus an optional >> modifier: '+confirm'. Open allows people to subscribe themselves to >> the list. Auto allows anybody to subscribe anybody to the list without >> maintainer approval. Closed requires maintainer approval for all >> subscribe requests to the list. Adding '+confirm', ie, >> 'open+confirm', will cause majordomo to send a reply back to the >> subscriber which includes a authentication number which must be sent >> back in with another subscribe command.", >> > > I believe we must be set to closed in some manner. The list maintainer > must subscribe NEW people. You cannot subscribe yourself to the list > without first supplying a profile and request to the Administration. So, > would not 'open+confirm' negate that setup by allowing someone to > subscribe > themself? > > Just trying to understand this. > > Thanks. > > Patty What is the reason for an 'administrator' (manually) looking at the subscriber 'profiles'? That does not prevent someone from 'subscribing' someone else without their knowledge - 'profiles' are easily forges (most of the time that a site requires 'registration' in order to view it, I personally do not give any useful information as it is none of their business.) Therefore, how does the administrator determine who to deny registration to? And, ultimately, why do you even WANT to refuse a subscription, if someone is interested in IPs why do you or the subscriber have to go through all the hoops? -- A SpamCop user and forum reader, Not Admin From MikeE at ster.invalid Tue May 2 09:46:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 11:50:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: G|_|Y |\/|AC0|\| wrote: > Mike Easter wrote... > >> and that one human (reporting account) is sufficient if that human >> account approves sufficient numbers of reports, such as two. > > That would be a Bad Thing. I think that it is safe to assume that > Spamcop has some method in place that at least attempts to stop a > single human from causing a listing. if it was simply a matter of > getting a reporting account and faking two reports, I think that we > would be seeing a lot of "revenge" listings. There are a lot of areas in which there are vulnerabilities to the system for abuse by a willful malcontent, and I don't think that 'directly' submitting bogus spams from a registered account would be a 'healthy' strategy for causing trouble or getting revenge -- so defending against that by requiring more than one account isn't a very sturdy defensive structure. Reporter reports only count 'one at a time'. Causing spamtrap hits causes the report numbers to be squared or multiplied into the next order of magnitude. Also, causing spamtrap hits could be done 'remotely' -- without exposing the actual account of the perpetrator. Creating an algorithmic defense requiring one more reporter account doesn't make much sense to me, while allowing all kinds of other hi-jinks. It is just as 'easy' [or hard] to get 'another' reporter account as it is to get one reporter account And besides; the logic or sensibleness of what we are talking about is a separate issue from what I'm trying to 'develop' in this discussion. I'm trying to get some admin in charge to categorically state this simple clarification about SC blocklisting. The faq goes into great details with exact numbers and all kinds of mathematical examples, but even when asked directly the admin hasn't stepped forward and straightened out this issue beyond the fact that more than one report is required. -- Mike Easter kibitzer, not SC admin From me at privacy.net Tue May 2 12:49:30 2006 From: me at privacy.net (Frog Prince) Date: Tue May 2 11:55:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "Patty" wrote in message news:itwt76zk3amr$.18lp9d1ebyzfq$.dlg@40tude.net... | On Sun, 30 Apr 2006 13:08:00 -0700, Mike Easter wrote: | | > So, one point is that I would recommend to the admins of your mailing | > lists that you have an email confirmation process in addition to | > whatever other things you want to do with profiles and correlating email | > addresses with IP addresses during the web signup. Whether you include | > the IP address of the signup process is another useful 'touch' that you | > might keep in mind. | > | > If you haven't been very troubled by bogus signups in 10 years you've | > been getting off easy. As you can see, it can cause a great deal of | > trouble for your subscribers to not have their mailing list managed | > properly. | > | > The possibility also exists that we are not dealing with a bogus signup, | > but a 'stupid' and bad spamcop reporter. | | Thanks, Mike. I will pass this information along. However, we are a | non-profit organization with only volunteers to handle the work of the mail | list. Sometimes it's hard to put more work on them. I will check with our | SysAdmin to see if a confirmation process can be put in place to | automatically send a confirmation to someone before subscribing them. | However, that still does not solve our current problem which is trying to | figure out who is causing the problem. Short of sending emails to nearly | 5,000 members to confirm that they want to be subscribed, I'm not sure what | else we can do. | | We have, in the past few years, added IP address and host name to the | information for each new subscriber, but with so many people using other | freebie email addresses such as hotmail and yahoo, sometimes that info | doesn't match, but at least it gives some trace as to where the request | came from. | | Thanks for your suggestions. I will pass them along. Off topic but as you're a non profit might look into: http://www.techsoup.org From MikeE at ster.invalid Tue May 2 10:07:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 12:10:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: >Mike Easter wrote: > >> If you would download the free app's sourcecode and also have the >> ability to de-tar and de-gzip, I'm sure all of the docs can be found >> in there. > > Yeah, Mike. I already did that. > I just haven't seen anything on GreatCircle or the documentation I've > downloaded about processing new subscriptions other than the code > used to subscribe someone. Besides what is in the tar.gz, if you were going to look around the web, you would want to look at docs from/about the current version 1.94.5 -- since there are a lot of docs around from the mid 90/s. These are both from 1.94.5 http://www.faqs.org/docs/Linux-HOWTO/Majordomo-MajorCool-HOWTO.html Majordomo and MajorCool HOWTO http://www-uclink.berkeley.edu/major/major.new.html New Features available with Majordomo 1.94.5 -- The new version helps prevent forged mass subscription attacks by requiring that prospective subscribers to Majordomo lists confirm their subscription requests. When a person subscribes to a list, a message will be sent back to them with a confirmation code. They will then need to send the code back to Majordomo in order to be officially subscribed to the list. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 2 14:59:46 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 15:00:03 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC References: Message-ID: "Maxx Excaliber" wrote in message news:e3817j$2fj$1@news.spamcop.net... > Tracking URL: > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z > > Spamvertised URL: > http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php > > SpamCop does not recognize this as a valid URL. I was able to decode it > using a hex2dec convertor on the web. The hex part decodes to > 216.219.88.52. This should go to abuse@hostdepartment.com or > abuse@worldispnetwork.com > > Thanks. As posted in the Forum at http://forum.spamcop.net/forums/index.php?showtopic=6285 this should have been posted into spamcop or spamcop.help .... spamcop.routing is for where reports end up after a successful parse. I'm crossposting and setting follow-ups to the spamcop newsgroup. From tmcgraw at spamcop.net Tue May 2 13:30:01 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 15:30:04 2006 Subject: [SpamCop-List] [OT] phone spam Message-ID: I've read about this, but it's the first time it's happened to me. Despite being on the Do Not Call Registry I just received a pre-recorded message telling me that "the information I had requested on the Internet about extra income had been received" and it directed me to readfromhome.com. The incoming caller's number was blocked. So when I went to file a complaint at https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming the Web site as the company I was complaining about, I named the company as HostingISP/readfromhome.com. I also called the ISP and asked if I could leave a message for the owner (it's lunchtime here). In the message I succinctly described what happened and advised him that I would be filing a complaint with the FTC over readfromhome.com and unfortunately I had to name his company as well. I predict this will become a more prevalent way of spamming in the not-too-distant future as spam filtering becomes more aggressive and accurate. From patty1515NOSPAM at gmail.com Tue May 2 18:23:50 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 17:25:04 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: > I've read about this, but it's the first time it's happened to me. > > Despite being on the Do Not Call Registry I just received a pre-recorded > message telling me that "the information I had requested on the Internet > about extra income had been received" and it directed me to > readfromhome.com. The incoming caller's number was blocked. > > So when I went to file a complaint at > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming > the Web site as the company I was complaining about, I named the company > as HostingISP/readfromhome.com. > > I also called the ISP and asked if I could leave a message for the owner > (it's lunchtime here). In the message I succinctly described what > happened and advised him that I would be filing a complaint with the FTC > over readfromhome.com and unfortunately I had to name his company as well. > > I predict this will become a more prevalent way of spamming in the > not-too-distant future as spam filtering becomes more aggressive and > accurate. Speaking of phone spam and do not call lists. We get calls from businesses such as waterproofing basements, and when I tell them I'm on the Do Not Call List they explain that they are not selling anything but they are offereing to provide me with a free inspection. They are really trying to split hairs here. I still report them. Patty From tmcgraw at spamcop.net Tue May 2 17:31:29 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 19:35:06 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: References: Message-ID: Patty wrote: > > > > Speaking of phone spam and do not call lists. We get calls from businesses > such as waterproofing basements, and when I tell them I'm on the Do Not > Call List they explain that they are not selling anything but they are > offereing to provide me with a free inspection. They are really trying to > split hairs here. I still report them. They are splitting hairs, this is a common ploy, and yes they still should be reported. From none at none.none Tue May 2 21:20:35 2006 From: none at none.none (Pete) Date: Tue May 2 21:25:03 2006 Subject: [SpamCop-List] I'm curious, how does Amazon.com end up on the SCBL? Message-ID: It's a reputable site that doesn't spam, as far as I know, yet it still ends up in my Spamcop spam mail. How does this happen? Pardon my ignorance for how the system works. Here is the URL for the block: http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z From me at privacy.net Wed May 3 02:36:09 2006 From: me at privacy.net (Michael R N Dolbear) Date: Tue May 2 21:40:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: <01c66e3d$afa319c0$LocalHost@default> Tim McGraw wrote > I've read about this, but it's the first time it's happened to me. > > Despite being on the Do Not Call Registry I just received a pre-recorded > message telling me that "the information I had requested on the Internet > about extra income had been received" and it directed me to > readfromhome.com. The incoming caller's number was blocked. > > So when I went to file a complaint at > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming [...] > I predict this will become a more prevalent way of spamming in the > not-too-distant future as spam filtering becomes more aggressive and > accurate. Not really. Just as a Spam could say "as you requested on our web site" so can a attempt to get round the Do Not Call list. If the evidnce is missing or all the requests are from the same IP the owner of the outgoing call centre will have to drop his cleint with prejudice or be cut off. If the client generates a new company name and tries again the weak point is still the need to convince a call centre and the local phone company. Now if you could sign up with a VOIP provider with a throwaway account and run the whole thing from your PC that would be closer to the spam situation. Note however that the access to the PSTN to connect the call would still be a choke and observation point that the existance of zombies means Spam no longer has. BTW, I assume all the above was within the US ? The FCC apparently has no interest in automated Spam calls from Florida to Europe so you would have problems in such a case (Florida State government kindly took an interest) or if the call was to the US from anywhere outside. The EU requires every member to have a DNCL but hasn't considered what to do about transnational calls and thus there is no one to regulate calls anywhere to the UK or for that matter to Estonia. -- Mike D From me at privacy.net Tue May 2 22:35:45 2006 From: me at privacy.net (NotMe) Date: Tue May 2 21:45:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Pete" wrote in message news:e390h5$kte$1@news.spamcop.net... | It's a reputable site that doesn't spam, as far as I know, yet it still ends | up in my Spamcop spam mail. How does this happen? Pardon my ignorance for | how the system works. | | Here is the URL for the block: | http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z | I had a h*ll of a time with them a few years back. From me at privacy.net Tue May 2 22:40:45 2006 From: me at privacy.net (NotMe) Date: Tue May 2 21:45:06 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "Patty" wrote in message news:tuhj42nmp24q$.xd0idfddmogb$.dlg@40tude.net... | On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: | | > I've read about this, but it's the first time it's happened to me. | > | > Despite being on the Do Not Call Registry I just received a pre-recorded | > message telling me that "the information I had requested on the Internet | > about extra income had been received" and it directed me to | > readfromhome.com. The incoming caller's number was blocked. | > | > So when I went to file a complaint at | > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming | > the Web site as the company I was complaining about, I named the company | > as HostingISP/readfromhome.com. | > | > I also called the ISP and asked if I could leave a message for the owner | > (it's lunchtime here). In the message I succinctly described what | > happened and advised him that I would be filing a complaint with the FTC | > over readfromhome.com and unfortunately I had to name his company as well. | > | > I predict this will become a more prevalent way of spamming in the | > not-too-distant future as spam filtering becomes more aggressive and | > accurate. | | Speaking of phone spam and do not call lists. We get calls from businesses | such as waterproofing basements, and when I tell them I'm on the Do Not | Call List they explain that they are not selling anything but they are | offereing to provide me with a free inspection. They are really trying to | split hairs here. I still report them. Invite them out for the free inspection. Best if there is a vacant lot in the neighborhood. I did that with a pest control company. took them a few months to figure things out. From tmcgraw at spamcop.net Tue May 2 20:01:33 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 22:05:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: <01c66e3d$afa319c0$LocalHost@default> References: <01c66e3d$afa319c0$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Tim McGraw wrote >> >> I predict this will become a more prevalent way of spamming in the >> not-too-distant future as spam filtering becomes more aggressive and >> accurate. > > Not really. Just as a Spam could say "as you requested on our web site" > so can a attempt to get round the Do Not Call list. If the evidnce is > missing or all the requests are from the same IP the owner of the > outgoing call centre will have to drop his cleint with prejudice or be > cut off. If the client generates a new company name and tries again the > weak point is still the need to convince a call centre and the local > phone company. I take it you are in Europe? Having hired phone centers in the US for legitimate marketing purposes many times, I can assure you that there is no shortage of call centers who will take on suspect clients so long as the check clears. Much the same way blackhat ISPs will take spammers' checks so long as they clear. I can't say for certain, but personally I don't believe a US call center has ever been "cut off" from the national phone system because they have a couple of suspect clients. And in the US, as long as the phone center's check clears, the phone company is going to provide them their connection so long as there is no evidence of overtly criminal activity (phishing by phone or making threats of bodily harm, for instance, and that's assuming those things are reported to the phone company; on criminal activity such as threats they will take action in the US, but most all other complaints will be ignored). In this case 1) the outbound message was automated (meaning a call center's warm bodies aren't really necessary) and 2) the caller ID was blocked. I could set up such a system in my home that would do this for me for <$5k US, and it is incredibly simple to do. > Now if you could sign up with a VOIP provider with a > throwaway account and run the whole thing from your PC that would be > closer to the spam situation. Note however that the access to the PSTN > to connect the call would still be a choke and observation point that > the existance of zombies means Spam no longer has. The real choke here is the VOIP provider. The primary choices are 1) Vonage and 2) skype. There are others for businesses. If you were making "illegal marketing calls" and the VOIP provider got wind of it they would cut you off, but if you could tunnel through from another IP# and had a second credit card or PayPal account you could be back on the trunk in less than 15 min. (with skype, anyway). > BTW, I assume all the above was within the US ? Who knows where the call came from? But the site it was pitching is hosted in the US. > The FCC apparently has no interest in automated Spam calls from Florida > to Europe so you would have problems in such a case (Florida State > government kindly took an interest) or if the call was to the US from > anywhere outside. The EU requires every member to have a DNCL but > hasn't considered what to do about transnational calls and thus there > is no one to regulate calls anywhere to the UK or for that matter to > Estonia. That's the downside of having a 20th century communications grid in the 21st century. BTW, the FCC tried to initiate the DNCL in the US and were immediately shot down over "freedom of speech" issues IIRC. The FTC (Federal Trade Commission) picked up the ball and administers the list. From nobody at devnull.spamcop.net Tue May 2 22:22:27 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 22:25:03 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Pete" wrote in message news:e390h5$kte$1@news.spamcop.net... > It's a reputable site that doesn't spam, as far as I know, yet it still ends > up in my Spamcop spam mail. How does this happen? Pardon my ignorance for > how the system works. > > Here is the URL for the block: > http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z Why are you blaming / identifying the SpamCopDNSBL???? X-SpamCop-Checked: 192.168.1.103 207.69.195.97 207.69.195.24 66.94.225.140 207.115.20.47 207.115.20.47 207.171.165.134 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net 207.171.165.134 not listed in bl.spamcop.net And for educational purposed, there are FAQs available. SpamCop.net Parsing & Reporting, the SpamCopDNSBL, ... in general could care less about the Domain involved .. it's the IP address of the spam spew source that's of prime interest. Google away to find all kinds of complaints about "unwanted e-mail from Amazon" ... despite your "they do not spam" description. From bll at seer.gentoo.com Wed May 3 03:43:51 2006 From: bll at seer.gentoo.com (Brad Lanam) Date: Tue May 2 22:45:03 2006 Subject: [SpamCop-List] .info domains are not being handled Message-ID: Reference: http://www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz seer:bll$ host theplaygame.info theplaygame.info has address 125.208.3.24 seer:bll$ -- Brad -- -- Brad Lanam bll@gentoo.com From nttp.sc.s at bigsleep.org Wed May 3 04:30:15 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 23:35:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 02 May 2006, - Patty entered spamcop and left news:ub1bhf4rrojl$.uj5v9lsbqpil$.dlg@40tude.net: > On Tue, 2 May 2006 07:25:31 -0700, Mike Easter wrote: > >> >> The necessary reconfiguration would have to be done by Michael, and >> following that reconfiguration, some adjustment to the pages of >> guidelines which were written in 1999. It is possible that the >> majordomo version is of an old vintage. It is possible that the old >> majordomo is not so configurable. Majordomo's 'evolution' is described >> at the GreatCircle website -- in which the different versions may be >> incompatible with different versions of the Perl script and similar >> tediums. That is correct, however I don't know how far back you have to go before that isn't an option. I installed Majordomo 1.94.5 on a FreeBSD server, the config file checks for Perl version 4.019 (or greater), however this port is configured specifically for my server, and the port available at freebsd.org claims to require Perl 5.8.8, and the bizsystems server is running UNIX (not FreeBSD). Even that doesn't really tell us much, however the headers that Mike supplied imply that "majordomo" on the bizsystems network is using Sendmail 8.11.4, which is significantly old (but isn't necessarily an upgrade factor). I still adhere to the "if it ain't broke don't fix it" mentality, but if +confirm isn't an option upgrading is, even though that could require some other upgrade as well. >> >> Currently the headers do not parse to name the server, for whatever >> reason and significance that is at this point. >> I think, if I have time, I may run a test for that. I do have 3 mail-list managers available, MailMan, Majordomo and Dada Mail. I may try out all three. I don't currently need them, but I should be familiar with them so that they could be available. >> The admin thinks it would be very difficult to reconfigure the majordomo >> or the majordomo plus the guidelines for the remote administration >> process. Ric doesn't think so. majordomo.cf # Set the default subscribe policy for new lists here. # If not defined, defaults to "open", but in today's increasingly # imbecile Internet, "open+confirm" or "auto+confirm" is a wiser # choice for publicly available Majordomo servers. # $config'default_subscribe_policy = "open+confirm"; # I expect that each list has it's own subscribe policy. Still, whats harder: typing a couple words and writing a couple lines of instructions, or spending time dealing with abuse reports? > > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be as > concise as what Ric had. I would love to read it, granted I may not > understand a lot of it, but I still would like to be able to more > familiarize myself with the process. > You really need to install it and read the man files and the doc files. I don't expect you to be able to do this, but you can install on Windows Texpad (textpad.com)(or a UNIX-compatable text reader for your OS) and either WinZip or WinRar (I think you already have one of those, or something compatable with tar files), and then you can attempt to read through the .pl doc and/or man files in the majordomo archive (WinRar's View command works well on text files), but that's a bit like sorting through trash that's been through a shredder. The info I posted is from documentation I had, the Majordomo and MajorCool sites, and the config_parse.pl file. -- | Ric | From nobody at devnull.spamcop.net Wed May 3 00:58:14 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed May 3 01:00:03 2006 Subject: [SpamCop-List] Re: .info domains are not being handled References: Message-ID: "Brad Lanam" wrote in message news:slrne5g676.jft.bll@seer.gentoo.com... > > Reference: > http://www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz > > seer:bll$ host theplaygame.info > theplaygame.info has address 125.208.3.24 > seer:bll$ No idea what half the stuff you posted means ... Tracking URL shows; Tracking link: http://theplaygame.info Resolves to 125.208.3.24 Routing details for 125.208.3.24 [refresh/show] Cached whois for 125.208.3.24 : ajtel@vip.sina.com helen5888@sohu.com Using last resort contacts ajtel@vip.sina.com helen5888@sohu.com helen5888@sohu.com bounces (4424 sent : 2214 bounces) Using helen5888#sohu.com@devnull.spamcop.net for statistical tracking From nospam at nospam.org Wed May 3 09:10:07 2006 From: nospam at nospam.org (Ejo) Date: Wed May 3 02:15:04 2006 Subject: [SpamCop-List] Spam via vacation notice Message-ID: http://www.spamcop.net/sc?id=z933550898z771b68698c1cccd97048373c5a57ab74z And here it happens, vacation notices are sent around and this is the way spam propagates. Ejo From sigerson at shpvideo.com Wed May 3 03:25:06 2006 From: sigerson at shpvideo.com (Steve Holmes) Date: Wed May 3 03:30:03 2006 Subject: [SpamCop-List] Spam Film Idea Message-ID: <44585AD2.C99FBE06@shpvideo.com> Seems that education is the ultimate way to defeat spam, or at least to reduce it dramatically. The sharper the consumer, the less likely he or she is to fall victim to an online con. With that in mind, I am thinking of producing a film on spam and how to fight it. This would be a professional job. Filmmaking is my business. It would probably run about a half-hour and appear on public television. The film would focus on spamfighting tips (do not unsubscribe, do not use your e-mail address in online conversations, do not click on links and, of course, report through SpamCop) and would include interviews with spamfighters (how do you do it, how far do you take it, etc.). Let?s dissect each of the common types of spam and come-ons, point out the warning signs and tell folks where to report it. We would have some fun, too, detailing the 419 reverse scams such as 419eater.com and featuring a scene, done with professional actors, created entirely from spam gibberish. Though spammers may be viewed by the public as a bunch of small-time hucksters, I?m not letting the big guys off the hook. It?s important to hold Qwest, UU, Sprint and other big providers and domain brokers responsible for their role in UCE. I?d like the film to raise bigger issues, too, such as the rights to privacy and free speech. Questions: 1) Are there other films about spammers? 2) Does anyone have a demographic profile of spammers (age, gender, etc.)? This would come in handy since I plan to bring in actors to read some of the most outrageous spam lines I?ve received (among my favorites: ?powerful enlargement: How A Man can do it like a lesbian?). 3) Know where I can find an ex-spammer, one who?s been jailed or has reformed? 4) I?m looking for spamfighters to inverview within a 300-mile range of my home bases, Iowa City, Iowa and Joplin, Missouri. Any leads or volunteers? 5) Any thoughts as to what angles you feel a film on spam should cover? If you?d prefer to contact me offline, try sigerson at shpvideo.com. Thank you. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwestisevil.com Wed May 3 04:21:07 2006 From: nospam at qwestisevil.com (Steve Holmes) Date: Wed May 3 04:25:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <445867F3.15FC8559@qwestisevil.com> Steve Holmes wrote: > (snip) The film would focus on spamfighting tips (do not unsubscribe, do > not > use your e-mail address in online conversations, (snip) Yeah, before anyone points it out, I realize I just did that last one in my previous message. Maybe I should watch the film I propose to make. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From newandrew at rump.dk Wed May 3 09:24:01 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Wed May 3 04:25:07 2006 Subject: [SpamCop-List] Did a spammer F*** up joejobbing spamcop.com and not .net? Message-ID: This was just to funny to just let it slip by: http://www.spamcop.net/sc?id=z933583983z425146adb24ddadefe82474c583ab423z Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From MikeE at ster.invalid Wed May 3 07:09:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:10:03 2006 Subject: [SpamCop-List] Re: .info domains are not being handled References: Message-ID: WazoO wrote: > "Brad Lanam" >> Reference: www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz >> >> seer:bll$ host theplaygame.info >> theplaygame.info has address 125.208.3.24 >> seer:bll$ I think Brad got a non resolve when he ran it; that's what it did for me Cannot resolve http://theplaygame.info Reports regarding this spam have already been sent: Re: 83.22.227.87 (Administrator of network where email originates) > No idea what half the stuff you posted means ... So Brad was showing whatever he uses to resolve the URL > Tracking URL shows; > > Tracking link: http://theplaygame.info > Resolves to 125.208.3.24 > Routing details for 125.208.3.24 > [refresh/show] Cached whois for 125.208.3.24 : ajtel@vip.sina.com > helen5888@sohu.com > Using last resort contacts ajtel@vip.sina.com helen5888@sohu.com > helen5888@sohu.com bounces (4424 sent : 2214 bounces) > Using helen5888#sohu.com@devnull.spamcop.net for statistical tracking That is actually not very 'accurate' work by SC, based on the spamcop mirror which is not uptodate 125.208.3.24 = no rDNS inetnum: 125.208.0.0 - 125.208.31.255 netname: PRIMETELECOM admin-c: KS434-AP = ajtel@vip.sina.com tech-c: CZ352-AP = CONG390@hotmail.com inetnum: 125.208.0.0 - 125.208.31.255 netname: PRIMETELECOM admin-c: KS1-CN = ajtel@vip.sina.com tech-c: CZ1-CN = CONG390@hotmail.com But the IP is spamhaused as the /32 for Leo Kuvayev / BadCow and primetelecom has numerous other single and blocklistings, 3 /32s 2 of which are Leo rokso, and also /24 /22 and /19 - so they are definitely not worth notifying, especially with 'personal' email addies like hotmail primetelecom's name is actually primetelecom.cn which doesn't have a reg'd abuse.net contact whose registrant is ajtel@euncn.com -- so there's that 'ajtel' username again. IMO the whole thing is a waste of time. primetelcom is as24416 Upstream Adjacent AS list AS4847 CNIX-AP China Networks Inter-Exchange Chasing down unresponsive.cn providers and their unresponsive upstreams for ROKSO spamvertisers is not fruitful. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed May 3 07:18:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:20:02 2006 Subject: [SpamCop-List] Re: Did a spammer F*** up joejobbing spamcop.com and not .net? References: Message-ID: Andrew Engels Rump (formerly Leif Andrew Rump) wrote: Subject: Did a spammer F*** up joejobbing spamcop.com and not .net? > This was just to funny to just let it slip by: > www.spamcop.net/sc?id=z933583983z425146adb24ddadefe82474c583ab423z Spamvertised: HYIP established to provide investors a way to increase their profit http://www.spamcop.com/investdot.com Sourced: 219.93.199.99 listed in cbl.abuseat.org ( 127.0.0.2 ) 219.93.199.99 is an open proxy Globaltrust doesn't want notifies about that spamvertising. ISP does not wish to receive reports regarding http://www.spamcop.com/investdot.com -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed May 3 10:29:04 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 09:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: That's not going to be an info-mercial is it? "Steve Holmes" wrote in message news:44585AD2.C99FBE06@shpvideo.com... > Seems that education is the ultimate way to defeat spam, or at > least to > reduce it dramatically. The sharper the consumer, the less > likely he or > she is to fall victim to an online con. With that in mind, I am > thinking > of producing a film on spam and how to fight it. This would be > a > professional job. Filmmaking is my business. It would probably > run about > a half-hour and appear on public television. > > The film would focus on spamfighting tips (do not unsubscribe, > do not > use your e-mail address in online conversations, do not click > on links > and, of course, report through SpamCop) and would include > interviews > with spamfighters (how do you do it, how far do you take it, > etc.). > Let’s dissect each of the common types of spam and come-ons, > point out > the warning signs and tell folks where to report it. We would > have some > fun, too, detailing the 419 reverse scams such as 419eater.com > and > featuring a scene, done with professional actors, created > entirely from > spam gibberish. > > Though spammers may be viewed by the public as a bunch of > small-time > hucksters, I’m not letting the big guys off the hook. It’s > important to > hold Qwest, UU, Sprint and other big providers and domain > brokers > responsible for their role in UCE. I’d like the film to raise > bigger > issues, too, such as the rights to privacy and free speech. > > Questions: > > 1) Are there other films about spammers? > > 2) Does anyone have a demographic profile of spammers (age, > gender, > etc.)? This would come in handy since I plan to bring in > actors to read > some of the most outrageous spam lines I’ve received (among my > favorites: “powerful enlargement: How A Man can do it like a > lesbian”). > > 3) Know where I can find an ex-spammer, one who’s been jailed > or has > reformed? > > 4) I’m looking for spamfighters to inverview within a 300-mile > range of > my home bases, Iowa City, Iowa and Joplin, Missouri. Any leads > or > volunteers? > > 5) Any thoughts as to what angles you feel a film on spam > should cover? > > If you’d prefer to contact me offline, try sigerson at > shpvideo.com. > Thank you. > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > From MikeE at ster.invalid Wed May 3 07:37:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:40:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: Pete wrote: > It's a reputable site that doesn't spam, as far as I know, yet it > still ends up in my Spamcop spam mail. How does this happen? You have configured your spam filter to use sorbs including the sorbs 127.0.0.6 which is the sorbs-spam list. Sorbs-spam list is built by sorbs using these criteria http://www.us.sorbs.net/faq/spamdb.shtml and requires the IP owner to pay a US $50 'fine' to sorbs designated charity or good cause -- which many providers are disinclined to do -- to be delisted, and which listing will recur if a spamtrap or whatever is hit. > Here is the URL for the block: www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z That is a straightup amazon item, where straightup means from = source = spamvertiser. If you want to receive amazon promotionals, you should whitelist them. If you don't want to use a list like sorbs which has to be paid to get off, you should take it out of your spamfilter system. Sorbs has quite a few different lists, and not everyone should use all or any of them http.dnsbl.sorbs.net 127.0.0.2 socks.dnsbl.sorbs.net 127.0.0.3 misc.dnsbl.sorbs.net 127.0.0.4 smtp.dnsbl.sorbs.net 127.0.0.5 spam.dnsbl.sorbs.net 127.0.0.6 web.dnsbl.sorbs.net 127.0.0.7 block.dnsbl.sorbs.net 127.0.0.8 zombie.dnsbl.sorbs.net 127.0.0.9 dul.dnsbl.sorbs.net 127.0.0.10 badconf.rhsbl.sorbs.net 127.0.0.11 nomail.rhsbl.sorbs.net 127.0.0.12 -- Mike Easter kibitzer, not SC admin From hendrik_maryns at despammed.com Wed May 3 18:51:13 2006 From: hendrik_maryns at despammed.com (Hendrik Maryns) Date: Wed May 3 11:55:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam In-Reply-To: References: Message-ID: Frog Prince schreef: > "Hendrik Maryns" wrote in message > news:e2q7cf$jgt$1@news.spamcop.net... > | Hi, > | > | Often, I submit so much spam, I don't get the time to click to all the > | confirmation screens. Then I have to use the link that says: Remove all > | unreported spam, to get all those 'message is more than two days old' > | warnings away. It would be nice if it was also indicated how much > | messages one would remove that way. I.e. that one gets to see how much > | one still has to report. > | > | This would also be practical to estimate how much more clicks & time one > | needs to get it done. > | > > That feature and a way to delete reports too old with one click have been > requested many times previously. Now if I get more than 3-4 too old to > report I dump the entire back long. BTW that's the only way to find out > how many reports are back logged. It could be useful if you get a few too old messages, and you see there are only two or three left, you could as well click through them, because one of them might still be valid. OTOH, if you see there are still 20 left, you?ll remove them. Another option which would be more interesting, I think, is to handle reporting in (some) chronological order. But then, that will probably eschew some metrics. > Accurate info but useless. Is keeping your users happy by just adding one simple counter also useless? H. -- Hendrik Maryns ================== http://aouw.org Ask smart questions, get good answers: http://www.catb.org/~esr/faqs/smart-questions.html From MikeE at ster.invalid Wed May 3 09:55:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 12:00:03 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: Pete wrote: Subject: I'm curious, how does Amazon.com end up on the SCBL? If you don't put your question where it belongs, in the body of your message, it isn't possible to answer the question in context without pasting your subject into the body of the reply. That isn't the correct way to write a news message or question. For practice and propriety in writing subjects and bodies, you can structure properly by writing the body first, then writing a brief subject to encapsulate or name/say what is contained in the body. That is, the subject should not be the only place to find the question or point of a post. > how does Amazon.com end up on the SCBL? 'It' amazon.com isn't on the SCbl, for several reasons. - amazon.com isn't an IP, SCbl lists IP addresses, not domains - the source IP 207.171.165.134 rDNS mm-retail-out-1102.amazon.com is *not* SCbl listed - rather it was tagged for listing because you configured to use sorbs lists > How does this happen? Pardon > my ignorance for how the system works. > Here is the URL for the block: www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z You can examine the Xlines for how your configuration of the spamcop filter blocked an item: X-SpamCop-Checked: 192.168.1.103 207.69.195.97 207.69.195.24 66.94.225.140 207.115.20.47 207.115.20.47 207.171.165.134 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net That tells you that the last Xline IP 207.171.165.134 caused the item to be tagged for blocking from the inbox because it was listed in one of the sorbs blocklists. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed May 3 09:59:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 12:00:09 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? Message-ID: Mike Easter wrote: > - rather it was tagged for listing because you configured to use > sorbs lists s/listing/blocking/ - rather it was tagged for blocking because you configured... -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed May 3 17:59:16 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 3 12:00:13 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "G?? |\/|AC0|\|" wrote in message news:e35i8b$cmt$1@news.spamcop.net... > For the purpose of this post, it doesn't matter who wrote: > >>> I see that winking grin, but you are going to get a semantics discussion >>> anyway. > > If the first person to change the topic from discussing the case of the > mailing list operator > wondering how spamcop works to the semantics of folder/directory naming > would be so > kind as to change the subject line, those of us who are interested in the > first topic but > not the second would find it easier to select posts that interest us. Umm, ermmm, aahh, would that have been me?? Or was it Mike? ;-) Prolly me. Oops! Sorry! I apogolise! I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic. . . . . . . . From porpoise1954 at yahoo.co.uk Wed May 3 18:00:30 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 3 12:05:03 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "Mike Easter" wrote in message news:e35jpa$dlr$1@news.spamcop.net... > > Of course you are correct. I find it a quaint observation that a > subject change among topic drifters leads quickly or even immediately to > the end of the subthread's conversation. Maybe that's the way it > /should/ be. In this case, it lasted for 3 posts, longer than usual, in > my experience. That's only because I surrendered early!!!!!.... ;-) From nttp.sc.s at bigsleep.org Wed May 3 19:46:49 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 14:50:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:44585AD2.C99FBE06@shpvideo.com: 1) Are there other films about spammers? I remember one, not a film to the extent that you are talking about, though. I don't remember the name of the show, but there was a mother who's child was getting porn spam, and she contacted the advertised site to try and get it to stop. I don't remember the whole show, but they tracked down the spammer and confronted him, it took them quite some time because they went through quite a few companies and several dead-ends. I'm sure it was over 30 mins and quite interesting. Maybe someone else here remembers that program? But I think we need more education. Ignoring or blocking it does little more than make it a little more interesting for the spammer (it actually creates more spam). Fighting it is the way to go, and we need more people fighting, and less fishies. I think a reality view of the spammer (and how easy it is for them) would be interesting. Also the domain registrars who accept money for all those crack domains, you can't complain to them and they don't care at all, that ain't right. -- | Ric | From nttp.sc.s at bigsleep.org Wed May 3 19:48:42 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 14:50:08 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:44585AD2.C99FBE06@shpvideo.com: > Filmmaking is my business. Hey, do you do that show on Discovery Home? I love that show, it's too short. -- | Ric | From nobody at devnull.spamcop.net Wed May 3 13:08:02 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 3 15:10:04 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: Hendrik Maryns wrote... > Another option which would be more interesting, I think, is to handle > reporting in (some) chronological order. But then, that will probably > eschew some metrics. ^^^^^^ ?????? http://www.m-w.com/dictionary/eschew From PossumTrot at dont.spam.me Wed May 3 13:23:14 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed May 3 15:25:03 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: I report every call, politicians included. In the You-can-spam act they gave themselves immunity, but they get reported anyway. "Patty" wrote in message news:tuhj42nmp24q$.xd0idfddmogb$.dlg@40tude.net... > On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: > >> I've read about this, but it's the first time it's happened to me. >> >> Despite being on the Do Not Call Registry I just received a pre-recorded >> message telling me that "the information I had requested on the Internet >> about extra income had been received" and it directed me to >> readfromhome.com. The incoming caller's number was blocked. >> >> So when I went to file a complaint at >> https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming >> the Web site as the company I was complaining about, I named the company >> as HostingISP/readfromhome.com. >> >> I also called the ISP and asked if I could leave a message for the owner >> (it's lunchtime here). In the message I succinctly described what >> happened and advised him that I would be filing a complaint with the FTC >> over readfromhome.com and unfortunately I had to name his company as >> well. >> >> I predict this will become a more prevalent way of spamming in the >> not-too-distant future as spam filtering becomes more aggressive and >> accurate. > > Speaking of phone spam and do not call lists. We get calls from > businesses > such as waterproofing basements, and when I tell them I'm on the Do Not > Call List they explain that they are not selling anything but they are > offereing to provide me with a free inspection. They are really trying to > split hairs here. I still report them. > > Patty From nospam at qwest-is-evil.com Wed May 3 15:28:10 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:30:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459044A.E2E2F336@qwest-is-evil.com> POP wrote: > That's not going to be an info-mercial is it? > > "Steve Holmes" wrote in message > news:44585AD2.C99FBE06@shpvideo.com... > > Seems that education is the ultimate way to defeat spam, or at > > least to > > reduce it dramatically. The sharper the consumer, the less > > likely he or > > she is to fall victim to an online con. With that in mind, I am > > thinking > > of producing a film on spam and how to fight it. (snip) Informercial? For what? Sorry if I left that impression. It's supposed to be a documentary about how to detect, avoid and fight spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From vanguard.news at yahooNIX.com Wed May 3 15:35:37 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Wed May 3 15:40:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Mike Easter" wrote in message news:e3abmp$chb$1@news.spamcop.net... > > You have configured your spam filter to use sorbs including the sorbs > 127.0.0.6 which is the sorbs-spam list. > > Sorbs-spam list is built by sorbs using these criteria > http://www.us.sorbs.net/faq/spamdb.shtml and requires the IP owner to > pay a US $50 'fine' to sorbs designated charity or good cause -- which > many providers are disinclined to do -- to be delisted, and which > listing will recur if a spamtrap or whatever is hit. > Personally, the $50 "donation" reeks too much of extortion. An IP address could get listed simply due to complaints from ignorant users who haven't a clue as to where a spam actually originated. There are plenty of situations where an IP address is falsely listed. Another problem with SORBS is that their list is hardly dynamic. A source that got listed by SORBS could be on their blacklist for several months without regard to behavior after that time. SpamCop is must more responsive (i.e., dynamic). At one time, my IP lease expired and I got a new IP address (I'm on cable but occasional my IP address does change). I ended up with one that a prior spammer had used and which was on the SORBS blacklist. SORBS responded within 2 days to get their list updated to remove my IP address - but that record was over 4 months old (i.e., it had been that long since they added the record and nothing afterward would've caused that IP address to remain listed). I don't use the SORBS list anymore because it doesn't reflect the current state of spam sources. Because SORBS is slow to update their list, they don't accurately reflect the nature of Internet where users can and WILL get different IP addresses, some of which are blacklisted although the new user of that old IP address never spammed or may have never even sent a single e-mail. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From nospam at qwest-is-evil.com Wed May 3 15:41:17 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:45:05 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459075D.7F8C5390@qwest-is-evil.com> Blammo wrote: > On 03 May 2006, - Steve Holmes entered spamcop and left > news:44585AD2.C99FBE06@shpvideo.com: > > 1) Are there other films about spammers? > > I remember one, not a film to the extent that you are talking about, > though. I don't remember the name of the show, but there was a mother who's > child was getting porn spam, and she contacted the advertised site to try > and get it to stop. I don't remember the whole show, but they tracked down > the spammer and confronted him, it took them quite some time because they > went through quite a few companies and several dead-ends. I'm sure it was > over 30 mins and quite interesting. Maybe someone else here remembers that > program? Yeah, I would be interested to know more about this one. If it's done all that I propose to do, no use reinventing the wheel. I'd love to confront a spammer, but tracking one down within a few hundred miles might be tough. Too bad I don't live in Florida. > But I think we need more education. Ignoring or blocking it does little > more than make it a little more interesting for the spammer (it actually > creates more spam). Fighting it is the way to go, and we need more people > fighting, and less fishies. Amen! That's the whole idea: Show people that spammers are usually con artists, show them how to avoid, detect and fight spam and the flow of spam will dry up significantly. There will always be Darwin Award winners who get suckered into buying something that's too good to be true (even worse, they can vote and they can breed). And even if spam becomes less and less profitable, there will always be people who hear the siren song of one-million e-mail addresses and feel it's a can't-miss deal. But education can take away potential customers and add a new level of hassle. That would probably cause a lot of spammers to walk away. > I think a reality view of the spammer (and how > easy it is for them) would be interesting. Also the domain registrars who > accept money for all those crack domains, you can't complain to them and > they don't care at all, that ain't right. Yes. As I said, I don't want to let the big guys off the hook. Spammers are snake-oil salesmen, but they couldn't do business without "more respectable" people fronting for them. I doubt that GoDaddy, Qwest and other enablers would grant me on-camera interviews, but if that's the case, I'd use a few shots of a microphone pointed at their big, distant HQs as "equal time." -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Wed May 3 15:42:21 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:45:09 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459079D.6F2EB24C@qwest-is-evil.com> Blammo wrote: > On 03 May 2006, - Steve Holmes entered spamcop and left > news:44585AD2.C99FBE06@shpvideo.com: > > > Filmmaking is my business. > > Hey, do you do that show on Discovery Home? I love that show, it's too > short. Nope. Discovery's a different animal. My stuff gets on public television around the country. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From tmcgraw at spamcop.net Wed May 3 14:09:02 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 3 16:10:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea In-Reply-To: <4459075D.7F8C5390@qwest-is-evil.com> References: <44585AD2.C99FBE06@shpvideo.com> <4459075D.7F8C5390@qwest-is-evil.com> Message-ID: Steve Holmes wrote: > > I'd love to confront a spammer Been there, done that. I called a once-notorious spammer in the next town over back in the '90s, and within the hour he sent a couple of cronies to my house and they turned off my electrical circuits via the outside circuit breakers. After that incident I stuck to LARTs. From not at home.today Wed May 3 23:59:08 2006 From: not at home.today (Ant) Date: Wed May 3 18:05:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: "Steve Holmes" wrote: > 1) Are there other films about spammers? There was a documentary "Rogue Mail" shown on the BBC (UK television) in June 2003, which prompted this post: http://news.spamcop.net/pipermail/spamcop-list/2003-June/047927.html This was my comment at the time: | Because of MS sueing spammers, there have been a few reports about it | on TV. I'm not sure if it was the same programme, but the reporter | was at that recent spam conference in the US. He mentioned Richter, | and shot some film of him, and I think I also caught a glimpse of | Julian. There was also a short interview with the chap who runs | Spamhaus. Later they tried to track down Eddie Marin (top spammer | according to Spamhaus) at his Florida office to get an interview. | Some chance! Of course the door was locked, and the female voice on | the intercom said he was not there. However a car was parked in his | space. When the reporter asked when would be a good time to call back, | "I suggest you don't", was the reply. Perhaps it would be worth contacting the BBC. If I'm mistaken, and the film I remember wasn't shown by them, then I would have only seen it on Channel 4, or possibly ITV. From nttp.sc.s at bigsleep.org Thu May 4 00:10:30 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 19:15:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:4459079D.6F2EB24C@qwest-is-evil.com: > Blammo wrote: > >> On 03 May 2006, - Steve Holmes entered spamcop and left >> news:44585AD2.C99FBE06@shpvideo.com: >> >> > Filmmaking is my business. >> >> Hey, do you do that show on Discovery Home? I love that show, it's too >> short. > > Nope. Discovery's a different animal. My stuff gets on public television > around the country. > Kind of a joke, thought maybe you knew Mike Holmes. -- | Ric | From nttp.sc.s at bigsleep.org Thu May 4 00:25:41 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 19:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459075D.7F8C5390@qwest-is-evil.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:4459075D.7F8C5390@qwest-is-evil.com: > Yeah, I would be interested to know more about this one. If it's done > all that I propose to do, no use reinventing the wheel. > > I'd love to confront a spammer, but tracking one down within a few > hundred miles might be tough. Too bad I don't live in Florida. > Well, it actually was pretty easy to find, it was on Dateline (I personally hate to link to this site, but its for a good cause)... Dateline tracks down a porn spammer On the hunt for a man who sent a vulgar e-mail to a Texas housewife By John Hockenberry Dateline NBC Updated: 8:37 p.m. ET Aug. 5, 2005 http://www.msnbc.msn.com/id/8841299/ and some more info here... The clues that led us to the porn spammer (Andy Lehren, Dateline producer) http://www.msnbc.msn.com/id/8871839/ -- | Ric | From nobody at devnull.spamcop.net Wed May 3 21:36:07 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 20:40:03 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "Possum Trot" wrote in message news:e3avvk$okn$1@news.spamcop.net... >I report every call, politicians included. In the You-can-spam >act they gave themselves immunity, but they get reported anyway. > I've never come across a reputable site whose AUP or TOS allowed anyone, even politicos or whatever, to spam. Spam is spam to the ISP and it's verboten; their servers, their right to decide what can be done on them. I consider the phone the same: It's MY phone, in MY house - no one has permission to disturb me with anything I dont' wish to be disturbed about. Just a thought Pop From nobody at devnull.spamcop.net Wed May 3 21:45:12 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 20:50:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459044A.E2E2F336@qwest-is-evil.com... > POP wrote: > >> That's not going to be an info-mercial is it? >> >> "Steve Holmes" wrote in message >> news:44585AD2.C99FBE06@shpvideo.com... >> > Seems that education is the ultimate way to defeat spam, or >> > at >> > least to >> > reduce it dramatically. The sharper the consumer, the less >> > likely he or >> > she is to fall victim to an online con. With that in mind, I >> > am >> > thinking >> > of producing a film on spam and how to fight it. (snip) > > Informercial? For what? Sorry if I left that impression. It's > supposed > to be a documentary about how to detect, avoid and fight spam. > > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > No, you didn't leave that impression; I came up with that Q all on my own with my own little pair of brain cells. Coincidentally, I'd just come from trying not to listen to a Canadian version of PBS showing how to fight spam and it turned out to be, after about fifteen minutes, a bait&switch to get you to buy their computers because they knew all about spam and how to control it. I was still a little irked. Sorry if I projected some of that your way. I love your idea, actually, and IMO, I think it should be a two-part, probably half hour mini-series on the subject. And with a good mix of ISPs represented also, in addition to the spammers. Maybe some law enforcement if they can be talked into it; some of them like a camera pointed at them. If it should hit with the audience, maybe it could grow into something more for the next season, who knows? Somehow you'd need a way to alert an audience to the show's airtimes/dates in order to replace the ones that leave because they aren't interested. You know, ratings and all that. In the end, I wish it could escalate until some news media of some sort picks it up as one of those short, daily "reports' on the state of today's spam or some such thing. Material would be SO easy to get! It should have become a daily part of media life a good three years ago; maybe we wouldn't be where we are now. Cheers, Pop From tmcgraw at spamcop.net Wed May 3 19:29:48 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 3 21:30:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea In-Reply-To: References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: POP wrote: > > If it should hit with the audience, maybe it could grow into > something more for the next season, who knows? Somehow you'd > need a way to alert an audience to the show's airtimes/dates in > order to replace the ones that leave because they aren't > interested. You know, ratings and all that. Seven spammers. Two computers. One double-wide and One cable modem. Who will become the spam king on NBC's new reality show "Chickenboner"? > In the end, I wish it could escalate until some news media of > some sort picks it up as one of those short, daily "reports' on > the state of today's spam or some such thing. Material would be > SO easy to get! It should have become a daily part of media life > a good three years ago; maybe we wouldn't be where we are now. Dang. That's not as crazy as it sounds! From me at privacy.net Wed May 3 22:56:08 2006 From: me at privacy.net (NotMe) Date: Wed May 3 22:30:04 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "POP" | >I report every call, politicians included. In the You-can-spam | >act they gave themselves immunity, but they get reported anyway. | > | | I've never come across a reputable site whose AUP or TOS allowed | anyone, even politicos or whatever, to spam. Spam is spam to the | ISP and it's verboten; their servers, their right to decide what | can be done on them. I consider the phone the same: It's MY | phone, in MY house - no one has permission to disturb me with | anything I dont' wish to be disturbed about. | | Just a thought According to what the CongressCritters have passed (it's a LAW) they have the RIGHT to do just that. From me at privacy.net Thu May 4 00:01:11 2006 From: me at privacy.net (NotMe) Date: Wed May 3 23:05:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459079D.6F2EB24C@qwest-is-evil.com... | Blammo wrote: | | > On 03 May 2006, - Steve Holmes entered spamcop and left | > news:44585AD2.C99FBE06@shpvideo.com: | > | > > Filmmaking is my business. | > | > Hey, do you do that show on Discovery Home? I love that show, it's too | > short. | | Nope. Discovery's a different animal. My stuff gets on public television | around the country. | | -- | Steve Holmes | Executive Producer | "The New Ball Game" | "RailFAN" | 319-337-9507 Might think about an on demand web cast. If you do go that route we'd be interested in contributing graphics {www.imagine-that.ws what's there is dated but will give you an idea} From newandrew at rump.dk Thu May 4 08:15:41 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Thu May 4 03:20:10 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Hendrik Maryns mumbled in news:e3ajhh$ggb$1@news.spamcop.net: > It could be useful if you get a few too old messages, and you see > there are only two or three left, you could as well click through > them, because one of them might still be valid. OTOH, if you see > there are still 20 left, you???ll remove them. Just go in to Past Reports and View recent reports and you see the status of the last ten submitted reports - or is this something you only get when you also pay for a mail account? Anyway the address is http://mailsc.spamcop.net/mcgi?action=histmenu Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From gazza at f2s.com Thu May 4 09:40:56 2006 From: gazza at f2s.com (Gareth) Date: Thu May 4 03:45:03 2006 Subject: [SpamCop-List] Does it work? Message-ID: Hi I am new to spamcop. I recently opened an email account with my ISP which has obviously been used before and receives around 10 spams per day. I have been reporting all the spam for nearly a month now but have not noticed any change in the volume of spam I receive. Is this normal? Should I persevere or are these spammers just too good at avoiding being being blocked? Cheers Gareth From nospam at qwest-is-evil.com Thu May 4 03:52:34 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 03:55:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: <4459B2C2.F8384A11@qwest-is-evil.com> POP wrote: > (snip) > > Informercial? For what? Sorry if I left that impression. It's > > supposed > > to be a documentary about how to detect, avoid and fight spam. > > > No, you didn't leave that impression; I came up with that Q all > on my own with my own little pair of brain cells. No harm, no foul. > (snip) I love your idea, actually, and IMO, I think it should be a > two-part, probably half hour mini-series on the subject. And > with a good mix of ISPs represented also, in addition to the > spammers. Maybe some law enforcement if they can be talked into > it; some of them like a camera pointed at them. This is good. Hadn't thought of bringing them in. I knew there was a reason I posted the idea here. > > If it should hit with the audience, maybe it could grow into > something more for the next season, who knows? Somehow you'd > need a way to alert an audience to the show's airtimes/dates in > order to replace the ones that leave because they aren't > interested. You know, ratings and all that. (snip) No problem. I can post those on my site (www.shpvideo.com). -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 03:54:40 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 03:55:10 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: <4459B340.B441437C@qwest-is-evil.com> Tim McGraw wrote: > POP wrote: > > > > If it should hit with the audience, maybe it could grow into > > something more for the next season, who knows? Somehow you'd > > need a way to alert an audience to the show's airtimes/dates in > > order to replace the ones that leave because they aren't > > interested. You know, ratings and all that. > > Seven spammers. Two computers. One double-wide and One cable modem. > > Who will become the spam king on NBC's new reality show "Chickenboner"? > (snip) Thanks for the laugh of the day. And what would be the prize for our winner? One-hundred shares of Vinoble or Nano Superlattice? Remember, they're gonna be huge! -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 04:02:58 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 04:05:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: <4459B532.C111F400@qwest-is-evil.com> NotMe wrote: > (snip) Might think about an on demand web cast. > > If you do go that route we'd be interested in contributing graphics > {www.imagine-that.ws what's there is dated but will give you an idea} Distribution will depend in part on whoever funds the film. My guess is the festival route, public television and educational distribution for use in classrooms, perhaps as part of a DVD that contains examples of spam and links to anti-spam websites. It would be ironic to distribute an anti-spam film over the Internet that has brightened our lives with so much spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 04:04:44 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 04:05:09 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459B59C.5FDFBDCF@qwest-is-evil.com> Ant wrote: > "Steve Holmes" wrote: > > > 1) Are there other films about spammers? > > There was a documentary "Rogue Mail" shown on the BBC (UK television) > in June 2003 (snip) Appreciate the idea. I'll check it out. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From scamper at trisk.com Thu May 4 03:35:22 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Thu May 4 04:40:05 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > Hi > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. Reporting spam emails via SpamCop contributes to the SBL (SpamCop Blocklist), and potentially allows abuse desks at the sites hosting the spammer to be notified of the illicit activity. If the spammer's ISP cares, then yes, it can have an effect since the ISP can take measures. If not, then it probably won't stop the spam source, at least not immediately. However by contributing to the spamcop block list, you and others can make use of that blocklist to either tag and divert incoming mail to a spam folder, or possibly block the source directly during the SMTP transaction if your ISP allows that for your account. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. The spam problem is huge on the Internet. The spam filter program I use currently has over 60,000 domains listed in the filters internal lists, and about 20,000 IP/CIDR ranges. Reporting spam via spamcop won't stop spam. However it can be used as one of several weapons in an arsenal used to fight spam. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? Yes, it's normal (using normal in this sense as "the current state of affairs on the Internet"). Not to be confused with "desired". Yes, I think you should persevere. Spammers are not really very good at avoiding being blocked, but that depends on how you define "being blocked". The way I use the definition is: If the spam is kept out of your inbox and ends up in a junk or spam folder, or is accurately tagged as spam, then it was successfully "blocked". What you infer is that like most of us, you don't want to even have to look through a spam folder for potential false positives show up in your spam folder, or see false negatives show up in your inbox. That's the hard part of filtering and is what spammers count on because when you open a piece of their spam email even to examine it as a specimen to improve your filtering methods, it allows their message into your consciousness. In that respect being a spam fighter is similar to being a plumber. Sometimes you hire a plumber to do the dirty work. Sometimes you don't, and just do it yourself. When you make use of spamcop by choosing to open and examine spam specimens before reporting them, it's similar to you joining the ranks of plumbers on the Internet. Spamcop in that sense is like the plumbers helper, as are various spam filters. As for "blocking mail": I can block 100% of email. I will get no spam. I'll also get no email at all. :) Or I can implement a system to sort email into good email and bad email (spam) categories using various mechanisms. This is what spam filters attempt do, some are better at it than others, but none are perfect, though they can get above 99.9% accuracy which is very good even for manufacturing standards. Or I can implement a system to use DNS based blocklists such as the SBL to block IP's during the SMTP transaction level. The best DNS blocklists are about 50-70% accurate, and are prone to false positives. They are better used in a tag and divert mode rather than as a direct block of email. Or I can implement a combination white listing, DNS blocks, and filtering, or DNS tag and divert, and filtering, etc. There are many to deal with the issue as a receiver. Personally, I run my own mail server, because this gives me maximum control over the server configuration. On that server I use the following: Geographical blocks. (email from source countries such as China is blocked except for email sent to role accounts.) Spamcop blocks. (If an IP is on the SBL and not addressed to a role account, it is blocked. Email sent to role accounts are allowed to bypass this, or can be bypassed on a per account name basis.) Bayesian scoring, using a bayesian filter to give an opinion on the spamicity of the email, and set certain other variables based on that score. Custom whitelisting, using a combination of procmail recipes and email aliases that map to my accounts given to websites where I want their information that allows such email bypass further filtering Finally I use a spam filter to filter mail that fails the other tests, and have that filter configured to auto submit to spamcop. ISP's don't generally have such fancy filtering systems in place. In the end, it's up to you how to deal with the spam issue by making use of available tools or coming up with some home brew solution. This sort of system can be made to work with an unfiltered ISP email account if you set up the filter such that it downloads the mail then filters it locally according to whatever system you choose to setup. -- Garen From nttp.sc.s at bigsleep.org Thu May 4 10:19:50 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 05:20:10 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 04 May 2006, - Gareth entered spamcop and left news:e3cb68$gve$1@news.spamcop.net: > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per > day. It is more likely from a dictionary attack, this is when they use a list of names in order to "guess" eMail addresses. Also. posting your address anywhere, especially newsgroups and message boards, will get you spam. > I have been reporting all the spam for nearly a month now but > have not noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? > It depends, I can say with some certainty that reporting will NOT increase the amount you receive. However if you open even one message, and that message loads an image or any link to another site (which may indicate to the spammer that your account is active), you will definately see an increase in spam. There are things the ISP can do to reduce dictionary attacks, and if they do nothing, then you could see an increase. "Gazza" doesn't seem like it would be an easy guess, but I don't know it could be common in some other language, but my point would be that "mixing it up" would reduce the chance of it getting a hit. And then, the more you use an address, the greater the odds of getting spam. I have addresses that I never use, so I know they can get spam even if not used. Several are used only for newsletters and some only for mailing lists of which at least one gets the occasional spam. Some addresses go through block lists (and other anti-spam methods), and some only get tagged. So I can say with some certainty that reporting probably does help, but so far as I've seen, no method is anywhere near 100% effective. -- | Ric | From nttp.sc.s at bigsleep.org Thu May 4 10:25:04 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 05:30:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 04 May 2006, - Garen Erdoisa entered spamcop and left news:e3cech$jdb$1@news.spamcop.net: > Or I can implement a combination white listing, DNS blocks, and > filtering, or DNS tag and divert, and filtering, etc. > You might find spasm interesting... http://www.nspasm.org/ -- | Ric | From dws at dealing-with-spam.info Thu May 4 12:55:58 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu May 4 06:00:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: Steve Holmes wrote on Thu, 04 May 2006 03:02:58 -0500: > It would be ironic to distribute an anti-spam film over the Internet > that has brightened our lives with so much spam. I don't think so. What *would* be ironic is spamvertizing it :) From nospam at nospam.org Thu May 4 14:34:27 2006 From: nospam at nospam.org (geo_splash_12) Date: Thu May 4 07:35:07 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > I am new to spamcop. Welcome! > I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. This is sort of normal, most of us receive between 0 and approximately 200 spams per day. It is a valuable tool actually, since it reminds me that our e-mail systems are still working. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? yes > Should I persevere yes, perhaps consider to report only that stuff which is non-chinese, and non-korean. > or are these spammers just too good > at avoiding being being blocked? yes Live long and prosper! Ejo From nobody at devnull.spamcop.net Thu May 4 08:56:30 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 4 09:00:03 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC References: Message-ID: "WazoO" wrote in message news:e38a72$83p$1@news.spamcop.net... > "Maxx Excaliber" wrote in message > news:e3817j$2fj$1@news.spamcop.net... > > Tracking URL: > > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z > > > > Spamvertised URL: > > http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php > > > > SpamCop does not recognize this as a valid URL. I was able to decode it > > using a hex2dec convertor on the web. The hex part decodes to > > 216.219.88.52. This should go to abuse@hostdepartment.com or > > abuse@worldispnetwork.com > > > > Thanks. > > As posted in the Forum at > http://forum.spamcop.net/forums/index.php?showtopic=6285 > this should have been posted into spamcop or spamcop.help .... > spamcop.routing is for where reports end up after a successful parse. > I'm crossposting and setting follow-ups to the spamcop > newsgroup. Follow-up posted in the Forum, brought here to bring this thread up to date .. From: "SpamCop/Ellen" To: "WazoO" Subject: Re: URLs encoded as hex Date: Thu, 4 May 2006 07:51:00 -0400 the hex-encoding in the url issue has been added to the bugs list Ellen SpamCop Please include all correspondence with replies From nobody at devnull.spamcop.net Thu May 4 10:21:07 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 4 09:25:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "NotMe" wrote in message news:e3bomp$6uk$1@news.spamcop.net... > > "POP" > > | >I report every call, politicians included. In the > You-can-spam > | >act they gave themselves immunity, but they get reported > anyway. > | > > | > | I've never come across a reputable site whose AUP or TOS > allowed > | anyone, even politicos or whatever, to spam. Spam is spam to > the > | ISP and it's verboten; their servers, their right to decide > what > | can be done on them. I consider the phone the same: It's MY > | phone, in MY house - no one has permission to disturb me with > | anything I dont' wish to be disturbed about. > | > | Just a thought > > According to what the CongressCritters have passed (it's a LAW) > they have > the RIGHT to do just that. > > I know what you're getting at, but: I also have the RIGHT to complain and report them for disturbing me or to block them. And I do. Pop From me at privacy.net Thu May 4 09:57:01 2006 From: me at privacy.net (Frog Prince) Date: Thu May 4 09:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459B532.C111F400@qwest-is-evil.com... | NotMe wrote: | | > (snip) Might think about an on demand web cast. | > | > If you do go that route we'd be interested in contributing graphics | > {www.imagine-that.ws what's there is dated but will give you an idea} | | Distribution will depend in part on whoever funds the film. My guess is the | festival route, public television and educational distribution for use in | classrooms, perhaps as part of a DVD that contains examples of spam and links | to anti-spam websites. | | It would be ironic to distribute an anti-spam film over the Internet that has | brightened our lives with so much spam. Perhaps distributed with new computer pruchases either from the manufacure or from the retailer. I know one very small retailer that would be interested. Sad part he's not big enough to make the project viable. From abuse at rinet.ru Thu May 4 14:41:51 2006 From: abuse at rinet.ru (RiNet Abuse Department) Date: Thu May 4 09:45:03 2006 Subject: [SpamCop-List] why our server got listed? Message-ID: Today our primary mail server got listed again (it was delisted yesterday). Server's ip is 195.54.192.35 Reason of listing is: System has sent mail to SpamCop spam traps in the past week Dispute listing didnt work - noone care to answer. How can i get any info about reasons of listing? This system does not originate mail itself, it's just mail relay. P.S. while reading spamcop web site i've found 'misdirected bounce' feature. Can anyone explain me how it can be avoided on secondary mail relays (which do not have any info about quotas/existing users etc. and _can not_ reject mail during smtp phase)? -- Oleg. From me at privacy.net Thu May 4 10:37:18 2006 From: me at privacy.net (Frog Prince) Date: Thu May 4 09:55:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: "Andrew Engels Rump ( | > It could be useful if you get a few too old messages, and you see | > there are only two or three left, you could as well click through | > them, because one of them might still be valid. OTOH, if you see | > there are still 20 left, youâ?Tll remove them. | | Just go in to Past Reports and View recent reports and you see the | status of the last ten submitted reports - or is this something | you only get when you also pay for a mail account? Anyway the | address is http://mailsc.spamcop.net/mcgi?action=histmenu I'm trying to avoid extra steps/work. Why not present the data up front? Or better yet allow me to delete the useless reports? From spamcop-list-at-news.spamcop.net at musaic.net Thu May 4 16:51:20 2006 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Thu May 4 09:55:48 2006 Subject: [SpamCop-List] why our server got listed? In-Reply-To: References: Message-ID: <184522787.20060504155120@musaic.net> > System has sent mail to SpamCop spam traps in the past week > Dispute listing didnt work - noone care to answer. Hmmmm - did you perhaps send your dispute to one of the spam traps..? ;) > How can i get any info about reasons of listing? This system > does not originate mail itself, it's just mail relay. ...that some spammer uses at will - probably thru someone's infected/intruded PC... > P.S. while reading spamcop web site i've found 'misdirected > bounce' feature. Can anyone explain me how it can be avoided > on secondary mail relays (which do not have any info about > quotas/existing users etc. and _can not_ reject mail during > smtp phase)? http://spamlinks.net/prevent-secure-backscatter.htm -- St From Kilgallen at SpamCop.net Thu May 4 10:09:30 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu May 4 10:10:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: <687R+IIvVo4Q@eisner.encompasserve.org> In article , RiNet Abuse Department writes: > P.S. while reading spamcop web site i've found 'misdirected bounce' > feature. Can anyone explain me how it can be avoided on secondary > mail relays (which do not have any info about quotas/existing users > etc. and _can not_ reject mail during smtp phase)? Such a machine is not viable in the world of today's spammers. Rejecting email during the SMTP dialog is essential. If your machine cannot do that, I recommend sending it to the scrap heap. From MikeE at ster.invalid Thu May 4 08:11:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 10:15:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: RiNet Abuse Department wrote: > Today our primary mail server got listed again (it was delisted > yesterday). Delisting is not the comprehensive way to manage a problem with a server getting itself blocklisted. > Server's ip is 195.54.192.35 195.54.192.35 = relay.rinet.ru which is one of several output servers in the same family, some of which are also listed on other blocklists. > Reason of listing is: > System has sent mail to SpamCop spam traps in the past week 195.54.192.35 listed in bl.spamcop.net will be delisted automatically in approximately 19 hours has sent mail to SpamCop spam traps past 86.9 days, it has been listed 5 times for a total of 44 hours > Dispute listing didnt work - noone care to answer. dispute listing only works for the instance of when the listing is based on 'mistakes' -- where a mistake is a mistake during the parse, that an IP is named as source when it wasn't, or when a reporter mistakenly reported their own provider named in a mistaken parse. 'Mistakes' do not include reports based on backscatter or other non-conventional abuse which is not typical spam sourced from the IP. The dispute par sez: // Dispute Listing -- If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes. // Disputing a listing because the listing was based on backscatter is going to be considered meritless. > How can i get any info about reasons of listing? This system does > not originate mail itself, it's just mail relay. Because the listing is based on spamtrap hitting, there isn't a process by which you could have gotten the report evidence itself. When there are reports from reporters and not spamtraps, those reports are sent to abuse@rinet.ru > P.S. while reading spamcop web site i've found 'misdirected bounce' > feature. Can anyone explain me how it can be avoided on secondary > mail relays (which do not have any info about quotas/existing users > etc. and _can not_ reject mail during smtp phase)? Misdirected bounces result from the condition of a server which is facing the internet and accepting mail with bogus Froms which it can't deliver which server then creates abusive newmails addressed to the bogus From. Those abusive newmails are spamcop reportable. That configuration is no good. When you were reading on the spamcop website faq, you must've surely encountered this lengthy help page, which you should have been following instead of simply express delisting instead of remedying the problem: http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders bad? -- Traditional auto-responders - Misdirected bounces Challenge/response spam filtering -- Why not allow bounces? -- Mitigation techniques? - If you use qmail, please apply a patch -- Microsoft has updates available for their Exchange Servers -- your responder should use SPF and/or Domain Keys to verify the authenticity of the message being replied to -- Sending delayed bounces to all and sundry is not a good way to prevent directory harvesting - it harms others and does not really prevent harvesting -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu May 4 08:30:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 10:35:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > RiNet Abuse Department wrote: >> Today our primary mail server got listed again > 195.54.192.35 = relay.rinet.ru > which is one of several output servers in the same family, some of > which are also listed on other blocklists. > 195.54.192.35 listed in bl.spamcop.net 195.91.195.33 = shvernik.rinet.ru was found in the CBL proxified spamtrap hitter inetnum: 195.54.192.0 - 195.54.192.127 netname: RINET-INTERNAL descr: Cronyx Plus Ltd. descr: RiNet ISP inetnum: 195.91.195.32 - 195.91.195.63 netname: SHV-DHCP-HNET descr: Shvernik residential network segment; DHCP descr: RiNet ISP marmot.rinet.ru DNS 158.250.26.66 158.250.26.66 rDNS ns.cronyx.ru 158.250.26.66 listed in bl.spamcop.net will be delisted automatically in approximately 7 hours has sent mail to SpamCop spam traps past 49.8 days, it has been listed 2 times for a total of 36 hours 195.91.198.239 h195-91-198-239.ln.rinet.ru CBL listed, outputs thousands of items per day 195.91.172.16 h195-91-172-16.ln.rinet.ru CBL listed, outputs hundreds of items per day -- Mike Easter kibitzer, not SC admin From turan.fe at t-online.de Thu May 4 18:44:21 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Thu May 4 11:45:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Your e-mail address can be considered as "burned". It is too well known to spammers to get it clean again. The best method to get rid of spam is - Get an additional address, if possible one that cannot be guessed and will not be found with a dictionary attack. - If the address does not get spammed, tell your friends (!) about this address and phase out the old one. - Otherwise, try yet another one. I have got rid of spam this way. Turan From MikeE at ster.invalid Thu May 4 09:58:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 12:00:04 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Gareth wrote: > I am new to spamcop. Good. Being a spamcop reporter is a more advanced form of good mailbox management than simply managing your Inbox to prevent spam annoyance -- it is actually slightly more trouble than just keeping spam out of the Inbox and out of your visual range, so it is important that your higher priorities should be met first. IMO, your first 'responsibility' is to manage your Inbox conveniently and your second responsibility is to never aid or profit any spammer, mainsleaze or otherwise, intentionally or inadvertently. That is a passive antispammer responsibility. The next higher level of antispammer action is to spamcop report your spam which has already been diverted from your Inbox by fulfilling the first two responsibilities. > I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per > day. That doesn't mean the address of the user+domain was used before. Spammers put usernames + various domainnames, so choosing a username which has ever been used by anyone with any domain will get you spam before you ever expose it. > I have been reporting all the spam for nearly a month now but > have not noticed any change in the volume of spam I receive. That is to be expected in the current condition of modern spam. Modern spam is mostly injected/sourced by abused user IP proxified trojans and mostly spamvertising bulletproof spamvertisers whose providers do not intend to terminate the spamvertiser. > Is this normal? Yes, as long as you are able to handle your spam conveniently and non-frustratingly and also report it sufficiently conveniently and as long as you are not profitting any spammers in the process of handling your spam. If you are profitting spammers in any way, I would suggest that you restructure how you are mail handling and fulfill the non-profitting role before you begin to report spam. If you are handling your spam insecurely to report to spamcop, I recommend that you do not do that. > Should I persevere or are these spammers just too good > at avoiding being being blocked? If the other responsibilities are otherwise met, ideally by having a proper spamfilter diverting all of your spam to the Junk folder from which it is reported, and if the submission to spamcop is performed properly and easily, then there is a benefit to the spamcop reporting. That reporting will not reduce your spam, but it will contribute to the SCbl which can help you and others filter your spam more effectively. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Thu May 4 09:59:40 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 4 12:00:09 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: References: Message-ID: Tim McGraw wrote: > > I predict this will become a more prevalent way of spamming This not entirely unrelated item just came across my virtual desk: "Phishers are targeting potential victims through yet another channel: voice over IP systems... The scam is particularly ingenious because it is so cheap for the phisher to run." http://www.ecommercetimes.com/story/spQGvdVUfMu05r/Phishers-Latch-Onto-VoIP-Systems.xhtml From ppearson at nowhere.invalid Thu May 4 17:11:51 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Thu May 4 12:15:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On Thu, 04 May 2006 08:40:56 +0100, Gareth wrote: > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? Adding my perspective to those of previous posters: Spamcop doesn't keep spammers from sending you spam, but it does two useful things: 1. Spamcop makes it easy to report spammers, which you might want to do for public-spiritedness; and 2. Spamcop gives you some good spam-sorting tools to facilitate finding the wheat among the chaff. The parts that I find useful are: - the Held Mail folder, particularly the (unlabeled) "select all" box and the "Report as Spam" button; - the Filters; - the whitelist; and - the web-form-based Report Spam page (http://mailsc.spamcop.net), for spam that sneaks past all the guards and makes it to my Linux box. My ISP (Charter) silently discards email I send that looks like spam, so I can't just forward spam to my Spamcop reporting email address. If you read French, you can find detailed usage suggestions on Jean-Daniel Dodin's wiki: http://dodin.org/mediawiki/index.php/SpamCop -- To email me, substitute nowhere->spamcop, invalid->net. From oleg at lath.rinet.ru Thu May 4 18:45:16 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 13:50:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > RiNet Abuse Department wrote: >> Today our primary mail server got listed again (it was delisted >> yesterday). > > Delisting is not the comprehensive way to manage a problem with a server > getting itself blocklisted. Sure. But this server pass through about half million messages per day, serving ~8k clients. When it got listed, problem was fixed asap (i.e. manual delisting), then i've filled dispute form (in order to get details and fix root of the problem). > >> Server's ip is 195.54.192.35 > > 195.54.192.35 = relay.rinet.ru > which is one of several output servers in the same family, some of which > are also listed on other blocklists. > >> Reason of listing is: >> System has sent mail to SpamCop spam traps in the past week > > 195.54.192.35 listed in bl.spamcop.net > will be delisted automatically in approximately 19 hours > has sent mail to SpamCop spam traps > past 86.9 days, it has been listed 5 times for a total of 44 hours > yes, i've seen that. But it's still unclear was it mail originated from server? was it bounce? anything else? what should i fix? >> Dispute listing didnt work - noone care to answer. > > dispute listing only works for the instance of when the listing is based > on 'mistakes' -- where a mistake is a mistake during the parse, that an > IP is named as source when it wasn't, or when a reporter mistakenly > reported their own provider named in a mistaken parse. > > 'Mistakes' do not include reports based on backscatter or other > non-conventional abuse which is not typical spam sourced from the IP. > > The dispute par sez: // Dispute Listing -- If you are the administrator > of this system and you are sure this listing is erroneous, you may > request that we review the listing. Because everyone wants to dispute > their listing, regardless of merit, we reserve the right to ignore > meritless disputes. // > > Disputing a listing because the listing was based on backscatter is > going to be considered meritless. > How can i know what was that? 'Sending mail to spamcop trap' diagnostic is not detailed enough - i still dont know which kind of problem should i fix (was it bounce to spamtrap? someone who has access to this server sent mail to spamtrap? autoresponder message?). Daily log of this server is about 2G, so i _have to know_ what i'm looking for. >> How can i get any info about reasons of listing? This system does >> not originate mail itself, it's just mail relay. > > Because the listing is based on spamtrap hitting, there isn't a process > by which you could have gotten the report evidence itself. When there > are reports from reporters and not spamtraps, those reports are sent to > abuse@rinet.ru yes, i know this. I'm the person who is dealing with those reports. If i get such report for the issue we are talking about - i would be happy and we had nothing to discuss. > >> P.S. while reading spamcop web site i've found 'misdirected bounce' >> feature. Can anyone explain me how it can be avoided on secondary >> mail relays (which do not have any info about quotas/existing users >> etc. and _can not_ reject mail during smtp phase)? > > Misdirected bounces result from the condition of a server which is > facing the internet and accepting mail with bogus Froms which it can't > deliver which server then creates abusive newmails addressed to the > bogus From. Those abusive newmails are spamcop reportable. That > configuration is no good. > > When you were reading on the spamcop website faq, you must've surely > encountered this lengthy help page, which you should have been following > instead of simply express delisting instead of remedying the problem: > > http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders > bad? -- Traditional auto-responders - Misdirected bounces > Challenge/response spam filtering -- Why not allow bounces? -- > Mitigation techniques? - If you use qmail, please apply a patch -- > Microsoft has updates available for their Exchange Servers -- your > responder should use SPF and/or Domain Keys to verify the authenticity > of the message being replied to -- Sending delayed bounces to all and > sundry is not a good way to prevent directory harvesting - it harms > others and does not really prevent harvesting > I'm aware of all that stuff. But ISP mail server should avoid standard violation as much as possible. Correct me if i'm wrong: server may be listed if (and due to!) it does conform rfc822 (i.e. will send bounce)? And you can avoid this if you violate this part of rfc822? