From eddie at eddie.web Tue Mar 1 11:51:54 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 11:55:03 2005 Subject: [SC-Help] password "glitch" Message-ID: I just changed my SC password. So far, so good. Now, however, each and everytime I go to the web reporting page, I have to log in again. Will this eventually stop or am I doomed to have to log in for each piece of spam I now submit??? -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Mar 1 11:59:30 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 12:00:05 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 11:51:54 -0500, eddie scratched out the following: > I just changed my SC password. So far, so good. Now, however, each and > everytime I go to the web reporting page, I have to log in again. I just deleted my SC cookie. Perhaps that's the problem??? I won't be able to tell until I get some more spam -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Tue Mar 1 09:03:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 12:05:02 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: eddie wrote: > I just changed my SC password. So far, so good. > Now, however, each and everytime I go to the web reporting page, I > have to log in again. Will this eventually stop or am I doomed to > have to log in for each piece of spam I now submit??? Change your favorites or bookmarks or links link to the one which you have logged into. There's been some change so that now for me it is http://www.spamcop.net/ instead of something slightly different which it was before. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Tue Mar 1 12:14:09 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 12:15:04 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 09:03:06 -0800, Mike Easter scratched out the following: > eddie wrote: >> I just changed my SC password. So far, so good. Now, however, each and >> everytime I go to the web reporting page, I have to log in again. Will >> this eventually stop or am I doomed to have to log in for each piece of >> spam I now submit??? > > Change your favorites or bookmarks or links link to the one which you have > logged into. > > There's been some change so that now for me it is http://www.spamcop.net/ > instead of something slightly different which it was before. I deleted all the SC cookies. the problem is not logging into the SC reporting server, the problem is that I am asked for a login again each time I submit a piece of spam. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Mar 1 12:24:53 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 12:25:03 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 09:03:06 -0800, Mike Easter scratched out the following: > eddie wrote: >> I just changed my SC password. So far, so good. Now, however, each and >> everytime I go to the web reporting page, I have to log in again. Will >> this eventually stop or am I doomed to have to log in for each piece of >> spam I now submit??? > > Change your favorites or bookmarks or links link to the one which you have > logged into. > > There's been some change so that now for me it is http://www.spamcop.net/ > instead of something slightly different which it was before. There appears to be something wrong in the communication between the SC mail server and the reporting site. If this continues I will simply give up -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Mar 1 12:35:07 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 12:35:05 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 09:03:06 -0800, Mike Easter scratched out the following: > eddie wrote: >> I just changed my SC password. > > Change your favorites or bookmarks or links link to the one which you have > logged into. > I wonder if there is a limit on the number of characters and/or that that number is different from SC to the reporting server? I had made my new password longer than the older one. I just changed the PW back to the original one and it seems to work fine on both the mail and reporting sites. It's either a length problem or a glitch on the reporting server. When it wasn't working, sometimes the reporting site rejected my password, but if I canceled the popup login window, it let me in. I do not think it's a local problem. I suspect an interface error in the SC system. I wonder if others have had a similar problem? Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Tue Mar 1 09:38:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 12:40:04 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: eddie wrote: > Mike Easter >> eddie wrote: >>> I just changed my SC password. So far, so good. Now, however, each >>> and everytime I go to the web reporting page, I have to log in >>> again. I didn't recently change my pw; but the last time my pw authorization 'lapsed' and I had to reenter the pw, I had the same problem, but I fixed it. As described. >> There's been some change so that now for me it is >> http://www.spamcop.net/ instead of something slightly different >> which it was before. > > There appears to be something wrong in the communication between the > SC mail server and the reporting site. Mail server? Communication? I tho't we were talking about your web reporting page pw. Do you have some different problem than what I cited above? > If this continues I will > simply give up Okey dokey. Whatever trips your trigger. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Mar 1 11:44:07 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Mar 1 12:45:06 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: "eddie" wrote in message news:pan.2005.03.01.17.35.06.478000@eddie.web... > > I wonder if there is a limit on the number of characters and/or that that > number is different from SC to the reporting server? I had made my new > password longer than the older one. Comversation over the last couple of days over in the Forum has defined JT's side of the system as a limit of 30 characters. From eddie at eddie.web Tue Mar 1 12:59:24 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 13:00:02 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 11:44:07 -0600, WazoO scratched out the following: > "eddie" wrote in message > news:pan.2005.03.01.17.35.06.478000@eddie.web... >> >> I wonder if there is a limit on the number of characters and/or that >> that number is different from SC to the reporting server? I had made my >> new password longer than the older one. > > Comversation over the last couple of days over in the Forum has defined > JT's side of the system as a limit of 30 characters. Thanks for the info: My new Password was only 9 characters, so that's not it. The problem was with the reporting site, not the email site. As I noted, I set the PW back to the original one and it works again I suspect something not working correctly between the PW accounts on the two servers. I had cleared out all my cache and cookies, so I don't think the problem is on my end, but I have been wrong before. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Mar 1 13:03:18 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 13:05:02 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 09:38:01 -0800, Mike Easter scratched out the following: > eddie wrote: >> Mike Easter >>> eddie wrote: >>>> I just changed my SC password. So far, so good. Now, however, each and >>>> everytime I go to the web reporting page, I have to log in again. > > I didn't recently change my pw; but the last time my pw authorization > 'lapsed' and I had to reenter the pw, I had the same problem, but I fixed > it. As described. > >>> There's been some change so that now for me it is >>> http://www.spamcop.net/ instead of something slightly different which >>> it was before. >> >> There appears to be something wrong in the communication between the SC >> mail server and the reporting site. > > Mail server? Communication? I tho't we were talking about your web > reporting page pw. Do you have some different problem than what I cited > above? I have a paid email/reporting account. There are two servers: I log into the email server to get/sort/read my email. I have to log into the reporting server (completely different interface) in order to report spam. It uses the same login ID and password, but requires a separate login. Somehow, when you change your password on the email server, the reporting server gets a copy so it "knows" your password. I am guessing that this is how it works, but somehow, the reporting server does "know" your password even though you reset it only from the email server. Somewhere, that process got messed up. I did give up, sort-of, and changed my PW back to the original and now it works again. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Tue Mar 1 20:45:55 2005 From: nobody at devnull.spamcop.net (Cat) Date: Tue Mar 1 21:50:03 2005 Subject: [SC-Help] Re: password "glitch" In-Reply-To: References: Message-ID: Mike Easter wrote: >>>eddie wrote: >>> >>>>I just changed my SC password. So far, so good. Now, however, each >>>>and everytime I go to the web reporting page, I have to log in >>>>again. > > > I didn't recently change my pw; but the last time my pw authorization > 'lapsed' and I had to reenter the pw, I had the same problem, but I > fixed it. As described. I get this same problem all the time whether I submit a spam directly at www.spamcop.net or whether I send an e-mail submission. I have to log in again once a day. Also if it helps any, I'm just a free user. From eddie at eddie.web Tue Mar 1 22:07:21 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 22:10:03 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 09:38:01 -0800, Mike Easter scratched out the following: >snip > Mail server? Communication? I tho't we were talking about your web > reporting page pw. Do you have some different problem than what I cited > above? Clearly, you don't have a paid email account with SC -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Tue Mar 1 21:25:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 2 00:25:03 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: eddie wrote: > Mike Easter >> Mail server? Communication? I tho't we were talking about your web >> reporting page pw. Do you have some different problem than what I >> cited above? > > Clearly, you don't have a paid email account with SC Correct. Here's where I came in. eddie wrote: > I just changed my SC password. So far, so good. > Now, however, each and everytime I go to the web reporting page, I > have to log in again. Will this eventually stop or am I doomed to > have to log in for each piece of spam I now submit??? eddie wasn't talking about any email account. eddie was talking about the web reporting page. Later on, eddie had this to say eddie wrote: > I have a paid email/reporting account. There are two servers: > I log into the email server to get/sort/read my email. > I have to log into the reporting server (completely different > interface) in order to report spam. It uses the same login ID and > password, but requires a separate login. Somehow, when you change > your password on the email server, the reporting server gets a copy > so it "knows" your password. I am guessing that this is how it works, > but somehow, the reporting server does "know" your password even > though you reset it only from the email server. Somewhere, that > process got messed up. However, my theory about what is wrong is different from eddie's; but then I'm way outside of that loop and just hypothesizing without any way of testing my hypothesis, so that's not very useful. However, I'm still of the opinion that eddie's problem is no different from the problem I encountered with my pw not sticking and my theory is that it has nothing to do with the mail gizmo's inability to communicate with the web reporting gizmo -- if there is any such thing. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Wed Mar 2 11:59:16 2005 From: eddie at eddie.web (eddie) Date: Wed Mar 2 12:00:03 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: On Tue, 01 Mar 2005 21:25:10 -0800, Mike Easter scratched out the following: > eddie wrote: >> Mike Easter >>> Mail server? Communication? I tho't we were talking about your web >>> reporting page pw. Do you have some different problem than what I >>> cited above? >> >> Clearly, you don't have a paid email account with SC > > Correct. Here's where I came in. > > eddie wrote: >> I just changed my SC password. So far, so good. Now, however, each and >> everytime I go to the web reporting page, I have to log in again. Will >> this eventually stop or am I doomed to have to log in for each piece of >> spam I now submit??? > > > eddie wasn't talking about any email account. eddie was talking about the > web reporting page. > > Later on, eddie had this to say > > eddie wrote: >> I have a paid email/reporting account. There are two servers: I log into >> the email server to get/sort/read my email. I have to log into the >> reporting server (completely different interface) in order to report >> spam. It uses the same login ID and password, but requires a separate >> login. Somehow, when you change your password on the email server, the >> reporting server gets a copy so it "knows" your password. I am guessing >> that this is how it works, but somehow, the reporting server does "know" >> your password even though you reset it only from the email server. >> Somewhere, that process got messed up. > > > However, my theory about what is wrong is different from eddie's; but > then I'm way outside of that loop and just hypothesizing without any way > of testing my hypothesis, so that's not very useful. > > However, I'm still of the opinion that eddie's problem is no different > from the problem I encountered with my pw not sticking and my theory is > that it has nothing to do with the mail gizmo's inability to communicate > with the web reporting gizmo -- if there is any such thing. I can only change my password on the SC email page. When I access the reporting site, a different server I am asked for a password. I have to log in separately to that site. However, the password is the same as for the email server, so obviously they "talk" to each other. There is no way to change the password on just the reporting site. Both passwords are identical. Two separate servers - one password. Clearly they "talk" and the bug I ran into is a communication problem between them. -- Once movie theaters gave out steak knives Today they confiscate them From viper at venomx.com Thu Mar 3 04:38:33 2005 From: viper at venomx.com (Viper) Date: Thu Mar 3 04:46:27 2005 Subject: [SC-Help] Re: password "glitch" References: Message-ID: Mike Easter wrote: > eddie wrote: >> Mike Easter >>> eddie wrote: >>>> I just changed my SC password. So far, so good. Now, however, each >>>> and everytime I go to the web reporting page, I have to log in >>>> again. > > I didn't recently change my pw; but the last time my pw authorization > 'lapsed' and I had to reenter the pw, I had the same problem, but I > fixed it. As described. > >>> There's been some change so that now for me it is >>> http://www.spamcop.net/ instead of something slightly different >>> which it was before. >> Mike I had the same problem and had to change my bookmark to just www.spamcop.net and all seems fine. Guessing something changed., From spam at euclidian.com Thu Mar 3 23:17:31 2005 From: spam at euclidian.com (I Love Spam) Date: Thu Mar 3 23:20:03 2005 Subject: [SC-Help] Too many people are reporting spam Message-ID: You all need to take a pill and stop worrying about spam... spam is great! From Kilgallen at SpamCop.net Thu Mar 3 22:24:59 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Mar 3 23:25:03 2005 Subject: [SC-Help] Re: Too many people are reporting spam References: Message-ID: In article , "I Love Spam" writes: > You all need to take a pill and stop worrying about spam... spam is = > great! I love the smell of burnt spammer in the morning. From eddie at eddie.web Thu Mar 3 23:30:11 2005 From: eddie at eddie.web (eddie) Date: Thu Mar 3 23:35:02 2005 Subject: [SC-Help] Re: Too many people are reporting spam References: Message-ID: On Thu, 03 Mar 2005 22:24:59 -0600, Larry Kilgallen scratched out the following: > I love the smell of burnt spammer in the morning. Or anytime of day or night. - it smells like ---- like --- victory -- Once movie theaters gave out steak knives Today they confiscate them From dwvbo91q4001 at sneakemail.com Fri Mar 4 05:02:09 2005 From: dwvbo91q4001 at sneakemail.com (Tim P) Date: Fri Mar 4 00:05:06 2005 Subject: [SC-Help] Re: spamcop parsing ok but reporting page still buggy. References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "DougW" wrote in news:cvu4jc$c5d$1@news.spamcop.net: > From a spam recently reported. > The spam URL contained (CR) codes and parsed correctly > but displayed in the b0rken way. > > Re: http://ofiysof.myr (Administrator of network hosting > website referenced in spam) > To: abuse@newworldtel.com (Notes) > Additional notes (optional - max 2000 characters): > Clearly, there must be a bug when I get replies from abuse desks quoting this: > Spamvertised web site: http:// [nothing follows the //] http://www.spamcop.net/w3m? i=z1370491475ze38df162dd495b2879e8b4ec7e2d7 520z -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQifrrvkOwY5RskHOEQJLAwCfbq9abPIln/ZPxm/yv3N7ZPa6mmwAoIBZ NhssyPMoIzA3jFGVnIACm32y =oyFo -----END PGP SIGNATURE----- From jvm_cop at spamcop.net Mon Mar 7 15:47:48 2005 From: jvm_cop at spamcop.net (J. Merrill) Date: Sun Mar 6 15:50:05 2005 Subject: [SC-Help] "No links found" ??? I see a whole bunch of them! Message-ID: I just posted (to .Spam) an email message that seems to have correctly formed HTML with lots and lots of links, but Spamcop's analysis included Finding links in message body Parsing HTML part no links found What might be causing this? Thanks. From lart-o-matic at revbeergoggles.com Sun Mar 6 14:54:41 2005 From: lart-o-matic at revbeergoggles.com (Rev Beergoggles) Date: Sun Mar 6 15:55:04 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: J. Merrill did pass the time by typing: > I just posted (to .Spam) an email message that seems to have > correctly formed HTML with lots and lots of links, but Spamcop's > analysis included > > Finding links in message body > Parsing HTML part > no links found > > What might be causing this? Thanks. Good question. I've had four spams with obvious spammer URL that failed to parse. Something is b0rked. :( -- rbg head kook and bottle washer, revbeergoggles.com (please reply to postmaster@, lart-o-matic is a spamtrap) From bar_n0ne at hotmail.com Mon Mar 7 08:38:42 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Mar 6 23:40:03 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: "Rev Beergoggles" wrote in message news:d0fqme$akm$1@news.spamcop.net... > J. Merrill did pass the time by typing: > > I just posted (to .Spam) an email message that seems to have > > correctly formed HTML with lots and lots of links, but Spamcop's > > analysis included > > > > Finding links in message body > > Parsing HTML part > > no links found > > > > What might be causing this? Thanks. > > Good question. I've had four spams with obvious > spammer URL that failed to parse. Something is b0rked. :( > > -- > rbg Often, if you re-parse, (view source and come back or refresh the page) it will find them. From eddie at eddie.web Mon Mar 7 00:22:48 2005 From: eddie at eddie.web (eddie) Date: Mon Mar 7 00:25:03 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: On Mon, 07 Mar 2005 15:47:48 -0500, J. Merrill scratched out the following: > I just posted (to .Spam) an email message that seems to have correctly > formed HTML with lots and lots of links, but Spamcop's analysis included > > Finding links in message body > Parsing HTML part > no links found > > What might be causing this? Thanks. SC will miss links if there is no space after the header. If you insert a space before the first "From" (right after the Message-ID line) SC will usually parse properly. Please don't ask why the software won't do this. And inserting a space does NOT "materially change the spam" so it's OK to do this. -- Once movie theaters gave out steak knives Today they confiscate them From bar_n0ne at hotmail.com Mon Mar 7 09:54:51 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Mar 7 00:55:03 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: "eddie" wrote in message news:pan.2005.03.07.05.22.47.375000@eddie.web... > On Mon, 07 Mar 2005 15:47:48 -0500, J. Merrill scratched out the > following: > > > I just posted (to .Spam) an email message that seems to have correctly > > formed HTML with lots and lots of links, but Spamcop's analysis included > > > > Finding links in message body > > Parsing HTML part > > no links found > > > > What might be causing this? Thanks. > SC will miss links if there is no space after the header. > If you insert a space before the first "From" (right after the Message-ID > line) SC will usually parse properly. Please don't ask why the software > won't do this. And inserting a space does NOT "materially change the spam" > so it's OK to do this. > > -- > Once movie theaters gave out steak knives > Today they confiscate them All mail MUST have a blank line after the last header, if there isn't one your mail agent might be dropping it.If there wasn;t one to begin with, it's amazing you received it. Usually the blank line is lost when people attempt to munge the emails for submission. From eddie at eddie.web Mon Mar 7 01:40:13 2005 From: eddie at eddie.web (eddie) Date: Mon Mar 7 01:45:02 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: On Mon, 07 Mar 2005 09:54:51 +0400, Berny scratched out the following: snip > > All mail MUST have a blank line after the last header, if there isn't one > your mail agent might be dropping it.If there wasn;t one to begin with, > it's amazing you received it. Usually the blank line is lost when people > attempt to munge the emails for submission. It's not my mailer. I preview all my mail via SC's webmail page and that's how some of it comes in - either the spammer does it or some mis-configured server does it, but when I get it and pass it directly to SC's parser, it misses the links if the blank line is missing. It's rare, but when it happens, I add the blank and resubmit it. I do it all via SC's web interface. I only download my real email from the SC inbox after I have checked everything and reported all the spam first. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Mon Mar 7 08:08:17 2005 From: nobody at spamcop.net (Ellen) Date: Mon Mar 7 08:10:06 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: "eddie" wrote in message news:pan.2005.03.07.05.22.47.375000@eddie.web... > On Mon, 07 Mar 2005 15:47:48 -0500, J. Merrill scratched out the > following: > > > I just posted (to .Spam) an email message that seems to have correctly > > formed HTML with lots and lots of links, but Spamcop's analysis included > > > > Finding links in message body > > Parsing HTML part > > no links found > > > > What might be causing this? Thanks. > SC will miss links if there is no space after the header. > If you insert a space before the first "From" (right after the Message-ID > line) SC will usually parse properly. Please don't ask why the software > won't do this. And inserting a space does NOT "materially change the spam" > so it's OK to do this. > The messageID is not necessarily the end of the original headers -- please do not arbitrarily insert blank lines. There should already be a blank line after the end of the headers and before the beginning of the body of the spam. Ellen SpamCop From apuzzuoli at comcast.net Mon Mar 7 12:47:39 2005 From: apuzzuoli at comcast.net (Al pUzzuoli) Date: Mon Mar 7 12:50:04 2005 Subject: [SC-Help] Reporting via email takes a long time? Message-ID: Hi all, I have been a user of the Paid reporting service for some time now. For months, I was able to happily report spam by forwarding messages to my submittal address. This still works but lately, I've noticed that for some reason, Spam cop can take anywhere from half an hour or more to send back an acknowledgement. At least for me, this delay has really cut down on the efficiency and over all usability of the service. Often times, I find that I submit a spam, and by the time the confirmation message arrives, I have moved onto something else, or even left the computer altogether. This results in the spam eventually getting reported but not nearly in as timely a manner as used to be possible. Just curious as to whether there is a technical issue or whether this delay was deliberately introduced into the process for some reason? Thanks for any info, --Al From eddie at eddie.web Mon Mar 7 13:29:08 2005 From: eddie at eddie.web (eddie) Date: Mon Mar 7 13:30:03 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: On Mon, 07 Mar 2005 08:08:17 -0500, Ellen scratched out the following: snip > The messageID is not necessarily the end of the original headers -- > please do not arbitrarily insert blank lines. There should already be a > blank line after the end of the headers and before the beginning of the > body of the spam. > > Ellen > SpamCop I am aware of that but some spam gets into the SC system without that blank line. I do not arbitrarily do anything to the spam. But when the blank line is missing, SC cannot find the links for obvious reasons and when I insert the blank line in the correct place, SC finds the links properly. -- Once movie theaters gave out steak knives Today they confiscate them From spamcop at davnet.org Mon Mar 7 15:04:32 2005 From: spamcop at davnet.org (Kevin Davidson) Date: Mon Mar 7 15:05:05 2005 Subject: [SC-Help] Re: Spam looks like a bounce In-Reply-To: References: Message-ID: Thanks for your comments and for Mike's analysis. This leaves me with 2 questions: 1) Is there anything a responsible mail administrator should do to reduce this problem. 2) Is there any way to report this junk to SpamCop? Tnx, Kevin Karl-Josef Ziegler wrote: > Kevin Davidson wrote: > >> I posted a spam over in the spam area under the title "Spam looks like >> a bounce". I changed my real email name to "me" and my domain to >> "mydomain". I have an email account, me@acm.org, which forwards to >> me@mydomain.org. > > > Such a 'forced bounce' (any other terminus technicus available?) seems > one of the 'standard tricks' of the Russian Spam Gang (was it warez > spam?). Sending the spam to a (known) non-existing localpart of a > reputable domain/mailserver with your address as a forged sender. > Instead of coming directly from the usual zombie (which may be in > several blocklists) the bounce now comes from a reputable mailserver > which may not be in a blocklist. Double abuse: zombie for sending the > mail and the mailserver which has to handle thousands of these 'forced > bounces'... > > - kjz From spamcop at davnet.org Mon Mar 7 15:08:06 2005 From: spamcop at davnet.org (Kevin Davidson) Date: Mon Mar 7 15:10:06 2005 Subject: [SC-Help] Re: Too many people are reporting spam In-Reply-To: References: Message-ID: I Love Spam wrote: > You all need to take a pill and stop worrying about spam... spam is great! Troll! Troll in the dungeon! Just thought you ought to know [fainting]. From nobody at spamcop.net Mon Mar 7 21:47:32 2005 From: nobody at spamcop.net (Don Wannit) Date: Tue Mar 8 00:50:03 2005 Subject: [SC-Help] Re: Reporting via email takes a long time? In-Reply-To: References: Message-ID: Al pUzzuoli wrote: > Hi all, > > I have been a user of the Paid reporting service for some time now. For > months, I was able to happily report spam by forwarding messages to my > submittal address. This still works but lately, I've noticed that for > some reason, Spam cop can take anywhere from half an hour or more to > send back an acknowledgement. [snip] There have been many posts from many folks over the past few weeks about slow turnaround time when submitting spam to SpamCop. However, I have to say that I have not experienced the kinds of delays that you and others mention. I don't wait for an email acknowledgment with a "finish" link to come back from SpamCop. I forward spam to my submit address (and have a few spamtraps which have never been valid addresses but are subject to dictionary attacks). Some time later, when it's convenient to me, I log in to SC at the member login page, and click [repeatedly] on the Report Now link to finish. No need to wait for the email to come back, just do it when it's ready, and when I have time. If I don't have time, some spam gets old and rancid. (OK, more rancid than it was to begin with) Such is life. So I don't honestly know if there is a long delay before the email comes back from SC with the link for finishing the report, because I ignore that email; in fact, I have procmail set up to trash that message. Since you're a paying member, you might want to see if SC is ready for you to complete the spam reports even though you have not yet received the email with the link. Could be that the delay is in the sending of that email, and not in the SC pre-processing of the submitted spam. -- Don Wannit A paid SpamCop user since 1999 From me at pricacy.net Wed Mar 9 01:55:14 2005 From: me at pricacy.net (Caduceus) Date: Wed Mar 9 03:00:03 2005 Subject: [SC-Help] Need help with spamcop on this Message-ID: Hi: On Monday, I decided to download Pine. I thought I configured my pinerc file correctly, however whenever I try to connect Pine will say "Trouble reading remote collections, Try Again?". Also, Pine will not connect to my imap server. Here is how I have the pinerc file configured. Can anyone tell me what I'm doing wrong, and what changes I need to do to make it work? ---------------- #Example: user-id=xyz123 user-id=shorn@spamcop.net #Example: personal-name=My Name personal-name=Steve Horn #Example: user-domain=u.washington.edu user-domain=imap.spamcop.net #Example: smtp-server=smtp.foobar.edu smtp-server=mail.mailcircuit.com #Example: nntp-server=news.foobar.edu nntp-server= #Example: inbox-path={imapserver.foobar.edu}inbox inbox-path={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX #Example: incoming-folders= "WIDGETS" {imapserver.foobar.edu}widgets, # "CompMailPine" {imapserver.foobar.edu}{news.foobar.edu/nntp}#news.comp.mail.pine #Note: the second example requires a recent version of the UW IMAP server, which is acting as a news proxy in this case incoming-folders= #Example: folder-collections=MAIN {imapserver.foobar.edu}mail/[*], PROJECTS {imapserver.foobar.edu}projects/[*] folder-collections={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX.[] #You can leave the following group of variables blank; Pine will pick default names news-collections= default-fcc= postponed-folder= read-message-folder= signature-file= #Example: address-book=MYBOOK {imapserver.foobar.edu}addrbook #Note: this example identifies a Pine addressbook being stored on your IMAP server address-book= feature-list=delete-skips-deleted, use-current-dir, enable-mail-check-cue, auto-open-next-unread, enable-incoming-folders, news-read-in-newsrc-order, news-post-without-validation, select-without-confirm, news-approximates-new-status, compose-maps-delete-key-to-ctrl-d, enable-mouse-in-xterm, enable-aggregate-command-set, enable-bounce-cmd, enable-flag-cmd, enable-full-header-cmd, enable-jump-shortcut, enable-suspend, enable-tab-completion, enable-unix-pipe-cmd, quit-without-confirm, enable-alternate-editor-cmd, single-column-folder-list, enable-8bit-nntp-posting, enable-8bit-esmtp-negotiation, enable-verbose-smtp-posting, compose-cut-from-cursor, auto-zoom-after-select, auto-unzoom-after-apply, print-offers-custom-cmd-prompt, print-formfeed-between-messages, auto-move-read-msgs, enable-dot-files, enable-dot-folders, tab-visits-next-new-message-only, use-subshell-for-suspend, enable-newmail-in-xterm-icon, expanded-view-of-distribution-lists, save-will-not-delete, compose-posts-in-background, enable-background-sending, enable-goto-in-file-browser, no-print-index-enabled, enable-delivery-status-notification, enable-search-and-replace, enable-arrow-navigation, expunge-without-confirm, enable-msg-view-urls, enable-msg-view-web-hostnames, enable-exit-via-lessthan-command, enable-partial-match-lists, enable-fast-recent-test, add-ldap-result-to-addrbook initial-keystroke-list=i default-composer-hdrs=To, Cc, Bcc, Subject customized-hdrs=Reply-To:, Organization: Not Much But I Keep Trying saved-msg-name-rule=by-recipient fcc-name-rule= sort-key= character-set=ISO-8859-1 editor= image-viewer= use-only-domain-name=No#Example: user-id=xyz123 user-id=shorn@spamcop.net #Example: personal-name=My Name personal-name= #Example: user-domain=u.washington.edu user-domain=imap.spamcop.net #Example: smtp-server=smtp.foobar.edu smtp-server=mail.mailcircuit.com #Example: nntp-server=news.foobar.edu nntp-server= #Example: inbox-path={imapserver.foobar.edu}inbox inbox-path={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX #Example: incoming-folders= "WIDGETS" {imapserver.foobar.edu}widgets, # "CompMailPine" {imapserver.foobar.edu}{news.foobar.edu/nntp}#news.comp.mail.pine #Note: the second example requires a recent version of the UW IMAP server, which is acting as a news proxy in this case incoming-folders= #Example: folder-collections=MAIN {imapserver.foobar.edu}mail/[*], PROJECTS {imapserver.foobar.edu}projects/[*] folder-collections={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX.[] #You can leave the following group of variables blank; Pine will pick default names news-collections= default-fcc= postponed-folder= read-message-folder= signature-file= #Example: address-book=MYBOOK {imapserver.foobar.edu}addrbook #Note: this example identifies a Pine addressbook being stored on your IMAP server address-book= feature-list=delete-skips-deleted, use-current-dir, enable-mail-check-cue, auto-open-next-unread, enable-incoming-folders, news-read-in-newsrc-order, news-post-without-validation, select-without-confirm, news-approximates-new-status, compose-maps-delete-key-to-ctrl-d, enable-mouse-in-xterm, enable-aggregate-command-set, enable-bounce-cmd, enable-flag-cmd, enable-full-header-cmd, enable-jump-shortcut, enable-suspend, enable-tab-completion, enable-unix-pipe-cmd, quit-without-confirm, enable-alternate-editor-cmd, single-column-folder-list, enable-8bit-nntp-posting, enable-8bit-esmtp-negotiation, enable-verbose-smtp-posting, compose-cut-from-cursor, auto-zoom-after-select, auto-unzoom-after-apply, print-offers-custom-cmd-prompt, print-formfeed-between-messages, auto-move-read-msgs, enable-dot-files, enable-dot-folders, tab-visits-next-new-message-only, use-subshell-for-suspend, enable-newmail-in-xterm-icon, expanded-view-of-distribution-lists, save-will-not-delete, compose-posts-in-background, enable-background-sending, enable-goto-in-file-browser, no-print-index-enabled, enable-delivery-status-notification, enable-search-and-replace, enable-arrow-navigation, expunge-without-confirm, enable-msg-view-urls, enable-msg-view-web-hostnames, enable-exit-via-lessthan-command, enable-partial-match-lists, enable-fast-recent-test, add-ldap-result-to-addrbook initial-keystroke-list=i default-composer-hdrs=To, Cc, Bcc, Subject customized-hdrs=Reply-To:, Organization: Not Much But I Keep Trying saved-msg-name-rule=by-recipient fcc-name-rule= sort-key= character-set=ISO-8859-1 editor= image-viewer= use-only-domain-name=No ----------------- If anyone can tell me what changes I need to make to my pinerc file I would appreciate it. TIA. -- Steve From the at the.com Wed Mar 9 13:00:02 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 06:00:04 2005 Subject: [SC-Help] about blacklist Message-ID: how can i learn cause my server ip in the blacklist? Please you can tell step by step me. because i have free mail server. i will deleting to cause free mail server users. i am sorry bad for my english :( thank you. From nobody at devnull.spamcop.net Wed Mar 9 06:36:29 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 06:35:02 2005 Subject: [SC-Help] Blocked? Read this. Message-ID: Why Am I Blocked? Probable Causes If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: * is using auto-responses that are replying to spam with forged spamtrap email addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'created email' bounces); * has a computer with a virus that sends spam without the owner's knowledge; * has a computer that has been compromised and spammers are remotely controlling it to transmit their spew; * is sending unsolicited emails and your internet service provider is allowing it; * or because, as in all systems, there may have been a mistake. (very rare) The SpamCop BL listing will expire automatically within a specific period of time based primarily on when the last spam came from that IP address. http://www.spamcop.net/fom-serve/cache/297.html for more information on the SpamCop BL listing. For people who are operating servers: (followed by FAQ for people who do not operate servers; if you don’t operate a server, scroll down until you find it.) Am I really listed in the SpamCop Blocklist?: You can check the status of any server by entering its address at http://www.spamcop.net/bl.shtml The reason an IP address is listed can also be obtained from that page. If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces (that is, bounce emails sent after acceptance of the email instead of being rejected by the server during the SMTP phase, which would include emails such as "no such user", "non-existent mailbox", and/or "quota exceeded"). If the blocklist only lists reports, you have a spammer at work. If the blocklist lists spam traps and reports, * You have your firewall configured to allow a compromised machine on your network to spew to the world (you do have a firewall in place, don't you?) * the SMTP/Auth exploit of an Exchange server is in progress, see these links: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html *A link for your references: http://dsbl.org/relay-methods It describes many of the security problems that spammers already scan for and will exploit to send spam. How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP Queues To prevent SMTP relaying with Microsoft Exchange Server see http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958#4 # (NOTE: While commonly seen on Exchange servers, this condition is possible on all platforms) * Your PHP mailer program has been taken over by criminals. (You did not know that your PHP bulletin board had a very vulnerable mailer program on it? You did not know that you had PHP installed and running?) Please also see: * How can I get removed from SpamCop's blocking system? http://www.spamcop.net/fom-serve/cache/76.html * John's explanation at John's revised post, for Why Am I Blocked FAQ http://forum.spamcop.net/forums/index.php?showtopic=673 * Merlyn's explanation at FAQ Entry: Why is my email blocked? http://forum.spamcop.net/forums/index.php?showtopic=35 Post the IP address that is blocked in the Spamcop web forum or newsgroup. There are many knowledgeable people in the SpamCop groups who will help you figure out why and offer solutions. If you need to know what triggered the report from a spamtrap, email deputies spamcop.net. Only they can see. However, a post will generally get you faster replies and more specific help on what is the problem. The rest of this FAQ is for people who do not run servers. For people whose email was returned Q: What does SpamCop do with my email? A: Nothing The Internet Service Provider (ISP) of the person, or business, you are sending email "To" is blocking email from your ISP's computers (servers), using a list provided by SpamCop. Your email doesn't pass through SpamCop's mail servers and SpamCop has no way of blocking or bouncing your email. In addition, the SpamCop email service uses the blocklist to "tag" incoming mail so that suspected spam is placed in a particular folder and that is the way the blocklist is intended to be used. Q: What is a blocklist? A: A blocklist helps ISP’s to prevent spam coming to their customers. An ISP can use a blocklist (a list of IP addresses),to block (bounce back) all email coming from a particular IP address. The blocking is based not on your email address (which looks like username@example.com), but on the IP address (which looks like 198.162.250.196). This IP address is assigned to the mail server you use, which is probably run by your ISP. You may share this same server with hundreds or thousands of other customers. If one of the other customers is sending spam through that shared mail server, it will cause the IP address of that mail server to be put on the blocklist. And when you send email through that server, ISP’s who use blocklists to avoid receiving spam, will also block your email. SpamCop is one of many blocklists. DNS Blackhole Lists (DNSBLs) is a link to page that lists and categorizes a number of blocklists. Trying to describe the difference between spamcop & other lists (particularly the time it takes to get off the list) and how SpamCop can be an early warning system for ISP's is a bit difficult, as each is different in concept, targets, results ranges, and oversight. If more specific data is desired on other DNSBLs, please visit that listing site. Q: What is SpamCop? A: Unique, automated blocklist and spam filtering SpamCop has a program that will find the correct address to send a complaint because the email address you see that says who it is from is often forged by spammers. SpamCop finds the correct IP address and forwards complaints for its members. If a lot of reports are made, the IP address goes on the SpamCop blocklist that is used by many ISP’s. for more detailed information on how Spamcop works see: http://www.spamcop.net/fom-serve/cache/3.html Q: How do ISP’s use SpamCop A: As 1) a warning that spammers have slipped by their defenses and 2) to block spam. * Responsible ISP's welcome SpamCop reports and will remove spammers quickly from their systems. *When they block emails, they send a message that looks like this: 451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx: or email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net Q: Why me? A: It Happens to the best of us It is annoying to have your email blocked. It is also annoying to have a backhoe interrupt email service. However, until the blocking problem is resolved, you can email people through a web based email service (the most familiar web based email services are hotmail and yahoo). After you have taken care of the immediate problem of being able to communicate with someone by email, the next step is to see what can be done so this inconvenience does not happen to you again. The one thing you do not want to do is to complain to those correspondents who are using an email service that uses the SpamCop blocklist. They probably really like the reduction in spam! You have the responsibility to see that your ISP provides you with reliable email service. See this link for a longer explanation of costs http://forum.spamcop.net/forums/index.php?showtopic=660 Q: Who do I contact to correct this problem? A: Your ISP (email service provider) first Usually the ISP with the blocked IP address has also been notified with the evidence of spam reports. Your ISP may have already acted on the Spamcop report they have received by the time you call. It may just have been a mistake on their part or, possibly, the reporter's part. Reporters can be fined or banned for mistakes. As soon as your ISP stops the spam from being sent, or uses the procedures at SpamCop to point out the reporter's mistake, the IP address is taken off the blocklist (usually within 48 hours for spam; immediately for reporter error). It may be that your call is the first time your ISP has heard that SpamCop has listed your IP address. Listings are made, in addition to member reporting, automatically from spamtraps (an eMail address that is not used, nor published anywhere, so only gets eMail if someone is sending spam!). Your ISP can find out about SpamCop at http://www.spamcop.net/fom-serve/cache/76.html if they don’t already know about SpamCop. SpamCop deputies have access to the full evidence for a listing. Deputies can delist IP addresses which are listed in error. Q: My ISP says it’s not their fault. A: People in this forum will help with information to give your ISP You will need to know your IP address for people to understand what has happened (it should be in the message you received telling you your mail was blocked). It is also helpful to know the reasons why it was blocked. (To do this, go to http://www.spamcop.net/bl.shtml . Make a note of the reason for the listing. For example "Been reported as a source of spam about 30 times" "Been detected sending mail to spam traps" as this is important) There are many people who will explain to you what has happened and what you can do. If you are interested in finding out more about blocklists and exactly why your email was blocked, you