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From nobody at devnull.spamcop.net Thu May 4 14:56:36 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 4 14:00:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: ... > > Perhaps distributed with new computer pruchases either from the > manufacure > or from the retailer. I know one very small retailer that > would be > interested. Sad part he's not big enough to make the project > viable. > > IMO that would be ideal, but ... since MS has done something similar to that, along with many vendors too, it's so hidden and innocuous that most people don't even realize the information is there, or care, since it looks like part of the sales hype when it is mentioned. Including av-ware with OEMs has helped a little I think, but not much. Somehow there has to be a way to make it compelling for people to WANT to find out about such things, and to follow through at least a little bit. And that's where education of the masses comes back into the picture: Somehow, it has to become part of the everyday dialog of "normal" computer users. PBS and their like is an excellent starting point. I know I'd watch it. I even watch dotto Tech when I know they're going to talk about spam and/or email, but for whatever reason I'm never impressed with their presentations. That's why I think interviews with everyone from spammers to the spammed and scammed is so important. I saw AMW (or was it COPS?) do a piece on the 'net and chatting the other day, netting them a bunch of pedophiles: THAT was interesting! But, once it's over, it over; on to the next big thing. What they presented was good, but only as far as it went. I doubtr it did much more than cause a few family arguements with the teens and maybe one or two people thought it could really happen to them! And that, IMO, points out that NEWBIES are not only in the majority, and need the information the most, but they aren't getting it. Why not? is the question that has to be answered. Hell, I just realized I don't know what I'm talking about! Regards, Pop From MikeE at ster.invalid Thu May 4 13:32:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 15:35:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > Correct me if i'm wrong: server may be listed if (and due to!) it does > conform rfc822 (i.e. will send bounce)? And you can avoid this if you > violate this part of rfc822? You are wrong. Sending newmails you are calling 'bounces' to forged >From addresses is no longer acceptable server behavior. rfc822 does not state that you should create a newmail and address it to a bogus address. rfc822 does not address the issue of forged From. rfc822 was written in yesteryear before there was any such thing as SFC or other such as domain keys to verify authenticity of source and did not address the necessity to avoid abusive server behavior caused by more forged From mail failures than real ones. Talking about rfc822 isn't going to keep an abusive server from being blocklisted. If you will go to the faq I cited earlier http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders bad? you will see mention of that same 'rfc822 song and dance' and an answer. // Q: Why not allow bounces? They are required by RFC822! A: [...] it is possible to avoid the situation under which they are required (see above). So they aren't really required unless you have already 'painted yourself into a corner.' // -- Mike Easter kibitzer, not SC admin From nospam at eserverspace-is-evil.com Thu May 4 15:40:37 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 15:45:01 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: <445A58B4.41174EC6@eserverspace-is-evil.com> POP wrote: > "NotMe" wrote in message > news:e3bomp$6uk$1@news.spamcop.net... > > > > "POP" > > > > | >I report every call, politicians included. In the > > You-can-spam > > | >act they gave themselves immunity, but they get reported > > anyway. > > | > > > | > > | I've never come across a reputable site whose AUP or TOS > > allowed > > | anyone, even politicos or whatever, to spam. Spam is spam to > > the > > | ISP and it's verboten; their servers, their right to decide > > what > > | can be done on them. I consider the phone the same: It's MY > > | phone, in MY house - no one has permission to disturb me with > > | anything I dont' wish to be disturbed about. > > | > > | Just a thought > > > > According to what the CongressCritters have passed (it's a LAW) > > they have > > the RIGHT to do just that. > > > > > > I know what you're getting at, but: > I also have the RIGHT to complain and report them for disturbing > me or to block them. And I do. > > Pop Or you could simply do what my brother did. When a telemarketer bugged him about a stereo system or some other consumer goods, he said, "We live a simple life by the Good Book." -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at eserverspace-is-evil.com Thu May 4 15:56:18 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 16:00:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: <445A5C62.6780901A@eserverspace-is-evil.com> POP wrote: > ... > > > > Perhaps distributed with new computer pruchases either from the > > manufacure > > or from the retailer. I know one very small retailer that > > would be > > interested. Sad part he's not big enough to make the project > > viable. Very nice idea, though I see POP's point about software getting lost in the bundle. I've had my computer for two or three years and there are still plenty of OEM programs I have yet to explore. I hadn't thought about a partnership with hardware or software vendors, perhaps because I view some of them as part of the problem. Worth mulling over. > Somehow there has to be a way to make it compelling for people > to WANT to find out about such things, and to follow through at > least a little bit. That's where the fun comes in. Have actors read real spam excerpts. Show how the 419eaters work. The sugar coating that helps the medicine go down. It has to be user-friendly. A spam-reporting newbie who looks at full e-mail headers is going to be frustrated and intimidated. How do I decipher and decode all this? Well, you don't need to. We would isolate the parts that mean something or, better yet, simply refer newbies to SpamCop. > (snip) That's why I think interviews with everyone from spammers to > the spammed and scammed is so important. Occasionally, a newspaper or TV report features someone who's chomped on spam bait. Would love to know how these people are discovered. Police reports, I guess. > > And that, IMO, points out that NEWBIES are not only in the > majority, and need the information the most, but they aren't > getting it. Why not? is the question that has to be answered. POP, you *do* know what you're talking about. Why isn't the information out there already? Follow the money. Who stands to make a buck out of antispam efforts? Do hardware and software vendors, ISPs and hosting companies see that education about spam boosts their bottom lines? Doubtful. The black hats profit from spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at eserverspace-is-evil.com Thu May 4 15:59:30 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 16:00:10 2006 Subject: [SpamCop-List] (OT) Good Domain Registrars & Hosting Companies Message-ID: <445A5D22.DCE84955@eserverspace-is-evil.com> For my website, I'm looking for domain registrars and hosting companies that are affordable and white-hat. Website's not complictated. No flash, but will probably add film trailers or short films that take up a lot of space. Not sure that it matters, but I'm in Iowa. Thanks in advance. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From tmcgraw at spamcop.net Thu May 4 14:06:13 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 4 16:10:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies In-Reply-To: <445A5D22.DCE84955@eserverspace-is-evil.com> References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Steve Holmes wrote: > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. Personally I have found GoDaddy to be very responsive and anti-spam, but I've seen many others complain about them. I also use crystaltech.com for all my hosting. Not the cheapest, but the tools are excellent and there's 24-hour telephone support with a live human in Arizona. From not at here.invalid Thu May 4 17:05:02 2006 From: not at here.invalid (Ellen) Date: Thu May 4 16:10:09 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: "RiNet Abuse Department" wrote in message news:e3d0av$tkm$1@news.spamcop.net... > Today our primary mail server got listed again (it was delisted > yesterday). Server's ip is 195.54.192.35 > Reason of listing is: > System has sent mail to SpamCop spam traps in the past week > > Dispute listing didnt work - noone care to answer. > Answered via email this morning. Ellen SpamCop From not at here.invalid Thu May 4 17:06:13 2006 From: not at here.invalid (Ellen) Date: Thu May 4 16:10:15 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:445A5D22.DCE84955@eserverspace-is-evil.com... > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. > I have been happy with pair.com and have used them for years. Ellen From nobody at spamcop.net Thu May 4 17:24:27 2006 From: nobody at spamcop.net (indigo) Date: Thu May 4 16:25:02 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: Tim McGraw wrote: > Berny wrote: > > > > P&D is Illegal, but difficult to prove. > > > > It depends on where the shares have been traded, probably at the > > Vancouver Stock Exchange,which is part of the TSX, so you need to > > file a formal complaint with the Ontario, and, British Columbia > > Securities comissions, they have a web page, complaint would have > > to be on paper., I would CC the NASDAQ and SEC (USA) also. > > I'm not an investor, but I don't believe NASDAQ has anything to do > with microcaps. The issue isn't whether it's a microcap or not, it's what exchange the stock is traded on. If it's a pink sheet stock (over the counter), obviously you can't complain to NASDAQ about it, but if it's traded on NASDAQ you sure can file a complaint with them or the SEC (and it will be taken seriously). But since the stock price has to be above $1.00 for it to be listed on NASDAQ, chances are that it's not on that exchange. From Someone at invalid.foo Thu May 4 22:43:09 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Thu May 4 16:45:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: X-No-Archive: Yes "Steve Holmes" wrote in message news:445A5D22.DCE84955@eserverspace-is-evil.com... > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. > > Thanks in advance. > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > We use www.liquidweb.com. Found them to be excellent value. They seem to stay out of the DNSBL's as well, as well as having good anti-spam and DNSBL's included in their email systems - including spamcop. From oleg at lath.rinet.ru Thu May 4 21:46:39 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 16:50:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > Oleg Bulyzhin wrote: > >> Correct me if i'm wrong: server may be listed if (and due to!) it does >> conform rfc822 (i.e. will send bounce)? And you can avoid this if you >> violate this part of rfc822? > > You are wrong. Sending newmails you are calling 'bounces' to forged > From addresses is no longer acceptable server behavior. Okay. I was wrong naming such messages 'bounces', rfc calls them DSNs. And of course it's not rfc822 it's rfc821 (or newer one 2821). > > rfc822 does not state that you should create a newmail and address it to > a bogus address. rfc822 does not address the issue of forged From. > rfc822 was written in yesteryear before there was any such thing as SFC > or other such as domain keys to verify authenticity of source and did > not address the necessity to avoid abusive server behavior caused by > more forged From mail failures than real ones. rfc821 (status: standard), 3.6 Relaying: ... If a server-SMTP has accepted the task of relaying the mail and later finds that the forward-path is incorrect or that the mail cannot be delivered for whatever reason, then it must construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path). rfc2821 (status: proposed standard), 3.7 Relaying: ... If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse- path). And you can't avoid situation when you have to accept message first and deliver it later. Point. Just remember there are non-smtp mail systems. > Talking about rfc822 isn't going to keep an abusive server from being > blocklisted. Uhm. I didnt ask for delisting or whitelisting. I just want to know why i got listed. > If you will go to the faq I cited earlier > http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders > bad? > > you will see mention of that same 'rfc822 song and dance' and an answer. > > // Q: Why not allow bounces? They are required by RFC822! A: [...] it > is possible to avoid the situation under which they are required (see > above). So they aren't really required unless you have already 'painted > yourself into a corner.' // As i mentioned above i'm talking about DSNs (which i incorrectly named bounce). Supressing DSNs is standard violation. _There are_ situations when you should accept mail and deliver it later. -- Oleg. From redford_stone at INVERSE_OF_COLDmail.com Thu May 4 21:53:35 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu May 4 16:55:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Tim McGraw wrote in news:e3dmrm$edu$1 @news.spamcop.net: > Steve Holmes wrote: >> For my website, I'm looking for domain registrars and hosting companies >> that are affordable and white-hat. Website's not complictated. No flash, >> but will probably add film trailers or short films that take up a lot of >> space. Not sure that it matters, but I'm in Iowa. > > Personally I have found GoDaddy to be very responsive and anti-spam, but > I've seen many others complain about them. > > I also use crystaltech.com for all my hosting. Not the cheapest, but the > tools are excellent and there's 24-hour telephone support with a live > human in Arizona. > I'll concur that GoDaddy is pretty good in terms of responding to spam reports. They've whacked sites that I've sent LARTs about. From pantheus at suespammers.org Thu May 4 15:01:49 2006 From: pantheus at suespammers.org (ken) Date: Thu May 4 17:05:02 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: On Thu, 04 May 2006 16:06:13 -0400, Ellen wrote: > > "Steve Holmes" wrote in message > news:445A5D22.DCE84955@eserverspace-is-evil.com... >> For my website, I'm looking for domain registrars and hosting companies >> that are affordable and white-hat. > I have been happy with pair.com and have used them for years. > > Ellen I too highly recommend pair.com ... there isn't a more white-hat host out there. They have a wide range of plans from very low cost to co-lo and a discount for registration and hosting packages. Been with them 7+ years, after trying vastly inferior hosts/registrars. Ken From MikeE at ster.invalid Thu May 4 16:23:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 18:25:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > rfc821 (status: standard), 3.6 Relaying: > ... > If a server-SMTP has accepted the task of relaying the mail and > later finds that the forward-path is incorrect or that the mail > cannot be delivered for whatever reason, then it must construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the > reverse-path). > > > rfc2821 (status: proposed standard), 3.7 Relaying: > ... > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). rfc means 'request for comments' -- in which rfc 821 was written in 1982 and superceded by rfc 2821 which was written in 2001 and which also failed to adquately address security considerations which were addressed in rfc 3552 which required that all rfc/s have security considerations addressed. rfc 2821 had some security considerations but rfc 3552 recognizes that the smtp issues were inadequately addressed. RFC 3552 : All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. 6.1. SMTP When RFC 821 was written, Security Considerations sections were not required in RFCs, and none is contained in that document. [RFC 2821] updated RFC 821 and added a detailed security considerations section. We reproduce here the Security Considerations section from that document (with new section numbers). Our comments are indented and prefaced with 'NOTE:'. We also add a number of new sections to cover topics we consider important. rfc 3552 has a section: 6.1.1.1. Mail Security and Spoofing which starts: // SMTP mail is inherently insecure in that it is feasible for even fairly casual users to negotiate directly with receiving and relaying SMTP servers and create messages that will trick a naive recipient into believing that they came from somewhere else. // Citing a RFC as a basis for a server performing abusively doesn't work any better than me citing a RFC which says that some 24 year old RFC which was upgraded 5 years ago with some inadquate improvement failed to address the inherent insecure aspects of smtp mail handling. The realworld situation is that your server is outofdate in its behavior if it is newmailing abusive DSNs to bogus Froms and citing the old RFC isn't getting you any closer to fixing it. > Uhm. I didnt ask for delisting or whitelisting. > I just want to know why i got listed. Presumably abusive backscatter -- if you know you are backscattering or newmailing forged Froms, that's all the information you need. You don't need any examples of it. > As i mentioned above i'm talking about DSNs (which i incorrectly > named bounce). Supressing DSNs is standard violation. _There are_ > situations when you should accept mail and deliver it later. There are /not/ situations in which you should be manufacturing a newmail addressed to some address which never sent you a mail in the first place. Putting yourself into a situation in which you are 'holding' a mail which you have accepted insecurely and claiming that it is some kind of alleged 'violation' to not abusively newmail a forged >From is choosing to use some old RFC as an excuse for an unacceptable behavior. It is a violation of the rights of the mailbox holder of the forged From address for you to be emailing unsolicited and abusive mails. Claiming you need to do that to comply with your theory of what an old RFC used to mean doesn't justify the abusive server behavior. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu May 4 16:26:40 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 18:30:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote... > rfc821 (status: standard), 3.6 Relaying: > ... > If a server-SMTP has accepted the task of relaying the mail and > later finds that the forward-path is incorrect or that the mail > cannot be delivered for whatever reason, then it must construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the > reverse-path). > > > rfc2821 (status: proposed standard), 3.7 Relaying: > ... > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). > > And you can't avoid situation when you have to accept message first and > deliver it later. Because spammers forge identities, the assumption that the originator is indicated by the reverse-path (or by the From line) is now false in the vast majority of cases, and "undeliverable mail" notification emails are now nearly universally considered to be spam. You need to stop doing what the RFCs above tell you to do. One way (the method most commonly used) is to simply never relay, thus following the letter of the RFCs without spamming. If your situation is such that you can't avoid relaying, then you have two choices; disobey the RFC sections that tell you to spam, or obey the RFC sections that tell you to spam and be treated like the RFC-compliant spammer that you are. I don't like the available choices any better than you do, but they are the only available choices just the same. G.M. From oleg at lath.rinet.ru Fri May 5 01:32:33 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 20:35:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > Oleg Bulyzhin wrote: > >> rfc821 (status: standard), 3.6 Relaying: >> ... >> If a server-SMTP has accepted the task of relaying the mail and >> later finds that the forward-path is incorrect or that the mail >> cannot be delivered for whatever reason, then it must construct an >> "undeliverable mail" notification message and send it to the >> originator of the undeliverable mail (as indicated by the >> reverse-path). >> >> >> rfc2821 (status: proposed standard), 3.7 Relaying: >> ... >> If an SMTP server has accepted the task of relaying the mail and >> later finds that the destination is incorrect or that the mail cannot >> be delivered for some other reason, then it MUST construct an >> "undeliverable mail" notification message and send it to the >> originator of the undeliverable mail (as indicated by the reverse- >> path). > > rfc means 'request for comments' -- in which rfc 821 was written in 1982 > and superceded by rfc 2821 which was written in 2001 and which also > failed to adquately address security considerations which were addressed > in rfc 3552 which required that all rfc/s have security considerations > addressed. > > rfc 2821 had some security considerations but rfc 3552 recognizes that > the smtp issues were inadequately addressed. > > RFC 3552 : All RFCs are required to have a Security Considerations > section. Historically, such sections have been relatively weak. This > document provides guidelines to RFC authors on how to write a good > Security Considerations section. > > 6.1. SMTP When RFC 821 was written, Security Considerations sections > were not required in RFCs, and none is contained in that document. > [RFC 2821] updated RFC 821 and added a detailed security > considerations section. We reproduce here the Security Considerations > section from that document (with new section numbers). Our comments are > indented and prefaced with 'NOTE:'. We also add a number of new > sections to cover topics we consider important. > > rfc 3552 has a section: 6.1.1.1. Mail Security and Spoofing > > which starts: // SMTP mail is inherently insecure in that it is > feasible for even fairly casual users to negotiate directly with > receiving and relaying SMTP servers and create messages that will > trick a naive recipient into believing that they came from somewhere > else. // > > Citing a RFC as a basis for a server performing abusively doesn't work > any better than me citing a RFC which says that some 24 year old RFC > which was upgraded 5 years ago with some inadquate improvement failed to > address the inherent insecure aspects of smtp mail handling. > > The realworld situation is that your server is outofdate in its behavior > if it is newmailing abusive DSNs to bogus Froms and citing the old RFC > isn't getting you any closer to fixing it. rfc3552 has status 'best current practice', compare it to 'standard' for rfc821. Moreover, rfc3552 _does not_ refute rfc821 or 2821. It just explaining smtp design flaws and describing methods to make it better. I understand that rfc-like DSNs can be abused. But we have no any newer smtp standard. > >> Uhm. I didnt ask for delisting or whitelisting. >> I just want to know why i got listed. > > Presumably abusive backscatter -- if you know you are backscattering or > newmailing forged Froms, that's all the information you need. You don't > need any examples of it. I do. I need that damn header. I've got reply from spamcop official - server was listed cause of spamcop parser failure - trojaned machine of our client sent mail to spamtrap, but our server got listed instead of that client. So we have problem with mail delivery (about 2 days already), diagnostic of it was unclear, excluding possible reasons yeilds paradoxical result: only reason (beside an error) why our server may get listed is ... standard compliance! Funny, isn't it? > >> As i mentioned above i'm talking about DSNs (which i incorrectly >> named bounce). Supressing DSNs is standard violation. _There are_ >> situations when you should accept mail and deliver it later. > > There are /not/ situations in which you should be manufacturing a > newmail addressed to some address which never sent you a mail in the > first place. Putting yourself into a situation in which you are > 'holding' a mail which you have accepted insecurely and claiming that it > is some kind of alleged 'violation' to not abusively newmail a forged > From is choosing to use some old RFC as an excuse for an unacceptable > behavior. > > It is a violation of the rights of the mailbox holder of the forged From > address for you to be emailing unsolicited and abusive mails. Claiming > you need to do that to comply with your theory of what an old RFC used > to mean doesn't justify the abusive server behavior. It isnt my theory, see rfc 2026 & 3700. -- Oleg. From MikeE at ster.invalid Thu May 4 19:05:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 21:10:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > I do. I need that damn header. I've got reply from spamcop official - > server was listed cause of spamcop parser failure - trojaned machine > of > our client sent mail to spamtrap, but our server got listed instead > of that client. That's good news. It is much much better for a user IP behind the server to get named as source than the server. However, it would be even better if you secured your problematic spewing proxy/trojan user IPs, and example of which I named earlier. The parser is designed to not name a server relaying for its user if it can chain the parse back to a user IP behind the server. It is not desirable for servers to be listed for user IP behavior behind because of the collateral damage caused by the server listing. > So we have problem with mail delivery (about 2 days already), > diagnostic of it was unclear, excluding possible reasons yeilds > paradoxical result: only reason (beside an error) why our server may > get listed is ... > standard compliance! Funny, isn't it? Somewhere earlier I thought you were explaining why it was necessary to send DSN failures to bogus Froms. I'm thinking you have a backscattering server. If the listing was caused /entirely/ by a server getting named by the parser tripping by prematurely breaking the chain error, then the deputy will 'fix' that. If the listing were caused by a combination of chain errors which should have sourced a user IP and backscatter which should have named the server, then I expect that s/he would let the backscatter reports stand. If the 'removal' of the mistaken report counts resulted in the server's delisting, then that would be good for you. If the server can get itself listed by too much backscatter in addition to a bad parse for something else, then you still have a problem. -- Mike Easter kibitzer, not SC admin From / at /.cn Fri May 5 12:15:20 2006 From: / at /.cn (Petzl) Date: Thu May 4 21:20:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Gareth" wrote in message news:e3cb68$gve$1@news.spamcop.net... > Hi > > I am new to spamcop. I recently opened an email account with my ISP which > has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good at > avoiding being being blocked? > > Cheers > > Gareth SpamCop does notify, or try's to, the owner of the spam source, this source gets added to many blocklists For a spam proof/resistant email account the only effective one is http://www.spamcop.net/ces/individuals.shtml This sorts spam to a folder for Very Easy Reporting (VER) and deletes virus's Keeps inbox clean Unless your email account is properly using the SCBL and or other blocking means you are fighting a losing battle Security of far to many computers is non-existent For instance anyone with a WiFi laptop can find unsecured computers everywhere http://stumbler.net/ has a (no cost, beggarware) program which will easily locate such networks for one to use and abuse Petzl -- Check your computers security (free) From nobody at devnull.spamcop.net Thu May 4 19:30:10 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 21:35:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote... > rfc3552 has status 'best current practice', compare it to 'standard' > for rfc821. Moreover, rfc3552 _does not_ refute rfc821 or 2821. It just > explaining smtp design flaws and describing methods to make it better. > > I understand that rfc-like DSNs can be abused. But we have no any newer > smtp > standard. It appears to me that everyone is doing something that they are convinced that they are allowed to do. You are following an RFC that tells you to send spam. You are allowed to do that by the RFC, but you are not immune from this basic fact of life: Actions Have Consequences. Your choice to send email to people who never emailed you has the consequence of pretty much everyone on the Internet treating you like the spammer that you are. As much as we all would like to live in a world where we are immune to any undesired consequences, this is not that world, and we all have to live with the consequences of our actions. SpamCop is placing the IP addresses that you use to send spam (that the RFC said you can send) in a database of IP addresses that meet certain criteria. You can't claim that Spamcop isn't allowed to do that; anybody can put anything they wish into their own database. Spamcop isn't immune to the basic fact of life that Actions Have Consequences either. I note two consequences as being particularly interesting; first, I pay Spamcop (I am a customer and I donate beyond what I pay for the service). That's because I approve of what Spamcop is doing. Second, you complain and your complaints get ignored. That's because you do not approve of what Spamcop is doing. You have a right to complain, Spamcop has a right to ignore your complaints, and I have a right to send money to Spamcop and to give my own not-affiliated-with-spamcop answer to your complaint. I, among many others on the Internet, have configured my email system to accept then silently delete any email from any of the IP addresses listed in the Spamcop database -- including yours. You can't claim that I am not allowed to do that; anybody can refuse to read any emails that they don't want to read and I don't want to read anything from known spammers such as yourself. Now that we have dealt with what we each are allowed to do, let's look at the matter of politeness; polite people don't do things that inconvenience others without having a good reason to do so -- even if they are allowed to. You no doubt feel that you are inconvenienced by me and others like me blocking your emails. I feel that I am inconvenienced by you and others like you who send me spam. I have a very good reason for rejecting your spam emails; they are part of a flood of emails from you and other spammers that, if not filtered out, would make my email system unusable. As far as I can tell you do not have a good reason to send your spam emails to people who have never emailed you. So the principle of politeness demands that you be the one who changes his behavior. IHTH. G.M. From nobody at devnull.spamcop.net Thu May 4 19:39:10 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 21:40:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: > For a spam proof/resistant email account the only effective one is > http://www.spamcop.net/ces/individuals.shtml Nonsense. Spamcop is a good choice, but it is not the only effective choice. It might not even be the best choice; Tuffmail has many useful features that Spamcop lacks, for example. (That doesn't make them better, of course, what is important is whether your needs are addressed). http://www.tuffmail.com/features.php From / at /.cn Fri May 5 12:46:54 2006 From: / at /.cn (Petzl) Date: Thu May 4 21:50:06 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3eabu$rm4$1@news.spamcop.net... > > >> For a spam proof/resistant email account the only effective one is >> http://www.spamcop.net/ces/individuals.shtml > > Nonsense. Spamcop is a good choice, but it is not the only effective > choice. It might not even be the best choice; Tuffmail has many useful > features that Spamcop lacks, for example. (That doesn't make them better, > of course, what is important is whether your needs are addressed). > > http://www.tuffmail.com/features.php > Not IMO!! Unless it notifies ISP's of caught spam as SpamCop does sounds pretty useless Just bitbin'ing spam does nothing to reduce spam Petzl -- Check your computers security (free) From nttp.sc.s at bigsleep.org Fri May 5 03:17:17 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 22:20:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> <445A5C62.6780901A@eserverspace-is-evil.com> Message-ID: On 04 May 2006, - Steve Holmes entered spamcop and left news:445A5C62.6780901A@eserverspace-is-evil.com: > Do hardware and software vendors, ISPs and hosting > companies see that education about spam boosts their bottom lines? > Doubtful. The black hats profit from spam. It gives gives them something to sell, like the butterfly ad (is it just me, or does the MS butterfly like just like The Tick? Don't think I'd feel too confortable having that big bozo watching over me). "Can spam? I'd say it's already canned... though, a square shiny can... and who says a can has to be round? Maybe it could be a ball? And boy! what a ball we'd have playing with that shiny can of spam... and if it were a ball... I'd smash it FLAT! 'cause a shiny round can of spam just ain't no match for The Tick!" -- | Ric | From edb2000 at spamcop.net Thu May 4 21:17:24 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu May 4 23:20:04 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies In-Reply-To: References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Redstone wrote: > I'll concur that GoDaddy is pretty good in terms of responding to spam > reports. They've whacked sites that I've sent LARTs about. I've heard reports from a couple of affected domain owners that GoDaddy goes further than whacking hosted web sites they host. According to these reports, GoDaddy will take down the DNS for a domain name, if they are the registrar, upon receipt of a single complaint of a spamvertised web site. Both of these claimed they were Innocent Bystanders (IB), but I have not myself verified any part of their claims. That said, I use GoDaddy for my domain registrations, and hope those claims are not true! (I don't host web sites there, so this is somewhat OT, but not too far afield.) -- Don Wannit A paid SpamCop user since 1999 From jg at coks.net Thu May 4 22:26:27 2006 From: jg at coks.net (jg) Date: Fri May 5 00:25:04 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: On 5/4/2006 1:24 PM indigo scribbled: > Tim McGraw wrote: >> Berny wrote: >>> P&D is Illegal, but difficult to prove. >>> >>> It depends on where the shares have been traded, probably at the >>> Vancouver Stock Exchange,which is part of the TSX, so you need to >>> file a formal complaint with the Ontario, and, British Columbia >>> Securities comissions, they have a web page, complaint would have >>> to be on paper., I would CC the NASDAQ and SEC (USA) also. >> I'm not an investor, but I don't believe NASDAQ has anything to do >> with microcaps. > > The issue isn't whether it's a microcap or not, it's what exchange the stock > is traded on. If it's a pink sheet stock (over the counter), obviously you > can't complain to NASDAQ about it, but if it's traded on NASDAQ you sure can > file a complaint with them or the SEC (and it will be taken seriously). But > since the stock price has to be above $1.00 for it to be listed on NASDAQ, > chances are that it's not on that exchange. > > AFAIK, if the fraud /isn't/ perpetrated by a /member/ of NASDAQ, NASDAQ has no interest - they have enuff fish to fry - its spelled out on their site in pretty plain english - > https://apps.nasd.com/Investor_Information/complaints/spam.asp > While NASD does not prohibit its member brokerage firms or their employees from sending out spam, it does regulate the content of such messages sent to the public. In any communication with the public, NASD rules require that a member identify itself and that investors be given enough information to make a sound investment. NASD rules prohibit statements making promises. > > Remember, though, that NASD can only regulate the actions of its member brokerage firms and their employees. While all U.S. brokerage firms have to be members of NASD to do business with the public, most problem spams are likely sent to you by non-regulated businesses or individuals. > > You can check out if the firm or individual spamming you is registered with NASD on our Web site. > > If you think that the problem spammers may be registered with NASD, you can forward spam or junk e-mail recommending that you invest in a stock or other investment to spam@nasd.com. > > If the spammers are not registered with NASD, you can forward spam (junk e-mail) or copies of message board postings to enforcement@sec.gov. From skiwi at spamcop.net Thu May 4 22:53:20 2006 From: skiwi at spamcop.net (Skiwi) Date: Fri May 5 00:55:02 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > Hi > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? sorry if this seems like I am teaching you how to suck eggs... to reiterate what many have said here, via a bad analogy, by using spamcop (and by using, I mean reporting, as it sounds like you are doing...) then you are helping build a forcefield around the spammer's email sources - and we all thank you for helping 'us' build that field, otherwise know as the SpamCop block list (SCBL)... The problem is, you are helping to build the force field from the *spammer's side* - you need to get on the other side (I DID tell you it was a bad analogy!!) There are many ways of doing this, but the three main 'groups' of ways that I see are: (1) using an ISP or some service online that uses the SCBL (and other lists and algorithms such as SpammAssasain) to re-direct the spam somewhere safe *before* you download it, where you can check it on a semi-regular basis to make sure it is spam, report it, then dump it... (for instance, Spamcop offers this mail filtering service themselves, allowing you to (semi) transparently keep your *current* email address and run it through the service' I use it and love it, very elegant and yet fully customisable interface, $50 a year, and you ALSO get another email address that I use for online shopping, newsgroups, etc as I know it is being heavily 'checked'; it also supports 'plusage', so I have skiwi+nordstrums1@spamcop.net, skiwi+bestbuy1@spamcop.net or whatever so if I do get spam I can often see who leaked my email, if I feel so inclined [these are not 'real' email addresses BTW]) (2) get a service that 'intercepts' the mail on your PC *after* it comes off the mail server and been downloaded but *before* it gets to your email software and treats appropriately - i.e., the good stuff is let straight through, the bad is ; for friends who don't care how it works, just don't want to see spam in their In Box I use SpamPal (free, but 'donation' encouraged) on Windoze OSs and it seems to be pretty 'set and forget' (but you can tweak it as you need, if for instance it is being too aggressive) (3) you likely know about this one - this doesn't use the SCBL or other BLs, etc - but any decent email software such as Thunderbird (and even bad email software such as Outlook - woops, is my prejudice showing...) has junk filters now... kinda "AI" - when you first start using it, you manually mark spam as junk, it will trundle itself off to a sub-folder where you can deal with it; as you use the software more and more, it gets smarter and smarter (sic!) about what you consider spam and marks it itself - and you can easily un-mark (sic) it - and if say you are on a list about, I don't know, rooster husbandry, you can whitelist incoming addresses (i.e., tell the software that any email from that address will never be junk) Anyway... Just a point - I used 'force field' rather than 'wall' in my analogy as in a sense the SCBL is a vibrant, dynamic list; as spammers get through it, 'we' report spam from these sources and that hole is now plugged AND if a previous sources 'cleans up its act' it will (eventually) come off the SCBL and email from there can flow freely through to those of use using the SCBL between the emails sources and their In Boxes... From gazza at f2s.com Fri May 5 10:36:20 2006 From: gazza at f2s.com (Gareth) Date: Fri May 5 04:40:02 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Many thanks for all your helpful responses. My email address is probably quite vulnerable to dictionary attack as some of you mentioned (gazza is a popular nickname in the UK!) but I know for sure someone had it before me as I have had emails from companies to which the previous owner had subscribed (eBay and the like). I have other address which don't suffer so much spam and just created this new one as a spare. Hence I will probably drop it as it is a chore to report all this spam considering I don't really do anything else with the address. I had heard of some people having success in significantly reducing their spam with spamcop so thought I'd try it to see if I could clean up this address. I've also heard of a program called Mailwasher which apparently generates a bounce in response to spam in an attempt to convince the spammers the address in invalid. I am a bit sceptical of this since a) I doubt whether the spammers care about bounces and b) I worry if such bounces could be detected as being false and thus validate the address. Any comments on this would be appreciated. Thanks Gareth From nttp.sc.s at bigsleep.org Fri May 5 10:04:46 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 05:05:17 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 05 May 2006, - Gareth entered spamcop and left news:e3f2q4$a92$1@news.spamcop.net: > but I > know for sure someone had it before me as I have had emails from > companies to which the previous owner had subscribed (eBay and the like). Are you sure those are from eBay, I never get anything from eBay unless I buy something. Try reporting them and if they are from eBay or PayPal Spamcop will say so (you can cancel if it looks legit). It very well may be "phishing" spam, as I get those among the dictionary attacks to a new address that eBay don't have. Don't be fooled, read the headers, if in doubt, report it. Though I agree that someone certainly could have had it before, but don't assume those are legit, or change your address. -- | Ric | From dws at dealing-with-spam.info Fri May 5 12:14:15 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri May 5 05:15:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote on Thu, 4 May 2006 20:46:39 +0000 (UTC): > As i mentioned above i'm talking about DSNs (which i incorrectly named > bounce). Supressing DSNs is standard violation. _There are_ situations > when you should accept mail and deliver it later. Nobody wants you to suppress the DSN. What we (tinw) *do* want you to do is rig your secondary MX such that the situation in which a DSN should be sent no longer arises. LDAP goes a long way towards solving your problems. By using LDAP, your secondary MX can have access to the user list on the primary MX, and therefore REJECT (rather than bounce) messages sent to non-existent users. No more backscatter. Admittedly, accounts over quota are another problem. However, I'm sure that most of your problems are due to non-existent users. From dws at dealing-with-spam.info Fri May 5 12:16:47 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri May 5 05:20:02 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Redstone wrote on Thu, 4 May 2006 20:53:35 +0000 (UTC): > I'll concur that GoDaddy is pretty good in terms of responding to spam > reports. They've whacked sites that I've sent LARTs about. I wish I could concur. They've never whacked domains with obviously bogus whois data in them that I've reported, and they've even spammed me as late as this morning (reported via SC). I'm transferring my domains away from them (Boulder Pledge obliges). From newandrew at rump.dk Fri May 5 11:04:28 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Fri May 5 06:05:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, "Frog Prince" mumbled in news:e3d0uq$u2n$1@news.spamcop.net: > "Andrew Engels Rump ( >| > It could be useful if you get a few too old messages, and you see >| > there are only two or three left, you could as well click through >| > them, because one of them might still be valid. OTOH, if you see >| > there are still 20 left, you??Tll remove them. >| Just go in to Past Reports and View recent reports and you see the >| status of the last ten submitted reports - or is this something >| you only get when you also pay for a mail account? Anyway the >| address is http://mailsc.spamcop.net/mcgi?action=histmenu > I'm trying to avoid extra steps/work. Why not present the data up > front? Well most people (apparently) don't care so why waste CPU-, database-, ...-power on a minor detail - which is accessable through other means. > Or better yet allow me to delete the useless reports? This is something that pops up again and again - well I am pretty sure it is on the To-Do-list but again a minor feature compared to the rest of the system. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:andrew@rump.dk * WWW: http://www.rump.dk/homepage/andrew/ From me at privacy.net Fri May 5 10:06:04 2006 From: me at privacy.net (Frog Prince) Date: Fri May 5 09:20:02 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: "Andrew Engels Rump ( | >| > It could be useful if you get a few too old messages, and you see | >| > there are only two or three left, you could as well click through | >| > them, because one of them might still be valid. OTOH, if you see | >| > there are still 20 left, youâ?Tll remove them. | >| Just go in to Past Reports and View recent reports and you see the | >| status of the last ten submitted reports - or is this something | >| you only get when you also pay for a mail account? Anyway the | >| address is http://mailsc.spamcop.net/mcgi?action=histmenu | > I'm trying to avoid extra steps/work. Why not present the data up | > front? | | Well most people (apparently) don't care so why waste CPU-, | database-, ...-power on a minor detail - which is accessible | through other means. Consumes a lot more CPU and bandwidth the way things are, regardless it consumes HUMAN processing time to manually display and acknowledge. Ergo when confronted with the waste I delete. Works for me but the data is lost to the system. From gazza at f2s.com Fri May 5 15:24:48 2006 From: gazza at f2s.com (Gareth) Date: Fri May 5 09:25:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Gareth entered spamcop and left > news:e3f2q4$a92$1@news.spamcop.net: > > >>but I >>know for sure someone had it before me as I have had emails from >>companies to which the previous owner had subscribed (eBay and the like). > > > Are you sure those are from eBay, I never get anything from eBay unless I > buy something. Try reporting them and if they are from eBay or PayPal > Spamcop will say so (you can cancel if it looks legit). It very well may be > "phishing" spam, as I get those among the dictionary attacks to a new > address that eBay don't have. > > Don't be fooled, read the headers, if in doubt, report it. Though I agree > that someone certainly could have had it before, but don't assume those are > legit, or change your address. > They all independently knew the guy's full name and didn't look like pishing scams. They were just adverts and weren't asking me to log in to anything. The eBay one looked identical to ones I have received in another account which I don't mind since I signed up for it. Unfortunately I trashed the eBay one but here is the report from one sent by ashampoo (a German based software retailer): http://www.spamcop.net/sc?id=z935483606z37da30f120103b39b5bfe3c7a9577287z I am no good at figuring out all the headers, etc, but from one part of the report it tells me ashampoo have been reported previously but appealed. I conclude that the guy had previously bought various stuff on the internet and is subscribed to a number of legitimate marketing mailing lists. Gareth From MikeE at ster.invalid Fri May 5 09:09:21 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 5 11:10:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Gareth wrote: > I've also heard of a program called Mailwasher which apparently > generates a bounce in response to spam in an attempt to convince the > spammers the address in invalid. That [MW bogus bounce] is a really really bad idea which is entirely misrepresented by the developers of MW mailwasher and which should be disabled because it is both abusive, against the AUP/TOS [acceptable use/ terms of service] of your provider, and can cause you problems with your provider, with blocklisting services and can even endanger your account with your mail provider. > I am a bit sceptical of this since > a) I doubt whether the spammers care about bounces 99.9% of the time the bounce never goes toward the spamsource -- only in the case of straightup spam. > and b) I worry if > such bounces could be detected as being false and thus validate the > address. A bogus bounce can be determined to be from your IP. A bogus bounce is 'designed' to try to pretend to show that a particular address had no such mailbox, so the recipient address is definitely included in the bounce. > Any comments on this would be appreciated. Don't use MW's or any other app which performs bogus bounces. The vast majority of spams have bogus From which From is typically derived from the same lists as the recipient spammees. The bogus From is occasionally 'manufactured' or not real as a part of the social engineering of a spam, such as a girl's name on some porn spam or a bank's name on a phish -- but usually bogus From is a regular address. When you bogus bounce, you are sending a newmail to the bogus From address, which address is not only innocent of the spam, but may be a reporter who reports abusive unsolicited mail such as bogus bounces or a spamtrap which also reports. Your abusive bogus bounce has your IP address in its headers and it is also a forgery of your mail provider's role accounts. The rare instance in which a bogus bounce might have any positive effect whatsoever is so uncommon as to be not worth talking about, to prevent any confusion over the issue. Do *not* bogus bounce. In fact, there is so much wrong with the MW developers' attitude that I am 'against' MW even tho' it has other positive features which are not its bogus bounce capabilities. You can use other mail applications to avoid downloading mail from the server, and most people would be better off using a filter which is able to access the entire mail rather than trying to delete from the server. That subject is a more complicated and different discussion from the issue of bogus bouncing. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 5 09:17:33 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 11:20:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Petzl wrote... > > G|_|Y |\/|AC0|\| wrote... >> >>> For a spam proof/resistant email account the only effective one is >>> http://www.spamcop.net/ces/individuals.shtml >> >> Nonsense. Spamcop is a good choice, but it is not the only effective >> choice. It might not even be the best choice; Tuffmail has many useful >> features that Spamcop lacks, for example. (That doesn't make them >> better, >> of course, what is important is whether your needs are addressed). >> >> http://www.tuffmail.com/features.php > > Not IMO!! > > Unless it notifies ISP's of caught spam as SpamCop does sounds pretty > useless > > Just bitbin'ing spam does nothing to reduce spam From dont_spam at thecow.me.uk Fri May 5 17:45:57 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Fri May 5 11:55:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Mike Easter wrote >Gareth wrote: > >> I've also heard of a program called Mailwasher which apparently >> generates a bounce in response to spam in an attempt to convince the >> spammers the address in invalid. > >That [MW bogus bounce] is a really really bad idea which is entirely >misrepresented by the developers of MW mailwasher and which should be >disabled because it is both abusive, against the AUP/TOS [acceptable >use/ terms of service] of your provider, and can cause you problems with >your provider, with blocklisting services and can even endanger your >account with your mail provider. I'll say. >> Any comments on this would be appreciated. > >Don't use MW's or any other app which performs bogus bounces. I use MW and I nearly agree with most of what you say. Times have changed and tools for users that even suggest bouncing should be overhauled have that feature removed pdq. Problem is that I am a user and despite the many shortcomings of this particular tool, I and thousands of others find the click and go interface a tad more useful than messing about with Perl scripting. Mainly because of the inbuilt interface with Spamcop, until I find a "better" one, I shall continue to use it. > >Do *not* bogus bounce. Do not bounce at all is my philosophy but I do report. -- steve auvache From nttp.sc.s at bigsleep.org Fri May 5 17:43:49 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 12:45:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 05 May 2006, - Gareth entered spamcop and left news:e3fjn1$k5g$1@news.spamcop.net: > I am no good at figuring out all the headers, etc, but from one part > of the report it tells me ashampoo have been reported previously but > appealed. > > I conclude that the guy had previously bought various stuff on the > internet and is subscribed to a number of legitimate marketing mailing > lists. > That does indeed appear to be the case, that one was obviously from ashampoo, though it's not always easy to tell because companies often use another company to advertise. You could try to unsubscribe from those that look legit, but the problem is that it may be too late, some companies sell addresses, so if for example that address was submitted to a casino site you're going to be knee deep in spam. Many people here will say that advertisers should reconfirm their subscriptions, but most don't and I don't feel it's fair to report them, at least not without attempting to unsubscribe first. -- | Ric | From nobody at devnull.spamcop.net Fri May 5 10:44:55 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 12:45:10 2006 Subject: [SpamCop-List] Spamcop mail References: Message-ID: Petzl wrote... > > G|_|Y |\/|AC0|\| wrote... >> >>> For a spam proof/resistant email account the only effective one is >>> http://www.spamcop.net/ces/individuals.shtml >> >> Nonsense. Spamcop is a good choice, but it is not the only effective >> choice. It might not even be the best choice; Tuffmail has many useful >> features that Spamcop lacks, for example. (That doesn't make them >> better, >> of course, what is important is whether your needs are addressed). >> >> http://www.tuffmail.com/features.php > > Not IMO!! > > Unless it notifies ISP's of caught spam as SpamCop does sounds pretty > useless > > Just bitbin'ing spam does nothing to reduce spam You can report spam sent to a tuffmail account (or an account at any other ISP) to spamcop almost as easily as you can from a spamcop mail account. And you can choose not to report anything with an email account from any vendor. Spamcop reporting/DNSBL = unique, unmatched, and insanely great. Spamcop email account = pretty good, but doesn't have important features that vendors like sneakemail and tuffmail have. In fact, if you do a feature-by-feature comparison, there is, IMO, only one area where a spamcop email account beats a tuffmail email account (but it is a big enough advantage to me that I use a spamcop email account as my public email address); having "@spamcop.net" at the end of your email address tends to reduce your incoming spam load by scaring some spammers. G.M. From wb8tyw at qsl.network Fri May 5 13:50:47 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri May 5 12:55:02 2006 Subject: [SpamCop-List] Re: why our server got listed? In-Reply-To: References: Message-ID: D-W-S wrote: > Oleg Bulyzhin wrote on Thu, 4 May 2006 20:46:39 +0000 (UTC): > > >>As i mentioned above i'm talking about DSNs (which i incorrectly named >>bounce). Supressing DSNs is standard violation. _There are_ situations >>when you should accept mail and deliver it later. > > > Nobody wants you to suppress the DSN. What we (tinw) *do* want you to do > is rig your secondary MX such that the situation in which a DSN should > be sent no longer arises. > > LDAP goes a long way towards solving your problems. By using LDAP, your > secondary MX can have access to the user list on the primary MX, and > therefore REJECT (rather than bounce) messages sent to non-existent > users. No more backscatter. > > Admittedly, accounts over quota are another problem. However, I'm sure > that most of your problems are due to non-existent users. A new worm seems to have surfaced this week and already it is causing significant backscatter from e-mail systems that send DSN for no such users and over quota users. The last SOBER worm could cause a single mail domain sending DSNs for non-existent users to mailbomb an innocent victim at 40 messages per second for a period of 24 hours. The only pauses that I saw was when the system sending the DNS messages was listed by spamcop.net for it's mailbombing. The advent of these worms makes the idea of accept and bounce later obsolete. The SMTP mail system can no longer handle that amount of backscatter when a worm breaks out. The test.com domain a few years ago was a case where the backscatter was so high that it at least for a while knocked them off the internet. A mail server accepting e-mail from the public internet now has to make the decision as to accept the e-mail or not during the SMTP session. For a forwarding server, this means that it needs to know all the e-mail addresses that it is accepting e-mail for, and it needs to have a buffer for delivering to internal mail servers. At the time that a message comes in, the gateway SMTP server can do a probe to see if the destination SMTP mail server is up, and if it is not, it can reject the message with a 4xx SMTP code. If a mail server accepts a message for delivery and it can not be delivered, it should be directed to the human running the postmaster for manual disposition. Until the human running the postmaster account has handled that message for that e-mail address and resolved the non-delivery problem, all future e-mail for that e-mail address should be rejected with a 4xx SMTP code. This allows you to operate a forwarding mail server in compliance with the RFCs and with out generating backscatter. Also note that I saw reports on news.admin.net-abuse.email about spamhaus.org listing mail servers for backscatter before spamcop.net changed their policy to do so. -John wb8tyw@qsl.network Personal Opinion Only From nospam at eserverspace-is-evil.com Fri May 5 17:17:09 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Fri May 5 17:20:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: <445BC0D5.EDC2F959@eserverspace-is-evil.com> Thanks, all, for the recommendations. You've probably saved me a lot of money. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 Someone who hates spam wrote: > X-No-Archive: Yes > "Steve Holmes" wrote in message > news:445A5D22.DCE84955@eserverspace-is-evil.com... > > For my website, I'm looking for domain registrars and hosting companies > > that are affordable and white-hat. Website's not complictated. No flash, > > but will probably add film trailers or short films that take up a lot of > > space. Not sure that it matters, but I'm in Iowa. > > > > Thanks in advance. > > > > -- > > Steve Holmes > > Executive Producer > > "The New Ball Game" > > "RailFAN" > > 319-337-9507 > > > > We use www.liquidweb.com. Found them to be excellent value. > > They seem to stay out of the DNSBL's as well, as well as having good > anti-spam and DNSBL's included in their email systems - including spamcop. From / at /.cn Sat May 6 08:28:14 2006 From: / at /.cn (Petzl) Date: Fri May 5 17:30:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3fve8$r9m$1@news.spamcop.net... > > Petzl wrote... >> >> G|_|Y |\/|AC0|\| wrote... >>> >>>> For a spam proof/resistant email account the only effective one is >>>> http://www.spamcop.net/ces/individuals.shtml >>> >>> Nonsense. Spamcop is a good choice, but it is not the only effective >>> choice. It might not even be the best choice; Tuffmail has many useful >>> features that Spamcop lacks, for example. (That doesn't make them >>> better, >>> of course, what is important is whether your needs are addressed). >>> >>> http://www.tuffmail.com/features.php >> >> Not IMO!! >> >> Unless it notifies ISP's of caught spam as SpamCop does sounds pretty >> useless >> >> Just bitbin'ing spam does nothing to reduce spam > > You can report spam sent to a tuffmail account (or an account at any other > ISP) > to spamcop almost as easily as you can from a spamcop mail account. And > you > can choose not to report anything with an email account from any vendor. > Spamcop reporting/DNSBL = unique, unmatched, and insanely great. Spamcop > email > account = pretty good, but doesn't have important features that vendors > like > sneakemail and tuffmail have. > > In fact, if you do a feature-by-feature comparison, there is, IMO, only > one area where a spamcop email account beats a tuffmail email account > (but it is a big enough advantage to me that I use a spamcop email account > as my public email address); having "@spamcop.net" at the end of your > email > address tends to reduce your incoming spam load by scaring some spammers. > > G.M. SpamCop so far does not need extra features of tuffmail (why would you want to fix something not broken) SpamCop email sets-up the reporting so it'sVery Easy Reporting (VER) used (not a afterthought) Just a click of a mouse has all spam in your bulk folder selected and reported This ofeten stops the hole that spammer is crawling through Other pluses are that SpamCop allow efficient whitelisting which is missing in Tuffmail? The methods of tuffmail sorting spam will mean a very high false positive without whitelisting with a lot of legitimate email blended in with spam. SpamCop email also use spamassasin but with the very much needed and unique whitelist of one's own creation (not only email addresses but domains and even countries) Also they do not use the best and most accurate of Blocklists our very own SCBL which lists spammers as they try to send sam not aterwards and releasing that IP when spam stops. Other blocklists used by tuffmail just add to lists removal from lists is nt that effiecient And yes SpamCop email has even more to offer than is said here From / at /.cn Sat May 6 08:31:02 2006 From: / at /.cn (Petzl) Date: Fri May 5 17:35:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Gareth" wrote in message news:e3f2q4$a92$1@news.spamcop.net... > Many thanks for all your helpful responses. > My email address is probably quite vulnerable to dictionary attack as some > of you mentioned (gazza is a popular nickname in the UK!) but I know for > sure someone had it before me as I have had emails from companies to which > the previous owner had subscribed (eBay and the like). > I have other address which don't suffer so much spam and just created this > new one as a spare. Hence I will probably drop it as it is a chore to > report all this spam considering I don't really do anything else with the > address. > I had heard of some people having success in significantly reducing their > spam with spamcop so thought I'd try it to see if I could clean up this > address. > I've also heard of a program called Mailwasher which apparently generates > a bounce in response to spam in an attempt to convince the spammers the > address in invalid. I am a bit sceptical of this since a) I doubt whether > the spammers care about bounces and b) I worry if such bounces could be > detected as being false and thus validate the address. > Any comments on this would be appreciated. > Thanks > > Gareth Mail washer is a good option (not as good as SpamCop email) just turn the "bounce annoyance" off From nobody at devnull.spamcop.net Fri May 5 16:22:57 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 18:25:04 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: Petzl wrote... > SpamCop email sets-up the reporting so it'sVery Easy Reporting (VER) used > (not a afterthought) Just a click of a mouse has all spam in your bulk > folder selected and reported This ofeten stops the hole that spammer is > crawling through > Other pluses are that SpamCop allow efficient whitelisting which is > missing in Tuffmail? "Any user configured restrictions, can be bypasssed with a user controlled Allow list entry for the full envelope sender address, the envelope sender domain, the client IP address, or a CIDR network." http://www.tuffmail.com/fixed-policy.php SpamCop FAQ : SpamCop Mail Service : FAQ about the Personal Blacklist and Whitelist : What headers are checked? The following headers are checked against the whitelist Envelope Sender aka Return Path From: Sender: http://www.spamcop.net/fom-serve/cache/303.html > The methods of tuffmail sorting spam will mean a very high false positive Evidence, please. > without whitelisting with a lot of legitimate email blended in with spam. > SpamCop email also use spamassasin but with the very much needed and > unique whitelist of one's own creation (not only email addresses but > domains and even countries) "Tuffmail spam scoring is based on the SpamAssassin(tm) Open Source software. Scoring may be enabled or disabled and score thresholds set for an address, for a domain, or for the account. Allow/Deny lists can be created for an individual address, for a domain, or for the account." http://www.tuffmail.com/filter.php > Also they do not use the best and most accurate of Blocklists our very own > SCBL which lists spammers as they try to send sam not aterwards and > releasing that IP when spam stops. SCBL is part of the Spamassassin scoring and can be given a high weight if you wish. Search on "BL_SPAMCOP_NET" at http://www.tuffmail.com/scores.php > Other blocklists used by tuffmail just add to lists removal from lists is > nt that effiecient I realize that humans tend to have a certain amount of "brand loyalty" and can get quite upset with any discussion that hints at their favorite software / servbice / sports team / nation / etc. not being perfect, but you are no only claiming that spamcop is the best possible mail service but also that the SCBL is the best possible DNSBL. Different DNSBLs have different goals and purposes. > And yes SpamCop email has even more to offer than is said here Like the inability to block an IP address? Or to generate a new email address for every webform you fill out? Or to graylist? Or to use "-" on those brain-dead systems that won't let you put "+" in your email address? Or to set the MX records for your domain to point to spamcop-provided relay servers? As I said, Spamcop email is a fine system - better than most. It is the one I use. From raoul at somoen.com Fri May 5 23:25:35 2006 From: raoul at somoen.com (raoul@someone.com) Date: Fri May 5 22:30:07 2006 Subject: [SpamCop-List] Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Hi all, So one of my domains is being forged by some spammer. In this thread there was a question about sending NDRs in to SpamCop - is that acceptable / practical? I am tempted to break it intentionaly for a few days. I could use suggestions other than sending out spam myself(!) Perhaps there could be a blacklist for domain owners that want to blacklist themselves for a few days to discourage domain spoofing... "WazoO" wrote in message news:e36n5d$393$1@news.spamcop.net... > "Andy" wrote in message > news:e358h6$5pi$1@news.spamcop.net... >> >> 3. At the end of the day would anyone actually follow this up or would I > be >> wasting my time? The scammer may make a few bucks but he won't be >> retiring >> on the proceeds of this one. > > If you want to believe the "bragging" ..... > > http://spamkings.oreilly.com/archives/2006/03/stock_spammers_stung_by_secret.html#trackbacks > "According to the February 17 complaint, Moeller boasted to a fellow > spammer > (working for the feds as a confidential informant or CI) that he and > Vitale > were making $40,000 per week sending spam that touted shares of small-cap > stocks -- a practice known as pump-and-dump spamming. The two operated a > company called Viatelecom aka Via Telecom LLC to do their stock deals. > > In an April, 2005 instant message conversation with the CI, Moeller > claimed > that he had 40 servers for sending spam, as well as 35,000 "peas" or > proxies > to disguise the true origin of the spams. He said he exclusively spammed > AOL > members and boasted he could send millions of spams per hour, with less > than > 20 percent getting caught in AOL's spam filters." > > From scamper at trisk.com Fri May 5 21:55:24 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Fri May 5 23:00:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: raoul@someone.com wrote: > Hi all, > > So one of my domains is being forged by some spammer. > > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? > > I am tempted to break it intentionaly for a few days. I could use > suggestions > other than sending out spam myself(!) Perhaps there could be a blacklist for > domain That is what SPF (Sender Policy Framework) does. You don't have to blacklist yourself, you just publish what IP's can be used in combination with your domain name. Every other possible combination is thus blacklisted by those who honor SPF records. For more info on SPF see: http://www.openspf.org/ > owners that want to blacklist themselves for a few days to discourage domain > spoofing... > >[snip] -- Garen From / at /.cn Sat May 6 14:01:23 2006 From: / at /.cn (Petzl) Date: Fri May 5 23:05:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3gj81$7g1$1@news.spamcop.net... > > Petzl wrote... [S] >> And yes SpamCop email has even more to offer than is said here > > Like the inability to block an IP address? Or to generate a new email > address > for every webform you fill out? Or to graylist? Or to use "-" on those > brain-dead systems that won't let you put "+" in your email address? Or > to > set the MX records for your domain to point to spamcop-provided relay > servers? > > As I said, Spamcop email is a fine system - better than most. It is the > one I use. http://www.spamcop.net/ces/individuals.shtml versus http://www.tuffmail.com/features.php Well I suppose some thing's are not "everyone's cup of tea" Not found other "tack-ons" yet necessary You already use SpamCop as do I (Which can also retrieve & accurately filter email from existing providers, as well as Hotmail Yahoo etc) The major strength with SpamCop email is it accurately sorts my spam from my legit email and then attacks the spammer/s who tried to spam me in the first place. Often being used by various authorities to help track down spammers It is the only email I have used since last century which has proved itself bullet proof While you might get fluffed up about other gee whiz ideas in email service? SpamCop email is still proving to me it is much more than adequate and no need for a new broom yet. SpamCop email & SpamCop is always continuously improving as, when and often before needing to Petzl -- Check your computers security (free) From nttp.sc.s at bigsleep.org Sat May 6 04:15:48 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 23:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3h37a$f9l$1@news.spamcop.net: > That is what SPF (Sender Policy Framework) does. You don't have to > blacklist yourself, you just publish what IP's can be used in > combination with your domain name. Every other possible combination is > thus blacklisted by those who honor SPF records. > That's only useful if you have control over your DNS text records for your domain, and you know the outgoing mail servers that any user of your domain might use. That's only part of the problem with SPF, and you almost never want to use SPF-Fail (If you can even figure it out from their documentation). -- | Ric | From MikeE at ster.invalid Fri May 5 21:17:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 5 23:20:12 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: raoul@someone.com wrote: > So one of my domains is being forged by some spammer. You haven't made your issue perfectly clear. > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? Maybe you are talking about, combining the fact that you are 'thinking about' an address being forged, presumably in the From, and you are also 'thinking about' something sending something, presumably a server initiating a newmail addressed to a bogus From, none of which has been mentioned by you yet, the following... Then or therefore, if some server is newmailing you a delivery status notification failed or DSN to some bogus From, then, if the question about /that/ is if such a newmail addressed to a bogus From is 'acceptable', as opposed to reportable, then the answer is "No." Or to manufacture a complete story all by myself who is guessing at what you are not saying, "Can I report an abusive email which I receive from a server which is creating a newmail addressed to my bogus From as a delivery status notification failed - because that server accepted a mail for delivery with my addy as a bogus From and then chose to notify the bogus From about it with a DSN failed?" Then the ansewr is "Yes." Notice how much words I am having to make up for myself here because your words are ambiguous. If that 'acceptable' sentence is asking, "Can I spamcop report a server which is emailing me delivery status notifications failed because my addy or domain addy has been forged into a bogus From and that server is accepting mails which are undeliverable which have my domain/addy in the From, and then newmailing me about it." Then, the answer would be "Yes." If the question is something else which hasn't yet been made clear here, then you will have to ask that question more clearly and distinctly. > I am tempted to break it intentionaly for a few days. I could use > suggestions I have no idea what those words mean. > other than sending out spam myself(!) I have no idea what those words mean. > Perhaps there could be a > blacklist for domain > owners that want to blacklist themselves for a few days to discourage > domain spoofing... And I have no idea what those words mean. -- Mike Easter kibitzer, not SC admin From scamper at trisk.com Fri May 5 22:43:26 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Fri May 5 23:45:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3h37a$f9l$1@news.spamcop.net: > >> That is what SPF (Sender Policy Framework) does. You don't have to >> blacklist yourself, you just publish what IP's can be used in >> combination with your domain name. Every other possible combination is >> thus blacklisted by those who honor SPF records. >> > > That's only useful if you have control over your DNS text records for your > domain, and you know the outgoing mail servers that any user of your domain > might use. This is not an insurmountable problem. Every domain owner potentially has such control since only the domain owner can point their domain at any given DNS. A domain owner doesn't have to use the DNS services of their provider. Even if they do choose to use their provider, a simple phone call to tech support with instructions on what to include in an SPF record will generally suffice. As for outgoing mail servers the protocol is very flexible. There are lots of ways to specify acceptable outgoing servers besides using numeric ranges. A bit of testing can figure it out. > > That's only part of the problem with SPF, and you almost never want to use > SPF-Fail (If you can even figure it out from their documentation). > Well I can only speak for myself, but I have been using SPF now for over a year and have yet to see a case where rejecting an email that failed an SPF check caused any problems. For me at least it solved far more problems that it might potentially have caused. Thousands of sites use it with no problems. The only problems it might cause that I am aware of are for relay servers, and there are workarounds for those situations that which are discussed in the protocol. I had no problem figuring it out. I have had no problem using SPF "fail" myself, and configuring to reject messages that fail an SPF check. -- Garen From nttp.sc.s at bigsleep.org Sat May 6 05:14:46 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 00:15:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3h61b$gll$1@news.spamcop.net: > Thousands of sites use it with no problems. The only problems it might > cause that I am aware of are for relay servers, and there are > workarounds for those situations that which are discussed in the > protocol. > A "workaround" fix for broken software is not acceptable except for those use that software. SPF is broken and they expect everyone else to fix it. And I have seen complaints to ISPs that use SPF records, from their users, probably because they were using SPF-Fail, but then again you never know these days why someone might reject your mail. -- | Ric | From scamper at trisk.com Fri May 5 23:53:38 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 00:55:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3h61b$gll$1@news.spamcop.net: > >> Thousands of sites use it with no problems. The only problems it might >> cause that I am aware of are for relay servers, and there are >> workarounds for those situations that which are discussed in the >> protocol. >> > > A "workaround" fix for broken software is not acceptable except for those > use that software. SPF is broken and they expect everyone else to fix it. How do you define "broken"? The Internet is constantly evolving. I have rarely seen a piece of software that wasn't "broken" such that it didn't ever require a fix or workaround, or update, or patch, or tweak, or whatever to make it work the way you wanted it to work. New protocols can cause problems when getting them to interface with older protocols. This doesn't mean the new protocol is broken, nor does it mean the old one is. It can make them somewhat incompatible without adjustments and compromises being made. Sometimes making the time to do such adjustments is more desirable than doing nothing. The SPF protocol is still in RFC Draft form. So is DKIM-Signature: and Domainkey-Signature: (a trial run of DKIM). Yet people are making use of the protocols, software has been and is being developed and improved, the protocols are being discussed and updated, eventually I'm sure that in the not to distant future, full fledged RFC's will be issued. IMHO, in the case of SPF, the benefits of using SPF now, far outweigh the hassle of making the necessary software adjustments or attitude adjustments, or waiting until RFC's are issued. This is especially true if you are a victim of having your domain name forged into the from lines of spam. I have have been the victim of such forgery, and when searching for a solution I found SPF. I chose along with many other sites to adopt it early. Speaking from experience here, it had the effect almost immediately of cutting down to a trickle the amount of DSN (Delivery Status Notification) emails I had been getting prior to that. I'm sure if I disabled the record, I would soon have a ton of DSN's to deal with again instead of the one or two a week I see now from sites that haven't implemented SPF. I used to get hundreds a day prior to implementing SPF. It was almost as big a problem as spam was before implementing SPF. > > And I have seen complaints to ISPs that use SPF records, from their users, > probably because they were using SPF-Fail, but then again you never know > these days why someone might reject your mail. That is possible, but I have never personally seen any complaints about SPF. If I ever do, I'll deal with that situation as appropriate. Admittedly there is a learning curve with it, and if it's mis configured it can potentially cause horrendous problems. The same can be said of a lot of networking software. :-) > From scamper at trisk.com Sat May 6 00:32:42 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 01:35:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Garen Erdoisa wrote: >[snip] > The SPF protocol is still in RFC Draft form. So is DKIM-Signature: and > Domainkey-Signature: (a trial run of DKIM). Yet people are making use of > the protocols, software has been and is being developed and improved, > the protocols are being discussed and updated, eventually I'm sure that > in the not to distant future, full fledged RFC's will be issued. I'll have to make one correction to myself here. I just checked the status of the RFC and found that the SPF RFC is no longer in Draft form. An experimental RFC was issued 4/28/2006. http://www.ietf.org/rfc/rfc4408.txt >[snip] -- Garen From nttp.sc.s at bigsleep.org Sat May 6 07:02:02 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 02:05:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3ha4v$ir6$1@news.spamcop.net: > How do you define "broken"? > It's common knowledge, they say it right on their site. They may have fixed it in the last year, but I doubt it as you indicated the problem still exists. Besides all that, SPF doesn't check the From header anyway, as far as I know, so it's pretty easy to get around, as all the PayPal phish proves. -- | Ric | From scamper at trisk.com Sat May 6 01:32:36 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 02:35:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3ha4v$ir6$1@news.spamcop.net: > >> How do you define "broken"? >> > > It's common knowledge, they say it right on their site. They may have fixed > it in the last year, but I doubt it as you indicated the problem still > exists. > > Besides all that, SPF doesn't check the From header anyway, as far as I > know, so it's pretty easy to get around, as all the PayPal phish proves. > The "classic" SPF version checks the envelope from and falls back to checking the HELO strings for forgeries. If a test is inconclusive SPF allows the mail to pass on through. AFAIK It was never intended for SPF to check the From: header given in the message data because to do so you first have to accept the data. DSN's are typically sent to the return path as given in the envelope from, which is not necessarily the same as the path in the From: header. Also note that it's only when a test is conclusive as a fail that a message should be rejected during the SMTP transaction. That policy is up to the mail administrator. They can accept and tag emails that fail an SPF check if they so choose. There are several competing protocols right now which are in development and address the various aspects of sender forgery and there is an ongoing technical effort to resolve the conflicts between the competing protocols. So what else is new? :-) From nttp.sc.s at bigsleep.org Sat May 6 08:15:50 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 03:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3hfuh$lmp$1@news.spamcop.net: > AFAIK It was never intended for SPF > to check the From: header given in the message data because to do so you > first have to accept the data. > ... I know that, but the common response to "someone's forging my domain" is "get SPF", which doesn't exactly stop anyone from forging your domain. It won't even stop many bounces since most of us try not to bounce anyway (I mean, you expect servers that bounce to use SPF?). > > That policy is up to the mail administrator. They can accept and tag > emails that fail an SPF check if they so choose. Well that's what its good for. Why not expand on that and have a "SMTP=Yes" or "SMTP=No" text record for PTRs? Put authenticated senders in the Received header? Some DNSBLs I tag, but if it's in two I reject, math works too. -- | Ric | From spam at nospam.org Sat May 6 12:24:23 2006 From: spam at nospam.org (Andy) Date: Sat May 6 05:30:11 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: "Mike Easter" wrote in message news:e3h4g8$g1c$1@news.spamcop.net... > raoul@someone.com wrote: > > > So one of my domains is being forged by some spammer. > > You haven't made your issue perfectly clear. Mike, I think you're working on a higher level than us mere mortals. It seemed pretty clear, although highly impractical, to me. The guy's domain is yet another victim of backscatter due to spam sent out with a bogus From address. What he wants to do is blacklist his own domain so that spam sent from any bots around the world would be killed at source, hopefully discouraging the spammer from using his domain in bogus addresses in future. The comment about sending out spam was a tongue in cheek reference to a way to get his domain blacklisted. Andy From g.hyde at bigpond.net.au Sat May 6 23:26:49 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat May 6 08:30:03 2006 Subject: [SpamCop-List] Bogus listserv email. Message-ID: http://www.spamcop.net/sc?id=z936376658zfa06d5d13a07782bc9de59bae83622f5z This one appears to be from some listserv or mailing list server, and yet resolves to somwhere in the .in domain. Other than the listserv's supposed unsubscribe link, it seemed like most of the usual spam email junk. Full of advertising rubbish. This one was reported, since I never subscribed to their list junk, and it also apparently has been sent through an open proxy. I am wondering if that .info domain should have resolved to somewhere. Anyone care to speculate if it's worthwhile doing a manual report for the domain? Cheers ... Geoffrey Hyde From MikeE at ster.invalid Sat May 6 07:18:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:20:03 2006 Subject: [SpamCop-List] Re: Bogus listserv email. References: Message-ID: Geoffrey Hyde wrote: > I am wondering if that .info domain should have resolved to somewhere. > Anyone care to speculate if it's worthwhile doing a manual report for > the domain? fakcvb.theworldset.info DNS 148.247.195.109 148.247.195.109 rDNS gluon.mda.cinvestav.mx spamhaused as the /32 rokso yambo financials since May 6 The provider cinvestav.mx is a /16 and has that one spamhaus listing If the provider isn't responsive to the spamhaus listing, it isn't going to be responsive to your manual notify or a SC courtesy notice - or you could take the attitude that the recent spamhaus listing is sufficient motivation, you don't need to further notify manually. There are many different tools you can use to resolve spamvertiser url or even study why SC didn't resolve it. SC also can't resolve that name if plugged nakedly into the parser, suggesting maybe SC is blocked. The other alternative is that the nameservice gets a D minus timing score at dnsstuff and takes over 300 ms to answer. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat May 6 07:29:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:30:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Andy wrote: > "Mike Easter" >> raoul@someone.com wrote: >> >>> So one of my domains is being forged by some spammer. >> >> You haven't made your issue perfectly clear. > The guy's domain is yet another victim of backscatter due to spam > sent out with a bogus From address. I figgered that's what he was probably saying. > What he wants to do is blacklist > his own domain so that spam sent from any bots around the world would > be killed at source, hopefully discouraging the spammer from using > his domain in bogus addresses in future. If you think that's what he meant, or if that /was/ what he meant, it is no wonder that I could not imagine what he was saying. He wasn't speaking a language I can understand. I can't even imagine it when you are saying it more clearly or rather /distinctly/, rather than clearly. Because it isn't clear even when you say it distinctly. That is not just a dumb idea, it is an idea which has no foundation whatsoever in logic or mechanics, making it a ridiculous idea, actually not an idea at all. In the first place, how would you blocklist a domainname? That is, how would you go about doing that? Wbat blocklist? Almost nothing blocks on domainnaame even as the *source*, and nothing whatsoever, with the possible exception of some daft end user, blocks their email based on the From. > The comment about sending out spam was a tongue in cheek reference to > a way to get his domain blacklisted. I see. First he speaks in inanities, then he compounds the inanity with facetiousness. I think I would have been better of without having it translated for me. Thanks. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat May 6 07:31:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:35:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Mike Easter wrote: > I see. First he speaks in inanities, then he compounds the inanity > with facetiousness. I think I would have been better of without > having it translated for me. Thanks. Oops. That was supposed to have some kind of smiley on it, wry or otherwise :-/ s/of/off ... I would have been better off.... -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Sat May 6 12:34:56 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat May 6 11:35:09 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Garen Erdoisa wrote: > > Well I can only speak for myself, but I have been using SPF now for over > a year and have yet to see a case where rejecting an email that failed > an SPF check caused any problems. For me at least it solved far more > problems that it might potentially have caused. If the postmaster where I pick up my e-mail from implements SPF to reject alleged forwarding, I would lose a significant portion of my e-mail. One of my public e-mail addresses is a forwarding service, and SPF specifically breaks such forwarding services because they all they add is a header line, and do not rewrite the other parts of the header. The "solution" described by the SPF is to require replacement of the software in use by the mail forwarding service. I have seen posted several times on the DSBL and other mailing list archives that the RFCs require all systems connected to the public internet to have a working rDNS. Considering that a strict rDNS check foils more spam attempts than SPF does, and can not be implemented because there are a few popular networks that can not take the 15 minutes to correct their rDNS, an anti-spam system that requires a modification or replacement to RFC compliant mail processing systems owned by others is not a good solution. If you run a small domain where you personally know all the users and where they get their e-mail from, you can safely implement SPF to reject spam/backscatter. For the large domains that are proposing/promoting it, they do not seem to care how many of their users that they are breaking e-mail reception for. Now as far as your backscatter problem: Can you modify your DNS server to respond differently to the I.P. addresses of the few mail servers generating the backscatter? If so, present them with an MX record resolving to 127.0.0.1, it will eventually eliminate the backscatter from those servers. -John wb8tyw@qsl.network Personal Opinion Only From me at privacy.net Sat May 6 18:00:14 2006 From: me at privacy.net (Michael R N Dolbear) Date: Sat May 6 13:05:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: <01c67125$0e287960$LocalHost@default> Mike Easter wrote [...] > on domainnaame even as the *source*, and nothing whatsoever, with the > possible exception of some daft end user, blocks their email based on > the From. Me! Me! Me! You don't, I think, read the forum, but under "how to use Spamcop mail features" "personal blacklist" I noted that I block mail that says it comes from ebay.com, paypal.com and some others (I have just added chase.com and irs.gov). Some other users have taken the idea up. The fraudsters whose emails I wish to block *have* to use plausible Froms and so I exploit that. -- Mike D From edb2000 at spamcop.net Sat May 6 11:51:02 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 13:55:02 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: G|_|Y |\/|AC0|\| wrote: > having "@spamcop.net" at the end of your email > address tends to reduce your incoming spam load by scaring some spammers. While it is impossible to know how many spammers are scared off by the @spamcop.net, I have numerous examples showing that by no means are all of them put off by it. -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Sat May 6 13:05:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 15:05:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: <01c67125$0e287960$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Mike Easter >> nothing whatsoever, with the >> possible exception of some daft end user, blocks their email based on >> the From. > > Me! Me! Me! > > You don't, I think, read the forum, but under "how to use Spamcop mail > features" "personal blacklist" I noted that I block mail that says it > comes from ebay.com, paypal.com and some others (I have just added > chase.com and irs.gov). Some other users have taken the idea up. > > The fraudsters whose emails I wish to block *have* to use plausible > Froms and so I exploit that. Exploit? How about mis-tag? I just looked back thru' my collection of legitimate mail and I have lots of goodmail items from ebay and paypal. Whitelisting Froms isn't a bad idea. Blacklisting From domains seems like an idea fraught with the possibility of false positives. Then you get to deal with what you do with your positives and how much you like digging thru' your spam to find the occasional false positive. Sometimes having a bright idea about how to block something isn't such a bright idea after all. My experience with phishes is that they are mostly sourced from listed open proxies. I would much rather tag as spam something coming from an open proxy than something coming from a paypal or ebay.address. I think the best kind of filter is one which never has a false positive ever, even if an occasional spam leaks thru'. Creating a filter tag which might possibly have a false positive is not a good strategy in my opinion. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Sat May 6 13:07:34 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 15:10:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Mike Easter wrote: > In the first place, how would you blocklist a domainname? If you have control of the DNS zone, maybe something like this: domain.name. 3H IN A 127.0.0.1 domain.name. 3H IN MX 10 127.0.0.1 Might result in lots of "loops back to myself" errors, but should prevent backscatter email. [might interfere with other uses of the domain name besides email, though] :-) -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Sat May 6 13:26:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 15:30:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Don Wannit wrote: > Mike Easter wrote: > >> In the first place, how would you blocklist a domainname? > > > If you have control of the DNS zone, maybe something like this: That's actually not how I meant what I said. > domain.name. 3H IN A 127.0.0.1 > domain.name. 3H IN MX 10 127.0.0.1 > > Might result in lots of "loops back to myself" errors, > but should prevent backscatter email. [might interfere > with other uses of the domain name besides email, though] My question didn't really mean block it for yourself, I was trying to say "How would some individual 'cause' a particular domainname to get onto some publicly available and widely used blocklist which is made of domainnames?" The inane original 'question' [if you can call the absurd notion a question] was about the OP wanting their domainname to somehow be blocked by great numbers of recipient servers so that those recipient servers couldn't possibly accept the items and then generate a newmail delivery status notification to the bogus From. So, the notion would 'require' that somehow 'magically' there would be a blocklist widely used by servers which blocklist was made of domainnames, and thus all of these servers using this imaginary blocklist wouldn't be bothering the OP with their backscatter. I can't believe we are discussing the original post. -- Mike Easter kibitzer, not SC admin From spam at nospam.org Sun May 7 00:00:48 2006 From: spam at nospam.org (Andy) Date: Sat May 6 17:05:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: "raoul@someone.com" wrote in message news:e3h1f2$egc$1@news.spamcop.net... > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? > This was part of the original question that I posed but was never answered. However, the answer is 'yes', sending misdirected bounces to SpamCop is legitimate behaviour. The administrator of the bounce server will get a report suggesting that he/she reconfigure the server to reflect the realities of the 21st century. > I am tempted to break it intentionaly for a few days. I could use > suggestions > other than sending out spam myself(!) Perhaps there could be a blacklist for > domain > owners that want to blacklist themselves for a few days to discourage domain > spoofing... > I just discovered that my ISP has a well hidden option to drop all incoming DSNs to my domain, instantly stopping the backscatter. The downside is that valid bounces are also dropped but this is a small price to pay for the reduced admin load. Now there should only be the really helpful 'you are a dirty spammer' mails coming to my 'abuse' mailbox to deal with. Obviously this is only treating the symptom not the disease but it's definitely boosted my kharma. Andy From edb2000 at spamcop.net Sat May 6 15:44:17 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 17:45:02 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: G|_|Y |/|AC0||" " wrote: > Alas, > there are a huge number of spammers that pump out email without > even minimal listwashing such as removing duplicates or domains > that don't exist. Or even postmaster@ or abuse@ (I'm sure those recipients have a very HIGH rate of response to spam...) -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Sat May 6 15:47:51 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 17:50:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Andy wrote: > I just discovered that my ISP has a well hidden option to drop all incoming > DSNs to my domain, instantly stopping the backscatter. The downside is that > valid bounces are also dropped but this is a small price to pay for the > reduced admin load. Now there should only be the really helpful 'you are a > dirty spammer' mails coming to my 'abuse' mailbox to deal with. For that matter, anyone who can use procmail or other mailhost-side mail processor, or even subject-based mail filtering on their mail-reading agent, has similar ability. If you don't care about valid bounces (for suitable definition of "valid"), then just filter all incoming DSN's to /dev/null or the Trash mailbox, as appropriate. -- Don Wannit A paid SpamCop user since 1999 From scamper at trisk.com Sat May 6 17:28:04 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 18:30:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Garen Erdoisa wrote: >> >> Well I can only speak for myself, but I have been using SPF now for >> over a year and have yet to see a case where rejecting an email that >> failed an SPF check caused any problems. For me at least it solved far >> more problems that it might potentially have caused. > > If the postmaster where I pick up my e-mail from implements SPF to > reject alleged forwarding, I would lose a significant portion of my e-mail. This can indeed happen if the postmaster does not follow the recommendations put forth on how to resolve issues like this for forwarding email servers as part of his implementation. That is not the fault of SPF, that is an administration issue for that one site and situation. The recommended solution for those who wish to implement SPF is to re-write the envelope sender address as part of the forwarding process so the forwarded mail isn't rejected due to an SPF failure. This is a trivial task that can be done with a handful of lines of procmail code and a cronjob. It isn't rocket science. > > One of my public e-mail addresses is a forwarding service, and SPF > specifically breaks such forwarding services because they all they add > is a header line, and do not rewrite the other parts of the header. That is not the fault of the SPF protocol. If they are not following the recommendations even that much, that is just being lazy. > > The "solution" described by the SPF is to require replacement of the > software in use by the mail forwarding service. That is one possible scenario yes. There are other means to accomplish the same task without having to replace much in the way of existing software. > > I have seen posted several times on the DSBL and other mailing list > archives that the RFCs require all systems connected to the public > internet to have a working rDNS. I've heard that also, but I have yet to find the relevant RFC's. Admittedly I have not looked that hard for that particular one since it is of no concern to me. All my hosts have correct working rDNS and have since the day they went online, so it's not really a piece of information I've been all that motivated to find. :-) > > Considering that a strict rDNS check foils more spam attempts than SPF > does, and can not be implemented because there are a few popular > networks that can not take the 15 minutes to correct their rDNS, an Strict rDNS checks can also foil legitimate email. China is a good example. They use their own root name servers so it's rare that you'll find an IP hailing from China that has an rDNS mapped to anything on our name servers other than for required ISP roll accounts. I receive a lot of spam attempts from China. I block all of China also, because I don't know anyone there, and have no desire to establish any business relationships with anyone there. However that does not mean that there is never any good mail out of China. I'm sure there is quite a lot, hopefully more good mail than spam. If it weren't for the continual spam attempts from that geographical area, I would remove the block. > anti-spam system that requires a modification or replacement to RFC > compliant mail processing systems owned by others is not a good solution. I have a problem with your logic here, see below. > > If you run a small domain where you personally know all the users and > where they get their e-mail from, you can safely implement SPF to reject > spam/backscatter. Yes. You an also do the same for a large ISP, or MSP, or mail forwarding service, or list mail servers, etc. The issues that have been raised are not insurmountable. IMO, it's a relatively trivial administration task. Once it's setup and working properly it requires little maintenance. > > For the large domains that are proposing/promoting it, they do not seem > to care how many of their users that they are breaking e-mail reception > for. I doubt that. I think that businesses do care very much what their clients think and believe and go to great lengths to make their clients happy. Especially so when they find out their clients are unhappy with some aspect of their business relationship. The old business motto comes to mind. Happy customers are repeat customers, and repeat customers are what keeps a business alive. People who choose to implement SPF do so for a reason. It's not something they do willy nilly for no reason at all. I certainly would not have done so myself if I didn't have a damn good reason. That reason was that I absolutely needed a way to discourage spammers from forging my domain into the from headers of their spams. My site was under such abusive attacks and harassment for several months over a year ago before I stumbled on SPF as a possible solution. I knew it was a draft then, but chose to implement it early out of necessity. It did solve that particular problem for my case. > > Now as far as your backscatter problem: > > Can you modify your DNS server to respond differently to the I.P. > addresses of the few mail servers generating the backscatter? > > If so, present them with an MX record resolving to 127.0.0.1, it will > eventually eliminate the backscatter from those servers. Yes I am quite capable of modifying source code of software to change it's functionality. However I have 2 problems with this approach. 1) You stated above that in your opinion you thought that it was not to your liking that SPF would require software updates of software owned by others in order to implement the RFC properly for forwarders. Now here you are recommending that I hack my own DNS servers in order to trick the sending servers into sending the DSN notices to their own localhost postmaster accounts. This tantamount to fighting abuse with abuse, and is at the same time recommending that I (and possibly others) modify software to solve a spam problem. It doesn't really look all that good when you state in one paragraph that you are against the SPF requirement that software be modified to fully implement their solution, then turn right around and suggest that I modify my software to implement your alternate solution, without even an RFC draft in hand? Also I do believe that your suggestion (while admittedly funny in practice) *would* violate the RFC's relevant to good DNS management. It would violate net etiquette in the sense that you would have me have my DNS servers actually lie about the addresses assigned to my MX. It would violate my own sense of ethics as well, and it would not necessarily solve the problem. I think that it would at most just hide it from view. 2) Such modification of DNS software if this became a general practice could also be used to abuse other servers. You don't have to set the record to 127.0.0.1, in theory it could be set to *any* IP address. This would also be tantamount to net abuse in it's own right. I have never seen or heard of any such project being seriously proposed for use on the Internet to fight spam. In any case, the Internet is a constantly changing community of cooperating networks. One of the problems with spam is that senders forge addresses. SPF is one of several solutions proposed to deal with that. SPF is not and never was intended to be the solution to end spam. It is only supposed to help deal with MAIL FROM: forgery and HELO forgery. If it's used properly, I think that it does it's job quite well. Thank you for sharing your thoughts. :-) Be well >[snip] -- Garen From scamper at trisk.com Sat May 6 18:04:12 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 19:05:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3hfuh$lmp$1@news.spamcop.net: > >> AFAIK It was never intended for SPF >> to check the From: header given in the message data because to do so you >> first have to accept the data. >> ... > > I know that, but the common response to "someone's forging my domain" is > "get SPF", which doesn't exactly stop anyone from forging your domain. It > won't even stop many bounces since most of us try not to bounce anyway (I > mean, you expect servers that bounce to use SPF?). SPF is a viable solution to such forgery. It's a perfectly valid answer to suggest adopting SPF as an answer to such a question. I agree with you that SPF will not stop header forgery. However it does provide a mechanism that mail administrators can use to detect such header forgery and make a decision on the spot to accept or reject email during the SMTP transaction based on that test before accepting the data. Servers that bounce have other more serious issues. SPF might or might not help with that. I think that their administrators still have to ultimately take responsibility for and fix the underlying issues that are generating the bounce messages in the first place even if they adopt SPF. > >> That policy is up to the mail administrator. They can accept and tag >> emails that fail an SPF check if they so choose. > > Well that's what its good for. Why not expand on that and have a "SMTP=Yes" > or "SMTP=No" text record for PTRs? Put authenticated senders in the > Received header? Some DNSBLs I tag, but if it's in two I reject, math works > too. That is effectively what SPF does. It states "SMTP = yes for these IP's, SMTP = no for everything else." I also use DNSBL's here. Spammers can publish SPF records too. This doesn't make any difference to me if they do or not. I actually hope they will because it makes them that much easier to block. What it does do is allow *me* to state *what* servers are allowed to send mail using *my* domain name in the envelope sender. As far as SPF relates to me and how I use it that is all I really care about what it does. The flip side to that is that I also honor (out of common courtesy) the SPF policies of others who publish their policy, thus rejecting mail that fails the test. Both are my choices. You don't have to implement SPF if you don't want to. SPF compliant mail servers will not reject your mail if you don't publish an SPF policy. They may reject it for other reasons, but that's another issue. Remember, SPF is an experimental protocol. According to what I read last night it looks like it is going to remain in the experimental state for at least 2 more years. Since you obviously feel so strongly about it, might I suggest that you join the forums that discuss the protocol and voice your feelings there as well? Perhaps those that are more enlightened than I can sway you, or perhaps you can sway them. :-) -- Garen From nobody at devnull.spamcop.net Sat May 6 21:59:02 2006 From: nobody at devnull.spamcop.net (POP) Date: Sat May 6 21:00:03 2006 Subject: [SpamCop-List] OT: Re: why our server got listed? References: Message-ID: ... > > > I predict that we will see no answer to the above from Oleg > Bulyzhin... :) > > > I don't really care what you predict, nor do I have any interest in your apparent wish to act so trollish in so many ways. If you're not a troll, you should brush up on your interpersonal skills a bit, and if you are a troll, well ... . Not going to debate; have nothing further to say unless you wish to act upon on-topicality in your posts and to proceed with a more realistic attitude. If you want to be read, you need to have a point, and a bit of intelligence in the content of your posts. Pop From nobody at spamcop.net Sat May 6 19:24:33 2006 From: nobody at spamcop.net (N. Miller) Date: Sat May 6 21:30:01 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: <15rk4rco7kev5.dlg@news.spamcop.net> On Thu, 4 May 2006 17:45:16 +0000 (UTC), Oleg Bulyzhin wrote: > Correct me if i'm wrong: server may be listed if (and due to!) it does > conform rfc822 (i.e. will send bounce)? And you can avoid this if you violate > this part of rfc822? AFAIK, RFC 2822, as well its predecessor, RFC 822, does not _require_ an SMTP server to accept email. An SMTP server which can't determine that it can't deliver email to a given email address, should not accept email to that email address. Period. If the server can't be configured to verify that received email is deliverable, it _should_ refuse to handle that email during the SMTP transaction. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun May 7 02:33:53 2006 From: nobody at spamcop.net (RandallW) Date: Sun May 7 04:35:12 2006 Subject: [SpamCop-List] contact info for yesnic.com Message-ID: Anyone know an e-mail addres for yesnic.com? From MikeE at ster.invalid Sun May 7 08:02:26 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 10:05:02 2006 Subject: [SpamCop-List] Re: contact info for yesnic.com References: Message-ID: RandallW wrote: > Anyone know an e-mail addres for yesnic.com? Yesnic is a registrar for domainname registration. They have a website. If you want to register a domainname with them you can go thru' the website. If you have some other purpose for contacting them, that purpose would affect what contact address to use. Typically if you are going to 'complain to' -- or rather /notify/ a domainname registrar because you are unhappy about something that a domainname registrant did, such as provide bad contact information, you should do that thru' internic because that way internic 'watches over' the registrar about their responsiveness to bad information in the registration http://wdprs.internic.net/ Whois Data Problem Report System The standard spamcop notify 'structure' for notifying providers about spamsources and spamvertisers doesn't include the domainname registrar for a reason. Choosing a strategy for notifying that registrar should be based on 'something'. The yesnic abuse policy notification is here http://www.yesnic.com/ENG/misc/notice_0809.php3 Abuse Policy Notification and gives the address abuse@yesnic.com -- Mike Easter kibitzer, not SC admin From blah at blah.com Sun May 7 13:19:59 2006 From: blah at blah.com (news.spamcop.net) Date: Sun May 7 12:25:02 2006 Subject: [SpamCop-List] BlueSecurity/Blue Frog Message-ID: You guys have experience with this outfit? /. and Digg have been talking about it. From pantheus at spamcop.net Sun May 7 11:19:36 2006 From: pantheus at spamcop.net (ken) Date: Sun May 7 13:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 07 May 2006 12:19:59 -0400, news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been talking > about it. Yes, I have experience with them. And it is all good. They have been under attack from a spammer who is trying to hurt them, and using DDoS attacks and a nasty email campaign to attempt to hurt them. His (the spammer/scammer) attempts will fail. BlueSecurity has just come back online after the DDoS and is very much aware of who is doing it, and will prevail. While some may feel BS's goal is abusive, we /DO/ have the right to protect out inboxes, and BlueSecurity's Do Not Spam Registry and opt-out mechanism does work ! They have gained much Venture Capital and Security Company money to continue the valient fight and will prevail! Ken From MikeE at ster.invalid Sun May 7 11:53:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 13:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been > talking about it. I am opposed to BlueFrog/BS and I don't trust them. I think the primary business model is to make money off a venture capitalism idea by first attracting frustrated and naive spammees. I think they use shady business practices and collusion with spamvertisers. In the recent ddos incident, they acted very badly, diverting their problem onto innocent others and displaying their 'mentality' They are a rotten bunch -- I think the BlueFrogger spammees who envision themselves as spam retaliators are fools hanging out in a rotten barrel. It is not my job to prove those opinions here or elsewhere. There is plenty of discussion by me and by others in alt.spam and nanae for anyone who wants to search it. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Sun May 7 22:38:02 2006 From: nospam at nospam.org (Ejo) Date: Sun May 7 15:40:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Gareth" wrote in message > news:e3f2q4$a92$1@news.spamcop.net... >> Many thanks for all your helpful responses. >> My email address is probably quite vulnerable to dictionary attack as some >> of you mentioned (gazza is a popular nickname in the UK!) but I know for >> sure someone had it before me as I have had emails from companies to which >> the previous owner had subscribed (eBay and the like). >> I have other address which don't suffer so much spam and just created this >> new one as a spare. Hence I will probably drop it as it is a chore to >> report all this spam considering I don't really do anything else with the >> address. >> I had heard of some people having success in significantly reducing their >> spam with spamcop so thought I'd try it to see if I could clean up this >> address. >> I've also heard of a program called Mailwasher which apparently generates >> a bounce in response to spam in an attempt to convince the spammers the >> address in invalid. I am a bit sceptical of this since a) I doubt whether >> the spammers care about bounces and b) I worry if such bounces could be >> detected as being false and thus validate the address. >> Any comments on this would be appreciated. >> Thanks >> >> Gareth > > Mail washer is a good option (not as good as SpamCop email) > just turn the "bounce annoyance" off Have you tried spampal already, it is free and it essentially offers the same functionality as MW. From nobody at nowhere.not Sun May 7 22:07:52 2006 From: nobody at nowhere.not (Robert Blair) Date: Sun May 7 17:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 7 May 2006 16:19:59 UTC, "news.spamcop.net" wrote: > You guys have experience with this outfit? Until now only by receiving their spam. >From the little I have seen my guess it is a scam to sell an IPO and get rich quick then depart for warmer climates. The information I have read appears to be suspect. -- Robert Blair From / at /.cn Mon May 8 08:29:27 2006 From: / at /.cn (Petzl) Date: Sun May 7 17:35:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Ejo" wrote in message news:e3liam$tet$1@news.spamcop.net... > Petzl wrote: >> "Gareth" wrote in message >> news:e3f2q4$a92$1@news.spamcop.net... [S >> >> Mail washer is a good option (not as good as SpamCop email) >> just turn the "bounce annoyance" off > > Have you tried spampal already, it is free and it essentially offers the > same functionality as MW. Does SpamPal offer automated reporting the spammers or does it just delete (not used SpamPal) MailWasher not only stops spam but also allows basic reporting The best though is forking out the $US30 for a SpamCop email account which not only stops spam getting to ones inbox but also allows Very Easy Reporting (VER) of these spammers effectively closing their ability to send spam BEFORE it gets sent. Often making the ISP aware of spamming activity and SpamCop listing/blocking the spam IP source identified until spam stops. SpamCop is a very powerful weapon against spammers. SpamCop email makes stopping and reporting spam very easy Petzl -- Check your computers security (free) From pantheus at spamcop.net Sun May 7 15:47:11 2006 From: pantheus at spamcop.net (ken) Date: Sun May 7 17:50:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 07 May 2006 10:53:33 -0700, Mike Easter wrote: > news.spamcop.net wrote: >> You guys have experience with this outfit? /. and Digg have been >> talking about it. > > I am opposed to BlueFrog/BS and I don't trust them. We're going to have to agree to disagree ;-) > I think the primary business model is to make money off a venture > capitalism idea by first attracting frustrated and naive spammees. Frustrated, hell, yes! In five years of feeding SpamCop with, so far 110,000 bits of trash, I find I only get more spam. I don't think feeding it more will bring me (or anyone else) less spam. I've tossed a half dozen domain names and thrown wildcards away on all the rest, due to spam and I still get more. I don't have one open email address in the wild. Naive, not a chance! > I think they use shady business practices and collusion with > spamvertisers. I've seen nothing to allude to this. I hung around and watched for months before I signed up and used their devices. I had some doubts before, but those are gone, now. > In the recent ddos incident, they acted very badly, diverting their > problem onto innocent others and displaying their 'mentality'. By turning the DDoS back onto a couple trojaned proxies as collateral damage.. even the best of the 'fighters' have made a few "errors". By turning it back at the perp, he did get the message. ! > They are a rotten bunch -- I think the BlueFrogger spammees who envision > themselves as spam retaliators are fools hanging out in a rotten barrel. Harsh, without an iota of proof. The resumes of the principals reads far differently. > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. 'Ya, like most of those who post in nanae, and some of the alt.spam are saints and always right. hmmmmph BlueSecurity with almost a 1/2 million members has made great strides in turning a *lot* of my spam off, unlike the route I tried for 5 years. I still feed the ScBL, but wonder why. I could give you a couple urls of message boards that are not nanae-types which say just the opposite of what you are saying, (except for the spammer trolls, there) and they are NOT BlueSecurity boards. But I'm not going to convince you. But I do see several other @spamcop address using their service too, so I'm not alone. Ken From nttp.sc.s at bigsleep.org Sun May 7 23:10:02 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun May 7 18:15:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 06 May 2006, - Garen Erdoisa entered spamcop and left news:e3ja1r$lgg$1@news.spamcop.net: > That is effectively what SPF does. It states "SMTP = yes for these IP's, > SMTP = no for everything else." > I know exactly what SPF does, I'm talking about the connecting server, I'm not talking about a possibly forged envelope sender here. -- | Ric From MikeE at ster.invalid Sun May 7 17:19:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 19:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: ken wrote: > Mike Easter wrote: > Frustrated, hell, yes! In five years of feeding SpamCop with, so far > 110,000 bits of trash, I find I only get more spam. There is almost nothing about spamcop reporting that is going to get you less spam. >> In the recent ddos incident, they acted very badly, diverting their >> problem onto innocent others and displaying their 'mentality'. > > By turning the DDoS back onto a couple trojaned proxies as collateral > damage.. even the best of the 'fighters' have made a few "errors". > By turning it back at the perp, he did get the message. ! That is not at all an accurate description of what happened. BS diverted the attack after they fell by turning their own nameservice [falsifying their nameservice] toward a blog site which they were only using and which wasn't their IP and which was hosting numerous other innocent bystanders. That site suffered DoS crash because of BS's nameservice 'defensive' manipulation. Here's a description of the BS nameservice 'forgery' effect on the innocent Six Apart http://q.queso.com/archives/001917 The dishonor of Blue Security >> They are a rotten bunch > Harsh, without an iota of proof. The resumes of the principals reads > far differently. The purpose of giving financial position to some 'principals' with favorable sounding so-called credentials so as to get their backing or support or the use of the credentials is to lure in the investors or venture capitalists by making the whole thing sound positive and more legitimate. It is a big snake oil operation, song and dance, dog and pony show. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sun May 7 19:19:47 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sun May 7 19:20:10 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Mike Easter" wrote in message news:e3lc6c$q6i$1@news.spamcop.net... SNIP > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. > > -- > Mike Easter > kibitzer, not SC admin > Speaking of NANAE, since I am constrained to gargle grope it, er,use Google Groups, hence no killfilter, Can't anybody stop the hipcrime flood? What happened to the Usenet death? From MikeE at ster.invalid Sun May 7 19:24:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 21:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Berny wrote: > Speaking of NANAE, since I am constrained to gargle grope it, er,use > Google Groups, hence no killfilter, Can't anybody stop the hipcrime > flood? What happened to the Usenet death? Dealing with hipcrime depends on either the processes of the newsserver you use, some of which do a good job, or developing your own strategies and filter techniques. Some people are completely untroubled by the recent and current rashes -- ie don't know what you are talking about. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon May 8 11:53:03 2006 From: nobody at devnull.spamcop.net (Patto) Date: Sun May 7 21:55:03 2006 Subject: [SpamCop-List] spambr@admin.spamcop.net bounces Message-ID: http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z SC bouncing its own messages...? From nobody at devnull.spamcop.net Sun May 7 22:33:30 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun May 7 22:35:04 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces References: Message-ID: "Patto" wrote in message news:e3m88c$9bm$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z > > SC bouncing its own messages...? Wrong Tracking URL snagged? I don't see anything about a bounce, nothing connected to SpamCop.net in the headers, addresses identified for Reports ...???? From scamper at trisk.com Sun May 7 22:18:42 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun May 7 23:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 06 May 2006, - Garen Erdoisa entered spamcop and left > news:e3ja1r$lgg$1@news.spamcop.net: > >> That is effectively what SPF does. It states "SMTP = yes for these IP's, >> SMTP = no for everything else." >> > > I know exactly what SPF does, I'm talking about the connecting server, I'm > not talking about a possibly forged envelope sender here. > Hmm, well if you don't qualify such a txt record with an envelope sender it seems to me like that would add a lot of unnecessary DNS overhead unless you limited it to the SOA records and used NETWORK/CIDR ranges. I really don't see how your idea would be effectively any different than what SPF already provides for. If I'm understanding what you are suggesting correctly this is the way a potential mail session would proceed: -=-=-=- In your scenario: IP connects to mail server Mailserver does a host -t txt 1.100.168.192.in-addr.arpa. it receives a txt "SMTP=no" or txt "SMTP=yes" Mailserver rejects if IP is not allowed Mailserver continues. if IP is allowed. -=-=-=- In SPF's scenario: IP connects to mail server IP issues a MAIL FROM: someone@somehost.example.net Mailserver does a host -t txt example.net it receives a txt "v=spf1 ip4:192.168.100.1/24 -all" Mailserver rejects if IP isn't allowed Mailserver continues if IP is allowed. It does not seem to me to be all that different and I think that SPF provides for a lot more flexibility since the domain name owner controls the SPF record, while in your scenario only the owner of the IP range would control the record unless they forward the rDNS authority to the domain name owner for that IP. If you really think that it is a good idea, why not write up your solution and submit it as an RFC Draft? -- Garen From blah at blah.com Mon May 8 01:09:26 2006 From: blah at blah.com (news.spamcop.net) Date: Mon May 8 00:15:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Are you a spammer troll? You're being weird. "Mike Easter" wrote in message news:e3lc6c$q6i$1@news.spamcop.net... > news.spamcop.net wrote: > > You guys have experience with this outfit? /. and Digg have been > > talking about it. > > I am opposed to BlueFrog/BS and I don't trust them. > > I think the primary business model is to make money off a venture > capitalism idea by first attracting frustrated and naive spammees. > > I think they use shady business practices and collusion with > spamvertisers. > > In the recent ddos incident, they acted very badly, diverting their > problem onto innocent others and displaying their 'mentality' > > They are a rotten bunch -- I think the BlueFrogger spammees who envision > themselves as spam retaliators are fools hanging out in a rotten barrel. > > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. > > -- > Mike Easter > kibitzer, not SC admin > From vanguard.news at yahooNIX.com Mon May 8 00:48:49 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Mon May 8 00:50:01 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "news.spamcop.net" wrote in message news:e3l6u4$mun$1@news.spamcop.net... > You guys have experience with this outfit? /. and Digg have been > talking > about it. I'm not into vigilantism, as in DOS attacks, which is how BS behaves. Interesting to see BS's true self when they got DOS'ed. From MikeE at ster.invalid Sun May 7 23:00:56 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 01:05:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: news.spamcop.net wrote: > Are you a spammer troll? You're being weird. No one can tell exactly what that statement means or refers to because it lacks any context. It lacks context because there was no trimming or contextualization of the message you replied to. The message you replied to was mine which was a reply to yours. The way you contextualize a reply is by trimming away everything which you are not replying to and then to place your remark just under an empty line just under the exact words to which you are replying. Here are some instructions and illustrations in the new users links page http://members.fortunecity.com/nnqweb/nquote.html news.newusers.questions - Quoting Style in Newsgroup Postings -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun May 7 23:29:51 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 01:30:03 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces In-Reply-To: References: Message-ID: WazoO wrote: > "Patto" wrote in message > news:e3m88c$9bm$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z >> >> SC bouncing its own messages...? > > Wrong Tracking URL snagged? I don't see anything about a > bounce, nothing connected to SpamCop.net in the headers, > addresses identified for Reports ...???? antispambr@abuse.net redirects to spambr at admin.spamcop.net spambr at admin.spamcop.net bounces (99 sent : 99 bounces) From MikeE at ster.invalid Sun May 7 23:51:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 01:55:02 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces References: Message-ID: Tim McGraw wrote: >> "Patto" www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z >>> >>> SC bouncing its own messages...? > antispambr@abuse.net redirects to spambr at admin.spamcop.net > spambr at admin.spamcop.net bounces (99 sent : 99 bounces) That whole thing is kinda funky. It is about open proxy source 201.7.3.143 rDNS 201-7-3-143.spopa302.dial.brasiltelecom.net.br That leads to whois -h whois.abuse.net noc.brasiltelecom.net.br ... mail-abuse@cert.br postmaster@brasiltelecom.net.br abuse@NOC.BRASILTELECOM.NET.BR antispambr@abuse.net (for brasiltelecom.net.br) which leads to the above. I don't exactly get why brasiltelecom.net.br got an abuse.net address registered as a contact, or how that abuse.net addy became 'redirected to' a spamcop.net addy. The business about it ending up bouncing is just the final chapter in a little mess, which really isn't very important anyway, since there are plenty of other addresses. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Mon May 8 01:55:30 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Mon May 8 02:00:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "news.spamcop.net" wrote in message news:e3mgg6$dre$1@news.spamcop.net... > Are you a spammer troll? You're being weird. And you are being a child, especially since you haven't bothered to review past posts to check on Mike's demeanor. Children often use the excuse that if they are being hurt that they will then go hurt someone else, and not particularly the one that hurt them. The argument I see most that defends BS' (yeah, an appropriate abbreviation for them) flood redirect is that it was the spammers' fault for DOS'ing BS and that BS was in its right to then redirect the flood at someone else. Regardless of the problem, if a stray dog shits in your yard, you are NOT legally permitted to pick it up and toss it into your neighbor's yard. Clean up your own mess! From the ineptitude rampant amongst users that classify all undesirable e-mails as spam and go reporting it, it is highly likely that lots of web hosting providers are getting nailed due to stupid users. Cloudmark, at least, using a voting scheme that also ranks users based on their past performance regarding accuracy, is still a passive scheme as are most other responsible methods. BS has a "team" of analysts inspecting your e-mails (so much for privacy) and then has the local client on your host do the DOS bomb. Christ, users bitch about mailer trojans and yet they subscribe to this puerile zombism of their host. "Blue Security follows the links inside the body of the spam message, which typically lead to a site that wants to sell you prescription medications, porn, a get-rich-quick scheme, or the like. It then identifies the form fields at the spammer's site (where you're asked to input credit card data, for example) and then uses the software you installed to direct your PC to insert in those fields a request to unsubscribe you from the site's mailing list." (http://www.pcworld.com/news/article/0,aid,121841,00.asp) So BS disguises their DOS attack of the hosting provider as a shit-load of opt-outs. It doesn't matter what the hell is contained within their flood of messages. That's just BS trying to hide their true intent. Like a child, they just want to punish someone, anyone, regardless of the harm done to others. Extremists never care about how many they hurt as long as some of the victims might include their intended targets. Look at the terrorists that use bombs indiscriminately. They don't care who they hit. They just want to kill someone, and maybe it might be someone they don't like. It's like the Bruce Willis "Die Hard" movie where the FBI agents say something about something like 20% casualties (of innocents) was doable. Yeah, as long as they got the bad guys then some innocents getting nailed was okay. Wrong! There's a reason why cops are not allowed to spray the street with shotguns to get a bankrobber that's running through a crowd. Oh, and if it was the spammer's fault for making BS go DOS a site then the real fault lies with the idiot users that actually buy something from the spammers. Obviously the spammers couldn't continue to exist if they generated no revenue. So let's hide BS' puerile and harmful tactics by claiming it is the users' fault that buy anything promoted by spam. Yeah, let's blame everyone but BS for the actions committed by BS. I'm sure the morality and social attitudes of Israelis is different than Americans is different then . Vengeance may be more acceptable in your country. However, it seems a rather universal social norm that you are not allowed to help yourself by harming others. If you are wronged by an assailant, you may have some recourse against that particular assailant, but you don't get to burn down the apartment complex in which they live so that one of the victims might be the wrongdoer. The same childish vengeance excuse is also spewed by those using bogus bounces and challenge-response. They can't manage to look beyond their own egotistical needs. "Works for me" is all the excuse they need to do it as long as they don't get punished for it. Of the two extremist camps - spammers and anti-spammers - neither is good for the community. The rest of us have found usable solutions and aren't interested in being the collateral damage in their feud. Well BS is getting their just deserts in themselves getting DOS'ed. Too bad it isn't a flood from all innocents that have been harmed by BS' shotgun approach to vengeance. Those who relinquished their e-mail addresses and privacy to BS' registry were getting messages that threaten them with getting 20-40 times more spam than they might otherwise receive. BS described the spammer's tactics - the same ones that BS uses - as "bullying" and "extortion". Gee, ya think? Duh! Guess BS doesn't appreciate experiencing its own "solution". From nospam at nospam.org Mon May 8 09:09:23 2006 From: nospam at nospam.org (Ejo) Date: Mon May 8 02:10:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Ejo" wrote in message > news:e3liam$tet$1@news.spamcop.net... >> Petzl wrote: >>> "Gareth" wrote in message >>> news:e3f2q4$a92$1@news.spamcop.net... > [S >>> Mail washer is a good option (not as good as SpamCop email) >>> just turn the "bounce annoyance" off >> Have you tried spampal already, it is free and it essentially offers the >> same functionality as MW. > > Does SpamPal offer automated reporting the spammers or does it just delete > (not used SpamPal) Petzl: Spampal will add information to the header or subject of an e-mail telling you whether IPs in the mail header were listed in a public or local blacklist, or whether e-mail is considered to be spam according to a configurable regular expression filter. Spampal can be configured in any way you like it. It strongly reminds me of spamassassin except that it works under windows as a proxy server, either locally or as a system service. You wouldn't notice whether spampal runs on your PC, the icon in the system tray indicates that it is busy and this happens only when a mail program like thunderbird, outlook or anything else is using pop or imap to read a mailbox. In this way the retrieval speed of e-mail is slightly reduced since spampal is busy with the rDNS lookups, although that would also be the case if you had used MW. DNS lookups results are therefore temporarily stored within spampal (and probably MW) to speed up the process. After spampal you have to find your own way within a mail program to handle annotated e-mail. To report spam you forward all eligible labeled e-mail to your spamcop reporting account. My experience is that this works best in thunderbird since outlook has the nasty habit of pruning e-mail headers. It is possible in outlook to retrieve the entire header, but is a more complicated. The combination of spampal and thunderbird has the same functionality as mailwasher. Actually I think spampal is to be preferred over mailwasher since you have to deal with only one mail program rather than several since mailwasher is a separate mail client. Working with MW means that you have to manually interact with MW, with spampal that is not the case, and this saves me time. Furthermore spampal is free. Some functions in mailwasher are not easy to emulate with spampal, one of them is the use of Firetrust's own reporting service. But I don't care to miss that service since it is poorly performing. Actually, I started first with MW, later to find out the hard way that spampal is making life easier. > > MailWasher not only stops spam but also allows basic reporting MW sets spew aside in a separate folder just like everyone does. To the best of my knowledge nothing will really stop spam. > > The best though is forking out the $US30 for a SpamCop email account which > not only stops spam getting to ones inbox but also allows Very Easy > Reporting (VER) of these spammers effectively closing their ability to send > spam BEFORE it gets sent. Often making the ISP aware of spamming activity > and SpamCop listing/blocking the spam IP source identified until spam stops. Many of us have several mail accounts that offer filtering of spam. In total I have four of those including fastmail. I never tried the spamcop email account service but I bet it is pretty much the way fastmail works. > > SpamCop is a very powerful weapon against spammers. > SpamCop email makes stopping and reporting spam very easy That is true, I prefer to use its rDNS lookup service and I do occasionally report spam the way I described above. Ejo From nobody at devnull.spamcop.net Mon May 8 17:45:18 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon May 8 03:45:08 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC In-Reply-To: References: Message-ID: WazoO wrote: > "WazoO" wrote in message > news:e38a72$83p$1@news.spamcop.net... >> "Maxx Excaliber" wrote in message >> news:e3817j$2fj$1@news.spamcop.net... >>> Tracking URL: >>> > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z >>> Spamvertised URL: >>> http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php >>> >>> SpamCop does not recognize this as a valid URL. I was able to decode it >>> using a hex2dec convertor on the web. The hex part decodes to >>> 216.219.88.52. This should go to abuse@hostdepartment.com or >>> abuse@worldispnetwork.com >>> >>> Thanks. >> As posted in the Forum at >> http://forum.spamcop.net/forums/index.php?showtopic=6285 >> this should have been posted into spamcop or spamcop.help .... >> spamcop.routing is for where reports end up after a successful parse. >> I'm crossposting and setting follow-ups to the spamcop >> newsgroup. > > Follow-up posted in the Forum, brought here to bring this thread > up to date .. > > From: "SpamCop/Ellen" > To: "WazoO" > Subject: Re: URLs encoded as hex > Date: Thu, 4 May 2006 07:51:00 -0400 > > the hex-encoding in the url issue has been added to the bugs list > > Ellen > SpamCop Thanks for the follow-up. It is good to know that this may be looked at some time in the future, as a good number of phishing scams now employ this method. From / at /.cn Mon May 8 20:11:05 2006 From: / at /.cn (Petzl) Date: Mon May 8 05:15:10 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Ejo" wrote in message news:e3mnaf$hfb$1@news.spamcop.net... > Petzl wrote: >> "Ejo" wrote in message >> news:e3liam$tet$1@news.spamcop.net... >>> Petzl wrote: >>>> "Gareth" wrote in message >>>> news:e3f2q4$a92$1@news.spamcop.net... >> [S] [S] >> >> The best though is forking out the $US30 for a SpamCop email account >> which not only stops spam getting to ones inbox but also allows Very Easy >> Reporting (VER) of these spammers effectively closing their ability to >> send spam BEFORE it gets sent. Often making the ISP aware of spamming >> activity and SpamCop listing/blocking the spam IP source identified until >> spam stops. > > > Many of us have several mail accounts that offer filtering of spam. In > total I have four of those including fastmail. I never tried the spamcop > email account service but I bet it is pretty much the way fastmail works. > >> >> SpamCop is a very powerful weapon against spammers. >> SpamCop email makes stopping and reporting spam very easy > > That is true, I prefer to use its rDNS lookup service and I do > occasionally report spam the way I described above. > > Ejo SpamCop Email can download (by POP or Forwarding) then filter both spam and virus *all* your existing email accounts as well as giving you a SpamCop.net email address should you choose to use it. I advise you do this and gradually let old email addresses become legacy petzl@spamcop.net is used by me for over a decade and is my only contact email address. Extremely bullet proof All spam caught is (VER) reported at a click of your mouse from your Web Browser. I do not have the time to report spam manually SpamCop email is set-up to easily function with SpamCop reporting, All spam that has been and is sent to me is effortlessly reported (non time consuming) The best defence against spammers is to attack back. While the advent of Trojans does allow hackers & spammers complete control and access to many computers defence is simple and for windows users free. Check out my signature on how http://forum.spamcop.net/forums/index.php?showtopic=6089&hl= If you have the time to do set-up spam control yourself then SpamPal is maybe a way to consider also. You seem happy with it, Just as I am with the easy effective SpamCop way I have tested MailWasher the version I used handled spam from the server and never required downloading to inbox (all header info to SpamCop was sent from server) My 30 days free trail or pay $US37 has for some time now expired (The SpamCop Email US$30 is IMO a much better more effective deal) Petzl -- Check your computers security (free) From dws at dealing-with-spam.info Mon May 8 12:51:07 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon May 8 05:55:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: Don Wannit wrote on Sat, 06 May 2006 10:51:02 -0700: > While it is impossible to know how many spammers are scared off > by the @spamcop.net, I have numerous examples showing that by > no means are all of them put off by it. Quite on the contrary. Of the many addresses I have, my @spamcop.net address is one of the most heavily spammed. Recently I've taken to holding everything in my held mail folder except that which is whitelisted. It dawned on me that seepage through SC was one of the largest sources of spam in my inbox. That has now ceased. From dont_spam at thecow.me.uk Mon May 8 13:01:06 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Mon May 8 07:05:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote >news.spamcop.net wrote: >> You guys have experience with this outfit? /. and Digg have been >> talking about it. > >I am opposed to BlueFrog/BS and I don't trust them. > >I think the primary business model is to make money off a venture >capitalism idea by first attracting frustrated and naive spammees. > >I think they use shady business practices and collusion with >spamvertisers. > >In the recent ddos incident, they acted very badly, diverting their >problem onto innocent others and displaying their 'mentality' > >They are a rotten bunch -- I think the BlueFrogger spammees who envision >themselves as spam retaliators are fools hanging out in a rotten barrel. Interesting comments. Were this posted elsewhere and by a different author it may be said to have been posted by one of the spammers who have been upset by BlueSecurity. Whose side are you on? >It is not my job to prove those opinions here or elsewhere. There is >plenty of discussion by me and by others in alt.spam and nanae for >anyone who wants to search it. Disregarding the foregoing entirely, this little episode has caused more reaction from the spammers than anything I can remember in a generation of interwebby experience. There are lessons to be learnt from it and it should not be summarily dismissed in the way that you have done. This is something that to ignore is to do so at your own peril. Your choice of course, as ever. I wish them every success in their fight against spam and if I can help I will. -- steve auvache one step closer to The Perfect Date. From MikeE at ster.invalid Mon May 8 06:59:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 09:00:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: steve auvache wrote: > Interesting comments. Were this posted elsewhere and by a different > author it may be said to have been posted by one of the spammers who > have been upset by BlueSecurity. Whose side are you on? Not BS or the spamvertisers they collude with.. > I wish them every success in their fight against spam and if I can > help I will. Then you should become a blue frogger and also follow their other requests to hype the service -- all of which helps their business model, and disregard their lying misrepresentations. Here are a couple of articles showing the discrepancies in BS version of events http://www.wired.com/news/technology/security/0,70831-0.html?tw=wn_index_2 I'm the Blue Security Spammer http://www.informationweek.com/story/showArticle.jhtml?articleID=187200875 Blue Security Denies It's At Fault In Blog Outage -- "But if my couch is on fire, I don't push it out of my house and into my neighbor's. It just wasn't ethical for Blue Security to not sound the alarm with Six Apart, and instead to silently redirect the [DoS] traffic to them." -- Mike Easter kibitzer, not SC admin From dont_spam at thecow.me.uk Mon May 8 15:27:00 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Mon May 8 09:35:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote >steve auvache wrote: > BlueSecurity. > >> I wish them every success in their fight against spam and if I can >> help I will. > >Then you should become a blue frogger Some of my honeypots all ready are. The early reaction/statistics are interesting to say the least and certainly worthy of further examination imo. > and also follow their other >requests to hype the service If their service turns out to be half of what it claims then I will happily sing their praises as I would with *any* successful anti-spam campaign. > -- all of which helps their business model, >and disregard their lying misrepresentations. > I cannot help but get the impression that you are sitting just a little too close to the forest to see the trees clearly and this is colouring your reactions accordingly. As you yourself have commented, both here and in other places, 'everybody has a different experience with spam'. For some the BlueFrog model may be just what they need. -- steve auvache one step closer to The Perfect Date. From tmcgraw at spamcop.net Mon May 8 09:22:26 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 11:25:03 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: D-W-S wrote: > > Recently I've taken to holding everything in my held mail folder except > that which is whitelisted. It dawned on me that seepage through SC was > one of the largest sources of spam in my inbox. That has now ceased. Of course, you regularly visit your Held Mail and frequently Quick Report after reviewing what's there, right? And you ESPECIALLY report the spam that seeps through immediately, so that others may benefit from your vigilance, right? From MikeE at ster.invalid Mon May 8 09:35:03 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 11:35:02 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: D-W-S wrote: > Recently I've taken to holding everything in my held mail folder > except that which is whitelisted. For people who don't get wanted mail from non-whitelisteds, that is an excellent strategy for 'complete' or total spam control. But..... > It dawned on me that seepage > through SC was one of the largest sources of spam in my inbox. I presume that 'SC' in this context means that you are a spamcop mail subscriber, so these comments might be best in the ng spamcop.mail. I'm not a SC mail subscriber, but I've read about configuring the SC mail filters in the forum and elsewhere, and how 'tight' your SC filters are is completely up to the individual subscriber configurer. That is, if you were leaking a lot of spam, you weren't configured very tightly. > That > has now ceased. If you are only allowing whitelisteds, then you /are/ now configured very tightly. For many many people, that would require digging some wanted mail out of their held spam. Some people find that to be a bad job, depending upon the volume of spam. Most people would prefer to configure tight spamfilter rules *and* whitelist their friends. Under that scenario, they would be able to receive in the Inbox unknown but wanted mail which didn't have spammish characteristics, while never filtering their known correspondents. IMO that is a better configuration than Inboxing whitelisteds only. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon May 8 19:17:38 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon May 8 13:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Mike Easter" wrote in message news:e3mj9n$f9k$1@news.spamcop.net... > > Here are some instructions and illustrations in the new users links page > http://members.fortunecity.com/nnqweb/nquote.html > news.newusers.questions - Quoting Style in Newsgroup Postings Mike, you forgot to also mention to him that he shouldn't be posting as thereby trying to give the impression that he his somehow an "official" of spamcop. From tmcgraw at spamcop.net Mon May 8 13:16:25 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 15:20:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: steve auvache wrote: > > Whose side are you on? When US cities spawn ghettos we don't blast them into oblivion, and only in extreme instances have we sent in the National Guard. Hurricanes, now, are another thing... From nobody at spamcop.net Mon May 8 13:22:18 2006 From: nobody at spamcop.net (N. Miller) Date: Mon May 8 15:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: <1rpq36wtn32kf.dlg@news.spamcop.net> On Mon, 8 May 2006 12:01:06 +0100, steve auvache wrote: > Mike Easter wrote >>news.spamcop.net wrote: >>> You guys have experience with this outfit? /. and Digg have been >>> talking about it. >>I am opposed to BlueFrog/BS and I don't trust them. >> >>I think the primary business model is to make money off a venture >>capitalism idea by first attracting frustrated and naive spammees. >> >>I think they use shady business practices and collusion with >>spamvertisers. >> >>In the recent ddos incident, they acted very badly, diverting their >>problem onto innocent others and displaying their 'mentality' >> >>They are a rotten bunch -- I think the BlueFrogger spammees who envision >>themselves as spam retaliators are fools hanging out in a rotten barrel. > Interesting comments. Were this posted elsewhere and by a different > author it may be said to have been posted by one of the spammers who > have been upset by BlueSecurity. Whose side are you on? Mike is obviously _not_ on the side of vigilantes with big guns, big egos, and no sense of justice. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From motobojo+news.spamcop.net at spamcop.net Mon May 8 18:17:58 2006 From: motobojo+news.spamcop.net at spamcop.net (Tom Morrissey) Date: Mon May 8 19:20:06 2006 Subject: [SpamCop-List] hughes.net filtering content for spam Message-ID: A week or so back I presented this forum with an SMTP Server Error: 554, Error Number: 0x800CCC6F that I was getting when I tried to send spam reports (quick or otherwise) to SC through SMTP.hughes.net using OE as my mail client. After much VERY painful dialogue with various (way too many) hughes.net support staff I finally got somebody who should know to admit to the fact that hughes.net was filtering both outgoing and incoming email content and flat refusing to send on mail it identified as spam. This filter is trapping my spam reports containing the spam as .eml attachments under these criteria and giving me the message described above. Lucky for me I have other smtp paths through which I can report spam to SC. It is an interesting situation though. I don't use my hughes.net incoming mail account so I don't really "benefit" from the service, instead I'm just hampered from reporting spam through their smtp server to SC that I happen to get through other incoming paths. From jg at coks.net Mon May 8 18:29:46 2006 From: jg at coks.net (jg) Date: Mon May 8 20:30:02 2006 Subject: [SpamCop-List] A question - related to Re: hughes.net filtering content for spam In-Reply-To: References: Message-ID: On 5/8/2006 4:17 PM Tom Morrissey scribbled: > A week or so back I presented this forum with an SMTP Server Error: 554, > Error Number: 0x800CCC6F that I was getting when I tried to send spam > reports (quick or otherwise) to SC through SMTP.hughes.net using OE as my > mail client. > > After much VERY painful dialogue with various (way too many) hughes.net > support staff I finally got somebody who should know to admit to the fact > that hughes.net was filtering both outgoing and incoming email content and > flat refusing to send on mail it identified as spam. This filter is > trapping my spam reports containing the spam as .eml attachments under these > criteria and giving me the message described above. > > Lucky for me I have other smtp paths through which I can report spam to SC. > It is an interesting situation though. > > I don't use my hughes.net incoming mail account so I don't really "benefit" > from the service, instead I'm just hampered from reporting spam through > their smtp server to SC that I happen to get through other incoming paths. > > Cox is doing the same thing, started 2-3 months ago on outgoing - everything I was sending out hit the floor. 2 weeks ago, my spam dried up - I posted the fact here, at first in wonderment. Cox sent an email to their customers about 4-5 days after they started using new filters on incoming. Everyone is forced to use a webmail account to go and clean out the spam box. Just today I noticed a forwarding setting I'm thinking about exploring. Does anyone know if I can take my special SC address and try to forward to it? Or is entering it into their system a SC no-no? Cox will probably block it, but worth the try... From jg at coks.net Mon May 8 18:38:11 2006 From: jg at coks.net (jg) Date: Mon May 8 20:35:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: On 5/8/2006 6:27 AM steve auvache scribbled: > If their service turns out to be half of what it claims then I will > happily sing their praises as I would with *any* successful anti-spam > campaign. > > > >> -- all of which helps their business model, >> and disregard their lying misrepresentations. >> > > I cannot help but get the impression that you are sitting just a little > too close to the forest to see the trees clearly and this is colouring > your reactions accordingly. > > As you yourself have commented, both here and in other places, > 'everybody has a different experience with spam'. For some the BlueFrog > model may be just what they need. > > > AFAICT, this talk of business models and IPOs puts bs intentions in question and makes me wonder as to their objectivity. The profit motive works in a capitalist society (who here hasn't griped about black hat ISPs having it?) I think if there a viable profit to it all, Microsloth would have cleaned up the net years ago. And I have not seen/read about any slacking of spam since their little endeavor started over a year or more ago. From edb2000 at spamcop.net Mon May 8 20:56:06 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Mon May 8 23:00:06 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: Tim McGraw wrote: > D-W-S wrote: > >> >> Recently I've taken to holding everything in my held mail folder >> except that which is whitelisted. It dawned on me that seepage through >> SC was one of the largest sources of spam in my inbox. That has now >> ceased. > > > Of course, you regularly visit your Held Mail and frequently Quick > Report after reviewing what's there, right? > > And you ESPECIALLY report the spam that seeps through immediately, so > that others may benefit from your vigilance, right? It's convenient to have the SC webmail page open in a separate browser window, showing the Held Mail inbox. This page auto refreshes every 5 minutes, and with javascript enabled it will pop up an alert telling you when new messages come in. So if I have a moment, it's easy to pop that browser window to the front, quickly report or release the held message(s), and return to what I was doing. Quick and easy! If I'm busy, I ignore it. (I only need to monitor Held Mail this way, because ham gets immediately forwarded from SC to my private inbox which is monitored by my email reader.) -- Don Wannit A paid SpamCop user since 1999 From vanguard.news at yahooNIX.com Tue May 9 00:51:27 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Tue May 9 00:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "steve auvache" wrote in message news:KNnQp4Akc0XEFwSt@thecow.me.uk... > > If their service turns out to be half of what it claims then I will > happily sing their praises as I would with *any* successful anti-spam > campaign. An end-user speaketh. So you use e-mail and browse to someone ELSE's web site. Ever run a business site of your own (i.e., for YOUR own business)? Would you like to have your webhost provider DOS'ed because some other site is using spam to induce traffic to their site and meanwhile your site becomes inaccessible to all your existing clients and potential customers? Would you like some malcontent or disgruntled ex-employee to spew spam that had links to your site so you get DOS'ed? Yeah, different story when it is YOU that becomes the collateral damage. From turan.fe at t-online.de Tue May 9 14:18:20 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Tue May 9 07:20:11 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: I do not exactly trust BlueSecurity, but they have kicked several spammers into their butts, more than SpamCop ever managed to. Forget about legal aspects for a moment. The BlueFrog idea might force several spammers out of business, which is a good thing. The "Robin Hood principle" is observed, no one feels sorry for the spammers, and if this is THE idea to get rid of spammers - why not. I'll wait until BlueSecurity has established that they do not wear a black hat and BlueFrog is not a Trojan horse. Afterwards, I'll gladly use their software! Turan From dont_spam at thecow.me.uk Tue May 9 13:51:20 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Tue May 9 08:05:01 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Vanguard wrote >"steve auvache" wrote in message >news:KNnQp4Akc0XEFwSt@thecow.me.uk... >> >> If their service turns out to be half of what it claims then I will >> happily sing their praises as I would with *any* successful anti-spam >> campaign. > > >An end-user speaketh. Aren't us Users what this is all about? The little men and women? The ones who have the inboxes that is the destination for all this? Have you forgotten something? Or did you not bother to learn it in the first place? >Yeah, different story when it is YOU that becomes the collateral damage. I am a User, I am the collateral damage. -- steve auvache one step closer to The Perfect Date. From / at /.cn Tue May 9 23:38:51 2006 From: / at /.cn (Petzl) Date: Tue May 9 08:40:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3ptqf$7gq$1@news.spamcop.net... >I do not exactly trust BlueSecurity, but they have kicked several spammers >into their butts, more than SpamCop ever managed to. > SpamCop itself only reports spammers and logs the IP after "scoring" on its SCBL However this evidence" is then often used by authorities to target spammers which then often end up facing the courts a recent one http://www.latimes.com/services/site/premium/access-registered.intercept or http://tinyurl.com/km3qj registration required ****extracts***** Hacker Sentenced in Spam Case By Charles Piller, Times Staff Writer May 9, 2006 A Downey man was sentenced to nearly five years in federal prison Monday for using malicious software to seize control of 400,000 computers and then selling access to the "zombie" machines to spammers and hackers. "Every conviction raises the barrier to entry for these guys," said Scott Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces anti-spam software. ************* Petzl -- Check your computers security (free) From kenbrody at spamcop.net Tue May 9 11:19:05 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue May 9 10:25:02 2006 Subject: [SpamCop-List] Bad feelings about SpamCop in alt.sysadmin.recovery Message-ID: <4460A4D9.132BA241@spamcop.net> In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", there is some anti-SpamCop discussion. It started with someone mentioning that their servers got blacklisted (they didn't say by whom) because of one of their lusers, to which someone else replied Go on, surprise me. Tell me it isn't spamcop.net. and went from there. (Note that alt.sysadmin.recovery is a "self-moderated" newsgroup, which means that you can't post there unless you know what that means. And, no, I can't tell you.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue May 9 08:42:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 9 10:45:02 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: Kenneth Brody wrote: > (Note that alt.sysadmin.recovery is a "self-moderated" newsgroup, > which means that you can't post there unless you know what that > means. And, no, I can't tell you.) It also means that not all newsreaders can post there even if the 'deficient' newsreader user knows what that means, depending upon the 'flexibility' of the robo-moderator.^1 But I think you are doing a fine job in there so far, so maybe no one else /needs/ to post :-) ^1 -- disregard that. There's a registry edit for OE users. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Tue May 9 09:58:56 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 9 12:00:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery In-Reply-To: <4460A4D9.132BA241@spamcop.net> References: <4460A4D9.132BA241@spamcop.net> Message-ID: Kenneth Brody wrote: > In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", > there is some anti-SpamCop discussion. > > It started with someone mentioning that their servers got blacklisted > (they didn't say by whom) because of one of their lusers, to which > someone else replied > > Go on, surprise me. Tell me it isn't spamcop.net. > > and went from there. Ken, I applaud you for fighting the good fight, but reading between the lines it looks like this is a bunch of sysadmins for small and middling systems who say, "damn the torpedoes, backscatter ahead!" Talk about a negative bunch. Here's what the group's FAQ sez: > Alt.sysadmin.recovery is for discussion by recovered and recovering sysadmins. > It is a forum for mutual support and griping over idiot lusers, stupid > tech support, brain-dead hardware, and generally how stupid this idiotic > job is. Do they ever say anything good about anyone/thing? This is not a group /I/ would hang out with! From kenbrody at spamcop.net Tue May 9 14:20:11 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue May 9 13:25:04 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <4460CF4B.7B043B4B@spamcop.net> Tim McGraw wrote: > > Kenneth Brody wrote: > > In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", > > there is some anti-SpamCop discussion. > > > > It started with someone mentioning that their servers got blacklisted > > (they didn't say by whom) because of one of their lusers, to which > > someone else replied > > > > Go on, surprise me. Tell me it isn't spamcop.net. > > > > and went from there. > > Ken, I applaud you for fighting the good fight, but reading between the > lines it looks like this is a bunch of sysadmins for small and middling > systems who say, "damn the torpedoes, backscatter ahead!" Given that they go there to complain about such tactics from lusers, I expect more from them. There were only a few messages in the thread when I last read it, so I'm not sure where their negativity towards SpamCop comes from. > Talk about a negative bunch. Here's what the group's FAQ sez: > > > Alt.sysadmin.recovery is for discussion by recovered and recovering sysadmins. > > It is a forum for mutual support and griping over idiot lusers, stupid > > tech support, brain-dead hardware, and generally how stupid this idiotic > > job is. > > Do they ever say anything good about anyone/thing? I good rant can draw applause and admiration. Before the group became moderated, it was entertaining to read the replies to people who posted questions thinking that it was a place to ask sysadmins for help with your problems. > This is not a group /I/ would hang out with! -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue May 9 12:03:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 9 14:05:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: pasted from nanae news:e3qjqp$497$1@calcite.rhyolite.com Newsgroups: news.admin.net-abuse.email Subject: Re: Blue Security & Hyperbole Vernon Schryver wrote: > Mike Easter >> >>> I don't have a problem with the basic concept. It's >>> similar to Spamcop's concept. >> >> Which BS concepts are similar to which SC concepts? >> >> SC is a free and paid parsing and reporting service and the >> maintainer of the SCbl blocklist, besides being a mail/spam >> filtertagging reporting service for its mail clients. >> >> I don't see the similarity. > > That is at best disingenous. Irrelevant characteristics such as > details of pricing do not obscure or outweigh the similarities. As > far as I > can tell: > > - SpamCop and BlueSecurity offer free services or free versions of > their services. > > - SpamCop and BlueSecurity sell some other services, or perhaps > the same services in other situations. > > - SpamCop and BlueSecurity have some unsavory connections or > connotations, but SpamCop has at least as many: > > -- SpamCop has sent me unsolicited bulk email but BlueSecurity > has not, unless the spam touting "The Skybox Solution" that > talks about "Commercial DDOS emulation based on Bluesecurity > solution" is BlueSecurity's > > -- SpamCop is owned by Ironport, which has a long, well > established history of empowering Internet commerce with push email > advertisersing > > - advocates for both SpamCop and BlueSecurity make knowingly false > claims: > -- SpamCop advocates claim SpamCop does not ever send spam, > and never mind the public records. > -- SpamCop at least used to claim to be able to parse Received: > headers to find the source of spam, and never mind that without > external information it is impossible to detect forged Received: > headers. > -- BlueSecurity claims their "registry" is secure, and never > mind the unavoidable effectiveness and high speed of dictionary > attacks on it after it has been given to spammers. > > - both SpamCop and Bluesecurity appeal to what can be described > pejoratively as the mob or positively as the desire of people > to work together to stop spam. > > There are other claims from what seem to be third parties that seem > to be false. The most obvious is that Bluesecurity uses denial of > service attacks on spammer web sites. Assuming the accuracy of the > statements on http://www.bluesecurity.com including the statement by > Marcus J. Ranum that Bluesecurity never does more than one interaction > with a spammer web site per spam received by Bluesecurity protected > mailboxes, that DoS claim is false. > > I wonder why Mike Easter is so outraged by Blueseurity. The only > thing > I imagine is that he fears Bluesecurity's competition for the outfit > he shills for, Ironport/SpamCop. I wouldn't trust Bluesecurity more > or even as much as Scott Richter. I dislike SpamCop and Scott Richter > because of the SpamCop and Richer's spam I have received. Scott > Richter is a known quantity, but I have no first hand evidence of the > claimed evils of Bluesecurity. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 9 13:53:00 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Tue May 9 15:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: ken wrote > Frustrated, hell, yes! In five years of feeding SpamCop with, so far > 110,000 bits of trash, I find I only get more spam. Please go to http://www.spamcop.net/ and tell me where it says that feeding spamcop will reduce the amount of spam you get. > I don't think feeding it more will bring me (or anyone else) less spam. It doesn't matter what you think. Feeding it does reduce the amount of spam that those who use the blocklist. I have a folder full of filtered spam to prove this. Please note that using the blocklist and reporting spam are not the same thing. > 'Ya, like most of those who post in nanae, and some of the alt.spam are > saints and always right. hmmmmph Drama queen. > I could give you a couple urls of message boards that are not nanae-types > which say just the opposite of what you are saying, (except for the > spammer trolls, there) and they are NOT BlueSecurity boards. > > But I'm not going to convince you. So, on the basis that you don't think that you can convince Mike Easter, you choose not to post evidence supporting your position which may convince me? Have yoiu decided that I cannot be convinced? And that those who read but do not post cannot be convinced? From remaker at cisco.com Tue May 9 15:30:54 2006 From: remaker at cisco.com (Phillip Remaker) Date: Tue May 9 17:35:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: Unfortunately, they have a point. I am about to stop using bl.spamcop.net since it routinely lists reputable ISPs like GMAIL and Earthlink and block a lot of legitimate mail because of it. My most recent problem: http://www.spamcop.net/w3m?action=blcheck&ip=64.233.182.191 Almost all outbound GMAIL servers are hit. My site stopped receiving GMAIL mail. 8-( From great-gazoo at bling.bling.hotmail.com Tue May 9 15:47:00 2006 From: great-gazoo at bling.bling.hotmail.com (The Great Gazoo) Date: Tue May 9 17:50:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "ken" wrote in message news:pan.2006.05.07.17.19.35.430654@spamcop.net... > On Sun, 07 May 2006 12:19:59 -0400, news.spamcop.net wrote: > >> You guys have experience with this outfit? /. and Digg have been talking >> about it. > > Yes, I have experience with them. And it is all good. > > They have been under attack from a spammer who is trying to hurt them, and > using DDoS attacks and a nasty email campaign to attempt to hurt them. > His (the spammer/scammer) attempts will fail. BlueSecurity has just come > back online after the DDoS and is very much aware of who is doing it, and > will prevail. > > While some may feel BS's goal is abusive, we /DO/ have the right to > protect out inboxes, and BlueSecurity's Do Not Spam Registry and opt-out > mechanism does work ! They have gained much Venture Capital and Security > Company money to continue the valient fight and will prevail! > > Ken > Little Mikey Easter is always going to whine so I wouldn't pay much attention to it. You'll notice how Mikey always posts and always has an answer to everything. Reminds me of bloated pelvis from the GRC tech newsgroups. Thought he knew everything as well. If you like the tools you use, Ken, keep using them. I've found nothing bad about Blue Security either. Much the same as Mikey seems to whine about Mailwasher. ...and most likely Mikey will have his rants continue on from this message. It's probably best to plonk Mikey and let him spew. From nobody at spamcop.net Tue May 9 15:48:09 2006 From: nobody at spamcop.net (N. Miller) Date: Tue May 9 17:50:11 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <1us30xsn186no$.dlg@news.spamcop.net> On Tue, 9 May 2006 14:30:54 -0700, Phillip Remaker wrote: > Unfortunately, they have a point. I am about to stop using bl.spamcop.net > since it routinely lists reputable ISPs like GMAIL and Earthlink and block a > lot of legitimate mail because of it. Not even the SpamCop directions for use of the SCBL recommend using the SCBL to actually block servers. The recommended use of the SCBL is as a scoring system. Usually in conjunction with something like SpamAssassin, where the SCBL, itself, won't cause a rejection, but will add points to an overall threshold, above which email is tagged as "possible spam". If you don't know how to use the tool properly, you _will_ injure yourself. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Kilgallen at SpamCop.net Tue May 9 18:06:49 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue May 9 18:10:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <0LOCCKELCjsw@eisner.encompasserve.org> In article , "Phillip Remaker" writes: > Unfortunately, they have a point. I am about to stop using bl.spamcop.net > since it routinely lists reputable ISPs like GMAIL An ISP that sends me spam is not "legitimate". GMAIL has no way to impose financial penalties on their users, and thus has a broken business model. > and Earthlink and block a lot of legitimate mail because of it. SpamCop does not block anything. SpamCop provides a list, and you can combine that list with the whitelist of your choice. I do that even based on the "From:" address and it works quite well. From bar_n0ne at hotmail.com Tue May 9 20:09:18 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue May 9 20:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "The Great Gazoo" wrote in message news:e3r2kj$2ut$1@news.spamcop.net... SNIP > > It's probably best to plonk Mikey and let him spew. and get advice, information, from you? *PLONK From nobody at devnull.spamcop.net Tue May 9 21:11:16 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue May 9 20:15:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: "Phillip Remaker" wrote in message news:e3r1me$2fr$1@news.spamcop.net... > Unfortunately, they have a point. I am about to stop using > bl.spamcop.net since it routinely lists reputable ISPs like > GMAIL and Earthlink and block a lot of legitimate mail because > of it. ... That's a good idea, actually. Since you can not or do not read, can not or do not bother to think for yourself, exhibit little original though, and in general don't think period, stopping use of it is an excellent idea in your case. If ever there was a good example of a wart on the ass of progress, BS/BF and its supporters rate high on the list. You not only don't understand spamcop, but you have little understanding of BS/BF either, and that's abundantly clear in your posts. It's a lot better if follower-type non-thinkers such as the display you present for yourself here, along with a couple of others, go your separate ways and enjoy the darkness of the sands. If you ever do decide to learn the facts though, and manage to get your collective heads around them, I'm quite sure you'd still be welcomed when you had some on-topic questions or insights. Until that time though, you'll be mostly talking to yourself here. Also until then, I'll be pressing the "bypass" buttons for you 'uns. Cheers, Pop From nobody at nowhere.not Wed May 10 05:18:09 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed May 10 00:20:03 2006 Subject: [SpamCop-List] A new excuse for the sending of spam Message-ID: I thought I had seen most of the excuses but this one tops them all. I have never done an opt-in or an opt-out to this outfit. Date: Tue, 9 May 2006 20:47:49 -0700 From: abuse@he.net To: 1743985206@reports.spamcop.net Subject: [HE_ABUSE#1643465] [SpamCop (65.19.140.49) id:1743985206]Printer Cartridges - Up To Eighty Percent Off Reta.. Hi, There was an error with the mailing list management that caused an advertisement to be sent to the \'opt-out\' list rather than the \'opt-in\' list. The offending net-block was null-routed as quickly as possible, but many mails were still sent. We apologize for the inconvenience, this problem should now be resolved. -Chris -- Robert Blair From g.hyde at bigpond.net.au Wed May 10 15:50:33 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed May 10 00:55:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-T0HjYbwZzfEx@dsl-206-55-144-107.tstonramp.com... >I thought I had seen most of the excuses but this one tops them all. > > I have never done an opt-in or an opt-out to this outfit. [snippage] Without seeing a tracking URL: people will have no idea what you're talking about. I occasionally receive some emails purporting to be from some mailing list I've never subscribed to, they get reported like the rest of the spam. If I can identify an actual mailing list, and if I have the time to, I'll check what their web page is, and send them a notification of the list email purporting to be from them, so they can take whatever action they want about the spammer. I've yet to receive anyone replying back though. Cheers ... Geoffrey Hyde From pantheus at spamcop.net Wed May 10 00:38:02 2006 From: pantheus at spamcop.net (ken) Date: Wed May 10 02:40:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Tue, 09 May 2006 12:53:00 -0700, G|_|Y |\/|AC0|\| wrote: > > ken wrote > >> Frustrated, hell, yes! In five years of feeding SpamCop with, so far >> 110,000 bits of trash, I find I only get more spam. > > Please go to http://www.spamcop.net/ and tell me where it says that > feeding spamcop will reduce the amount of spam you get. **PLONK** From nobody at nowhere.not Wed May 10 08:04:14 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed May 10 03:05:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Wed, 10 May 2006 04:50:33 UTC, "Geoffrey Hyde" wrote: > Without seeing a tracking URL: people will have no > idea what you're talking about. I did not think there was any need for a tracking URL as I know where it came from and was not asking for any help. Domain owner Ingenious Marketing Group 2533 N. Carson St. Suite #6273 Carson City, Nevada 89706 IP owner Hurricane Electric 760 Mission Court Fremont, CA 94539 > I occasionally receive some emails purporting to be > from some mailing list I've never subscribed to, they > get reported like the rest of the spam. They did not claim I was subscribed and I very much doubt it is a mailing list. > If I can > identify an actual mailing list, and if I have the time > to, I'll check what their web page is, and send them a > notification of the list email purporting to be from > them, so they can take whatever action they want about > the spammer. I've yet to receive anyone replying back though. Email from mail49.easyingenious.com (mail49.business-img.com [65.19.140.49]). It appears to be straight-up spam although I can not get to the web site at this time. I just was passing along a rather lame excuse as to why I was getting spam from them. -- Robert Blair From nospam at nospam.org Wed May 10 10:09:03 2006 From: nospam at nospam.org (Ejo) Date: Wed May 10 03:10:04 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Ejo" wrote in message > news:e3mnaf$hfb$1@news.spamcop.net... >> Petzl wrote: >>> "Ejo" wrote in message >>> news:e3liam$tet$1@news.spamcop.net... >>>> Petzl wrote: >>>>> "Gareth" wrote in message >>>>> news:e3f2q4$a92$1@news.spamcop.net... >>> [S] > [S] >>> The best though is forking out the $US30 for a SpamCop email account >>> which not only stops spam getting to ones inbox but also allows Very Easy >>> Reporting (VER) of these spammers effectively closing their ability to >>> send spam BEFORE it gets sent. Often making the ISP aware of spamming >>> activity and SpamCop listing/blocking the spam IP source identified until >>> spam stops. >> >> Many of us have several mail accounts that offer filtering of spam. In >> total I have four of those including fastmail. I never tried the spamcop >> email account service but I bet it is pretty much the way fastmail works. >> >>> SpamCop is a very powerful weapon against spammers. >>> SpamCop email makes stopping and reporting spam very easy >> That is true, I prefer to use its rDNS lookup service and I do >> occasionally report spam the way I described above. >> >> Ejo > > SpamCop Email can download (by POP or Forwarding) then filter both spam and > virus *all* your existing email accounts as well as giving you a SpamCop.net > email address should you choose to use it. I advise you do this and > gradually let old email addresses become legacy petzl@spamcop.net is used by > me for over a decade and is my only contact email address. Extremely bullet > proof > > All spam caught is (VER) reported at a click of your mouse from your Web > Browser. > I do not have the time to report spam manually SpamCop email is set-up to > easily function with SpamCop reporting, > All spam that has been and is sent to me is effortlessly reported (non time > consuming) > The best defence against spammers is to attack back. > > While the advent of Trojans does allow hackers & spammers complete control > and access to many computers defence is simple and for windows users free. > Check out my signature on how > http://forum.spamcop.net/forums/index.php?showtopic=6089&hl= > > If you have the time to do set-up spam control yourself then SpamPal is > maybe a way to consider also. You seem happy with it, Just as I am with the > easy effective SpamCop way > > I have tested MailWasher the version I used handled spam from the server and > never required downloading to inbox (all header info to SpamCop was sent > from server) My 30 days free trail or pay $US37 has for some time now > expired (The SpamCop Email US$30 is IMO a much better more effective deal) > > Petzl > -- > Check your computers security (free) > > > I switched! From nobody at spamcop.net Wed May 10 05:12:20 2006 From: nobody at spamcop.net (N. Miller) Date: Wed May 10 07:15:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: <1f4tz2iqk6009.dlg@news.spamcop.net> On Tue, 9 May 2006 14:47:00 -0700, The Great Gazoo wrote: > It's probably best to plonk Mikey and let him spew. I'd rather plonk you. Mike doesn't have an attitude; he is just right. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Wed May 10 12:03:35 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 10 14:05:03 2006 Subject: [SpamCop-List] The Standard Advice Message-ID: In response to the current crop of flames and flamers, I present:THE STANDARD ADVICE: "There is a way to influence what gets discussed in a newsgroup that works well, and another way that has never worked no matter how many people have tried it. "What works: Post articles on the topic you wish to see discussed and participate in the resulting discussion. Use killfiles and filters so that you don't see the articles that you dislike. If you don't know how to use a killfile, use good old fashioned discipline and don't read posts by people who post articles that you dislike. Never, ever respond to articles that you dislike. "What doesn't work: Respond to articles that you dislike, complain about articles that you dislike, complain about posters that you dislike, complain about how terrible everyone else is for not posting what you want them to post. Talk about how to respond to articles that you dislike. Make the articles that you dislike the center of attention, the main topic of discussion, and a personal crusade." -Guy Macon From nobody at spamcop.net Wed May 10 16:06:43 2006 From: nobody at spamcop.net (indigo) Date: Wed May 10 15:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote: > > > > I wonder why Mike Easter is so outraged by Blueseurity. The only > > thing > > I imagine is that he fears Bluesecurity's competition for the outfit > > he shills for, Ironport/SpamCop. Mike, I didn't know you were a shill on the side too (besides kibitzing)......oh well, that *was* Vernon talking.....smarmy bastard. From MikeE at ster.invalid Wed May 10 13:53:52 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 10 15:55:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: indigo wrote: > Mike Easter wrote: >>> >>> I wonder why Mike Easter is so outraged by Blueseurity. The only >>> thing >>> I imagine is that he fears Bluesecurity's competition for the outfit >>> he shills for, Ironport/SpamCop. > > Mike, I didn't know you were a shill on the side too (besides > kibitzing)......oh well, that *was* Vernon talking.....smarmy bastard. Yes, I'm 'always' accused of shilling for SC in nanae. Those dudes over there don't see me over here being critical of various SC features or methods or notifies. The problem is that several admins over there have a very anti-spamcop attitude that is based partly on old misinformation or mistakes and partly on their own notions which are not subject to change. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed May 10 18:22:13 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 10 17:25:04 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: There's a simpler way: Ignore the trollers. Starve them. They'll go elsewhere for their daily ration. "G|_|Y |\/|AC0|\|" wrote in message news:e3t9tn$98c$1@news.spamcop.net... > In response to the current crop of flames and flamers, I > present:THE STANDARD ADVICE: > > "There is a way to influence what gets discussed in a newsgroup > that > works well, and another way that has never worked no matter how > many > people have tried it. > > "What works: Post articles on the topic you wish to see > discussed > and participate in the resulting discussion. Use killfiles and > filters so that you don't see the articles that you dislike. > If you don't know how to use a killfile, use good old fashioned > discipline and don't read posts by people who post articles > that you > dislike. Never, ever respond to articles that you dislike. > > "What doesn't work: Respond to articles that you dislike, > complain > about articles that you dislike, complain about posters that > you > dislike, complain about how terrible everyone else is for not > posting > what you want them to post. Talk about how to respond to > articles > that you dislike. Make the articles that you dislike the > center of > attention, the main topic of discussion, and a personal > crusade." > > -Guy > Macon > From tmcgraw at spamcop.net Wed May 10 16:54:08 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 10 18:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been talking > about it. InternetWeek reader reaction to Blue Security's decision to redirect traffic from a denial of service attack from its servers to those of hosting provider was, not surprisingly, universally negative. Readers found much to condemn about Blue Security's offensive defensive maneuver, its chief executive Eran Reshef's rationalization for that decision, and the general state of software insecurity today. There is oh so much more at IW editor Amy Larsen DeCarlo's Blog: http://internetweek.cmp.com/blog/archives/2006/05/readers_talk_ba_1.html From nobody at devnull.spamcop.net Wed May 10 17:52:52 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 10 19:55:03 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: "POP" wrote... > > "G|_|Y |\/|AC0|\|" wrote... > >> In response to the current crop of flames and flamers, I present: >> >>THE STANDARD ADVICE: >> >>"There is a way to influence what gets discussed in a newsgroup that works >>well, and another way that has never worked no matter how many people have >>tried it. >> >>"What works: Post articles on the topic you wish to see discussed and >>participate in the resulting discussion. >> Use killfiles and filters so that you don't see the articles that you >> dislike. If you don't know how to use a killfile, use good old fashioned >> discipline and don't read posts by people who post articles that you >> dislike. Never, ever respond to articles that you dislike. >> >>"What doesn't work: Respond to articles that you dislike, complain about >>articles that you dislike, complain about posters that you dislike, >>complain about how terrible everyone else is for not posting what you want >>them to post. Talk about how to respond to articles that you dislike. >>Make the articles that you dislike the center of attention, the main topic >>of discussion, and a personal crusade." >> >> -Guy Macon >> > > There's a simpler way: Ignore the trollers. Starve them. They'll go > elsewhere for their daily ration. I am having trouble differentiating between "Ignore/Starve them" and "Never, ever respond." You appear to have restated the Standard Advice. Then again, being repeated by many people is what makes it standard... :) From nobody at devnull.spamcop.net Wed May 10 21:24:33 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 10 20:25:02 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3tuck$l5r$1@news.spamcop.net... > > "POP" wrote... >> >> "G|_|Y |\/|AC0|\|" wrote... >> >>> In response to the current crop of flames and flamers, I >>> present: >>> >>>THE STANDARD ADVICE: >>> >>>"There is a way to influence what gets discussed in a >>>newsgroup that works well, and another way that has never >>>worked no matter how many people have tried it. >>> >>>"What works: Post articles on the topic you wish to see >>>discussed and participate in the resulting discussion. >>> Use killfiles and filters so that you don't see the articles >>> that you dislike. If you don't know how to use a killfile, >>> use good old fashioned discipline and don't read posts by >>> people who post articles that you dislike. Never, ever >>> respond to articles that you dislike. >>> >>>"What doesn't work: Respond to articles that you dislike, >>>complain about articles that you dislike, complain about >>>posters that you dislike, complain about how terrible everyone >>>else is for not posting what you want them to post. Talk about >>>how to respond to articles that you dislike. Make the articles >>>that you dislike the center of attention, the main topic of >>>discussion, and a personal crusade." >>> >>> -Guy Macon >>> >> >> There's a simpler way: Ignore the trollers. Starve them. >> They'll go elsewhere for their daily ration. > > I am having trouble differentiating between "Ignore/Starve > them" and "Never, ever respond." You appear to have > restated the Standard Advice. > > Then again, being repeated by many people is what makes it > standard... :) > > Truthfully, I don't know what you said; it only required a couple of lines, but you chose to write a missive from what I glanced at; e.g. waste of time for saying such a few words. Or are you trolling? Verbosity is often a troller's trait. From not at home.today Thu May 11 02:39:50 2006 From: not at home.today (Ant) Date: Wed May 10 20:45:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote: > I thought I had seen most of the excuses but this one tops them all. Here's an excuse for backscatter excerpted from a non-delivery report of an email I didn't send: The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. They (telesat.com.co) received the spam from 200.51.86.80 (Telefonica Data Argentina) which has no rDNS but is not listed in any important blocklists. Their SpamAssassin gave it 10.8 points out of the 10.0 required, so I suppose that's why they consider it 'less obvious' UBE. For a large ISP (I don't know if this Colombian ISP is) it would be impractical for a human to review every borderline case. Perhaps their strategy is a reasonable compromise if they don't mind a little collateral damage in the form of popping in and out of blocklists. At least they didn't bounce the whole spam, which would have been quite large going by the familiar headers I've seen in a lot of recent turds forging my From address. I didn't actually report this one because it was outside my self- imposed time-window. I might not have reported it anyway, since I rather appreciated the explanation from a South American ISP that is obviously mindful of the issues. From not at here.invalid Wed May 10 22:01:07 2006 From: not at here.invalid (Ellen) Date: Wed May 10 21:20:02 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-T0HjYbwZzfEx@dsl-206-55-144-107.tstonramp.com... >I thought I had seen most of the excuses but this one tops them all. > > I have never done an opt-in or an opt-out to this outfit. > > > Date: Tue, 9 May 2006 20:47:49 -0700 > From: abuse@he.net > To: 1743985206@reports.spamcop.net > Subject: [HE_ABUSE#1643465] [SpamCop (65.19.140.49) > id:1743985206]Printer Cartridges - Up To Eighty Percent Off Reta.. > If you still have that mail can you please send it to me with complete headers at deputies admin.spamcop.net Thanks Ellen SpamCop From cmling at teleweb.at Thu May 11 05:34:05 2006 From: cmling at teleweb.at (Charley) Date: Wed May 10 22:35:02 2006 Subject: [SpamCop-List] Newbie question Message-ID: Greetings! I know that the fresher spam is, the better SpamCop can deal with it. My question is whether I should refrain from sending reports if the spam is several hours of age. I get up in the morning, and have spam that can be 8-9 hours old. Should I send it to SpamCop, or just the new stuff? Thank you, Charley From me at privacy.net Thu May 11 01:15:36 2006 From: me at privacy.net (Frog Prince) Date: Thu May 11 00:20:02 2006 Subject: [SpamCop-List] Re: Newbie question References: Message-ID: "Charley" wrote in message news:e3u7qt$q1u$1@news.spamcop.net... | Greetings! | | I know that the fresher spam is, the better SpamCop can deal with it. | My question is whether I should refrain from sending reports if the spam | is several hours of age. I get up in the morning, and have spam that | can be 8-9 hours old. Should I send it to SpamCop, or just the new stuff? | | Thank you, | Charley Send it all, let SC sort 'em out. From mwnospam at comcast.net Thu May 11 02:14:01 2006 From: mwnospam at comcast.net (spamacyde) Date: Thu May 11 01:10:04 2006 Subject: [SpamCop-List] The Phish that isn't Going Away Message-ID: I reported a phish containing the link http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to save Spamcop's link), Ebay and Paypal. It's still live 12 hours later. Could somebody tell me if there is a security risk visiting it? It offers up a cookie and I rejected it. How much damage could the cookie have done? Also has anybody had any luck getting Yahoo to cough up the identity of a phisher? Thanks in advance. From nobody at nowhere.not Thu May 11 07:09:18 2006 From: nobody at nowhere.not (Robert Blair) Date: Thu May 11 02:10:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Thu, 11 May 2006 00:39:50 UTC, "Ant" wrote: > > The message carried your return address, so it was either a genuine mail > from you, or a sender address was faked and your e-mail address abused > by third party, in which case we apologize for undesired notification. > > We do try to minimize backscatter for more prominent cases of UBE and > for infected mail, but for less obvious cases of UBE some balance > between losing genuine mail and sending undesired backscatter is sought, > and there can be some collateral damage on both sides. > If they went that far (to examine the email) you would think they could look at the FROM and the source and determine the FROM was a fake. I do occasionally send email from a different domain than the domain of the FROM so some of my email may seem to have a fake FROM. I would not be too concerned if they did not send a delivery failure notice because of the apparent fake FROM, it is the chance I take. -- Robert Blair From nobody at nowhere.not Thu May 11 07:23:56 2006 From: nobody at nowhere.not (Robert Blair) Date: Thu May 11 02:25:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Thu, 11 May 2006 01:01:07 UTC, "Ellen" wrote: > If you still have that mail can you please send it to me with complete > headers at deputies admin.spamcop.net It has been sent. -- Robert Blair From vanguard.news at yahooNIX.com Thu May 11 03:45:31 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu May 11 03:50:07 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "steve auvache" wrote in message news:bx$UmuA4IIYEFwrV@thecow.me.uk... > Vanguard wrote >>"steve auvache" wrote in message >>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>> >>> If their service turns out to be half of what it claims then I will >>> happily sing their praises as I would with *any* successful >>> anti-spam >>> campaign. >> >> >>An end-user speaketh. > > Aren't us Users what this is all about? Not when you are vicious and attacking someone else and causing collateral damage in the process. BS works through a coordinated DOS attack from its zombied users. They aren't just hurting the spammer. Their shotgun approach hurts OTHERS. So let's all mailbomb YOUR e-mail account just because, well, a spammer said they were you. Would you appreciate that? Let's all mailbomb YOUR e-mail provider because one of their customers is spamming but which makes it impossible for anyone to send you mail because your mail server is too busy with the mailbomb. Would you appreciate that? So let's all DOS (denial-of-service) attack YOUR webhost provider so no one can get to YOUR web site. Would you appreciate that? Yeah, let's all be petulant children attacking everyone else and hope we're not the one getting reamed as a result. Oh, no, spammers would never lie, right, and put links in their spamverts to some other innocent's web site. Oh, yes, YOU are to be held responsible for your webhost provider and must suffer because some spammer happens to be using a site that is also hosted by your webhost provider. Protecting yourself and fucking over someone else as collateral damage is NOT a responsible solution. Even if you were really lucky and happen to be attacking the spammer, your vigilante actions are still reprehensible. If you can't be a responsible netizen, then leave! We would appreciate it. If you can't manage to find and use a responsible anti-spam solution then you really shouldn't be doing e-mail at all. From vanguard.news at yahooNIX.com Thu May 11 03:57:43 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu May 11 04:00:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3ptqf$7gq$1@news.spamcop.net... >I do not exactly trust BlueSecurity, but they have kicked several >spammers into their butts, more than SpamCop ever managed to. > > Forget about legal aspects for a moment. The BlueFrog idea might force > several spammers out of business, which is a good thing. The "Robin > Hood principle" is observed, no one feels sorry for the spammers, and > if this is THE idea to get rid of spammers - why not. Gee, I must've missed something in those Robin Hood tales. Don't remember ever hearing that Robin Hood had his band of merry men (i.e., the zombied BS users) strafe a crowd with a barrage of arrows to slay a slew of innocents just so he could kill a couple of the sherriff's men. Looks like terroristic bombing has become the new favorite anti-spam tactic: kill your enemy and don't care about the collateral damage to others. Don't bother with tactical strikes or non-lethal weapons. Just nuke 'em and rationalize all the innocents deserved it, too, since they should gleefully sacrifice themselves for your cause. From MikeE at ster.invalid Thu May 11 02:02:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 11 04:05:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: spamacyde wrote: > I reported a phish containing the link > http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to > save Spamcop's link), Ebay and Paypal. www.qcywblysecurity-ep.info = premium7.geo.yahoo7.akadns.net That is a yahoo site. > It's still live 12 hours > later. That isn't surprising. Yahoo isn't particularly responsive about squashing their customers, even the ones which are running illegal operations. > Could somebody tell me if there is a security risk visiting > it? If you visit websites insecurely, you are at risk. > It offers up a cookie and I rejected it. How much damage could > the cookie have done? Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie An HTTP cookie, or a Web cookie, is a parcel of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. > Also has anybody had any luck getting Yahoo to > cough up the identity of a phisher? The identity? -- Mike Easter kibitzer, not SC admin From gezgin at spamcop.net Thu May 11 13:05:13 2006 From: gezgin at spamcop.net (gezgin) Date: Thu May 11 05:10:11 2006 Subject: [SpamCop-List] Update my CC info with Spamcop Message-ID: Every time I need to do this, I have to ask again. How do I update my credit card info with Spamcop? SC should make this easier. There's no obvious way to update account information. At least none that I can find... -- Bob http://www.kanyak.com From turan.fe at t-online.de Thu May 11 12:45:23 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Thu May 11 05:50:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: > "Every conviction raises the barrier to entry for these guys," said Scott > Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces > anti-spam software. Mr Weiss may be right, because in such cases, the American courts seem to work properly. Mostly, however, we are talking about spammers in countries with a not-so-good legal system, say, Russia, Nigeria, China or the like. Did anybody sue a scam artist / spammer in such a country and actually get him under lock and key? Turan From nobody at devnull.spamcop.net Thu May 11 06:23:24 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 11 06:25:03 2006 Subject: [SpamCop-List] Re: Update my CC info with Spamcop References: Message-ID: "gezgin" wrote in message news:e3uuoa$6rr$1@news.spamcop.net... > Every time I need to do this, I have to ask again. How do I update my credit > card info with Spamcop? > > SC should make this easier. There's no obvious way to update account > information. At least none that I can find... For a paid-Reporting account, log into 'your' www.spamcop.net web-page and follow the "add fuel" link to: http://www.spamcop.net/mcgi?action=paymenu For an e-mail account, JT wanted the prime support spot to be the Forum, at which you'd find a much expanded SpamCop FAQ, which includes entries like the following; How do I sign up for multiple accounts under the family plan? Discounted Additional Account, more detail When does my account expire? How do I renew my account? How do I setup my account? https://mail.spamcop.net/account_renew.php From / at /.cn Thu May 11 22:28:34 2006 From: / at /.cn (Petzl) Date: Thu May 11 07:30:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3v13n$84h$1@news.spamcop.net... >> "Every conviction raises the barrier to entry for these guys," said Scott >> Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces >> anti-spam software. > > Mr Weiss may be right, because in such cases, the American courts seem to > work properly. > > Mostly, however, we are talking about spammers in countries with a > not-so-good legal system, say, Russia, Nigeria, China or the like. Did > anybody sue a scam artist / spammer in such a country and actually get him > under lock and key? > > Turan Convictions in the "Christian" West will take away liberty our most treasured freedom These in their selves favour criminals, with 100% certainty factor, or innocent ruling being the prerogative Many use our Christian nascent, not yet developed laws as a weapon or a scam to skirt justice However that said the corrupt "Russia, Nigeria, China or the like" do not need the 100% factor but convicts do not have any rights with life expectancy in prisons less than a year for most The USa conviction will now turn on companies and those connected with this villain to inform and convict other spammers in countries with a not-so-good legal system, say, Russia, Nigeria, China or the like Petzl From mwnospam at comcast.net Thu May 11 08:37:16 2006 From: mwnospam at comcast.net (spamacyde) Date: Thu May 11 07:35:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "Mike Easter" wrote in message news:e3ur20$4ms$1@news.spamcop.net... > spamacyde wrote: > > I reported a phish containing the link > > http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to > > save Spamcop's link), Ebay and Paypal. > > www.qcywblysecurity-ep.info = premium7.geo.yahoo7.akadns.net > > That is a yahoo site. > > > It's still live 12 hours > > later. > > That isn't surprising. Yahoo isn't particularly responsive about > squashing their customers, even the ones which are running illegal > operations. > > > Could somebody tell me if there is a security risk visiting > > it? > > If you visit websites insecurely, you are at risk. > > > It offers up a cookie and I rejected it. How much damage could > > the cookie have done? > > Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie An > HTTP cookie, or a Web cookie, is a parcel of text sent by a server to a > web browser and then sent back unchanged by the browser each time it > accesses that server. > > > Also has anybody had any luck getting Yahoo to > > cough up the identity of a phisher? > > The identity? > > > -- > Mike Easter > kibitzer, not SC admin > Thanks, Mike! Identity = Name of spammer on his drivers license and other info with which to prosecute. If somebody is convicted of trying to pick your pocket, they are punished regardless of whether they were succeessful. Apparently with phishing, you have to steel 50 bucks or more. Somebody correct me if I'm wrong. The site now no longer exists. Imagine that :) From g.hyde at bigpond.net.au Thu May 11 22:56:06 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu May 11 08:00:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > Not when you are vicious and attacking someone else and causing collateral > damage in the process. BS works through a coordinated DOS attack from its > zombied users. They aren't just hurting the spammer. I fail to see where you have offered conclusive proof that BS computers are "zombied" users. From what I can see, the program is of a type which the user can uninstall if they choose to do so. If you have conclusive evidence to the contrary, please post it here. And they go to an extensive length to identify a spammer - something I have not seen elsewhere on the net, other than SC, which simply reports emails and analyzes headers for things like blackhat ISPs, open relay mail servers, etc. While I may appear to be supporting BS users, I do not. However, they seem to be going to an extraodinary length to get spammers shut down. Which is in the final analysis a good thing. If you are going to post a blatant attack without offering some conclusive proof to offer it up (in this case that BS users have zombied machines) please remember that your attack brings with it consequences, and it also means you have the responsibility to back your claims up to other posters in this newgroup. At the moment you are little better than a troll which posts in order to gain pleasure. If you wish to continue this futile method of posting unsubstantiated claims please be aware that other intelligent users of this newsgroup may start to ignore you. Cheers ... Geoffrey Hyde From gezgin at spamcop.net Thu May 11 16:57:37 2006 From: gezgin at spamcop.net (gezgin) Date: Thu May 11 09:00:03 2006 Subject: [SpamCop-List] Re: Update my CC info with Spamcop References: Message-ID: "WazoO" wrote > How do I renew my account? > https://mail.spamcop.net/account_renew.php Thanks for that link. This time I've bookmarked it. -- Bob http://www.kanyak.com From dont_spam at thecow.me.uk Thu May 11 16:15:05 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Thu May 11 10:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Vanguard wrote >"steve auvache" wrote in message >news:bx$UmuA4IIYEFwrV@thecow.me.uk... >> Vanguard wrote >>>"steve auvache" wrote in message >>>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>>> >>>> If their service turns out to be half of what it claims then I will >>>> happily sing their praises as I would with *any* successful >>>> anti-spam >>>> campaign. >>> >>> >>>An end-user speaketh. >> >> Aren't us Users what this is all about? > >Not when you are vicious and attacking someone else and causing >collateral damage in the process. BS works through a coordinated DOS >attack from its zombied users. " No. *I* am Sparticus. " > Yeah, let's all be petulant children attacking >everyone else and hope we're not the one getting reamed as a result. You make some interesting statements, not all of which are correct. When I look at this:- http://www.youtube.com/watch?v=Ee18vXyLBMM It really does bring to mind the recent reaction of the spammer rather than the spamees. >Protecting yourself and fucking over someone else as collateral damage >is NOT a responsible solution. Even if you were really lucky and happen >to be attacking the spammer, your vigilante actions are still >reprehensible. If you can't be a responsible netizen, then leave! We >would appreciate it. If you can't manage to find and use a responsible >anti-spam solution then you really shouldn't be doing e-mail at all. So, this backscatter thing that has happened as a result of all this, good or bad? I say good. Even if the only result is to lower the burden on the long suffering American tax payer supporting all those badly configured mailservers that their government runs. -- steve auvache one step closer to The Perfect Date. From bar_n0ne at hotmail.com Thu May 11 10:22:21 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 10:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > > Protecting yourself and fucking over someone else as collateral damage > is NOT a responsible solution. Even if you were really lucky and happen > to be attacking the spammer, your vigilante actions are still > reprehensible. If you can't be a responsible netizen, then leave! We > would appreciate it. If you can't manage to find and use a responsible > anti-spam solution then you really shouldn't be doing e-mail at all. > OK, first off, for a variety of reasons I don't and wouldn't use BS's BF service. That being said, I shoould say that out of dozens of spams I look at carefully on a daily basis, and many more cursorily while fulfilling SC reports, that the number of IB'd and joe jobbed sites is almost vanishingly small,. perhaps 1 spam or less a month out of thousands. Collateral damage to spam sources and spamvertizing hosters is inevitable and , frankly necessary, it's the only way ISP's and hosters will be forced to choose between an abusive and non abusive clientele. Until then they can all make salutory efforts against the spammers, scammers, phishers and ddossers and earn revenue from all of them. The las time anyone showed real balls to spammers was when AOL blackholed Telia, a couple of years ago, yerah there was a lot of collateral damage, mails lost, but, hey it worked, I have hardly seen any spam since from Telia. Theirabuse department must be effective, wonder why?. Well since then the providers have all lost their collective cojones unfortunately. Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's better than what most mail providers do now, some 80 to 90 % of the incoming mailstream after analysis for spammishness of one kind or another is silently dropped on the floor. and yes a not insignificant amount of goodmail simply disappears, the sender never knows, the receiver never knows, (unless the sender asks the receiver to write back if the mail was not received :) ). I'd rather have a pissed off goodmail sender complaining and finding an alternate way to get hold of me than the current situation. Most people shouln't delude themselves, if you're using a large commercial mail service, those dozen or so spams in your junk folder are only a small fraction of the junk mail stream that has been dropped into dave nulls basket. Anyway to get back to the topic at hand, SC its self does something similar, mailbombing postmasters etc. who are connected with a spam, and Vern Shryver isn't so far off the mark, and SC's whiteness isn't so different from BS's blackness. we're all dealing with shades of grey here. I use SC, support what it does, I don't intend to use blue frog, but I do support the aims, and the methods are a bit extreme for my liking. Remeber , if you don;t have effective policing and justice, you will always get vigilantism, in fact that's is really what police and courts are for, to protect us all from vigilantism. IN the internet at the moment the police and courts are dozing at the wheel. From bar_n0ne at hotmail.com Thu May 11 10:24:14 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 10:25:10 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Petzl" wrote in message news:e3v759$bpe$1@news.spamcop.net... SNIP > Convictions in the "Christian" West will take away liberty our most > treasured freedom > These in their selves favour criminals, with 100% certainty factor, or > innocent ruling being the prerogative > Many use our Christian nascent, not yet developed laws as a weapon or a scam > to skirt justice > > However that said the corrupt "Russia, Nigeria, China or the like" do not > need the 100% factor but convicts do not have any rights with life > expectancy in prisons less than a year for most > > The USa conviction will now turn on companies and those connected with this > villain to inform and convict other spammers in countries with a not-so-good > legal system, say, Russia, Nigeria, China or the like > > Petzl > > This is not your usual style of writing, were you tired? From dannyg at dannyg.com Thu May 11 09:37:54 2006 From: dannyg at dannyg.com (Danny Goodman) Date: Thu May 11 11:38:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away In-Reply-To: <200605111010.k4BAA5kl037573@dannyg.com> Message-ID: on 5/11/06 3:10 AM, spamcop-list-request@news.spamcop.net wrote: > I reported a phish containing > It's > still live 12 hours later. Yahoo's response time to phishing site reports varies. For sites whose domains are registered and hosted at Yahoo, I report directly and instantaneously to network-abuse at cc.yahoo-inc.com Don't give them too much info, or their filters will reject the message. I supply simply the domain name and complete phishing URL, letting the Subject convey why I'm sending the message. I hear back with a mostly standard message after they've closed down the site...usually somewhere between 12 and 96 hours. :-( A lot of the Yahoo-hosted phishing sites in phishing messages I get are physically hosted about 10 miles from my place. Thus the pull-the-giant-plug-out-of-the-wall fantasy when I continue to receive messages over a few days pointing to one of those sites still up and running. Danny http://www.dannyg.com http://www.spamwars.com From tmcgraw at spamcop.net Thu May 11 09:50:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 11:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > I fail to see where you have offered conclusive proof that BS computers are > "zombied" users. From what I can see, the program is of a type which the > user can uninstall if they choose to do so. If you have conclusive evidence > to the contrary, please post it here. Google "bluefrog" and "zombie" and you'll see that a lot of people agree with Vanguard. One blogger called them "voluntary zombies," which is a good descriptor. > While I may appear to be supporting BS users, I do not. However, they seem > to be going to an extraodinary length to get spammers shut down. Which is > in the final analysis a good thing. Here in the US the government has gone to extraordinary lengths to "stop terrorism." However, the methods the government has used to do that - infringing on well-established civil liberties - is not seen as a good thing by perhaps a majority of the population. I believe this argument is listed at http://www.aros.net/~wenglund/Logic101a.htm but I wouldn't know EXACTLY which one it is. > At the moment you are little better than a troll which posts in order to > gain pleasure. If you wish to continue this futile method of posting > unsubstantiated claims please be aware that other intelligent users of this > newsgroup may start to ignore you. Now that argument I KNOW is listed there. I believe Vanguard and like what he has to say. From edb2000 at spamcop.net Thu May 11 09:52:37 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu May 11 11:55:16 2006 Subject: [SpamCop-List] Funny spam of the day Message-ID: Eloquent gibberish taken from filter-busting attempt in the text alternative part of today's spam: When a photon near a sandwich is flatulent, some blood clot buries a fraction for a chess board. -- Don Wannit A paid SpamCop user since 1999 From tmcgraw at spamcop.net Thu May 11 09:57:46 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 12:00:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Berny wrote: > > That being said, I shoould say that out of dozens of spams I look at > carefully on a daily basis, and many more cursorily while fulfilling SC > reports, that the number of IB'd and joe jobbed sites is almost vanishingly > small,. perhaps 1 spam or less a month out of thousands. That may be true for your spam, but that doesn't make it true for my spam. > Collateral damage to spam sources and spamvertizing hosters is inevitable > and , frankly necessary, it's the only way ISP's and hosters will be forced > to choose between an abusive and non abusive clientele. Until then they can > all make salutory efforts against the spammers, scammers, phishers and > ddossers and earn revenue from all of them. Using that logic, if we eliminate all the pimps in the world there won't be any prostitution. I don't buy it. > Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's > better than what most mail providers do now, some 80 to 90 % of the incoming > mailstream after analysis for spammishness of one kind or another is > silently dropped on the floor. and yes a not insignificant amount of > goodmail simply disappears, the sender never knows, the receiver never > knows, (unless the sender asks the receiver to write back if the mail was > not received :) ). Lots of problems here. For one thing, blocking based on the SCBL alone is a bad idea. If you applied scoring intelligently you would virtually never drop goodmail on the floor. I'm glad you're not my postmaster. > Most people shouln't delude themselves, if you're using a large commercial > mail service, those dozen or so spams in your junk folder are only a small > fraction of the junk mail stream that has been dropped into dave nulls > basket. You can't make a blanket statement like that without the evidence. In fact, I'm on a large commercial mail service and I know I get /everything/. > Anyway to get back to the topic at hand, SC its self does something similar, > mailbombing postmasters etc. who are connected with a spam, and Vern Shryver > isn't so far off the mark, and SC's whiteness isn't so different from BS's > blackness. we're all dealing with shades of grey here. There is nothing grey about the long-established tradition of sending LARTs to abuse@ or postmaster@ or another addy "on file." From nobody at devnull.spamcop.net Thu May 11 14:51:02 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 11 13:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Well said! "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > "steve auvache" wrote in message > news:bx$UmuA4IIYEFwrV@thecow.me.uk... >> Vanguard wrote >>>"steve auvache" wrote in message >>>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>>> >>>> If their service turns out to be half of what it claims then >>>> I will >>>> happily sing their praises as I would with *any* successful >>>> anti-spam >>>> campaign. >>> >>> >>>An end-user speaketh. >> >> Aren't us Users what this is all about? > > Not when you are vicious and attacking someone else and causing > collateral damage in the process. BS works through a > coordinated DOS attack from its zombied users. They aren't > just hurting the spammer. Their shotgun approach hurts OTHERS. > So let's all mailbomb YOUR e-mail account just because, well, a > spammer said they were you. Would you appreciate that? Let's > all mailbomb YOUR e-mail provider because one of their > customers is spamming but which makes it impossible for anyone > to send you mail because your mail server is too busy with the > mailbomb. Would you appreciate that? So let's all DOS > (denial-of-service) attack YOUR webhost provider so no one can > get to YOUR web site. Would you appreciate that? Yeah, let's > all be petulant children attacking everyone else and hope we're > not the one getting reamed as a result. Oh, no, spammers would > never lie, right, and put links in their spamverts to some > other innocent's web site. Oh, yes, YOU are to be held > responsible for your webhost provider and must suffer because > some spammer happens to be using a site that is also hosted by > your webhost provider. > > Protecting yourself and fucking over someone else as collateral > damage is NOT a responsible solution. Even if you were really > lucky and happen to be attacking the spammer, your vigilante > actions are still reprehensible. If you can't be a responsible > netizen, then leave! We would appreciate it. If you can't > manage to find and use a responsible anti-spam solution then > you really shouldn't be doing e-mail at all. > From nobody at devnull.spamcop.net Thu May 11 14:55:56 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 11 14:00:03 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "spamacyde" wrote in message news:e3ugun$uo3$1@news.spamcop.net... > > I reported a phish containing the link > http://www.qcywblysecurity-ep.info to > Spamcop(unfortunately forgot to save Spamcop's link), Ebay and > Paypal. ... Go to Spamcop.net and click on your Recents list; it'll be there, along with the link you didn't catch. You don't have to be a paid user to use that feature. Pop From bar_n0ne at hotmail.com Thu May 11 14:13:38 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 14:15:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Tim McGraw" wrote in message news:e3vmtr$mgn$1@news.spamcop.net... > Berny wrote: SNIP > > Collateral damage to spam sources and spamvertizing hosters is inevitable > > and , frankly necessary, it's the only way ISP's and hosters will be forced > > to choose between an abusive and non abusive clientele. Until then they can > > all make salutory efforts against the spammers, scammers, phishers and > > ddossers and earn revenue from all of them. > > Using that logic, if we eliminate all the pimps in the world there won't > be any prostitution. > > I don't buy it. > > > Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's > > better than what most mail providers do now, some 80 to 90 % of the incoming > > mailstream after analysis for spammishness of one kind or another is > > silently dropped on the floor. and yes a not insignificant amount of > > goodmail simply disappears, the sender never knows, the receiver never > > knows, (unless the sender asks the receiver to write back if the mail was > > not received :) ). > > Lots of problems here. For one thing, blocking based on the SCBL alone > is a bad idea. If you applied scoring intelligently you would virtually > never drop goodmail on the floor. > > I'm glad you're not my postmaster. Well , I personally find tagging spam a waste of my time, I don't want anything in a junk mailbox, otherwise I find I have to go dumpster diving to see what got tagged that was goodmail, I'd rather the sender got the 5xx notice, even my friends. Imagine AOL, Earthlink, SpamCast Hotmail, Yahoo and Gmail* all using SCBL, CBL, Spews 1 to 5xx reject, and say banning everything from say hbtele or teleglobe or some particularly obnoxious service or country until they cleaned up their act. Then targetting the next worse provider, I think the spam problem would find itself cleaned up remarkably fast, by services policing themselves *I don't mean to imply any quality or lack thereof in their spamfighting here. or even wether they ar black or white hat. Or if we had mass access to whois, and blackholing every IP and DNS owned by spammers, for example every IP touched by "Paul Gregoire" or registered to that funny non-address in Nanaimo, I think the registrars would clean up their act also. I am hoping for the day when spam will be sent in the dozens by chickenboners who have to get a new hotmail or Yahoo or other free mail account for every few spams, answer the kaptcha challenges, and find a new internet cafe or library to sign up for email because that bit of netspace will be (at least temporarily) banned by the free mailers for abuse. Then the spam problem will have been solved, and most of us won't see any for days on end. From tmcgraw at spamcop.net Thu May 11 12:23:49 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 14:25:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Berny wrote: > "Tim McGraw" wrote in message > >> Lots of problems here. For one thing, blocking based on the SCBL alone >> is a bad idea. If you applied scoring intelligently you would virtually >> never drop goodmail on the floor. >> >> I'm glad you're not my postmaster. > > Well , I personally find tagging spam a waste of my time, I don't want > anything in a junk mailbox, otherwise I find I have to go dumpster diving to > see what got tagged that was goodmail, I'd rather the sender got the 5xx > notice, even my friends. This is not an option when you run a business. A well-managed spam dam is by no means a dumpster. Well, more like a shredder. Used daily it will keep your email > Imagine AOL, Earthlink, SpamCast Hotmail, Yahoo and Gmail* all using SCBL, > CBL, Spews 1 Outbound? :) > Or if we had mass access to whois, and blackholing every IP and DNS owned by > spammers, for example every IP touched by "Paul Gregoire" or registered to > that funny non-address in Nanaimo, I think the registrars would clean up > their act also. Isn't that what spews basically does? > I am hoping for the day when spam will be sent in the dozens by > chickenboners who have to get a new hotmail or Yahoo or other free mail > account for every few spams, answer the kaptcha challenges, and find a new > internet cafe or library to sign up for email because that bit of netspace > will be (at least temporarily) banned by the free mailers for abuse. Then > the spam problem will have been solved, and most of us won't see any for > days on end. I'm there. The problem with the current model is that money rules, and all we have as individual netizens is to play nice; the Internet, after all, is based on massive, mutual cooperation. If we /all/ behaved like Enron executives then the Internet would be useless altogether. Slow and steady wins the race. From tmcgraw at spamcop.net Thu May 11 12:24:54 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 14:25:11 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Tim McGraw wrote: > > A well-managed spam dam is by no means a dumpster. Well, more like a > shredder. Used daily it will keep your email ...useful, no matter how long you've had the addy. From MikeE at ster.invalid Thu May 11 12:50:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 11 14:55:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Berny wrote: > I'd rather the > sender got the 5xx notice, even my friends. Being configured so that *your* receiving server can reject highly suspicious spam is a very healthy structure. Presumably there would be some alternate pathway by which false positive rejections can get it straightened out. Many people are not in a situation where they control the server; or many recipients don't like for their *own* senders of goodmail to get rejected, because many of those would-be recipients and their would-be senders don't have access to the alternate channels. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Thu May 11 15:12:02 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 15:15:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Mike Easter" wrote in message news:e4012c$t3n$1@news.spamcop.net... > Berny wrote: > > > I'd rather the > > sender got the 5xx notice, even my friends. > > Being configured so that *your* receiving server can reject highly > suspicious spam is a very healthy structure. Presumably there would be > some alternate pathway by which false positive rejections can get it > straightened out. > > Many people are not in a situation where they control the server; or > many recipients don't like for their *own* senders of goodmail to get > rejected, because many of those would-be recipients and their would-be > senders don't have access to the alternate channels. > That's my problem I don't control my email servers, nor do I have any where I have some similar options. If I could, that is how I'd do it. If more people could so choose, then I think more block lists would be used. I'd love an Email service where I could check of a menu of blocklists to reject by and with a whitelist. It should be feasible to have an email service with client customizable blocklisting using say, an LDAP implementation, where LDAP would serve up the blocklist. Spamcop mail doesn't cut it for me precisely because I'd still get the spam. Held folder or not I don't want it. Frankly there is nothing like a 5xx rejection to motivate a client to go after his provider, once properly educated. From dwvbo91q4001 at sneakemail.com Thu May 11 23:54:38 2006 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Thu May 11 18:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Berny" wrote in news:e3ravg$7mm$1@news.spamcop.net: > > "The Great Gazoo" wrote in message > news:e3r2kj$2ut$1@news.spamcop.net... > SNIP >> >> It's probably best to plonk Mikey and let him spew. > > and get advice, information, from you? > > *PLONK BS/BF - the company that steals company names (California) and abuses the net too. *S/N ratio has just increased a few db's. -- Tim P Very content SpamCop Subscriber since 4/2002 From bar_n0ne at hotmail.com Thu May 11 19:08:11 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 19:10:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Tim P." wrote in message news:Xns97C0B633D1FC8dwvbo91q4001sneakema@216.154.195.61... > "Berny" wrote in news:e3ravg$7mm$1@news.spamcop.net: > > > > > "The Great Gazoo" wrote in message > > news:e3r2kj$2ut$1@news.spamcop.net... > > SNIP > >> > >> It's probably best to plonk Mikey and let him spew. > > > > and get advice, information, from you? > > > > *PLONK > > BS/BF - the company that steals company names (California) and abuses the > net too. > > *S/N ratio has just increased a few db's. > > > -- > Tim P > > Very content SpamCop Subscriber since 4/2002 Ummmm.... what are you trying to say here, curious minds are interested. and what did my exchange have to do with BS/BF stealing names, or with BS/BF other than having been part of the thread? And, What's all this about stealing names? whose name? From porpoise1954 at yahoo.co.uk Fri May 12 01:35:58 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu May 11 19:40:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "Mike Easter" wrote in message news:e3ur20$4ms$1@news.spamcop.net... > spamacyde wrote: > >> It offers up a cookie and I rejected it. How much damage could >> the cookie have done? > > Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie An > HTTP cookie, or a Web cookie, is a parcel of text sent by a server to a > web browser and then sent back unchanged by the browser each time it > accesses that server. Err..... Mike, would you like to re-phrase that comment? Cookies can and do cause damage: http://www.peacefire.org/security/iecookies http://www.cookiecentral.com/dsm.htm http://www.donkboy.com/html/priv1.htm Q.10. Do "cookies" pose any security risks?: http://www.w3.org/Security/Faq/wwwsf2.html DoubleClick immediately springs to mind........ From MikeE at ster.invalid Thu May 11 19:34:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 11 21:35:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Berny wrote: > What's all this about stealing names? whose name? Blue Security is doing business and its main offices are in California even tho' it originated in Israel. The California corporation Blue Security is a name that belongs to a La Jolla CA lock company. IANAL but here is what one observer had to say: Yet, according to the California Secretary of State, the legal owner of that _Corporation_Name_, is a locksmith in La Jolla, California, who has had that name since 1997. (That information, and the info in the following 3 paragraphs, can be verified by anyone who cares to, on the State of California web-site.) They can't legally have some other name, and be using "Blue Security, Inc." as a "doing business as" (DBA) -- what California calls a "fictitious name" -- because California expressly forbids the use of a corporate ("Inc.", "Corp.", "Corporation", etc.) or LLC indicator as part of a fictitious name. One cannot legally register a corporate name (whether an in-state corporation, or an out-of-state one doing business in California) that is the same name as an existing Calif. corporation. One can register a name that is "similar" only with the written consent of the presently- registered corporation, _and_ the agreement from the Secretary of State that the naming would _not_ be unduly confusing to potential customers. Operating an unregistered business is a violation of California law. Based on that, alone, Blue Security does appear to be a criminal operation. They swiped their Blue Frog (software) logo from a SourceForce (software) application. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu May 11 19:40:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 11 21:45:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: Porpoise wrote: > "Mike Easter" >> spamacyde wrote: >> >>> It offers up a cookie and I rejected it. How much damage could >>> the cookie have done? >> >> Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie >> An HTTP cookie, or a Web cookie, is a parcel of text sent by a >> server to a web browser and then sent back unchanged by the browser >> each time it accesses that server. > > Err..... Mike, would you like to re-phrase that comment? Cookies can > and do cause damage: > > http://www.peacefire.org/security/iecookies > http://www.cookiecentral.com/dsm.htm > http://www.donkboy.com/html/priv1.htm Those are all information about information leakage by cookie mismanagement, not 'damage'. The article I cited discusses that and other cookie hazards. 6 Drawbacks of cookies 6.1 Inaccurate identification 6.2 Cookie theft 6.3 Cookie poisoning 6.4 Cross-site cooking > Q.10. Do "cookies" pose any security risks?: > http://www.w3.org/Security/Faq/wwwsf2.html > > DoubleClick immediately springs to mind........ The original question was "It offers up a cookie and I rejected it. How much damage could the cookie have done?" -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 12 12:35:31 2006 From: nobody at devnull.spamcop.net (Patto) Date: Thu May 11 22:40:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away In-Reply-To: References: Message-ID: spamacyde wrote: > I reported a phish containing the link http://www.qcywblysecurity-ep.info to > Spamcop(unfortunately forgot to save Spamcop's link), Ebay and Paypal. It's > still live 12 hours later. Could somebody tell me if there is a security > risk visiting it? It offers up a cookie and I rejected it. How much > damage could the cookie have done? Also has anybody had any luck getting > Yahoo to cough up the identity of a phisher? The site is down now. You can help taking phishing sites down by reporting them online at http://castlecops.com/pirt Phishing sites hosted by Yahoo are removed quickly when reported through http://add.yahoo.com/fast/help/us/domains/cgi_phishing From / at /.cn Fri May 12 13:48:10 2006 From: / at /.cn (Petzl) Date: Thu May 11 22:50:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Berny" wrote in message news:e3vhef$hsl$1@news.spamcop.net... > >> The USa conviction will now turn on companies and those connected with > this >> villain to inform and convict other spammers in countries with a > not-so-good >> legal system, say, Russia, Nigeria, China or the like >> >> Petzl >> >> > This is not your usual style of writing, were you tired? > Well yes and a cold? I thought it my "normal" rant? From none at none.com Thu May 11 23:02:59 2006 From: none at none.com (Rich Bless) Date: Thu May 11 23:05:02 2006 Subject: [SpamCop-List] Re: [ot] Busted a telemarketer! References: Message-ID: "Ben" wrote in message news:dtr7m1$1qf$1@news.spamcop.net... >I busted me a telemarketer double-big-time and the State Attorney General >is going to speak with them. > > Last week I got a Pre-Recorded phone call. As soon as I answered the phone > the recorded solicitation starting playing, it was trying Violation > #1. It was a pre-recorded message in this phone call. This is against both > federal and state law. > Violation #2. The unsolicited call was made to a cellular phone. Ouch, > also illegal. Another penalty. > Violation #3. The phone number was registered in the do not call list. > This is going to get expensive. I'm getting pre-recorded phone call on my cell phone IN SPANISH. Anyone know how I can track down 1-803-201-4567 ? From MikeE at ster.invalid Thu May 11 23:42:03 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 01:45:02 2006 Subject: [SpamCop-List] Re: [ot] Busted a telemarketer! References: Message-ID: Rich Bless wrote: > Anyone know how I can track down > 1-803-201-4567 ? 803 SC Columbia, central Searching for area code 803, prefix 201: Not Found... Sometimes telemarketers and others use FAKE information. Therefore that is probably why the area code and prefix combination you are looking for was "not found" on our database. That's what my info sources say. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Fri May 12 03:53:53 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri May 12 09:40:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Geoffrey Hyde" wrote in message news:e3v8sp$cou$1@news.spamcop.net... > > "Vanguard" wrote in message > news:e3uq2r$426$1@news.spamcop.net... > >> Not when you are vicious and attacking someone else and causing >> collateral damage in the process. BS works through a coordinated DOS >> attack from its zombied users. They aren't just hurting the spammer. > > I fail to see where you have offered conclusive proof that BS > computers are "zombied" users. From what I can see, the program is of > a type which the user can uninstall if they choose to do so. If you > have conclusive evidence to the contrary, please post it here. Have you read BS' own FAQ on how their service works? The user installs a client program. The user reports a spam to BS who will supposedly interrogate your mail by their team of specialists. They decide who to attack, not the user. They upload a script to the BS client on your host. BS decides what the script will do, not the user. BS decides when to attack and who to attack, and the user may not even be involved. That is how zombies function. A master zombie tells slave zombies what to do and without having the user involved. A zombie doesn't need to be covertly installed. A zombie doesn't have to be non-uninstallable. In the past, zombies were malicious to someone OTHER than the host that was zombied; i.e., they attacked someone else. And that is what BS' client on your host does at the behest of BS to do whatever BS wants. There is collusion between the user and BS because BS supposedly won't initiate the DOS attack until the user says to. "Users may choose to let the Blue Frog be active at all times, only when their computer is idle or launch it manually at their own discretion." So which mode do you think most BS users will enable? The always-on option (and doing it while idle is still always-on). "Users ... may choose to abort Blue Frog's execution at any time." So does the BS client stop at a prompt and wait forever until the user responds, or does it timeout (i.e., it won't wait indefinitely) and go ahead without user intervention? Since it is supposedly a choice, is the default option to not prompt or to prompt the user? If the default is not to prompt, or if it is to prompt but continue after a timeout, the DOS will occur in the absence of the user. > And they go to an extensive length to identify a spammer - something I > have not seen elsewhere on the net, other than SC, which simply > reports emails and analyzes headers for things like blackhat ISPs, > open relay mail servers, etc. There may be other agenda here. If BS were to attack someone with power and deep pockets, they would be sued just like any other malcontent DOS'ing that domain. AOL, Earthlink, Comcast, and other major ISPs don't give a gnat's fart about the professed intention of BS regarding the DOS attack. A DOS attack is still a DOS attack and harms the resources of the domain. DOS'ing a particular web site still incurs a DOS attack on the domain that has to handle all those connect requests. Other sites using the same webhost provider will have problems with users or visitors getting access to them when the webhost provider is being attacked (for one of the other sites on that domain). > While I may appear to be supporting BS users, I do not. However, they > seem to be going to an extraodinary length to get spammers shut down. > Which is in the final analysis a good thing. The method hurts others. Collateral damage is never condoned. You aren't allowed, even when granted police authority, to shotgun through a crowd to catch a fleeing criminal. The end does not NOT always justify the means, especially when other methods are available. I'm sure women afflicted with breast cancer would prefer a procedure that doesn't hack off part of their body. Fortunately there other procedures for handling spam that are less drastic and don't hurt innocents. The argument that the end justifies the means is used by extremists, terrorists, vigilantes, and children - but only if they are not the collateral damage (i.e., unless highly altruistic or sacrificial, their story and opinion changes drastically when *they* are the innocent victims of the assault). > If you are going to post a blatant attack without offering some > conclusive proof to offer it up (in this case that BS users have > zombied machines) please remember that your attack brings with it > consequences, and it also means you have the responsibility to back > your claims up to other posters in this newgroup. Actually I didn't mean to make it an attack, especially since this is the only group and only thread in which I am responding to BS' behavior and tactics. It just strikes me as a childish, petulant, and egotistic approach. As said, those who see it as a great solution are those that proclaim "works for me" without concern what it does to others and where those others include innocents. I see problems with C-R and bogus bounces, and I see problems with BS, too. Just because spam is a problem doesn't mean that I want another problem in addition to spam. > At the moment you are little better than a troll which posts in order > to gain pleasure. If you wish to continue this futile method of > posting unsubstantiated claims please be aware that other intelligent > users of this newsgroup may start to ignore you. Okay, so now it is time to substantiate your claims. "They have gone to extreme length to identify a spammer." Actually, as with SpamCop, they fall back on that it was the *user* that claimed the mail was spam. If they target an innocent, it was the users' fault, not theirs. Spamcop's parsing isn't perfect. Note that Spamcop DOES NOT send any spam notice to the targets that it determines until after the user decides to send that message (I am not familiar with the Spamcop e-mail service but only with their spam reporting service). It is the responsibility of the user to know that the recipients of the spam abuse message are the correct recipients. It is BS that is deciding who to DOS using the zombies on their customers hosts after the BS user reports a mail as spam. If BS is using something similar to SpamCop, there is no extreme length taken unless they are personally inspecting every spam. There aren't that many employees at BS to handle all those spam reports so they must be using scripts to parse out the spamvert URLs. They claim to have something like 450,000 users. If only 5% got spammed one unique message per day, they would have to personally inspect 22,500 suspect mails per day. With coffee, lunch, and restroom breaks, they might have 6 hours a day. Let's say they were really good and could open, visually inspect, manually parse, and database about 4 suspect mails per minute so they could "expertly analyze" maybe 1,440 suspect mails per day. That means they would need 16 employees dedicated to only that task. >From what I've read, BS is a pretty small company, and I was being very conservative on the volume of suspect mails that they would have to analyze and how fast they could analyze a suspect mail. So they are very likely using scripts to parse out URLs in the body of the mails, just like SpamCop does, to find spamvertized sites. I don't consider that to be "extensive lengths to identify a spammer". If BS is going to such great length to prevent their customers from getting spam, please explain their statement, "[Coordinated opt-out] Requests are not posted by Businesses and organizations that added their e-mail domains to the Do Not Intrude Registry through Blue Security's paid business offering." I suspect "posted by" is really "posted to" as there would be no reason that any entity that subscribed to BS would not want to report spam. If you were a business that subscribed to BS, why would you suddenly also decide to cease reporting spam? So if you want to spam and not bother with getting DOS'ed by BS then bribe BS to exclude your "business". Wow, now there is a conflict of interest. I could not find a description of the "paid business offering" from BS. It sounds eerily reminiscent of some ISP's scheme to let businesses to pay them for guaranteed delivery of spam; i.e., if the spammer is willing to pay the ISP then the ISP will guarantee that source gets their mail past all filters and user-defined blacklists. The spammer then can force spam down your throat if they choose to pay for that privilege (much like Phillips idea to not allow you to change your television channel when the commercial comes on unless you paid for the commercial-free version of the show). "Blue Security provides a set of Registry Compliance Tools allowing merchants, spammers and direct e-mail marketers to easily clean their mailing lists of addresses registered in the Do Not Intrude Registry. These tools hash the spammer's original mailing list and compare each entry with the hashed entries in the Registry. A new, registry-compliant, mailing list is then created by removing entries from the original mailing list that matched entries in the Do Not Intrude Registry." Gee, now think about it. You're a spammer. You have your full list of spamees in your original list. You then sanitize that list to remove the BS users in the BS registry. Now all you have to do is compare your original list with the sanitized one to see which e-mail addresses were removed. Duh! No rocket science needed at all to use a file diff tool. That's how the spammer probably got the e-mails of the BS users to send them the harassing mails. If you subscribe to BS, your e-mail address WILL be known as a BS subscriber to anyone that gets their mailing list sanitized. "When a spammer notices that an e-mail address has been deleted from his list, he has no way of knowing if it was filtered because it was a legitimate user's e-mail address, a honeypot address or a random entry in the hashed Registry." So what? Spammers already don't care if they send to random entries (i.e., invalid e-mail addresses). Spammers usually don't care about honeypots since they will eventually change to a different domain, especially if proxied, and why blacklists get outdated so they must be dynamic enough to reflect the current state of spam sources. Someone that wants to harass BS users doesn't mind sending their assault mails to invalid e-mail addresses or honeypots because they know the BS users are also included in the entries that were removed. How well BS works in providing a responsible anti-spam solution depends on how well they manage to NOT hurt innocents. I don't see how any DOS attack against a domain cannot hurt innocents. The level of their DOS attack depends on the number of reported spams. The more users that report a particular spam then the bigger the size of the DOS attack against the spamvertised site. So as their customer size grows so does the size of their attack. Eventually BS may exceed a threshold beyond which ISPs will no longer tolerate the abuse from BS. If BS follows its claim that only 1 opt-out gets sent per user reporting the spam then the spamvertised site should expect to receive, at a maximum, as many opt-outs as then send in spam mails. Well, that assumes the sender is a marketer that wants to protect their permanent site rather than a spammer that doesn't care about the domain where they are temporarily hosting their spamvertized site. The spammer doesn't care about their recipients of their spew but you expect them to care about their webhost provider? The 1 opt-out request per BS user per spam sounds great but it still accrues to a DOS attack against the site from the aggregate and concerted attack from all BS users, and that hurts others than just the spamvertised site. Since the spammer doesn't care about opt-outs, what is to force the spammer to even provide for opt-outs? Why couldn't the spammer redirect those requests to someone else, like to BS's host provider or to some innocents postmaster? I'm not saying the BS hasn't tried to install some safeguards into their scheme. I've read their FAQs and, if true, then they are trying to ensure their DOS attack targets only valid spam sources. They may have a handle on how to accurately identify spam sources, but then so do some (but not all) of the DNSBLs. However, I don't condone DOS attacks for any purpose because others will be hurt by it besides the targeted site. Right now, the effects and results of BS are merely interesting but as they grow and their DOS attacks become larger they will become just another pest on the Net. If, like Spamcop, it is the user that is required to decide if the recipients of the opt-out request are the valid recipients then BS isn't much worse than SpamCop (since stupid users using SpamCop end up sending invalid abuse reports to already overtaxed mail admins). However, from what I've read, that is NOT the kind of expert user that BS is lulling into their customerbase. The BS user claims the mail is spam (and too many users lump undesirable mails into the spam category) so BS doesn't have a choice after that other than to somehow yank out the spamverts and then tell the user's zombied host to go participate in the DOS attack. The BS user simply wants to push a button to tag a mail as spam and not bother with having to do anything thereafter. An uneducated and lazy mob is probably not the best tool to accurately identify spam sources. I wasn't impressed with SpamNet's voting scheme, either, but their action was to block rather than attack. Spraying the air above the kitchen or dining table while eating to get rid of the flies that are bothering you will probably work very well, but then the dead flies and insecticide fall into your food. So you killed the flies and poisoned your food. With BS, and assuming they are effective, you get rid of or hurt the spammer but you've harmed more than just that site. From nospamplease at aol.com Fri May 12 15:41:45 2006 From: nospamplease at aol.com (Chris) Date: Fri May 12 09:45:01 2006 Subject: [SpamCop-List] Newbie to Spamcop - Am I doing this right? Message-ID: Hi folks Just wanted to check everything was OK. I set up an account with Spamcop, and my software (Mailwasher) seems to handle things pretty automatically. I take it that when Spamcop replys with its Autoresponder, I have to click the link in the email in order to actually file a report - Is this right? Thanks Chris From MikeE at ster.invalid Fri May 12 08:07:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 10:10:03 2006 Subject: [SpamCop-List] Re: Newbie to Spamcop - Am I doing this right? References: Message-ID: Chris wrote: > Just wanted to check everything was OK. > I set up an account with Spamcop, and my software (Mailwasher) seems > to handle things pretty automatically. Your MW submits the spam/s to the parser/reporting tool. > I take it that when Spamcop replys with its Autoresponder, I have to > click the link in the email in order to actually file a report - Is > this right? The parser/reporting tool parses each spam individually and determines the spamsource and spamvertiser provider notify addresses. That tool also provides you with an opportunity to make comments and to 'observe' the accuracy of the determinations from a human perspective, and then to individually confirm or adjust each notify letter which is sent in your 'name' ie reportid mask. That is the 'structure'/routine for the regular reporter who is notifying for spamsource and spamvertisers. Each link represents each individual spam, which represents its own assortment of notifies based on algorithmic notify address determinations. Currently in nanae I'm discussing issues in which some role address notifications were considered 'spam' by the recipient, as the recipient did not want to receive the notify, considered spamcop's process to be bulk, unsolicited, and not in the interest of the recipient. I don't agree with the recipient's definition of spam in that context, and I believe that SC's structure for prevention and remedies to correct recipients getting unwanted notifies is sufficient. The recipient says that spammers say the same thing about their spam, which is true of course. -- Mike Easter kibitzer, not SC admin From nospam at aol.com Fri May 12 16:27:37 2006 From: nospam at aol.com (Chris) Date: Fri May 12 10:30:02 2006 Subject: [SpamCop-List] Re: Newbie to Spamcop - Am I doing this right? References: Message-ID: Thank you for your speedy reply, Mike. As a sideline, the email address I use I have had for around six years now, and is a massive target for the spammers - I get around 100-150 spam messages per day. At one point, I was very close to deleting my email account due to this amount of unsolicited mail (and considering sending out my own mailshot telling all my contacts that I had changed email addresses). Chris "Mike Easter" wrote in message news:e424rh$4ao$1@news.spamcop.net... > Chris wrote: > >> Just wanted to check everything was OK. >> I set up an account with Spamcop, and my software (Mailwasher) seems >> to handle things pretty automatically. > > Your MW submits the spam/s to the parser/reporting tool. > >> I take it that when Spamcop replys with its Autoresponder, I have to >> click the link in the email in order to actually file a report - Is >> this right? > > The parser/reporting tool parses each spam individually and determines > the spamsource and spamvertiser provider notify addresses. That tool > also provides you with an opportunity to make comments and to 'observe' > the accuracy of the determinations from a human perspective, and then to > individually confirm or adjust each notify letter which is sent in your > 'name' ie reportid mask. > > That is the 'structure'/routine for the regular reporter who is > notifying for spamsource and spamvertisers. Each link represents each > individual spam, which represents its own assortment of notifies based > on algorithmic notify address determinations. > > > Currently in nanae I'm discussing issues in which some role address > notifications were considered 'spam' by the recipient, as the recipient > did not want to receive the notify, considered spamcop's process to be > bulk, unsolicited, and not in the interest of the recipient. I don't > agree with the recipient's definition of spam in that context, and I > believe that SC's structure for prevention and remedies to correct > recipients getting unwanted notifies is sufficient. > > The recipient says that spammers say the same thing about their spam, > which is true of course. > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Fri May 12 08:46:26 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 10:50:02 2006 Subject: [SpamCop-List] Re: Newbie to Spamcop - Am I doing this right? References: Message-ID: Chris wrote: > As a sideline, the email address I use I have had for around six > years now, and is a massive target for the spammers - I get around > 100-150 spam messages per day. Some people find that clicking on 100-150 individual SC links and 'acting on' all of those notifies gets burdensome. This is especially true if you choose to research and evaluate some collection, say a hundred or so, for 'further research'. One further research technique is to evaluate, say, the next 100 of the IP providers who are going to be notified as a spamvertiser provider. You can perform this research by taking the IP which SC provides you in the parse for the spamvertiser and 'plugging it in' to some multiple database query tool such as that at DNSStuff or openrbl. The likely discovery you will make is that a great many or nearly all of the notified providers for spamvertisers are listed in some database indicating that they are unresponsive, such a spamhaus, including its ROKSO, known spamgang operations. The 'bulletproof' concept. Spamcop's notify of an unresponsive provider about a bulletproof spamvertiser is not only toothless and useless, but some would consider it to even be counterproductive, since the reporter is providing to the blackhat cohort of the spammer/spamvertiser a copy of the evidence which is only superficially munged by the normal SC default mungeing process. Some people don't like to be notifying all of those blackhat spamvertisers toothlessly and uselessly while spending a lot of time clicking on SC links or perhaps unchecking the notifies of the blackhats. They would rather not do all of the clicking and unchecking and toothless and useless spamvertiser notifies and only spend a few seconds making the same contributions to the SCbl for spamsources by quick reporting. Personally, I think the spamcop process of notifying for spamvertisers should be made optional to the reporter -- so that the reporter could choose to devnull the spamvertiser provider notify and the spamvertiser link, whether it is resolve or unresolved, would be fed to the sc-surbl and only the spamsource provider would be notified, since the spamsource report is the only thing which has the teeth of contributing to the SCbl. > At one point, I was very close to deleting my email account due to > this amount of unsolicited mail (and considering sending out my own > mailshot telling all my contacts that I had changed email addresses). -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Fri May 12 11:22:21 2006 From: bar_n0ne at hotmail.com (Berny) Date: Fri May 12 11:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Petzl" wrote in message news:e40t1i$de4$1@news.spamcop.net... > > "Berny" wrote in message > news:e3vhef$hsl$1@news.spamcop.net... > > > >> The USa conviction will now turn on companies and those connected with > > this > >> villain to inform and convict other spammers in countries with a > > not-so-good > >> legal system, say, Russia, Nigeria, China or the like > >> > >> Petzl > >> > >> > > This is not your usual style of writing, were you tired? > > > Well yes and a cold? I thought it my "normal" rant? > > I thought possibly a drive by troll had borrowed your good name, Hope you are fine now. From ppearson at nowhere.invalid Fri May 12 16:32:20 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Fri May 12 11:35:03 2006 Subject: [SpamCop-List] Re: Newbie to Spamcop - Am I doing this right? References: Message-ID: On Fri, 12 May 2006 15:27:37 +0100, Chris wrote: [snip] > > As a sideline, the email address I use I have had for around six years now, > and is a massive target for the spammers - I get around 100-150 spam > messages per day. You might prefer to set up filters so that most of those 100-150 spams per day end up in your Held Mail folder, where the whole lot can be disposed of with two clicks (the unlabelled "select all" square, then "Report as spam"). Personally, I've configured things so that nearly all spam (and a tiny bit of non-spam) goes into the Held Mail folder, and then a Python program on my desktop uses IMAP to retrieve headers from Spamcop, look at them closely, and have Spamcop move most of the messages in Held Mail into another folder named "Spam for Sure". I can then spend a little bit of attention scanning Held Mail before reporting it, and very little attention on Spam for Sure. You can get the Python program here: http://webpages.charter.net/curryfans/peter/spamcopfilter.py -- To email me, substitute nowhere->spamcop, invalid->net. From porpoise1954 at yahoo.co.uk Fri May 12 17:58:20 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri May 12 12:00:04 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "Mike Easter" wrote in message news:e40p22$bct$1@news.spamcop.net... > Porpoise wrote: > > Those are all information about information leakage by cookie > mismanagement, not 'damage'. The article I cited discusses that and > other cookie hazards. > > 6 Drawbacks of cookies > 6.1 Inaccurate identification > 6.2 Cookie theft > 6.3 Cookie poisoning > 6.4 Cross-site cooking > >> Q.10. Do "cookies" pose any security risks?: >> http://www.w3.org/Security/Faq/wwwsf2.html >> >> DoubleClick immediately springs to mind........ > > The original question was "It offers up a cookie and I rejected it. > How much damage could the cookie have done?" Yes, well, as you probably gathered, the main thrust of my input was the cookie theft/cross-site cookie situation. I wonder how many users that have never visted doubleclick have their cookies in the cookie folder......... The thing is, not that the cookies can run malicious code, but that the user doesn't know whose/what cookies are being downloaded onto their systems. Also that if a hacker managed to get access to a HDD s/he could then have access to any login data stored in any of those cookies.......... as the info is in plain text..... From nobody at devnull.spamcop.net Fri May 12 13:28:23 2006 From: nobody at devnull.spamcop.net (James) Date: Fri May 12 12:30:03 2006 Subject: [SpamCop-List] Trying to find out cause of blacklisting Message-ID: Hi: I've been running mail servers (qmail) for about a decade, and I found out yesterday that one of them had been blacklisted by SpamCop. It was automatically delisted in 24 hours per their policy, but nobody from SpamCop has replied to my request for details of exactly why it was blacklisted. If I could get a copy of the offending message, with full headers, it would be possible to find out how/why this happened, as I don't want it to happen again. The longer the delay, the harder it's going to be to find anything in the frequently rotated logs. I have had no other reports of Spam from that server, so it makes it all the more perplexing. If somebody could point me to somebody who could help me on this, I'd appreciate it. TIA, From nospam at nospam.org Fri May 12 19:34:03 2006 From: nospam at nospam.org (Ejo) Date: Fri May 12 12:35:01 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: James wrote: > Hi: > > I've been running mail servers (qmail) for about a decade, and I found > out yesterday that one of them had been blacklisted by SpamCop. It was > automatically delisted in 24 hours per their policy, but nobody from > SpamCop has replied to my request for details of exactly why it was > blacklisted. > > If I could get a copy of the offending message, with full headers, it > would be possible to find out how/why this happened, as I don't want it > to happen again. The longer the delay, the harder it's going to be to > find anything in the frequently rotated logs. > > I have had no other reports of Spam from that server, so it makes it all > the more perplexing. If somebody could point me to somebody who could > help me on this, I'd appreciate it. > > TIA, Did you receive any abuse reports from spamcop, or do you know which IP we are talking about? From MikeE at ster.invalid Fri May 12 10:37:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 12:40:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote: > I've been running mail servers (qmail) for about a decade, and I found > out yesterday that one of them had been blacklisted by SpamCop. You could have found out a lot more information here or even all by yourself by naming the IP here then, which you didn't do, or by following the links yourself which are provided for a listed IP, which are no longer provided to the public for an unlisted IP. The other advantage of naming the IP here would be the possibility that some of us here might be able to 'guess' at the problem for some particular server. Another advantage would be that given an IP, we can say how any spamcop report about that IP would be addressed. It is also possible that if the listing were caused by hitting spamtraps alone that no address would have been provided any reports about the spamsourcing. > nobody > from SpamCop has replied to my request for details of exactly why it > was blacklisted. If it were listed for hitting spamtraps, the evidence is not provided. Also, if the form of your request were to 'dispute' the listing, that won't get you anywhere. The deputy would look at the parse for the spamtrap hits and find the spamsource to have been accurately derived, and the dispute would be ignored. An admin can make request to be notified about spamcop reports, but the admin won't get links to the evidence for spamtrap hits. Servers are most often listed because of some kind of backscatter or autoresponder behavior -- in which the server receives a spam and accepts the spam for delivery and then can't deliver the spam to the mailbox, and so then the server which has foolishly accepted a spam it can't deliver decides to create a newmail addressed to the spam's bogus >From which might be a reporter or a spamtrap.. That newmail hits a spamtrap and that abusive backscatter is spamcop reportable and contributes to the server becoming spamcop blocklisted. > If I could get a copy of the offending message, with full headers, it > would be possible to find out how/why this happened, as I don't want > it to happen again. If it hit a spamtrap, that's not going to happen. If it hit a reporter, every SC report is reported to what is presumed to be the appropriate admin to be notified. If you aren't the one, then someone else got the report with a link to the evidence. > I have had no other reports of Spam from that server, so it makes it > all the more perplexing. If somebody could point me to somebody who > could help me on this, I'd appreciate it. How did you try to contact a SC person and what is the IP of the previously listed server? -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 12 14:03:22 2006 From: nobody at devnull.spamcop.net (James) Date: Fri May 12 13:05:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "Mike Easter" wrote: > James wrote: > > > I've been running mail servers (qmail) for about a decade, and I found > > out yesterday that one of them had been blacklisted by SpamCop. > > You could have found out a lot more information here or even all by > yourself by naming the IP here then, which you didn't do, or by > following the links yourself which are provided for a listed IP, which > are no longer provided to the public for an unlisted IP. > > The other advantage of naming the IP here would be the possibility that > some of us here might be able to 'guess' at the problem for some > particular server. Another advantage would be that given an IP, we can > say how any spamcop report about that IP would be addressed. > > It is also possible that if the listing were caused by hitting spamtraps > alone that no address would have been provided any reports about the > spamsourcing. > > > nobody > > from SpamCop has replied to my request for details of exactly why it > > was blacklisted. > > If it were listed for hitting spamtraps, the evidence is not provided. > Also, if the form of your request were to 'dispute' the listing, that > won't get you anywhere. The deputy would look at the parse for the > spamtrap hits and find the spamsource to have been accurately derived, > and the dispute would be ignored. > > An admin can make request to be notified about spamcop reports, but the > admin won't get links to the evidence for spamtrap hits. > > Servers are most often listed because of some kind of backscatter or > autoresponder behavior -- in which the server receives a spam and > accepts the spam for delivery and then can't deliver the spam to the > mailbox, and so then the server which has foolishly accepted a spam it > can't deliver decides to create a newmail addressed to the spam's bogus > From which might be a reporter or a spamtrap.. > > That newmail hits a spamtrap and that abusive backscatter is spamcop > reportable and contributes to the server becoming spamcop blocklisted. > > > If I could get a copy of the offending message, with full headers, it > > would be possible to find out how/why this happened, as I don't want > > it to happen again. > > If it hit a spamtrap, that's not going to happen. If it hit a reporter, > every SC report is reported to what is presumed to be the appropriate > admin to be notified. If you aren't the one, then someone else got the > report with a link to the evidence. > > > I have had no other reports of Spam from that server, so it makes it > > all the more perplexing. If somebody could point me to somebody who > > could help me on this, I'd appreciate it. > > How did you try to contact a SC person and what is the IP of the > previously listed server? Thanks for your reply. The reason given was indeed a spamtrap, but I'm just trying to figure out what the problem is. In the past, the only time this server has had this issue is when customer CGIs were abused, so if this was the case, I wanted to track it down and deal with it (I have long since removed known problem CGIs, but customers have their own CGIs on this particular server). I tried to contact a person via the dispute page, which had a place for comments and my contact info. The offending IP was 208.8.16.10 It could be due to a misdirected bounce, but this is the first I've heard of anyone listing on a major BL due to that. We do NOT bounce email that is flagged by Spamassassin or ClamAV, but misdirected unflagged email is bounced and customers do have autoresponders. It would be good to know which, if any of those is the cause. From MikeE at ster.invalid Fri May 12 11:28:21 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 13:30:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote: > Thanks for your reply. The reason given was indeed a spamtrap, but > I'm just trying to figure out what the problem is. If it was only spamtraps, that's kinda nasty. Sometimes a deputy will 'characterize' an item for you, but s/he won't give you the whole enchilada like you would have for a reporter's evidence linked report. Currently a link to evidence about 208.8.16.10 rDNS ns1.pil.net would be sent to james pil.net which I presume is you. The SCbl delisting is so fresh that some sources say that it is still listed, but the most reliable source, the web lookup says that it actually isn't. dns 10.16.8.208.bl.spamcop.net Canonical name: 10.16.8.208.bl.spamcop.net Addresses: 127.0.0.2 says it's listed http://www.spamcop.net/w3m?action=blcheck&ip=208.8.16.10 208.8.16.10 not listed in bl.spamcop.net says it's not -- which is the most uptodate. It is also listed in a blocklist I'm not familiar with called 'solid' -- but I don't know anything about the list and I don't know what its 127.0.0.5 means dns 10.16.8.208.dnsbl.solid.net Canonical name: 10.16.8.208.dnsbl.solid.net Addresses: 127.0.0.5 and it doesn't appear to give any evidence anyway. > I tried to contact a person via the dispute page, which had a place > for comments and my contact info. The offending IP was 208.8.16.10 Yeah, it [usually] isn't actually a 'dispute' problem -- which would mean that the parser made a mistake and named an IP such as the server as a source when it should have named something else -- altho' the parser is designed to name a user IP behind the server and not the server, so if the parser is 'unfamiliar' with the server and if the server's Received tracelines are non-compliant, then the parser can 'trip' and break the chain back to the user IP prematurely. > It could be due to a misdirected bounce, but this is the first I've > heard of anyone listing on a major BL due to that. We do NOT bounce > email that is flagged by Spamassassin or ClamAV, but misdirected > unflagged email is bounced and customers do have autoresponders. It > would be good to know which, if any of those is the cause. I understand that concept. Maybe a deputy will pop in here and then she would email you some kind of characterizing information. The faq has a system for admins which also has a route to contact which starts here http://www.spamcop.net/fom-serve/cache/75.html Help for abuse-desks and administrators -- How can I contact a real person about this? And there is deputies spamcop.net -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri May 12 11:41:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 13:45:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: Mike Easter wrote: > mean that the parser made a mistake and named an IP such as the server > as a source when it should have named something else -- altho' the > parser is designed to name a user IP behind the server and not the > server, so if the parser is 'unfamiliar' with the server and if the > server's Received tracelines are non-compliant, then the parser can > 'trip' and break the chain back to the user IP prematurely. Speaking of tripping and naming a server when there's a user IP behind it.... I found a set of headers^1 which involve a Received traceline by your server which looks very noncompliant to me, and which would get your server named instead of the user which relayed thru' it. Received: from ns1.pil.net (ns1.pil.net [208.8.16.10]) by iq12.iqnection.com (Postfix) with SMTP id B55BA7E24 for ; Tue, 20 Apr 2004 15:48:25 -0400 (EDT) Received: (qmail 16043 invoked from network); 20 Apr 2004 19:51:01 -0000 Received: from unknown (HELO ambler) (151.197.26.29) by 0 with SMTP; 20 Apr 2004 19:51:01 -0000 Those headers show your server relaying for ambler 151.197.26.29 rDNS pool-151-197-26-29.phil.east.verizon.net because I believe ambler to be amblertheater.org which you provide the MX for, so I'm betting that you also provide the output for the amblertheater. That bottom line is noncompliant. SC would call the server 208.8.16.10 the source instead of the relay because the 'by' field of the bottom line is deficient as '0' instead of the domainname of the relay. If your server is still configured that way, I would fix it. ^1 http://mail-archives.apache.org/mod_mbox/spamassassin-users/200404.mbox/%3CPine.BSF.4.58L0.0404211707001.9811@richard2.pil.net%3E or http://snipurl.com/qdf0 -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Fri May 12 21:25:16 2006 From: nospam at nospam.org (Ejo) Date: Fri May 12 14:25:04 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: Mike Easter wrote: > James wrote: > >> I've been running mail servers (qmail) for about a decade, and I found >> out yesterday that one of them had been blacklisted by SpamCop. > > You could have found out a lot more information here or even all by > yourself by naming the IP here then, which you didn't do, or by > following the links yourself which are provided for a listed IP, which > are no longer provided to the public for an unlisted IP. > > The other advantage of naming the IP here would be the possibility that > some of us here might be able to 'guess' at the problem for some > particular server. Another advantage would be that given an IP, we can > say how any spamcop report about that IP would be addressed. > > It is also possible that if the listing were caused by hitting spamtraps > alone that no address would have been provided any reports about the > spamsourcing. > >> nobody >> from SpamCop has replied to my request for details of exactly why it >> was blacklisted. > > If it were listed for hitting spamtraps, the evidence is not provided. > Also, if the form of your request were to 'dispute' the listing, that > won't get you anywhere. The deputy would look at the parse for the > spamtrap hits and find the spamsource to have been accurately derived, > and the dispute would be ignored. > > An admin can make request to be notified about spamcop reports, but the > admin won't get links to the evidence for spamtrap hits. > > Servers are most often listed because of some kind of backscatter or > autoresponder behavior -- in which the server receives a spam and > accepts the spam for delivery and then can't deliver the spam to the > mailbox, and so then the server which has foolishly accepted a spam it > can't deliver decides to create a newmail addressed to the spam's bogus > From which might be a reporter or a spamtrap.. > > That newmail hits a spamtrap and that abusive backscatter is spamcop > reportable and contributes to the server becoming spamcop blocklisted. > >> If I could get a copy of the offending message, with full headers, it >> would be possible to find out how/why this happened, as I don't want >> it to happen again. > > If it hit a spamtrap, that's not going to happen. If it hit a reporter, > every SC report is reported to what is presumed to be the appropriate > admin to be notified. If you aren't the one, then someone else got the > report with a link to the evidence. > >> I have had no other reports of Spam from that server, so it makes it >> all the more perplexing. If somebody could point me to somebody who >> could help me on this, I'd appreciate it. > > How did you try to contact a SC person and what is the IP of the > previously listed server? > Mike: why are your replies so wordy? From MikeE at ster.invalid Fri May 12 12:27:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 14:30:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: Ejo wrote: > Mike: why are your replies so wordy? It is faster for me to be wordy than succinct. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Fri May 12 14:36:54 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri May 12 14:40:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , James writes: > It could be due to a misdirected bounce, but this is the first I've > heard of anyone listing on a major BL due to that. We do NOT bounce > email that is flagged by Spamassassin or ClamAV, but misdirected > unflagged email is bounced and customers do have autoresponders. So that is two possible source of the spam. You should fix them. Even if something else is the cause this time, those could be sending spam the next time. From porpoise1954 at yahoo.co.uk Fri May 12 20:44:51 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri May 12 14:50:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: "James" wrote in message news:nobody-2B2A81.13032212052006@news.cesmail.net... >> > > It could be due to a misdirected bounce, but this is the first I've > heard of anyone listing on a major BL due to that. We do NOT bounce > email that is flagged by Spamassassin or ClamAV, but misdirected > unflagged email is bounced and customers do have autoresponders. It > would be good to know which, if any of those is the cause. There is the likely "Go to Jail, do not pass go, do not collect $200 (I use dollars because I don't have a pound sign) :-) Autoresponders and why they are bad: http://www.spamcop.net/fom-serve/cache/329.html http://deliver-my-mail.sitesell.com/deliver-my-mail-3.html http://www.everything2.com/index.pl?node_id=1368408 From qcff4pqeqxogkj3 at jetable.net Fri May 12 22:17:12 2006 From: qcff4pqeqxogkj3 at jetable.net (Arne Bolen) Date: Fri May 12 15:20:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote: > We do NOT bounce email that is flagged by > Spamassassin or ClamAV, but misdirected > unflagged email is bounced A mail server should NEVER bounce email except for its own users. If you get misdirected email it should be rejected during the SMTP session. Update your qmail server or get another server. Because you let your server bounce email you deserve to be listed in SpamCop. From nobody at devnull.spamcop.net Fri May 12 13:17:58 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 12 15:20:10 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: Ejo wrote... > Mike: why are your replies so wordy? I very much prefer his current writing style and would consider shorter answers to be a Bad Thing. From nospam at nospam.org Fri May 12 22:26:56 2006 From: nospam at nospam.org (Ejo) Date: Fri May 12 15:30:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: G|_|Y |\/|AC0|\| wrote: > Ejo wrote... > >> Mike: why are your replies so wordy? > > I very much prefer his current writing style and would > consider shorter answers to be a Bad Thing. > > > Oh really? If someone doesn't understand what a tracking URL is and that you should mention an IP etc etc then I'm not going to put 30 lines of text on that. Got other things to do, sorry. Some of these answers could simply reply to a FAQ, just a hint Mike. -over- From wrx at pil.net Fri May 12 16:30:04 2006 From: wrx at pil.net (wrx@pil.net) Date: Fri May 12 15:30:10 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "Mike Easter" wrote: > Mike Easter wrote: > > > mean that the parser made a mistake and named an IP such as the server > > as a source when it should have named something else -- altho' the > > parser is designed to name a user IP behind the server and not the > > server, so if the parser is 'unfamiliar' with the server and if the > > server's Received tracelines are non-compliant, then the parser can > > 'trip' and break the chain back to the user IP prematurely. > > Speaking of tripping and naming a server when there's a user IP behind > it.... > > I found a set of headers^1 which involve a Received traceline by your > server which looks very noncompliant to me, and which would get your > server named instead of the user which relayed thru' it. > > > > Received: from ns1.pil.net (ns1.pil.net [208.8.16.10]) > by iq12.iqnection.com (Postfix) with SMTP id B55BA7E24 > for ; > Tue, 20 Apr 2004 15:48:25 -0400 (EDT) > Received: (qmail 16043 invoked from network); 20 Apr 2004 19:51:01 -0000 > Received: from unknown (HELO ambler) (151.197.26.29) > by 0 with SMTP; 20 Apr 2004 19:51:01 -0000 > > Those headers show your server relaying for ambler 151.197.26.29 rDNS > pool-151-197-26-29.phil.east.verizon.net because I believe ambler to be > amblertheater.org which you provide the MX for, so I'm betting that you > also provide the output for the amblertheater. > > That bottom line is noncompliant. SC would call the server 208.8.16.10 > the source instead of the relay because the 'by' field of the bottom > line is deficient as '0' instead of the domainname of the relay. > > If your server is still configured that way, I would fix it. That customer is allowed to relay through us, probably used POP before SMTP to authenticate as an allowed relay. They do not get their connectivity through us, obviously. Which RFC is it non-compliant with? BTW, where did you get those headers? Thanks again! From wrx at pil.net Fri May 12 16:34:02 2006 From: wrx at pil.net (wrx@pil.net) Date: Fri May 12 15:35:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "Arne Bolen" wrote: > James wrote: > > We do NOT bounce email that is flagged by > > Spamassassin or ClamAV, but misdirected > > unflagged email is bounced > > A mail server should NEVER bounce email except for its own users. If you get > misdirected email it should be rejected during the SMTP session. Update your > qmail server or get another server. > > Because you let your server bounce email you deserve to be listed in > SpamCop. As I understand it, applying the neccessary patch(es) to qmail to reject instead of bouncing email would break at least two critical functionalities, that of the .qmail-default alias, and ezmlm mailing lists that we run. At least one of these patches won't work properly with vpopmail virtual domains because of permissions issues. Can you post a link to the RFC the server is violating by bouncing email? Thanks, From tmcgraw at spamcop.net Fri May 12 13:42:38 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 12 15:45:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: Ejo wrote: > G|_|Y |\/|AC0|\| wrote: >> Ejo wrote... >> >>> Mike: why are your replies so wordy? >> >> I very much prefer his current writing style and would >> consider shorter answers to be a Bad Thing. > > Oh really? If someone doesn't understand what a tracking URL is and that > you should mention an IP etc etc then I'm not going to put 30 lines of > text on that. Got other things to do, sorry. Some of these answers could > simply reply to a FAQ, just a hint Mike. So many people end up here claiming to have read the FAQ or this page or that page and are confused or clueless or both, and so many who come here are unabashed, absolute newbies who don't know a Received header from a Web beacon. Mike's answers are completely appropriate for those situations. Lord knows I've learned quite a bit by reading ME posts over the years - far more than I've ever learned from a FAQ. If it's something I understand, I'll just skip over it. You might be well-advised to do the same. From nobody at devnull.spamcop.net Fri May 12 16:48:18 2006 From: nobody at devnull.spamcop.net (James) Date: Fri May 12 15:50:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "Mike Easter" wrote: > Mike Easter wrote: > > > mean that the parser made a mistake and named an IP such as the server > > as a source when it should have named something else -- altho' the > > parser is designed to name a user IP behind the server and not the > > server, so if the parser is 'unfamiliar' with the server and if the > > server's Received tracelines are non-compliant, then the parser can > > 'trip' and break the chain back to the user IP prematurely. > > Speaking of tripping and naming a server when there's a user IP behind > it.... > > I found a set of headers^1 which involve a Received traceline by your > server which looks very noncompliant to me, and which would get your > server named instead of the user which relayed thru' it. > > > > Received: from ns1.pil.net (ns1.pil.net [208.8.16.10]) > by iq12.iqnection.com (Postfix) with SMTP id B55BA7E24 > for ; > Tue, 20 Apr 2004 15:48:25 -0400 (EDT) > Received: (qmail 16043 invoked from network); 20 Apr 2004 19:51:01 -0000 > Received: from unknown (HELO ambler) (151.197.26.29) > by 0 with SMTP; 20 Apr 2004 19:51:01 -0000 > > Those headers show your server relaying for ambler 151.197.26.29 rDNS > pool-151-197-26-29.phil.east.verizon.net because I believe ambler to be > amblertheater.org which you provide the MX for, so I'm betting that you > also provide the output for the amblertheater. > > That bottom line is noncompliant. SC would call the server 208.8.16.10 > the source instead of the relay because the 'by' field of the bottom > line is deficient as '0' instead of the domainname of the relay. > > If your server is still configured that way, I would fix it. > > > ^1 > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200404.mbox/%3CPin > e.BSF.4.58L0.0404211707001.9811@richard2.pil.net%3E > > or http://snipurl.com/qdf0 FYI, I just noticed that that email is over 2 years old. They do not relay through that server any more..that was probably a static entry allowing them to relay, as they don't have POP accounts on that server. From nobody at devnull.spamcop.net Fri May 12 16:53:23 2006 From: nobody at devnull.spamcop.net (James) Date: Fri May 12 15:55:04 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "Porpoise" wrote: > "James" wrote in message > news:nobody-2B2A81.13032212052006@news.cesmail.net... > >> > > > > > It could be due to a misdirected bounce, but this is the first I've > > heard of anyone listing on a major BL due to that. We do NOT bounce > > email that is flagged by Spamassassin or ClamAV, but misdirected > > unflagged email is bounced and customers do have autoresponders. It > > would be good to know which, if any of those is the cause. > > There is the likely "Go to Jail, do not pass go, do not collect $200 (I use > dollars because I don't have a pound sign) :-) > > Autoresponders and why they are bad: > http://www.spamcop.net/fom-serve/cache/329.html > http://deliver-my-mail.sitesell.com/deliver-my-mail-3.html > http://www.everything2.com/index.pl?node_id=1368408 Thanks for the links...I didn't know that autoresponders had become so outre. If this is the case across the board, users should be fairly understanding when it is taken away. From qcff4pqeqxogkj3 at jetable.net Fri May 12 23:14:22 2006 From: qcff4pqeqxogkj3 at jetable.net (Arne Bolen) Date: Fri May 12 16:15:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: wrx@pil.net wrote: > As I understand it, applying the neccessary > patch(es) to qmail to reject instead of bouncing > email would break at least two critical functionalities, > that of the .qmail-default alias, and ezmlm mailing > lists that we run. At least one of these patches won't > work properly with vpopmail virtual domains > because of permissions issues. If your ezmlm mailing lists are more important for you than to stop helping the spammers to spread spam it is your choice. But you should not complain about being blacklisted. When you spread spam you deserve to be blacklisted. > Can you post a link to the RFC the server is violating by bouncing email? You are not violating any RFC but bouncing email. But you are spreading spam by doing that. Many spammers are using people like you to spread spam. Bouncing = spreading spam Rejecting = NOT spreading spam It is your choice, do you want to continue to be a spammer or not? If you choose to continue being a spammer please do not complain about being blacklisted. From tmcgraw at spamcop.net Fri May 12 14:29:32 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 12 16:30:04 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: James wrote: >> >> Autoresponders and why they are bad: >> http://www.spamcop.net/fom-serve/cache/329.html >> http://deliver-my-mail.sitesell.com/deliver-my-mail-3.html >> http://www.everything2.com/index.pl?node_id=1368408 > > Thanks for the links...I didn't know that autoresponders had become so > outre. If this is the case across the board, users should be fairly > understanding when it is taken away. James, you get the award for being the most clueful sysop to drop in here in a good while. May you live long and prosper. From MikeE at ster.invalid Fri May 12 14:45:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 16:50:04 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: G|_|Y |\/|AC0|\| wrote: > Ejo wrote... > >> Mike: why are your replies so wordy? > > I very much prefer his current writing style and would > consider shorter answers to be a Bad Thing. I have a friend who I help with some things, and I sense that I almost always 'lose him' because of my wordiness, so I have to spend about twice as much time as I normally would with my answers. The fastest thing for me to do is to just 'ramble' as a 'stream of consciousness' as if I were talking and waving my arms around. There is disorder, misspelled or rather 'wrong' words [substitute one common word for another, or apostrophe wrong] and I don't like to proofread [by the time I've rambled on for a while I'm tired of the mission] and it certainly isn't concise or terse or succinct or 'to the point.' I could 'eventually' make it so, but it would take a little over twice as long. When I give my friend a 'pure' wordy answer, he doesn't 'get it' very well at all. He may later tell me that he 'figured it out' and explains to me what he figured out which is what I had told him. So, with him, if I really want him to get it the first time, I have to do one of two things. Either I have to spend just about as much time more figuring out how to put the 'bottom line at the top' -- where I say everything I've said in the wordiness in just a few lines, like bullets, and then I put those lines at the top. Or, I create a 'graphical display' of whatever I'm talking about made of screenshots and annotations. It is faster to do the bottom line at the top, but he gets it a lot better if there are annotated screenshots. And just screenshots isn't good enough. That's a waste of time I've learned. Either annotated or not at all for the screenshots. If it gives you a clue about how he 'reads' a post or email, he also top posts. Usually. Except when he absolutely has to communicate something effectively to me - then he puts it inline. But he never trims. Oh well. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 12 15:29:58 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 12 17:30:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: Ejo wrote... > G|_|Y |\/|AC0|\| wrote: > >> Ejo wrote... >> >>> Mike: why are your replies so wordy? >> >> I very much prefer his current writing style and would >> consider shorter answers to be a Bad Thing. > > Oh really? Yes, really. > If someone doesn't understand what a tracking URL is and that you should > mention an IP etc etc ...then they will understand after reading Mike Easer's reply. > then I'm not going to put 30 lines of text on that. > Got other things to do, sorry. It isn't always about you. Just because you choose not to post comprehensive replies, that doesn't mean that Mike has to make the same choice. > Some of these answers could simply reply to a FAQ, just a hint Mike. Mike is typically replying to someone who just came back from a webpage that has very clear links to the FAQ. He is doing a public service by calmly and rationally explaining things to them that they could have found by themselves. You may not like those posts, but they are not written for your benefit, Those who Mike addresses are usually system administrators, and if you read the threads you will see that Mike's posts dare usually a great help to them. From nospam at aol.com Fri May 12 23:35:49 2006 From: nospam at aol.com (Chris) Date: Fri May 12 17:40:03 2006 Subject: [SpamCop-List] /dev/null'ing report for mole@devnull.spamcop.net Message-ID: Can you tell me what this means, please? I get it at the top of the page, whenever I click to send a report. Is it good or bad? Sorry if this is a really newbie question, but I am only just getting my head around all this. Chris From vanguard.news at yahooNIX.com Fri May 12 17:42:25 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri May 12 17:45:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Say BlueSecurity (BS) does what they claim to do. That is, say BS' function is to actually automate the process of submitting opt-out requests from its users to the source of a spam mail (or any undesirable mailing that provides for opt-out). That means users of BS must subscribe to the concept that opt-outs work; i.e., the user of BS must truly believe that opt-outs by themselves and singly will work to get them off a mailing list (that the spammer actually honors those opt-out requests) because, after all and according to BS' claims, BS will only send the single opt-out request from the user for a particular spam mail. That's not how BS is used or intended to be used but just let's say BS and its users are good netizens practicing their right to opt-out from a mailing list and that the spammers are also good netizens (which is made impossible by the fact that they spam) by honoring the opt-outs and have somewhere for all those opt-outs to go (to the spammer and not somewhere else). If BS users do not believe that single opt-outs work (which seems to be why they are using BS to provide a coordinated attack) or that the spam source does not honor those requests then BS and its users are hiding behind a cloak to disguise their punitive DOS attack as an opt-out process. Okay, so assuming BS and its users are good netizens exercising their right to opt-out and that they really believe the spammers will honor opt-outs (okay, okay, you can stop laughing now) then that means the opt-outs would be generated by the recipients of spam as fast as they got the spam or very soon thereafter. The precept of opt-outs is that you opt-out right after getting the undesirable mail (which may or may not be spam). No user goes collecting their spams over a period of hours, days, weeks, or months to then collate them so they are grouped by the same spam source and only after a long time later then goes submitting opt-outs. If they submit opt-outs, they do so right after getting the undesirable mail. You just know that is not how BS works simply because individuals separately submitting opt-outs as they receive the undesirable mails has not worked in the past to reduce spam traffic. The flood of single request opt-out traffic engendered by spam mails from a particular source from one recipient has not been sufficient to punish that source. If that had worked, no one would need BS. While getting a graph of the volume of mail traffic generated for a particular spam sent by the source is probably not available, BS has its database from which could be graphed the rate of reports and which can also be tracked for a particular spam (or for all spams for a particular source). That way you could see how fast recipients were reporting a particular mail as spam. If BS and its users were really the good netizens they claim to be then the rate of opt-out submissions from BS (by them uploading their script to their zombied hosts) would be a mirror image of the incidence graph (i.e., the reports from BS users). Okay, so there would be a shift in the graph to the right to reflect the delay in BS supposedly analyzing the spam to determine to which targets to send the opt-outs and write the script to have their zombied user hosts do the HTTP process to fill out the opt-out forms (which assumes spammers even have one - which brings up the point of what does BS do with their supposed opt-out requests when a site has no opt-out procedure). If BS were really just helping its users to automate the opt-out requests, you'd have the graph of the the users' reports for a particular spam - and the graph of BS' opt-out request traffic would be a near match to it. The users report a particular spam, there is a small delay before BS takes action so there is a short overspike when BS finally starts to send out opt-outs due the the pent up reports previously submitted, and then the spike immediately drops to match the incidence graph. Obviously that is not how BS works because that is how the volume of opt-out traffic would've occurred before BS even existed, and that volume was trivial and didn't impact spammers. So does anyone know if that is how the volume of opt-outs flow from BS (using the "good" graph where opt-out traffic from BS matches the incidence report traffic)? From what I read at their site, it is up to BS to decide when to send their opt-out requests, and it appears they are storing them up so they can then flood the target(s) all at once rather than accurately reflect the incoming volume of reports from the BS users. Recipients have the right to opt-out from mailing lists. Apparently BS users believe that opt-outs from spammers actually work. That is, opt-ing out from a spammer is, according to the BS user, a solution. Fact is, opting out has NOT been an effective solution because a single opt-out sent from a single recipient for a single incidence of a particular spam mail has no effect on a spammer and their spamvertised web site. So BS users work collectively to punish the spammer but their opt-out traffic has to be pent up so a flood of it can be slammed at the spamvertized site rather than the normal flood from users opting out that never had BS before. If the volume of opt-out requests from BS doesn't match the volume of incidence reports from BS users then BS' intent is NOT to automate the opt-out process. If the graph of BS' opt-out volume, with a small catch up spike due to the delay to analyze and script, doesn't mirror the graph of incidence reports from BS users then BS is *not* being the good netizen in helping to automate those opt-out requests. They are instead abusing opt-outs by storing them until enough are available to perform a shorter term and even larger flood against the spam source that is higher than any rate at which users would have been opting out over a longer term. Also, perhaps a BS user can clarify how the prompting works with the BS client. Does that prompt actually provide a copy of the spam (to remind the user as to what they reported to BS as spam)? Does it list the target(s) to receive the opt-out requests (so the user is the final authority in deciding who gets the opt-out requests)? Does the user get to select which one of multiple targets get the opt-out requests? How long after submitting the slam, er, opt-out request to BS does the BS user then get this prompt showing what BS has determined to be the targets (i.e., after pushing the button, how long before the user gets prompted whether or not to send the opt-out that BS crafted in its script)? Is this prompting enabled by default so the user must turn it off, or is the BS client preconfigured to perform the opt-out request without any user intervention (so it behaves as an uninterrupted zombied host)? With SpamCop, it is the *user* that is deciding to whom the abuse reports are sent, and it is sent immediately rather than being pent up to then flood the abuse desks. Even if SpamCop were enlarged to perform opt-out requests (rather then send abuse reports to the spamvertised site's webhost provider), the user is still required to validate the targets of those reports and those reports gets sent immediately. Like BS, SpamCop provides a convenience is trying to help in identifying who to contact with the abuse report, but SpamCop doesn't make the final decision. The user makes the final decision (so stupid and/or lazy users do not help SpamCop in its cause). If you opt-out, you are supposed to do so immediately for a particular mailing, not some days, weeks, or months later after piling up a bunch for a particular source and which covers many different spam mails from the same source. You opt-out when you get the mail from which you want to opt-out. In fact, marketers that do honor opt-outs (whereas spammers don't) could simply put a requirement that you MUST opt-out from their list within a short number of days after receiving their mailing (and enter a code that you must include but that code expires after so many days). So the marketer could provide an opt-out procedure but you are required to use that procedure immediately after receiving their mail and deciding that you don't want to get any more of them from that source. That would be like the in-store rebates that you must mail before 7 days elapse from when you purchase an item from that store (as opposed to the manufacturer's rebate that gives you months to mail the rebate). I've seen something about some guidelines that marketers are supposed to use but since they are establishing the guidelines then they would simply make the opt-out deadline pretty short, like a day or two. Yeah, they are conforming to the good netizen standard of providing an opt-out procedure but YOU have to exercise that opt-out within a couple days of getting their undesired mail, and any flooding of opt-outs after that point mean they will get rejected because they use-period has expired. Then any flood of opt-outs that are deliberately pent up and sent deliberately too late will obviously be perceived as a DOS attack and not simply as some attempt to cloak the DOS attack as a convenience service to submit opt-outs. The cloak gets stripped when the DOS attack is obviously flooding the webhost service long after the opt-outs have expired. That would then require BS to modify their behavior to submit the opt-outs immediately rather then store them up, and that means the flood of opt-outs that impinge the spamvertized site is no larger than the flood of opt-outs that would've have been received before BS existed. Because BS is supposedly automating the opt-out request process (which is only providing a convenience to obtain the target site(s) contained within the body of the e-mail because the user could already do that), then BS is not just for reporting spam. It is to provide a convenience tool for reporting all opt-outs. After all, BS says they are sending opt-out requests. So if only a single BS user reports a mail to have BS automate the opt-out request, does BS actually ever send that one-time, single-incidence opt-out request? Or does BS wait until some threshold count of reports for a particular mail arrive after which they then *flood* the targets with opt-outs? If BS is not submitting *every* opt-out request, even for the one-instance mails for which the user wants to opt-out, then BS is intentionally abusing the opt-out process. If BS was truly providing a convenience service to automate the submission of opt-out requests then their opt-out traffic would nearly match the incidence report traffic. Users have the right to submit opt-out requests so I have no problem with them using a tool that helps them pick out and validate the targets to where they submit those opt-out requests (and why I use SpamCop) *provided* that user is not taken out of the loop (i.e., it still remains the user's responsibility to validate the targets for their opt-out requests). However, that is not what I construe how BS is being used or how it is intended to be used. In order to flood a domain that is hosting a spamvertised web site, BS would have to pent up all those requests from the BS users and then release them all at once to perform a DOS attack against the target (and inflict harm to others in the process). While sending the opt-outs as fast as BS users requested them would also still be a flood, it probably won't be of a volume sufficient to harm the source because not all recipients of the spam are going to opt-out (only a few percentage of a spam's recipients are BS users and not all BS users are going to opt-out of every spam they receive), and BS wants to harm the source. BS wants their opt-out flood to be far larger than the normal opt-out flood from users doing their own opt-outs. Since they are capturing only a portion of all spam afflicted users that want to use the opt-out process under the belief that such a method is actually effective against spam, they need to produce a volume of traffic that is higher than when using the normal process. They would need to be sending out more than the one-opt-out-per-report quota that they claim or they need to bunch them up to slam the site within a period that is much shorter than the normal rate of opt-outs. If they don't do either then their volume is no greater than what would occur normally, anyway (and would, in fact, be smaller since they are only capturing a portion of the user that submit opt-outs). If they are the good netizen they claim to be and if they are issuing opt-outs at the same rate and volume as users are requesting BS to send opt-outs then the only benefit of BS is that is promotes users to actually submit opt-outs at all. Few users will bother opting out from a mailing list. Most fear that the opt-out will be used in reverse: instead of getting them off the spam lists, it will get them more spam because the opt-out is used by the spammer to validate correct and active e-mail addresses. While marketers want to protect their permanent site (and would honor opt-outs), spammers move around a lot, their sites are temporary, they have a huge queue of web sites ready to replace the ones that they lose (i.e., they understand and prepare for rapid attrition), and they do NOT provide an opt-out procedure (unless to validate e-mail addresses which ups the priority in spamming those). With marketers, at most BS is providing a convenience tool to determine where to submit the opt-outs (which is the same as SpamCop). With spammers, BS can cloak their action as an opt-out flood when in fact is really is just a DOS attack. If BS doesn't immediately submit the opt-outs that are reported them by BS users then BS isn't even a convenience tool against marketers who do honor opt-outs but simply degrades into a malcontent wanting to DOS a site. From nospam at aol.com Fri May 12 23:54:28 2006 From: nospam at aol.com (Chris) Date: Fri May 12 17:55:03 2006 Subject: [SpamCop-List] sortnoxington.com, and Spam Blacklist question Message-ID: My main spammer to my account has been from 'sortnoxington.com' for the past day or two. I noticed that if I was using the JWSpamSpy blacklist, then these spams would have been blocked as according to this page: http://www.joewein.de/sw/bl-log.htm . . . this domain was added to their blacklist on 3rd May. I am running MailWasher and have bl.spamcop.net blacklisting in operation, but as Sortnoxington.com domain wasn't in the list, the Spam mail got through. Does this (SC) blacklist operate at a slower rate than others? Thanks Chris From nobody at devnull.spamcop.net Fri May 12 16:13:12 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 12 18:15:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: wrote... > Arne Bolen wrote: > >> A mail server should NEVER bounce email except for its own users. If you >> get >> misdirected email it should be rejected during the SMTP session. Update >> your >> qmail server or get another server. >> >> Because you let your server bounce email you deserve to be listed in >> SpamCop. > > As I understand it, applying the neccessary patch(es) to qmail to reject > instead of bouncing email would break at least two critical > functionalities, that of the .qmail-default alias, and ezmlm mailing > lists that we run. At least one of these patches won't work properly > with vpopmail virtual domains because of permissions issues. If your software has critical functionalities that require you to send emails to random strangers just because some spammer forged their email address, then you need to throw it away and get some software that doen't force you to send email to people who didn't ask for it. > Can you post a link to the RFC the server is violating by bouncing email? Are you under the impression that the RFCs are a comprehensive list of every single undesirable behavior? No RFC says that anyone has to accept any email that you send, and I can assure you that many, many systems will reject your email if you don't figure out how to refrain from sending out email to people who have never had any contact with you. From MikeE at ster.invalid Fri May 12 16:43:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 18:45:02 2006 Subject: [SpamCop-List] Re: /dev/null'ing report for mole@devnull.spamcop.net References: Message-ID: Chris wrote: Subject: /dev/null'ing report for mole@devnull.spamcop.net > Can you tell me what this means, please? Pasting subject into the body here for this^1 reason That means that no report is being sent because you are registered as a mole reporter and the 'theoretical' report is being sent to the 'null' device -- which is nowhere. > I get it at the top of the page, whenever I click to send a report. > > Is it good or bad? The good news is that you won't be exposing any spam evidence to anyone, blackhat or whitehat, because there is no report sent. The bad news is that your spam report isn't counted toward the SC blocklist. ^1 The question or important element of a post needs to be in the body of the message 'first' or most importantly -- not just the subject. The correspondent uses the words you have expressed in the message /body/ to answer you. If the important words only appear in the subject, the correspondent or replyer has to paste the subject words down into the body to make a coherent contextualized reply. One style for guidance is to write the body /first/, and then make a subject to 'name' that body. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri May 12 16:52:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 18:55:03 2006 Subject: [SpamCop-List] Re: sortnoxington.com, and Spam Blacklist question References: Message-ID: Chris wrote: > My main spammer to my account has been from 'sortnoxington.com' for > the past day or two. 'from' is a very ambiguous term to be using about spam. Some think from means the 'From:' Some think from means the spamsource. Some think from means the spamvertiser. I recommend that we not use 'from' at all to characterize a spam unless we then proceed to further define what is the From and what is the spamsource and what is the spamvertiser -- in which case we would have been better off just characterizing the spam as to spamsource or spamvertiser and not using the word 'from' and not even talking about the From. > I noticed that if I was using the JWSpamSpy blacklist, then these > spams would have been blocked as according to this page: > > http://www.joewein.de/sw/bl-log.htm That page provides a list made of spamvertised domainnames. > . . . this domain was added to their blacklist on 3rd May. > > I am running MailWasher and have bl.spamcop.net blacklisting in > operation, bl.spamcop.net is *only* a list of spamsource IP addresses, not spamvertised names. The jwspamspy list is a completely different kind of list. There are about 260 different lists, many more important than others. The SCbl is an important list. I've never heard of jwspamspy until today. > but as Sortnoxington.com domain wasn't in the list, the > Spam mail got through. Does this (SC) blacklist operate at a slower > rate than others? There are hundreds and hundreds of different lists. The individual can configure to use whatever lists and methods they like. Choosing blocklists and creating whitelists should be designed so that you have good effectiveness and don't get goodmail in your spam. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 12 20:02:01 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri May 12 19:05:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e4232e$355$1@news.spamcop.net... > "Geoffrey Hyde" wrote in message > news:e3v8sp$cou$1@news.spamcop.net... >> >> "Vanguard" wrote in message >> news:e3uq2r$426$1@news.spamcop.net... >> >>> Not when you are vicious and attacking someone else and >>> causing collateral damage in the process. BS works through a >>> coordinated DOS attack from its zombied users. They aren't >>> just hurting the spammer. >> >> I fail to see where you have offered conclusive proof that BS >> computers are "zombied" users. From what I can see, the >> program is of a type which the user can uninstall if they >> choose to do so. If you have conclusive evidence to the >> contrary, please post it here. > > Have you read BS' own FAQ on how their service works? The user > installs a client program. The user reports a spam to BS who > will supposedly interrogate your mail by their team of > specialists. They decide who to attack, not the user. They > upload a script to the BS client on your host. BS decides what > the script will do, not the user. BS decides when to attack > and who to attack, and the user may not even be involved. That > is how zombies function. A master zombie tells slave zombies > what ... Wooffff! I seldom read posts over a few k in size, but something made me read yours (da devil made me do it!). I'm almost ashamed yet proud to say that I've read both of your missives, I mean, longish, nahh, long posts! HOW in HELL do you DO that, and still manage to be accurate? I learned a hell of a lot from you, more than I knew to ask in fact, but still found it worth reading. Anyway, although this is basically a "me too" post (which is ver-boten, I know), and I really just wanted to say that you've written a most positive and apparently well thought out response, complete with well derived opinions and background references. So now, besides my pre-existing attitude that NO ONE puts software on MY system/s for THEM to use, regardless of benefits to myself, is perfectly NOT acceptable to me in any way. Then add to that the BS collateral damages, for wont of an encompassing term, and your missives, I feel I can now much more fully and clearly explain myself to others I am discussing this subject with (not on a newsgroup - separate issue). You've put what I "felt" into verbiage I can manage to keep track of. If you're not a tech-writer, you should be! Well, assuming you could assemble a bulleted list now and again <[;-). Regards, Pop From nospam at aol.com Sat May 13 01:02:07 2006 From: nospam at aol.com (Chris) Date: Fri May 12 19:05:13 2006 Subject: [SpamCop-List] Re: /dev/null'ing report for mole@devnull.spamcop.net References: Message-ID: A bit more research and I think I can answer my own question. Since I am set up as a 'Mole', I don't do any reporting. Hopefully with my actions, I am giving more credence to Spamcops Blacklist, which is really all I hope to do. I have very little faith in getting anything done by reporting these morons to their providers. Chris "Chris" wrote in message news:e42v3b$lkm$1@news.spamcop.net... > Can you tell me what this means, please? > I get it at the top of the page, whenever I click to send a report. > > Is it good or bad? > > Sorry if this is a really newbie question, but I am only just getting my > head around all this. > > Chris > From g.hyde at bigpond.net.au Sat May 13 10:24:04 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri May 12 19:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e42vg2$ltj$1@news.spamcop.net... > Say BlueSecurity (BS) does what they claim to do. That is, say BS' > function is to actually automate the process of submitting opt-out > requests from its users to the source of a spam mail (or any undesirable > mailing that provides for opt-out). That means users of BS must My dear good Vanguard (please insert whatever title you want here) do you think you could sum up your previous two posts in 100 words or less, and still convey your meaning? >From what I can see, BS is simply a company that decided to try a unique approach to getting people off spammer's lists. Whether or not it is the RIGHT approach is still up for debate, as your rather verbose posts seem to indicate. I wonder how things would have gone if BS had redirected their DOS attack to somewhere blatantly illegal, like fbi.gov - as far as any of the posts on the incident itself can tell, it seems to have been some cooperative attempt between BS and the domain owner of the blog to stem the attacks that resulted in both BS and the blog site being temporarily inaccessible. As far as we know, BS and the blog site owner were cooperating in trying to stem the attacks, and nobody seems to have picked up on that fact. The fact that they went and took out two sites instead of one is really bad, I don't see where their reporting methods are bad, in fact, to look at it from a SC point of view, ISPs consider SC bad because they wind up on blocklists. Now the spammer knows just how those ISPs feel, thanks to BS. As to the spammers themselves I would imagine they have an entire machine dedicated to simply throwing away invalid form data, it would be quite time-consuming to handle manually. I reckon they could easily program trainable software to look for invalid data and throw it away, after all, they made the botnets and they made the program that scrapes email addresses off the internet. Cheers ... Geoffrey Hyde From nobody at nowhere.not Sat May 13 00:33:02 2006 From: nobody at nowhere.not (Robert Blair) Date: Fri May 12 19:35:03 2006 Subject: [SpamCop-List] Spmacop report not read Message-ID: http://www.spamcop.net/sc?id=z940334745za669ca835deef8cfe1c547f5e7b614 fcz Since Walker.rj is not interested in spamcop reports does anyone have a better reporting address? The reported IP is an open proxy. Automatic reply follows. Your message To: walker.rj@insightcom.com Cc: Subject: [SpamCop (74.136.215.199) id:1746139602]Insider information that brings about tremendous p.. Sent: Wed, 10 May 2006 18:51:42 -0400 was not read -- Robert Blair From MikeE at ster.invalid Fri May 12 17:52:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 12 19:55:02 2006 Subject: [SpamCop-List] Re: Spmacop report not read References: Message-ID: Robert Blair wrote: >www.spamcop.net/sc?id=z940334745za669ca835deef8cfe1c547f5e7b614 > fcz That is about the spamsource 74.136.215.199 no rDNS of INSIGHT COMM The arin contact is the walker.rj and there is no abuse.net reg'd addy. The IP is a proxytrojan hitting spamtraps and CBL listed. > Since Walker.rj is not interested in spamcop reports does anyone have > a better reporting address? The reported IP is an open proxy. It doesn't matter whether walker.rj is notified or not, the IP report is still counted toward the SCbl. And the message you see doesn't *necessarily* mean the username is not interested in SC reports -- there are other mechanisms for expressing that more clearly. What you are seeing looks like an autoresponder -- it could even be the equivalent of an 'out of office' autoack. Arin lists 'other' contacts, not necessarily better RNOCEmail: shea.j@insightcom.com RTechEmail: OrgNOCEmail: goodrum.i@insightcom.com OrgTechEmail: whois -h whois.abuse.net insightcom.com ... postmaster@insightcom.com (default, no info) > Your message > > To: walker.rj@insightcom.com > Cc: > Subject: [SpamCop (74.136.215.199) id:1746139602]Insider information > that > brings about tremendous p.. > Sent: Wed, 10 May 2006 18:51:42 -0400 > > was not read I don't know the 'meaning' of what looks like an autoresponder saying not read. You can't tell a good address from a bad address by trying a rcpt to at that server, as it answers the target address the same way it answers rcpt to a bogus addy. It could be a temporary mailbox condition. Since there isn't a better notify than the arin contact, I wouldn't bother with notifying an upstream or parent about an open proxy. If you are feeling very energetic, I suppose you could notify the other 3 arins + the default pm and the default abuse. -- Mike Easter kibitzer, not SC admin From not at home.today Sat May 13 01:58:40 2006 From: not at home.today (Ant) Date: Fri May 12 20:00:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote: [approx 2500 words in about 200 lines and 8 paragraphs] If anyone thinks Mike Easter is verbose, they ain't seen nuthin' yet! From nttp.sc.s at bigsleep.org Sat May 13 01:27:34 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 12 20:30:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: On 12 May 2006, - Mike Easter entered spamcop and left news:e42s4o$jo1$1@news.spamcop.net: > I have a friend who I help with some things, and I sense that I almost > always 'lose him' because of my wordiness, so I have to spend about > twice as much time as I normally would with my answers. > I have learned new ways of communication from reading your writing style in this group. I recently received an eMail informing me: "your contact form on this page didn't work, it said such-and-such error", and I replied: "I know, it states that it doesn't work yet right at the top of that page. Since you are probably the only one to go to that page, I figured that it wasn't a priority.", and then I rambled on about how no matter what I write or how clearly I write it, people still won't read it or "see" it. But she likes my rambling on and replies: "My real problem is is that I am now expected to be the tech and do my regular job. Doesn't leave me much time to do either, so, I skim read, clicked that pge, looked at the listed trouble shoot pgs, and for times sake tried to use the form. I learn quick, and am good at annoying people cuz I don't thoroughly read all that was there!!!! SORRY!!!! ; >" I don't waste time rambling on in here, but I appreciate that Mike does. -- | Ric | From vanguard.news at yahooNIX.com Fri May 12 21:03:05 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri May 12 21:05:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "POP" wrote in message news:e43450$oj1$1@news.spamcop.net... > If you're not a tech-writer, you should be! Well, assuming you could > assemble a bulleted list now and again <[;-). I do software QA. So I'm used to digging into products and breaking them which lets me know their weaknesses. There is much that I cannot decipher from the limited amount of info on the BS web site and too many questions unanswered about how their service and product functions and its effects. It looks like they are trying to come up with an effective solution (so they can charge for it) but, so far, it is not yet a Net-responsible one. It definitely appears to be a work in progress. I suspect their effect on e-mail or HTTP traffic volume is still so small that it goes under the radar of ISPs, webhost providers, and businesses running web sites so, for now, BS remains safe from litigation for recompense of damages caused by their coordinated DOS attack using the zombies installed on all their users' hosts. If BS enlarges their volume by getting more users and becomes emboldened to be more agressive in their tactic (like scaling up the number of opt-out requests upon recurrence of the same spam to their users' mailboxes rather than sticking with the one-per-user-opt-out-request quota), they could end up in a world of hurt in court when they harm innocents with deeper pockets who can afford the lawyers. Some ISPs already incur added expense to incorporate resources (manpower, devices, software) to avoid [D]DOS attacks or reduce their effects and since that is a direct cause of expense due to the DOS attack then the ISP could sue on civil charges for those damages (in addition to losses of [normal] use of their resources). If a entity is large enough and rich enough, they have a bevy of lawyers on retainer or employed, and they want something for all that cost, and lawyers want to earn more, so they are inclined to use the lawyers to sue the attacker provided they have reasonable proof of the attacker. Well, BS may be easily identified by their opt-out mails and the bogus mailboxes they use for their users. In fact, that may be why BS uses zombied user hosts rather than send the opt-out mails directly from their own server host(s): the victim of their DOS attack (and the innocents, too, that were the collateral damage) would see the coordinated mob of users as the "attacker" committing the DOS attack rather than of the attack emanating from BS (after all, traditionally that is why zombies are used so the perpetrator can hide behind the zombied hosts). However, should any of those users be confronted with a subpoena that were tracked as a participant in the DOS attack, I'm sure they would quickly give up BS. BS can't hide as well as other malcontents who hide that a zombie got installed on the user's host. From what I've read or heard, often ISPs don't know the identity of the attacker in a DOS attack (and even less so in a distributed DOS), but a user-instigated, BS-originated flood seems more traceable. If you hunt around the web site, you won't find any real information about the company. There is no mission statement. They never mention when they established their "company". I found articles back to June 2005 talking about BS (http://securitypronews.com/news/securitynews/spn-45-20050722SpamWarsBlueSecurityStrikesBack.html), Oct 2005 looks to be the earliest post in their forums (the Welcome post), but http://www.thewhir.com/features/Blue_Security_Unveils_Anti_Spam_Registry.cfm makes it appear their do-not-intrude registry started back around Jan 2005. They don't even have a complete web site yet (lots of links take you to an "under maintenance" page). "Eran Reshef, founder and CEO of Blue Security, says that according to the first amendment, every US citizen is entitled to be left alone" (from last link above to articles). A warm glows encompasses me knowing an Israeli company is concerned with the first amendment rights of Americans (but then that is NOT what the first amendment is about which actually seems to favor the spammer and not those trying to squelch the spammer; see http://www.usconstitution.net/const.html#Am1). So their effect and harm may still be too new, too short, and their volume still too small to be of concern to anyone yet (i.e., they are under the radar). If they take off like they think they will, and when they start becoming enough of a pest, the harmed (spammers and non-spammers alike) will probably take legal action (rather than just criticizing or retaliating against their web site). When you have people suing McDonalds when they themself dump hot coffee in their own lap (by using their thighs as a vise) or because they were too stupid to know that eating fatty food makes them fat, I really doubt there won't be lawsuits over the DOS attacks by BS since BS can be identified as the one that is coordinating the attack. According to some BS users (well, from reading articles from folks claiming to be BS users), the intent of BS is to make their now-free service to be a pay service. So, like Cloudmark did with SpamNet, BS is using/abusing their current free acccount users as unpaid, uninformed, and voluntary beta testers while they tweak their product or service to then later yank it away and make money on the spam problem. Their intent may not be as altruistic as current BS users believe, and the current BS users may find themself without that service later when BS goes commercial. There is mention that if you signup now for free that you will continue to get the service for free. However, as with any *free* service, the provider always reserves the right to change the terms of use and whatever implied contract, if any, exists between them and user (i.e., they can change their minds however they want and do whatever they want with their service). They need those free-account users so they can produce a commercially viable anti-spam service (provided they don't get stopped in their tracks by those afflicted by their DOS attacks). From nospam at nospam.org Sat May 13 05:02:46 2006 From: nospam at nospam.org (Ejo) Date: Fri May 12 22:05:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] In-Reply-To: References: Message-ID: Blammo wrote: > On 12 May 2006, - Mike Easter entered spamcop and left > news:e42s4o$jo1$1@news.spamcop.net: > >> I have a friend who I help with some things, and I sense that I almost >> always 'lose him' because of my wordiness, so I have to spend about >> twice as much time as I normally would with my answers. >> > > I have learned new ways of communication from reading your writing style in > this group. > I recently received an eMail informing me: "your contact form on this page > didn't work, it said such-and-such error", and I replied: "I know, it > states that it doesn't work yet right at the top of that page. Since you > are probably the only one to go to that page, I figured that it wasn't a > priority.", and then I rambled on about how no matter what I write or how > clearly I write it, people still won't read it or "see" it. > But she likes my rambling on and replies: > > "My real problem is is that I am now expected to be the tech and do my > regular job. Doesn't leave me much time to do either, so, I skim read, > clicked that pge, looked at the listed trouble shoot pgs, and for times > sake tried to use the form. I learn quick, and am good at annoying people > cuz I don't thoroughly read all that was there!!!! SORRY!!!! ; >" > > I don't waste time rambling on in here, but I appreciate that Mike does. Don't get me wrong, I do appreciate what Mike does, but my style is more ICAO'ize (equiv: succinct) if you know what I mean. I teach and frequently I have to explain details of procedures to our students. The details are such that it often requires them to first study a chapter that was explained in a class, or in notes or a book before they approach me. One of my problems is my "time" against "their" motivation in the topic when they approach me. I found out that the long answers for common issues don't always help, in fact, they scare students off, and that's what you want to avoid as well. What I normally do is to watch their behavior as I provide a clue. If the problem is complicated (most of them are), and, if they don't take notes of what I explain, or if the in between replies don't make sense, then I'm apparently not taken serious. Also, some replies are like, please give me the "final numbers" or better said "the answer" to the assignment. If this happens then you can be sure that they are fishing. In that case, and, depending on the circumstances you send them back since it would be unfair against others if you would help them directly. To continue would be a waste of time, and in such situations you are as a teacher better off in referring to the references, which is the equivalent of the FAQ here. This way of handling questions really saves me a lot of time on a day. Unless you want to become mister popularity not being able to do other work required for research and admin. This was my long answer for now. Ejo From tmcgraw at spamcop.net Fri May 12 22:10:27 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 13 00:15:07 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > I don't see where their reporting methods are bad, in fact, to look > at it from a SC point of view, ISPs consider SC bad because they > wind up on blocklists. As more people realize what the scbl does, I believe an increasing number of ISPs consider SC good. As for BS reporting methods, it was already demonstrated statistically that BS could not possibly do what their Web site says they do - check the spamvertized URL in every offending email. From nobody at nowhere.not Sat May 13 05:37:25 2006 From: nobody at nowhere.not (Robert Blair) Date: Sat May 13 00:40:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Fri, 12 May 2006 23:24:04 UTC, "Geoffrey Hyde" wrote: > I wonder how things would have gone if BS had redirected their DOS attack to > somewhere blatantly illegal, like fbi.gov - as far as any of the posts on > the incident itself can tell, it seems to have been some cooperative attempt > between BS and the domain owner of the blog to stem the attacks that > resulted in both BS and the blog site being temporarily inaccessible. The only site was being DOSed was BS. The reason that two sites were down was because BS redirected their DNS to point to the blog site which took it down because of the redirected DOS attack. -- Robert Blair From edb2000 at spamcop.net Fri May 12 22:51:47 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 13 00:55:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting In-Reply-To: References: Message-ID: Mike Easter wrote: > I could 'eventually' make it so, but it would take a little over twice > as long. That's much better than Mark Twain did, a mere 100% overhead compared to 1400% http://www.nytimes.com/2006/02/12/weekinreview/12word.html?ex=1147665600&en=e350ceaa680a597f&ei=5070 (NYT, try your favorite made-up bogus login information to help keep their demographics as accurate as possible): > Mark Twain, like most writers, found it easier to write long than > short. He received this telegram from a publisher: > > NEED 2-PAGE SHORT STORY TWO DAYS. > > Twain replied: > > NO CAN DO 2 PAGES TWO DAYS. CAN DO 30 PAGES 2 DAYS. NEED 30 DAYS TO > DO 2 PAGES. Mike answers very many questions in a short time. Shorter answers would require more time, which would mean fewer questions answered. Molto Bummerando. -- Don Wannit A paid SpamCop user since 1999 From nobody at nowhere.not Sat May 13 05:54:46 2006 From: nobody at nowhere.not (Robert Blair) Date: Sat May 13 00:55:11 2006 Subject: [SpamCop-List] Re: Spmacop report not read References: Message-ID: On Fri, 12 May 2006 23:52:36 UTC, "Mike Easter" wrote: > Since there isn't a better notify than the arin contact, I wouldn't > bother with notifying an upstream or parent about an open proxy. If you > are feeling very energetic, I suppose you could notify the other 3 arins > + the default pm and the default abuse. Thanks for the reply. I guess I will forget it for now and see if I get many more. If I get more I think I will try the other email addresses. -- Robert Blair From MikeE at ster.invalid Sat May 13 00:40:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 13 02:45:05 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: Ejo wrote: > What I normally do is to watch their behavior as I provide a clue. That is a big help in a face to face environment. Many long years ago when I was in college I had a job [actually small enterprise] tutoring. In that situation you can tell when you need to back up and go deeply into some basic that you tho't they already knew -- or when you can zzom right ahead and finish a problem [let them finish the problem] immediately without any intermediate steps -- or when you can instead go down some other winding road that is more complicated or unexpected and stimulating than the original problem. Custom suit the 'lesson' for the makeup of the student. > Also, some replies are like, please give me the "final numbers" or > better said "the answer" to the assignment. That problem is that very often "but this problem has to become more complicated before it gets simpler." "Don't give me the details, or how it works, just the answer." Of course, too much detail becomes, "I wanted to know what time it is, and you tell me how to build a clock." Of course, time is so relative that 'there's no such thing as what time it is, really.' > This was my long answer for now. See. It's contagious. :-) -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Sat May 13 08:00:55 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 13 03:05:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: On 12 May 2006, - Ejo entered spamcop and left news:e43enl$uso$1@news.spamcop.net: > What I normally do is to watch their behavior as I provide a clue... Of course that's one of the biggest hurdles of the Internet, you can't see the person at the other end. > To continue would be a waste of time, and in such situations you are as > a teacher better off in referring to the references, which is the > equivalent of the FAQ here. This way of handling questions really saves > me a lot of time on a day. Unless you want to become mister popularity > not being able to do other work required for research and admin. > Teach people to help themselves... that's a good plan. I do see Mike refer to the FAQ at times. The classroom isn't a very good comparison, well some elements are, but it's the students job to do research and there are time constraints, that doesn't apply here. Not to speak for Mike as to why he does or doesn't, but I believe that links are often ignored, it may seem a bit odd but even I tend to ignore most links in newsgroup messages - probably because I don't come here just to go somewhere else to read an answer. And besides, I really hate reading stuff I've already read, so if someone's posted a bunch of links in their reply, especially without any summary, and I find I've read it all before and it hasn't changed any, it's really a big waste of my time. Links are good as a reference as in "as it says here [link] ..." and links often change or even disappear. References are good, but aren't always handy and aren't required for a passing grade. I think you are right about being too wordy, though if you can't gauge the reader's response you have to take the middle ground, not too much and not too little. It's really tough to write a good tutorial, especially when one isn't required to comprehend it (as in a classroom). -- | Ric | From dws at dealing-with-spam.info Sat May 13 14:10:35 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat May 13 07:15:10 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: wrx@pil.net wrote on Fri, 12 May 2006 15:34:02 -0400: > As I understand it, applying the neccessary patch(es) to qmail to reject > instead of bouncing email would break at least two critical > functionalities, that of the .qmail-default alias, and ezmlm mailing > lists that we run. At least one of these patches won't work properly > with vpopmail virtual domains because of permissions issues. In that case, maybe you should consider using a different MTA. By allowing qmail to send bounces you are indeed observing RFC821/RFC2821, but those RFC's were drafted in a bygone era when spam wasn't the problem it is today. Nowadays, the smart thing to do is to avoid getting yourself into the situation in the first place whereby your MTA accepts mail and then, after the SMTP exchange has completed, realizes it can't deliver it. I'm not saying that you were listed for any of the following reasons in particular (not being a SC deputy I don't know any more than you about the nature of the stuff hitting SpamCop's traps), these are just examples of what your MTA should be doing in today's e-mail climate. - As far as mail sent to non-existent users is concerned there really is no excuse. Your MTA should know whether it'll accept the mail as soon as the MAIL FROM and RCPT TO data has been transmitted, and should reject the inbound mail out of hand before the DATA is even sent. - The same applies to over-quota mailboxes. The size of inbound mail is conveyed in the ESMTP handshake but of course, there's nothing to prevent spamware from lying about that like it lies about everything else. Consent to the remote server sending its DATA but don't 2xx it until you're sure the message will "fit" into the user's mailbox. 5xx it if it won't. - Infected mail should be accepted and then diverted to a "held" folder for later scrutiny, or it should be rejected straight after the DATA part of the SMTP transaction. Never send stupid "Your computer might be infected because we received a virus from your address" notifications because the sender address in viruses is virtually always forged. - The same as for viruses applies to messages detected as spam. - Messages fired off in response to inbound mail are no longer viable. This includes things such as out-of-office autoreplies, all challenge/ response systems, and mailing list management software that sends out "You must subscribe to the list first" messages in response to list traffic sent by non-members. If the MTA and associated software you're running are not able to function as described above then you *will* be listed periodically on blocklists. It is an unescapable fact of life in a world where 90% of e-mails floating around the 'Net are spam and viruses carrying forged information. From john-no-spam at no-spam.co Sat May 13 13:07:35 2006 From: john-no-spam at no-spam.co (John Loaf) Date: Sat May 13 13:10:02 2006 Subject: [SpamCop-List] Hotmail spam Message-ID: I've used Outlook Express to forward Hotmail spam to Spamcop for several years. I think with the new LIVE services I'm going to lose the use of OE with Hotmail. It was supposed to happen last year but I got a reprieve since I was actively using the Hotmail/OE combination. If I lose the use of OE I'll have to forward spam from the Hotmail web page. I have never been able to get that to work; Spamcop returns an error message that headers were missing or incomplete or something like that. Is it possible to forward spam from the Hotmail web page with different settings? I haven't been able to correct the forwarding so far. Thank you. From tmcgraw at spamcop.net Sat May 13 11:11:05 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 13 13:15:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Robert Blair wrote: > On Fri, 12 May 2006 23:24:04 UTC, "Geoffrey Hyde" > wrote: > >> I wonder how things would have gone if BS had redirected their DOS attack to >> somewhere blatantly illegal, like fbi.gov - as far as any of the posts on >> the incident itself can tell, it seems to have been some cooperative attempt >> between BS and the domain owner of the blog to stem the attacks that >> resulted in both BS and the blog site being temporarily inaccessible. > > The only site was being DOSed was BS. The reason that two sites were > down was because BS redirected their DNS to point to the blog site > which took it down because of the redirected DOS attack. http://en.wikipedia.org/wiki/Denial_of_service: > A DoS attack can be perpetrated in a number of ways. There are three basic types of attack: > > 1. consumption of computational resources, such as bandwidth, disk space, or CPU time > 2. disruption of configuration information, such as routing information > 3. disruption of physical network components BS was DoS'd, and in turn BS DoS'd an allegedly "innocent" cite. There is no argument here, move along. From tmcgraw at spamcop.net Sat May 13 11:11:52 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 13 13:15:13 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Tim McGraw wrote: > > BS was DoS'd, and in turn BS DoS'd an allegedly "innocent" cite. site. > There is no argument here, move along. Okay, okay! From nobody at devnull.spamcop.net Sat May 13 14:58:16 2006 From: nobody at devnull.spamcop.net (James) Date: Sat May 13 14:00:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: In article , "G|_|Y |\\/|AC0|\\|" wrote: > wrote... > > > Arne Bolen wrote: > > > >> A mail server should NEVER bounce email except for its own users. If you > >> get > >> misdirected email it should be rejected during the SMTP session. Update > >> your > >> qmail server or get another server. > >> > >> Because you let your server bounce email you deserve to be listed in > >> SpamCop. > > > > As I understand it, applying the neccessary patch(es) to qmail to reject > > instead of bouncing email would break at least two critical > > functionalities, that of the .qmail-default alias, and ezmlm mailing > > lists that we run. At least one of these patches won't work properly > > with vpopmail virtual domains because of permissions issues. > > If your software has critical functionalities that require you to send > emails > to random strangers just because some spammer forged their email address, > then you need to throw it away and get some software that doen't force you > to send email to people who didn't ask for it. > > > Can you post a link to the RFC the server is violating by bouncing email? > > Are you under the impression that the RFCs are a comprehensive list of every > single undesirable behavior? No RFC says that anyone has to accept any > email that you send, and I can assure you that many, many systems will > reject > your email if you don't figure out how to refrain from sending out email to > people who have never had any contact with you. I appreciate where you're coming from, it's just that these issues usually end up in RFCs sooner or later anyway. Open relays, for example. I like to think of myself as a fairly responsible and experienced email/unix sysadmin. My software doesn't require that I send emails to random strangers, although apparently that has been the end result of bouncing undeliverable email, which I thought was standard, accepted MTA behavior most of the time. I am apparently out of date, at least in the minds of SpamCop and adherents, and I can certainly understand where this can cause problems. I do however, think that my setup minimizes it to a level most people would find acceptable. If SA or CAV flags it with a high score, for example, it is not bounced, it is rejected. This was necessary for basic survival after some of the nastier worms. Believe me, I have seen the results of filtering that bounces all viruses and Spam, and the result is very ugly. In fact, didn't/doesn't AOL do this? For now, I might lower the SA score for rejecting email. Currently it rejects at a score of 15 or higher and locally filters 6 to 15. My guess is that it's this 6-15 email sent to non-existent users that's the cause of most problems. In fact, until this blacklisting, it hasn't seemed to be that big an issue. From MikeE at ster.invalid Sat May 13 12:07:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 13 14:10:03 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote: > For now, I might lower the SA score for rejecting email. Currently it > rejects at a score of 15 or higher and locally filters 6 to 15. My > guess is that it's this 6-15 email sent to non-existent users that's > the cause of most problems. In fact, until this blacklisting, it > hasn't seemed to be that big an issue. That sounds like a plan. I think the possible inadvertent rejection of a goodmail that is kinda 'funky' is a healthy step. Rejected mail isn't lost, unless it is coming from nowhere, so if someone has their wanted mail rejected, they can 'work it out' and 'de-funk' it. -- Mike Easter kibitzer, not SC admin From fljshh5sn7ov67e at jetable.com Sat May 13 21:17:48 2006 From: fljshh5sn7ov67e at jetable.com (Arne Bolen) Date: Sat May 13 14:20:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote: > I do however, think that my setup minimizes it to > a level most people would find acceptable. The only acceptable level is no bouncing at all. Your mail server can reject during SMTP session so there is no excuse not to do it. > Believe me, I have seen the results of filtering that > bounces all viruses and Spam, and the result is very ugly Despite that you choose to continue to bounce spam!!! From dws at dealing-with-spam.info Sat May 13 22:32:56 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat May 13 15:35:02 2006 Subject: [SpamCop-List] Re: Trying to find out cause of blacklisting References: Message-ID: James wrote on Sat, 13 May 2006 13:58:16 -0400: > My guess is that it's this 6-15 email sent to non-existent users > that's the cause of most problems. In fact, until this blacklisting, > it hasn't seemed to be that big an issue. If the inbound mail is being sent to non-existent users then it shouldn't even get to the stage where it's filtered by SA and CAV. If your MTA isn't capable of rejecting such mail outright then you *really* need to start using a different MTA. There really is no excuse for an MTA to allow an SMTP session to get past the RCPT TO: stage if there is no such address. From vxpy7do02 at sneakemail.com Sat May 13 17:30:19 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sat May 13 19:35:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: "John Loaf" wrote in message news:e453oo$s72$1@news.spamcop.net... > I've used Outlook Express to forward Hotmail spam to Spamcop for several > years. I think with the new LIVE services I'm going to lose the use of OE > with Hotmail. It was supposed to happen last year but I got a reprieve > since I was actively using the Hotmail/OE combination. If I lose the use > of > OE I'll have to forward spam from the Hotmail web page. I have never been > able to get that to work; Spamcop returns an error message that headers > were > missing or incomplete or something like that. Is it possible to forward > spam from the Hotmail web page with different settings? I haven't been > able > to correct the forwarding so far. > > Thank you. > > Because hotmail will not forward an e-mail as attachment , you have to create a text file to forward as and attachment. You do this by doing the following: 1) Right click on the spam in hotmail mailbox. 2) Click on copy shortcut. 3) Paste shortcut into the address box. 4) Append "&raw=disk" (no quotes). 5) Press go. 6) When screen opens showing spam details (this has not opened the spam), press Ctl-C. 7) Open WordPad. 8) Paste clipboard into WordPad. 9) "Save as" a text file 10) Repeat for each spam in your mailbox. 11) Now open a new mail in hotmail and attach the text file(s) and send THAT to SC for parsing. 12) You will receive the usual response from SC for further processing. This SOUNDS like a very long involved process but in actuality it is very fast (the key is the &raw=disk trick.) I have used this when the mail wont get into OE for f-a-a ing - normally I open all my hotmail in OE but hotmail has shut this off for new accounts, the old one still work, thank goodness. The single e-mail can have a batch of attached text files. -- A SpamCop user and forum reader, Not Admin From jg at coks.net Sat May 13 20:39:47 2006 From: jg at coks.net (jg) Date: Sat May 13 22:40:03 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: References: Message-ID: On 5/13/2006 4:30 PM anon scribbled: > "John Loaf" wrote in message > news:e453oo$s72$1@news.spamcop.net... >> I've used Outlook Express to forward Hotmail spam to Spamcop for several >> years. I think with the new LIVE services I'm going to lose the use of OE >> with Hotmail. losing OE is no disaster - try thunderbird... > > You do this by doing the following: > 1) Right click on the spam in hotmail mailbox. > > 2) Click on copy shortcut. > > 3) Paste shortcut into the address box. > > 4) Append "&raw=disk" (no quotes). > > 5) Press go. > > 6) When screen opens showing spam details (this has not opened the spam), > press Ctl-C. > > 7) Open WordPad. > > 8) Paste clipboard into WordPad. > > 9) "Save as" a text file > > 10) Repeat for each spam in your mailbox. > > 11) Now open a new mail in hotmail and attach the text file(s) and send THAT > to SC for parsing. > > 12) You will receive the usual response from SC for further processing. > > This SOUNDS like a very long involved process but in actuality it is very > fast (the key is the &raw=disk trick.) > > I have used this when the mail wont get into OE for f-a-a ing - normally I > open all my hotmail in OE but hotmail has shut this off for new accounts, > the old one still work, thank goodness. I don't use OE - what does this mean - hotmail shut off OE?? OE is an email client - yes? > > The single e-mail can have a batch of attached text files. > > > With Thunderbird, just highlight the junk, ctrl-u, ctrl-c, ctrl-w paste into SC web input box, send. next spam... From vxpy7do02 at sneakemail.com Sat May 13 21:04:02 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sat May 13 23:05:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: "jg" wrote in message news:e4652l$epv$1@news.spamcop.net... > On 5/13/2006 4:30 PM anon scribbled: > >> "John Loaf" wrote in message >> news:e453oo$s72$1@news.spamcop.net... >>> I've used Outlook Express to forward Hotmail spam to Spamcop for several >>> years. I think with the new LIVE services I'm going to lose the use of >>> OE >>> with Hotmail. > > losing OE is no disaster - try thunderbird... >> >> You do this by doing the following: >> 1) Right click on the spam in hotmail mailbox. >> >> 2) Click on copy shortcut. >> >> 3) Paste shortcut into the address box. >> >> 4) Append "&raw=disk" (no quotes). >> >> 5) Press go. >> >> 6) When screen opens showing spam details (this has not opened the spam), >> press Ctl-C. >> >> 7) Open WordPad. >> >> 8) Paste clipboard into WordPad. >> >> 9) "Save as" a text file >> >> 10) Repeat for each spam in your mailbox. >> >> 11) Now open a new mail in hotmail and attach the text file(s) and send >> THAT >> to SC for parsing. >> >> 12) You will receive the usual response from SC for further processing. >> >> This SOUNDS like a very long involved process but in actuality it is very >> fast (the key is the &raw=disk trick.) >> >> I have used this when the mail wont get into OE for f-a-a ing - normally >> I >> open all my hotmail in OE but hotmail has shut this off for new accounts, >> the old one still work, thank goodness. > > I don't use OE - what does this mean - hotmail shut off OE?? OE is an > email client - yes? > >> >> The single e-mail can have a batch of attached text files. >> >> >> > > With Thunderbird, just highlight the junk, ctrl-u, ctrl-c, ctrl-w > paste into SC web input box, send. > next spam... Can you open hotmail accounts in Thunderbird? (I am very happy with MY hotmail accounts, why change?) If so, can you send hotmail mail as forward as attachment from Thunderbird. The whole point of using OE with hotmail is that OE CAN f-a-a the mail whereas hotmail does not allow that. Prior to some months ago (before hotmail 'upgraded' their site) any hotmail account could be opened in OE - since that upgrade you cannot do that with a newly opened hotmail account. Reading several hotmail accounts via OE is very simple and does not require opening and closing each account to access the next and OE does f-a-a any mail - great for SC submittals from hotmail. -- A SpamCop user and forum reader, Not Admin From nobody at spamcop.net Sat May 13 21:15:09 2006 From: nobody at spamcop.net (N. Miller) Date: Sat May 13 23:20:02 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: <5s65vbbpr71i$.dlg@news.spamcop.net> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > I don't use OE - what does this mean - hotmail shut off OE?? OE is an > email client - yes? MSN Hotmail does not have POP3 servers. You access Hotmail accounts by using a client with HTTPMail. Only MS Outlook, and MS Outlook Express have the capability of HTTPMail access; no other client, not even Thunderbird, can access a Hotmail account. And then only for MSN Hotmail Plus accounts, or those older Hotmail accounts which were grandfathered. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From / at /.cn Sun May 14 14:37:04 2006 From: / at /.cn (Petzl) Date: Sat May 13 23:40:02 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:5s65vbbpr71i$.dlg@news.spamcop.net... > On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >> email client - yes? > > MSN Hotmail does not have POP3 servers. You access Hotmail accounts by > using a client with HTTPMail. Only MS Outlook, and MS Outlook Express > have the capability of HTTPMail access; no other client, not even > Thunderbird, can access a Hotmail account. And then only for MSN Hotmail > Plus accounts, or those older Hotmail accounts which were grandfathered. > Of course SpamCop email will download from your hotmail account for automatic sorting of legit mail from spam http://www.spamcop.net/ces/individuals.shtml I just use SpamCop Email's IMAP to drag spam to my VER page for reporting Petzl -- Check your computers security (free) From jg at coks.net Sat May 13 23:00:45 2006 From: jg at coks.net (jg) Date: Sun May 14 01:00:03 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: References: Message-ID: On 5/13/2006 8:04 PM anon scribbled: > "jg" wrote in message news:e4652l$epv$1@news.spamcop.net... >>> >> With Thunderbird, just highlight the junk, ctrl-u, ctrl-c, ctrl-w >> paste into SC web input box, send. >> next spam... forgot the ctrl-a - sequence is ctrl-u, ctrl-a, ctrl-c, ctrl-w, ->paste... > > Can you open hotmail accounts in Thunderbird? (I am very happy with MY > hotmail accounts, why change?) see > http://kb.mozillazine.org/Using_webmail_with_your_email_client then > http://kb.mozillazine.org/Using_webmail_with_your_email_client#Extension > If so, can you send hotmail mail as forward as attachment from Thunderbird. > > The whole point of using OE with hotmail is that OE CAN f-a-a the mail > whereas hotmail does not allow that. > > Prior to some months ago (before hotmail 'upgraded' their site) any hotmail > account could be opened in OE - since that upgrade you cannot do that with a > newly opened hotmail account. > > Reading several hotmail accounts via OE is very simple and does not require > opening and closing each account to access the next and OE does f-a-a any > mail - great for SC submittals from hotmail. > hotmail aside, TB f-a-a very nicely. I've never used hotmail so don't understand pop problems with hotmail... From jg at coks.net Sat May 13 23:26:53 2006 From: jg at coks.net (jg) Date: Sun May 14 01:25:02 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: <5s65vbbpr71i$.dlg@news.spamcop.net> References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: On 5/13/2006 8:15 PM N. Miller scribbled: > On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >> email client - yes? > > MSN Hotmail does not have POP3 servers. You access Hotmail accounts by > using a client with HTTPMail. Only MS Outlook, and MS Outlook Express > have the capability of HTTPMail access; no other client, not even > Thunderbird, can access a Hotmail account. And then only for MSN Hotmail > Plus accounts, or those older Hotmail accounts which were grandfathered. > I posted last msg before reading this. I'm not aware of the hotmail idiosyncrasies - never received any email from a hotmail account either, for that matter. I've always thought hotmail to be just another freebie email address... From MikeE at ster.invalid Sun May 14 00:25:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 14 02:30:04 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > MSN Hotmail does not have POP3 servers. You access Hotmail accounts by > using a client with HTTPMail. Yes. > Only MS Outlook, and MS Outlook Express > have the capability of HTTPMail access; no other client, not even > Thunderbird, can access a Hotmail account. by http mail. But Tbird can access webmail accounts, including Yahoo, Hotmail, Lycos, MailDotCom, Gmail, Libero, & AOL using its plugin described at http://webmail.mozdev.org/ There's also a forum for discussing at http://forums.mozillazine.org/viewtopic.php?t=207024 Hotmail / Yahoo Extension Beta Testing > And then only for MSN > Hotmail Plus accounts, or those older Hotmail accounts which were > grandfathered. That's a good description of the hotmail httpmail situation. I didn't know about the Tbird webmail extension until I was reading about hotmail httpmail in wikipedia just now. That wiki is amazing. http://en.wikipedia.org/wiki/Hotmail While Hotmail does not have POP3 email access, it is possible to check one's own e-mail using Microsoft Outlook and Outlook Express on PC and Microsoft Entourage on Mac, using the WebDAV protocol and an extention for Mozilla Thunderbird [5] -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Sun May 14 09:56:49 2006 From: nospam at nospam.org (Ejo) Date: Sun May 14 03:00:03 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: <5s65vbbpr71i$.dlg@news.spamcop.net> References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >> email client - yes? > > MSN Hotmail does not have POP3 servers. You access Hotmail accounts by > using a client with HTTPMail. Only MS Outlook, and MS Outlook Express > have the capability of HTTPMail access; no other client, not even > Thunderbird, can access a Hotmail account. And then only for MSN Hotmail > Plus accounts, or those older Hotmail accounts which were grandfathered. > I don't know whether this helps you, but, yahoo offers free mail accounts as well, and, it allows forwarding plus pop3 access. From dws at dealing-with-spam.info Sun May 14 12:06:39 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sun May 14 05:10:14 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: jg wrote on Sat, 13 May 2006 22:00:45 -0700: > I've never used hotmail so don't understand pop problems with hotmail... The POP problem with hotmail is the fact that hotmail doesn't provide POP3 or IMAP4 service. It's a webmail service, period. There used to be a protocol whereby you could access your hotmail account using a proprietary protocol built into OE (and *only* OE, no other MUA had it), but they shut that down. From dws at dealing-with-spam.info Sun May 14 12:07:52 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sun May 14 05:10:25 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: Ejo wrote on Sun, 14 May 2006 08:56:49 +0200: > I don't know whether this helps you, but, yahoo offers free mail > accounts as well, and, it allows forwarding plus pop3 access. As does gmail.com. From shaunaks at vsnl.net Sun May 14 15:42:49 2006 From: shaunaks at vsnl.net (Shaunak Sayta) Date: Sun May 14 05:13:03 2006 Subject: [SpamCop-List] Re: Hotmail spam Message-ID: <001301c67736$94230460$0302a8c0@syfvq52w5smynw> Out of my experience, I think gmail is the best, It allows u to download, the mail, via secure download, so no risk of getting hacked, and I just love their interface, I have a few invites, anyone wants ? From spam_hjp at yahoo.com Sun May 14 07:45:33 2006 From: spam_hjp at yahoo.com (Jim) Date: Sun May 14 06:50:04 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: <5s65vbbpr71i$.dlg@news.spamcop.net> References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >> email client - yes? > > MSN Hotmail does not have POP3 servers. You access Hotmail accounts by > using a client with HTTPMail. Only MS Outlook, and MS Outlook Express > have the capability of HTTPMail access; no other client, not even > Thunderbird, can access a Hotmail account. And then only for MSN Hotmail > Plus accounts, or those older Hotmail accounts which were grandfathered. > I use Thunderbird and I pop my hotmail into it. You need the webmail 1.0.5 and webmail hotmail 0.10.7 extentions. There are extensions also for yahoo and gmail. From john-no-spam at no-spam.co Sun May 14 11:01:07 2006 From: john-no-spam at no-spam.co (John Loaf) Date: Sun May 14 11:05:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: "John Loaf" wrote in message news:e453oo$s72$1@news.spamcop.net... > I've used Outlook Express to forward Hotmail spam to Spamcop for several > years. I think with the new LIVE services I'm going to lose the use of OE > with Hotmail. It was supposed to happen last year but I got a reprieve > since I was actively using the Hotmail/OE combination. If I lose the use of > OE I'll have to forward spam from the Hotmail web page. I have never been > able to get that to work; Spamcop returns an error message that headers were > missing or incomplete or something like that. Is it possible to forward > spam from the Hotmail web page with different settings? I haven't been able > to correct the forwarding so far. > > Thank you. > > Wouldn't you just know it. I figured out how to forward properly right after I posted the question. Hotmail was composing my forwards as Rich Text and I had to change to Plain Text. The Spamcop response spelled it out. Maybe I hadn't read the error response closely in the past. I thought I deleted the question but here it is with a discussion. I'm kinda surprised nobody mentioned Plain Text, but no matter. The spam in my Hotmail box has gone from a flood to a trickle. Somebody is doing something right. From jefferJones at not-valid-address-.invalid_com Sun May 14 12:14:44 2006 From: jefferJones at not-valid-address-.invalid_com (Jeffery Jones) Date: Sun May 14 11:15:03 2006 Subject: [SpamCop-List] IP not found ... discarding as fake Message-ID: http://www.spamcop.net/sc?id=z943514725ze5e5cb3156cbeedf6ef0870049ff803cz IP not found ... akbvci.salaryquilt.net discarding as fake: I'm seeing this fairly often - it resolves fine here. I'm assuming that the spammers just block Spamcop's nameservers. Is there an easy way to get the abuse reporting address from the IP after I look it up? Could Spamcop use some sort of distributed network of resolvers to make this harder to block? Sort of a reverse Blue Frog - volunteers could download a remote resolver utility that Spamcop could call on as a secondary resource in resolving otherwise blocked names - then cache them. From ed at noreply.com Sun May 14 18:03:57 2006 From: ed at noreply.com (ed) Date: Sun May 14 12:05:05 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: Message-ID: <20060514170357.5dd0c4e3@localhost.localdomain> On Sun, 14 May 2006 11:14:44 -0400 Jeffery Jones wrote: > http://www.spamcop.net/sc?id=z943514725ze5e5cb3156cbeedf6ef0870049ff803cz > > IP not found ... akbvci.salaryquilt.net discarding as fake: I'm > seeing this fairly often - it resolves fine here. I'm assuming that > the spammers just block Spamcop's nameservers. > > Is there an easy way to get the abuse reporting address from the IP > after I look it up? > > Could Spamcop use some sort of distributed network of resolvers to > make this harder to block? Sort of a reverse Blue Frog - > volunteers could download a remote > resolver utility that Spamcop could call on as a secondary resource in > resolving otherwise blocked names - then cache them. Hi, Depending on the size of distribution it could be subject to internal abuse -- Regards, Ed :: http://www.s5h.net proud unix person :%s/Open Source/Free Software/g :: Free DNS available From MikeE at ster.invalid Sun May 14 10:04:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 14 12:05:15 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: Message-ID: Jeffery Jones wrote: www.spamcop.net/sc?id=z943514725ze5e5cb3156cbeedf6ef0870049ff803cz > IP not found ... akbvci.salaryquilt.net discarding as fake: I'm > seeing this fairly often - it resolves fine here. I'm assuming that > the spammers just block Spamcop's nameservers. It is a complicated subject, or at least it is when I answer :-) When you can resolve, but the parser doesn't on a spamvertiser url -- sometimes the parser *can* resolve but 'chooses' not to. Sometimes the parser can't resolve -- either because of being blocked or because the url has shoddy namesservice. If you want, you can 'play with it' by asking the parser to try to resolve the naked url, not in a spam. If the parser does that, then you also get a SC recommended address. Using this example: In your tracker: Cannot resolve http://akbvci.salaryquilt.net/?35227582 Naked url: Cannot resolve http://akbvci.salaryquilt.net/?35227582 No valid email addresses found, sorry! When the parser still can't do it, you can do it yourself and you can also 'test' the dns timing of the name resolution at DNSStuff. Average of all 4 nameservers: 617ms (plus 484ms overhead). Score: F > Is there an easy way to get the abuse reporting address from the IP > after I look it up? Yes. It depends on which tools you are using. dns akbvci.salaryquilt.net 218.24.148.105 Then you lookup the IP in the appropriate RIR whois which in this case is apnic whois -h whois.apnic.net 218.24.148.105 ... inetnum: 218.24.0.0 - 218.25.255.255 descr: CNCGROUP Liaoning admin-c: CH455-AP = abuse@cnc-noc.net tech-c: GZ84-AP = abuse@online.ln.cn You can also put the naked IP into the parser and get SC's opinion, which will also tell you SC's experience with the addresses Parsing input: 218.24.148.105 host 218.24.148.105 (getting name) no name Routing details for 218.24.148.105 [refresh/show] Cached whois for 218.24.148.105 : abuse@cnc-noc.net abuse@online.ln.cn Using abuse net on abuse@cnc-noc.net abuse net cnc-noc.net = abuse@cnc-noc.net, postmaster@cnc-noc.net Using abuse net on abuse@online.ln.cn abuse net online.ln.cn = postmaster@online.ln.cn, abuse@cnc-noc.net, abuse@online.ln.cn Using best contacts postmaster@online.ln.cn abuse@cnc-noc.net postmaster@cnc-noc.net abuse@online.ln.cn postmaster@online.ln.cn bounces (1 sent : 105 bounces) Using postmaster#online.ln.cn@devnull.spamcop.net for statistical tracking. postmaster@cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. abuse@online.ln.cn bounces (1 sent : 99 bounces) Using abuse#online.ln.cn@devnull.spamcop.net for statistical tracking. Reporting addresses: abuse@cnc-noc.net You can also evaluate the IP for unresponsiveness about it being listed in spamhaus or spews 218.24.148.105/32 is listed on the Spamhaus Block List 218.24.148.105/32 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Yambo Financials. > Could Spamcop use some sort of distributed network of resolvers to > make this harder to block? IMO SC should handle the problem and the management of spamvertisers completely differently than its current strategy. I'll go into that in another post. > Sort of a reverse Blue Frog - volunteers > could download a remote resolver utility that Spamcop could call on > as a secondary resource in resolving otherwise blocked names - then > cache them. IMO the notification business for spamvertisers is a useless waste of time for a variety of reasons. And, besides, SC notification and discovery of the spamvertisers has no real teeth. All SC should be doing is giving the spamvertised sites to sc-surbl and do no notifying or resolving. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 14 11:02:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 14 13:05:03 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: Message-ID: Mike Easter wrote: > Cannot resolve http://akbvci.salaryquilt.net/?35227582 There are a couple of other things going on with that url. The path gets redirected to http://akbvci.salaryquilt.net/legalrx/?35227582 -- which doesn't actually change anything about the IP. Also, for some reason my SSpadeWin GET console can't handle the gzipped condition of the page, but websniffer can. Connect to 218.24.148.105 on port 80 ... ok GET /legalrx/?35227582 HTTP/1.1 Host: akbvci.salaryquilt.net Connection: close Accept-Encoding: gzip Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) Web-Sniffer/1.0.24 (web-sniffer.net) Referer: http://web-sniffer.net/ HTTP Response Header HTTP Status Code: HTTP/1.1 200 OK Date: Mon, 15 May 2006 05:48:15 GMT Server: Apache/2.0.53 (Fedora) ua40d987c X-Powered-By: ib8118460 Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 9252 Connection: close Content-Type: text/html; charset=iso-8859-1 Content (encoded: 9.04 KiB / decoded: 40.13 KiB) The other site is here http://62.75.178.134:8080/legalrx/images/more_info.gif 62.75.178.134 rDNS static-ip-62-75-178-134.inaddr.intergenia.de inetnum: 62.75.178.0 - 62.75.178.255 netname: SERVER4YOU-1 descr: SERVER4YOU Dedicated Server Hosting descr: http://www.server4you.de abuse-mailbox: abuse@plusserver.de 62.75.178.134/32 is listed on the Spamhaus Block List 62.75.178.134/32 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Yambo Financials. 8 April 2006: Yambo Pharmacy website, image hosts. Found 7 SBL listings for IPs under the responsibility of intergenia.de Long ROKSO page for yambo http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Yambo%20Financials > IMO the notification business for spamvertisers is a useless waste of > time for a variety of reasons. And, besides, SC notification and > discovery of the spamvertisers has no real teeth. All SC should be > doing is giving the spamvertised sites to sc-surbl and do no notifying > or resolving. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 14 11:31:06 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 14 13:35:03 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: Message-ID: Jeffery Jones wrote: X-Newsreader: Forte Agent 3.1/32.783 You are using Forte's version 3.1 and your line lengths are almost 170 chars. How does word-wrap work when I'm editing a message? http://www.forteinc.com/agent/faq.php#80C4021313F1B6A688256C1E005A25F6 Also, 3.3 is a free upgrade for everyone using 3.0 or greater. -- Mike Easter kibitzer, not SC admin From jefferJones at not-valid-address-.invalid_com Sun May 14 15:16:06 2006 From: jefferJones at not-valid-address-.invalid_com (Jeffery Jones) Date: Sun May 14 14:20:04 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: Message-ID: On Sun, 14 May 2006 09:04:57 -0700, "Mike Easter" wrote: >IMO the notification business for spamvertisers is a useless waste of >time for a variety of reasons. And, besides, SC notification and >discovery of the spamvertisers has no real teeth. All SC should be >doing is giving the spamvertised sites to sc-surbl and do no notifying >or resolving. This is a key point! I had noticed the short-lived time of the URLs and assumed that the Chinese hosters actually took them down after an SC notification. More likely, the spammers just rotate to the next one as soon as they see it show up in sc-surbl or an equivalent URL blocker. [ Sorry about the wide word wrap - I had to expand it a while back but forgot to set it back to something reasonable] From jefferJones at not-valid-address-.invalid_com Sun May 14 15:26:39 2006 From: jefferJones at not-valid-address-.invalid_com (Jeffery Jones) Date: Sun May 14 14:30:02 2006 Subject: [SpamCop-List] Re: IP not found ... discarding as fake References: <20060514170357.5dd0c4e3@localhost.localdomain> Message-ID: <6gte62hmmp9b40g2dbsicejn6ol4fqblmo@4ax.com> On Sun, 14 May 2006 17:03:57 +0100, ed wrote: >Depending on the size of distribution it could be subject to internal >abuse After thinking about this some more, I realize there is no way to secure it from feeding bad data into Spamcop. But from other messages, it sounds as though URL-reporting should go the way of the Dodo bird. From vxpy7do02 at sneakemail.com Sun May 14 12:33:45 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sun May 14 14:35:02 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: "D-W-S" wrote in message news:slrne6dsov.2auu.dws@dealing-with-spam.info... > jg wrote on Sat, 13 May 2006 22:00:45 -0700: > >> I've never used hotmail so don't understand pop problems with hotmail... > > The POP problem with hotmail is the fact that hotmail doesn't provide > POP3 or IMAP4 service. It's a webmail service, period. > > There used to be a protocol whereby you could access your hotmail > account using a proprietary protocol built into OE (and *only* OE, no > other MUA had it), but they shut that down. That is EXACTLY my point OE is the only one that does it and now it doesn't for new hm accounts - works great with accounts opened prior to the upgrade works only with PAID hm accounts added since the upgrade. -- A SpamCop user and forum reader, Not Admin From vxpy7do02 at sneakemail.com Sun May 14 12:37:05 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sun May 14 14:40:02 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: "jg" wrote in message news:e46eru$k21$1@news.spamcop.net... > On 5/13/2006 8:15 PM N. Miller scribbled: > >> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: >> >>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>> email client - yes? >> >> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >> have the capability of HTTPMail access; no other client, not even >> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >> Plus accounts, or those older Hotmail accounts which were grandfathered. >> > I posted last msg before reading this. I'm not aware of the hotmail > idiosyncrasies - never received any email from a hotmail account either, > for that matter. I've always thought hotmail to be just another freebie > email address... HM did not 'notify' anyone about the change - you just found out about it when you tried to add another hm account to OE - then you got the message that ONLY paid hm accounts could be accessed from OE. -- A SpamCop user and forum reader, Not Admin From nobody at spamcop.net Sun May 14 15:07:16 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 14 17:10:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: <1dav4gvplv1g3.dlg@news.spamcop.net> On Sun, 14 May 2006 11:37:05 -0700, anon wrote: > "jg" wrote in message news:e46eru$k21$1@news.spamcop.net... >> On 5/13/2006 8:15 PM N. Miller scribbled: >>> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: >>>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>>> email client - yes? >>> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >>> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >>> have the capability of HTTPMail access; no other client, not even >>> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >>> Plus accounts, or those older Hotmail accounts which were grandfathered. >> I posted last msg before reading this. I'm not aware of the hotmail >> idiosyncrasies - never received any email from a hotmail account either, >> for that matter. I've always thought hotmail to be just another freebie >> email address... > HM did not 'notify' anyone about the change - you just found out about it > when you tried to add another hm account to OE - then you got the message > that ONLY paid hm accounts could be accessed from OE. Actually, they _did_ send _a_ notice. Alas, I have misplaced the copy that I had received. I think I had left it on the server, where HM staff can modify/delete. It was the reason I started archiving HM notices locally; so I would have a record of changes, even if HM modified/deleted their notices. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun May 14 15:09:20 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 14 17:10:13 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: <13x109v981hnr$.dlg@news.spamcop.net> On Sun, 14 May 2006 08:56:49 +0200, Ejo wrote: > N. Miller wrote: >> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: >>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>> email client - yes? >> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >> have the capability of HTTPMail access; no other client, not even >> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >> Plus accounts, or those older Hotmail accounts which were grandfathered. > I don't know whether this helps you, but, yahoo offers free mail > accounts as well, and, it allows forwarding plus pop3 access. Not with a 'yahoo.com' account; you will need Yahoo! Mail Plus for POP3/SMTP access and forwarding if your account is '@yahoo.com'. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun May 14 15:12:20 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 14 17:15:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: <1w2nl1gezkdzy.dlg@news.spamcop.net> On Sun, 14 May 2006 06:45:33 -0400, Jim wrote: > N. Miller wrote: >> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: >>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>> email client - yes? >> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >> have the capability of HTTPMail access; no other client, not even >> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >> Plus accounts, or those older Hotmail accounts which were grandfathered. > I use Thunderbird and I pop my hotmail into it. > > You need the webmail 1.0.5 and webmail hotmail 0.10.7 extentions. > > There are extensions also for yahoo and gmail. You can't _POP_ MSN Hotmail. Period. You can use third party kludges to _HTTP_ your Hotmail; for as long as the kludges work with MSN Hotmail. They rely on HTTP tricks. The Post Office Protocol just won't work. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun May 14 15:14:52 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 14 17:20:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> Message-ID: <1enparmenebqh.dlg@news.spamcop.net> On Sun, 14 May 2006 13:37:04 +1000, Petzl wrote: > "N. Miller" wrote in message > news:5s65vbbpr71i$.dlg@news.spamcop.net... >> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: >>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>> email client - yes? >> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >> have the capability of HTTPMail access; no other client, not even >> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >> Plus accounts, or those older Hotmail accounts which were grandfathered. > Of course SpamCop email will download from your hotmail account for > automatic sorting of legit mail from spam > http://www.spamcop.net/ces/individuals.shtml > I just use SpamCop Email's IMAP to drag spam to my VER page for reporting That would be an HTTP access, not a POP3 access. You can use any browser to get into an MSN Hotmail account. You can use third party HTTP kludges to pull email from an MSN Hotmail account. Only MSFT written mail clients can access an MSN Hotmail account natively, using WebDAV. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nospam at nospam.org Mon May 15 07:07:17 2006 From: nospam at nospam.org (Ejo) Date: Mon May 15 00:10:09 2006 Subject: [SpamCop-List] Re: Hotmail spam In-Reply-To: <13x109v981hnr$.dlg@news.spamcop.net> References: <5s65vbbpr71i$.dlg@news.spamcop.net> <13x109v981hnr$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sun, 14 May 2006 08:56:49 +0200, Ejo wrote: > >> N. Miller wrote: > >>> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >>>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>>> email client - yes? > >>> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >>> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >>> have the capability of HTTPMail access; no other client, not even >>> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >>> Plus accounts, or those older Hotmail accounts which were grandfathered. > >> I don't know whether this helps you, but, yahoo offers free mail >> accounts as well, and, it allows forwarding plus pop3 access. > > Not with a 'yahoo.com' account; you will need Yahoo! Mail Plus for > POP3/SMTP access and forwarding if your account is '@yahoo.com'. > Ok, then take a @yahoo.co.uk account. Under mail options -> management -> pop access and forwarding you find what I mean. The premium service offers more storage, spam filtering etc etc. From john-no-spam at no-spam-at-all.net Mon May 15 00:13:34 2006 From: john-no-spam at no-spam-at-all.net (John Marion) Date: Mon May 15 00:15:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> <1w2nl1gezkdzy.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:1w2nl1gezkdzy.dlg@news.spamcop.net... > On Sun, 14 May 2006 06:45:33 -0400, Jim wrote: > >> N. Miller wrote: > >>> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >>>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>>> email client - yes? > >>> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >>> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >>> have the capability of HTTPMail access; no other client, not even >>> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >>> Plus accounts, or those older Hotmail accounts which were grandfathered. > >> I use Thunderbird and I pop my hotmail into it. >> >> You need the webmail 1.0.5 and webmail hotmail 0.10.7 extentions. >> >> There are extensions also for yahoo and gmail. > > You can't _POP_ MSN Hotmail. Period. You can use third party kludges to > _HTTP_ your Hotmail; for as long as the kludges work with MSN Hotmail. > They rely on HTTP tricks. The Post Office Protocol just won't work. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum Norman, you have a good understanding of Hotmail. I think there is so much confusion about POP because Hotmail and Yahoo can _fetch_ mail from POP mailboxes. Not at all the same as _being_ POP mailboxes. From nobody at devnull.spamcop.net Mon May 15 09:26:28 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 15 11:30:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: Blammo wrote... > I recently received an eMail informing me: "your contact form on this page > didn't work, it said such-and-such error", and I replied: "I know, it > states that it doesn't work yet right at the top of that page. Since you > are probably the only one to go to that page, I figured that it wasn't a > priority.", and then I rambled on about how no matter what I write or how > clearly I write it, people still won't read it or "see" it. I have sat next to users looking at a screen that says "press C key to continue" and had this conversation: "OK, now read the screen" "OK, I read it. Now what do I do?" "Do you want to ... now this is just a wild guess now .. continue?" "Yes. How do I do that?" "What does it say on the screen in front of you?" "[monotone voice] "press C key to continue." "OK, so what do you do next?" "That's what I am asking you!" "Do what it says to do on your computer screen." "What does it say for me to do?" ...and so on. Some people refuse to read things, others will read, but refuse to comprehend. And, no, this person is not impaired or handicapped. He is able to carry on an intelligent discussion about a boating magazine article, and has a degree. From vxpy7do02 at sneakemail.com Mon May 15 09:49:01 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Mon May 15 11:50:06 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> <1w2nl1gezkdzy.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:1w2nl1gezkdzy.dlg@news.spamcop.net... > On Sun, 14 May 2006 06:45:33 -0400, Jim wrote: > >> N. Miller wrote: > >>> On Sat, 13 May 2006 19:39:47 -0700, jg wrote: > >>>> I don't use OE - what does this mean - hotmail shut off OE?? OE is an >>>> email client - yes? > >>> MSN Hotmail does not have POP3 servers. You access Hotmail accounts by >>> using a client with HTTPMail. Only MS Outlook, and MS Outlook Express >>> have the capability of HTTPMail access; no other client, not even >>> Thunderbird, can access a Hotmail account. And then only for MSN Hotmail >>> Plus accounts, or those older Hotmail accounts which were grandfathered. > >> I use Thunderbird and I pop my hotmail into it. >> >> You need the webmail 1.0.5 and webmail hotmail 0.10.7 extentions. >> >> There are extensions also for yahoo and gmail. > > You can't _POP_ MSN Hotmail. Period. You can use third party kludges to > _HTTP_ your Hotmail; for as long as the kludges work with MSN Hotmail. > They rely on HTTP tricks. The Post Office Protocol just won't work. > BTW what do all these kludges DO to the headers of the mail received by hotmail. Remember that SC's parser has to find the 'source' of the spam - if you sc***w up the headers you have lost the game. -- A SpamCop user and forum reader, Not Admin > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Mon May 15 09:50:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 15 11:55:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: G|_|Y |\/|AC0|\| wrote: > "What does it say on the screen in front of you?" > > "[monotone voice] "press C key to continue." > > "OK, so what do you do next?" > > "That's what I am asking you!" That's the phenomenon of the eyes/brain being 'glazed over'. You ask yourself, "Hmmm. How come that display has no meaning/ is invisible/ to the person looking at it? What 'barrier' has interfered with the seeing/perception of the screen message?" The person behind the keyboard is 'frozen' in their condtion of being 'detached' from the machine, as opposed to be 'one' with it. They need some kind of little 'game' to introduce them to following screen instructions. Then, that following instruction experience has taught them nothing about going off on their own to find things in menus and clicking on menu items to find out what happens next -- more adventuresome or 'creative' than robotically following screen instructions. The other problem is that the computer is seemingly too 'complicated' for those who are accustomed to interfaces like the old TV set [not Tivo] or radio or stove or telephone or car. A young person who interfaces with a modern cellphone and computer games is a different animal than the oldster who expects the 'device' to 'just work' with a minimal 'exploration' by the human. The basis for the 'joke' about VCRs becoming an outdated piece of equipment without the user ever having been able to set the clock is a classic example. The very same person, let's say male, who understands intimately about how the various automobile systems work and interface separately and interdependently seems to be baffled about disparate systems or applications or interfaces on the computer, and doesn't seem to want to understand as much about what goes on 'under the hood' as they do about the car. They want the computer to 'just work' and don't want to get their knuckles busted finding out how. -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Mon May 15 09:59:24 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Mon May 15 12:00:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e4a6j4$q2q$1@news.spamcop.net... > > Blammo wrote... > >> I recently received an eMail informing me: "your contact form on this >> page >> didn't work, it said such-and-such error", and I replied: "I know, it >> states that it doesn't work yet right at the top of that page. Since you >> are probably the only one to go to that page, I figured that it wasn't a >> priority.", and then I rambled on about how no matter what I write or how >> clearly I write it, people still won't read it or "see" it. > > I have sat next to users looking at a screen that says "press C key > to continue" and had this conversation: > > "OK, now read the screen" > > "OK, I read it. Now what do I do?" > > "Do you want to ... now this is just a wild guess now .. continue?" > > "Yes. How do I do that?" > > "What does it say on the screen in front of you?" > > "[monotone voice] "press C key to continue." > > "OK, so what do you do next?" > > "That's what I am asking you!" > > "Do what it says to do on your computer screen." > > "What does it say for me to do?" > > ...and so on. Some people refuse to read things, > others will read, but refuse to comprehend. > > And, no, this person is not impaired or handicapped. > He is able to carry on an intelligent discussion about > a boating magazine article, and has a degree. > > My gut feeling is that people are used to 'reading' paper pages - when the thing they are reading says "to continue press C" that does not 'compute' as an actual 'directive'. Like reading too many mystery stories where the characters are giving directions but the reader is not 'involved' in the story. Now reading RECIPES, that is another matter entirely. I think that people are attuned to following SPOKEN directives but not directives on a page (screen or paper.) This is part of the growing up/learning experience - do what someone SAYS , follow traffic directives, ignore all else. Yes, I have had the same "what does the screen say---" experience. -- A SpamCop user and forum reader, Not Admin > > > > From tmcgraw at spamcop.net Mon May 15 10:20:46 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 15 12:25:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] In-Reply-To: References: Message-ID: Mike Easter wrote: > G|_|Y |\/|AC0|\| wrote: >> "What does it say on the screen in front of you?" >> >> "[monotone voice] "press C key to continue." >> >> "OK, so what do you do next?" >> >> "That's what I am asking you!" > > That's the phenomenon of the eyes/brain being 'glazed over'. Technical term = PEBCAK From nobody at spamcop.net Mon May 15 11:06:27 2006 From: nobody at spamcop.net (RandallW) Date: Mon May 15 13:10:03 2006 Subject: [SpamCop-List] why does "resolving link obfuscation" not follow through every time? Message-ID: Here is a piece of spam I submitted today. The spamvertised link has been found, but where is the attempt to find the host? http://www.spamcop.net/sc?id=z944682332z6cecdc8d8d61653ca1cebfb0d961447ez From MikeE at ster.invalid Mon May 15 12:19:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 15 14:20:03 2006 Subject: [SpamCop-List] Re: why does "resolving link obfuscation" not follow through every time? References: Message-ID: RandallW wrote: > Here is a piece of spam I submitted today. The spamvertised link has > been found, but where is the attempt to find the host? > www.spamcop.net/sc?id=z944682332z6cecdc8d8d61653ca1cebfb0d961447ez Different reasons different times different causes. Currently that tracker provides a resolve and an address Tracking link: http://www.nukumoyusdis.com [report history] Resolves to 59.44.127.133 Routing details for 59.44.127.133 [refresh/show] Cached whois for 59.44.127.133 : liaochengjie@lntele.com anti-spam@ns.chinanet.cn.net abuse net chinanet.cn.net = anti-spam@chinanet.cn.net, ctsummary@special.abuse.net, postmaster@chinanet.cn.net Using last resort contacts liaochengjie@lntele.com anti-spam@chinanet.cn.net ctsummary@special.abuse.net postmaster@chinanet.cn.net anti-spam@chinanet.cn.net bounces (99 sent : 99 bounces) Using anti-spam#chinanet.cn.net@devnull.spamcop.net for statistical tracking. ctsummary@special.abuse.net redirects to ct-abuse@sprint.net ct-abuse@sprint.net redirects to ct-abuse@abuse.sprint.net postmaster@chinanet.cn.net bounces (99 sent : 20164 bounces) Using postmaster#chinanet.cn.net@devnull.spamcop.net for statistical tracking. Other answers, click the news link: news://news.spamcop.net/e47kf8$a12$1@news.spamcop.net Subject: Re: IP not found ... discarding as fake Date: Sun, 14 May 2006 09:04:57 -0700 -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Mon May 15 13:04:29 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Mon May 15 15:05:08 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: "Tim McGraw" wrote in message news:e4a9ov$srl$1@news.spamcop.net... > Mike Easter wrote: >> G|_|Y |\/|AC0|\| wrote: >>> "What does it say on the screen in front of you?" >>> >>> "[monotone voice] "press C key to continue." >>> >>> "OK, so what do you do next?" >>> >>> "That's what I am asking you!" >> >> That's the phenomenon of the eyes/brain being 'glazed over'. > > Technical term = PEBCAK Excellent!!! Like the nut that holds the steering wheel. -- A SpamCop user and forum reader, Not Admin From nospam at nospam.org Mon May 15 23:02:29 2006 From: nospam at nospam.org (Ejo) Date: Mon May 15 16:05:05 2006 Subject: [SpamCop-List] Re: [Easter ramblings] In-Reply-To: References: Message-ID: anon wrote: > > "G|_|Y |\/|AC0|\|" wrote in message > news:e4a6j4$q2q$1@news.spamcop.net... >> >> Blammo wrote... >> >>> I recently received an eMail informing me: "your contact form on this >>> page >>> didn't work, it said such-and-such error", and I replied: "I know, it >>> states that it doesn't work yet right at the top of that page. Since you >>> are probably the only one to go to that page, I figured that it wasn't a >>> priority.", and then I rambled on about how no matter what I write or >>> how >>> clearly I write it, people still won't read it or "see" it. >> >> I have sat next to users looking at a screen that says "press C key >> to continue" and had this conversation: >> >> "OK, now read the screen" >> >> "OK, I read it. Now what do I do?" >> >> "Do you want to ... now this is just a wild guess now .. continue?" >> >> "Yes. How do I do that?" >> >> "What does it say on the screen in front of you?" >> >> "[monotone voice] "press C key to continue." >> >> "OK, so what do you do next?" >> >> "That's what I am asking you!" >> >> "Do what it says to do on your computer screen." >> >> "What does it say for me to do?" >> >> ...and so on. Some people refuse to read things, >> others will read, but refuse to comprehend. >> >> And, no, this person is not impaired or handicapped. >> He is able to carry on an intelligent discussion about >> a boating magazine article, and has a degree. >> >> > > > My gut feeling is that people are used to 'reading' paper pages - when > the thing they are reading says "to continue press C" that does not > 'compute' as an actual 'directive'. > > Like reading too many mystery stories where the characters are giving > directions but the reader is not 'involved' in the story. > > Now reading RECIPES, that is another matter entirely. > > I think that people are attuned to following SPOKEN directives but not > directives on a page (screen or paper.) > > This is part of the growing up/learning experience - do what someone > SAYS , follow traffic directives, ignore all else. > > Yes, I have had the same "what does the screen say---" experience. > Some examples of "what does the screen say---" experiences": Wait till your eight year old comes running into the living room, yelling, daddy daddy, what does this mean, formatting drive c? Or that phone call from the elderly lady at the Dell help desk: "Sir, I do not understand this, who is general failure and why does he require my attention?" The spoken directives will be prompt I guess. From tmcgraw at spamcop.net Mon May 15 18:36:05 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 15 20:40:02 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: SpamCop Admin wrote: > The ability to disable SpamCop's automatic response to "Quick" spam > submissions is now available as a user option. > > - Don D'Minion - SpamCop Admin - Thanks! From tmcgraw at spamcop.net Mon May 15 19:30:04 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 15 21:35:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Tim McGraw wrote: > SpamCop Admin wrote: >> The ability to disable SpamCop's automatic response to "Quick" spam >> submissions is now available as a user option. >> >> - Don D'Minion - SpamCop Admin - > > Thanks! Where? From click1510 at earthlink.net Mon May 15 19:34:43 2006 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Mon May 15 21:35:12 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "Porpoise" wrote in message news:e42bch$8ag$1@news.spamcop.net... (snip) > The thing is, not that the cookies can run malicious code, but that the > user doesn't know whose/what cookies are being downloaded onto their > systems. Also that if a hacker managed to get access to a HDD s/he could > then have access to any login data stored in any of those > cookies.......... as the info is in plain text..... LOL. There much juicier login data including passwords in the password cache in 99% of Windows systems. A hacker getting access to a HDD would not waste time with cookies when that good stuff is there for the taking. The dangers of cookies are an urban legend that is unfortunately distracting people from more serious issues. Don't confuse actual damage with privacy leaks. Anyway, even on that topic the links provided are over 5 years old, dating back from long before web services made the 3rd party cookies unnecessary for sophisticated data collection-- all they need to know they can get by having one server call a service on another one. Just MHO. C_O From nobody at devnull.spamcop.net Tue May 16 14:42:28 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue May 16 00:45:02 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Tim McGraw wrote: > Tim McGraw wrote: >> SpamCop Admin wrote: >>> The ability to disable SpamCop's automatic response to "Quick" spam >>> submissions is now available as a user option. >>> >>> - Don D'Minion - SpamCop Admin - >> Thanks! > > Where? Probably under "Quick Data Reports" - 7 down from top. From nttp.sc.s at bigsleep.org Tue May 16 06:47:46 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 16 01:50:03 2006 Subject: [SpamCop-List] Re: [Easter ramblings] References: Message-ID: On 15 May 2006, - anon entered spamcop and left news:e4a8h0$rir$1@news.spamcop.net: > Like reading too many mystery stories where the characters are giving > directions but the reader is not 'involved' in the story. > I love that analogy, boy, could I really ramble on, but it sounds like everyone that replied already knows that story. Just think of all the money and work that's gone into making the eMail system work as it does today, it's basically quite simple but with an enormous effort to keep it that way. All these bits of thought passing through miles of wire and silicon, and so many think that it just magically pops onto someone's screen, it's no wonder how they can get lost when something goes wrong, what to do? who to blame? Well, the contact form I mentioned was part of a template which used an "insecure" script that I don't use, so it just never worked. Now I could have disabled the submit button, maybe wrote a bit of Javascript for a message pop-up, wrote a more clear message, but even then I would expect somebody to say "hey, the button don't work" or "I got this message..". Maybe I should have removed the form and stuck an eMail address there, but for all that work it would be about as easy to just use a script that worked. I think it's better to do what people expect, rather than to force them down a dead-end path. This is actually something I put a lot of thought into, and if I ever get something significant done, I'll post a link. Realizing how people interact with computers is a significant part of the rewrite I'm spending the next few months on. (Intentional vagueness). -- | Ric | From nobody at spamcop.net Tue May 16 01:02:22 2006 From: nobody at spamcop.net (N. Miller) Date: Tue May 16 03:05:04 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> <13x109v981hnr$.dlg@news.spamcop.net> Message-ID: <7fe1kba3jhtq.dlg@news.spamcop.net> On Mon, 15 May 2006 06:07:17 +0200, Ejo wrote: > Ok, then take a @yahoo.co.uk account. No, thank you. I already have an @yahoo.co.jp account which does all of that. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From tmcgraw at spamcop.net Tue May 16 01:03:59 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 16 03:05:15 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Patto wrote: > Tim McGraw wrote: >> Tim McGraw wrote: >>> SpamCop Admin wrote: >>>> The ability to disable SpamCop's automatic response to "Quick" spam >>>> submissions is now available as a user option. >>>> >>>> - Don D'Minion - SpamCop Admin - >>> Thanks! >> >> Where? > > Probably under "Quick Data Reports" - 7 down from top. There's nothing under either of the two user Spamcop preference categories. There's nothing under Webmail/Mail Management/Spamcop Tools. Searching the forums for 'Quick Report data' produces two posts from 2005. I'm definitely having a PEBCAK moment. From nobody at spamcop.net Tue May 16 01:06:35 2006 From: nobody at spamcop.net (N. Miller) Date: Tue May 16 03:10:03 2006 Subject: [SpamCop-List] Re: Hotmail spam References: <5s65vbbpr71i$.dlg@news.spamcop.net> <1w2nl1gezkdzy.dlg@news.spamcop.net> Message-ID: <2ehs5nyjz964.dlg@news.spamcop.net> On Mon, 15 May 2006 08:49:01 -0700, anon wrote: > "N. Miller" wrote in message > news:1w2nl1gezkdzy.dlg@news.spamcop.net... >> You can't _POP_ MSN Hotmail. Period. You can use third party kludges to >> _HTTP_ your Hotmail; for as long as the kludges work with MSN Hotmail. >> They rely on HTTP tricks. The Post Office Protocol just won't work. > BTW what do all these kludges DO to the headers of the mail received by > hotmail. > > Remember that SC's parser has to find the 'source' of the spam - if you > sc***w up the headers you have lost the game. They add nothing to the headers. Remember, they are acting like a web browser, using HTTP GET commands, and whatever else is necessary to authenticate to the account. They just pull data from the web server holding the email, and pass it to the POP3 client. There is no SMTP activity; the kludge is just a proxy which translates POP3 commands into HTTP commands. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Tue May 16 03:29:43 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 16 03:30:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: "Tim McGraw" wrote in message news:e4bth0$u92$1@news.spamcop.net... > > There's nothing under either of the two user Spamcop preference categories. > > There's nothing under Webmail/Mail Management/Spamcop Tools. > > Searching the forums for 'Quick Report data' produces two posts from 2005. That search query is probably too restrictive, but ..... Don had posted this same Announcement in the Reporting Forum around the same time as the newsgroup posts. I just copied off his answer in the spamcop.help newsgroup about the option being available at; It's in the "Report Handling Options" section under the "Preferences" tab on the reporting server. I didn't see it, but I don't Quick-Report, actually not sure how long it's been since I used the parser for other than troubleshooting some else's issues ..??? From dws at dealing-with-spam.info Tue May 16 12:20:56 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Tue May 16 05:25:17 2006 Subject: [SpamCop-List] Reporting system down? Message-ID: Going to http://mailsc.spamcop.net/reportheld?action=heldlog results in: "Cannot log into IMAP mailserver as foo@bar.baz" I *can* log into the IMAP server from here using my mail client. Are the reporting system and the mail system no longer on speaking terms? :) From dws at dealing-with-spam.info Tue May 16 12:53:44 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Tue May 16 05:55:03 2006 Subject: [SpamCop-List] Re: Reporting system down? References: Message-ID: D-W-S wrote on Tue, 16 May 2006 11:20:56 +0200: > Are the reporting system and the mail system no longer on speaking > terms? :) Okay. 09:52 GMT and they would appear to have made up again. From not at here.invalid Tue May 16 08:51:06 2006 From: not at here.invalid (Ellen) Date: Tue May 16 08:00:18 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: SpamCop "WazoO" wrote in message news:e4bv17$v7i$1@news.spamcop.net... > "Tim McGraw" wrote in message > news:e4bth0$u92$1@news.spamcop.net... >> >> There's nothing under either of the two user Spamcop preference > categories. >> >> There's nothing under Webmail/Mail Management/Spamcop Tools. >> >> Searching the forums for 'Quick Report data' produces two posts from >> 2005. > > That search query is probably too restrictive, but ..... > > Don had posted this same Announcement in the Reporting Forum > around the same time as the newsgroup posts. I just copied off > his answer in the spamcop.help newsgroup about the option > being available at; > > It's in the "Report Handling Options" section under the "Preferences" > tab on the reporting server. > > I didn't see it, but I don't Quick-Report, actually not sure > how long it's been since I used the parser for other than > troubleshooting some else's issues ..??? > > Seems to appear only if the "grant quick" flag has been set on the user account preferences. Ellen SpamCop From not at here.invalid Tue May 16 08:51:14 2006 From: not at here.invalid (Ellen) Date: Tue May 16 08:00:30 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: SpamCop "WazoO" wrote in message news:e4bv17$v7i$1@news.spamcop.net... > "Tim McGraw" wrote in message > news:e4bth0$u92$1@news.spamcop.net... >> >> There's nothing under either of the two user Spamcop preference > categories. >> >> There's nothing under Webmail/Mail Management/Spamcop Tools. >> >> Searching the forums for 'Quick Report data' produces two posts from >> 2005. > > That search query is probably too restrictive, but ..... > > Don had posted this same Announcement in the Reporting Forum > around the same time as the newsgroup posts. I just copied off > his answer in the spamcop.help newsgroup about the option > being available at; > > It's in the "Report Handling Options" section under the "Preferences" > tab on the reporting server. > > I didn't see it, but I don't Quick-Report, actually not sure > how long it's been since I used the parser for other than > troubleshooting some else's issues ..??? > > Seems to appear only if the "grant quick" flag has been set on the user account preferences. Ellen SpamCop From nospam at nospam.org Tue May 16 16:06:39 2006 From: nospam at nospam.org (Ejo) Date: Tue May 16 09:10:03 2006 Subject: [SpamCop-List] Nothing is reported Message-ID: All spam submitted from held mail goes into the reporting system but it is not processed any longer since 8 AM this morning. What is going on? Ejo From nospam at nospam.org Tue May 16 16:27:17 2006 From: nospam at nospam.org (Ejo) Date: Tue May 16 09:30:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Ellen wrote: > SpamCop > "WazoO" wrote in message > news:e4bv17$v7i$1@news.spamcop.net... >> "Tim McGraw" wrote in message >> news:e4bth0$u92$1@news.spamcop.net... >>> There's nothing under either of the two user Spamcop preference >> categories. >>> There's nothing under Webmail/Mail Management/Spamcop Tools. >>> >>> Searching the forums for 'Quick Report data' produces two posts from >>> 2005. >> That search query is probably too restrictive, but ..... >> >> Don had posted this same Announcement in the Reporting Forum >> around the same time as the newsgroup posts. I just copied off >> his answer in the spamcop.help newsgroup about the option >> being available at; >> >> It's in the "Report Handling Options" section under the "Preferences" >> tab on the reporting server. >> >> I didn't see it, but I don't Quick-Report, actually not sure >> how long it's been since I used the parser for other than >> troubleshooting some else's issues ..??? >> >> > > Seems to appear only if the "grant quick" flag has been set on the user > account preferences. > If we can't report at the moment, is it then due to the fact that this flag has been set. Can't turn in my reports at the moment. Ejo From kenbrody at spamcop.net Tue May 16 11:53:23 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue May 16 12:25:03 2006 Subject: [SpamCop-List] Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: Message-ID: <4469E763.778E59E8@spamcop.net> Mike Easter wrote: > > Rich Bless wrote: > > > Anyone know how I can track down > > 1-803-201-4567 ? > > 803 SC Columbia, central > Searching for area code 803, prefix 201: Not Found... I, too, get "201 is an Invalid Prefix in area code 803". > Sometimes telemarketers and others use FAKE information. Therefore that > is probably why the area code and prefix combination you are looking for > was "not found" on our database. > > That's what my info sources say. What I'd like to know is how they convinced the telco to pass false caller ID data to the recipient. (I sometimes get "999-999-9999".) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From bar_n0ne at hotmail.com Tue May 16 13:14:03 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue May 16 13:15:03 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: <4469E763.778E59E8@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:4469E763.778E59E8@spamcop.net... SNIP > What I'd like to know is how they convinced the telco to pass false > caller ID data to the recipient. (I sometimes get "999-999-9999".) Well I can't answer that question, but when my wife or daughter call with skype from the Middle East, it registers as 000 123-4567 on the CNID. And I keep hearing it is trivial to fake the CNID,, which is apparently what most FAX spammers do. From not at here.invalid Tue May 16 15:43:14 2006 From: not at here.invalid (Ellen) Date: Tue May 16 14:55:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: "Ejo" wrote in message news:e4cjvm$cap$1@news.spamcop.net... >> > > If we can't report at the moment, is it then due to the fact that this > flag has been set. Can't turn in my reports at the moment. > I am not 100% sure what you are asking. What is happening when you try to forward or paste spam? It might be better if you would describe the problem in detail and include your SC registered email address and write to Don at service@admin.spamcop.net so he can look at your account. Ellen SpamCop From Someone at invalid.foo Tue May 16 21:18:02 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Tue May 16 15:20:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: "Ellen" wrote in message news:e4d71g$of2$1@news.spamcop.net... > > "Ejo" wrote in message > news:e4cjvm$cap$1@news.spamcop.net... >>> >> >> If we can't report at the moment, is it then due to the fact that this >> flag has been set. Can't turn in my reports at the moment. >> > > > I am not 100% sure what you are asking. What is happening when you try to > forward or paste spam? It might be better if you would describe the > problem in detail and include your SC registered email address and write > to Don at service@admin.spamcop.net so he can look at your account. > > Ellen > SpamCop > I was **annoyed** to find that my quick reporting replies had been turned OFF without any consultation. I believe you should leave the default configuration of on. For one, I'm sad enough to actually check the quick reporting replies to spot any condiut between spam received. Regards From eschrama at spamcop.net Tue May 16 22:41:03 2006 From: eschrama at spamcop.net (Ejo) Date: Tue May 16 15:45:02 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Ellen wrote: > "Ejo" wrote in message > news:e4cjvm$cap$1@news.spamcop.net... >> If we can't report at the moment, is it then due to the fact that this >> flag has been set. Can't turn in my reports at the moment. >> > > > I am not 100% sure what you are asking. What is happening when you try to > forward or paste spam? It might be better if you would describe the problem > in detail and include your SC registered email address and write to Don at > service@admin.spamcop.net so he can look at your account. > > Ellen > SpamCop > > Dear Ellen, I have been in contact with Don at service@admin.spamcop.net. The point remains that all my quick reporting attempts seem to remain in vain. My reported spam ends up at the spamcop reporting server, but it says that no reports are filed, my conclusion is that nothing happens. The only way for me to report spam at this moment is the manual option. I really appreciated that quick reporting status but I can't use it at the moment. Thank you. Ejo (eschrama@spamcop.net) From MikeE at ster.invalid Tue May 16 14:27:38 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 16 16:30:02 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: <4469E763.778E59E8@spamcop.net> Message-ID: Berny wrote: > And I keep hearing it is trivial to fake the CNID,, which is > apparently what most FAX spammers do. Which is one of the things that the FCC uses to treble damages and fines for the junxers when they /do/ get nailed. It is also often interpreted by the courts to which junxers are taken by the junxees to allow trebling the allowable 'damages' which the plaintiff is granted from $500 per junx to $1500. Where junx = junk fax, just like spam = ub junk email. -- Mike Easter kibitzer, not SC admin From not at here.invalid Tue May 16 18:13:41 2006 From: not at here.invalid (Ellen) Date: Tue May 16 17:15:04 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: "Ejo" wrote in message news:e4d9sh$qkj$1@news.spamcop.net... > Ellen wrote: >> "Ejo" wrote in message >> news:e4cjvm$cap$1@news.spamcop.net... >>> If we can't report at the moment, is it then due to the fact that this >>> flag has been set. Can't turn in my reports at the moment. >>> >> >> >> I am not 100% sure what you are asking. What is happening when you try to >> forward or paste spam? It might be better if you would describe the >> problem in detail and include your SC registered email address and write >> to Don at service@admin.spamcop.net so he can look at your account. >> >> Ellen >> SpamCop > > Dear Ellen, > > I have been in contact with Don at service@admin.spamcop.net. The point > remains that all my quick reporting attempts seem to remain in vain. My > reported spam ends up at the spamcop reporting server, but it says that no > reports are filed, my conclusion is that nothing happens. The only way for > me to report spam at this moment is the manual option. I really > appreciated that quick reporting status but I can't use it at the moment. > > Thank you. > > Ejo Log into your account and click preferences and turn off the new "no reports" feature. Ellen SpamCop From not at here.invalid Tue May 16 18:16:35 2006 From: not at here.invalid (Ellen) Date: Tue May 16 17:20:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: "Someone who hates spam" wrote in message news:e4d8hh$pkk$1@news.spamcop.net... >> > > I was **annoyed** to find that my quick reporting replies had been turned > OFF without any consultation. > > I believe you should leave the default configuration of on. > > For one, I'm sad enough to actually check the quick reporting replies to > spot any condiut between spam received. > I agree, I will see what I can do about that. I am also hearing -- and this may be your problem -- that with the flag set to no quick reporting replies the system may not be processing the submitted spams. Ellen SpamCop From MikeE at ster.invalid Tue May 16 15:31:46 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 16 17:35:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: Message-ID: Ellen wrote: > I agree, I will see what I can do about that. I am also hearing -- > and this may be your problem -- that with the flag set to no quick > reporting replies the system may not be processing the submitted > spams. Now /there's/ one way to not have to get replies - no reports. I knew there was something wrong with the idea of no replies besides not being able to check and make sure the reporting was being performed properly -- there's also no way to know the submit didn't get lost or that the parser didn't get 'lost'. It seems like a generally bad idea to turn off quick report replies. I can think of some other things that would be better to turn off or make user configurable, like resolving and notifying spamvertiser providers. Let the reporter configure if s/he wants to resolve and notify spamvertiser providers or if s/he would rather just notify the devnull for the name and feed the spamvertiser to the sc-surbl. That way the sc-surbl wouldn't be losing so many spamvertisers that SC doesn't resolve and that way the reporters wouldn't be feeding evidence to so many spamvertiser provider blackhats. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Tue May 16 17:50:45 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue May 16 17:55:03 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: <4469E763.778E59E8@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e4dcjm$sev$1@news.spamcop.net... > Berny wrote: > > > And I keep hearing it is trivial to fake the CNID,, which is > > apparently what most FAX spammers do. > > Which is one of the things that the FCC uses to treble damages and fines > for the junxers when they /do/ get nailed. > > It is also often interpreted by the courts to which junxers are taken by > the junxees to allow trebling the allowable 'damages' which the > plaintiff is granted from $500 per junx to $1500. > > Where junx = junk fax, just like spam = ub junk email. > > -- > Mike Easter > kibitzer, not SC admin > Question, Short of asking for a pen register on their line, which requires a court order*, how does the common citizen determine the junx sender in order to sue? *(AFAIK and IANAL) From MikeE at ster.invalid Tue May 16 16:24:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 16 18:25:03 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: <4469E763.778E59E8@spamcop.net> Message-ID: Berny wrote: > > Question, Short of asking for a pen register on their line, which > requires a court order*, how does the common citizen determine the > junx sender in order to sue? You can sue the faxvertiser; you can sue the faxblaster as a johndoe and get the faxvertiser to throw the blaster over. That is, in regular court, not small claims. Some can even recognize the fax 'fingerprints' of common faxblasters who conceal numbers. Those are civil remedies. You can also get the cooperation of the telco, I've talked to them. You interact with local LE who can 'aid' the telco in taking the necessary steps without any big court order. There are laws about telephonic misbehaviors - so LE gets into it because a law is being broken, then you get LE to get the telco to help you. The telco wants to help you, they just have to obey the law. Junx suers who are good at it, which includes both attorneys and non-attorneys who have honed their skills at successfully suing junxers, hangout in mailing lists and correspond about junx and have private website resources to discuss and share strategies and information away from the prying eyes of the junxers who are always snooping on the strategists. I used to lurk on a junkfax mailing list, but I haven't in years. Going after junxers is considerably more lucrative than going after spammers. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Tue May 16 18:49:37 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue May 16 18:50:02 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) References: <4469E763.778E59E8@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e4djer$11j$1@news.spamcop.net... Snip > I used to lurk on a junkfax mailing list, but I haven't in years. Going > after junxers is considerably more lucrative than going after spammers. > > -- > Mike Easter > kibitzer, not SC admin > Sounds like it's a cottage industry. Interesting. Thanks. Fortunately I don't have a FAX, and wether $DAYJOB has a junx problem I wouldn't know,. the incoming Fax Machines are far from me. From tmcgraw at spamcop.net Tue May 16 16:52:42 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 16 18:55:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Mike Easter wrote: > Ellen wrote: > >> I agree, I will see what I can do about that. I am also hearing -- >> and this may be your problem -- that with the flag set to no quick >> reporting replies the system may not be processing the submitted >> spams. > > Now /there's/ one way to not have to get replies - no reports. The kind of Quick Reporting data reports I'm talking about are the ones where SC sends you a "roundup" of all the spams reported when you last clicked "Quick - report immediately and trash." I don't need it nor want it - I know they are reported when the Held Mail screen lists their message numbers and status: Submitted message 72576 for reporting Moved message 72576 to trash Submitted message 72577 for reporting Moved message 72577 to trash Submitted message 72578 for reporting Moved message 72578 to trash Submitted message 72579 for reporting Moved message 72579 to trash From tmcgraw at spamcop.net Tue May 16 18:01:02 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 16 20:05:02 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: SpamCop Admin wrote: > > Sorry for all the trouble. I was really excited about seeing the > feature finally come alive... and now this. To quote Bloom County, it's no skin off my stiff upper lip! From nobody at devnull.spamcop.net Wed May 17 12:10:24 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue May 16 22:15:02 2006 Subject: [SpamCop-List] Not reported Message-ID: http://mailsc.spamcop.net/sc?id=z945992996zb686ed6d071cec88b56073ea9b5f4fd6z "ISP has indicated spam will cease; ISP resolved this issue sometime after 2006?5?17? 10:42:52 +0900" Is this the reason that no report is sent, even for the spamvertized porn site http://yaii.net/htm ? From scamper at trisk.com Tue May 16 21:35:21 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Tue May 16 22:40:03 2006 Subject: [SpamCop-List] Re: Not reported In-Reply-To: References: Message-ID: Patto wrote: > http://mailsc.spamcop.net/sc?id=z945992996zb686ed6d071cec88b56073ea9b5f4fd6z > > > "ISP has indicated spam will cease; ISP resolved this issue sometime > after 2006?5?17? 10:42:52 +0900" > > Is this the reason that no report is sent, even for the spamvertized > porn site http://yaii.net/htm ? In my opinion: That message means that the date stamp on the last accepted received header line in the parser on the spam you submitted predates when spamcop was notified by the ISP that the issue was resolved. Because of this, there is no point in reporting abuse that pre-dates the resolution of the spam problem by the ISP. If you get spam that is newer than that, I think the parser will still report it because it would then be a new issue. Example: Converting the date on the last received header to UTC to illustrate the point: date -ud 'Tue, 16 May 2006 13:35:24 -0400' Tue May 16 17:35:24 UTC 2006 The parse said: ISP has indicated spam will cease; ISP resolved this issue sometime after Tuesday, May 16, 2006 7:42:52 PM -0600 Message is 8 hours old Converting that date to UTC: date -ud 'May 16, 2006 19:42:52 -0600' Wed May 17 01:42:52 UTC 2006 -- Garen From jamie_usenet at yahoo.ca Wed May 17 00:08:20 2006 From: jamie_usenet at yahoo.ca (Jamie) Date: Tue May 16 23:10:02 2006 Subject: [SpamCop-List] Blue Frog calls it quits? Message-ID: I just went to http://www.bluesecurity.com/ and they have this notice on ther website right now.This another hijacking or is this for real? They claim the communities page will be active till May 31 2006. Blue Security Ceases Anti-Spam Operations When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet. Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users. However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community. After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations. As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do. You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you. We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company. We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks. We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community. Thank you for your support, The Blue Security Team. For more information: a.. Press and Media Relations b.. Blue Community Site - active until 31-May-2006. Press and Media Relations If there is any way we can help you with a story, please don't hesitate to contact our media liaison: Bill Scannell bill@scannell.org 408-216-7264 From tmcgraw at spamcop.net Wed May 17 01:42:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 03:45:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Jamie wrote: > I just went to http://www.bluesecurity.com/ and they have this notice on > ther website right now.This another hijacking or is this for real? > > They claim the communities page will be active till May 31 2006. > > They really had no idea what they were getting into. From crappy.trappy at ntlworld.com Wed May 17 09:57:02 2006 From: crappy.trappy at ntlworld.com (Tim) Date: Wed May 17 04:00:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Jamie wrote: That's a real shame. The f*cking spammers win again. Must have been hurting them to warrant such a reaction. Hurting spammers is the only way to get the message across that spam is not wanted! From tmcgraw at spamcop.net Wed May 17 08:16:33 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 10:20:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Tim wrote: > > That's a real shame. The f*cking spammers win again. I don't think it's a shame. I think BF was a sham. I'm glad they are not wreaking havoc on the Internet. Good riddance. > Hurting spammers is the only way to get the message across that spam is > not wanted! Someone wants it. If no one ever bought anything or never visited a spamvertized site, there wouldn't be any spam. From turan.fe at t-online.de Wed May 17 17:24:25 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Wed May 17 10:25:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: > I think BF was a sham. > If no one ever bought anything or never visited a spamvertized site, there > wouldn't be any spam. You do know that there still are enough fools who buy spamvertized goods, and still enough "businesspeople" who spamvertize their goods. No matter if Bluefrog was good or bad: they had a successful idea how to kick spammers out of business, and this idea should be carried on by someone else. Any e-mail provider can introduce a similar thing, and the spam mafia cannot attack hundreds of e-mail providers. From tmcgraw at spamcop.net Wed May 17 08:45:00 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 10:45:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Turan Fettahoglu wrote: > > No matter if Bluefrog was good or bad: they had a successful idea how to > kick spammers out of business, and this idea should be carried on by someone > else. It was not successful; it produced no profit and had to be abandoned. The "idea" also ran counter to the cooperative spirit of the Internet. > Any e-mail provider can introduce a similar thing, and the spam mafia > cannot attack hundreds of e-mail providers. You misunderestimate them. They already do attack thousands of email providers. From MikeE at ster.invalid Wed May 17 08:46:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 17 10:50:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Turan Fettahoglu wrote: > No matter if Bluefrog was good or bad: they had a successful idea how > to kick spammers out of business, BS/BF wasn't about kicking spammers out of business. BS/BF was /allegedly/ about listwashing BFers' addies from spamvertiser spamminglists. Actually BS/BF was about making money. It was a 'capitalistic' venture. Not that there is anything wrong with capitalism, but sometimes it is dirty. Nefarious. Misrepresentational. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Wed May 17 10:05:38 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 12:10:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Mike Easter wrote: > > Not that there is anything wrong with capitalism Where's the 'Seinfeld' tags? From tmcgraw at spamcop.net Wed May 17 10:35:25 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 12:40:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Mike Easter wrote: > > Not that there is anything wrong with capitalism, but sometimes it is > dirty. Nefarious. Misrepresentational. I just read Ron Guilmette's and Steve Linford's comments on nanae. Wow. They are so much more eloquent then I. From stephenbye at byedesign.freeserve.co.uk Wed May 17 19:46:26 2006 From: stephenbye at byedesign.freeserve.co.uk (Stephen Bye) Date: Wed May 17 13:50:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Tim McGraw" wrote in message news:e4fctc$4fu$1@news.spamcop.net... > You misunderestimate them. They already do attack thousands of email > providers. Misunderestimate? From tmcgraw at spamcop.net Wed May 17 11:51:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 17 13:55:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Stephen Bye wrote: > "Tim McGraw" wrote in message > news:e4fctc$4fu$1@news.spamcop.net... > >> You misunderestimate them. They already do attack thousands of email >> providers. > > Misunderestimate? Google it to see who said it. From stephenbye at byedesign.freeserve.co.uk Wed May 17 19:54:20 2006 From: stephenbye at byedesign.freeserve.co.uk (Stephen Bye) Date: Wed May 17 13:55:12 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Tim McGraw" wrote in message news:e4fnr5$bps$1@news.spamcop.net... > Stephen Bye wrote: >> "Tim McGraw" wrote in message >> news:e4fctc$4fu$1@news.spamcop.net... >> >>> You misunderestimate them. They already do attack thousands of email >>> providers. >> >> Misunderestimate? > > Google it to see who said it. Aahh, now I get it. Thanks. From MikeE at ster.invalid Wed May 17 11:58:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 17 14:00:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Tim McGraw wrote: > Stephen Bye wrote: >> Misunderestimate? > > Google it to see who said it. The best treatise I found was at Snopes which fleshes out this topic: Claim: "Make the Pie Higher!" poem is composed of actual quotes from George W. Bush. Status: True. Example: [Collected on the Internet, 2002] http://www.snopes.com/politics/bush/piehigher.asp <3500 word essay on the poem and bushisms> -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed May 17 15:05:29 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 17 14:10:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Turan Fettahoglu" wrote in message news:e4fbmp$3o0$1@news.spamcop.net... >> I think BF was a sham. ... > No matter if Bluefrog was good or bad: they had a successful > idea ... Bullshit: It matters a lot. Their idea may have "successfully" inconvenienced a couple of spammers but IMO it's questionable who they blasted the worst: spammers or innocent parties. To think that they may have abolished any spammers is not only myopic, it's ignorant and stupid: The spammers and their sites will simply reappear elsewhere and nothing will/would have changed spamwise. > No matter if Bluefrog was good or bad: Stupid comment. Unthinking comment. Trolling comment. It matters a lot fo law abiding, scrupulous people with ethics and right on their side. they had a successful idea how to No, it wasn't successful. Temporary only. And wasted effort; they believed in themselves so highly that they're already borked out of business. > kick spammers out of business, No, it simply sent them (very few) elsewhere to regroup, a momentary blip on most good spammer's screens of operation. and this idea should be carried on by someone No, it shouldn't. Your and others like you, are myopic, as already mentioned, and completely ignores the "collateral" damage which is now so widely known. In the end analysis, should it be able to complete, their true colors will very likely come to light. So far there is nothing giving any credibility to anything they have done or said that indicates a desirable operation. > else. Any e-mail provider can introduce a similar thing, and > the spam mafia cannot attack hundreds of e-mail providers. LOL! You mean, like the "spam mafia" is doing right now? Every day? Every second, even? They're attacking THOUSANDS, probably more, e-mail providers constantly!! If you and your'n are so sure you're so right, go borrow some money and set up your own: Let's see how it's supposed to be done! Until then, you and others like you have nothing worthwhil to say to a thinking person who values honesty and integrity, not to mention ethics and scruples. . I've had my say; I'm done now. > > > From gezgin at spamcop.net Wed May 17 22:08:39 2006 From: gezgin at spamcop.net (gezgin) Date: Wed May 17 14:15:04 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Stephen Bye" wrote >> You misunderestimate them. They already do attack thousands of email >> providers. > Misunderestimate? "Underestimating by a significant factor" obviously. Isn't the English language wonderful? -- Bob http://www.kanyak.com From gezgin at spamcop.net Wed May 17 22:11:41 2006 From: gezgin at spamcop.net (gezgin) Date: Wed May 17 14:15:13 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Somebody clue me in on this please. What was Blue Frog doing that SpamCop isn't that drew so much ire on the part of spammers? -- Bob http://www.kanyak.com From david.topping at gnuemail.com Wed May 17 20:28:04 2006 From: david.topping at gnuemail.com (David Topping) Date: Wed May 17 14:35:05 2006 Subject: [SpamCop-List] DNSBL for backscatter - Any use? Message-ID: Hi What are your thoughts, please, on a dedicated DNSBL being setup which deals with backscatter / misdirected autoresponders and C/R's? I understand that bl.spamcop.net and a couple of the others may have this built in. However, I don't believe such a dedicated DNSBL exists at the time of writing. Thanks From shaunaks at vsnl.net Thu May 18 01:07:54 2006 From: shaunaks at vsnl.net (Shaunak Sayta) Date: Wed May 17 14:38:30 2006 Subject: [SpamCop-List] DNSBL for backscatter - Any use? Message-ID: <003601c679e1$04820470$0302a8c0@syfvq52w5smynw> Dont you think we alredy have too many blacklists to confuse users of them, anyways to have one more. I think there should be a blacklist that integrates all the blacklists, The more the blacklists the more the false positives "David Topping" wrote in message news:... > Hi > > What are your thoughts, please, on a dedicated DNSBL being setup which deals > with backscatter / misdirected autoresponders and C/R's? > > I understand that bl.spamcop.net and a couple of the others may have this > built in. However, I don't believe such a dedicated DNSBL exists at the time > of writing. > > Thanks > > > _______________________________________________ > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list From eschrama at spamcop.net Wed May 17 22:48:18 2006 From: eschrama at spamcop.net (Ejo) Date: Wed May 17 15:50:03 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports In-Reply-To: References: Message-ID: Tim McGraw wrote: > SpamCop Admin wrote: >> >> Sorry for all the trouble. I was really excited about seeing the >> feature finally come alive... and now this. > > To quote Bloom County, it's no skin off my stiff upper lip! But it (quick reporting) works now! From kenbrody at spamcop.net Wed May 17 15:04:17 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed May 17 15:50:12 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: <446B65A1.D8EA64BC@spamcop.net> Stephen Bye wrote: > > "Tim McGraw" wrote in message > news:e4fnr5$bps$1@news.spamcop.net... > > Stephen Bye wrote: > >> "Tim McGraw" wrote in message > >> news:e4fctc$4fu$1@news.spamcop.net... > >> > >>> You misunderestimate them. They already do attack thousands of email > >>> providers. > >> > >> Misunderestimate? > > > > Google it to see who said it. > > Aahh, now I get it. > Thanks. I guess it means "to improperly underestimate"? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From caroljean52 at yahoo.com Wed May 17 15:40:27 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Wed May 17 16:45:03 2006 Subject: [SpamCop-List] Re: Blue Frog Quits References: Message-ID: Also: In the Fight Against Spam E-Mail, Goliath Wins AgainIn the Fight Against Spam E-Mail, Goliath Wins Again http://www.washingtonpost.com/wp-dyn/content/article/2006/05/16/AR2006051601873.html From caroljean52 at yahoo.com Wed May 17 15:44:58 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Wed May 17 16:50:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "gezgin" wrote: > What was Blue Frog doing that SpamCop isn't that drew so much ire on the > part of spammers? As I understand it, they launched DoS attacks against the spammers. Unfortunately, a lot of the spammers retaliated in like manner so they diverted their "extra" traffic to innocent blogging sites... Needless to say, that was a [bad word] stupid thing to do. Carol Pocatello, Idaho From holy_saiyan1 at 2+2=5.REMOVE.MATH.EQUATION.hotmail.com Wed May 17 19:00:58 2006 From: holy_saiyan1 at 2+2=5.REMOVE.MATH.EQUATION.hotmail.com (Jesse Hathaway) Date: Wed May 17 18:05:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Inaccurate, but a common misconception. The ratio of number of opt-out messages posted on the spamvertised website to the number of received spam messages spamvertising said website was STRICTLY 1:1. caroljean52 wrote: > "gezgin" wrote: >> What was Blue Frog doing that SpamCop isn't that drew so much ire on the >> part of spammers? > > As I understand it, they launched DoS attacks against the spammers. > Unfortunately, a lot of the spammers retaliated in like manner so they > diverted their "extra" traffic to innocent blogging sites... Needless to > say, that was a [bad word] stupid thing to do. > > Carol > Pocatello, Idaho > > From MikeE at ster.invalid Wed May 17 16:02:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 17 18:05:13 2006 Subject: [SpamCop-List] Re: Blue Frog Quits References: Message-ID: caroljean52 wrote: > Also: > In the Fight Against Spam E-Mail, Goliath Wins AgainIn the Fight > Against Spam E-Mail, Goliath Wins Again > http://www.washingtonpost.com/wp-dyn/content/article/2006/05/16/AR2006051601873.html That story lacks accuracy in several very important elements. The BF 'process' DNIR [do not intrude registry] did not "disrupted the spammers' ability to send e-mails to other victims" The attacking spammer did *not* flood BS site with ddos, but used a different strategy to cut off BS's site access from everyone not Israel. It was BS which pointed its nameservice at the blogsites and /then/ there was a ddos problem caused by the attacker. The register article is more accurate http://www.theregister.co.uk/2006/05/17/blue_security_folds/ Blue Security calls it quits after attack by renegade spammer Altho' the register hasn't been very kind to BS, they weren't very mean about the fold. -- Mike Easter kibitzer, not SC admin From zypher at spamcop.net Wed May 17 18:07:08 2006 From: zypher at spamcop.net (Ron B.) Date: Wed May 17 18:10:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Jesse Hathaway wrote: > Inaccurate, but a common misconception. The ratio of number of opt-out > messages posted on the spamvertised website to the number of received > spam messages spamvertising said website was STRICTLY 1:1. > Please explain. From nobody at devnull.spamcop.net Wed May 17 21:56:39 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 17 21:00:03 2006 Subject: [SpamCop-List] Re: DNSBL for backscatter - Any use? References: Message-ID: "David Topping" wrote in message news:e4fq5o$dov$1@news.spamcop.net... > Hi > > What are your thoughts, please, on a dedicated DNSBL being > setup which deals with backscatter / misdirected autoresponders > and C/R's? > > I understand that bl.spamcop.net and a couple of the others may > have this built in. However, I don't believe such a dedicated > DNSBL exists at the time of writing. > > Thanks > > Personally, I can't see the point of it. Besides, it would only be a "me too" in the sense that other blOcklists (not blAcklists, as a rule) already carry them alont with the rest of the "stuff". I can't see/think of anything that would make me want to use it unless something changed and other lists weren't tracking them. Besides, that's not the major source either, although they're all despicable. Regards, Pop From nobody at devnull.spamcop.net Wed May 17 21:58:43 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 17 21:00:13 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Jesse Hathaway" wrote in message news:e4g6eq$lpk$1@news.spamcop.net... > Inaccurate, but a common misconception. The ratio of number of > opt-out messages posted on the spamvertised website to the > number of received spam messages spamvertising said website was > STRICTLY 1:1. Whaaaattt? Pop > > caroljean52 wrote: >> "gezgin" wrote: >>> What was Blue Frog doing that SpamCop isn't that drew so much >>> ire on the part of spammers? >> >> As I understand it, they launched DoS attacks against the >> spammers. Unfortunately, a lot of the spammers retaliated in >> like manner so they diverted their "extra" traffic to innocent >> blogging sites... Needless to say, that was a [bad word] >> stupid thing to do. >> >> Carol >> Pocatello, Idaho From vanguard.news at yahooNIX.com Wed May 17 23:25:00 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Wed May 17 23:25:04 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Jesse Hathaway" wrote in message news:e4g6eq$lpk$1@news.spamcop.net... > Inaccurate, but a common misconception. The ratio of number of > opt-out messages posted on the spamvertised website to the number of > received spam messages spamvertising said website was STRICTLY 1:1. Sounds super great as they were claiming to provide an automated opt-out process (because the BS users were too damn lazy to do the opt-outs themselves) and maybe they really only did sent at a 1:1 ratio but WHEN they sent was at issue. They didn't send all those reports from BS users at the time the BS users reported the spam. They stored them up so they could slam the targeted site all at once. After all, if opt-outs had worked before then BS wouldn't even be needed - but it didn't work. The site getting opt-outs from individual users when they got the spam mail didn't hurt those sites (or cause any collateral damage). However, BS stored up all the reports so their volume would accrue to a threshold that became sufficient to become a DOS attack. Of course, it wasn't just a DOS attack. It was a DDOS attack by BS using all their users to distribute the attack from the zombied hosts so the attack would hide that BS initiated it. BS was *not* providing an automated opt-out service as they claimed. They were pending up all those reports until they had enough to slam a site and they used the distributed DOS method by using their zombied users' hosts. Yes, BS might have been sending one opt-out from one report from a BS user but BS did not send those opt-outs at the same rate that they received the reports. A creek doesn't damage the surrounding residential properties but damming it up so a huge reservoir builds up and then suddenly releasing it becomes a flood that will harm the targeted property (along with other properties). Trickling out the opt-outs at the same rate that the spam reports came in would have no more effect than the users themselves submitting the opt-out requests. The rate of opt-outs sent by individual users receiving spam has not worked in the past. Then BS came out with a "tool" to help users send those opt-outs but if the opt-outs impinged the targeted site at the same rate as before then BS would be an ineffective solution. The trickle of opt-outs hasn't worked before and trickling them out through BS won't work any better. Pending up the trickle to then blast it out all at once would be the only way that the opt-out flood could effectively DDoS the targeted site. Amazing how many BS users bought into the scheme to have their hosts running as zombies in a DDOS attack. Most users expend effort using anti-virus and anti-malware products to prevent their hosts from becoming zombie slave hosts. From nospam at aol.com Thu May 18 16:06:38 2006 From: nospam at aol.com (Chris) Date: Thu May 18 10:10:04 2006 Subject: [SpamCop-List] sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? Message-ID: Hi everyone I am constantly under attack from Spam from a few regular companies. Currently, the spams I receive have (in their FROM: tag) . . . xxx@stagedgarage.com and/or xxx@sortnoxington.com. I get around 30/40 emails per day with this tag, and have been doing so for the past two weeks. Apart from sending my reports to Spamcop and/or blacklisting the FROM domain, is there anything else I can do? Thanks Chris P.S. Literally while I was typing this, I received yet ANOTHER spam from this company From: tag reads 'smtp@sortnoxington.com'. From MikeE at ster.invalid Thu May 18 08:46:54 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 10:50:04 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: Chris wrote: > I am constantly under attack from Spam from a few regular companies. Attack? > Currently, the spams I receive have (in their FROM: tag) . . . > xxx@stagedgarage.com and/or xxx@sortnoxington.com. The vast majority of spam has bogus From. I don't characterize spam by its From, and I don't generally use the term 'from' when I am talking about spam, because some people think from means the From and some people think from means the spamsource and some people think from means the spamvertiser. In this case, you happen to be talking about a From, but you didn't say if the items were actually sourced at that From -- as in 'straightup' spam which the spamsource IP = the From = the spamvertiser. Sometimes one or another of those aren't 'exactly' the same. > I get around 30/40 emails per day with this tag, and have been doing > so for the past two weeks. If you want to talk about a spam, you should post a tracking url for it. Submit one of these spams which you are trying to characterize with words to the parser, copy the parser's tracking URL from the top of the parse which is presented before reporting or cancelling which looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z947257742zeb31a0c0c0e741292976ccd30c0f752cz and copy that tracking URL and paste it in here. When you try to describe a spam it is no good. > Apart from sending my reports to Spamcop and/or blacklisting the FROM > domain, is there anything else I can do? I seem to recall that you are a spamcop mail account subscriber. So, your spam should be easily reported. If these items are not being caught by your current configuration of spamfilters, then there are many ways to tighten up your filtering. Is it possible that you have subscribed to a mailing list which causes you to be receiving similar mails? I also seem to recall that you have some kind of jwspamspy software. If I search for sortnoxington.com - it doesn't turn up very many places except for posts by you and it also shows up on the jwspamspy page http://www.joewein.de/sw/bl-log-2006-05-10.htm 7 hits for googleweb search http://snipurl.com/qmo8 0 hits for googlegroups search -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu May 18 09:01:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 11:05:02 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: Mike Easter wrote: > Chris wrote: >> Currently, the spams I receive have (in their FROM: tag) . . . >> xxx@stagedgarage.com and/or xxx@sortnoxington.com. > I also seem to recall that you have some kind of jwspamspy software. > > If I search for sortnoxington.com - it doesn't turn up very many > places except for posts by you and it also shows up on the jwspamspy > page http://www.joewein.de/sw/bl-log-2006-05-10.htm > > 7 hits for googleweb search http://snipurl.com/qmo8 > 0 hits for googlegroups search If I search for stagedgarage.com -- it doesn't turn up very many places at all -- and of the very few places it occurs, it shows up on the juspamspy page http://www.joewein.de/sw/bl-log-2006-05-13.htm 4 hits for googleweb search http://snipurl.com/qmoo 0 hits for googlegroups search What I'm saying is that those domainnames are practically 'google unheard of' -- making them very very unusual. So, the entire web has almost never heard of them. Practically the only people who have ever heard of them is you, who allege to receive 30-40 spamFroms a day, and your previously mentioned $30 filter which I've never heard of before namely jwSpamSpy http://www.jwspamspy.net/ Only US$29.95 / ? 25 / ? 18 That whole story I'm describing above seems very very strange to me -- like something fishy is going on here. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu May 18 09:26:59 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 11:30:04 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: Mike Easter wrote: >> Currently, the spams I receive have (in their FROM: tag) . . . >> xxx@stagedgarage.com and/or xxx@sortnoxington.com. > > The vast majority of spam has bogus From. I don't characterize spam > by its From, These output server IPs [4 of their 5] which rDNS as stagedgarage are SC blocklisted and the /24 for them is spamhaused 63.139.108.7 co3.stagedgarage.com 63.139.108.5 co1.stagedgarage.com 63.139.108.9 co5.stagedgarage.com 63.139.108.6 co2.stagedgarage.com Ref: SBL41929 63.139.108.0/24 is listed on the Spamhaus Block List 14-May-2006 IBDS SYSTEMS INC DBA AXIS INTERACTIVE See also SBL37681. Spamming addresses scraped from usenet. Almost all of these output servers which rDNS sortnoxington are SC blocklisted and the /19 for them is spamhaused 72.11.142.211 iron.sortnoxington.com 72.11.142.205 surf529.sortnoxington.com 72.11.142.206 surf530.sortnoxington.com 72.11.142.210 surf523.sortnoxington.com 72.11.142.200 surf429.sortnoxington.com 72.11.142.201 surf431.sortnoxington.com 72.11.142.204 surf527.sortnoxington.com Ref: SBL20671 72.11.128.0/19 is listed on the Spamhaus Block List OC3 Networks - Ilan Mishan ROKSO It is better to talk about a spamsource IP than to talk about a domainname, which we got into in your last post about this subject. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu May 18 10:17:14 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 18 12:20:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "POP" wrote... > "Turan Fettahoglu" wrote... > >> No matter if Bluefrog was good or bad: they had a successful idea ... > > Bullshit: It matters a lot. Their idea may have "successfully" > inconvenienced a couple of spammers but IMO it's questionable who they > blasted the worst: spammers or innocent parties. To think that they may > have abolished any spammers is not only myopic, it's ignorant and stupid: > The spammers and their sites will simply reappear elsewhere and nothing > will/would have changed spamwise. Exactly so. This is why Spamcop is iorganized the way it is - to deal with the fact that the bad guys keep moving and to try very hard to not harm third parties. Bluefrog didn't seem to care about hurting third parties with their "service" and they didn't seem to care about hurting third parties as they responded to spammer's attacks in ways that hurt other systems. I say good riddance to an unethical operation. From nobody at devnull.spamcop.net Thu May 18 10:19:36 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 18 12:20:18 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Jesse Hathaway wrote... [snip] Amazing how well the corrolation between top-posting and being wrong holds up... From nobody at devnull.spamcop.net Thu May 18 10:24:54 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 18 12:25:03 2006 Subject: [SpamCop-List] Re: DNSBL for backscatter - Any use? References: Message-ID: David Topping wrote... > What are your thoughts, please, on a dedicated DNSBL being setup which > deals with backscatter / misdirected autoresponders and C/R's? > > I understand that bl.spamcop.net and a couple of the others may have this > built in. However, I don't believe such a dedicated DNSBL exists at the > time of writing. There are two good reasons for another DNSBL: [1] Someone wishes to block only what the DNSBL lists (for example, a business that only gets email from local customers may wish to block all of China) [2] The other DNSBLs are, for whatever reason, not catching some class of undesirable emails. Neither appears to be true in this case. G.M. From porpoise1954 at yahoo.co.uk Thu May 18 20:14:06 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu May 18 14:20:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Tim McGraw" wrote in message news:e4ek5a$l0q$1@news.spamcop.net... > Jamie wrote: >> I just went to http://www.bluesecurity.com/ and they have this notice on >> ther website right now.This another hijacking or is this for real? >> >> They claim the communities page will be active till May 31 2006. >> >> > > They really had no idea what they were getting into. They were being naive in the extreme methinks......... From porpoise1954 at yahoo.co.uk Thu May 18 20:16:31 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu May 18 14:20:14 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "gezgin" wrote in message news:e4fov3$cts$1@news.spamcop.net... > "Stephen Bye" wrote > >>> You misunderestimate them. They already do attack thousands of email >>> providers. > >> Misunderestimate? > > "Underestimating by a significant factor" obviously. > > Isn't the English language wonderful? In fact it's wonderfully wonderful in it's wonderfulness...... From nobody at devnull.spamcop.net Thu May 18 15:25:29 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 18 14:30:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: That's three errors for you so far; keep trying. "G|_|Y |\/|AC0|\|" wrote in message news:e4i6qs$tfj$1@news.spamcop.net... > > Jesse Hathaway wrote... [snip] > > Amazing how well the corrolation between top-posting and being > wrong holds up... > > From edb2000 at spamcop.net Thu May 18 13:27:58 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu May 18 15:30:03 2006 Subject: [SpamCop-List] Re: Falsified caller IDs (was Re: [ot] Busted a telemarketer!) In-Reply-To: <4469E763.778E59E8@spamcop.net> References: <4469E763.778E59E8@spamcop.net> Message-ID: Kenneth Brody wrote: > What I'd like to know is how they convinced the telco to pass false > caller ID data to the recipient. (I sometimes get "999-999-9999".) Some classes of phone service allow (or even require) the CPE (customer provided equipment) to furnish the CallerID information. This is very useful in the case where a bank of outgoing lines is used to make calls, but the company wants the main incoming number to show on the CallerID so that callees know who is calling and where to call back. Needless to say, it's also useful in cases where a boiler-room calling operation wants to appear to be some other company, and/or show a number that can not be called back. Yet another useful bit of technology spoiled by telemarketers, spammers, and other swindlers of various sorts. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Thu May 18 13:57:18 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 18 16:00:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "POP" wrote ... > That's three errors for you so far; keep trying. Oooh! A *spelling flame*! I thought those had gone obsolete. It's nice to see someone who still follows the old ways... :) From nospam at aol.com Thu May 18 23:53:46 2006 From: nospam at aol.com (Chris) Date: Thu May 18 17:55:02 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: Hi Mike Thank you for your input. Please forgive me that I am not as clued up and I.T. literate as most appear to be on this Forum. I just wanted to clear up a few points. My reference in relation to 'attack' was specifically that I am getting a very large amount of spam emails with a specific FROM domain name. I appreciate that spam origins can be faked, altered etc I percieve this as an ATTACK as it is starting to affect my business and is unwanted. 40/50 is a very large amount of junk I have to sift through on a daily basis from one 'apparent' source. Perhaps 'sift through' is the wrong term, but since I am now reporting all the Spam I get BY HAND to Spamcop, and I keep on seeing 'sortnoxington' and 'stagedgarage' constantly every day, I wondered if the two domains rang a bell with anyone else, but they do not appear to have done. Example from 'Stagedgarage.com' http://www.spamcop.net/mcgi?action=gettrack&reportid=1752930315 http://www.spamcop.net/mcgi?action=gettrack&reportid=1751181161 Example from 'SortNoxington.com' http://www.spamcop.net/mcgi?action=gettrack&reportid=1749236197 http://www.spamcop.net/mcgi?action=gettrack&reportid=1748973853 I did exactly the same as you did and searched the net on the Domain names and found the webpage that you did. I would GUESS that this particular spam company uses a FROM domain alias for a few weeks, and then changes it. This domain hasn't appeared for a day or two now. Seems 'HARBLES.COM' has taken its place for exactly the same purpose. I am NOT running the JW software - In a previous message I did state that I was running MailWasher, which runs quite well. In case your 'fishy' comment was that I had any affiliation with the JW website, I can state to you now that I do not. I do appreciate your help, and will continue to run with SPAMCOP and try to assist your team by regular and early spam reports, specifically to make sure your blacklist runs as well as it can. Chris "Mike Easter" wrote in message news:e4i28h$qc3$1@news.spamcop.net... > Mike Easter wrote: >> Chris wrote: > >>> Currently, the spams I receive have (in their FROM: tag) . . . >>> xxx@stagedgarage.com and/or xxx@sortnoxington.com. > >> I also seem to recall that you have some kind of jwspamspy software. >> >> If I search for sortnoxington.com - it doesn't turn up very many >> places except for posts by you and it also shows up on the jwspamspy >> page http://www.joewein.de/sw/bl-log-2006-05-10.htm >> >> 7 hits for googleweb search http://snipurl.com/qmo8 >> 0 hits for googlegroups search > > If I search for stagedgarage.com -- it doesn't turn up very many places > at all -- and of the very few places it occurs, it shows up on the > juspamspy page http://www.joewein.de/sw/bl-log-2006-05-13.htm > > 4 hits for googleweb search http://snipurl.com/qmoo > 0 hits for googlegroups search > > What I'm saying is that those domainnames are practically 'google > unheard of' -- making them very very unusual. So, the entire web has > almost never heard of them. Practically the only people who have ever > heard of them is you, who allege to receive 30-40 spamFroms a day, and > your previously mentioned $30 filter which I've never heard of before > namely jwSpamSpy http://www.jwspamspy.net/ Only US$29.95 / ? 