may post in the web forum http://forum.spamcop.net/forums/index.php?showforum=11 or in the SpamCop NNTP newsgroup news://news.spamcop.net/spamcop.help with the above information. Please remember that this block is not aimed at you personally. There are a limited number of IP addresses on the Internet, so you, and the spammer, may get a different one each time you log-on. Your Internet Service Provider is the only one who can investigate and take action to stop spam from coming from that IP address. In the meantime, the email service at the other end does not have to accept your email until spam has stopped coming from that particular IP address just as postal and package services can refuse certain types of mail and packages. Revised 22 February 2005 Added link from John Revised 17 Feb 2005 - Clarification of non-SMTP-reject e-mail generation Revised 2 February 2005 Revised the time period of listing and added comment that there are two sections Miss Betsy Revised 26 Jan 2005 - Wazoo added some of WB8TYW's input - more to come Revised 18 Nov 2004 - Wazoo added DNSBL List URL Revised 16 Nov 2004 - Wazoo - Ouch! newsgroup link fixed! Revised 2 Sep 2004 - Wazoo Revised August 7, 2004 - Miss Betsy, Wazoo, dbiel Edited per Wazoo comments March 6, 2004 rev March 7 rev Mar 8 for format (agsteele) Rev Mar11 with more links Rev Mar 12 with new John link rev 13 listized "Probable Causes" rev 14 consolidated some links Contributors: Michaell, Mike Easter, Wazoo, Greenlady, John, JT, JeffG (Last Revised 26 January 2005) (URL = http://forum.spamcop.net/forums/lofiversion/index.php/t972.html ) -- From nobody at devnull.spamcop.net Wed Mar 9 06:39:02 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 06:35:06 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: "The Shetainhe" wrote in message news:d0mkp9$319$1@news.spamcop.net... > how can i learn cause my server ip in the blacklist? Please you can tell > step by step me. > because i have free mail server. i will deleting to cause free mail server > users. > i am sorry bad for my english :( > > thank you. What is your language? There are some people here who speak other languages. Miss Betsy From the at the.com Wed Mar 9 14:06:55 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 07:05:44 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: hi Betsy, i not want learn Probable Causes. i want learn my ip cause "which mail" in the blacklist. how can i learn this? thank you very much. "Miss Betsy" wrote in message news:d0mn0u$4iv$1@news.spamcop.net... > > "The Shetainhe" wrote in message > news:d0mkp9$319$1@news.spamcop.net... > > how can i learn cause my server ip in the blacklist? Please you > can tell > > step by step me. > > because i have free mail server. i will deleting to cause free > mail server > > users. > > i am sorry bad for my english :( > > > > thank you. > > What is your language? There are some people here who speak other > languages. > > Miss Betsy > > From wb8tyw at qsl.network Wed Mar 9 07:30:33 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 9 07:35:18 2005 Subject: [SC-Help] Re: about blacklist In-Reply-To: References: Message-ID: The Shetainhe wrote: > hi Betsy, > i not want learn Probable Causes. > i want learn my ip cause "which mail" in the blacklist. > how can i learn this? > thank you very much. I can not find your posting IP in any spam blocking list, including spamcop.net You will have to show the rejection message you are getting for anyone to even have a chance of giving you any meaningful answers. Your posting address has no reverse DNS, which is a configuration error by your network provider. That can cause other networks to refuse mail and other connections from your system. Contact your network provider to get that fixed. That may or may not be why you are having problems with your e-mail. -John wb8tyw@qsl.network From the at the.com Wed Mar 9 14:41:02 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 07:40:05 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: my server ip : 62.244.208.82 www.spamcop.net 62.244.208.82 listed in bl.spamcop.net (127.0.0.2)If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 12 hours. "John E. Malmberg" wrote in message news:d0mq9a$6j1$1@news.spamcop.net... > The Shetainhe wrote: > > hi Betsy, > > i not want learn Probable Causes. > > i want learn my ip cause "which mail" in the blacklist. > > how can i learn this? > > thank you very much. > > I can not find your posting IP in any spam blocking list, including > spamcop.net > > You will have to show the rejection message you are getting for anyone > to even have a chance of giving you any meaningful answers. > > Your posting address has no reverse DNS, which is a configuration error > by your network provider. That can cause other networks to refuse mail > and other connections from your system. > > Contact your network provider to get that fixed. > > That may or may not be why you are having problems with your e-mail. > > -John > wb8tyw@qsl.network From the at the.com Wed Mar 9 14:43:10 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 07:40:10 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: for you are interested thank you very much. "The Shetainhe" wrote in message news:d0mqml$6sj$1@news.spamcop.net... > my server ip : 62.244.208.82 > > www.spamcop.net > > 62.244.208.82 listed in bl.spamcop.net (127.0.0.2)If there are no reports of > ongoing objectionable email from this system it will be delisted > automatically in approximately 12 hours. > > > "John E. Malmberg" wrote in message > news:d0mq9a$6j1$1@news.spamcop.net... > > The Shetainhe wrote: > > > hi Betsy, > > > i not want learn Probable Causes. > > > i want learn my ip cause "which mail" in the blacklist. > > > how can i learn this? > > > thank you very much. > > > > I can not find your posting IP in any spam blocking list, including > > spamcop.net > > > > You will have to show the rejection message you are getting for anyone > > to even have a chance of giving you any meaningful answers. > > > > Your posting address has no reverse DNS, which is a configuration error > > by your network provider. That can cause other networks to refuse mail > > and other connections from your system. > > > > Contact your network provider to get that fixed. > > > > That may or may not be why you are having problems with your e-mail. > > > > -John > > wb8tyw@qsl.network > > From the at the.com Wed Mar 9 15:35:45 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 08:35:33 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: Thank you very much Miss Betsy. Thank you very much Mr. Malmberg. My server ip not in blacklist now. i love you spamcop. but is not my server ip listed in the blacklist? If my server ip listed in the blacklist.can you send me please cause "which mail" please. My email : mehmetd@[no-spam]e-grup.net Note : Please delete in the my email "[no-spam]" Thank you for all. From nobody at spamcop.net Wed Mar 9 08:15:24 2005 From: nobody at spamcop.net (Ellen) Date: Wed Mar 9 08:45:03 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: "The Shetainhe" wrote in message news:d0mqml$6sj$1@news.spamcop.net... > my server ip : 62.244.208.82 > Answered in email. Ellen SpamCop From mehmetd at e-grup.net Wed Mar 9 15:59:22 2005 From: mehmetd at e-grup.net (The Shetainhe) Date: Wed Mar 9 09:00:03 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: Hi Ellen, but i am not received your email. please you can send it mail over again to mehmetd@[no-spam]e-grup.net Note : Please delete in the my email "[no-spam]" Thank you very much Ellen. > > Answered in email. > > Ellen > SpamCop > > From nobody at spamcop.net Wed Mar 9 08:58:58 2005 From: nobody at spamcop.net (Ellen) Date: Wed Mar 9 09:05:04 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: "The Shetainhe" wrote in message news:d0mv9h$9rj$1@news.spamcop.net... > Hi Ellen, > but i am not received your email. > please you can send it mail over again to mehmetd@[no-spam]e-grup.net > > Note : Please delete in the my email "[no-spam]" > > Thank you very much Ellen. > > > > > Answered in email. > > > > Ellen > > SpamCop > > > > yes I noticed as I just received a bounce for your address -- will try again. Ellen From wb8tyw at qsl.network Wed Mar 9 09:08:59 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 9 09:10:03 2005 Subject: [SC-Help] Re: about blacklist In-Reply-To: References: Message-ID: The Shetainhe wrote: > my server ip : 62.244.208.82 > > www.spamcop.net > > 62.244.208.82 listed in bl.spamcop.net (127.0.0.2)If there are no reports of > ongoing objectionable email from this system it will be delisted > automatically in approximately 12 hours. Spamcop reports for that I.P. address would have been sent to mehmetd(at)e-grup.net. A paying spamcop.net member can look at the spamcop.net evidence to determine what triggered the listing. I can not do so. I can only look at public evidence: http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?62.244.208.82 This looks like a badly misconfigured mail server, which is probably the cause for the spamcop.net listing, and is probably going to cause other networks to refuse or silently delete all e-mail from your network until it is fixed. The mail server appears to be accepting all e-mail and then generating a new bounce message for the messages that can not be delivered. This is very bad, as almost all e-mail that can not be delivered is either spam or a virus that has forged some other person's e-mail address. In effect, your mail server is being used by spammers and viruses to attack other mail servers. While this behavior is technically allowed by the protocol, it is now too abusive for a mail server to be doing that. The mail server should be checking to see if it can deliver the mail before it accepts the e-mail, and then if it can not deliver the e-mail, it should use an SMTP reject code. This is the only way to reliably notify a sender that their e-mail was not received. Until this problem is fixed, you can expect to have other networks refuse mail from that server. According to the MAPS evidence, this misbehavior was first detected on January of 2004. Which is when your provider should have received the first complaint about it. So a spamcop.net blocking should not have been unexpected, since this problem has existed now for well over a year. It is highly likely that many other networks which are not using the spamcop.net or other public blocking lists are now either refusing e-mail from that server, or silently deleting all e-mail. Other problems: Parsing input: 62.244.208.82 host 62.244.208.82 = host-62-244-208-82.borusantelekom.com (cached) Your network provider has assigned a generic rDNS for that mail server that makes it look like a DHCP assigned address. This may cause problems with people accepting your e-mail, or cause spam filters to silently delete such mail. I strongly recommend that the rDNS for a mail server have either the string "mail" or "smtp" in it so that everyone in the world will see it as a valid mail server and is not on a temporary DHCP address. As to other problems: + SORBSSPEWS-L1 Spam Prevention Early Warning System - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2 ! [1] Paul Mentesidis/WebFills/rxmedicals/palmnet, see http://spews.org/ask.cgi?S1958 This will cause many networks to reject or silently delete e-mail from you. Contact your ISP to get it resolved. According to the evidence file at SPEWS, your network provider or one of the network providers they are using is allowing a criminal to use their servers to sell fake pills. If that ISP considers the money from that more important than what you pay or your ISP pays them, then you can expect more problems with sending e-mail. The hosting of such a criminal will cause some networks to refuse or silently delete all e-mail from that network, even if they do not use SPEWS. SPEWS will not remove the listing until all spammers are removed from the network. Other networks will need to be individually contacted once you determine that your mail is not getting through to them. So you have at least three visible problems that until they are fixed will cause you problems with e-mail delivery. All of which need to be fixed on the sending side. -John wb8tyw@qsl.network Personal Opinion Only From mehmetd at e-grup.net Wed Mar 9 17:04:09 2005 From: mehmetd at e-grup.net (The Shetainhe) Date: Wed Mar 9 10:05:07 2005 Subject: [SC-Help] Re: about blacklist References: Message-ID: Hi all. i am hinder all autorespond messages in the my server. thank you for all. "John E. Malmberg" wrote in message news:d0n01t$ad0$1@news.spamcop.net... > The Shetainhe wrote: > > my server ip : 62.244.208.82 > > > > www.spamcop.net > > > > 62.244.208.82 listed in bl.spamcop.net (127.0.0.2)If there are no reports of > > ongoing objectionable email from this system it will be delisted > > automatically in approximately 12 hours. > > Spamcop reports for that I.P. address would have been sent to > mehmetd(at)e-grup.net. > > A paying spamcop.net member can look at the spamcop.net evidence to > determine what triggered the listing. I can not do so. > > I can only look at public evidence: > > http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?62.244.208.82 > > This looks like a badly misconfigured mail server, which is probably the > cause for the spamcop.net listing, and is probably going to cause other > networks to refuse or silently delete all e-mail from your network until > it is fixed. > > The mail server appears to be accepting all e-mail and then generating a > new bounce message for the messages that can not be delivered. > > This is very bad, as almost all e-mail that can not be delivered is > either spam or a virus that has forged some other person's e-mail address. > > In effect, your mail server is being used by spammers and viruses to > attack other mail servers. > > While this behavior is technically allowed by the protocol, it is now > too abusive for a mail server to be doing that. > > The mail server should be checking to see if it can deliver the mail > before it accepts the e-mail, and then if it can not deliver the e-mail, > it should use an SMTP reject code. This is the only way to reliably > notify a sender that their e-mail was not received. > > Until this problem is fixed, you can expect to have other networks > refuse mail from that server. > > According to the MAPS evidence, this misbehavior was first detected on > January of 2004. Which is when your provider should have received the > first complaint about it. > > So a spamcop.net blocking should not have been unexpected, since this > problem has existed now for well over a year. > > It is highly likely that many other networks which are not using the > spamcop.net or other public blocking lists are now either refusing > e-mail from that server, or silently deleting all e-mail. > > > Other problems: > > Parsing input: 62.244.208.82 > host 62.244.208.82 = host-62-244-208-82.borusantelekom.com (cached) > > Your network provider has assigned a generic rDNS for that mail server > that makes it look like a DHCP assigned address. This may cause > problems with people accepting your e-mail, or cause spam filters to > silently delete such mail. > > I strongly recommend that the rDNS for a mail server have either the > string "mail" or "smtp" in it so that everyone in the world will see it > as a valid mail server and is not on a temporary DHCP address. > > > As to other problems: > > + SORBSSPEWS-L1 Spam Prevention Early Warning System > - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2 > ! [1] Paul Mentesidis/WebFills/rxmedicals/palmnet, > see http://spews.org/ask.cgi?S1958 > > This will cause many networks to reject or silently delete e-mail from > you. Contact your ISP to get it resolved. > > According to the evidence file at SPEWS, your network provider or one of > the network providers they are using is allowing a criminal to use their > servers to sell fake pills. > > If that ISP considers the money from that more important than what you > pay or your ISP pays them, then you can expect more problems with > sending e-mail. The hosting of such a criminal will cause some networks > to refuse or silently delete all e-mail from that network, even if they > do not use SPEWS. > > SPEWS will not remove the listing until all spammers are removed from > the network. Other networks will need to be individually contacted once > you determine that your mail is not getting through to them. > > So you have at least three visible problems that until they are fixed > will cause you problems with e-mail delivery. All of which need to be > fixed on the sending side. > > -John > wb8tyw@qsl.network > Personal Opinion Only From nobody at devnull.spamcop.net Wed Mar 9 10:24:10 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Mar 9 10:25:03 2005 Subject: [SC-Help] OT KUDOS Re: about blacklist References: Message-ID: It's so nice to watch a plan when it comes together. Although the OP never did give their native language, it was still well handled, in my opinion, and John's repetitious language style was a definite advantage in helping the non-English OP to have fewer interpretations to work through. A very good job indeed, and I feel I have the authority to say that as one who worked with Asian and other EU languages on a daily basis for quite awhile "back in the day" . Regards, Pop -- Perfection is not only elusive, it is also limited with unexpected and dangerous results for the idealist. From scXX.10.rmaeder at spamgourmet.com Thu Mar 10 16:35:13 2005 From: scXX.10.rmaeder at spamgourmet.com (Roman Maeder) Date: Thu Mar 10 10:40:18 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: >> ... >> SC will miss links if there is no space after the header. >> If you insert a space before the first "From" (right after the Message-ID >> line) SC will usually parse properly. Please don't ask why the software >> won't do this. And inserting a space does NOT "materially change the >> spam" so it's OK to do this. >> > All mail MUST have a blank line after the last header, if there isn't one > your mail agent might be dropping it.If there wasn;t one to begin with, > it's amazing you received it. Usually the blank line is lost when people > attempt to munge the emails for submission. well, it does, but only at the end! As far as MTAs are concerned, it's just a mail with an empty body. I received something similar, with no blank line between the proper headers and the HTML content. In fact my own receiving sendmail put its own headers at the end. The part that precedes the obfuscated content looked like this: ..... To: XXXXXX Subject: Update and Verify Your Wamu account Message-ID: From: "Update Wamu.com" wamu.com Content-Type: text/html Dear Washington Mutual costomer,

..... There are some headers with a space in front of them, but no blank line. Roman From me at here.com Thu Mar 10 18:17:09 2005 From: me at here.com (Me) Date: Thu Mar 10 18:20:03 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Miss Betsy" wrote in message news:d0mms5$4i7$1@news.spamcop.net... > Why Am I Blocked? That's what I'd like to now... > Probable Causes > > If your email has suddenly been blocked by the SpamCop blocklist, > it is probably because you share an IP address with other email > users and there is someone who: My single IP address hosts six different MX records, all of them are related to the corporation and its sub-division, neither of them send spams. > > * is using auto-responses that are replying to spam with forged > spamtrap email addresses (such as Out-of-Office/Vacation notices, > virus notifications, and 'created email' bounces); Nope.. > * has a computer with a virus that sends spam without the > owner's knowledge; The internal network does not have outbound port 25 Internet access, only the server IP blocked by SpamCop can send outbound emails. There's no viruses on this system. > * has a computer that has been compromised and spammers are > remotely controlling it to transmit their spew; Nope... > * is sending unsolicited emails and your internet service > provider is allowing it; My ISP does not control our emails, nor do we send unsolicited emails. > * or because, as in all systems, there may have been a mistake. > (very rare) It seems mine could be one of such "rare case", which raises some questions. Why can't I contact someone directly at SpamCop? My email system is critical to my company and we can easily loose business because of SpamCop's action. I've already reported the error through they web site, but there's been no response whatsoever. I'd expect at least an aknowledgement of receiving my request. Additionally to your suggestion my email server does not allow: 1. mail-relay 2. SMTP/AUTH So, what gives? PS: This is not my real email address. From MikeE at ster.invalid Thu Mar 10 15:39:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 18:40:05 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: Me wrote: > "Miss Betsy" >> Why Am I Blocked? > > That's what I'd like to now... Start by giving the IP address which is blocked -- else we aren't talking about anything yet. > So, what gives? Or, if you like, you can stick it in here http://www.spamcop.net/bl.shtml -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 18:48:58 2005 From: me at here.com (Me) Date: Thu Mar 10 18:50:03 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: >> That's what I'd like to now... > > Start by giving the IP address which is blocked -- else we aren't > talking about anything yet. That would be useful, I know, but I am also hesitant to give out the IP. There's enough problems already, you could say it is a matter of trust... > >> So, what gives? > > Or, if you like, you can stick it in here > http://www.spamcop.net/bl.shtml I've done that earlier today, but there was no response to the de-listing request. > Mike Easter > kibitzer, not SC admin Kibitzer or not, thanks for trying... From nobody at devnull.spamcop.net Thu Mar 10 21:24:00 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 10 21:30:07 2005 Subject: [SC-Help] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Miss Betsy" wrote in message > news:d0mms5$4i7$1@news.spamcop.net... >> * has a computer with a virus that sends spam without the >>owner's knowledge; > > > The internal network does not have outbound port 25 Internet access, only > the server IP blocked by SpamCop can send outbound emails. There's no > viruses on this system. There are ways to confirm that objectively, as it could be true -- you didn't mention the IP address, however. I can see that you're apparently posting news via NNTP from this address: > NNTP-Posting-Host: ool-4357014f.dyn.optonline.net optonline.net has more than a few IP addresses that are spewing emails, very likely as zombied PCs infected with trojans. Perhaps your request to spamcop has no relation to optonline.net. In any case, you may be interested to see more about a typical IP address that's problematic on their network: http://www.senderbase.org/search?searchBy=ipaddress&searchString=24.46.29.127 My own ISP has its fair share of zombied PCs, and I've had to deal with "collateral" damage occasionally, although not directly related to spamcop. Spamfighting is a veritable war; war is hell. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From wb8tyw at qsl.network Thu Mar 10 22:24:31 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 22:25:05 2005 Subject: [SC-Help] Re: Blocked? Read this. In-Reply-To: References: Message-ID: [followups set to spamcop.help] Me wrote: >>>That's what I'd like to now... >> >>Start by giving the IP address which is blocked -- else we aren't >>talking about anything yet. > > That would be useful, I know, but I am also hesitant to give out the IP. > There's enough problems already, you could say it is a matter of trust... With out the IP address, it is impossible to provide much more than the FAQ section draft that you quoted. With an IP address, there are several posters here that can check the public internet archives to see what shows up. The people who would cause your mail server problems are already scanning all the I.P. addresses for known vulnerabilities. Mentioning your I.P. address should not increase that exposure. >>>So, what gives? >> >>Or, if you like, you can stick it in here >>http://www.spamcop.net/bl.shtml > > I've done that earlier today, but there was no response to the de-listing > request. As the de-listing request through the form is a one-shot, and you do not know what caused the listing, that may not have been that useful, as the original problem would likely cause a relisting, and then you will have to wait up to the 48 hours after the last report. Unless it can be shown that it was a spamcop.net error that caused the listing. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Thu Mar 10 19:56:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 22:55:04 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: Me wrote: >> Start by giving the IP address which is blocked -- else we aren't >> talking about anything yet. > > That would be useful, I know, but I am also hesitant to give out the > IP. There's enough problems already, you could say it is a matter of > trust... You're hesitant to give an IP address? Here, let me break some ice for you/us. Your current IP is 67.87.1.79 rDNS ool-4357014f.dyn.optonline.net which is probably/presumably geographically somewhere around Stamford CT My current IP is 64.203.51.197 rDNS user-10cmcu5.cable.mindspring.com which is presumably somewhere around San Diego, CA. So what? Is your or my identity somehow outed now that we're talking about IPs which are a lot closer to your meatspace self than some silly output IP of some mailserver we can't talk about yet? What is the big deal about giving the IP of the output IP for some mail server, for goodness sake? How can that be a useful identity secret when compared to your own IP which isn't concealed by some kind of anonymous remailer to a newsserver? You have your security priorities all screwed up. If you want to be secure in your identity, you are going to have to go about it somehow besides not talking about the IP you want to talk about but you don't want to name. furrfu >> Or, if you like, you can stick it in here >> http://www.spamcop.net/bl.shtml > > I've done that earlier today, but there was no response to the > de-listing request. I didn't give you that link for you to use to delist. I gave you that link to stick in the IP in question so that you could begin to get a clue about why it was SCbl listed, if it fact it was. Most likely, if you would 'bravely' expose the stupid thing, someone here might tell you a lot more about what kind of problems it has. -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 23:06:21 2005 From: me at here.com (Me) Date: Thu Mar 10 23:10:04 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d0qvjq$ha0$1@news.spamcop.net... >> The internal network does not have outbound port 25 Internet access, only >> the server IP blocked by SpamCop can send outbound emails. There's no >> viruses on this system. > > There are ways to confirm that objectively, as it could be true -- you > didn't mention the IP address, however. My statement has been confirmed objectively and I am also aware as to how to do. I didn't not post the IP since there should be no "other independent" confirmation or additional spam report to SpamCop. > > I can see that you're apparently posting news via NNTP from this address: > > > NNTP-Posting-Host: ool-4357014f.dyn.optonline.net So? > > optonline.net has more than a few IP addresses that are spewing emails, > very likely as zombied PCs infected with trojans. > > Perhaps your request to spamcop has no relation to optonline.net. Bingo... > > In any case, you may be interested to see more about a typical IP address > that's problematic on their network: > > http://www.senderbase.org/search?searchBy=ipaddress&searchString=24.46.29.127 So, what is that got to do with my issue with SpamCop, or even with my actual Optonline IP? Just for your knowledge most, if not all cable service provider issues DHCP IPs for their subscribers. Should I shut down my cable modem, then the next time I'll have a different IP address. That IP might already be on the SpamCop BL despite the fact, that I have nothing to do with the previous history of the IP address currently assigned to me. That's not fair and this where SpamCop is dead wrong for listing cable providers' dynamically assigned IP addresses. They are not blocking spemmers IPs all the time, they BL also blocks legitimate email traffic. > My own ISP has its fair share of zombied PCs, and I've had to deal with > "collateral" damage occasionally, although not directly related to > spamcop. Spamfighting is a veritable war; war is hell. If spam fighting is a war, then we are loosing judging by the percentage of spam increase on my spam filtering server at work since lart year. You might of had to deal with collateral damage related to the zombie home PCs, but I have to addresses lost businesses because SpamCop's action. Our business relies heavily on the email systems and we most certainly would not do anything to hurt our own business by sending out spam. We do require from our email server to auto-reply to undeliverable emails due to the business requiremnents. Our clients and partners do require notification should email not reach the intended recipient. My company can loose money, if our email servers aren't doing this. This is RFC822 compliant and SpamCop should not arbitrary change the RFC. > Help fight spam by "educating" the lax, zombie-hosting ISPs: How? By implementing non-RFC compliant arbitrary rule and punishing people for the previous sins of their current IP address? The worst is that in the US anyone is considered innocent until proven guilty. The exception is SpamCop where they pronounce you guilty and then you have jump through loops to prove that your are not guilty. And for what? Marginal effect at best to the Spam emails. SpamCop's action does hurt legitimate businesses and does nothing to the spammers. The spammers can switch email servers on a dime, but I cannot. My only options are to change the server IP address, or hope that there will be no other self rightious people who forgot that they did actually subscribe to your email notification. From MikeE at ster.invalid Thu Mar 10 20:10:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 23:10:09 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: Me wrote: <60 lines of palaver without naming the IP yet> I think it's time to stop reading this thread. -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 23:15:38 2005 From: me at here.com (Me) Date: Thu Mar 10 23:20:03 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r5lq$kjo$1@news.spamcop.net... > Me wrote: > > <60 lines of palaver without naming the IP yet> > > I think it's time to stop reading this thread. Do I need other self-rightious people to report my server's IP address as a source of spam? No thank you, I've already experienced the affect of that. You guys are a bunch of idiots who seems to think that you are doing something useful, which you are not. From me at here.com Thu Mar 10 23:17:14 2005 From: me at here.com (Me) Date: Thu Mar 10 23:20:08 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r4qf$k2r$1@news.spamcop.net... > You're hesitant to give an IP address? Here, let me break some ice for > you/us. Ooh, you are so smart!! You didn't think that I am aware this, did you? From wb8tyw at qsl.network Thu Mar 10 23:24:20 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 23:25:03 2005 Subject: [SC-Help] Re: Blocked? Read this. In-Reply-To: References: Message-ID: [followups set to spamcop.help] Me wrote: > "Miss Betsy" wrote in message > news:d0mms5$4i7$1@news.spamcop.net... > >>Probable Causes >> >>If your email has suddenly been blocked by the SpamCop blocklist, >>it is probably because you share an IP address with other email >>users and there is someone who: > > My single IP address hosts six different MX records, all of them are related > to the corporation and its sub-division, neither of them send spams. That you are aware of. We [tinw] have basically heard that story before. Usually the inhabitants of this newsgroup can find what the problem is from the I.P. address. So far there was only one case that stumped us [tinu], but we got feedback about what the real cause was, and it was a security problem with the mail server. >> * is using auto-responses that are replying to spam with forged >>spamtrap email addresses (such as Out-of-Office/Vacation notices, >>virus notifications, and 'created email' bounces); > > Nope.. Good. Does any of your users have an anti-spam product that claims it can bounce spam back to the source? Users of those can get your mail server listed in many places, many of them much harder to get out of than the spamcop.net service. >> * has a computer with a virus that sends spam without the >>owner's knowledge; > > The internal network does not have outbound port 25 Internet access, only > the server IP blocked by SpamCop can send outbound emails. There's no > viruses on this system. We have also heard that before... >> * has a computer that has been compromised and spammers are >>remotely controlling it to transmit their spew; > > Nope... Are you using a packet analyzer to monitor, or are just relying on virus scanners and mail server logs? >> * is sending unsolicited emails and your internet service >>provider is allowing it; > > My ISP does not control our emails, nor do we send unsolicited emails. > > >> * or because, as in all systems, there may have been a mistake. >>(very rare) > > It seems mine could be one of such "rare case", which raises some questions. > Why can't I contact someone directly at SpamCop? Because all the obvious easily reachable addresses are being continually attacked by spammers to the point where they are unusable. > My email system is critical to my company and we can easily loose business > because of SpamCop's action. SMTP e-mail is not a reliable communication method in spite of illusions otherwise. It can take over 4 days to get a message delivered with out any required notifications of delays or notices of non-delivery. As such it can not be used for business communications. I would recommend having a backup plan, such as a smart host on a different network, that can be reached through dialup if needed. If you have more than 1 I.P. address, it is easy to get around the temporary block, but if you do not know what caused the block, it could get blocked again. > I've already reported the error through they web site, but there's been > no response whatsoever. I'd expect at least an aknowledgement of receiving > my request. The usual turn around for non-emergency requests seems to be around 72 hours maximum. For fastest response, post your I.P. address here. The deputies do monitor these forums. But they are probably not paying much attention to this thread. A new thread with your I.P. address on the subject would be most likely to get their attention. > Additionally to your suggestion my email server does not allow: > > 1. mail-relay > 2. SMTP/AUTH > > So, what gives? With out the I.P. address who knows. If there was a statistics keeper on this forum, they might be able to tell you how many times people have claimed their servers were secure and it was proven otherwise from simple lookups on the many public databases about that I.P. address. The spamcop.net database on this use to be open to the public, but now it is restricted to paying members. A free member like me can not look up much in it. I do know where several other databases are though, and so do the others here. One of the common things seems to be an proxy server that instead of being a one-way conduit from the internal network through a firewall, it is instead providing unlimited access to that network to every criminal on the internet. While the most common cause of this is a virus, there are a large number of proxy servers that are not secure by default, and some of them are installed in web servers with out the owner's knowlege. In many cases, the remote access password was either set to something easily guessed, or never changed from the default. One item left out of the FAQ is if you have a user receiving mail on your system that is a spamcop.net member, and they do not notice that the parser is offering to report their own mail server before they confirm the spam reports. On a small volume mail server this can cause a listing. The one case that stumped us, was a bunch of UNIX systems that were relaying spam, yet scans showed no vulnerabilities, and neither did the logs. They were not vulnerable to viruses, yet the spammer clearly had control of them. It turned out that there was a security hole in the web server and the spammer was able to upload a mail relay written in perl script, run a spam run, and then delete the perl script. The spammer would run for only a little bit at a time on each server they were exploiting. The owner of the server who was convinced that this was a spamcop.net error finally found the problem because they had a packet analyzer on the network, and caught the spammer in the act. I have been monitoring this forum for years. In that time, I have only seen one case where the spammers managed to fool the spamcop.net parser into reporting the wrong source, and that issue was fixed. The self reporting of mail servers seems to occur as much as 4 times a year. The most common cause of a listing is a security problem with the mail server, or a system on it's network. The next most common cause is the server sending out auto-responses to spam and viruses. > PS: This is not my real email address. here.com belongs to: WORLD PUBLICATIONS LLC (HERE4-DOM) 460 N. Orlando Ave STE. 200 Winter Park, FL 32893 US Record expires on 10-Jun-2006. Record created on 11-Jun-1995. Database last updated on 10-Mar-2005 22:36:47 EST. Do you have permission to use it? If not, are they who you are worried about taking action against you for posting? If they choose, they can get your information from the ISP you are posting from. If you are going to post with a false address, do not use one that can be assigned, or use one of the e-mail addresses specially designated for such use. For the spamcop.net newsgroup nobody@devnull.spamcop.net is set up for this. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Thu Mar 10 23:39:36 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 23:40:04 2005 Subject: [SC-Help] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Mike Easter" wrote in message > > Do I need other self-rightious people to report my server's IP address as a > source of spam? Actually that is what usually happens when people do not give out the I.P. address. A spamcop.net listing is usually an early warning. If the problem was not an issue of someone reporting their own server, usually the IP address ends up on more and more blocking lists as time goes on. Many of the lists are more commonly used than spamcop.net and much harder to get off of. And many spam filters silently delete suspected spam, so the amount of places the I.P. gets listed may not be apparent for some time. And the longer the problem is left untreated, the more the cleanup. And the spamcop.net parser needs an actual spam sample to parse, you can not just report an I.P. address because you happen to feel like it. > No thank you, I've already experienced the affect of that. > You guys are a bunch of idiots who seems to think that you are doing > something useful, which you are not. As long as you withhold the I.P. address there is nothing useful that the people here can do. The goal here is to get systems off of the blocking list, and keep them off, not to get as many systems on the blocking list as possible. The only reason that you can really have for not giving the affected IP address is if you are trolling. -John wb8tyw@qsl.network Personal Opinion Only From feldethom2165 at email2me.net Thu Mar 10 20:43:40 2005 From: feldethom2165 at email2me.net (Fred k) Date: Fri Mar 11 00:50:03 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "John E. Malmberg" wrote in message news:d0r7ec$m8m$1@news.spamcop.net... > The only reason that you can really have for not giving the affected IP > address is if you are trolling. Me thinks you hit the troll, I mean spammee, I really mean nail on the head.... Fred k From nobody at devnull.spamcop.net Fri Mar 11 01:10:23 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Mar 11 01:15:03 2005 Subject: [SC-Help] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Sofa King Tyred of Lar Ting" wrote in message > news:d0qvjq$ha0$1@news.spamcop.net... [much angry blathering deleted] The senderbase.org site is a good place to start to make sure your IP isn't listed for other reasons. Believe it or not, people in this group do want to help. Being agressive (and calling people idiots) is not winning you points. > If spam fighting is a war, then we are loosing judging by the percentage of > spam increase on my spam filtering server at work since lart year. Spammers are crafty guys -- they have teamed up with virus-writers since about a year now and zombie armies are now used in the war. Some of your own ISP's zombied machines are probably sending close to 100,000 messages/day, and likely your ISP isn't doing anything about it. They could even be making money off the added bandwidth consumption. Vent some anger at your congress person, your ISP, telecoms software producers, etc. It's better spent there than in the SpamCop groups. > You might > of had to deal with collateral damage related to the zombie home PCs, but I > have to addresses lost businesses because SpamCop's action. Our business > relies heavily on the email systems and we most certainly would not do > anything to hurt our own business by sending out spam. We do require from > our email server to auto-reply to undeliverable emails due to the business > requiremnents. Hmm... Looks like we may be getting somewhere with the reasons for being listed! Spammers have (relatively recently) begun exploiting auto-reply to undeliverable emails (NDRs). If this is the reason you're listed, then sorry to hear you are caught up in this! At my own day job, we ran into this same problem -- the sysadmins didn't understand why they got black-listed, and griped a lot at first. They finally configured the mail server to REJECT instead of generating NDRs. > Our clients and partners do require notification should email > not reach the intended recipient. With proper SMTP server software, this is possible, without allowing spammers to exploit it. Here is a good source of information, which requires some understanding of how to configure a mail exchanger: http://www.spamcop.net/fom-serve/cache/329.html > My company can loose money, if our email > servers aren't doing this. This is RFC822 compliant and SpamCop should not > arbitrary change the RFC. I'm not sure that spamcop is alone in black-listing backscattering MXs. It's not arbitrary -- spammers exploit this! It's not a change, as far as I know, in any RFC. There is ambiguity in many text-based RFCs, and there are degrees of freedom. Just because Microsoft's implementation of an RFC is one way, and other systems do it another, doesn't mean it's a change in the RFC. >>Help fight spam by "educating" the lax, zombie-hosting ISPs: > > How? By implementing non-RFC compliant arbitrary rule and punishing people > for the previous sins of their current IP address? The worst is that in the > US anyone is considered innocent until proven guilty. The exception is > SpamCop where they pronounce you guilty and then you have jump through loops > to prove that your are not guilty. And for what? Marginal effect at best to > the Spam emails. SpamCop's action does hurt legitimate businesses and does > nothing to the spammers. The spammers can switch email servers on a dime, > but I cannot. My only options are to change the server IP address, or hope > that there will be no other self rightious people who forgot that they did > actually subscribe to your email notification. Please read the links about mis-directed bounces. I think listing non-compliant mail servers for NDRs is a reasonable thing to do, given the spam situation. Before the times when spammers were exploiting open or mis-configured mail relays/proxies, many sysadmins were unaware of the potential problem. You could argue that leaving a relay open was RFC-compliant, right? Nobody imagined the problem at the time the RFC was written. Today, nobody comes onto spamcop to complain about being listed because their MX is an open relay (at least that I've ever seen). If your mail server is capable of REJECTING during SMTP connection any mis-addressed messages, legitimately mis-addressed email will cause the sender to be informed (by his connecting client or mail server, and not yours). On the other hand, vacation auto-replies are likely to cause everyone problems -- this is a hard pill to swallow. If your mail server has a good spam-blocking strategy, then you can hope that such replies won't go to spam traps -- but I think you run the risk of winding up on a block-list again. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From porpoise1954 at yahoo.co.uk Fri Mar 11 09:22:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 11 04:25:04 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Me" wrote in message news:d0r64b$l5t$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:d0r4qf$k2r$1@news.spamcop.net... > >> You're hesitant to give an IP address? Here, let me break some ice for >> you/us. > > Ooh, you are so smart!! You didn't think that I am aware this, did you? > Looks more and more like a troll with each post Mike......... Maybe we should just ignore him?? From porpoise1954 at yahoo.co.uk Fri Mar 11 09:25:20 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 11 04:30:03 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r5lq$kjo$1@news.spamcop.net... > Me wrote: > > <60 lines of palaver without naming the IP yet> > > I think it's time to stop reading this thread. > Like I just commented in another part of the thread Mike - it looks more and more like a troll with each post. If he really wanted to solve a real problem, he'd be more forthcoming with the information necessary to start looking at the "actual" problem......... From nobody at nowhere.invalid Fri Mar 11 11:24:22 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 05:25:04 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: On Thu, 10 Mar 2005 23:15:38 -0500, Me coughed into spamcop and left this in : > Do I need other self-rightious people to report my server's IP address > as a source of spam? No thank you, I've already experienced the affect > of that. You guys are a bunch of idiots who seems to think that you > are doing something useful, which you are not. What a tactful way to ask for help in resolving an issue! *PLONK* -- Steve Don't be irreplaceable. If you can't be replaced, you can't be promoted. From nobody at devnull.spamcop.net Fri Mar 11 07:52:21 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Mar 11 07:50:06 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: > So, what is that got to do with my issue with SpamCop, or even with my > actual Optonline IP? Just for your knowledge most, if not all cable service > provider issues DHCP IPs for their subscribers. Should I shut down my cable > modem, then the next time I'll have a different IP address. That IP might > already be on the SpamCop BL despite the fact, that I have nothing to do > with the previous history of the IP address currently assigned to me. That's > not fair and this where SpamCop is dead wrong for listing cable providers' > dynamically assigned IP addresses. They are not blocking spemmers IPs all > the time, they BL also blocks legitimate email traffic. Life isn't fair. There are all kinds of hoops that we go through every day because a few people are crooks or incredibly inconsiderate of others or incredibly stupid or incredibly selfish. We pay more at the checkout because of shoplifters, etc., etc. I have never in my life written a check for more than I had in the bank, yet I have to show photo ID. and there are lots more. > If spam fighting is a war, then we are loosing judging by the percentage of > spam increase on my spam filtering server at work since lart year. You might > of had to deal with collateral damage related to the zombie home PCs, but I > have to addresses lost businesses because SpamCop's action. Our business > relies heavily on the email systems and we most certainly would not do > anything to hurt our own business by sending out spam. We do require from > our email server to auto-reply to undeliverable emails due to the business > requiremnents. Our clients and partners do require notification should email > not reach the intended recipient. My company can loose money, if our email > servers aren't doing this. This is RFC822 compliant and SpamCop should not > arbitrary change the RFC. It is very simple to reject email at the server level instead of after acceptance and accomplish your goal of not losing any email. You can also filter through to weed out the legitimate ones and dev null the rest. This is a case of who is being inconvenienced more - your company or the thousands of people who are inconvenienced by receiving your back scatter. The worst is that in the > US anyone is considered innocent until proven guilty. The exception is > SpamCop where they pronounce you guilty and then you have jump through loops > to prove that your are not guilty. Ignorance of the law is no excuse. And for what? Marginal effect at best to > the Spam emails. SpamCop's action does hurt legitimate businesses and does > nothing to the spammers. The spammers can switch email servers on a dime, > but I cannot. My only options are to change the server IP address, or hope > that there will be no other self rightious people who forgot that they did > actually subscribe to your email notification. I doubt that it will be a marginal effect to the spammers. That's what people said when open proxies were first reported - I am innocent; don't pick on me. Miss Betsy From wb8tyw at qsl.network Fri Mar 11 11:14:42 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Mar 11 12:15:09 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: In article , "Miss Betsy" writes: > An unkown poster with an admitted forged address wrote: > >> So, what is that got to do with my issue with SpamCop, or even >> with my actual Optonline IP? Possibly nothing at all since the affected IP was not given. >> Just for your knowledge most, if not all cable service provider >> issues DHCP IPs for their subscribers. Should I shut down my cable >> modem, then the next time I'll have a different IP address. That >> IP might already be on the SpamCop BL despite the fact, that I have >> nothing to do with the previous history of the IP address currently >> assigned to me. Spamcop.net listings expire at most 48 hours after the last received timestamp of spam from that I.P. address. If your brand new DHCP address was already listed with spamcop.net, or any DHCP addresses on your subnet are listed with spamcop.net, it likely means that there is a computer on your cable modem leg that is compromised and controlled by a zombie. Since the spammmers will be periodically pushing as much spam through it as your ISP's network capacity can handle, the compromised computer is likely causing noticable slowdowns if not complete outages for you and your neighbors. I did an experiment last year on a forum where people were complaining about outages and severe slow downs on their cable modems. In every case a search using google revealed the IP address of one or more compromized system in their area, and since the people that post such evidence publically also ususally send notifications to the abuse or postmaster addresses, the ISP should have been aware of what it took to fix the problem for days before they started issuing refunds or credits to the affected users. The problem was is that the ISP was giving the owners of the infected machines 5 business days to fix their machine before cutting them off, with out realizing all the damage and costs those infected machines were causing them. >> That's >> not fair and this where SpamCop is dead wrong for listing cable >> providers' dynamically assigned IP addresses. They are not blocking >> spemmers IPs all the time, they BL also blocks legitimate email traffic. Almost all mail server operators now use blocking lists that list DHCP addresses. A spamcop.net listing of a DHCP address would probably not be noticed as the DHCP blocking lists are in far more common use than spamcop.net. > > >> If spam fighting is a war, then we are loosing judging by the >> percentage of spam increase on my spam filtering server at work >> since lart year. It is only the people whose mail server operators do not know how to keep spam out that are losing the battle. >> You might of had to deal with collateral damage related to the zombie home >> PCs, but I have to addresses lost businesses because SpamCop's action. >> Our business relies heavily on the email systems and we most certainly would >> not do anything to hurt our own business by sending out spam. There are so many ways that e-mail systems can fail. All you have done is pointed out that you do not have a backup system should a problem occur with your primary ISP. >> We do require from our email server to auto-reply to undeliverable >> emails due to the business requiremnents. Our clients and partners do >> require notification should email not reach the intended recipient. The SMTP protocol does not guarantee notifications will be made of delivery success or failure. If you mail server does not respond or issues an SMTP reject for undeliverable e-mail, then if the sender's mail server is set up correctly they will get notified by their mail server that it could not deliver the message. Your auto-replies to spam or viruses are effectively a denial of service attack on the owners of domains that the spammers are forging. >> My company can loose money, if our email servers aren't doing this. >> This is RFC822 compliant and SpamCop should not arbitrary change the RFC. > > It is very simple to reject email at the server level instead of > after acceptance and accomplish your goal of not losing any email. > You can also filter through to weed out the legitimate ones and dev > null the rest. This is a case of who is being inconvenienced > more - your company or the thousands of people who are > inconvenienced by receiving your back scatter. The RFCs may permit such bouncing, but that method is no longer acceptable to much of the internet. Even the very conservative spamhaus.org is now starting to list mail servers that are so abusive when they do not stop it after receiving complaints. And the spamhaus.org service is far more widely used than spamcop.net. I know of at least two large U.S. ISPs that will quicly put a local block on your IP address if any of their users complain about backscatter from it. It seems to take a lot more hoops to get off of those ISP's local blocking lists than spamcop.net and it seems that it is extremely easy to get on them, and no way to tell until your e-mail is rejected that you are even on their local list. The RFCs are guidelines. The bounce part of the protocol was when most e-mail when through one or more unknown third-party relays before it reached the destination mail server. The end system would issue a reject, and the intermediate relays systems would generate the bounce message. As the internet facing mail server of a company is the destination, and not an independent third party relay, it should be able to check if the e-mail is deliverable or not before accepting it, and issue the SMTP rejection. Even independent third party relays are now probing the destination server for delivery before they accept a mail for relay, and will reject it if they can not get an assurance that the destination will accept the mail. > >> The worst is that in the US anyone is considered innocent until proven >> guilty. The exception is SpamCop where they pronounce you guilty and >> then you have jump through loops to prove that your are not guilty. While your operation may pay a fixed rate for your e-mail systems, for large operations, they have to pay a metered rate. Accepting your backscatter to forged addresses greatly increase the costs of operating a mail server that is on a metered rate connection. The faster that a source of spam, virus or backscatter can be identified, the less money is needlessly spent on bandwidth. Why should my mail server operators pay two to three times as much per month so that your mail server can auto reply to forged addresses instead of using SMTP rejections? > Ignorance of the law is no excuse. > >> And for what? Marginal effect at best to >> the Spam emails. SpamCop's action does hurt legitimate businesses and does >> nothing to the spammers. Spamcop.net makes them switch more often, and network operators with a clue use the spamcop.net reports to quickly remove zombies from their networks because they know that every second that the zombie is on their network it is needlessly costing them operating cash. >> The spammers can switch email servers on a dime, but I cannot. My only >> options are to change the server IP address, or hope that there will be >> no other self rightious people who forgot that they did actually subscribe >> to your email notification. A now you are claiming something else entirely. The story is morphing. If someone has made a false report, spamcop.net takes action against them and will remove the block if present. It does happen from time to time, usually such reports are not enough to cause a listing, unless the mailing list is small. You are the one being self rightious as you want the receiver to pay for the added costs of dealing with spam or abusively configured mail servers. There are people and companies that have lost the use of their e-mail addresses because of the volume of abusive bounces was so high that either their individual mail quota was used up, or either their bandwidth or mail server was not up to the capacity. It is particularly a problem for some domains that people think do not exist, so use them for posting to avoid spam themselves. The best known example of that is TEST.COM, they made the national news about the bounces from abusive mails servers effectively wiped out their mail server. HERE.COM does not seem to have an I.P. address allocated assigned to it at the moment, but google shows over 100,000 hits the e-mail address you used for posting, which means that if the owner of that domain actually were to try to use it for e-mail, the backscatter from the viruses and spam would likely overload their connection or server. Is that fair to the legitimate owner of a domain? A domain that otherwise would have great marketing value? -Jonn wb8tyw@qsl.network Personal Opinion Only From mswift at computerassistance.com Fri Mar 11 11:43:07 2005 From: mswift at computerassistance.com (mjj) Date: Fri Mar 11 14:45:05 2005 Subject: [SC-Help] Re: Blocked? Read this. References: Message-ID: "John E. Malmberg" wrote in message news:NbFjNJWAXGhq@eisner.encompasserve.org... > In article , > "Miss Betsy" writes: >> An unkown poster with an admitted forged address wrote: >> >>> So, what is that got to do with my issue with SpamCop, or even >>> with my actual Optonline IP? > > Possibly nothing at all since the affected IP was not given. > > >>> Just for your knowledge most, if not all cable service provider >>> issues DHCP IPs for their subscribers. Should I shut down my cable >>> modem, then the next time I'll have a different IP address. That >>> IP might already be on the SpamCop BL despite the fact, that I have >>> nothing to do with the previous history of the IP address currently >>> assigned to me. > > Spamcop.net listings expire at most 48 hours after the last received > timestamp of spam from that I.P. address. > > If your brand new DHCP address was already listed with spamcop.net, or > any DHCP addresses on your subnet are listed with spamcop.net, it likely > means that there is a computer on your cable modem leg that is compromised > and controlled by a zombie. > .....etcetera....... This response is excellent. You guys should do a doc that combines this and Miss Betsy's on what to do when you are blocked. Is there any way to put a Why Am I Blocked entry daily that pointed to such a doc? I can tell you that when you have the phone ringing from angry customers and you can't actually talk to anyone at SpamCop, and your ISP is dancing around the question, tempers flare. MylesJ From completelyfalse at harrykiri.com Sun Mar 13 09:02:44 2005 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Sat Mar 12 17:00:03 2005 Subject: [SC-Help] Parser Discards Payload Website As Fake (it's not) Message-ID: http://www.spamcop.net/sc?id=z741484798ze705ff1cc04e8091f3976eff312bce9fz Why does SC discard this website (wedelivermedstoyou.net) as fake? TIA, Hughy From MikeE at ster.invalid Sat Mar 12 17:58:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 12 21:00:05 2005 Subject: [SC-Help] Re: Parser Discards Payload Website As Fake (it's not) References: Message-ID: Harry Kiri wrote: www.spamcop.net/sc?id=z741484798ze705ff1cc04e8091f3976eff312bce9fz > > Why does SC discard this website (wedelivermedstoyou.net) as fake? The parser spends a long time trying to resolve it and can't. My resolver sez 222.122.47.170 no rDNS = kornet SC also can't resolve it if you put the naked URL into the parser. That IP along with its /29 is spamhaused anyway, indicating the provider is unresponsive, so you aren't missing anything by not doing them the favor of notifying them of a spamvertiser. The only loss is that it doesn't get named on the statistics page to be picked up by the sc-surbl. If you want to play with it to try to guess whether or not SC is blocked from its nameservice or if it just has generally flakey or pokey nameservice, you can go to dnsstuff and see about the timing of the nameservice. Dnsstuff handles nameservice by going up to the top and coming back down so that you can get a 'picture' of what is happening. There is/was [when I looked] almost a 6 second overhead getting information from the domain's nameservers, with one timing out and the other answering. The nameservice was judged as C minus when I checked. There are various reasons a nameserver functions so poorly; sometimes it is because it is doing some kind of big fandango to be tricky; sometimes it is just incompetent. Both the nameservers are handled by a non-responsive .cn provider, CNC Group Jiangsu province network -- Mike Easter kibitzer, not SC admin From h9vzc2i02 at sneakemail.com Mon Mar 14 14:46:17 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Mar 14 17:50:06 2005 Subject: [SC-Help] Re: Opening spam insecure? References: Message-ID: "DougW" wrote in message news:cvu67p$df9$1@news.spamcop.net... > Mike Easter did pass the time by typing: > > Erin wrote: > >> Don't I have to open spam to report it? I've been told to not open > >> spam, but SpamPal doesn't work with web interfaces. Is it secure to > >> open junkmail with web interfaces in order to copy/paste and/or > >> forward? > > > Generally, no. You have no idea what payload the message may have. > Some use specific URLs to validate live email accounts or pull > other shenanigans. > > > Is it absolutely necessary that hotmail must be opened to be reported? > > > > Be careful about interpreting my remarks about not opening spam. Many > > solid antispammers don't exactly see eye-to-eye with me about that, and > > my position sounds somewhat extreme and other strategies than mine which > > do involve opening spam may be employed, if done 'properly'. > > Sadly, hotmail doesn't have a safe view method. **** Yes it does have a method - tricky but it works.) Do the following: Highlight the mail in the list Right click and click on copy shortcut Paste the shortcut into the address box at the top of the window (after clearing out the box) Add "&raw=data" (without quotes) to the shortcut Click on go Next screen is the same a view source in outlook express You can copy/paste this screen into a word processor (WordPad) and save it as a TXT file (click on back to get back to the mail page.) Forward THIS txt file as an attachment to spamcop's parser (paste the above into spamcop's web page You will get back the usual e-mail with the links for parsing and reporting -- A SpamCop user and forum reader, Not Admin *** > (doesn't keep you from suggesting one though) > Just a way to view the source by enabling advanced headers. > http://www.spamcop.net/fom-serve/cache/22.html > > > -- > rbg > head kook and wattle bosher, revbeergoggles.com > > From lart-o-matic at revbeergoggles.com Mon Mar 14 17:08:34 2005 From: lart-o-matic at revbeergoggles.com (Rev Beergoggles) Date: Mon Mar 14 18:10:04 2005 Subject: [SC-Help] Re: Opening spam insecure? References: Message-ID: Anon_ did pass the time by typing: > "DougW" wrote in message >> Sadly, hotmail doesn't have a safe view method. > > **** > Yes it does have a method - tricky but it works.) Do the following: > > Highlight the mail in the list > Right click and click on copy shortcut > Paste the shortcut into the address box at the top of the window (after > clearing out the box) > Add "&raw=data" (without quotes) to the shortcut > Click on go > Next screen is the same a view source in outlook express > You can copy/paste this screen into a word processor (WordPad) and save it > as a TXT file (click on back to get back to the mail page.) > Forward THIS txt file as an attachment to spamcop's parser (paste the above > into spamcop's web page > You will get back the usual e-mail with the links for parsing and reporting Interesting. A little registry wizardry and you might be able to add that to the rightclick options, including copying it to the clipboard, ready for pasting into spamcop. Or heck, it could even form and send an email since locally running scripts are virtually unlimited in what they can do. The key is under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt and you can call any local .htm file with embedded scripting like the example on http://www.jfitz.com/tips/search.htm If I get some time, I'll give it a whack. Just because it seems like an interesting experiment. -- rbg From h9vzc2i02 at sneakemail.com Mon Mar 14 15:12:07 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Mar 14 18:15:03 2005 Subject: [SC-Help] Re: Giving them my email References: Message-ID: See inline comment "Pop" wrote in message news:cvvp2v$fm1$1@news.spamcop.net... > "Mike Easter" wrote in message > news:cvu6je$dsb$1@news.spamcop.net... > > Don Wannit wrote: > >> I signed up for a free Hotmail account, and it appears that Hotmail > >> does have several settings of interest to pledged spam fighters. > > > > I'm glad for this education, I'll probably have more questions. > > > >> Email goes either into your inbox or into your junk email folder, > >> depending on your settings. > > > > That's rather strange and it is similar to a statement Erin made about > > her mom looking in her Junkmail for her mail. There's something strange > > about that. The purpose of a filter is to eliminate [almost] all spam > > from your Inbox. If there's a junkmail folder with your goodmail in > > there and a lot of spam, then that filter hasn't functioned properly. > > > > You haven't described yet the discriminatory features of the hotmail > > filter; but that may be a bit much for posting and something that one > > would have to actually look at to fully appreciate. > > ===> As a longtime past but not as of the last year or so user of Hotmail > accounts, their filters do a pretty respectable job of sorting the mail. > The biggest problem I found was when someone used a dictionariable name: > Those collected spam faster than you could delete it. Your suggestion for a > an alpha-dig-alpha username worked pretty well at Hotmail - as I recall it > had to start with an alpha but after that could be any character you could > type on a keyboard. ** As an example of the above, I have had a hotmail account with an alpha-three digits-alpha address for over a year and received not a single spam in it. I have another which is my first initial-last name-three digits and have had the usual load of spam almost from the start (all hotmail options on signup where don't list me in YOUR address book and don't sign me up for anything.) So your address sample is a good one to thwart the dictionary address spammers. -- A SpamCop user and forum reader, Not Admin *** From CompWX at aol.com Mon Mar 14 22:10:27 2005 From: CompWX at aol.com (Brian Zappia) Date: Mon Mar 14 22:15:04 2005 Subject: [SC-Help] Spam Internal on AOL Message-ID: I posted the following message on spamcop.spam and then realized that most of the discussion was going on here: The following report: http://www.spamcop.net/sc?id=z742251843ze9fbcac4289d0ccd6743452c6dafea6ez is an example of an UCE that was sent from one aol member to another (me) the headers contain no IP addresses, only the AOL user who sent the message. Because they contain no IP addresses, spamcop does not recognize them. It is not difficult for me to forward these messages to AOL's abuse team, but I do have to trace the embedded links individually. Perhaps, for completeness sake, these types of messages should be recognized From SCNews.5.myspamgobbler at spamgourmet.com Tue Mar 15 00:08:59 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Mar 15 03:10:32 2005 Subject: [SC-Help] Re: Opening spam insecure? In-Reply-To: References: Message-ID: Anon_ wrote: > "DougW" wrote in message > news:cvu67p$df9$1@news.spamcop.net... > >>Mike Easter did pass the time by typing: >> >>>Erin wrote: >>> >>>>Don't I have to open spam to report it? I've been told to not open >>>>spam, but SpamPal doesn't work with web interfaces. Is it secure to >>>>open junkmail with web interfaces in order to copy/paste and/or >>>>forward? >> >> >>Generally, no. You have no idea what payload the message may have. >>Some use specific URLs to validate live email accounts or pull >>other shenanigans. >> >> >>>Is it absolutely necessary that hotmail must be opened to be reported? >>> >>>Be careful about interpreting my remarks about not opening spam. Many >>>solid antispammers don't exactly see eye-to-eye with me about that, and >>>my position sounds somewhat extreme and other strategies than mine which >>>do involve opening spam may be employed, if done 'properly'. >> >>Sadly, hotmail doesn't have a safe view method. > > > **** > Yes it does have a method - tricky but it works.) Do the following: > > Highlight the mail in the list > Right click and click on copy shortcut > Paste the shortcut into the address box at the top of the window (after > clearing out the box) > Add "&raw=data" (without quotes) to the shortcut > Click on go > Next screen is the same a view source in outlook express > You can copy/paste this screen into a word processor (WordPad) and save it > as a TXT file (click on back to get back to the mail page.) > Forward THIS txt file as an attachment to spamcop's parser (paste the above > into spamcop's web page > You will get back the usual e-mail with the links for parsing and reporting > It's late, I'm very tired, so maybe this is what's causing me to not get the same thing as you. I'm also using Firefox. What do you mean highlight the mail? Are you using the webmail in IE? In Firefox, you can't highlight it, just check or right click, where I can choose copy link location which is a javascript. Adding &raw=data does nothing. Using IE and hotmail webmail interface, there is a view source link, but, IIRC, you have to have opened the email first. The link doesn't work in Firefox. In OE, you can view source, but you have to download the email first, which, at least with the way my OE is configured, I have to open the email first. There may be other options, but I'm too tired to look right now. From bar_n0ne at hotmail.com Tue Mar 15 12:33:21 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Mar 15 03:35:02 2005 Subject: [SC-Help] Re: Opening spam insecure? References: Message-ID: "Brian (SnSR)" wrote in message news:d1658l$80j$1@news.spamcop.net... > Anon_ wrote: > > "DougW" wrote in message > > news:cvu67p$df9$1@news.spamcop.net... > > > >>Mike Easter did pass the time by typing: > >> > >>>Erin wrote: > >>> > SNIP > In OE, you can view source, but you have to download the email first, > which, at least with the way my OE is configured, I have to open the > email first. There may be other options, but I'm too tired to look right > now. you can right click on the highlighted messages in OE and select "download messages later" then a send & recieve will d/l the bodies and you can rt click/properties for C&P to the webform, or forward as attachments to the submit addy From Kilgallen at SpamCop.net Tue Mar 15 05:41:19 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Mar 15 06:45:05 2005 Subject: [SC-Help] Re: Spam Internal on AOL References: Message-ID: In article , Brian Zappia writes: > I posted the following message on spamcop.spam and then realized that > most of the discussion was going on here: > > The following report: > > http://www.spamcop.net/sc?id=z742251843ze9fbcac4289d0ccd6743452c6dafea6ez > > is an example of an UCE that was sent from one aol member to another > (me) the headers contain no IP addresses, only the AOL user who sent the > message. Because they contain no IP addresses, spamcop does not > recognize them. It is not difficult for me to forward these messages to > AOL's abuse team, but I do have to trace the embedded links > individually. Perhaps, for completeness sake, these types of messages > should be recognized As has been posted many times in the not-so-recent past, there is no information provided on an internal AOL message for SpamCop to determine the origin, which is, after all, the main function of SpamCop. From MikeE at ster.invalid Tue Mar 15 04:09:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 15 07:10:04 2005 Subject: [SC-Help] Re: Opening spam insecure? References: Message-ID: I'm cleaning up this citing a little, since I'm not in there. Nor Erin, Anon, or Brian. Berny wrote: > > "DougW" >> In OE, you can view source, but you have to download the email first, >> which, at least with the way my OE is configured, I have to open the >> email first. There may be other options, but I'm too tired to look >> right now. > > you can right click on the highlighted messages in OE and select > "download messages later" > > then a send & recieve will d/l the bodies and you can rt > click/properties for C&P to the webform, or forward as attachments to > the submit addy -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Tue Mar 15 08:29:30 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Mar 15 11:35:03 2005 Subject: [SC-Help] Re: Opening spam insecure? In-Reply-To: References: Message-ID: Berny wrote: > "Brian (SnSR)" wrote in message > news:d1658l$80j$1@news.spamcop.net... > >> >>SNIP >>In OE, you can view source, but you have to download the email first, >>which, at least with the way my OE is configured, I have to open the >>email first. There may be other options, but I'm too tired to look right >>now. > > > you can right click on the highlighted messages in OE and select "download > messages later" > > then a send & recieve will d/l the bodies and you can rt click/properties > for C&P to the webform, or forward as attachments to the submit addy > > Thanks Berny. I was missing the send & receive step. From h9vzc2i02 at sneakemail.com Tue Mar 15 08:37:24 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Tue Mar 15 11:40:04 2005 Subject: [SC-Help] Re: Opening spam insecure? References: Message-ID: See inline comment. "Brian (SnSR)" wrote in message news:d1658l$80j$1@news.spamcop.net... > Anon_ wrote: > > "DougW" wrote in message > > news:cvu67p$df9$1@news.spamcop.net... > > > >>Mike Easter did pass the time by typing: > >> > >>>Erin wrote: > >>> > >>>>Don't I have to open spam to report it? I've been told to not open > >>>>spam, but SpamPal doesn't work with web interfaces. Is it secure to > >>>>open junkmail with web interfaces in order to copy/paste and/or > >>>>forward? > >> > > > > > > **** > > Yes it does have a method - tricky but it works.) Do the following: > > > > Highlight the mail in the list > > Right click and click on copy shortcut > > Paste the shortcut into the address box at the top of the window (after > > clearing out the box) > > Add "&raw=data" (without quotes) to the shortcut > > Click on go > > Next screen is the same a view source in outlook express > > You can copy/paste this screen into a word processor (WordPad) and save it > > as a TXT file (click on back to get back to the mail page.) > > Forward THIS txt file as an attachment to spamcop's parser (paste the above > > into spamcop's web page > > You will get back the usual e-mail with the links for parsing and reporting > > > > It's late, I'm very tired, so maybe this is what's causing me to not get > the same thing as you. I'm also using Firefox. What do you mean > highlight the mail? Are you using the webmail in IE? In Firefox, you > can't highlight it, just check or right click, where I can choose copy > link location which is a javascript. Adding &raw=data does nothing. > ** I do not know anything about Firefox. The 'trick' above is for Hotmail. ** > Using IE and hotmail webmail interface, there is a view source link, > but, IIRC, you have to have opened the email first. The link doesn't > work in Firefox. > ** Using IE and hotmail webmail interface there is no view source link (the link may have something to do with Firefox.) My suggestion does not require opening the hotmail mail. ** > In OE, you can view source, but you have to download the email first, > which, at least with the way my OE is configured, I have to open the > email first. There may be other options, but I'm too tired to look right > now. ** In OE you do NOT have to open the mail to view source, just right click on the message in the list and then click on view source. -- A SpamCop user and forum reader, Not Admin *** From completelyfalse at harrykiri.com Wed Mar 16 22:49:51 2005 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Wed Mar 16 06:50:31 2005 Subject: [SC-Help] Thanks ( No Text) References: Message-ID: From ob1db at spamcop.net Wed Mar 16 11:17:11 2005 From: ob1db at spamcop.net (David Butler) Date: Wed Mar 16 11:20:06 2005 Subject: [SC-Help] Re: "No links found" ??? I see a whole bunch of them! References: Message-ID: "eddie" wrote in message news:pan.2005.03.07.05.22.47.375000@eddie.web... > On Mon, 07 Mar 2005 15:47:48 -0500, J. Merrill scratched out the > following: > > > I just posted (to .Spam) an email message that seems to have correctly > > formed HTML with lots and lots of links, but Spamcop's analysis included > > > > Finding links in message body > > Parsing HTML part > > no links found > > > > What might be causing this? Thanks. > SC will miss links if there is no space after the header. > If you insert a space before the first "From" (right after the Message-ID > line) SC will usually parse properly. Please don't ask why the software > won't do this. And inserting a space does NOT "materially change the spam" > so it's OK to do this. > > -- You mean a space or a blank line ?? From ob1db at spamcop.net Wed Mar 16 11:21:46 2005 From: ob1db at spamcop.net (David Butler) Date: Wed Mar 16 11:25:07 2005 Subject: [SC-Help] Spam from IANA space or forged Message-ID: SC says this is from IANA space and wants to devnull it. WHen I manually parse the IP it is indeed in an IANA range: NetRange: 73.0.0.0 - 79.255.255.255 CIDR: 73.0.0.0/8, 74.0.0.0/7, 76.0.0.0/6 NetName: RESERVED-7 NetHandle: NET-73-0-0-0-1 Parent: NetType: IANA Reserved Is this really where the spam came from or is this a forgery that fooled the SC engine ? Return-Path: Delivered-To: x Received: (qmail 30734 invoked from network); 16 Mar 2005 10:09:14 -0000 Received: from unknown (192.168.1.103) by blade3.cesmail.net with QMQP; 16 Mar 2005 10:09:14 -0000 Received: from blackbird.mail.pas.earthlink.net (207.217.121.90) by mailgate2.cesmail.net with SMTP; 16 Mar 2005 10:09:14 -0000 Received: from mx-a065b28.p.pas.sa.earthlink.net ([10.4.120.218] helo=mx-a065b28.pas.sa.earthlink.net) by blackbird.mail.pas.earthlink.net with smtp (Exim 3.36 #1) id 1DBVSU-0003i8-00 for x; Wed, 16 Mar 2005 02:08:58 -0800 X-MindSpring-Loop: x Received: from jiruse5.jar.gin.cz ([212.71.164.106]) by mx-a065b28.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1dbvst3ij3NZFpQ0 for ; Wed, 16 Mar 2005 02:08:57 -0800 (PST) Received: from [73.59.74.182] (port=1300 helo=[Mckenna]) by jiruse5.jar.gin.cz with esmtp id 1274127116Devonte84357 for x; Wed, 16 Mar 2005 11:08:58 +0100 Date: Wed, 16 Mar 2005 11:08:57 +0100 From: Nicolette X-Mailer: SecureBat! Lite (v2.12.4) X-Priority: 3 (Normal) Message-ID: <7571841694.29485@jiruse5.jar.gin.cz> To: x Subject: What's so good about it? :) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-ELNK-AV: 0 X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade3.cesmail.net X-Spam-Level: X-Spam-Status: hits=0.5 tests=BIZ_TLD version=3.0.0 X-SpamCop-Checked: 192.168.1.103 207.217.121.90 10.4.120.218 212.71.164.106 73.59.74.182 From MikeE at ster.invalid Wed Mar 16 08:46:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 16 11:45:03 2005 Subject: [SC-Help] Re: Spam from IANA space or forged References: Message-ID: David Butler wrote: > SC says this is from IANA space and wants to devnull it. WHen I > manually parse the IP it is indeed in an IANA range: > Is this really where the spam came from or is this a forgery that > fooled the SC engine ? It is better to post a tracker instead of the headers so I don't have to remove all of the returns from your newsreader's posting to see how SC wants to parse it. www.spamcop.net/sc?id=z742788378z77c3ac6646a270f61820678a271b481az SC is trusting 212.71.164.106 rDNS jiruse5.jar.gin.cz to be a server/relay. The server mail.smirice.sten.cz ESMTP Postfix lives there. I would notify inetnum: 212.71.164.0 - 212.71.165.255 netname: AT-NET descr: ATNET network telekom@telekom.cz and the default PM because... No abuse address is registered with abuse.net ... and abuse@gin.cz whois -h whois.abuse.net ipex.cz ... abuse@gin.cz (for ipex.cz) .... because route: 212.71.128.0/18 descr: GIN's network origin: AS9080 mnt-by: AS9080-MNT changed: feela@ipex.cz 1 ... about no reg'd abuse.net addy -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Wed Mar 16 11:04:33 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 16 12:10:03 2005 Subject: [SC-Help] Attn Deputies: Re: Spam from IANA space or forged References: Message-ID: In article , "Mike Easter" writes: > David Butler wrote: >> SC says this is from IANA space and wants to devnull it. WHen I >> manually parse the IP it is indeed in an IANA range: > >> Is this really where the spam came from or is this a forgery that >> fooled the SC engine ? > > It is better to post a tracker instead of the headers so I don't have to > remove all of the returns from your newsreader's posting to see how SC > wants to parse it. > > www.spamcop.net/sc?id=z742788378z77c3ac6646a270f61820678a271b481az > > SC is trusting 212.71.164.106 rDNS jiruse5.jar.gin.cz to be a > server/relay. The server mail.smirice.sten.cz ESMTP Postfix lives > there. > > I would notify > > inetnum: 212.71.164.0 - 212.71.165.255 > netname: AT-NET > descr: ATNET network > > telekom@telekom.cz and the default PM because... > > No abuse address is registered with abuse.net > > ... and abuse@gin.cz I would also recommend notifying a Deputy. If a "trusted" relay is accepting e-mail from a "bogon" or unallocated I.P. address space, then that "trusted" relay should be considered the source, and should lose it's "trusted" status. There is a problem with always exempting the "trusted" relays that are not in a reporter's mailhost list from listing in the bl.spamcop.net. It gives the operator of the network no incentive to fix long term mulit-hop exploits on their network. Apparently some network operators think that is all they need to do to deal with their outgoing spam problem. -John wb8tyw@qsl.network Personal Opinion Only From no_spam at no_spam.com Wed Mar 16 12:50:10 2005 From: no_spam at no_spam.com (Warren Odom) Date: Wed Mar 16 13:55:06 2005 Subject: [SC-Help] Can't re-login to ISP account Message-ID: I've had a spam reporting account for years. Yesterday I created an ISP account (using a different Email address, following the instructions) to check on anything SC had a record of, that was coming from my mail server. Then I had lots of trouble logging back in to my reporting account. Finally partially fixed that, but now today I need to shut off the hourly status Emails and I can't log back into the ISP account. When I try logging into either account, it says "You appear to be using an old login (you may have logged out in another browser session)." This message is less than helpful (doesn't define "old," doesn't say how to fix). I click the "Log in here" link, try again, and get back the same message. As I mentioned, I can "partially" fix the reporting login problem by using the non-cookie "HTTP basic auth" login, but there is no such option for the ISP account. Finally I tried deleting all SC cookies (more than once), but the problem persists. Even more puzzling, I got the same message when I tried to login to the reporting account on two other computers (which I've used in the past to report spam), even though I've never tried to use the ISP account on them. I even tried getting a totally new ISP account today, under a (third) different Email address, but it gets the same problem. So I'm stuck -- please help me with this problem. Thanks -- Warren From rcarlton at spamcop.net Wed Mar 16 20:10:02 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Wed Mar 16 23:10:27 2005 Subject: [SC-Help] Re: Spam Internal on AOL In-Reply-To: References: Message-ID: Brian Zappia wrote: > I posted the following message on spamcop.spam and then realized that > most of the discussion was going on here: > > The following report: > > http://www.spamcop.net/sc?id=z742251843ze9fbcac4289d0ccd6743452c6dafea6ez > Well, you could always call Jodie and ask her what it's all about. from http://hometown.aol.com/hb6300 Jodie Berghorn 1243 Tulipwood Dr. Seffner, Florida 33584 813-681-5094 The number checks out, etc. From no_spam at no_spam.com Thu Mar 17 14:41:17 2005 From: no_spam at no_spam.com (Warren Odom) Date: Thu Mar 17 15:45:05 2005 Subject: [SC-Help] Re: Can't re-login to ISP account References: Message-ID: Well, today it seems to be working. It appears somebody there has fixed the problem. From no_spam at no_spam.com Thu Mar 17 19:32:39 2005 From: no_spam at no_spam.com (Warren Odom) Date: Thu Mar 17 20:35:08 2005 Subject: [SC-Help] Re: Can't re-login to ISP account References: Message-ID: Tonight it's NOT working, on computer #3. This computer was never, ever used to login to the ISP account. Now it won't login to my spam reporting account (unless I use the non-cookie login). The full message is: No userid found You appear to be using an old login (you may have logged out in another browser session) (I inadvertently omitted the first line in my original post.) Still waiting on suggestions...... From MikeE at ster.invalid Fri Mar 18 06:22:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 18 09:25:05 2005 Subject: [SC-Help] Re: Link Obfuscation not resolved properly when hostname has ampersand References: Message-ID: Posted to .spam & .help, f/ups to .help Jim wrote: > Since I don't know where to post reports regarding Spamcop problems, > I am posting this here in hope that someone might fix the problem. spamcop.spam is a group which has been used in the past to post raw spam. As a result, no one 'reads' or discusses here. In the old days, people would start a thread in spamcop.help or spamcop [or spamcop.mail if it were about a spamcop mail issue] and if it involved having to show the raw spam and complete headers they would post it here and refer to it in the discussion group. But since then the tracker has been enabled to show the entire spam, so there is no need to post anything into the .spam group because just posting the tracker into the regular discussion group is just fine. This item's 'type' could go into .help or spamcop, it doesn't matter. I'm arbitrarily configuring f/ups to .help as well as crossposting there. > Here are the lines from the report: > > Resolving link obfuscation > http%3a//www.fctb%26tjzau.net%2esimple%72xonline%2ecom/b/sv5jmk8wzlnvote xt2daof9ikrnmw > Percent unescape: > http://www.fctb&tjzau.net.simplerxonline.com/b/sv5jmk8wzlnvotext2daof9ikrnmw > host www.fctb (checking ip) ip not found ; www.fctb discarded as > fake. host www.fctb (checking ip) ip not found ; www.fctb > discarded as fake. That result is not what I'm seeing when I look at your tracker, which 'reparses' an item whenever it is accessed. Currently SC finds the link and successfully de-obfuscates it.... > Now, the true web site referred to is on the domain > sumplerxonline.com, and the full host is > www.fctb&tjzau.net.simplerxonline.com > > The web site exists at (218.7.120.109). ... however, SC does not successfully resolve the deobfuscated link. Cannot resolve http://www.fctb&tjzau.net.simplerxonline.com/b/sv5jmk8wzlnvotext2daof9ikrnmw Checking simplerxonline.com at dnsstuff shows me the nameservice is poor http://www.dnsstuff.com/tools/dnstime.ch?name=simplerxonline.com&type=A Time to look up simplerxonline.com A record Generated by www.DNSstuff.com at 14:08:44 GMT on 18 Mar 2005. Searching for simplerxonline.com A record at a.root-servers.net Got referral to J.GTLD-SERVERS.NET. [took 47 ms] Searching for simplerxonline.com A record at J.GTLD-SERVERS.NET. Got referral to ns9.wdrhosting.com. [took 200 ms] Searching for simplerxonline.com A record at ns9.wdrhosting.com. Timed out. Trying again. Searching for simplerxonline.com A record at ns14.bighostsolutions.com. Timed out. Trying again. Searching for simplerxonline.com A record at ns9.wdrhosting.com. Timed out. Trying again. Searching for simplerxonline.com A record at ns4.bighostsolutions.com. Timed out. Trying again. Searching for simplerxonline.com A record at ns4.bighostsolutions.com. Timed out. Trying again. Searching for simplerxonline.com A record at ns9.wdrhosting.com. Timed out. Trying again. Sorry, I could not continue. all 6 nameservers timed out. It is a common problem for SC to fail at resolving something and not reporting the link. Sometimes SC is blocked but a reporter can resolve the url, sometimes there's just generally flakey nameservice. Sometimes something will deobfuscate and/or resolve with one parse but not another, so it is useful to retry [a little bit]. My resolver resolves the url as well 03/18/05 06:14:36 dns www.fctb&tjzau.net.simplerxonline.com Canonical name: www.simplerxonline.com Aliases: www.fctb&tjzau.net.simplerxonline.com Addresses: 218.7.120.109 >From some discussions in nanae and elsewhere recently about contriving bogus domainnames and some education about hostnames, I think there may be some RFC issues afoot here. The rules for allowable characters for simplexonline and com, the top and 2nd level names are different for the rules for the 3rd, 4th, and 5th level names, and the '&' character in the 4th level name causes some problems for some tools at dnsstuff and it looks like caused some problems for SC earlier. Maybe someone else can comment on that. > The entire spam is in report: > http://www.spamcop.net/sc?id=z743402806zab5b370545b15b9cb207b2476e904d37z > > I hope this helps. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Mar 18 13:55:05 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Mar 18 15:00:03 2005 Subject: [SC-Help] Buying Fuel problem Message-ID: Query brought up in the web-based Forum at http://forum.spamcop.net/forums/index.php?showtopic=3843 E-mailed Don, who posted this "over there" -=-=-=-=-=- Sorry for all the problems. Our PayPal routine is broken. We're switching over to a longer, more secure 'secret code' and the PayPal form doesn't like it. I don't know what all is involved in fixing it, but Julian is on it and I'll post here when I find out what's going on. - Don - -=-=-=-=-=- From nobody at devnull.spamcop.net Fri Mar 18 14:08:49 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Mar 18 15:10:04 2005 Subject: [SC-Help] Re: Buying Fuel problem References: Message-ID: Dang .. too fast on the draw ... small correction ... -=-=-=-=-=- >Would you want me to also add this data to a newsgroup posting? Yes, please. Only with VeriSign vice PayPal. :-) - Don - -=-=-=-=-=- "WazoO" wrote in message news:d1fbmq$pgh$1@news.spamcop.net... > Query brought up in the web-based Forum at > http://forum.spamcop.net/forums/index.php?showtopic=3843 > E-mailed Don, who posted this "over there" > -=-=-=-=-=- > Sorry for all the problems. Our PayPal routine is broken. > > We're switching over to a longer, more secure 'secret code' and the PayPal > form doesn't like it. > > I don't know what all is involved in fixing it, but Julian is on it and I'll > post here when I find out what's going on. > > - Don - > -=-=-=-=-=- > > From jimwasson at spamcop.net Sat Mar 19 09:08:57 2005 From: jimwasson at spamcop.net (Jim Wasson) Date: Sat Mar 19 12:10:04 2005 Subject: [SC-Help] Too may links? Message-ID: I hadn't seen this one before; the report is at: http://www.spamcop.net/sc?id=z743791734z490bcb9e2cbbfb7a226489186e04c603z When parsing the message body, it said "Too many links" after listing a bunch of links that it found but then it didn't report any of them! What's up with that? From feldethom2165 at email2me.net Sat Mar 19 08:30:15 2005 From: feldethom2165 at email2me.net (Fred k) Date: Sat Mar 19 12:35:02 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: "Jim Wasson" wrote in message news:d1hmb7$5vq$1@news.spamcop.net... >I hadn't seen this one before; the report is at: > > http://www.spamcop.net/sc?id=z743791734z490bcb9e2cbbfb7a226489186e04c603z > The parser must handle many spam reports. Time is a precious commodity. Time to determine the "real link" is unreasonable, especially since SC's main concern is to identify the originator of the spam. I am just thinking out via keypad and could be wrong. Fred k From MikeE at ster.invalid Sat Mar 19 09:42:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 19 12:45:04 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: Jim Wasson wrote: > When parsing the message body, it said "Too many links" after listing > a bunch of links that it found but then it didn't report any of them! > What's up with that? The logic is that if there are an excessive number of links, there is a likelihood that they are red herrings or innocent bystanders and so none of them are reported. There have been alternate strategies in the past, in which if there are many at the same domain, then the nameservice was notified, but that strategy was abandoned. There isn't a good solution for the type of item you have. The easy one is to just accept the result SC gives, which reports the source. -- Mike Easter kibitzer, not SC admin From jimwasson at spamcop.net Sat Mar 19 09:40:57 2005 From: jimwasson at spamcop.net (Jim Wasson) Date: Sat Mar 19 12:45:11 2005 Subject: [SC-Help] Re: Too may links? In-Reply-To: References: Message-ID: Fred k wrote: > "Jim Wasson" wrote in message > news:d1hmb7$5vq$1@news.spamcop.net... > >>I hadn't seen this one before; the report is at: >> >>http://www.spamcop.net/sc?id=z743791734z490bcb9e2cbbfb7a226489186e04c603z >> > > > The parser must handle many spam reports. Time is a precious commodity. Time > to determine the "real link" is unreasonable, especially since SC's main > concern is to identify the originator of the spam. I am just thinking out > via keypad and could be wrong. > > Fred k > > Maybe so, but it already looked up the links. From jimwasson at spamcop.net Sat Mar 19 09:42:03 2005 From: jimwasson at spamcop.net (Jim Wasson) Date: Sat Mar 19 12:45:16 2005 Subject: [SC-Help] Re: Too may links? In-Reply-To: References: Message-ID: Mike Easter wrote: > Jim Wasson wrote: > > >>When parsing the message body, it said "Too many links" after listing >>a bunch of links that it found but then it didn't report any of them! >>What's up with that? > > > The logic is that if there are an excessive number of links, there is a > likelihood that they are red herrings or innocent bystanders and so none > of them are reported. > > There have been alternate strategies in the past, in which if there are > many at the same domain, then the nameservice was notified, but that > strategy was abandoned. > > There isn't a good solution for the type of item you have. The easy one > is to just accept the result SC gives, which reports the source. > OK. I understand. Seems a shame, though. From eddie at eddie.web Sat Mar 19 12:51:13 2005 From: eddie at eddie.web (eddie) Date: Sat Mar 19 12:55:06 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: On Sat, 19 Mar 2005 08:30:15 -0900, Fred k scratched out the following: > > "Jim Wasson" wrote in message > news:d1hmb7$5vq$1@news.spamcop.net... >>I hadn't seen this one before; the report is at: >> >> http://www.spamcop.net/sc?id=z743791734z490bcb9e2cbbfb7a226489186e04c603z >> >> > The parser must handle many spam reports. Time is a precious commodity. > Time to determine the "real link" is unreasonable, especially since SC's > main concern is to identify the originator of the spam. I am just thinking > out via keypad and could be wrong. > > Fred k In truth, the "originator" of the spam is the website, which is going unreported. Without the website, there would be no point to the spam. The order of importance, to me, is the website, and then the spam. One website, not shut down, can simply use zombies all over the world to advertise his site. The center of operations, so to speak, is the spamvertized website, the source of the spam is relatively unimportant. A very long time ago, the source of the spam was very important, but this is no longer the case. Just my opinion, though. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Mar 19 12:52:40 2005 From: eddie at eddie.web (eddie) Date: Sat Mar 19 12:55:19 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: On Sat, 19 Mar 2005 09:42:04 -0800, Mike Easter scratched out the following: > There have been alternate strategies in the past, in which if there are > many at the same domain, then the nameservice was notified, but that > strategy was abandoned. > > There isn't a good solution for the type of item you have. The easy one > is to just accept the result SC gives, which reports the source. The spammer attempts to hide the URL because he knows that it is more important than the spam source, which, today is a dime a dozen. What spammy is hiding is what should be targetted, in my opinion. -- Once movie theaters gave out steak knives Today they confiscate them From shorn at spamcop.net Sat Mar 19 15:30:14 2005 From: shorn at spamcop.net (Ascleptius) Date: Sat Mar 19 16:35:04 2005 Subject: [SC-Help] Any pine users out there. Message-ID: Hi: Sorry for the cross posting but I deparately need help. When I try to launch the Pine Email client I keep getting the error message "[Error: "Invalid folder name" Can't fetch remote configuration]". Needless to say, I cannot access my spamcop account via IMAP. I tried the Pine newsgroup but the Pine people told me to ask someone at spamcop. I'm showing my pinere file so another Pine user might be able to tell me what I'm doning wrong, and tell me how to fix it. If anyone can tell me what I need to do to fix it, I would deeply apprecaite it. TIA Ascleptius -----------------pinerc file-------------------------------------------- # Updated by Pine(tm) 4.00, copyright 1989-1998 University of Washington. # # Pine configuration file -- customize as needed. # # This file sets the configuration options used by Pine and PC-Pine. If you # are using Pine on a Unix system, there may be a system-wide configuration # file which sets the defaults for these variables. There are comments in # this file to explain each variable, but if you have questions about # specific settings see the section on configuration options in the Pine # notes. On Unix, run pine -conf to see how system defaults have been set. # For variables that accept multiple values, list elements are separated # by commas. A line beginning with a space or tab is considered to be a # continuation of the previous line. For a variable to be unset its value # must be blank. To set a variable to the empty string its value should # be "". You can override system defaults by setting a variable to the # empty string. Switch variables are set to either "yes" or "no", and # default to "no". # Lines beginning with "#" are comments, and ignored by Pine. #Example: user-id=xyz123 user-id=shorn@spamcop.net #Example: personal-name=My Name personal-name=Steven Horn #Example: user-domain=u.washington.edu user-domain=imap.spamcop.net #Example: smtp-server=smtp.foobar.edu smtp-server=mail.mailcircuit.com/user-id=kcom #Example: nntp-server=news.foobar.edu nntp-server=news.alt.net/user=sjsm #Example: inbox-path={imapserver.foobar.edu}inbox inbox-path={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX #Example: incoming-folders= "WIDGETS" {imapserver.foobar.edu}widgets, # "CompMailPine" {imapserver.foobar.edu}{news.foobar.edu/nntp}#news.comp.mail.pine #Note: the second example requires a recent version of the UW IMAP server, which is acting as a news proxy in this case incoming-folders= #Example: folder-collections=MAIN {imapserver.foobar.edu}mail/[*], PROJECTS {imapserver.foobar.edu}projects/[*] folder-collections={imap.spamcop.net/user=shorn@spamcop.net/tls/novalidate-cert}INBOX.[] #You can leave the following group of variables blank; Pine will pick default names news-collections= default-fcc= postponed-folder= read-message-folder= signature-file= #Example: address-book=MYBOOK {imapserver.foobar.edu}addrbook #Note: this example identifies a Pine addressbook being stored on your IMAP server address-book= feature-list=delete-skips-deleted, use-current-dir, enable-mail-check-cue, auto-open-next-unread, enable-incoming-folders, news-read-in-newsrc-order, news-post-without-validation, select-without-confirm, news-approximates-new-status, compose-maps-delete-key-to-ctrl-d, enable-mouse-in-xterm, enable-aggregate-command-set, enable-bounce-cmd, enable-flag-cmd, enable-full-header-cmd, enable-jump-shortcut, enable-suspend, enable-tab-completion, enable-unix-pipe-cmd, quit-without-confirm, enable-alternate-editor-cmd, single-column-folder-list, enable-8bit-nntp-posting, enable-8bit-esmtp-negotiation, enable-verbose-smtp-posting, compose-cut-from-cursor, auto-zoom-after-select, auto-unzoom-after-apply, print-offers-custom-cmd-prompt, print-formfeed-between-messages, auto-move-read-msgs, enable-dot-files, enable-dot-folders, tab-visits-next-new-message-only, use-subshell-for-suspend, enable-newmail-in-xterm-icon, expanded-view-of-distribution-lists, save-will-not-delete, compose-posts-in-background, enable-background-sending, enable-goto-in-file-browser, no-print-index-enabled, enable-delivery-status-notification, enable-search-and-replace, enable-arrow-navigation, expunge-without-confirm, enable-msg-view-urls, enable-msg-view-web-hostnames, enable-exit-via-lessthan-command, enable-partial-match-lists, enable-fast-recent-test, add-ldap-result-to-addrbook initial-keystroke-list=i default-composer-hdrs=To, Cc, Bcc, Subject customized-hdrs=Reply-To:, Organization: Not Much But I Keep Trying saved-msg-name-rule=by-recipient fcc-name-rule= sort-key= character-set=ISO-8859-1 editor= image-viewer= use-only-domain-name=No printer= personal-print-command= last-time-prune-questioned=98.6 last-version-used=4.00 addrbook-sort-rule=dont-sort global-address-book= mail-directory= normal-foreground-color=black normal-background-color=cyan reverse-foreground-color=white reverse-background-color=blue font-size=12 # Full path and name of NEWSRC file newsrc-path= # Extension used for local folder names (".MTX" by default). folder-extension="" # Name and size of font. font-name="Fixedsys" font-style="" # Name and size of printer font. print-font-name="Lucida Console" print-font-size="10" print-font-style="" # Window position in the format: CxR+X+Y # Where C and R are the window size in characters and X and Y are the # screen position of the top left corner of the window. window-position=80x32+185+4b # Over-rides default path for saved-msg folder, e.g. =saved-messages (using first # folder collection dir) or ={host2}saved-mail or ="" (to suppress saving). # Default: saved-messages (Unix) or SAVEMAIL.MTX (PC) in default folder collection. default-saved-msg-folder= # This names the path to an alternative sendmail program which is # usually "/usr/lib/sendmail". It must support sendmail's "-bs" option. sendmail-path= # Specifies the program invoked by ^T in the Composer. (For Unix Pine) speller=ispell # Path and filename of news configation's active file. # The default is typically "/usr/lib/news/active". news-active-file-path= # Directory containing system's news data. # The default is typically "/usr/spool/news" news-spool-directory= # A list of alternate addresses the user is known by alt-addresses=xyz@u.foobar.edu, abc@cs.foobar.edu # The number of lines of overlap when scrolling through message text viewer-overlap=2 # The approximate number of seconds between checks for new mail mail-check-interval=180 # This is a list of formats for address books. Each entry in the list is made # up of space-delimited tokens telling which fields are displayed and in # which order. See help text addressbook-formats=NICKNAME FULLNAME(24) COMMENT # This gives a format for displaying the index. It is made # up of space-delimited tokens telling which fields are displayed and in # which order. See help text #index-format=FULLSTATUS MSGNO DATE FROMORTO(33%) SIZE SUBJECT(67%) index-format= # This variable takes a list of programs that message text is piped into # after MIME decoding, prior to display. #display-filters=_LEADING("-----BEGIN PGP")_ /usr/local/bin/pgp-decrypt -p _DATAFILE_ -s -m _RESULTFILE_ _PREPENDKEY_ display-filters= # This defines a program that message text is piped into before MIME # encoding, prior to sending sending-filters= # The number of seconds to sleep after writing a status message status-message-delay=0 # Specifies the column of the screen where the composer should wrap. composer-wrap-column= # Specifies the string to insert when replying to message. reply-indent-string= # Which category default print command is in personal-print-category=3 # List of context and folder pairs, delimited by a space, to be offered for # pruning each month. For example: {host1}mail/[] mumble pruned-folders= # List of folder pairs; the first indicates a folder to archive, and the # second indicates the folder read messages in the first should # be moved to. #Example: incoming-archive-folders=DOOM doom-arch, # PINE-INFO pine-info-arch, incoming-archive-folders= # emulator's into Pine's composer. # Note: _FILE_ will be replaced with the temporary file used in the uplaod. upload-command= # Path and filename of the program used to download text via your terminal # emulator from Pine's export and save commands. # Note: _FILE_ will be replaced with the temporary file used in the downlaod. download-command= # When viewing messages, include this list of headers viewer-hdrs=date, from, reply-to, to, cc, newsgroups, resent-from, resent-to, organization, subject # Sets the default folder and collectionoffered at the Goto Command's prompt. goto-default-rule=first-collection-with-inbox-default # This names the root of the tree to which the user is restricted when reading # and writing folders and files. For example, on Unix ~/work confines the # user to the subtree beginning with their work subdirectory. # (Note: this alone is not sufficient for preventing access. You will also # need to restrict shell access and so on, see Pine Technical Notes.) # Default: not set (so no restriction) operating-dir= # Text sent to terminal emulator prior to invoking the program defined by # the upload-command variable. # Note: _FILE_ will be replaced with the temporary file used in the upload. upload-command-prefix= # Text sent to terminal emulator prior to invoking the program defined by # the download-command variable. # Note: _FILE_ will be replaced with the temporary file used in the downlaod. download-command-prefix= # Sets the search path for the mailcap cofiguration file. # NOTE: colon delimited under UNIX, semi-colon delimited under DOS/Windows. mailcap-search-path= # Sets the search path for the mimetypes cofiguration file. # NOTE: colon delimited under UNIX, semi-colon delimited under DOS/Windows. mimetype-search-path= # Sets the time in seconds that Pine will attempt to open a network # connection. The default is 30, the minimum is 5, and the maximum is# system defined (typically 75). tcp-open-timeout=5 # Sets the time in seconds that Pine will attempt to open a UNIX remote # shell connection. The default is 15, min is 5, and max is unlimited. # Zero disables rsh altogether. rsh-open-timeout=5 # Number of lines from top and bottom of screen where single # line scrolling occurs. scroll-margin=5 # Specifies the string to use when sending a message with no to or cc. empty-header-message= # Sets the version number Pine will use as a threshold for offering # its new version message on startup. new-version-threshold= # Program to open Internet URLS (e.g. http or ftp references). # PC-Pine 4.00 and later will use your default web browser web-browser= # Sets message which cursor begins on. Choices: first-unseen, first-recent, # first, last. Default: "first-unseen". incoming-startup-rule=first-recent # Set by Pine; contains data for caching remote address books. remote-abook-metafile= # LDAP servers for looking up addresses. #Example: ldap-servers=ldap.four11.com "/base=/impl=0/type=/srch=/time=/size=/cust=", people.u.washington.edu "/base=o=University of Washington,c=US/impl=1/rhs=0/type=/srch=/time=/size=/cust=/nick=" ldap-servers= # How many extra copies of remote address book should be kept. Default: 3 remote-abook-history= # List of programs to open Internet URLs (e.g. http or ftp references). url-viewers= # Sets the name of the command used to open a UNIX remote shell connection. # The default is tyically /usr/ucb/rsh. rsh-path= # Sets the format of the command used to open a UNIX remote # shell connection. The default is "%s %s -l %s exec /etc/r%sd" # NOTE: the 4 (four) "%s" entries MUST exist in the provided command # where the first is for the command's path, the second is for the # host to connnect to, the third is for the user to connect as, and the # fourth is for the connection method (typically "imap") rsh-command= # List of mail drivers to disable. See technical notes. disable-these-drivers= # If no user input for this many hours, Pine will exit if in an idle loop # waiting for a new command. If set to zero (the default), then there will # be no timeout. user-input-timeout= From wb8tyw at qsl.network Sat Mar 19 17:10:29 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Mar 19 17:15:04 2005 Subject: [SC-Help] Re: Any pine users out there. In-Reply-To: References: Message-ID: Ascleptius wrote: > Hi: > > Sorry for the cross posting but I deparately need help. When I try to > launch the Pine Email client I keep getting the error message "[Error: > "Invalid folder name" Can't fetch remote configuration]". Needless to > say, I cannot access my spamcop account via IMAP. I tried the Pine > newsgroup but the Pine people told me to ask someone at spamcop. I'm > showing my pinere file so another Pine user might be able to tell me > what I'm doning wrong, and tell me how to fix it. If anyone can tell me > what I need to do to fix it, I would deeply apprecaite it. TIA I have set followups to the spamcop.mail group as that is the group that is most