25 / £ 18 > > That whole story I'm describing above seems very very strange to me -- > like something fishy is going on here. > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Thu May 18 16:12:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 18:15:03 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: When you don't contextualize your reply remarks, they don't have the meaning that they would have if properly contextualized, or put into order. I don't like to try to have a conversation with someone who doesn't trim and contextualize. Chris wrote: > My reference in relation to 'attack' was specifically that I am > getting a very large amount of spam emails with a specific FROM > domain name. That remark should have been put into the context of my questioning the word 'attack' here: Mike Easter wrote: > Chris wrote: > >> I am constantly under attack from Spam from a few regular companies. > > Attack? My 'Attack?' meant that a few score spams a day isn't an /attack/. It is a few scores of spams. An attack is something else. > Example from 'Stagedgarage.com' > > http://www.spamcop.net/mcgi?action=gettrack&reportid=1752930315 Again, you failed to contextualize. If you had contextualized you would be able to see what you are saying in the context where you were supposed to be saying it. Notice what shows up: Mike Easter wrote: > If you want to talk about a spam, you should post a tracking url for > it. > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z947257742zeb31a0c0c0e741292976ccd30c0f752cz > > and copy that tracking URL and paste it in here. > http://www.spamcop.net/mcgi?action=gettrack&reportid=1751181161 Notice that you did *not* post a tracking URL. Instead you posted a reportid link. That is not helpful to anyone but you. A report id can only be used by the reporter of the reportid to access the tracking URL. If you go to the reportid link, you can use it to access the spam and get the proper tracking url. I cannot do that because I am not logged in as you. Your link ends with 'reportid=1751181161' My example ends with 'id=z947257742zeb31a0c0c0e741292976ccd30c0f752cz' They are distinctly different. > Seems 'HARBLES.COM' has taken its > place for exactly the same purpose. I could do the same thing with harbles I did with the others, but I'm going to wait for a legitimate tracker. > I am NOT running the JW software - In a previous message I did state > that I was running MailWasher, which runs quite well. That remark lacks context. It should have appeared near here: Mike Easter wrote: > I also seem to recall that you have some kind of jwspamspy software. On about May 12 you said: Chris wrote: > I noticed that if I was using the JWSpamSpy blacklist, then these > spams would have been blocked as according to this page: -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Thu May 18 16:18:54 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu May 18 18:20:02 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: "Chris" wrote in message news:e4iqd4$ado$1@news.spamcop.net... > Hi Mike > > Thank you for your input. Please forgive me that I am not as clued up and > I.T. literate as most appear to be on this Forum. > > I just wanted to clear up a few points. > > My reference in relation to 'attack' was specifically that I am getting a > very large amount of spam emails with a specific FROM domain name. I > appreciate that spam origins can be faked, altered etc > I percieve this as an ATTACK as it is starting to affect my business and > is unwanted. 40/50 is a very large amount of junk I have to sift through > on a daily basis from one 'apparent' source. > Perhaps 'sift through' is the wrong term, but since I am now reporting all > the Spam I get BY HAND to Spamcop, and I keep on seeing 'sortnoxington' > and 'stagedgarage' constantly every day, I wondered if the two domains > rang a bell with anyone else, but they do not appear to have done. > > > I am NOT running the JW software - In a previous message I did state that > I was running MailWasher, which runs quite well. > Notice that this is an INLINE comment not top-posting!! I hope you are not using MW to 'bounce' your mail - as noted in other posts in this thread, the from that MW bounces to is usually bogus - so you are just spamming some innocent party! -- A SpamCop user and forum reader, Not Admin From BNRAGMAOKKXT at spammotel.com Fri May 19 00:44:09 2006 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 18 19:45:03 2006 Subject: [SpamCop-List] No Reports Files Message-ID: I've been sending spam submissions via Quick Reporting, but, for the past few days I have not received any reports back. I just checked Past Reports and see my submissions have got through, but, also see a note saying "No reports files". I.e. last one logged says: Submitted: 19 May 2006 00:09:22 +0100: Don't get left behind! No reports filed First time this started happening log says: Submitted: 16 May 2006 10:43:07 +0100: Ratess approved No reports filed What gives? -- Rob http://www.flickr.com/photos/canopus_archives/ From MikeE at ster.invalid Thu May 18 17:51:35 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 19:55:03 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: Canopus wrote: > I've been sending spam submissions via Quick Reporting, but, for the > past few days I have not received any reports back. I just checked > Past Reports and see my submissions have got through, but, also see a > note saying "No reports files". I.e. last one logged says: > > Submitted: 19 May 2006 00:09:22 +0100: > Don't get left behind! > No reports filed Good job paying attention to what's going on. > First time this started happening log says: > > Submitted: 16 May 2006 10:43:07 +0100: > Ratess approved > No reports filed > > What gives? For some reason or another, presumably because of requests, it was decided to cause those accounts which are flagged for quickreporting to have an additional option in the Preferences. That additional option is to let the account configure to not receive the replies back about the quick reports. Unfortunately, IMO, the process of so enabling configuring caused many or all of the so-flagged quick reporting accounts to be so configured for no report replies -- so the 'default' became to not receive reports. That is actually not a healthy configuration, IMO. You should go to your Preferences and near the bottom to configure to receive reports, as you were previously configured before such report non-reply configurability was enabled. -- Mike Easter kibitzer, not SC admin From BNRAGMAOKKXT at spammotel.com Fri May 19 00:56:45 2006 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Thu May 18 20:00:03 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: Canopus on 19/05/2006 wrote: >I've been sending spam submissions via Quick Reporting, but, for the past >few days I have not received any reports back. I just checked Past >Reports and see my submissions have got through, but, also see a note >saying "No reports files". I.e. last one logged says: > >Submitted: 19 May 2006 00:09:22 +0100: >Don't get left behind! >No reports filed > >First time this started happening log says: > >Submitted: 16 May 2006 10:43:07 +0100: >Ratess approved >No reports filed > >What gives? Don't worry, I think I found it in spamcop.help. There's been a change in preference features and the new Quick Data Reports are off by default, but, it also disables quick reporting...one big bug. Have now turned it back on so hopefully things will get back to normal. -- Rob http://www.flickr.com/photos/canopus_archives/ From spam_hjp at yahoo.com Thu May 18 21:05:44 2006 From: spam_hjp at yahoo.com (Jim) Date: Thu May 18 20:10:03 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Mike Easter wrote: > Canopus wrote: >> I've been sending spam submissions via Quick Reporting, but, for the >> past few days I have not received any reports back. I just checked >> Past Reports and see my submissions have got through, but, also see a >> note saying "No reports files". I.e. last one logged says: >> >> Submitted: 19 May 2006 00:09:22 +0100: >> Don't get left behind! >> No reports filed > > Good job paying attention to what's going on. > >> First time this started happening log says: >> >> Submitted: 16 May 2006 10:43:07 +0100: >> Ratess approved >> No reports filed >> >> What gives? > > For some reason or another, presumably because of requests, it was > decided to cause those accounts which are flagged for quickreporting to > have an additional option in the Preferences. That additional option is > to let the account configure to not receive the replies back about the > quick reports. > I am a paid user and I am not flagged for quick reporting. I don't even have the option to not receive quick reports. I am also seeing the "no report file" when I submit quick reports. From MikeE at ster.invalid Thu May 18 18:33:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 20:35:08 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: Jim wrote: > Mike Easter wrote: >> For some reason or another, presumably because of requests, it was >> decided to cause those accounts which are flagged for quickreporting >> to have an additional option in the Preferences. That additional >> option is to let the account configure to not receive the replies >> back about the quick reports. >> > I am a paid user and I am not flagged for quick reporting. Wait just a minute. I think you must be [flagged] enabled to be able to quick report. > I don't even have the option to not receive quick reports. > > I am also seeing the "no report file" when I submit quick reports. I cannot compute that. I am hearing and not hearing that you can quick report. I am hearing that you are seeing no report file when you quick report -- which you are saying you are not enabled to do. I think we need some more words from you. Tell me/us too much rather than too little. -- Mike Easter kibitzer, not SC admin From / at /.cn Fri May 19 11:38:10 2006 From: / at /.cn (Petzl) Date: Thu May 18 20:40:04 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: "Canopus" wrote in message news:e4j0s9$eg1$1@news.spamcop.net... > I've been sending spam submissions via Quick Reporting, but, for the past > few days I have not received any reports back. I just checked Past > Reports and see my submissions have got through, but, also see a note > saying "No reports files". I.e. last one logged says: > > Submitted: 19 May 2006 00:09:22 +0100: > Don't get left behind! > No reports filed > > First time this started happening log says: > > Submitted: 16 May 2006 10:43:07 +0100: > Ratess approved > No reports filed > > What gives? > Not getting any quick submisions back since 15th? Not even seeing the IP sources I report being added to the SCBL for "scoring" example (I'm a SpamCop email subscriber/reporter) http://mailsc.spamcop.net/w3m?action=checkblock&ip=84.97.161.139 Petzl -- Check your computers security (free) From dont_spam at thecow.me.uk Fri May 19 02:38:19 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Thu May 18 20:45:07 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Tim McGraw wrote >Jamie wrote: >> I just went to http://www.bluesecurity.com/ and they have this notice on >> ther website right now.This another hijacking or is this for real? >> >> They claim the communities page will be active till May 31 2006. >> >> > >They really had no idea what they were getting into. You appear to be right on the money with that one. Still there you go, water under the bridge and all that. A crying shame it didn't work but it was worth the try. The one sobering conclusion that I draw from it is that it ended with The Internet backing away from One Spammer. Which is sad. -- steve auvache one step closer to The Perfect Date. From nospam at nospam.org Fri May 19 03:56:19 2006 From: nospam at nospam.org (Ejo) Date: Thu May 18 21:00:02 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Mike Easter wrote: > Jim wrote: >> Mike Easter wrote: > >>> For some reason or another, presumably because of requests, it was >>> decided to cause those accounts which are flagged for quickreporting >>> to have an additional option in the Preferences. That additional >>> option is to let the account configure to not receive the replies >>> back about the quick reports. >>> >> I am a paid user and I am not flagged for quick reporting. > > Wait just a minute. I think you must be [flagged] enabled to be able to > quick report. > >> I don't even have the option to not receive quick reports. >> >> I am also seeing the "no report file" when I submit quick reports. > > I cannot compute that. I am hearing and not hearing that you can quick > report. I am hearing that you are seeing no report file when you quick > report -- which you are saying you are not enabled to do. > > I think we need some more words from you. Tell me/us too much rather > than too little. > Some words from ejo then, maybe that offers some help. I went exactly through this ordeal, after I explained my problem to don at service@admin.spamcop.net, I got the reply that you have to fix this under preferences at the reporting server, there should be an option that allows you to enable quick reporting. If it is off (the default apparently) then turn it on, that causes the quick reports to go through the system. I'm not sure whether everybody has this option under preferences and whether my preferences were patched by Don. Ejo > From MikeE at ster.invalid Thu May 18 19:03:45 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 21:05:03 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: Ejo wrote: > Mike Easter wrote: >> I cannot compute that. I am hearing and not hearing that you can >> quick report. > Some words from ejo then, maybe that offers some help. I went exactly > through this ordeal, after I explained my problem to don at > service@admin.spamcop.net, I got the reply that you have to fix this > under preferences at the reporting server, there should be an option > that allows you to enable quick reporting. If it is off (the default > apparently) then turn it on, that causes the quick reports to go > through the system. I'm not sure whether everybody has this option > under preferences and whether my preferences were patched by Don. I understand your story. It is the same as mine. My current understanding is that those who are not flagged or enabled as quick report do not have that as a preference. But, the poster Jim said: Jim wrote: > I am a paid user and I am not flagged for quick reporting. > > I don't even have the option to not receive quick reports. > > I am also seeing the "no report file" when I submit quick reports. I can't compute that combination/sequence of declarative statements. -- Mike Easter kibitzer, not SC admin From spam_hjp at yahoo.com Thu May 18 22:12:35 2006 From: spam_hjp at yahoo.com (Jim) Date: Thu May 18 21:15:05 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Mike Easter wrote: > Jim wrote: >> Mike Easter wrote: > >>> For some reason or another, presumably because of requests, it was >>> decided to cause those accounts which are flagged for quickreporting >>> to have an additional option in the Preferences. That additional >>> option is to let the account configure to not receive the replies >>> back about the quick reports. >>> >> I am a paid user and I am not flagged for quick reporting. > > Wait just a minute. I think you must be [flagged] enabled to be able to > quick report. > >> I don't even have the option to not receive quick reports. >> >> I am also seeing the "no report file" when I submit quick reports. > > I cannot compute that. I am hearing and not hearing that you can quick > report. I am hearing that you are seeing no report file when you quick > report -- which you are saying you are not enabled to do. > > I think we need some more words from you. Tell me/us too much rather > than too little. > > When I click on held mail and then do quick report(1st of 6 options) or I go to SC Webmail and submit "Report as Spam". Either way I get "no reports files when I check "past reports" option. In my preferences nowhere do I see anything about quick reporting. I know Don mentioned a few days ago about turning off receiving the quick email report and also saying there was a problem but I never changed anything. When I go to "past reports" I instantly see "NO reports file after submitting a spam report. I checked back to 5/16 and still saw "No reports files. I do not recalled ever having to sign up for quick reporting. I been a paying SC Webmail/SpamCop Reporting customer for years. Submitted: Tuesday, May 16, 2006 9:58:28 PM -0400: Bigger the betterr -Dale No reports filed I can do "queque for reporting" or email attachments using my submit key with no problems Sorry I do not know how to make this any clearer From g.hyde at bigpond.net.au Fri May 19 12:13:45 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu May 18 21:15:16 2006 Subject: [SpamCop-List] Chaintest not working, or spammer trick? Message-ID: http://www.spamcop.net/sc?id=z947668478zeb1d52e378e4916c06b1227e96e6c343z Why does SC bother with the part about "such-and-such is not a MX for bigpond? As far as I know bigpond will receive mail from anywhere. I'm wondering if SC has had a change or update which changes the way it considers my ISP's mail configuration. In the above example, SC might have chaintested successfully, if it had accepted that bigpond will receive mail from anywhere on the internet. Or I could be reading the parse wrong - I have reported it as SC found it, in case this is some spammer trick. Anyone know whether the ISP SC notified is correct? Cheers ... Geoffrey Hyde From / at /.cn Fri May 19 13:12:25 2006 From: / at /.cn (Petzl) Date: Thu May 18 22:15:03 2006 Subject: [SpamCop-List] Re: Chaintest not working, or spammer trick? References: Message-ID: "Geoffrey Hyde" wrote in message news:e4j649$in4$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z947668478zeb1d52e378e4916c06b1227e96e6c343z > > Why does SC bother with the part about "such-and-such is not a MX for > bigpond? As far as I know bigpond will receive mail from anywhere. I'm > wondering if SC has had a change or update which changes the way it > considers my ISP's mail configuration. > > In the above example, SC might have chaintested successfully, if it had > accepted that bigpond will receive mail from anywhere on the internet. > > Or I could be reading the parse wrong - I have reported it as SC found it, > in case this is some spammer trick. > > Anyone know whether the ISP SC notified is correct? > > > Cheers ... > > Geoffrey Hyde > SpamCop is also NOT adding IP sources for scoring to it's SCBL 84.20.170.193 shows that it has had no reports yet made? This link is for SpamCop email users which shows a "register" of IP's http://mailsc.spamcop.net/sc?track=84.97.161.139 From MikeE at ster.invalid Thu May 18 20:57:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 18 23:00:03 2006 Subject: [SpamCop-List] Re: Chaintest not working, or spammer trick? References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z947668478zeb1d52e378e4916c06b1227e96e6c343z Abbreviated tracelines *comment from mk084020170193.a1.net ([84.20.170.193]) by imta02ps.mx.bigpond.com *SC sez source, possibly relay from [84.20.24.113] (helo=mpi) by mk084020170193.a1.net *possible sourceline SC may have made a mistake on the parse, may have broken the chain prematurely, or SC may be right. "mk084020170193.a1.net looks like a dynamic host, untrusted as relay" SC doesn't know there are a bunch of output servers which look just like that. The payload is a b64 gif stockspam. > Why does SC bother with the part about "such-and-such is not a MX for > bigpond? That is part of the algorithmic sequence for preparing for the 'mx step'. > As far as I know bigpond will receive mail from anywhere. That does not pertain to 'blank is not an mx'. > I'm wondering if SC has had a change or update which changes the way > it considers my ISP's mail configuration. That parse is not for a mailhosted account, unless something has been changed in how the algorithm provides the verbose for a tracker. > In the above example, SC might have chaintested successfully, if it > had accepted that bigpond will receive mail from anywhere on the > internet. > > Or I could be reading the parse wrong - I have reported it as SC > found it, in case this is some spammer trick. > > Anyone know whether the ISP SC notified is correct? Regardless of whether the source was 84.20.170.193 rDNS mk084020170193.a1.net which looks like a a1.net output server to me or 84.20.24.113 no rDNS presumably a user IP which isn't listed anywhere, the notify is the same block. But SC's cached answer for the notify address was stale. The current ripe contacts say ripe-admin-c@mobilkom.at & ripe-tech-c@mobilkom.at -- not what SC had in its cache: m.haupt@mobilkom.at & e.hochstoeger@mobilkom.at The problem/question is whether or not the headers show a user IP relaying thru' a server or if the bottom Received is a bogus line with a good forgery and timestamp. Senderbase shows a number of output servers with similar names, but not that one. I can't find anything in sightings to help dissect those headers. All things considered, I think in this case it is better for SC to err on the side of naming the server -- if the server is relaying spam and it gets listed, there will be an earlier resolution of what is going on. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu May 18 23:04:58 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 18 23:10:03 2006 Subject: [SpamCop-List] Re: Chaintest not working, or spammer trick? References: Message-ID: "Petzl" wrote in message news:e4j9ih$kre$1@news.spamcop.net... > > SpamCop is also NOT adding IP sources for scoring to it's SCBL > 84.20.170.193 shows that it has had no reports yet made? > This link is for SpamCop email users which shows a "register" of IP's > http://mailsc.spamcop.net/sc?track=84.97.161.139 As mentioned 'over there' .. this may be fallout mentioned at No recent reports, no history available, On every IP I check now http://forum.spamcop.net/forums/index.php?showtopic=6373 From nobody at devnull.spamcop.net Thu May 18 23:13:22 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 18 23:15:02 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: "Canopus" wrote in message news:e4j0s9$eg1$1@news.spamcop.net... > I've been sending spam submissions via Quick Reporting, but, for the past > few days I have not received any reports back. I just checked Past > Reports and see my submissions have got through, but, also see a note > saying "No reports files". I.e. last one logged says: Although I see you fixed you issue, there seems to still be some folks with the problem ...I've tried to keep up the actions, results, etc. at Quick reporting data Reports, New User Option http://forum.spamcop.net/forums/index.php?showtopic=6366 Traffic "here" exists in multiple newsgroups, different types of account holders, submitting in different ways, appear to have ended up with some differing results, especially the "option" availability under the Preferences screen .... From nobody at devnull.spamcop.net Thu May 18 23:21:08 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 18 23:25:03 2006 Subject: [SpamCop-List] Re: No Reports Files References: Message-ID: "Mike Easter" wrote in message news:e4j3oo$gv7$1@news.spamcop.net... > > I cannot compute that. I am hearing and not hearing that you can quick > report. I am hearing that you are seeing no report file when you quick > report -- which you are saying you are not enabled to do. Wearing the systems-analysis hat, I'm going that there are three or four database fields involved with a user's account (type, settings, etc.) ... but the install of the "new field - Default = No" only looked at two of the fields .... thus the action got applied, but the "Preference" option flag wasn't also added in some cases ... assumedly the web-mail account holders that had requested and received the Quick-Reporting option approval .... What I'm reading thus far is that Don is handling this as the complaints arrive, account by account ... but again, pure conjecturing based on traffic seen .... From usenet2 at DE.LETE.THISljvideo.com Fri May 19 04:34:23 2006 From: usenet2 at DE.LETE.THISljvideo.com (Larry in AZ) Date: Thu May 18 23:35:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Waiving the right to remain silent, Tim McGraw said: > If no one ever bought anything or never visited a spamvertized site, > there wouldn't be any spam. No one ever buys the junk that MLM'ers claim to sell, yet there are always a shitload of MLM'ers... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "I've come here to enjoy nature. Don't talk to me about the environment!" - 'Denny Crane' From edb2000 at spamcop.net Thu May 18 22:56:14 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Fri May 19 01:00:03 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Mike Easter wrote: > Ejo wrote: > >>Mike Easter wrote: > > >>>I cannot compute that. I am hearing and not hearing that you can >>>quick report. > > >>Some words from ejo then, maybe that offers some help. I went exactly >>through this ordeal, after I explained my problem to don at >>service@admin.spamcop.net, I got the reply that you have to fix this >>under preferences at the reporting server, there should be an option >>that allows you to enable quick reporting. If it is off (the default >>apparently) then turn it on, that causes the quick reports to go >>through the system. I'm not sure whether everybody has this option >>under preferences and whether my preferences were patched by Don. > > > I understand your story. It is the same as mine. > > My current understanding is that those who are not flagged or enabled as > quick report do not have that as a preference. > > But, the poster Jim said: > > Jim wrote: > >>I am a paid user and I am not flagged for quick reporting. >> >> I don't even have the option to not receive quick reports. >> >> I am also seeing the "no report file" when I submit quick reports. > > > > I can't compute that combination/sequence of declarative statements. This seems to be both a feature and a bug. Separately. It appears as though users who have not been authorized to do Quick Reporting (I am one who has not) do *not* have that option showing up in their Preferences. If you have not requested the Deputies to enable Quick Reporting on your SC reporting account, then that option will not appear for you. You can't turn it on nor turn it off. This is a feature. The first problem seems to be that the default for that setting is "On", so that Quickreporting result emails are not sent. This is arguably either a bug or a feature, depending on your point of view. The second problem seems to be that said option does not just stop the result email being sent after the report has been made, it also shorts the report directly to ground. This would seem to be a bug; SC is not performing as we have been told it should. And since those users do not have the option presented to turn that option on or off, they have no way to alter that default behavior which is to prevent quick reports altogether. This is arguably either a bug or a feature :-) -- Don Wannit A paid SpamCop user since 1999 From nospam at nospam.org Fri May 19 09:27:52 2006 From: nospam at nospam.org (Ejo) Date: Fri May 19 02:30:07 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Don Wannit wrote: > Mike Easter wrote: > >> Ejo wrote: >> >>> Mike Easter wrote: >> >> >>>> I cannot compute that. I am hearing and not hearing that you can >>>> quick report. >> >> >>> Some words from ejo then, maybe that offers some help. I went exactly >>> through this ordeal, after I explained my problem to don at >>> service@admin.spamcop.net, I got the reply that you have to fix this >>> under preferences at the reporting server, there should be an option >>> that allows you to enable quick reporting. If it is off (the default >>> apparently) then turn it on, that causes the quick reports to go >>> through the system. I'm not sure whether everybody has this option >>> under preferences and whether my preferences were patched by Don. >> >> >> I understand your story. It is the same as mine. >> >> My current understanding is that those who are not flagged or enabled as >> quick report do not have that as a preference. >> >> But, the poster Jim said: >> >> Jim wrote: >> >>> I am a paid user and I am not flagged for quick reporting. >>> >>> I don't even have the option to not receive quick reports. >>> >>> I am also seeing the "no report file" when I submit quick reports. >> >> >> >> I can't compute that combination/sequence of declarative statements. > > This seems to be both a feature and a bug. Separately. > > It appears as though users who have not been authorized to > do Quick Reporting (I am one who has not) do *not* have that > option showing up in their Preferences. If you have not > requested the Deputies to enable Quick Reporting on your SC > reporting account, then that option will not appear for you. > You can't turn it on nor turn it off. This is a feature. > > The first problem seems to be that the default for that setting > is "On", so that Quickreporting result emails are not sent. > This is arguably either a bug or a feature, depending on > your point of view. > > The second problem seems to be that said option does not > just stop the result email being sent after the report has > been made, it also shorts the report directly to ground. > This would seem to be a bug; SC is not performing as > we have been told it should. I understand your frustration, but you can still go for the manual reporting. That will work fine, but it takes time to do it. Earlier this week Don put in a high-priority request to fix this issue, it appears that a programmer is working on it. > > And since those users do not have the option presented > to turn that option on or off, they have no way to alter > that default behavior which is to prevent quick reports > altogether. This is arguably either a bug or a feature :-) > From jg at coks.net Fri May 19 00:32:03 2006 From: jg at coks.net (jg) Date: Fri May 19 02:30:19 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: On 5/18/2006 5:38 PM steve auvache scribbled: > Tim McGraw wrote >> Jamie wrote: >>> I just went to http://www.bluesecurity.com/ and they have this notice on >>> ther website right now.This another hijacking or is this for real? >>> >>> They claim the communities page will be active till May 31 2006. >>> >>> >> They really had no idea what they were getting into. > > You appear to be right on the money with that one. > > Still there you go, water under the bridge and all that. A crying shame > it didn't work but it was worth the try. yes and no > > The one sobering conclusion that I draw from it is that it ended with > The Internet backing away from One Spammer. Which is sad. > > > no, it was the system working for a change - BS was outted as an IPO shill while posing as templar knights. just another WND* *weapons of net destruction From nospam at nospam.org Fri May 19 10:19:28 2006 From: nospam at nospam.org (Ejo) Date: Fri May 19 03:20:04 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Don Wannit wrote: > Mike Easter wrote: > >> Ejo wrote: >> >>> Mike Easter wrote: >> >> >>>> I cannot compute that. I am hearing and not hearing that you can >>>> quick report. >> >> >>> Some words from ejo then, maybe that offers some help. I went exactly >>> through this ordeal, after I explained my problem to don at >>> service@admin.spamcop.net, I got the reply that you have to fix this >>> under preferences at the reporting server, there should be an option >>> that allows you to enable quick reporting. If it is off (the default >>> apparently) then turn it on, that causes the quick reports to go >>> through the system. I'm not sure whether everybody has this option >>> under preferences and whether my preferences were patched by Don. >> >> >> I understand your story. It is the same as mine. >> >> My current understanding is that those who are not flagged or enabled as >> quick report do not have that as a preference. >> >> But, the poster Jim said: >> >> Jim wrote: >> >>> I am a paid user and I am not flagged for quick reporting. >>> >>> I don't even have the option to not receive quick reports. >>> >>> I am also seeing the "no report file" when I submit quick reports. >> >> >> >> I can't compute that combination/sequence of declarative statements. > > This seems to be both a feature and a bug. Separately. > > It appears as though users who have not been authorized to > do Quick Reporting (I am one who has not) do *not* have that > option showing up in their Preferences. If you have not > requested the Deputies to enable Quick Reporting on your SC > reporting account, then that option will not appear for you. > You can't turn it on nor turn it off. This is a feature. > > The first problem seems to be that the default for that setting > is "On", so that Quickreporting result emails are not sent. > This is arguably either a bug or a feature, depending on > your point of view. > > The second problem seems to be that said option does not > just stop the result email being sent after the report has > been made, it also shorts the report directly to ground. > This would seem to be a bug; SC is not performing as > we have been told it should. > > And since those users do not have the option presented > to turn that option on or off, they have no way to alter > that default behavior which is to prevent quick reports > altogether. This is arguably either a bug or a feature :-) > Another comment to the deputies: If you introduce a change like disabling the quick reporting then this should be stated up front as a news item when you log in to spamcop (all servers). I don't see anything reported when I log in to the reporting or the mail server. Ejo From spam_hjp at yahoo.com Fri May 19 05:09:04 2006 From: spam_hjp at yahoo.com (Jim) Date: Fri May 19 04:10:03 2006 Subject: [SpamCop-List] Re: No Reports Files In-Reply-To: References: Message-ID: Ejo wrote: > Don Wannit wrote: >> Mike Easter wrote: >> >>> Ejo wrote: >>> >>>> Mike Easter wrote: >>> >>> >>>>> I cannot compute that. I am hearing and not hearing that you can >>>>> quick report. >>> >>> >>>> Some words from ejo then, maybe that offers some help. I went exactly >>>> through this ordeal, after I explained my problem to don at >>>> service@admin.spamcop.net, I got the reply that you have to fix this >>>> under preferences at the reporting server, there should be an option >>>> that allows you to enable quick reporting. If it is off (the default >>>> apparently) then turn it on, that causes the quick reports to go >>>> through the system. I'm not sure whether everybody has this option >>>> under preferences and whether my preferences were patched by Don. >>> >>> >>> I understand your story. It is the same as mine. >>> >>> My current understanding is that those who are not flagged or enabled as >>> quick report do not have that as a preference. >>> >>> But, the poster Jim said: >>> >>> Jim wrote: >>> >>>> I am a paid user and I am not flagged for quick reporting. >>>> >>>> I don't even have the option to not receive quick reports. >>>> >>>> I am also seeing the "no report file" when I submit quick reports. >>> >>> >>> >>> I can't compute that combination/sequence of declarative statements. >> >> This seems to be both a feature and a bug. Separately. >> >> It appears as though users who have not been authorized to >> do Quick Reporting (I am one who has not) do *not* have that >> option showing up in their Preferences. If you have not >> requested the Deputies to enable Quick Reporting on your SC >> reporting account, then that option will not appear for you. >> You can't turn it on nor turn it off. This is a feature. >> >> The first problem seems to be that the default for that setting >> is "On", so that Quickreporting result emails are not sent. >> This is arguably either a bug or a feature, depending on >> your point of view. >> >> The second problem seems to be that said option does not >> just stop the result email being sent after the report has >> been made, it also shorts the report directly to ground. >> This would seem to be a bug; SC is not performing as >> we have been told it should. >> >> And since those users do not have the option presented >> to turn that option on or off, they have no way to alter >> that default behavior which is to prevent quick reports >> altogether. This is arguably either a bug or a feature :-) >> > > > Another comment to the deputies: If you introduce a change like > disabling the quick reporting then this should be stated up front as a > news item when you log in to spamcop (all servers). I don't see anything > reported when I log in to the reporting or the mail server. > > Ejo If you turn off the quick email report option in preferences or do not have the quick report option in preferences quick reports will not run and you get "No reports file" Below is what I got from a deputy. Yes, the latest SpamCop version that went live on Monday includes a new feature that allows users to turn off the sending of the summary reports when submitting throught the quick system. Unfortunately this new coding contained a bug that completely disables the quick reporting system :-( Compounding the problem, while the fix has been available since Wednesday, the person who approves changes and pushes them to the production server has been off sick. I do see a note from Don earlier today asking for an emergency exemption allowing one of the other engineers to push the code, but don't see a response to his request. If it hasn't already been done, hopefully by COB Friday. From nospam at aol.com Fri May 19 10:29:11 2006 From: nospam at aol.com (Chris) Date: Fri May 19 04:30:03 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: "anon" wrote in message news:e4irsi$bgv$1@news.spamcop.net... > > "Chris" wrote in message > news:e4iqd4$ado$1@news.spamcop.net... >> Hi Mike >> >> Thank you for your input. Please forgive me that I am not as clued up and >> I.T. literate as most appear to be on this Forum. >> >> I just wanted to clear up a few points. >> >> My reference in relation to 'attack' was specifically that I am getting a >> very large amount of spam emails with a specific FROM domain name. I >> appreciate that spam origins can be faked, altered etc >> I percieve this as an ATTACK as it is starting to affect my business and >> is unwanted. 40/50 is a very large amount of junk I have to sift through >> on a daily basis from one 'apparent' source. >> Perhaps 'sift through' is the wrong term, but since I am now reporting >> all the Spam I get BY HAND to Spamcop, and I keep on seeing >> 'sortnoxington' and 'stagedgarage' constantly every day, I wondered if >> the two domains rang a bell with anyone else, but they do not appear to >> have done. >> > > > >> >> I am NOT running the JW software - In a previous message I did state that >> I was running MailWasher, which runs quite well. >> > > > Notice that this is an INLINE comment not top-posting!! > > I hope you are not using MW to 'bounce' your mail - as noted in other > posts in this thread, the from that MW bounces to is usually bogus - so > you are just spamming some innocent party! > > -- > A SpamCop user and forum reader, > Not Admin > > Point taken regarding Mailwashers 'bounce' facility. I only use this when I think there is a good chance that the sender was legitimate. As stated, I am not an I.T. expert. Forgive me for not being 'contextualised' as the previous replier stated. I will leave the argument here - Thank you for your assistance. Chris From MikeE at ster.invalid Fri May 19 02:37:01 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 04:40:03 2006 Subject: [SpamCop-List] Re: sortnoxington.com - stagedgarage.com - Anything else I can do to stop the spam? References: Message-ID: Chris wrote: > Forgive me for not being 'contextualised' as the previous replier > stated. Good job and thanks for getting away from the top post. The contextualization comes out of the trimming. > As stated, I am not an I.T. expert. Trimming away what you are not replying to is not high tech. It is more a matter of watching what others do. Normally one doesn't change the order of the trimmed cite, as I did above -- so don't watch that :-) -- Mike Easter kibitzer, not SC admin From "Michael Brennan Message-ID: Chris wrote: > > Hi folks > > Just wanted to check everything was OK. > I set up an account with Spamcop, and my software (Mailwasher) seems to > handle things pretty automatically. > Hi, Chris, Welcome to SpamCop. Mike Easter didn't mention it, but when replying to posts in this newsgroup, the older hands appreciate it if you bottom-post your response and snip for brevity in the quoted text you're replying to. That all said, good luck with it. The 100-150/day sounds pretty grim. Hope your SpamCop account makes things easier for you. Michael From not at here.invalid Fri May 19 08:23:40 2006 From: not at here.invalid (Ellen) Date: Fri May 19 08:55:02 2006 Subject: [SpamCop-List] Re: Chaintest not working, or spammer trick? References: Message-ID: "WazoO" wrote in message news:e4jcld$mgc$1@news.spamcop.net... > > No recent reports, no history available, On every IP I check now > http://forum.spamcop.net/forums/index.php?showtopic=6373 > > Yes, this is a known bug and has a high priority on the fix list. It does not necessarily mean that there are no recent reports; it is appearing for all IPs regardless of whether the IP has never had a report or whether it has a billion reports ... Ellen SpamCop From "Michael Brennan Message-ID: Vanguard wrote: > > > Spraying the air above the kitchen or dining table while eating to get > rid of the flies that are bothering you will probably work very well, > but then the dead flies and insecticide fall into your food. So you > killed the flies and poisoned your food. With BS, and assuming they are > effective, you get rid of or hurt the spammer but you've harmed more > than just that site. Good opus, thank you. Michael From bar_n0ne at hotmail.com Fri May 19 10:44:20 2006 From: bar_n0ne at hotmail.com (Berny) Date: Fri May 19 10:45:03 2006 Subject: [SpamCop-List] Warning, "Joe-ing" IB's becoming Routine Message-ID: Strictly speaking not a Joe, just an attempt to confound. see http://www.spamcop.net/sc?id=z948082548z6972429abe5b6a3c34e88eb6b3a78a8ez In this case SC did identify only the correct target, but it's notalways so "lucky" This is watch spam probably a James Barkley/Gregoire (Tucows) , but I've noticed more and more attempts to seed spam with IB websites lately, especially by the replica gangs. Me thinks they are trying to accomplish 2 things here; make too many links and put SC and it's reporters to disrepute. For some the only way to ID the spamvertising site is to render the spam and examine which link they want the mark to see (not recommended) From Xdave_deep at btinternet.comX Fri May 19 17:46:48 2006 From: Xdave_deep at btinternet.comX (Dave Deep) Date: Fri May 19 11:50:03 2006 Subject: [SpamCop-List] Webmail Down again Message-ID: Webmail Down again, it just died on me I am getting cannot find server messages. D From tmcgraw at spamcop.net Fri May 19 11:08:47 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 19 13:10:03 2006 Subject: [SpamCop-List] Re: Webmail Down again In-Reply-To: References: Message-ID: Dave Deep wrote: > Webmail Down again, it just died on me I am getting cannot find server > messages. All's well here. Your munging technique is simple and elegant, BTW. From "Michael Brennan This phony U.K. lottery spam http://www.spamcop.net/sc?id=z948355688z7f00015eb266672cf1d7d5c584e4cc54z returned a Yahoo URL link that was referenced in the SpamCop report as "previously appealed". This required me to look at the spam and it appears the Yahoo! mail address is a customer-service address possibly associated with a real U.K. lottery operation. Does anyone know enough about the U.K. lottery ops to say whether this e-mail address should be LARTed? I just noticed a posting from Berny about a new trend toward IB links being deliberately included by spammers. Would this be an example? Interestingly, I found two other e-mail addresses in the spambody at katamail.com and myway.com, which looked like they could be spammer contacts, which were not picked out by the parser. TIA, Michael From bar_n0ne at hotmail.com Fri May 19 17:12:37 2006 From: bar_n0ne at hotmail.com (Berny) Date: Fri May 19 17:15:03 2006 Subject: [SpamCop-List] Re: U.K. Lottery Spam / URL "Previously Appealed" References: Message-ID: "Michael Brennan >" <"Michael Brennan wrote in message news:e4lbff$us7$1@news.spamcop.net... > This phony U.K. lottery spam > > http://www.spamcop.net/sc?id=z948355688z7f00015eb266672cf1d7d5c584e4cc54z > SNIP > I just noticed a posting from Berny about a new trend toward IB links > being deliberately included by spammers. Would this be an example? No, I doubt it, either a look alike or a real link to the lotto to convince you that you won a real lotto What I've seen are Links to yellow pages (telephone book) , Stock brokers (keep in mind these are penis and watch spams), Game sites, and the like, in the part of the HTML that isn't rendered normally when the mail is rendered in a mailreader. > > Interestingly, I found two other e-mail addresses in the spambody at > katamail.com and myway.com, which looked like they could be spammer > contacts, which were not picked out by the parser. Well, AFAIK it's been years since SC picked out LARTS for embedded email addresses, too many were fakes. You'll have to LART those manually, if you think those are dropboxes, although the web parser will tell you where, if you insert them in the window. From tmcgraw at spamcop.net Fri May 19 15:17:04 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 19 17:20:04 2006 Subject: [SpamCop-List] Re: U.K. Lottery Spam / URL "Previously Appealed" In-Reply-To: References: Message-ID: Michael Brennan wrote: > This phony U.K. lottery spam > > http://www.spamcop.net/sc?id=z948355688z7f00015eb266672cf1d7d5c584e4cc54z > > returned a Yahoo URL link that was referenced in the SpamCop report as > "previously appealed". > > This required me to look at the spam and it appears the Yahoo! mail > address is a customer-service address possibly associated with a real > U.K. lottery operation. > > Does anyone know enough about the U.K. lottery ops to say whether this > e-mail address should be LARTed? 1) The FROM address in spam is almost always forged and meaningless. 2) I can pretty much assure you that lotteries do not pay out through email notifications. > I just noticed a posting from Berny about a new trend toward IB links > being deliberately included by spammers. Would this be an example? No. > Interestingly, I found two other e-mail addresses in the spambody at > katamail.com and myway.com, which looked like they could be spammer > contacts, which were not picked out by the parser. The parser does not operate on email addresses. There are rare instances when it is appropriate to report an embedded email address (419 scams come to mind), but you have to do it manually. From user at example.com Fri May 19 17:19:27 2006 From: user at example.com (cwg) Date: Fri May 19 17:20:16 2006 Subject: [SpamCop-List] What, Why, and How, does spamcop persistantly miss links Message-ID: I am confused, and am worried, that because spamcop is missing links in messages, or not parsing them and returning the reporting address, that my needing to repeatedly refresh the page until it does return the reporting address'(s) for the offending email, that the number of (M)bytes I purchased are being consumed by each refresh. It's almost as though the website was being whitelisted. From bjoeg at *spammer*bjoeg.dk Fri May 19 22:23:05 2006 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Fri May 19 17:25:04 2006 Subject: [SpamCop-List] RR guides to use spammers link Message-ID: Got an issue here, where I dunno if I should follow RoadRunners guidelines or teach them how spam works. It is regarding SpamCop ID 1755704299, see whole email source end of this message. RR actually replied to this report with the following message: "My name is Martin Brice and I work for Time Warner Cable in the Network Security Department. I have received the complaint you sent in to Spamcop about email received from dotty@aaa-ink.com. For whatever reason your email is on their email list requesting information be sent to you. If you no longer wish to receive email from this company please click on the Remove link located at the bottom of the email. The company has been verified and they will not send email to your address again when you do this. If you wish, you can send me your email address and I will contact them and tell them to remove your email." Now checking out aaa-ink.com, the webserver feels a bit fishy. Not much other than directory access, with unsubscribe.html which just is a HTML file saying "you have been unsubscribed" So my question, should I follow RR request and unsubscribe, possibly ending in more spam since link could just be for verification of emailaddress, or should I request RR to review the report again and tell that spam is somewhat illegal? Spam as follows: +OK 2611 bytes will follow X-T2-Real-To: Return-Path: X-Cloudmark-Score: 100.000000 [XXXXXX] X-Alert: possible spam! Received: from patience.aaa-ink.com ([66.27.53.147] verified) by mailfe10.swip.net (CommuniGate Pro SMTP 5.0.8) with ESMTP id 29456785 for x; Fri, 19 May 2006 10:44:24 +0200 Received: by patience.aaa-ink.com (Postfix, from userid 0) id 528E6414445; Fri, 19 May 2006 01:44:14 -0700 (PDT) To: x From: Dotty Subject: 123Inkjets::28% Off Coupon Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/html User-Agent: Mutt/1.5.9i Message-Id: <2006__________________4445@patience.aaa-ink.com> Date: Fri, 19 May 2006 01:44:14 -0700 (PDT)
Use Coupon Code "28MAY2006" at checkout

Dotty's Deals is pleased to bring you 123Ink jets' May Promotion. For a short time, you may use our special coupon code above to obtain an additional 28 percent off already-discounted high quality printing supplies. (No minimum purchase required; for orders over $60 use coupon code 30MAY2006 to receive 30% off.)

123Inkjets carries ink and toner for Hewlet Packard, Canon, Xerox, Lexmark, Epson and many other brands. They offer a one-year guarantee and free shipping. But this offer expires 5/22/06, so check it out today.

* Coupon expires on 05/22/06. All coupons are limited to one coupon per customer per order. Coupons are also not currently valid on all OEM products. Free Shipping offer valid for the Contiguous 48 states.

Thank You and Happy Shopping,

-Dotty

123Inkjets
---------------------
This advertisement was sent to x because this address is subscribed to one or more of our weekly newsletters. You may discontinue further communications through this hyperlink or by sending any message from this email address to remove@aaa-ink.com
Tailor-Made Productions LLC, 2683 Via De La Valle #G-502, Del Mar, CA 92014. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From "Michael Brennan Message-ID: steve auvache wrote: > > > The one sobering conclusion that I draw from it is that it ended with > The Internet backing away from One Spammer. Which is sad. Who is One Spammer? Michael From "Michael Brennan Message-ID: Mike Easter wrote: > > Turan Fettahoglu wrote: > > > No matter if Bluefrog was good or bad: they had a successful idea how > > to kick spammers out of business, > > BS/BF wasn't about kicking spammers out of business. BS/BF was > /allegedly/ about listwashing BFers' addies from spamvertiser > spamminglists. > > Actually BS/BF was about making money. It was a 'capitalistic' venture. > > Not that there is anything wrong with capitalism, but sometimes it is > dirty. Nefarious. Misrepresentational. > So, Mike, what's the real answer? Mine is illegal and therefore not discussible. It involves frogmen rising out of the sea, smoking ruins, and slowly cooling spammers. Not feasible due to strenuousness, expense, and likely bogus moral issues that would be raised by not-at-all-innocent bystanders. Open to other suggestions. Michael From "Michael Brennan Message-ID: Vanguard wrote: > > > Amazing how many BS users bought into the scheme to have their hosts > running as zombies in a DDOS attack. Most users expend effort using > anti-virus and anti-malware products to prevent their hosts from > becoming zombie slave hosts. How would you prefer to tackle the problem that Blue Frog took on? What strategy would you suggest? SpamCop uses reporting for the benefit of blocklist users, so that's a client-side answer. The previous thread discussed the unwillingness of major ISP's to tackle the problem by black-holing other major ISP's and NIC's whose executives have chosen to take the spammers' money and forget about the Net. We haven't even gotten into the implications of U-CAN-SPAM and its (Stateside) redefinition of spam by the Direct Marketing Association, with the rentable help of a sleazy Louisiana congressman. Your turn. Just curious, Michael From nobody at devnull.spamcop.net Fri May 19 19:25:53 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri May 19 18:30:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Well, from the little bit you provided: something doesn't look very good at their supposed web site. I got a Port 80 Index of their files there, and all that's there are two pages which each show unsubscribing from dottydeals.com. So I'd say they're hiding out from people. Dottydeals.com looks like the spamvertised web site to me. That said, I also don't find anything other than the look of the site that looks spammy; maybe someone else will. I did find: ------------------- Administrative Contact: Tailor-Made Productions ************@gmail.com Baldwin, Taylor 2683 Via De La Valle #G502 Del Mar, CA 92014 US 9095222376 Fax: Technical Contact: Tailor-Made Productions ************@gmail.com Baldwin, Taylor 2683 Via De La Valle #G502 Del Mar, CA 92014 US 9095222376 Fax: Registrar of Record: Netfirms Inc. Record expires on 2007-02-23. Record created on 2006-02-23. Database last updated on 2006-05-19 12:50:02. --------------------------- The hidden emails are all: tlynnbaldwinATgmailDOTcom so they're brand new, or only a couple months old which explains their lack of history on the 'net. What I'd do: Ass-u-me-ing you are sure you never asked for their mails/newsletters in any way, I would tell whoever you're working with that you never subscribed to anything there and that you need to see proof of your registation, along with the confirmation tokens etc.. You DO only sign up for confirmed lists, right? The fact that they seem to have paid for a year's service at Netfirms.com to serve their pages tells me their either frauding netfirms, or are pretty clueless, or - you did sign up with them somehow. Ask for the timestamp and email addres of your signup: See if it's believable information. My two cents, anyway. BTW, do NOT post entire spams in this group. Either provide a tracking number or put the spam over in the .spam group. And if that's not meaningful to you, please go read the FAQs on how to use the site. On top of t hat, you did not paste the entire headers or it would have been a simple matter to check out a lot of things, and you could have done it yourself. HTH, Pop "Bjarke Andersen" wrote in message news:Xns97C8EDE0AC672bjoegdk@216.154.195.61... > Got an issue here, where I dunno if I should follow RoadRunners > guidelines > or teach them how spam works. > > It is regarding SpamCop ID 1755704299, see whole email source > end of this > message. > > RR actually replied to this report with the following message: > > "My name is Martin Brice and I work for Time Warner Cable in > the Network > Security Department. I have received the complaint you sent in > to Spamcop > about email received from dotty@aaa-ink.com. For whatever > reason your > email is on their email list requesting information be sent to > you. If you > no longer wish to receive email from this company please click > on the > Remove link located at the bottom of the email. The company > has been > verified and they will not send email to your address again > when you do > this. If you wish, you can send me your email address and I > will contact > them and tell them to remove your email." > > Now checking out aaa-ink.com, the webserver feels a bit fishy. > Not much > other than directory access, with unsubscribe.html which just > is a HTML > file saying "you have been unsubscribed" > > So my question, should I follow RR request and unsubscribe, > possibly ending > in more spam since link could just be for verification of > emailaddress, or > should I request RR to review the report again and tell that > spam is > somewhat illegal? > > > > Spam as follows: > +OK 2611 bytes will follow > X-T2-Real-To: > Return-Path: > X-Cloudmark-Score: 100.000000 [XXXXXX] > X-Alert: possible spam! > Received: from patience.aaa-ink.com ([66.27.53.147] verified) > by mailfe10.swip.net (CommuniGate Pro SMTP 5.0.8) > with ESMTP id 29456785 for x; Fri, 19 May 2006 10:44:24 +0200 > Received: by patience.aaa-ink.com (Postfix, from userid 0) > id 528E6414445; Fri, 19 May 2006 01:44:14 -0700 (PDT) > To: x > From: Dotty > Subject: 123Inkjets::28% Off Coupon > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > Content-Type: text/html > User-Agent: Mutt/1.5.9i > Message-Id: <2006__________________4445@patience.aaa-ink.com> > Date: Fri, 19 May 2006 01:44:14 -0700 (PDT) > >
> href="http://www.dottysdeals.com/123inkjets/coupon/471b47095dddbbfd">Use > Coupon Code "28MAY2006" at checkout >

> Dotty's Deals is pleased to bring you href="http://www.dottysdeals.com/123inkjets/coupon/471b47095dddbbfd">123Ink > jets' May Promotion. > For a short time, you may use our special coupon code above to > obtain > an additional 28 percent off already-discounted high quality > printing supplies. (No minimum purchase required; for orders > over $60 use > coupon code 30MAY2006 to receive 30% off.) >

> 123Inkjets carries ink and toner for Hewlet Packard, Canon, > Xerox, Lexmark, Epson and many other brands. They offer a > one-year guarantee and free shipping. But this offer expires > 5/22/06, so href="http://www.dottysdeals.com/123inkjets/coupon/471b47095dddbbfd">check > it out today. >

> * Coupon expires on 05/22/06. All coupons are limited to one > coupon per > customer per order. Coupons are also not currently valid on all > OEM > products. Free Shipping offer valid for the Contiguous 48 > states. >

> Thank You and Happy Shopping, >

> -Dotty >

> href="http://www.dottysdeals.com/123inkjets/coupon/471b47095dddbbfd"> style="border: 0px solid ; width: 230px; height: 55px;" > alt="123Inkjets" > src="http://www.dottysdeals.com/471b47095dddbbfd/123-img"> >
> --------------------- >
> This advertisement was sent to x because this address is > subscribed to one > or more of our weekly newsletters. You may discontinue further > communications through this > hyperlink or by > sending any message from this email address to > remove@aaa-ink.com >
Tailor-Made Productions LLC, 2683 Via De La Valle #G-502, > Del Mar, CA > 92014. > > -- > Bjarke Andersen - Freelance SpamKiller > http://www.cdt.org/speech/spam/030319spamreport.shtml (How to > prevent) > Wanna reply by email? Remove the spammer in address From "Michael Brennan Message-ID: Mike Easter wrote: > > > The register article is more accurate > http://www.theregister.co.uk/2006/05/17/blue_security_folds/ Blue > Security calls it quits after attack by renegade spammer > > Altho' the register hasn't been very kind to BS, they weren't very mean > about the fold. Mike, Who is the PharmaMaster who shut Blue Security down? I'm guessing it's Leo. BS may have had a flawed business and Net-ethical model, but IMHO there is no way their hat color begins to approach the event-horizon blackness of their adversary's, based on the equities of this series of transactions. Just wondering, Michael From MikeE at ster.invalid Fri May 19 16:48:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 18:50:11 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Bjarke Andersen wrote: > It is regarding SpamCop ID 1755704299, see whole email source end of > this message. Guidelines about how to discuss a spam, or a spam issue, including how to NOT discuss a spam. - Do *NOT* post whole raw spam with complete headers and unrendered html into a discussion group. That is a big NONO. - The one best way to convey the entire spam is to parse a spam email properly submitted to the parser and to copy the tracking URL and paste that tracker into the discussion group. - A reportid is not a tracker and a reader cannot derive a tracker from a reportid. Only the reporter of that particular reportid can convert thatreportid into a tracker by looking up the reportid and following the links to derive the tracker - A tracker and its environment at the top of a parse looks like this: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z948243264z4d9f8a5027723eec698d0f5a914a0bb6z - The other alternative to a tracker is a poor second choice, namely posting the raw spam with complete headers into the newsgroup spamcop.spam which is only for posting such, and is not a discussion group, and then discussing the spam which was posted into spamcop.spam in a discussion group such as spamcop or spamcop.help. It is a poor choice because that method mangles the spam because of newsreader induced linewraps, but a tracker does not. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri May 19 17:19:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 19:20:04 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Mike Easter wrote: > Bjarke Andersen wrote: > >> It is regarding SpamCop ID 1755704299, see whole email source end of >> this message. > > Guidelines about how to discuss a spam, > - The one best way to convey the entire spam is to parse a spam email > properly submitted to the parser and to copy the tracking URL and > paste that tracker into the discussion group. The tracker for the possible spam vs mailing list item we are discussing is Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z948435144zacf139ffbb6c80a8cc838dabe97e064cz That item is 'straightup' in which the From = the source = the spamvertised site Some straightup spam is subscribed, some is not. Abbreviated Received tracelines *comment from patience.aaa-ink.com [66.27.53.147] by mailfe10.swip.net From: Dotty Message-Id: <2006__________________4445@patience.aaa-ink.com> Resolving link obfuscation http://aaa-ink.com/list/?p=unsubscribe&uid=471b47095dddbbfd Host aaa-ink.com (checking ip) = 64.69.41.73 host 64.69.41.73 = unassigned.calpop.com (cached) http://www.dottysdeals.com/123inkjets/coupon/471b47095dddbbfd Host www.dottysdeals.com (checking ip) = 64.69.41.73 host 64.69.41.73 = unassigned.calpop.com (cached) The sourceIP is a RR IP, the website Core Express whois -h whois.arin.net 66.27.53.147 ... OrgName: Road Runner HoldCo LLC NetRange: 66.27.0.0 - 66.27.255.255 whois -h whois.arin.net 64.69.41.73 ... OrgName: CoreExpress NetRange: 64.69.32.0 - 64.69.47.255 RR would be notified by a spamcop notify of this item, and they should investigate the spamsource allegation. A mailing list should have a properly verified optin confirmation, and possibly could provide that to the RR abuse investigator. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Fri May 19 19:21:00 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri May 19 19:25:04 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: "Michael Brennan >" <"Michael Brennan wrote in message news:e4lg13$2qt$1@news.spamcop.net... > Vanguard wrote: >> >> >> Amazing how many BS users bought into the scheme to have their hosts >> running as zombies in a DDOS attack. Most users expend effort using >> anti-virus and anti-malware products to prevent their hosts from >> becoming zombie slave hosts. > > How would you prefer to tackle the problem that Blue Frog took on? > What > strategy would you suggest? SpamCop uses reporting for the benefit of > blocklist users, so that's a client-side answer. The previous thread > discussed the unwillingness of major ISP's to tackle the problem by > black-holing other major ISP's and NIC's whose executives have chosen > to > take the spammers' money and forget about the Net. We haven't even > gotten into the implications of U-CAN-SPAM and its (Stateside) > redefinition of spam by the Direct Marketing Association, with the > rentable help of a sleazy Louisiana congressman. Your turn. > > Just curious, > Michael So what prevents BS from altering their scheme to proliferate the opt-outs at the SAME rate as the users report them? Because the rate that individual users submitting their own opt-out reports has proven ineffective against spammers (but is effective against marketers that actually provide an opt-out procedure). If BS had actually provided the opt-out service that it claimed to provide, sending one opt-out request per one report from a user (for the same spam mail and not for repeated reports from a user against the same spam mail), then BS would be trickling out the opt-outs at the rate the users requested. Basically it would provide the tool needed by users too lazy to perform their own opt-out. That probably accounts for the majority of e-mail users, so the tool would make it easier for them to opt-out which means more users are likely to send the opt-outs. While users could submit their own spam abuse reports to the source of a spam, SpamCop simply provides an ease-of-use to do the parsing and figure out to whom the spam abuse report gets sent to (and may hide the reporter to make the reporter feel safer in submitting those reports). So SpamCop made it easier to submit a spam abuse report but they still went out only at the rate that the users chose to send them and they went out immediately instead of being dammed up to be released later as a flood in a DOS attack. They are also being sent to those that have elected to provide an abuse desk to which the spam reports get sent. What stops BS from also sending spam reports to the abuse desks that those ISPs have elected to establish? BS would then send out - at the same rate as reported - the opt-outs and also spam abuse reports. They then become a reporting service like SpamCop (but adds opt-outs to the scheme). If there is then a flood of opt-outs or spam abuse reports, it is at the same rate as reported by the BS users. I wasn't against BS sending opt-outs. After all, if there actually is an opt-out available (and assuming users think they really work, yeah, right) then users should be sending opt-outs. If BS made that easy and promoted more users to send opt-outs then fine. If the abuse desk were also sent an spam report for each opt-out request, that would help for those sites that don't include an opt-out procedure (and what did BS do when the site provided no opt-out process?). If the ISP provides an abuse desk, send them spam reports but send them immediately. If the site provides an opt-out process, send the opt-outs immediately. If the site doesn't provide an opt-out procedure, send a copy of the spam abuse report also to the site's webhost provider (if they provide an abuse reporting address). If BS were providing a legitimate opt-out procedure that made it easier for lazy users to send opt-outs, why did BS have to hide behind their users' zombied hosts to commit a DDOS attack? Because spammers would block connects coming from BS. Do abuse desks block SpamCop reports? Sure they do. Does SpamCop then DOS that domain because they refuse to accept spam reports? No. Normally you are supposed to report spam to the source's provider. That is because your provider will disavow any responsibility or control over anyone else's domain. It's not their property. So why not include your own provider's abuse desk in your spam abuse reports. Sure they will say they can't do anything about - but they can by, as you mentioned, blocking traffic to that site (e-mails from there and any traffic to there, so your ISP blackholes that other domain). Some, if not most, e-mail providers have an abuse desk to where you can report spam (that comes from their domain). Some also provide a "missed-spam" address to where you can report spam that leaked by their filters (i.e., inbound spam to your ISP) to help them tweak their spam filtering. If your ISP doesn't provide a missed-spam address then all you have is their normal spam abuse address, so send your spam abuse report to both the sending and receiving domain's abuse desks. The only property that is yours in this whole scenario is your computer. Everything belongs to someone else. You get to *ask* them per your wants. You don't get to steal their property just because you don't happen to like what they are doing. Gee, I don't like that you cut me off so I'll just ram your car and probably careen into others, too. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From MikeE at ster.invalid Fri May 19 17:21:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 19:25:14 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Bjarke Andersen wrote: > So my question, should I follow RR request and unsubscribe, possibly > ending in more spam since link could just be for verification of > emailaddress, or should I request RR to review the report again and > tell that spam is somewhat illegal? Those who are reading here cannot prove or disprove that you subscribed and that therefore you should unsubscribe and that it was a bad report. It isn't clear exactly how source provider RR determined that you subscribed, but it is possible or even likely that you did, where likeliness is based on a combination of straightup mail and source provider investigation and guesswork about how you pay attention.. It is against the rules of spamcop for you to spamreport something for which you subscribed, and you should unsub from a subbed list, not report it as spam. Since you have demonstrated by your spamposting here that you don't pay attention to what you are doing, I'm going to bet that you subscribed, even tho' I can't prove it the way the RR investigator may have. It is also possible that RR is allowing their customer client to use some kind of bad list management. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Sat May 20 01:39:43 2006 From: crappy.trappy at ntlworld.com (Tim) Date: Fri May 19 19:40:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Michael Brennan wrote: > It involves frogmen > rising out of the sea, smoking ruins, and slowly cooling spammers. Conjures up some nice images. Very nice. Anything that hurts spammers is a good. From tmcgraw at spamcop.net Fri May 19 17:39:26 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 19 19:40:11 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > > It is also possible that RR is allowing their customer client to use > some kind of bad list management. It is also possible that there is no Martin Brice in the Network Security Department of Time Warner Cable and the notice is a spoof. Do you really believe Bjarke posting from 212.242.205.253 subscribed to "Dotty's Deals, Help For The Shopping-Impaired"? dottysdeals.com gets all of five hits in Google, BTW, and is registered with a gmail addy and some kind of Mailboxes Etc. address. From MikeE at ster.invalid Fri May 19 17:50:56 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 19:55:03 2006 Subject: [SpamCop-List] Re: U.K. Lottery Spam / URL "Previously Appealed" References: Message-ID: > This phony U.K. lottery spam > www.spamcop.net/sc?id=z948355688z7f00015eb266672cf1d7d5c584e4cc54z The spam is sourced from 212.78.202.217 rDNS lmfilto03.st1.spray.net an output server which is listed in multiple blocklists including sorbs spamlist. The payload is mail addresses: Email: catherineclaims@myway.com catherineoffice1@katamail.com > returned a Yahoo URL link that was referenced in the SpamCop report as > "previously appealed". The yahoo is not a payload link, it is a screwed up html configuration of the social engineering part of the spam that is advising what to do about bogus lottery spams. The spam is trying to advise the spammee to report bogus lottery spams to Warning!!!: Fraudulent emails are circulating that appear to be using National Lottery addresses, but are not from The National Lottery. PLEASE REPORT IMMEDIATELY TO: CUSTOMER CARE/COMPLAINTS DEPT: customercare_sevice@yahoo.co.uk But that warning is misconfigured in both the plaintext and the html text which results in SC finding an obfuscated yahoo link which is not worth pasting here but it accessible at the tracker. > This required me to look at the spam and it appears the Yahoo! mail > address is a customer-service address possibly associated with a real > U.K. lottery operation. No. It is a yahoo mail gizmo the spammer intended to work like what I posted above. > Does anyone know enough about the U.K. lottery ops to say whether this > e-mail address should be LARTed? No. The link is an IB. > I just noticed a posting from Berny about a new trend toward IB links > being deliberately included by spammers. Would this be an example? No. Accidental misconfiguration I think. Do not try to read spammer minds. > Interestingly, I found two other e-mail addresses in the spambody at > katamail.com and myway.com, which looked like they could be spammer > contacts, which were not picked out by the parser. The parser does not notify for email payloads. You will have to do that manually if you are a free reporter or derive the notify address and add it to a spamcop report if you are pay and know how to do it accurately. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri May 19 18:06:06 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 20:10:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > It is also possible that there is no Martin Brice in the Network > Security Department of Time Warner Cable and the notice is a spoof. I am knowing some and assuming some the following, based on the 'style' of the OP. I know that the OP via SC notified RR about the source: http://www.spamcop.net/mcgi?slice=reportid&val=1755704299&action=showhistory 1755704299 ( 66.27.53.147 ) To: abuse@rr.com I'm believing and hearing that RR responded [I'm assuming to the reportid address] and that the OP pasted in the body of that reply here. > Do you really believe Bjarke posting from 212.242.205.253 subscribed > to "Dotty's Deals, Help For The Shopping-Impaired"? To reiterate: Mike Easter wrote: > Those who are reading here cannot prove or disprove that you > subscribed and that therefore you should unsubscribe and that it was > a bad report. > dottysdeals.com > gets all of five hits in Google, BTW, and is registered with a gmail > addy and some kind of Mailboxes Etc. address. On the basis of the 'clues' I mentioned earlier, my bet is that he did. Do you really believe that someone who has a static RR IP 66.27.53.147 which also rDNSes to their domainname grace.aaa-ink.com and which domainname patience.aaa-ink.com DNSes to 66.27.53.147 [same RR] -- is going to risk that broadband business account by sending straightup unsolicited emails to the world at large? Including .dk? The fact that the poster is posting from a .dk IP with a .dk email addy doesn't mean that he didn't subscribe to a FFA list. The website access is global. -- Mike Easter kibitzer, not SC admin From dont_spam at thecow.me.uk Sat May 20 02:04:59 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Fri May 19 20:20:03 2006 Subject: [SpamCop-List] Re: U.K. Lottery Spam / URL "Previously Appealed" References: Message-ID: Michael Brennan wrote >This phony U.K. lottery spam > >http://www.spamcop.net/sc?id=z948355688z7f00015eb266672cf1d7d5c584e4cc54z > >returned a Yahoo URL link that was referenced in the SpamCop report as >"previously appealed". > >This required me to look at the spam and it appears the Yahoo! mail >address is a customer-service address possibly associated with a real >U.K. lottery operation. > >Does anyone know enough about the U.K. lottery ops to say whether this >e-mail address should be LARTed? Well, if it is any help, google seems to think that the right address for the UK National Lottery is a rather unsurprising www.national-lottery.co.uk. Which sounds a lot more plausible than a mailbox at yahoo but we do seem to do things a bit different this side of the pond. -- steve auvache one step closer to The Perfect Date. From dont_spam at thecow.me.uk Sat May 20 02:14:23 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Fri May 19 20:20:14 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Michael Brennan wrote >steve auvache wrote: >> > >> >> The one sobering conclusion that I draw from it is that it ended with >> The Internet backing away from One Spammer. Which is sad. > > > >Who is One Spammer? I have not got a clue and frankly I am not interested in finding out. The only thing I ever want to know about him is when he becomes one less spammer. -- steve auvache one step closer to The Perfect Date. From tmcgraw at spamcop.net Fri May 19 18:24:22 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri May 19 20:25:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> dottysdeals.com >> gets all of five hits in Google, BTW, and is registered with a gmail >> addy and some kind of Mailboxes Etc. address. > > On the basis of the 'clues' I mentioned earlier, my bet is that he did. > > Do you really believe that someone who has a static RR IP 66.27.53.147 > which also rDNSes to their domainname grace.aaa-ink.com spamcop sez Host grace.aaa-ink.com (checking ip) = 66.166.143.182 host 66.166.143.182 = mail.gotsi.net (cached) Host grace.aaa-ink.com (checking ip) = 66.166.143.182 host 66.166.143.182 = mail.gotsi.net (cached) No recent reports, no history available Routing details for 66.166.143.182 [refresh/show] Cached whois for 66.166.143.182 : abuse-isp@covad.com Using abuse net on abuse-isp@covad.com abuse net covad.com = abuse-isp@covad.com Using best contacts abuse-isp@covad.com Statistics: 66.166.143.182 listed in bl.spamcop.net (127.0.0.2) Additional potential problems (these factors do not directly result in spamcop listing) * DNS error: 66.166.143.182 is mail.gotsi.net but mail.gotsi.net is 71.39.189.75 instead of 66.166.143.182 > and which domainname patience.aaa-ink.com DNSes to 66.27.53.147 [same RR] spamcop sez Host patience.aaa-ink.com (checking ip) = 66.27.53.147 host 66.27.53.147 = aaa-ink.com (cached) Host patience.aaa-ink.com (checking ip) = 66.27.53.147 host 66.27.53.147 = aaa-ink.com (cached) No recent reports, no history available Routing details for 66.27.53.147 [refresh/show] Cached whois for 66.27.53.147 : abuse@rr.com Using abuse net on abuse@rr.com abuse net rr.com = abuse@rr.com Using best contacts abuse@rr.com Statistics: 66.27.53.147 listed in bl.spamcop.net (127.0.0.2) Additional potential problems (these factors do not directly result in spamcop listing) * DNS error: 66.27.53.147 is aaa-ink.com but aaa-ink.com is 64.69.41.73 instead of 66.27.53.147 > is going to risk that broadband business account by sending straightup > unsolicited emails to the world at large? Including .dk? As my friend Mike says, don't try to read spammer minds. > The fact that the poster is posting from a .dk IP with a .dk email addy > doesn't mean that he didn't subscribe to a FFA list. The website access > is global. FAA? All I saw was dottysdeals. Obscure as haggis. The possibility Bjarke would subscribe to that is thin to never. From MikeE at ster.invalid Fri May 19 18:28:42 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 20:30:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > registered with a gmail > addy and some kind of Mailboxes Etc. address. Actually Postal Annex+ - Store #374 - I'm familiar with it. The domain registrant address is in error at the netfirms registrar, the street address is 2683 Via de La Valle instead of 2683 Via De LaVilla. The mailboxes place is in Suite G. http://www.postalannex.com/Find/store_detail.asp?id=374&city=del%20mar&state=CA&zip=92014&storenumber=&action=submitted&page=1 Maybe the reason the OP signed up was for some kind of free giveaway for giving your mail addy for a newsletter: Seen at Dotty's Deals "Sign up for our newsletter for a chance to win a Epson Photo Printer every day this month!" -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri May 19 18:48:42 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 19 20:50:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > spamcop sez > > Host grace.aaa-ink.com (checking ip) = 66.166.143.182 I don't want to talk about that IP just now. The source IP is 66.27.53.147 rDNS aaa-ink.com the evidence for it spamming is worth talking about: > Statistics: > 66.27.53.147 listed in bl.spamcop.net (127.0.0.2) will be delisted automatically in approximately 8 hours SpamCop spam traps users have reported system as a source of spam less than 10 times Report on IP address: 66.27.53.147 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 5.1 4413% Last 30d 3.9 234% Average 3.4 >> is going to risk that broadband business account by sending >> straightup unsolicited emails to the world at large? Including .dk? > > As my friend Mike says, don't try to read spammer minds. I think we have some 'foolish' spamming by a broadband account. I'm going to predict that they did some bad mailing list management; ie bought a list or something. Or they aren't doing confirmed optin and someone is poisoning the list with bogus trap subscriptions. >> The fact that the poster is posting from a .dk IP with a .dk email >> addy doesn't mean that he didn't subscribe to a FFA list. The >> website access is global. > > FAA? All I saw was dottysdeals. Obscure as haggis. The possibility > Bjarke would subscribe to that is thin to never. FFA = free for all. Subscribe and you get freestuff. -- Mike Easter kibitzer, not SC admin From someone at microsoft.com Fri May 19 22:13:17 2006 From: someone at microsoft.com (JOhn Smith) Date: Fri May 19 21:15:07 2006 Subject: [SpamCop-List] Re: Hotmail spam References: Message-ID: "John Loaf" wrote in message news:e453oo$s72$1@news.spamcop.net... > I've used Outlook Express to forward Hotmail spam to Spamcop for several > years. I think with the new LIVE services I'm going to lose the use of OE > with Hotmail. It was supposed to happen last year but I got a reprieve > since I was actively using the Hotmail/OE combination. If I lose the use of > OE I'll have to forward spam from the Hotmail web page. I have never been > able to get that to work; Spamcop returns an error message that headers were > missing or incomplete or something like that. Is it possible to forward > spam from the Hotmail web page with different settings? I haven't been able > to correct the forwarding so far. I dont know about forwarding. I always report from hotmail as follows - log into spamcop - in the hotmail window click on "View E-mail Message Source" - cut and paste entire contents into spamcop window From "Michael Brennan Message-ID: Tim McGraw wrote: > > The parser does not operate on email addresses. There are rare instances > when it is appropriate to report an embedded email address (419 scams > come to mind), but you have to do it manually. Tim, Berny, Thanks, I didn't know that about the e-mail addresses, I guess I'll have to go back and LART manually, as you say, and look for that in the future when dealing with these "419" and similar fraud attempts. Michael From "Michael Brennan Message-ID: Mike Easter wrote: > > > > Interestingly, I found two other e-mail addresses in the spambody at > > katamail.com and myway.com, which looked like they could be spammer > > contacts, which were not picked out by the parser. > > The parser does not notify for email payloads. You will have to do that > manually if you are a free reporter or derive the notify address and add > it to a spamcop report if you are pay and know how to do it accurately. > Mike, Thanks, I appreciate the comments. Michael From "Michael Brennan Message-ID: Vanguard wrote: > > "Michael Brennan >" <"Michael Brennan > wrote in message > news:e4lg13$2qt$1@news.spamcop.net... > > Vanguard wrote: > >> > > How would you prefer to tackle the problem that Blue Frog took on? > > What > > strategy would you suggest? SpamCop uses reporting for the benefit of > > blocklist users, so that's a client-side answer. The previous thread > > discussed the unwillingness of major ISP's to tackle the problem by > > black-holing other major ISP's and NIC's whose executives have chosen > > to > > take the spammers' money and forget about the Net. We haven't even > > gotten into the implications of U-CAN-SPAM and its (Stateside) > > redefinition of spam by the Direct Marketing Association, with the > > rentable help of a sleazy Louisiana congressman. Your turn. > > > > I wasn't against BS sending opt-outs. After all, if there actually is > an opt-out available (and assuming users think they really work, yeah, > right) then users should be sending opt-outs. If BS made that easy and > promoted more users to send opt-outs then fine. If the abuse desk were > also sent an spam report for each opt-out request, that would help for > those sites that don't include an opt-out procedure (and what did BS do > when the site provided no opt-out process?). If the ISP provides an > abuse desk, send them spam reports but send them immediately. If the > site provides an opt-out process, send the opt-outs immediately. If the > site doesn't provide an opt-out procedure, send a copy of the spam abuse > report also to the site's webhost provider (if they provide an abuse > reporting address). > > > The only property that is yours in this whole scenario is your computer. > Everything belongs to someone else. You get to *ask* them per your > wants. You don't get to steal their property just because you don't > happen to like what they are doing. Thanks for the reply. At some point it would be nice if someone could explain that to the spammers like the rogue-elephant spammer who shut down Blue Security (any ideas who that was?). And it would also be nice if the big ISP's and NIC's did more to deal with spammer service-providers and persistently insecure outfits like Auna.es, whose nets show up every damn day as spamsources. Thanks again, Michael From tmcgraw at spamcop.net Fri May 19 22:57:54 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 01:00:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > > I think we have some 'foolish' spamming by a broadband account. Rule #3 in action. They were smart enough use bogus info in the registration. aaa-ink.com = 64.69.41.73 which is AS 7796/ATMLINK/calpop.com... seemed like odd peerage for a "broadband business account." From david.topping at gnuemail.com Sat May 20 11:54:24 2006 From: david.topping at gnuemail.com (David Topping) Date: Sat May 20 05:55:11 2006 Subject: [SpamCop-List] Spamcop enhancement request - Spamassassin config Message-ID: I'm hosted on cPanel. Almost all my spam is caught by spamassassin and placed into an Imap folder marked 'spam'. The original message is attached to a notification message from that program. If I forward the entire email to spamcop email reporting, I get a bounce saying it couldn't find the source IP. This leaves me with only option - copy and paste the source of the attachement into spamcop's web based reporting system - something which can be time consuming. Is there any way to configure spamcop quick / email reporting to deal with attachments of attachements - ie look at the attachment of the attachment sent to the quick / email reporting address to find the original spam message? Surely this would be more useful in the long term, especially as cPanel hosting and spamassassin are both very popular. From MikeE at ster.invalid Sat May 20 05:03:07 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 07:05:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> >> I think we have some 'foolish' spamming by a broadband account. > > Rule #3 in action. > > They were smart enough use bogus info in the registration. > > aaa-ink.com = 64.69.41.73 which is AS 7796/ATMLINK/calpop.com... > seemed like odd peerage for a "broadband business account." We need to keep the spamsource and the spamvertiser IPs separate for discussion. The RR part 66.27.53.147 is the spamsource connectivity which is broadband and which has also let the IP rDNS grace.aaa-ink.com, all of which indicates a static IP and a business account. The website part at 64.69.41.73 which http://64.69.41.73 is http://dottysdeals.com/drupal/?q= and http://PROJECTSTOCKTON.ORG but which the webserver handles differently as http://aaa-ink.com/ [the unsub system] The various website ink operations are paths at dottysdeals. The website is hosted by OrgName: CoreExpress NetRange: 64.69.32.0 - 64.69.47.255 ipadmin@coreexpress.net AS14510 So, AS14510 is the 16 class C /20, which is how I would notify about it - whereas your issue about the /24 1 class C AS 7796 /ATMLINK/calpop.com is described by radb as a proxy registered route object route: 64.69.41.0/24 descr: Proxy-registered route object origin: AS7796 and the 7796 is also how cymru handles the IP. whois -h whois.cymru.com 64.69.41.73 ... AS | IP | AS Name 7796 | 64.69.41.73 | ATMLINK - ATMLINK, INC. OTOH mail going to aaa-ink.com uses mail5.zoneedit.com and mail4 which are unrelated IPs of unrelated providers and the nameservice for dottysdeals and aaa-ink.com is also by zoneedit, which nameservice IPs are unrelated and of unrelated providers. -- Mike Easter kibitzer, not SC admin From bjoeg at *spammer*bjoeg.dk Sat May 20 12:44:22 2006 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sat May 20 07:45:01 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Bjarke Andersen crashed Echelon writing news:Xns97C8EDE0AC672bjoegdk@216.154.195.61: > Got an issue here, where I dunno if I should follow RoadRunners > guidelines or teach them how spam works. Guys, first of all sorry for not following guidelines for this group, lesson learned and noted. For the discussion I brought on, I cannot never confirm that aaa-ink.com or dottydeals.com received my email from third party, but I can confirm I never signed up with that company directly. As discussion brought on, the source of the IP seems in fact to be equal to a real company aaa-ink.com and therefore could seems legimitate enough. However as also mentioned, the following the link for unsubscribtion seems to be a dodgy website with somewhat fake confirmation, there seems no intelligence behind the html file itself, other than if the company actually read the logs from the site. Anyways, as mentioned, I will contact roadrunner asking them to get proof of legimitate sign-up of the mailing-list. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From MikeE at ster.invalid Sat May 20 06:15:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 08:20:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Bjarke Andersen wrote: > I can confirm I never signed up with that company directly. Got it. Do you ever signup with FFA, free for all sites of any kind -- where you get rewarded for accepting newsletters which are promotional for something? I have a feeling there is some kind of list swapping going on here. > Anyways, as mentioned, I will contact roadrunner asking them to get > proof of legimitate sign-up of the mailing-list. If you are going to talk with RR, you might share with them some clippings we've pasted here about their business IP which is spamsourcing hitting spamtraps [does RR TW Cable Martin Brice think the spamtraps signed up for newsletters?] and enough other spamcop reporters to cause them to be SCbl blocklisted. The IP is also listed in other db/s, just none as important as SCbl. TXT= "IP 66.27.53.147 is a possible spam source. See http://antispam.or.id/?ip=66.27.53.147" TXT= "Listed in PSBL, see http://psbl.surriel.com/listing?ip=66.27.53.147" DNSBLNETAUT1 LISTED (127.0.0.2) TXT= "PLEASE SEE http://antispam.or.id/" TXT= "http://bl.csma.biz/cgi-bin/listing.cgi?ip=66.27.53.147" -- Mike Easter kibitzer, not SC admin From aklist_EIMS at enigmedia.com Sat May 20 11:35:39 2006 From: aklist_EIMS at enigmedia.com (andrew) Date: Sat May 20 10:40:03 2006 Subject: [SpamCop-List] no reports since Monday? Message-ID: Hi: I've been submitting spam since Monday May 15, but have not gotten back any confirmations (haven't been able to submit any reports)...the last reports I see are the ones I successfully submitted on Monday. I'm logged in and everything else seems to be working properly? From bjoeg at *spammer*bjoeg.dk Sat May 20 15:39:33 2006 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sat May 20 10:40:14 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: "Mike Easter" crashed Echelon writing news:e4n195$9fr$1@news.spamcop.net: > Got it. Do you ever signup with FFA, free for all sites of any kind -- > where you get rewarded for accepting newsletters which are promotional > for something? I have a feeling there is some kind of list swapping > going on here. I can never say I am completely sure, other than the account the spam was received on is a very old email account, which I only use for signing up to newsletters (Tomshardware, Gamespot, VIA, Nvidia) and online shopping (local danish online shops). But we will see if RR can pull out from aaa-ink.com where my address came from. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From tmcgraw at spamcop.net Sat May 20 09:37:52 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 11:40:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > > As discussion brought on, the source of the IP seems in fact to be equal to > a real company aaa-ink.com and therefore could seems legimitate enough. There's nothing legitimate about the whois info for aaa-ink.com except perhaps the name and phone number. As Mike has pointed out, the address is Postal Annex+ store #374 and the contact addy is a gmail address, indications of non-legitimacy in my book. From MikeE at ster.invalid Sat May 20 10:01:01 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 12:05:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > As Mike has pointed out, the address is Postal Annex+ store #374 and > the contact addy is a gmail address, indications of non-legitimacy in > my book. I don't have a problem with a business which might be based in one's home office choosing to use the address of a private service such as postal annex instead of using one's own home address and telno -- or with using gmail as a contact address instead of using one's own home telno or home address for the domainname registration info which is going to be publically accessible. I don't consider that kind of informtion to be 'bogus' -- it is just privacy oriented. The Postal Annex address in Del Mar is 2.5 miles from the agent of service address for the 'real' California LLC Tailor-Made Productions which is fairly recently filed Feb 6. That agent Taylor Baldwin on Old El Camino Real is not the same name as the domainname registrant John Bramlett, which domainreg is also recent Feb 23. The telno for that reg is not in Del Mar, but is also not very far away as 909 is a nearby CA area code, an adjacent county. I suppose one could do a little more research and determine the relationship between Taylor Baldwin and John Bramlett. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat May 20 10:06:32 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 12:10:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> As Mike has pointed out, the address is Postal Annex+ store #374 and >> the contact addy is a gmail address, indications of non-legitimacy in >> my book. > > I don't have a problem with a business which might be based in one's > home office choosing to use the address of a private service such as > postal annex instead of using one's own home address and telno -- or > with using gmail as a contact address instead of using one's own home > telno or home address for the domainname registration info which is > going to be publically accessible. I would never, ever give such a site my email address. Would you? From tmcgraw at spamcop.net Sat May 20 10:15:17 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 12:20:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > > I can never say I am completely sure, other than the account the spam was > received on is a very old email account, which I only use for signing up to > newsletters (Tomshardware, Gamespot, VIA, Nvidia) and online shopping > (local danish online shops). You would have to read the "privacy" policy of every site you've given that email address to in order to determine if you've agreed that they can give that email address to "affiliates" in order to follow sc's rules - you may have agreed to accept these emails implicitly. See http://mailsc.spamcop.net/fom-serve/cache/14.html In the future you may want to consider using the free services provided by www.sneakemail.com or www.spammotel.com for these signups. > But we will see if RR can pull out from aaa-ink.com where my address came > from. That may still be a worthwhile endeavor. From MikeE at ster.invalid Sat May 20 10:25:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 12:30:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> Tim McGraw wrote: >> >>> As Mike has pointed out, the address is Postal Annex+ store #374 and >>> the contact addy is a gmail address, indications of non-legitimacy >>> in my book. >> >> I don't have a problem with a business which might be based in one's >> home office choosing to use the address of a private service such as >> postal annex instead of using one's own home address and telno -- or >> with using gmail as a contact address instead of using one's own home >> telno or home address for the domainname registration info which is >> going to be publically accessible. > > I would never, ever give such a site my email address. I don't understand what you are saying yet. You would never give which 'such a site' your address? Do you mean like this original issue in which some site you have reached somehow in your browsing offers you a chance at a free printer if you subscribe to their newsletter? > Would you? No I don't give any of my email addies to FFA subscription systems. and No I wouldn't have been giving Dotty's Deals or aaa-ink.com my addy for anything I can think of. Yes sometimes I give an email address to some entity that I don't know exactly what they are going to do with it in order to get something emailed to me. When I do that, I usually use a gmail address. A wordy example. I recently ordered an ink cartridge. Some local prices were over $30 for the original or actually well over $50 because you had to buy 2. Even the local remanufactured ones were over $22, so I decided to order one online. In my shopping, prices were as low as $13 with free shipping and no state sales tax, but the company would mail from FL and I'm in CA state. That would take a long time. So I chose to order from a nearby county, paying state sales tax of $1.20 and making the total price over $16 because I figgered it would get here faster. Sure enough, it came in my outside mailbox 1 day later. I gave that company my gmail address to communicate with me about confirming the order and the USPS shipping code. As far as I know, that company hasn't been spamming for its ink cartridge sales, but I didn't actually research it very much. I wanted to order from some place that was both nearby and cheap -- and I derived my choice on the basis of price and proximity. The proximity paid off because I got it almost as fast as if I had driven to a local storefront merchant. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat May 20 11:13:58 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 13:15:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: >> Mike Easter wrote: >>> >>> I don't have a problem with a business which might be based in one's >>> home office choosing to use the address of a private service such as >>> postal annex instead of using one's own home address and telno -- or >>> with using gmail as a contact address instead of using one's own home >>> telno or home address for the domainname registration info which is >>> going to be publically accessible. >> I would never, ever give such a site my email address. > I don't understand what you are saying yet. A "business" on the 'net that you cannot place geographically other than a Postal Annex+ store that has a contact addy that is not the domain of the business or a spamcop address (just my own personal scoring system, mind you). Real businesses have real addresses and lookups and maps and references by other sites and legitimate contact addys at least remotely connected somehow to the domain. I have a home business and I use my home address in my domain registrations. There is a modicum of privacy you give up in order to act like a real business. Again, this is all very subjective, but it's based on past experience and my own ideas about "legitimacy." From nobody at devnull.spamcop.net Sat May 20 15:17:56 2006 From: nobody at devnull.spamcop.net (Peter) Date: Sat May 20 14:20:03 2006 Subject: [SpamCop-List] Re: no reports since Monday? References: Message-ID: Mixup with a software upgrade that didn't work. See: http://forum.spamcop.net/forums/index.php?s=5b59d8175a24180aac9b72d29354ed69&act=announce&f=3&id=36 -- Peter Toronto, Canada 2 x XP Pro SP2 (1 everyday, 1 for testing) P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD "andrew" wrote in message news:e4n9fj$g3l$1@news.spamcop.net... > Hi: I've been submitting spam since Monday May 15, but have not gotten > back any confirmations (haven't been able to submit any reports)...the > last reports I see are the ones I successfully submitted on Monday. I'm > logged in and everything else seems to be working properly? > From MikeE at ster.invalid Sat May 20 12:29:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 14:30:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> Tim McGraw wrote: >>> Mike Easter wrote: >>>> >>>> I don't have a problem with a business which might be based in >>>> one's home office choosing to use the address of a private service >>>> such as postal annex instead of using one's own home address and >>>> telno -- or with using gmail as a contact address instead of using >>>> one's own home telno or home address for the domainname >>>> registration info which is going to be publically accessible. >>> I would never, ever give such a site my email address. >> I don't understand what you are saying yet. > > A "business" on the 'net that you cannot place geographically other > than a Postal Annex+ store that has a contact addy that is not the > domain of the business or a spamcop address (just my own personal > scoring system, mind you). The normal situation with what you encounter on the internet is that you don't research the physical location of the principals, namely the domainname registrant or the articles of incorporation and agent of service. The normal situation with what you encounter on the storefront operation down the street is that you don't access the information about the incorporation or agent of service or other registration information. In fact, the bigger the company, the less information that is generally easily accessible. Typically you get a webpage to 'talk to' -- the big company doesn't even give you an email address or anything other than the location of 'company headquarters' and you don't have easy access to being able to communicate with the officers of the company unless you are a big shareholder or something. We happened to dig up this information about Dotty's Deals because we were researching it for purposes of discussion. I have not delved that deeply into the company from whom I bought my ink cartridge or gave my email address to or gave the registered billing address of my credit card or gave the credit card number or gave a different shipping address to namely my home address. > Real businesses have real addresses and lookups and maps and > references by other sites and legitimate contact addys at least > remotely connected somehow to the domain. But we don't normally research them in depth before we start giving them all kinds of significant information. I had never heard of the company I ordered my ink cartridge from before I ordered from them. And I still haven't researched them to the depth we have this Dotty's Deals. > I have a home business and I use my home address in my domain > registrations. There is a modicum of privacy you give up in order to > act like a real business. The privacy groups I lurk would debate that for you. > Again, this is all very subjective, but it's based on past experience > and my own ideas about "legitimacy." -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat May 20 12:39:31 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 14:40:04 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > > In fact, the bigger the company, the less information that is generally > easily accessible. I know what you're saying, but the more business a company does on the 'net, the more references you will find to them on the 'net. A simple Google showed an obscenely low number of references that, had I been considering giving them my credit card number, call me crazy, call me impetuous, but I WOULD have delved that deeply into the "legitimacy" of the company. froogle.google.com doesn't even know about "Dotty's Deals." What does that tell you? Mike Easter wrote: > Tim McGraw wrote: > >> I have a home business and I use my home address in my domain >> registrations. There is a modicum of privacy you give up in order to >> act like a real business. > > The privacy groups I lurk would debate that for you. They are certainly free to do that. They won't get my business. From tmcgraw at spamcop.net Sat May 20 12:42:23 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 14:45:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: <87ou621ehe3772648n5vuafmbtvhmi0gkr@4ax.com> References: <87ou621ehe3772648n5vuafmbtvhmi0gkr@4ax.com> Message-ID: Kenneth Loafman wrote: > Tim McGraw wrote: >> Mike Easter wrote: >> >> I have a home business and I use my home address in my domain >> registrations. There is a modicum of privacy you give up in order to act >> like a real business. I wrote that. Kenneth Loafman wrote: > If you were female you should decidedly not use you home address and phone > for domain registrations, even for a business. Way too many stalkers and > other problem types out there. By that logic a female should never have a storefront. That said, it is a good point, taken. From MikeE at ster.invalid Sat May 20 12:54:00 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 14:55:04 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: > A simple Google showed an obscenely low number of references that, > had I been considering giving them my credit card number, call me > crazy, call me impetuous, but I WOULD have delved that deeply into > the "legitimacy" of the company. I think you are currently talking about Dotty's Deals. You mentioned earlier you saw 5 or something. For the sake of our discussion, I googled the domainname of the company I ordered my ink cartridge from. I got 14,400 hits. Presumably you would feel more comfortable with that. > froogle.google.com doesn't even know about "Dotty's Deals." What does > that tell you? froogle sez 958 for my cartridge co. Now we can use google to determine the soundness of a business, just like we use the number of hits for a particular word, say tomatoe or tomato, to help determine which is the 'correct' word on the basis of its popularity in terms of google hits. Let me see. I think I'll try Enron. Whoa! 43.2 million! -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat May 20 13:01:18 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat May 20 15:05:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> A simple Google showed an obscenely low number of references that, >> had I been considering giving them my credit card number, call me >> crazy, call me impetuous, but I WOULD have delved that deeply into >> the "legitimacy" of the company. > > I think you are currently talking about Dotty's Deals. You mentioned > earlier you saw 5 or something. > > For the sake of our discussion, I googled the domainname of the company > I ordered my ink cartridge from. I got 14,400 hits. Presumably you > would feel more comfortable with that. Would you? Bottom line: would you ever, under any circumstance, give your email addy to http://www.aaa-ink.com to "unsubscribe." >> froogle.google.com doesn't even know about "Dotty's Deals." What does >> that tell you? > > froogle sez 958 for my cartridge co. Now they are in business. For real. > Now we can use google to determine the soundness of a business, just > like we use the number of hits for a particular word, say tomatoe or > tomato, to help determine which is the 'correct' word on the basis of > its popularity in terms of google hits. > > Let me see. I think I'll try Enron. > > Whoa! 43.2 million! How much are they asking for ink cartridges? :) From MikeE at ster.invalid Sat May 20 13:50:46 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 20 15:55:02 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link References: Message-ID: Tim McGraw wrote: > Bottom line: would you ever, under any circumstance, give your email > addy to http://www.aaa-ink.com to "unsubscribe." (Practically) The only thing I would ever unsub is something that I had subbed. >> Let me see. I think I'll try Enron. >> >> Whoa! 43.2 million! > > How much are they asking for ink cartridges? :) I think the stock of ink cartridges they must've had on hand at the demise must've been liquidated by some asset recovery company or taken home by the unemployees. :-/ -- Mike Easter kibitzer, not SC admin From / at /.cn Sun May 21 19:16:38 2006 From: / at /.cn (Petzl) Date: Sun May 21 04:20:11 2006 Subject: [SpamCop-List] Re: Quick reporting data Reports References: <2o5u62dukuhn39vloeagoqkesnjoqlku81@4ax.com> Message-ID: "SpamCop Admin" wrote in message news:2o5u62dukuhn39vloeagoqkesnjoqlku81@4ax.com... > Early Friday evening, we were able to remove the code that caused all > the trouble and revert everything to the way it was. Everybody should > be back to normal now. > > I'm really sorry about all the trouble. We haven't given up on the > user option, but it's just not ready for prime time yet. Hopefully, > it won't be too long before you can disable the "Quick data report" > responses from the system if you want. > > When it's ready, you'll see the option appear in the "Report Handling > Options" section of your Preferences when you log into your account at > http://www.spamcop.net/ > > - Don - Still not showing history of reported IP's like 81.172.110.165 That said your work is appreciated thanks Petzl From g.hyde at bigpond.net.au Sun May 21 22:35:29 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun May 21 07:40:12 2006 Subject: [SpamCop-List] Received 137kb attachment as spam. Message-ID: http://www.spamcop.net/sc?id=z949816930z540a64d20f3a3a8513fa4706689fdd59z On this particular occasion, I received a 137kb attachment as part of a spam email. Does anyone know if the .spam newsgroup on this server accepts 137kb attachments? It's not much for a DSL connection I suppose but I don't want to post it there if anyone on dial-up is going to get it. It looks rather like a virus, I can't see anything that big actually being a "Video_part.mim" - whatever that is - I certainly think it's virus-like in nature, and don't trust it at all. If anyone wants me to email it to them drop me a quick email with a note in the subject line, and I'll gladly send it. I don't trust anything I don't know, particularly not unfamiliar attachments. Cheers ... Geoffrey Hyde From not at home.today Sun May 21 15:03:11 2006 From: not at home.today (Ant) Date: Sun May 21 09:05:03 2006 Subject: [SpamCop-List] Re: Received 137kb attachment as spam. References: Message-ID: "Geoffrey Hyde" wrote: > http://www.spamcop.net/sc?id=z949816930z540a64d20f3a3a8513fa4706689fdd59z > > On this particular occasion, I received a 137kb attachment as part of a spam > email. > > Does anyone know if the .spam newsgroup on this server accepts 137kb > attachments? Yes, but I wouldn't bother posting it. The truncated attachment at the tracker gives enough information. > It's not much for a DSL connection I suppose but I don't want > to post it there if anyone on dial-up is going to get it. > > It looks rather like a virus, I can't see anything that big actually being a > "Video_part.mim" - whatever that is - A mim file can be opened with Winzip. Description of 'mim' here: http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci212575,00.html > I certainly think it's virus-like in nature [...] I agree. The mim file contains a UUencoded executable with the name 'New Video,zip[lots of spaces].sCr'. So the uninitiated may think it's a zip file, and the OS will see it as a screen saver but treat it as a normal executable (.exe). The executable is also packed with UPX, which is another common tactic of malware authors. From david.topping at gnuemail.com Sun May 21 12:47:44 2006 From: david.topping at gnuemail.com (David Topping) Date: Sun May 21 10:00:02 2006 Subject: [SpamCop-List] Spamcop enhancement request - Spamassassin config Message-ID: I'm hosted on cPanel. Almost all my spam is caught by spamassassin and placed into an Imap folder marked 'spam'. The original message is attached to a notification message from that program. If I forward the entire email to spamcop email reporting, I get a bounce saying it couldn't find the source IP. This leaves me with only option - copy and paste the source of the attachement into spamcop's web based reporting system - something which can be time consuming. Is there any way to configure spamcop quick / email reporting to deal with attachments of attachements - ie look at the attachment of the attachment sent to the quick / email reporting address to find the original spam message? Surely this would be more useful in the long term, especially as cPanel hosting and spamassassin are both very popular. From "Michael Brennan Got this when cc'ing MS Antipiracy about some "cheep OEM warez": Failed to deliver to 'piracy@microsoft.com' SMTP module(domain @206.180.145.133:microsoft.com) reports: host ma says: 550 5.7.1 Email rejected because 206.180.145.133 is listed by bl.spamcop.net. Please see http://www.spamcop.net/bl.shtml for more information. If you still need assistance contact gt And SC says: 206.180.145.133 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 10 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Michael From aklist_EIMS at enigmedia.com Sun May 21 11:21:33 2006 From: aklist_EIMS at enigmedia.com (andrew) Date: Sun May 21 10:25:03 2006 Subject: [SpamCop-List] Re: no reports since Monday? References: Message-ID: I don't know if that applies to me or not. I'm not a "quick" reporter...Just a standard reporter. I don't have access to any of the settings that are referred to in that thread in my preferences? "Peter" wrote in message news:e4nmgh$srf$1@news.spamcop.net... > Mixup with a software upgrade that didn't work. > See: > http://forum.spamcop.net/forums/index.php?s=5b59d8175a24180aac9b72d29354ed69&act=announce&f=3&id=36 > > -- > Peter > Toronto, Canada > 2 x XP Pro SP2 (1 everyday, 1 for testing) > P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD > "andrew" wrote in message > news:e4n9fj$g3l$1@news.spamcop.net... >> Hi: I've been submitting spam since Monday May 15, but have not gotten >> back any confirmations (haven't been able to submit any reports)...the >> last reports I see are the ones I successfully submitted on Monday. I'm >> logged in and everything else seems to be working properly? >> > > From MikeE at ster.invalid Sun May 21 08:39:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 10:40:04 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: > Got this when cc'ing MS Antipiracy about some "cheep OEM warez": > > Failed to deliver to 'piracy@microsoft.com' > 550 5.7.1 Email rejected because 206.180.145.133 is listed by > bl.spamcop.net. > 206.180.145.133 listed in bl.spamcop.net (127.0.0.2) That is saying that the MS server [or some server giving that message about your mail] doesn't want to receive mail from 206.180.145.133 rDNS mail.hal-pc.org because it is SCbl listed. You are posting here from a hal-pc.org dialup IP where hal-pc = Houston Area League of PC Users http://www.hal-pc.org/ That mail.hal-pc looks like an output server for hal-pc and it looks that way at senderbase as well, where the server outputs a magnitude about 4-ish plus. Your mail's server isn't listed in any other db/s besides SC and I don't see any spams from it in sightings. If I were going to hazard a guess, I would guess that it must be misconfigured to perform some kind of objectionable autoreplies or backscatter, but a deputy could peek at the evidence. Maybe you can motivate your provider to figure out what is wrong with the server so that you won't be having trouble getting your mail delivered. -- Mike Easter kibitzer, not SC admin From scamper at trisk.com Sun May 21 09:42:25 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun May 21 10:45:02 2006 Subject: [SpamCop-List] Re: Spamcop enhancement request - Spamassassin config In-Reply-To: References: Message-ID: David Topping wrote: > I'm hosted on cPanel. > > Almost all my spam is caught by spamassassin and placed into an Imap folder > marked 'spam'. The original message is attached to a notification message > from that program. > > If I forward the entire email to spamcop email reporting, I get a bounce > saying it couldn't find the source IP. This leaves me with only option - > copy and paste the source of the attachement into spamcop's web based > reporting system - something which can be time consuming. > > Is there any way to configure spamcop quick / email reporting to deal with > attachments of attachements - ie look at the attachment of the attachment > sent to the quick / email reporting address to find the original spam > message? Surely this would be more useful in the long term, especially as > cPanel hosting and spamassassin are both very popular. > > > > That sounds messy. You should be able to just drag and drop the attachments from the various spam notifications and drop them into a new message as attachments, then send that message in with the several attachments all at once. This wouldn't be much better than pasting them into the parser however. Alternatively fetchmail down the spam folder, then run a program that will reformat the notification emails and mail the reformatted messages to your SpamCop reporting account. You should be able to turn off spam filtering on your cPanel so that the spam messages do not get sorted into a spam folder, then setup fetchmail to download the mail and do your spam filtering locally using SpamAssassin. This will give you much greater control over how SpamAssassin is configured. In this case, you also might want to consider the plugin for SpamAssassin that lets it auto submit email it determines to be spam to your SpamCop reporting account. Similar to above, you should be able to turn off spam filtering on cPanel so that the messages do not get reformatted as attachments to notifications, then if you get one of those spamcop mail accounts, have SpamCop fetchmail all your email from cPanel, which would allow you to quick report directly from your spamcop email account. That would leave you with two mail accounts to manage however. -- Garen From MikeE at ster.invalid Sun May 21 08:54:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 10:55:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: Drift drift drift...... OT Mike Easter wrote: >> Got this when cc'ing MS Antipiracy about some "cheep OEM warez": The reason there is no attribution line there is because there is an incompatibility between my OE Quote-Fx and the strange configuration of Michael's From: line: From: Michael Brennan <"Michael Brennan > which causes OE-QF to cause the attribution to 'disappear'. Native OE attributes 'fully' or 'blindly' so it would attribute all of that stuff, ignoring the 'bogus' or eccentric punctuation. You can see how I have configured OE-QF to attribute by looking at the attribution above for my own From, which sez: From: "Mike Easter" That is, OE-QF is going to cite what/who is inside the " marks while removing them and then remove everything which follows the < mark. For Michael's, there is nothing inside the " marks in the front, because that " stuff doesn't come until later after the < which later stuff gets removed. Michael's agent sez Mozilla 4.75 -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 21 09:49:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 11:50:01 2006 Subject: [SpamCop-List] Re: Received 137kb attachment as spam. References: Message-ID: Ant wrote: > "Geoffrey Hyde" >> It's not much for a DSL connection I suppose but I don't want >> to post it there if anyone on dial-up is going to get it. The mailing list does not get the .spam group -- but I don't think anyone here is interested in your posting the item in there. I'm not. >> It looks rather like a virus, I can't see anything that big actually >> being a "Video_part.mim" - whatever that is - > > A mim file can be opened with Winzip. Description of 'mim' here: > http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci212575,00.html Which description explains that .mim is short for something which is a MIME or email structure attachment. This .mim business is just another way, which I'm not sure is entirely kosher, of saying there is a b64 attachment which when decoded will be a .mim file, which is true, but in reality it will be as Ant describes. Said another way, after b64 decoding, the .mim file is a file which starts "begin 664 New Video,zip <47 spaces>.sCr" -- indicating that it is still in the b64 encoded condtion. A b64 which is b64/d which after final decoding results in an executable. Here's the sophos description for what it calls W32/Nyxem-D http://www.sophos.com/virusinfo/analyses/w32nyxemd.html "If the attachment is a mime file, it contains a file with one of the following filenames followed by several spaces and an SCR extension: - New Video,zip" >> I certainly think it's virus-like in nature [...] > > I agree. The mim file contains a UUencoded executable with the name > 'New Video,zip[lots of spaces].sCr'. So the uninitiated may think it's > a zip file, and the OS will see it as a screen saver but treat it as a > normal executable (.exe). The executable is also packed with UPX, > which is another common tactic of malware authors. Which UPX is a way of compressing executables so that they can be decompressed and executed 'on the fly' without necessarily having to be decompressed to disk before executing. [for Geoffrey or others who might not know upx.] The nice virus writer was trying to keep the propagation's filesize down for 'convenience' of those downloading the item. :-/ Except for all of that extra b64 baggage. -- Mike Easter kibitzer, not SC admin From scamper at trisk.com Sun May 21 10:57:01 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun May 21 12:00:03 2006 Subject: [SpamCop-List] Re: Spamcop enhancement request - Spamassassin config In-Reply-To: References: Message-ID: Garen Erdoisa wrote: > David Topping wrote: >> [snip] > [snip] > SpamAssassin is configured. In this case, you also might want to > consider the plugin for SpamAssassin that lets it auto submit email it > determines to be spam to your SpamCop reporting account. >[snip] For more information regarding automated SpamCop submissions by spam filter software: SpamBouncer: http://www.spambouncer.org/configure/configuration.shtml Then search the web page for: "SpamBouncer Spam Reporting" SpamAssassin: http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_SpamCop.html There may be more filter software that has this ability, but I don't know of any others offhand. -=-=-=- Either of these spam filters have the ability to report to a generic spamcop account for the filter software itself which is similar to SpamCop mole reporting except that you don't have to individually authorize each report. There is also no way to view such generic reports on SpamCop when the filter submits spam to it's generic spamcop account. Only SpamCop administrators have the ability to view reports submitted by spam filter software to the filter software's generic account. Either of these spam filters also have the ability to submit to a normal spamcop reporting account instead of or in addition to the filter's generic account. -- Garen From "Michael Brennan Message-ID: Mike Easter wrote: > > Drift drift drift...... OT > > Mike Easter wrote: > >> Got this when cc'ing MS Antipiracy about some "cheep OEM warez": > > The reason there is no attribution line there is because there is an > incompatibility between my OE Quote-Fx and the strange configuration of > Michael's From: line: > > From: Michael Brennan <"Michael Brennan > > > > which causes OE-QF to cause the attribution to 'disappear'. > Michael's agent sez Mozilla 4.75 > I use Netscape 4.75 for posting to NG's. That frees up OE for handling e-mail. My "from" is configured normally for NS. Michael From MikeE at ster.invalid Sun May 21 10:03:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 12:05:14 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: > I use Netscape 4.75 for posting to NG's. That frees up OE for > handling e-mail. My "from" is configured normally for NS. Funny that I've never seen it before. Will research. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun May 21 10:03:41 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun May 21 12:05:21 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link In-Reply-To: References: Message-ID: Mike Easter wrote: > > Now we can use google to determine the soundness of a business, just > like we use the number of hits for a particular word, say tomatoe or > tomato, to help determine which is the 'correct' word on the basis of > its popularity in terms of google hits. > > Let me see. I think I'll try Enron. > > Whoa! 43.2 million! At least that's enough information to read a few reviews and customer experiences to see if you even want to do business with them! :p From "Michael Brennan Message-ID: Mike Easter wrote: > > > Got this when cc'ing MS Antipiracy about some "cheep OEM warez": > > > > Failed to deliver to 'piracy@microsoft.com' > > > 550 5.7.1 Email rejected because 206.180.145.133 is listed by > > bl.spamcop.net. > > > 206.180.145.133 listed in bl.spamcop.net (127.0.0.2) > > That is saying that the MS server [or some server giving that message > about your mail] doesn't want to receive mail from 206.180.145.133 rDNS > mail.hal-pc.org because it is SCbl listed. > I completely misread the notice to say that MS's server is bl'd......didn't recognize the IP since usually my mail has Postini's instead in top rec'd line of the header (64.xxx.xxx something-something-something). Dropped a note to Jeff, HAL's sysadmin/resident atman/great stone head, so he can have a look. Thanks for the note, I didn't realize we had a problem. Regards, Michael From MikeE at ster.invalid Sun May 21 10:21:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 12:25:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: Mike Easter wrote: >> I use Netscape 4.75 for posting to NG's. That frees up OE for >> handling e-mail. My "from" is configured normally for NS. > > Funny that I've never seen it before. > > Will research. Message-ID: <3B5B57BD.69D7DCB8@intercom.net> From: The Toy Chick X-Mailer: Mozilla 4.75 [en] (Win98; U) at http://groups.google.com/group/rec.toys.cars/msg/e2adce66a836d43f?hl=en That is the same X-Mailer line as yours and The Toy Chick's From is not configured like yours From: Michael Brennan <"Michael Brennan > X-Mailer: Mozilla 4.75 [en] (Win98; U) Yours has 'spurious' punctuation marks compared to The Toy Chick. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 21 10:33:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 12:35:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: Mike Easter wrote: > >>> My "from" is configured normally for NS. > Message-ID: <3B5B57BD.69D7DCB8@intercom.net> > From: The Toy Chick > X-Mailer: Mozilla 4.75 [en] (Win98; U) > From: Michael Brennan <"Michael Brennan > > > X-Mailer: Mozilla 4.75 [en] (Win98; U) > > Yours has 'spurious' punctuation marks compared to The Toy Chick. here's another, even more 'normal' or typical for newsreaders Message-ID: <3AC428AE.A2299324@earthlink.net> From: "Buddy H." X-Mailer: Mozilla 4.75 [en] (Win98; U) Look at the last 10 different poster's From lines in this newsgroup. They all have that same basic configuration, except yours. I think you have configured your Netscape 4.75 'strangely' for this news server's account. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 21 11:04:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 13:05:04 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: Mike Easter wrote: >> From: Michael Brennan <"Michael Brennan >> > >> X-Mailer: Mozilla 4.75 [en] (Win98; U) > here's another, even more 'normal' or typical for newsreaders > > Message-ID: <3AC428AE.A2299324@earthlink.net> > From: "Buddy H." > X-Mailer: Mozilla 4.75 [en] (Win98; U) > > Look at the last 10 different poster's From lines in this newsgroup. > They all have that same basic configuration, except yours. > > I think you have configured your Netscape 4.75 'strangely' for this > news server's account. I think your configuration is supposed to look like this in your header as it appears here: From: "Michael Brennan" [where "Nobody@SpamCop.devnull.diespammerdie.net" is supposed to be inside right and left single guillemets above] That configuration should be achieved by using the Account Wizard or whatever it is called and putting in "Michael Brennan" (without the quotes) into the section called "Your Name" and "Nobody SpamCop.devnull.diespammerdie.net" (without the quotes, but enclosed in right and left single guillemets and with @ instead of spacespace) into the section called "E-mail Address" -- see the screenshot http://kb.earthlink.net/images/2291.tk01.gif It is very difficult to edit these things in here because my editor changes things as I type them. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun May 21 11:08:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 13:10:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: Mike Easter wrote: > That configuration should be achieved by using the Account Wizard or > whatever it is called and putting in "Michael Brennan" (without the > quotes) into the section called "Your Name" and "Nobody > SpamCop.devnull.diespammerdie.net" (without the quotes, but enclosed > in right and left single guillemets and with @ instead of > spacespace) into the section called "E-mail Address" -- see the > screenshot http://kb.earthlink.net/images/2291.tk01.gif The gif is correct, my words should *not* say 'enclosed in right and left single guillemets' above Times like these we need to be able to cancel messages. -- Mike Easter kibitzer, not SC admin From "Michael Brennan Message-ID: Mike Easter wrote: > > Mike Easter wrote: > > be entered inside the guillemets, but naked, the guillemets will be > added by the Netscape> > > > That configuration should be achieved by using the Account Wizard or > > whatever it is called and putting in "Michael Brennan" (without the > > quotes) into the section called "Your Name" and "Nobody > > SpamCop.devnull.diespammerdie.net" (without the quotes, but enclosed > > in right and left single guillemets and with @ instead of > > spacespace) into the section called "E-mail Address" -- see the > > screenshot http://kb.earthlink.net/images/2291.tk01.gif > > The gif is correct, my words should *not* say 'enclosed in right and > left single guillemets' above > I see what you mean. The Edit/Preferences/Mail & Newsgroups/Identity GUI has one space for my name, which is entered just as you describe, without quotes. The address is pasted in, from posting headers, as I have also used NS to send articles or forward NG messages to other parties via e-mail, for which purpose it is necessary to edit preferences to reflect my "real" e-mail address, in order to use NS as a mailer. This makes it necessary to copy and paste the address string I've used for SC NG's from earlier messages, or copy-and-paste from the GUI itself into a Notepad window to save it for re-use. Michael From "Michael Brennan Message-ID: Michael Brennan wrote: > > The entire line in the "E-mail address" window reads, w/o quoting Michael Brennan Which reads in my NS newsgroup message header as Michael Brennan <"Michael Brennan > And when I grep on it and click the live link in the NS message header, a new-contact GUI comes up with my address prepasted in the window identical in form to that in the first line quoted above. Michael From spam at nospam.org Sun May 21 21:24:25 2006 From: spam at nospam.org (Andy) Date: Sun May 21 14:30:02 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: "Michael Brennan >" <"Michael Brennan wrote in message news:e4q9tv$dlv$1@news.spamcop.net... > Which reads in my NS newsgroup message header as > > Michael Brennan <"Michael Brennan > > > Well at least now we know why you always have a right guillemet (nice word) after your posting name. Are you mildly dyslexic by any chance? To me, the asymmetric nesting of the double quotes and guillemets is obviously wrong! Maybe you need to check what / where you are pasting. Andy From "Michael Brennan Message-ID: Andy wrote: > > > Well at least now we know why you always have a right guillemet (nice word) > after your posting name. It's botbait? > Are you mildly dyslexic by any chance? To me, the > asymmetric nesting of the double quotes and guillemets is obviously wrong! Netscape did that. The personal question about dyxlexia might better be addressed to my copy of Netscape. And since the "address" is obviously bogus and botbait, its precise form would seem to be, how do I say this delicately, an afterthought, and the editing of it beyond mere functionality in the mailclient an exercise in form over substance. > Maybe you need to check what / where you are pasting. I guess the next obvious question is, "Is this important to you?" Or even, "Is it important at all?" I suppose I could play with it a while until it "looks right" according to some stylebook someone has perhaps put out somewhere.......not that I've ever seen it ..... but I think I owe it to myself, before I do that, to see a good reason why it matters. Michael From spam at nospam.org Sun May 21 22:04:37 2006 From: spam at nospam.org (Andy) Date: Sun May 21 15:10:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: "Michael Brennan >" <"Michael Brennan wrote in message news:e4qchq$gfl$1@news.spamcop.net... > Netscape did that. The personal question about dyxlexia might better be > addressed to my copy of Netscape. Apologies - no offence was intended. It's just that, after years of handcrafting javascript, my brain screams 'unterminated string constant' every time I look at your message header :-) > Or even, "Is it important at all?" Good point. To a human - no. To a machine - probably. Andy From vanguard.news at yahooNIX.com Sun May 21 15:24:09 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Sun May 21 15:25:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: "Michael Brennan >" <"Michael Brennan wrote in message news:e4q2tg$54f$1@news.spamcop.net... > > I use Netscape 4.75 for posting to NG's. That frees up OE for > handling > e-mail. My "from" is configured normally for NS. Not according to your post's headers. Look at the raw data of your post to see the headers. Note that the From header is truncated so it is sliced across multiple lines (i.e., you have a newline in your From value). Below is your From header: From: Michael Brennan <"Michael Brennan > However, all headers are delimited by the newline character (i.e., they cannot span more than one line). It appears the comment field in the >From header (which contains your e-mail address) is getting truncated where the "@" character would be, but then I noticed there is a space character in that string and e-mail addresses do not permit space characters. So maybe you tried to enter your spaced name in the e-mail address; i.e., the Name and E-mail address both have your name instead of your name and an e-mail address. The From header shows the comment field (for the Name field) and then your e-mail address (which also has your name instead of an e-mail address). So it looks like NS screws up when there are space characters in its E-mail Address field in an account definition. You didn't configure NS appropriately. Although the comment field in the From header *should* be quoted, I don't think it is a requirement. Your From header should look like: From: "your name" The comment (or name) should be quoted. The e-mail address is within the angle brackets and it is NOT quoted. You definitely have screwed up NS, probably in what you entered in the account fields. While NS should handle erroneous string syntax, apparently it does not. In the Name field (or whatever NS calls it), enter your name or leave it blank. In the E-mail Address field (or whatever NS calls it), enter your VALID e-mail address, and that won't have any spaces in it, or leave it blank (some NNTP servers require a non-blank string and may also a validly syntaxed e-mail address, some don't). Ah, I just realized, you probably have entered your name in the E-mail Address field (rather than a real e-mail address) AND you quoted it. Notice that the line split occurs at the second space character (where the should be NO SPACES in the e-mail address). You tried to use: "Michael Brennan Nobody"@SpamCop.devnull.diespammerdie.net And quotes and spaces aren't allowed in e-mail addresses. Something you specified for your e-mail address in NS is very wrong (and NS can't figure out how to handle the screwup). -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From MikeE at ster.invalid Sun May 21 14:37:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 16:40:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: > The address is pasted in, I think that is what creates the bad/wrong configuration. What you are pasting in is misconfigured for the way it 'should be' for Netscape. It should be plain vanilla munged address -- not munged address with a 'wrapper' around it. > as I > have also used NS to send articles or forward NG messages to other > parties via e-mail, for which purpose it is necessary to edit > preferences to reflect my "real" e-mail address, in order to use NS > as a mailer. I understand that concept > This makes it necessary to copy and paste the address > string I've used for SC NG's from earlier messages, or copy-and-paste > from the GUI itself into a Notepad window to save it for re-use. I'm not familiar with Netscape, but I am familiar with the problem of managing emailing and newsgroup replying when you are trying to use a bogus/munged From in the newsreader and need a good addy in the email. It wouldn't do any good to tell you how I manage that problem, because your agent/s are different, except to say that the way you are dealing with the problem is exceedingly awkward and it also results in your From headers here being deformed, eccentric, misconfigured, wrong, ugly, noncompliant. -- Mike Easter kibitzer, not SC admin From not at home.today Sun May 21 23:45:19 2006 From: not at home.today (Ant) Date: Sun May 21 17:50:03 2006 Subject: [SpamCop-List] Re: Received 137kb attachment as spam. References: Message-ID: "Mike Easter" wrote: > Which description explains that .mim is short for something which is a > MIME or email structure attachment. This .mim business is just another > way, which I'm not sure is entirely kosher, It appears to be an AOL-ism. > of saying there is a b64 > attachment which when decoded will be a .mim file, which is true, but in > reality it will be as Ant describes. Said another way, after b64 > decoding, the .mim file is a file which starts "begin 664 New Video,zip > <47 spaces>.sCr" -- indicating that it is still in the b64 encoded > condtion. The 'begin ' indicates UUencoding. > A b64 which is b64/d which after final decoding results in an > executable. UUencode wrapped in the B64 mim. > [UPX] > The nice virus writer was trying to keep the propagation's filesize down > for 'convenience' of those downloading the item. :-/ Also to obfuscate any give-away strings inside, and perhaps an attempt to outwit anti-virus software which decodes UPX. UPX is open-source, so it's (relatively) easy to modify the code to create a custom version which an AV program will be unable to decode. The UPX utility can restore a packed exe to its unpacked state without running it, but I've had UPX malware samples that it doesn't recognise. From nobody at spamcop.net Sun May 21 16:45:08 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 21 18:50:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: On Sun, 21 May 2006 07:54:49 -0700, Mike Easter wrote: > Drift drift drift...... OT > Mike Easter wrote: >>> Got this when cc'ing MS Antipiracy about some "cheep OEM warez": > > The reason there is no attribution line there is because there is an > incompatibility between my OE Quote-Fx and the strange configuration of > Michael's From: line: > > From: Michael Brennan <"Michael Brennan > > > > which causes OE-QF to cause the attribution to 'disappear'. > > Native OE attributes 'fully' or 'blindly' so it would attribute all of > that stuff, ignoring the 'bogus' or eccentric punctuation. A real news reader doesn't run into that problem. > Michael's agent sez Mozilla 4.75 And Mike's agent is: X-Newsreader: Microsoft Outlook Express 6.00.2800.1437 Two crotchety old farts which can't get along with each other! :D I know. It _says_ MSOE 6, but MSFT hasn't overhauled MSOE since about version 4, or so; making it of the same antiquity as Netscape 4.x. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Sun May 21 17:02:51 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 19:05:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: N. Miller wrote: > A real news reader doesn't run into that problem. Hey I've heard that before. :-) It turns out that with about 4 addons, I can get OE to do 'just fine' -- such as SpamPal for its spamfilter proxy, Nfilter for its news filtering proxy, OE QuoteFix for its quoting problem, yProxy for its yDecoding deficiency. There may be something else that I use that doesn't come to mind right now. > Two crotchety old farts which can't get along with each other! :D Actually I could reconfigure my OEQF so as to accommodate Michael. This post that has N. Miller + your email address would enable me to have an attribution line for Michael like this: Oops. That short + email idea didn't work either. I would have to let OEQF attribute Michael in native OE fashion, like this: "Michael Brennan >" <"Michael Brennan wrote in message news:e4qchq$gfl$1@news.spamcop.net... But I don't like long attributions. I prefer short, which would be: N. Miller wrote: > A real news reader -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun May 21 17:04:32 2006 From: nobody at spamcop.net (N. Miller) Date: Sun May 21 19:05:13 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: <1h7ujudnqet1i$.dlg@news.spamcop.net> On Sun, 21 May 2006 12:52:32 -0500, Michael Brennan wrote: > I see what you mean. The Edit/Preferences/Mail & Newsgroups/Identity > GUI has one space for my name, which is entered just as you describe, > without quotes. The address is pasted in, from posting headers, as I > have also used NS to send articles or forward NG messages to other > parties via e-mail, for which purpose it is necessary to edit > preferences to reflect my "real" e-mail address, in order to use NS as a > mailer. This makes it necessary to copy and paste the address string > I've used for SC NG's from earlier messages, or copy-and-paste from the > GUI itself into a Notepad window to save it for re-use. Grap 40tude Dialog, give it a spin. I have a way to configure three email addresses: Posting email addr: Email email addr: <%User2_ID@blackhole.aosake.net> Reply-To: <%User1_ID@blackhole.aosake.net> If you examine the headers of this post, you will see the first and third email address, but not the second email address. Yet, from the "Post" menu, I can select "Forward quoted by email", and the second is what shows up in the Return-Path in the resulting email message. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Sun May 21 17:25:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 19:30:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: <1h7ujudnqet1i$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sun, 21 May 2006 12:52:32 -0500, Michael Brennan wrote: > >> I see what you mean. > Grap 40tude Dialog, give it a spin. I have a way to configure three > email addresses: Back to the attribution business. With OEQF, I have more configurational choices than I've described. The 3 preconfigured ones are short, short + email, and Outlook Express (native). In addition, I can custom 'fit' the attribution, based on these features or this example: On %t [GMT+1=CET],\n%n <%m> wrote:\n %n = name of sender %m = email address \n = line break %l = reference link (news) but, those 'features' namely 'name of sender' and 'email address' are based on the From of the header being properly configured, not in the condition that Michael's are. I would have to do some experimenting to see what is derived for those strings for the condition of Michael's From. -- Mike Easter kibitzer, not SC admin From jzeitlin at spamcop.net Sun May 21 20:41:22 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Sun May 21 19:45:03 2006 Subject: [SpamCop-List] PING Mike Easter Message-ID: Mike, give up. RJ and VJS are impervious; their minds are made up and they can't be confused by facts. FTR, two or three years back, I challenged RJ to show me some email on which SpamCop had incorrectly notified him. His response was to show me a USENET POSTING that was OVER TWO YEARS OLD AT THE TIME, which had CLEARLY been mangled by Netscape - and this was at a time long after SC had stopped parsing Usenet, and long after the code compensated for that particular Netscape breakage. I tend to believe that it's because SpamCop has automated a process that they believed themselves to be elite for having mastered manually, and believe that everybody should master manually. -- E?nw? (SpamCop subscriber, not staff/admin) From vxpy7do02 at sneakemail.com Sun May 21 17:50:43 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sun May 21 19:55:02 2006 Subject: [SpamCop-List] Re: Spamcop enhancement request - Spamassassin config References: Message-ID: "David Topping" wrote in message news:e4mp0g$35s$1@news.spamcop.net... > I'm hosted on cPanel. > > Almost all my spam is caught by spamassassin and placed into an Imap > folder marked 'spam'. The original message is attached to a notification > message from that program. > > If I forward the entire email to spamcop email reporting, I get a bounce > saying it couldn't find the source IP. This leaves me with only option - > copy and paste the source of the attachement into spamcop's web based > reporting system - something which can be time consuming. > I'm just guessing what is happening and how to 'cure' it. Are you saying that SA places all the spam in a folder then 'mails ' that-mail with the attached folder to you for you to 'do' something with it? Maybe the following that happens to me will give you a hint of how you can get the spam to SC as an attachment it can use. I have a friend who e-mails jokes etc that consist of nested attachments (people have forwarded as attachment mail containing attachments.) Here is what I do if I want to forward that attachment to someone else - so that his mail is only one attachment deep (he click on the attachment and it opens the original attachment contents.) My method - click on the original attachment, (still shows attachment) click on that attachment (still shows attachment) repeat until the base attachment opens. NOW back up one level (close that open e-mail) the mail now on the screen shows an e-mail with an attachment - I forward (not forward as attachment) THAT e-mail to whomever I want to get the attachment. Seems that the output of SA should follow some part of the above scenario and enable you to FORWARD the appropriate e-mail to SC in a form that is acceptable to SC. If this is still confusing, post and I will try to clarify. -- A SpamCop user and forum reader, Not Admin > Is there any way to configure spamcop quick / email reporting to deal with > attachments of attachements - ie look at the attachment of the attachment > sent to the quick / email reporting address to find the original spam > message? Surely this would be more useful in the long term, especially as > cPanel hosting and spamassassin are both very popular. > > From MikeE at ster.invalid Sun May 21 18:06:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 21 20:10:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter References: Message-ID: E?nw? wrote: > Mike, give up. RJ and VJS are impervious; their minds are made up and > they can't be confused by facts. They do seem to be rather rabid on the subject. > FTR, two or three years back, I challenged RJ to show me some email on > which SpamCop had incorrectly notified him. His response was to show > me a USENET POSTING that was OVER TWO YEARS OLD AT THE TIME, which had > CLEARLY been mangled by Netscape - and this was at a time long after > SC had stopped parsing Usenet, and long after the code compensated > for that particular Netscape breakage. The old history with Vernon was that back in 2002, a spamcop reporter reported a spam [or spams] which had SpamAssassin headers which headers had a rhyolite DCC website 'link' as part of its filtering report -- and those headers became detached and pushed into the body with an empty line -- which the parser named as a possible spamvertiser and the reporter accepted instead of it being an IB. In addition to that, the notify went to the pm for rhyolite because there wasn't a reg'd abuse.net addy and the algorithm used the default pm. So, from Vernon's point of view, the spamcop notify about his site sent to his domain's pm about being a spamvertiser was spam. He and I disagree about that concept. > I tend to believe that it's because SpamCop has automated a process > that they believed themselves to be elite for having mastered > manually, and believe that everybody should master manually. Actually Vernon isn't a very good header parser, I think, and his concept of the quality of the SC parse and process is not uptodate because he developed his really bad attitude a long time ago. He believes that SpamCop is a spammer, that IronPort is nefarious, that SenderBase is totally inaccurate, and a number of other very negative attitudes about the whole operation and concept. -- Mike Easter kibitzer, not SC admin From jg at coks.net Sun May 21 19:16:04 2006 From: jg at coks.net (jg) Date: Sun May 21 21:15:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: References: Message-ID: On 5/21/2006 5:06 PM Mike Easter scribbled: > Actually Vernon isn't a very good header parser, I think, and his > concept of the quality of the SC parse and process is not uptodate > because he developed his really bad attitude a long time ago. He > believes that SpamCop is a spammer, that IronPort is nefarious, that > SenderBase is totally inaccurate, and a number of other very negative > attitudes about the whole operation and concept. > and he can't type/spell worth a crap... /and/ no one has had the hutzpah (<--not in Tbird spelcheker) to suggest that /maybe/ he has another ax to grind, given rhyolite's business... From tmcgraw at spamcop.net Sun May 21 19:40:13 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun May 21 21:45:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: References: Message-ID: jg wrote: > On 5/21/2006 5:06 PM Mike Easter scribbled: >> Actually Vernon isn't a very good header parser, I think, and his >> concept of the quality of the SC parse and process is not uptodate >> because he developed his really bad attitude a long time ago. He >> believes that SpamCop is a spammer, that IronPort is nefarious, that >> SenderBase is totally inaccurate, and a number of other very negative >> attitudes about the whole operation and concept. >> > > and he can't type/spell worth a crap... > /and/ no one has had the hutzpah (<--not in Tbird spelcheker) to suggest > that /maybe/ he has another ax to grind, given rhyolite's business... chutzpah <--in my Tbird spillchucker The only thing I've seen VJS be "positive" about is the Second Amendment. From jg at coks.net Sun May 21 20:19:41 2006 From: jg at coks.net (jg) Date: Sun May 21 22:20:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: References: Message-ID: On 5/21/2006 6:40 PM Tim McGraw scribbled: > jg wrote: >> On 5/21/2006 5:06 PM Mike Easter scribbled: >>> Actually Vernon isn't a very good header parser, I think, and his >>> concept of the quality of the SC parse and process is not uptodate >>> because he developed his really bad attitude a long time ago. He >>> believes that SpamCop is a spammer, that IronPort is nefarious, that >>> SenderBase is totally inaccurate, and a number of other very negative >>> attitudes about the whole operation and concept. >>> >> and he can't type/spell worth a crap... >> /and/ no one has had the hutzpah (<--not in Tbird spelcheker) to suggest >> that /maybe/ he has another ax to grind, given rhyolite's business... > > chutzpah <--in my Tbird spillchucker brain fart on me... > > The only thing I've seen VJS be "positive" about is the Second Amendment. Indeed. From vanguard.news at yahooNIX.com Mon May 22 01:52:46 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Mon May 22 01:55:03 2006 Subject: [SpamCop-List] Add a field for user to enter spamvert URL Message-ID: I've noticed that the spammers seem to be more clever at obfuscating the URLs to sites that are in the body of the spam. They use illegal syntax in the URL but are either relying on the browser to ignore those characters or that the user will remove them to get the real URL for the spamvertized site. See my report at: http://www.spamcop.net/sc?id=z950554051z786f4648e7433be97d7183676297493ez (or http://snipurl.com/qsaw) Notice that SC couldn't find any URLs for spamvertized sites within the body, but there is one: www.^|^>|.mortrefibetterlife.com#fish.org. Apparently SC won't remove the illegal characters or properly truncate it. I suppose it is possible that trying to figure out all this obfuscation could result in returning the wrong URL, so I'm wondering why their web form doesn't let SC users enter the URL for the spamvertized site. The web form already provides for letting the user send separate notes to each recipient of the spam report. If an input textbox were added to let users specify the spamvert URL, the report would have to get recrocessed again to show the user to where SC will actually send the spam report (i.e., what SC determines is the recipient for that site). I figure SC won't be able to decipher every possible manner in which a spammer attempts to hide their URLs from a parser, like SC's parser. Another trick is to use a graphic image as the spam payload so the parser could never look inside to get at the spamvert URLs, but the user would still be able to figure it out. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From nobody at spamcop.net Mon May 22 00:44:05 2006 From: nobody at spamcop.net (N. Miller) Date: Mon May 22 02:45:02 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: <63oxiizgeyk1.dlg@news.spamcop.net> On Sun, 21 May 2006 16:02:51 -0700, Mike Easter wrote: > But I don't like long attributions. I prefer short, which would be: > N. Miller wrote: >> A real news reader This is the actual 40tude Dialog attribution for one of Michael Brennan's posts: | On Sun, 21 May 2006 11:18:33 -0500, Michael Brennan wrote: It is not the default, I changed the default in order to not include the poster's email address. The default attribution looks like this: | On Sun, 21 May 2006 11:18:33 -0500, Michael Brennan,Michael Brennan wrote: I think the first one, which I changed by removing ", %from%" from the attribution configuration, looks a lot better. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Mon May 22 00:47:29 2006 From: nobody at spamcop.net (N. Miller) Date: Mon May 22 02:50:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: Message-ID: <664d47wssndc.dlg@news.spamcop.net> On Sun, 21 May 2006 13:46:17 -0500, Michael Brennan of Not So's You'd Notice wrote: > I suppose I could play with it a while until it "looks right" according > to some stylebook someone has perhaps put out somewhere.......not that > I've ever seen it ..... but I think I owe it to myself, before I do > that, to see a good reason why it matters. Well, I am also playing with my news client. I guess it doesn't really matter how 40tude Dialog displays the attribution, either. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From david.topping at gnuemail.com Mon May 22 09:23:26 2006 From: david.topping at gnuemail.com (David Topping) Date: Mon May 22 03:25:03 2006 Subject: [SpamCop-List] Re: Spamcop enhancement request - Spamassassin config References: Message-ID: "anon" wrote in message news:e4qucn$4bf$1@news.spamcop.net... > > "David Topping" wrote in message > news:e4mp0g$35s$1@news.spamcop.net... >> I'm hosted on cPanel. >> >> Almost all my spam is caught by spamassassin and placed into an Imap >> folder marked 'spam'. The original message is attached to a notification >> message from that program. >> >> If I forward the entire email to spamcop email reporting, I get a bounce >> saying it couldn't find the source IP. This leaves me with only option - >> copy and paste the source of the attachement into spamcop's web based >> reporting system - something which can be time consuming. >> > > I'm just guessing what is happening and how to 'cure' it. > > Are you saying that SA places all the spam in a folder then 'mails ' > that-mail with the attached folder to you for you to 'do' something with > it? > > Maybe the following that happens to me will give you a hint of how you can > get the spam to SC as an attachment it can use. > > I have a friend who e-mails jokes etc that consist of nested attachments > (people have forwarded as attachment mail containing attachments.) Here is > what I do if I want to forward that attachment to someone else - so that > his mail is only one attachment deep (he click on the attachment and it > opens the original attachment contents.) > > My method - click on the original attachment, (still shows attachment) > click on that attachment (still shows attachment) repeat until the base > attachment opens. > > NOW back up one level (close that open e-mail) the mail now on the screen > shows an e-mail with an attachment - I forward (not forward as attachment) > THAT e-mail to whomever I want to get the attachment. > > Seems that the output of SA should follow some part of the above scenario > and enable you to FORWARD the appropriate e-mail to SC in a form that is > acceptable to SC. > > If this is still confusing, post and I will try to clarify. > -- > A SpamCop user and forum reader, > Not Admin > > > >> Is there any way to configure spamcop quick / email reporting to deal >> with attachments of attachements - ie look at the attachment of the >> attachment sent to the quick / email reporting address to find the >> original spam message? Surely this would be more useful in the long term, >> especially as cPanel hosting and spamassassin are both very popular. >> >> > Thanks for that. I fully understand what you're saying. Regards From dws at dealing-with-spam.info Mon May 22 12:12:14 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon May 22 05:15:08 2006 Subject: [SpamCop-List] Re: Newbie to Spamcop - Am I doing this right? References: Message-ID: Michael Brennan wrote on Fri, 19 May 2006 06:29:34 -0500: > Welcome to SpamCop. Mike Easter didn't mention it, but when replying to > posts in this newsgroup, the older hands appreciate it if you > bottom-post your response No they don't, they prefer that the response be *INLINE* posted. Obviously, if only one point is under discussion then bottom-posting and inline-posting are equivalent. In this particular instance, they're not, because there's a second point: > The 100-150/day sounds pretty grim. Actually, 100-150 is pretty slim, not grim. If it weren't for blocking lists and a firewall, that'd be nearer 5000 a day here, most of which going to a single account. From nobody at devnull.spamcop.net Mon May 22 08:46:58 2006 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Mon May 22 07:50:03 2006 Subject: [SpamCop-List] Nigeria (soon to be known also as Louisiana) 419 Message-ID: http://news.yahoo.com/s/nm/20060522/pl_nm/usa_congress_raid_dc_1 Ya have to read between the lines a bit to see the 419 link, but it smells kinda bad for this Louisiana lawmaker. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From jzeitlin at spamcop.net Mon May 22 09:17:00 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Mon May 22 08:20:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter References: Message-ID: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> On Sun, 21 May 2006 17:06:29 -0700, "Mike Easter" wrote: >The old history with Vernon was that back in 2002, a spamcop reporter >reported a spam [or spams] which had SpamAssassin headers which headers >had a rhyolite DCC website 'link' as part of its filtering report -- and >those headers became detached and pushed into the body with an empty >line -- which the parser named as a possible spamvertiser and the >reporter accepted instead of it being an IB. In addition to that, the >notify went to the pm for rhyolite because there wasn't a reg'd >abuse.net addy and the algorithm used the default pm. >So, from Vernon's point of view, the spamcop notify about his site sent >to his domain's pm about being a spamvertiser was spam. He and I >disagree about that concept. And I disagree with him on it as well. Certainly, his feeling that the notify was illegitimate was justified, but spam? No. >> I tend to believe that it's because SpamCop has automated a process >> that they believed themselves to be elite for having mastered >> manually, and believe that everybody should master manually. >Actually Vernon isn't a very good header parser, I think, and his >concept of the quality of the SC parse and process is not uptodate >because he developed his really bad attitude a long time ago. He >believes that SpamCop is a spammer, that IronPort is nefarious, that >SenderBase is totally inaccurate, and a number of other very negative >attitudes about the whole operation and concept. You'll note that I say that the process is one that "they believed themselves" et cetera, not that I necessarily agreed with them about it (although I *believe* that they feel that way (but don't know for sure)). I've never seen either of them publicly parse some headers, so I CAN'T comment on whether such a hypothetical belief on their part is valid or not. And your position with respect to VJS matches mine wrt RJ, save that I have no opinion on the actual quality of either's parsing ability (only on what I believe is their opinion of their own parsing ability). I believe that their problem with SpamCop really comes down to three, maybe four, issues - and I'm not sure I disagree with one of those issues: (1) Spamcop attempts (badly, in their uninformed opinion) to mechanize a process that cannot or should not be mechanized. Demonstrably false for cannot; matter of opinion for should not. It is granted that the mechanization is imperfect; it is noted that the nonmechanized version of the process is no less imperfect. (2) SpamCop commercializes spam reporting, thus benefits from spam, thus has motivation NOT to work toward solving the spam problem. Demonstrably false; basic spam reporting is free - spamcop commercializes ANONYMOUS spam reporting, and commercializes the provision of relatively spam-free email accounts. True, this means that they benefit from spam - after all, there wouldn't be a demand for the services if the spam problem wasn't out of control. But motivation not to work toward solving the spam problem? What IS the solution to the spam problem (yes, get the spammers off the net. That's the goal, not the solution. The solution is in the HOW.)? (3) Ironport (separate from SpamCop) is a spam supporter, most notably through the Bonded Sender (a.k.a. "Bonded Spammer") program. This is the issue I'm not sure I disagree with. If I'm clean, have always been clean, and am not engaging in email practices that might be viewed as dirty, I have no need to be certified clean by any third party. If I have such a need, I must have done something wrong in the past, or am doing something wrong in the present, that created/creates the perception that I'm not/may not be clean. The other side of the question, the forfeiting of the bond if the certifying third party feels that I have violated the certification, only reinforces that logic, and suggests that my CURRENT email practices are suboptimal. (4) SpamCop spams. This has been gone over and over and over. I disagree, as do you. No need to rehash. -- E?nw? (SpamCop subscriber, not staff/admin) From MikeE at ster.invalid Mon May 22 07:10:00 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 09:10:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: E?nw? wrote: > "Mike Easter" >> Actually Vernon isn't a very good header parser, I think, > mine wrt RJ, save that I have no opinion on the actual quality of > either's parsing ability (only on what I believe is their opinion of > their own parsing ability). Well, I've never engaged in a 'parsing contest' with VS, but since he seems to most strongly emphasisze how one can't trust any headers besides the ones stamped by one's own server - which is a given - so my sense of it is that he doesn't like to grub around in the nuances of 'unknown' headerlines very much. I seem to recall I may have thrown him a 'challenge' re header parsing somewhere along the way -- because when he was busy talking about how poorly SC parsed headers, it was my argument that he hadn't been keeping up with the evolution of SC's parsing in the same way I had. > (3) Ironport (separate from SpamCop) is a spam supporter, most notably > through the Bonded Sender (a.k.a. "Bonded Spammer") program. It is my understanding that Bonded Sender now belongs to Return Path http://emailuniverse.com/ezine-tips/?Return-Path-Acquires-IronPorts-Bonded-Sender&id=1277 Return Path Acquires IronPort's Bonded Sender [since 2005 April] Also, previously [under IronPort's aegis] Bonded Sender had some very loose requirements, especially about the opt-in and opt-out requirements. According to the information at ReturnPath's Sender Score Certified [since 2006 March] the 'rules' for Bonded Sender are now much more restrictive than they were under IronPort [to the best of my recollection when I read them when BS was IP's] http://www.senderscorecertified.com/faqs/standards.html Why is Return Path changing Sender Score Certified Standards? -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Mon May 22 09:55:16 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 22 10:00:03 2006 Subject: [SpamCop-List] ABC news doesn't do confirmed opt in? or? Message-ID: see http://www.spamcop.net/sc?id=z950971401zc88222900bc24379c3de016013764e9dz now I haven't visited or registered with ABC news if indeed this is who the spammer purports to be, and I never visit .biz or .info sites The link to a .biz is mighty suspicious, althought there is a rumour that there is maybe one legit .biz site somewhere in the world. Anyway I LARTed, went to Verio What would be the point of spamming me with breaking news, if indeed that's what this is? From MikeE at ster.invalid Mon May 22 08:43:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 10:45:02 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: Message-ID: Berny wrote: www.spamcop.net/sc?id=z950971401zc88222900bc24379c3de016013764e9dz The 'rules' around here -- IMO -- for reading spam is that you have to read the headers first, then you analyze the situation vis spamsource and spamvertiser. Then and only then do you get to engage in the folly of trying to read the mind of the spambody creator. spamsource = 161.58.36.198 rDNS asus-it.com OrgName: NTT America NetRange: 161.58.0.0 - 161.58.255.255 OrgAbuseEmail: abuse@us.ntt.net 161.58.36.198 listed in bl.spamcop.net delisted automatically in approximately 23 hours users have reported system as a source of spam about 20 times 161.58.36.200 rDNS hi-trio.com 161.58.36.200 listed in bl.spamcop.net will be delisted automatically in approximately 8 hours users have reported system as a source of spam about 50 times past 2.5 days, it has been listed 2 times for a total of 39 hours spamvertiser = msn-today.biz DNS 80.92.66.14 descr: Datacenter Luxembourg inetnum: 80.92.64.0 - 80.92.67.255 whois -h whois.abuse.net dclux.com ... lnunenthal@dclux.com > now I haven't visited or registered with ABC news What does this have to do with ABC news except that it is mentioned in the spamsubject and spambody? > Anyway I LARTed, went to Verio > > What would be the point of spamming me with breaking news, if indeed > that's what this is? This is the part where we read the spambody and chat about what the spambody creator was thinking? OK. First, we check out what happens when we click the link, we find that we are redirected to http://www.be-sure.biz There we find a big spamvertisement for Spur-M to increase your ejaculatory volume by 500% which www.be-sure.biz is allegedly located at: 204.200.207.48 = www.topdirect.net 207.56.100.102 = www.tipplace.com 198.170.233.53 = www.euro-cc.com 199.239.255.150 = www.tiptime.net Before we go chasing those around, somewhere along the way we start to realize that what we are reading in the spam isn't really what it is all about. The spam sez that we are getting these ABC news broadcasts because we have subscribed and we can go unsub. -- Mike Easter kibitzer, not SC admin From ppearson at nowhere.invalid Mon May 22 16:11:05 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Mon May 22 11:15:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link (digression) References: Message-ID: On Fri, 19 May 2006 18:25:53 -0400, POP wrote: > Well, from the little bit you provided: > something doesn't look very good at their supposed web site. > I got a Port 80 Index of their files there, [snip] Sorry about the distraction, but . . . how do you do that? -- To email me, substitute nowhere->spamcop, invalid->net. From tmcgraw at spamcop.net Mon May 22 09:54:26 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 22 11:55:03 2006 Subject: [SpamCop-List] Re: RR guides to use spammers link (digression) In-Reply-To: References: Message-ID: Peter Pearson wrote: > POP wrote: >> Well, from the little bit you provided: >> something doesn't look very good at their supposed web site. >> I got a Port 80 Index of their files there, > [snip] > > Sorry about the distraction, but . . . how do you do that? Port 80 is the conduit for HTTP - POP was saying that merely loading that URL into the browser gives a simple index. From bar_n0ne at hotmail.com Mon May 22 12:14:04 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 22 12:15:03 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: Message-ID: "Mike Easter" wrote in message news:e4simn$tp0$1@news.spamcop.net... > Berny wrote: > SNIPPED > Before we go chasing those around, somewhere along the way we start to > realize that what we are reading in the spam isn't really what it is all > about. > > The spam sez that we are getting these ABC news broadcasts because we > have subscribed and we can go unsub. Well I had a feeling, I would have thought a straight up spam would come from and "spamvertize" an ABC news dot com site, where/whatever that is. Exactly who wants more messy SPUR-M anyway? Thanks Mike From MikeE at ster.invalid Mon May 22 10:30:55 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 12:35:03 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: Message-ID: Berny wrote: > "Mike Easter" >> Before we go chasing those around, somewhere along the way we start >> to realize that what we are reading in the spam isn't really what it >> is all about. > I would have thought a straight up spam would come from and Ah, now there's something more interesting to talk about that spam than what the spambody sez. > "spamvertize" an ABC news dot com site, where/whatever that is. Don't forget, the spamvertiser was msn-today.biz -- not ABCNEWS.com In fact, not only is the spam 'straightup' vis the From is 'honest' and >From = source -- but also the From/source is SPF compliant. SPF Information for 161.58.36.198 SPF lookup of sender 6bctmd@asus-it.com from IP 161.58.36.198: SPF string used: v=spf1 a ptr -all. Processing SPF string: v=spf1 a ptr -all. Testing 'a' on IP=161.58.36.198, target domain asus-it.com, CIDR 32, default=PASS. MATCH! Testing 'ptr' on IP=161.58.36.198, target domain asus-it.com, CIDR 32, default=PASS. Testing 'all' on IP=161.58.36.198, target domain asus-it.com, CIDR 32, default=FAIL. Result: PASS Possible Results: Pass - This IP is authorized to send E-mail from this domain. So, that spam would pass various spamfilters or checkpoints. The SPF works. The spambody, subject, and From isn't spammish. It turns out the most important filter for this one is that the source is SCbl listed, so my filter would have caught it. The website redirects and neither the spamvertised one nor the redirects are blocklisted. Yet. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon May 22 11:52:03 2006 From: nobody at spamcop.net (Dar) Date: Mon May 22 13:55:04 2006 Subject: [SpamCop-List] Time to Eat Crow Message-ID: I received a spam message a couple of days ago and forwarded it on to: abuse@he.net http://www.spamcop.net/sc?id=z951133172z19b9ae119b0d3cd803c233f81dc0303ez They replied: We have notified the subcontracting ISP who is responsible for the IP space, and forwarded a copy of your complaint to them. They should be responding to your complaint shortly. If you do not hear back from them within 48 hours please click the following link and let us know: http://abuseresponse.he.net/index.php?id=1653057 After that, spam from that IP, 216.66.66.20, increased substantially. This morning, after becoming angry, I ran several through spamcop -- I also, accidentally, ran their response through as well. I have sent an apology, but have also blocked that IP from our server. Is there anything else required of me? Dar From MikeE at ster.invalid Mon May 22 12:12:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 14:15:02 2006 Subject: [SpamCop-List] Re: Time to Eat Crow References: Message-ID: Dar wrote: > abuse@he.net > They replied: > I also, accidentally, ran their response through as well. > > I have sent an apology > Is there anything else required of me? You send your apology to the address you notified with the 'false' report [so that would be about being a source and maybe spamvertiser if a link showed up in that bad report] and you also notify the deputy including the bad reportid. The deputy would only need to act on the issue if the source IP became blocklisted and if the 'retraction' of the report count would delist the IP and if the deputy 'felt like it'. If the source IP weren't blocklisted as a consequence of the bad report 'alone', no action would be necessary. That is, it is possible/likely that if listed, the removal of the single bad report wouldn't effect a delisting anyway. [I would rather try to read the mind of a deputy than a spammer ;-) ] -- the deputy might not feel like it if s/he thought that the situation about being blocklisted and eventual autodelisting without any action was just as well, all things considered. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 22 12:18:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 14:20:02 2006 Subject: [SpamCop-List] Re: Received 137kb attachment as spam. References: Message-ID: Ant wrote: > "Mike Easter" wrote: >> of saying there is a b64 >> attachment which when decoded will be a .mim file, which is true, >> but in reality it will be as Ant describes. Said another way, after >> b64 decoding, the .mim file is a file which starts "begin 664 New >> Video,zip <47 spaces>.sCr" -- indicating that it is still in the >> b64 encoded condtion. > > The 'begin ' indicates UUencoding. You are right. I said wrong. >> A b64 which is b64/d which after final decoding results in an >> executable. > > UUencode wrapped in the B64 mim. Right. What Ant sed. -- Mike Easter kibitzer, not SC admin From big_mart_98 at yahoo.com Mon May 22 20:37:41 2006 From: big_mart_98 at yahoo.com (Martin Edwards) Date: Mon May 22 14:35:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: Is RJ the same one who occasionally trolls in alt.transport.urban-transit? From nobody at spamcop.net Mon May 22 13:23:30 2006 From: nobody at spamcop.net (N. Miller) Date: Mon May 22 15:25:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: <1h7ujudnqet1i$.dlg@news.spamcop.net> Message-ID: On Sun, 21 May 2006 16:25:31 -0700, Mike Easter from SpamCop wrote: > Back to the attribution business. > > With OEQF, I have more configurational choices than I've described. The > 3 preconfigured ones are short, short + email, and Outlook Express > (native). In addition, I can custom 'fit' the attribution, based on > these features or this example: > > On %t [GMT+1=CET],\n%n <%m> wrote:\n > > %n = name of sender > %m = email address > \n = line break > %l = reference link (news) > > but, those 'features' namely 'name of sender' and 'email address' are > based on the From of the header being properly configured, not in the > condition that Michael's are. > > I would have to do some experimenting to see what is derived for those > strings for the condition of Michael's From. 40tude Dialog adds a couple of other aspects to the attribution line, if so configured. Just check your attribution in this post. ;) -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Mon May 22 13:31:46 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 15:35:03 2006 Subject: [SpamCop-List] Re: M$ SpamCop BL'd References: <1h7ujudnqet1i$.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sun, 21 May 2006 16:25:31 -0700, Mike Easter from SpamCop wrote: > >> Back to the attribution business. >> On %t [GMT+1=CET],\n%n <%m> wrote:\n > 40tude Dialog adds a couple of other aspects to the attribution line, > if so configured. Just check your attribution in this post. ;) In the 'model' the words 'from SpamCop' would be inserted before the word 'wrote' and my %t would look just like yours. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 22 13:35:50 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 15:40:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: Martin Edwards wrote: > Is RJ the same one who occasionally trolls in > alt.transport.urban-transit? Why do I have to go look that up instead of you? The RJ which Eonwe started talking about here is Richard Johnson who posts from river.com munged with whirlpool. I don't see such a poster using advanced googlegroups on a.t.u-t -- but I have no idea about the various personas in that group. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 22 13:43:16 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 22 15:45:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: Martin Edwards wrote: > alt.transport.urban-transit? No such group. There is, however, a misc.transport.urban-transit From MikeE at ster.invalid Mon May 22 13:54:00 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 22 15:55:03 2006 Subject: [SpamCop-List] Re: PING Mike Easter References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: Tim McGraw wrote: > Martin Edwards wrote: >> alt.transport.urban-transit? > > No such group. > > There is, however, a misc.transport.urban-transit And the only 4 RJ posts I see there in the last 1200 messages don't seem particularly trollish and they aren't the Richard Johnson of nanae. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon May 22 14:08:28 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 22 16:10:02 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Michael Brennan wrote: > How would you prefer to tackle the problem that Blue Frog took on? > What strategy would you suggest? One is not required to have a good solution in order to identify a bad one. From nobody at devnull.spamcop.net Mon May 22 14:11:12 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 22 16:15:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: Tim wrote... > > Michael Brennan wrote: > >> It involves frogmen rising out of the sea, smoking ruins, and slowly >> cooling spammers. > > Conjures up some nice images. Very nice. > > Anything that hurts spammers is a good. Not so. Shutting down the entire Internet would hurt spammers, but would not be good. Hurting spammerts without hurting innocent third parties is good. From nobody at devnull.spamcop.net Mon May 22 14:20:25 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 22 16:25:04 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: <5586126.ZfF6dy57tU@rawgames.org> Message-ID: Technomage Hawke wrote... > G|_|Y |\/|AC0|\| wrote: > >> Jesse Hathaway wrote... [snip] >> >> Amazing how well the corrolation between top-posting and being wrong >> holds >> up... > > passing judgment? gee, better be careful. you might get judged on your own > standards (and I know you won't like it). And you know this ... how? I have no problem with being judged by my own standards. Like all humans, I sometimes fail to meet my own standards, and I welcome it when someone points it out -- it helps me to improve myself. In addition, my mentioning the correlation between top-posting and being wrong is an observation, not a passing of judgment. There is no shame in being wrong, and continued top-posting simply shows that the top-poster cares more about his/her own imagined convenience than in making his/her posts easy to read. They have every right to make that decision, just as I have every right to killfile them. From kenbrody at spamcop.net Mon May 22 16:26:27 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon May 22 17:45:02 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: Message-ID: <44721063.C27BDDB3@spamcop.net> Berny wrote: [...] > The link to a .biz is mighty suspicious, althought there is a rumour that > there is maybe one legit .biz site somewhere in the world. [...] A local pizzeria used to list a .biz domain on their menus. (I haven't been their lately to know if they still do.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From bar_n0ne at hotmail.com Mon May 22 17:57:29 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 22 18:00:04 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: <44721063.C27BDDB3@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:44721063.C27BDDB3@spamcop.net... SNIP > A local pizzeria used to list a .biz domain on their menus. (I haven't > been their lately to know if they still do.) Did they serve virtual Pizzas?, or were they just run of the mil scammers? ;-) From peterm at nospam.spamcop.net Mon May 22 23:57:32 2006 From: peterm at nospam.spamcop.net (PeterM) Date: Mon May 22 18:00:15 2006 Subject: [SpamCop-List] Spamcop mail and reporting websites down?? Message-ID: I can't access http://www.spamcop.net or http://mailsc.spamcop.net ;I get this error on both: An error occurred while processing your request. Reference #97.c863554.1148334956.3dc47c4 although http://mail.spamcop.net and IMAP access seem to be fine.. Anyone have an official explanation Peter From bar_n0ne at hotmail.com Mon May 22 17:58:30 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 22 18:00:23 2006 Subject: [SpamCop-List] Re: ABC news doesn't do confirmed opt in? or? References: <44721063.C27BDDB3@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:44721063.C27BDDB3@spamcop.net... > A local pizzeria used to list a .biz domain on their menus. (I haven't > been their lately to know if they still do.) The Pizzas weren't Pyramidal in shape were they? From bar_n0ne at hotmail.com Mon May 22 18:00:25 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 22 18:05:03 2006 Subject: [SpamCop-List] Re: Spamcop mail and reporting websites down?? References: Message-ID: "PeterM" wrote in message news:e4tc4d$v21$1@news.spamcop.net... > I can't access http://www.spamcop.net or http://mailsc.spamcop.net ;I get > this error on both: > > An error occurred while processing your request. > Reference #97.c863554.1148334956.3dc47c4 > > > although http://mail.spamcop.net and IMAP access seem to be fine.. > > Anyone have an official explanation > > Peter > > Fine for me not 5 minutes ago, try again. From nobody at devnull.spamcop.net Mon May 22 23:33:56 2006 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Mon May 22 22:35:10 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? In-Reply-To: References: Message-ID: Jamie wrote: > I just went to http://www.bluesecurity.com/ and they have this notice on > ther website right now.This another hijacking or is this for real? For real: http://news.google.ca/news?hl=en&ned=&q=Blue+Security&btnG=Search+News -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nospam at nospam.org Tue May 23 07:55:27 2006 From: nospam at nospam.org (Ejo) Date: Tue May 23 01:00:10 2006 Subject: [SpamCop-List] Re: PING Mike Easter In-Reply-To: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> References: <7j8372tdkv272bt8h9jn7tmbvfnjo203ti@4ax.com> Message-ID: E?nw? wrote: > > I believe that their problem with SpamCop really comes down to three, > maybe four, issues - and I'm not sure I disagree with one of those > issues: > > (1) Spamcop attempts (badly, in their uninformed opinion) to mechanize a > process that cannot or should not be mechanized. Demonstrably false for > cannot; matter of opinion for should not. It is granted that the > mechanization is imperfect; it is noted that the nonmechanized version > of the process is no less imperfect. Most e-mail headers are pretty accurate and display how a messages traveled from A to B. Some servers are known to mangle headers, addresses loop back to 127.0.0.1 and so on. Sometimes headers are stripped by e-mail clients like outlook. Yes, the world is not perfect. For most cases additional checks are required to pass some domains, and you can provide this in the mailhost configuration. Apparently reading back headers isn't trivial, and there are cases where parsers fail. But apparently SC in its present stage is pretty good at doing so, and, as a user you can control or verify it. > (2) SpamCop commercializes spam reporting, thus benefits from spam, thus > has motivation NOT to work toward solving the spam problem. Demonstrably > false; basic spam reporting is free - spamcop commercializes ANONYMOUS > spam reporting, and commercializes the provision of relatively spam-free > email accounts. True, this means that they benefit from spam - after > all, there wouldn't be a demand for the services if the spam problem > wasn't out of control. But motivation not to work toward solving the > spam problem? What IS the solution to the spam problem (yes, get the > spammers off the net. That's the goal, not the solution. The solution > is in the HOW.)? Anyone that gets involved in a substantial activity whereby a hobby is turned into a business has at some point to decide to ask for money. SC h