likely to be able to tell you what settings are needed on your e-mail client. Generally when a person cross posts, followups should be set to one of the groups so that there will not be thread fragments all over the place. The person that maintains the spamcop.net mail server has stated that they are only monitoring the web forum, so that is where you will most likely get help what settings are needed. The majority of your pine.rc file is obvious not relavent to solving the problem. Once you get confirmed on the correct settings for connecting to the spamcop.net mail server if you still need help the pine newsgroup may be able to help you. -John wb8tyw@qsl.network Personal Opinion Only From 0rio85a02 at sneakemail.com Sat Mar 19 14:30:37 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Sat Mar 19 18:35:02 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: "eddie" wrote in message news:pan.2005.03.19.17.52.39.967000@eddie.web... > The spammer attempts to hide the URL because he knows that it is more > important than the spam source, which, today is a dime a dozen. What > spammy is hiding is what should be targetted, in my opinion. I totally agree with your statement, however there is no mechanism in place (I can SPAM act) to do that. SC's primary mission is to identify source of the spam. If that has changed it has been very recent. Fred k From eddie at eddie.web Sat Mar 19 18:37:42 2005 From: eddie at eddie.web (eddie) Date: Sat Mar 19 18:40:04 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: On Sat, 19 Mar 2005 14:30:37 -0900, Fred k scratched out the following: > > "eddie" wrote in message > news:pan.2005.03.19.17.52.39.967000@eddie.web... > >> The spammer attempts to hide the URL because he knows that it is more >> important than the spam source, which, today is a dime a dozen. What >> spammy is hiding is what should be targetted, in my opinion. > > I totally agree with your statement, however there is no mechanism in > place (I can SPAM act) to do that. SC's primary mission is to identify > source of the spam. If that has changed it has been very recent. > > Fred k And I agree with you. My only point is that SC is chasing what I consider 20th century spammers and spam techniques and the spammers have clearly moved into the 21st century. The general rule is to "follow the money" and that's the URL. The "spam source" is really the URL. As with the Federal No Call, list, it's not the individual calls that are stopped, per se, the originating organization is fined or closed. Right now, it's like putting out the fires an arsonist is setting, and being too busy with the fires to actually get the arsonist, which, of course is really the goal. Today, the spam is merely a byproduct of the peopel who run the websites. If the spam sites were shut down, the spam would all stop. Then, on a more cynical note, perhaps that's the point - getting rid of the spam sources would mean SC would be out of business. :) -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Sat Mar 19 16:20:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 19 19:20:03 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: Jim Wasson wrote: > I hadn't seen this one before; the report is at: > > http://www.spamcop.net/sc?id=z743791734z490bcb9e2cbbfb7a226489186e04c603z That item looks more like a mailing list item than a typical spam. It is straightup, it claims to have the IP which subscribed it. If you didn't sign up to receive it somehow, then possibly it is a bogus signup by someone for your address which was handled improperly by the mailing list if they didn't confirm before they started advertising. Sometimes it is better to be removed from such a list than the alternatives. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Mar 20 09:28:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 20 12:30:06 2005 Subject: [SC-Help] Re: should I report these myself? References: Message-ID: Posted to .help & .spam, f/ups to .help Robert wrote: > I've received 41 messages identical to this one below, all from the > same IP, in the last 9 days. SPAMCOP won't let me report them because > they arrive already "old". I think it's stupid that you can't > override the "too old" restriction for a case like this. What kept them from being reported in a timely fashion, so that they would have been contributing to the SCbl in a useful way to help defend those people who use the SCbl to filter or tag their mail with the list? Reporting old spamsources isn't very useful compared to reporting fresh ones. > Should I report them myself, to abuse@swip.net? Is it possible for > message not to be sent from 193.13.73.216? If I get no response from > the abuse email (or a bounce), is there an alternate route through > SPAMCOP to get the IP block blacklisted? The notifies for 193.13.73.216 rDNS stat.infanterit.se at inetnum: 193.13.72.0 - 193.13.74.255 netname: SE-GRIFFEL-NET1 are abuse@griffel.se or abuse@swip.net The tech at griffel is jonas@griffel.se Griffel doesn't have a reg'd abuse.net addy, nor does infanterit. The IP isn't listed on any blocklists, so presumably they should be responsive. As a housekeeping issue, .spam is only for posting raw spams, which really isn't necessary because you couldn't posted a tracker into a normal discussion group like spamcop or .help, which is a better way of displaying a spam. I'm crossposting this to .help, in case the discussion needs to go on, and making f/ups to there. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.com Sun Mar 20 12:47:31 2005 From: nobody at nowhere.com (Robert) Date: Sun Mar 20 12:50:04 2005 Subject: [SC-Help] Re: should I report these myself? References: Message-ID: > What kept them from being reported in a timely fashion, so that they > would have been contributing to the SCbl in a useful way to help defend > those people who use the SCbl to filter or tag their mail with the list? You tell me. There is nothing wrong with my local mail delivery, perhaps some point in the delivery chain is holding on to the messages to make them old deliberately? > Reporting old spamsources isn't very useful compared to reporting fresh > ones. Are you saying that you don't recommend I report the messages myself if I can't use spamcop? If I continue to receive these messages every day - always from the same IP - tell me why it would not be useful to report them. Robert From MikeE at ster.invalid Sun Mar 20 10:58:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 20 14:00:25 2005 Subject: [SC-Help] Re: should I report these myself? References: Message-ID: Robert wrote: > You tell me. There is nothing wrong with my local mail delivery, > perhaps some point in the delivery chain is holding on to the > messages to make them old deliberately? The only item I've seen is this one www.spamcop.net/sc?id=z744138338z9fbe3e7518ecb3843f38750d645af6bdz Abbreviated Received lines *comment from wps-1.merrimac (WPS-1 [192.168.100.9]) by merrexch.merrimac 20 Mar *serves you from 193.13.73.216 by 192.168.0.100; 7 Mar *sourceline Those headers are totally incompetent. Your provider's domainname isn't 'merrexch.merrimac' and its IP isn't that non-routing IP. So the Received tracelines are RFC non-complaint. That being sed, we are left to guess who your provider really is and what its IP really is and how those headerlines should've been configured. I don't have time to figure that out right now, but I'm assuming that whatever merrimac is supposed to really be and whatever IP it is really supposed to be received the item from the source almost 2 weeks ago and held onto it before putting it in your mailbox. >> Reporting old spamsources isn't very useful compared to reporting >> fresh ones. > > Are you saying that you don't recommend I report the messages myself > if I can't use spamcop? No I'm not saying that. The advantage to having a little template fixed up so that you can quickly and succinctly notify spamsources or spamvertisers or whatever solves the entire problem of suboptimal situations about how the parser reporter works. What I meant was that we who use the SCbl as part of our spam management strategy realize that its great value is in how 'frisky' it is about early listings of spamsources. If an IP can spam for two weeks before the SCbl hears about it, SC isn't really interested in hearing about it any more. Or listing it for that matter. If something has already quit spamming, what is the point of listing it to cause trouble for the nonspammers. > If I continue to receive these messages every > day - always from the same IP - tell me why it would not be useful to > report them. You should report them. You should be getting your spams fresh from your provider and your should be reporting them promptly. You tried to report that as soon as it got into your mailbox, but it looks like your provider held it for a long time. Altho' the headers are so bad it is hard to figure out just exactly who your provider is. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.com Sun Mar 20 14:43:52 2005 From: nobody at nowhere.com (Robert) Date: Sun Mar 20 14:45:04 2005 Subject: [SC-Help] Re: should I report these myself? References: Message-ID: OK I'll report them then, thanks. We're on an old version of Exchange, by the way, in case you were wondering why the headers didn't look right. I have no control over how it's configured, or when our site is going to upgrade to the latest version. :( Robert From nobody at devnull.spamcop.net Sun Mar 20 19:09:57 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Mar 20 19:10:05 2005 Subject: [SC-Help] Re: Too may links? References: Message-ID: ... > Then, on a more cynical note, perhaps that's the point - > getting rid of the spam sources would mean SC would be out of business. :) ... When I was able to work I spent nearly 40 years in companies whose main goal was to put themselves out of business. In fact, it was even part of one company's publicized objectives: To put themselves out of business in such a way that people just forgot they even existed. We got a LOT of PR out of it in the media! Pop From no_spam at no_spam.com Tue Mar 22 09:10:36 2005 From: no_spam at no_spam.com (Warren Odom) Date: Tue Mar 22 10:15:03 2005 Subject: [SC-Help] Re: Can't re-login to ISP account References: Message-ID: Well, now computer #3 is working again. Mysterious but I'm not arguing. This forum seems to be a lot less active than the last time I was here. Another mystery. I didn't get a single answer. From no_spam at no_spam.com Tue Mar 22 09:15:49 2005 From: no_spam at no_spam.com (Warren Odom) Date: Tue Mar 22 10:20:03 2005 Subject: [SC-Help] Re: should I report these myself? References: Message-ID: "Robert" wrote in message news:d1kcrm$t2e$1@news.spamcop.net... > > What kept them from being reported in a timely fashion, so that they > > would have been contributing to the SCbl in a useful way to help defend > > those people who use the SCbl to filter or tag their mail with the list? > > You tell me. There is nothing wrong with my local mail delivery, perhaps > some point in the delivery chain is holding on to the messages to make them > old deliberately? I've observed that some spam has incorrect dates and times in the headers. (Much of it is, after all, generated in an "artificial" manner, which lends itself to mistakes.) My guess is that's what you're seeing. When I get spam like this, and I'm sure it's fresh, I generally make a correction in the date/time fields so SC will take it. From h9vzc2i02 at sneakemail.com Tue Mar 22 09:35:35 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Tue Mar 22 12:40:16 2005 Subject: [SC-Help] Re: Can't re-login to ISP account References: Message-ID: "Warren Odom" wrote in message news:d1pche$rpi$1@news.spamcop.net... > Well, now computer #3 is working again. Mysterious but I'm not arguing. > > This forum seems to be a lot less active than the last time I was here. > Another mystery. I didn't get a single answer. > > *** Maybe it is possible that more people are using the FORUM instead of here. I have not checked the forum to see if the activity there has increased. -- A SpamCop user and forum reader, Not Admin *** From ob1db at spamcop.net Wed Mar 23 14:16:37 2005 From: ob1db at spamcop.net (David Butler) Date: Wed Mar 23 14:47:30 2005 Subject: [SC-Help] tfn.net.tw still not reporting correctly ?? Message-ID: Spamcop still does not find all reportage for tfn.net.tw space: Re: 61.31.139.142 (Administrator of network where email originates) To: spam@anet.net.tw (Notes) But Openrbl.org shows: Address: 61.31.139.142 resolved to 61-31-139-142.dynamic.tfn.net.tw AS: 61.31.0.0/16 AS17444Abuse-Whois tfn.net.tw: (61-31-139-142.dynamic.tfn.net.tw; tfn.net.tw; tf...)[Cached] [whois.abuse.net] postmaster@tfn.net.tw (for tfn.net.tw) spam@anet.net.tw (for tfn.net.tw)and in my own research I also found:TFN-NET:abuse@tfn.net.tw, postmaster@tfn.net.tw, eric_wu@twfn.com.tw, adam_tsai@howin.com.twParsing just tfn.net.tw yields: Parsing input: tfn.net.tw host tfn.net.tw (checking ip) ip not found ; tfn.net.tw discarded as fake. No recent reports, no history available Cannot resolve tfn.net.tw No valid email addresses found, sorry! From h9vzc2i02 at sneakemail.com Fri Mar 25 15:19:11 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Fri Mar 25 18:20:03 2005 Subject: [SC-Help] Re: Verisign vs SpamCop References: Message-ID: "SpamCop Admin" wrote in message news:i4a741t05137bk7bhh22udqkcsgud5qat8@4ax.com... > The VeriSign credit card form has been fixed. You should be able to > use it to make purchases now. > > Sorry for all the trouble. > > - Don - *** I have an unrelated question about verisign - are they connected with spamcop in any way? I seem to get cookies from them when I have not gone to their website, only when I have contacted SC. -- A SpamCop user and forum reader, Not Admin *** From mrogoff at cesmail.net Sat Mar 26 21:47:23 2005 From: mrogoff at cesmail.net (Martin Rogoff) Date: Sat Mar 26 22:50:05 2005 Subject: [SC-Help] Spamcop does not find links until I click on "View full message" and then back Message-ID: <2nac41hl838naa3uvvoubvuf0fdjihrum1@4ax.com> Sometimes clicking on "View full message" and then back will make the links show up. Somtimes clicking on "View full message" and then back will make the links disappear. The following email came directly into spamcop and the link would not show up. http://www.spamcop.net/sc?id=z746301752zd1025a58f82505f0e180a81e12727091z The following email came directly into spamcop and the link would not show up until I clicked on "View full message" and then back.three times. http://www.spamcop.net/sc?id=z746301753zf5ee8304ad96589e41fa9516d2f85bc9z From sam at logan1.loganet.net Sun Mar 27 20:37:40 2005 From: sam at logan1.loganet.net (Sam) Date: Sun Mar 27 21:47:10 2005 Subject: [SC-Help] List for Discussing Specific Spam In-Reply-To: Message-ID: Hi Everyone I'm trying to find the discussion list to subscribe to for discussing particular spam (in this case, my customers are getting a ton of spam that features a few random words inside, and usually contains a reference to speicific years from the 1800's in them, always with an attached GIF file (with various first names of that gif file). (I'm not specifically asking for a discussion of these spams here; just using that as an example). The list I'm looking for may discuss things like procmail scripts to stop this particular line of spam, dnsbl listings, etc. I have seen people mention on this list before that there is such a discussion list someplace, but I cannot find it on spamcop's website. Thanks, Sam -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 From agent01413 at my-deja.com Mon Mar 28 03:52:32 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Sun Mar 27 22:55:04 2005 Subject: [SC-Help] Re: List for Discussing Specific Spam References: Message-ID: Sam wrote in news:mailman.125.1111978030.4572.spamcop-help@news.spamcop.net: > > I have seen people mention on this list before that there is such a > discussion list someplace, but I cannot find it on spamcop's website. > "I have seen people mention on this list" is something i am having trouble parsing. the only spam related discussion list that i am aware of is SPAM-L. FAQ -- http://www.claws-and-paws.com/spam-l archives and join - http://peach.ease.lsoft.com/archives/spam-l.html pay special attention to the topics. filtering falls under the BLOCK topic. -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From ob1db at spamcop.net Mon Mar 28 18:18:00 2005 From: ob1db at spamcop.net (David Butler) Date: Mon Mar 28 18:20:12 2005 Subject: [SC-Help] Ebay phishing links not found on first try? Message-ID: http://www.spamcop.net/sc?id=z746918241zcbba29f8580c21475db3799aada25376z only found the source of this spam, not either the phishing link nor the "real " ebay links. Manual parsing found: Parsing input: pages.ebay.com host pages.ebay.com (checking ip) = 66.135.192.87 host 66.135.192.87 = pages.ebay.com (cached) No recent reports, no history available Routing details for 66.135.192.87 [refresh/show] Cached whois for 66.135.192.87 : network@ebay.com Using abuse net on network@ebay.com abuse net ebay.com = spam@ebay.com, postmaster@ebay.com Parsing input: webopedia.internet.com host webopedia.internet.com (checking ip) = 63.236.18.21 host 63.236.18.21 = webopedia.com (cached) No recent reports, no history available Routing details for 63.236.18.21 [refresh/show] Cached whois for 63.236.18.21 : abuse@qwest.net Using best contacts abuse-nonverbose@qwest.net Ran the parse again (same tracker in seperate window...): and it found those as well as several others... Re: http://www.ebaycareers.com/ (Administrator of network hosting website referenced in spam) To: abuse@mci.com (Notes) Re: http://www.ebayorama.com/ (Administrator of network hosting website referenced in spam) To: abuse@verio.net (Notes) Re: http://www.nsoft.it/scripts/mailform.exe (EXPERTS ONLY: SpamCop deputy will review this website.) no Javascript = no confirmation = no appeal To: Internal spamcop handling: (appeals) (Notes) Re: http://www.paypal.com/ (Administrator of network hosting website referenced in spam) To: spoof#ebay.com@devnull.spamcop.net (Notes) To: spam@ebay.com (Notes) To: postmaster@ebay.com (Notes) Re: https://certificates.ebay.com/ (Administrator of network hosting website referenced in spam) To: spoof#ebay.com@devnull.spamcop.net (Notes) To: spam@ebay.com (Notes) To: postmaster@ebay.com (Notes) any idea why ? From nospam at yahoo.com Mon Mar 28 22:53:26 2005 From: nospam at yahoo.com (Matt) Date: Mon Mar 28 23:55:03 2005 Subject: [SC-Help] Spamcop Webmail Autoresponder Message-ID: I have a spamcop email account. I want to change email addresses again. I would like to setup an autoresponder in the spamcop webmail interface that responds to all new(hopefully non-spam only) messages with a messages that says my email address has changed to: then either a mangled version of my new address or an attached graphic with a picture of my new address. Does anyone know how to do that? Matt From Kilgallen at SpamCop.net Tue Mar 29 04:04:43 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Mar 29 05:06:08 2005 Subject: [SC-Help] Re: Spamcop Webmail Autoresponder References: Message-ID: In article , "Matt" writes: > I have a spamcop email account. I want to change email addresses again. I > would like to setup an autoresponder in the spamcop webmail interface that > responds to all new(hopefully non-spam only) messages with a messages that > says my email address has changed to: then either a mangled version of my > new address or an attached graphic with a picture of my new address. So let's see... ...where no spam was involved, but the "From" address happened to be wrong, you would create spam. That does not seem too bright. From donna at v1.wustl.edu Tue Mar 29 09:18:13 2005 From: donna at v1.wustl.edu (Donna) Date: Tue Mar 29 10:20:21 2005 Subject: [SC-Help] What can/should I do if I mistakenly report a message as spam? Message-ID: Hi all, Usually, I'm pretty careful before reporting messages as spam, checking both the user and subject to make sure it's really spam. This morning, though, I was a bit trigger happy, and I reported a message from Amazon Marketplace as spam. It was a survey asking for feedback on the seller, and since I use the ratings, this is a valid message. But by the time I realized it and deselected the check-box for that message, it was too late. Is there any way I can retract that report? Donna Hanlon donna.hanlon@spamcop.net From dwvbo91q4001 at sneakemail.com Tue Mar 29 16:19:38 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Mar 29 11:20:06 2005 Subject: [SC-Help] EXPERTS ONLY on www.wwwatches.info Message-ID: The website www.wwwatches.info is getting the parser the incorrect ip (?) Since this is an EXPERTS ONLY question, I need clarification. The report I would like to send is not going to the proper party, or is it? www.wwwatches.info resolves differently for different viewpoints: 1. 66.98.145.18 reporting via spamcop.net, which causes the EXPERTS ONLY appeals to ev1.net option. openrbl.org lookup www.wwwatches.info http://centralops.net/co/DomainDossier.aspx lookup www.wwwatches.info ip-url lookup tool (direct DNS querry of bellsouth server) dnsstuff.com cached dns lookups A records, at ISPs, if any. 2. 64.40.101.63 http://web-sniffer.net -> www.wwwatches.info, get header request 1.0 HTTP Status Code: HTTP/1.1 302 Moved Temporarily to www.wwwatches.info/wwwatches/ www.wwwatches.info/wwwatches/ ==> 64.40.101.63 Logging packets from my direct connection to www.wwwatches.info: Datagram Protocol) Header checksum: 0x5ee7 (Correct) Source: [munged] Destination: [munged] User Datagram Protocol Source port: 53 Destination port: 1061 Length: 8 Checksum: 0xe94a (Correct) Domain Name System (Answer) Flags: 32897 Questions: 1 Answer RRs: 2 Querys: www.watchwatches.info Answers: www.watchwatches.info has IP Address: 64.40.101.63 www.watchwatches.info has IP Address: 0.0.0.0 Blocking 64.40.101.63 at the local level results in a sucessful block. Blocking 66.98.145.18 alone does NOT prevent this site from loading. So, which ip should be attributed to www.wwwatches.info; or, which url is the correct one, www.wwwatches.info/wwwatches/ ??? It seems like the www.wwwatches.info by itself is at ev1.net, but the other goes to a different ip (?) Entering www.wwwatches.info into a browser will add the extra /wwwatches/ extension. Is this what's called site redirection? This is obviously a question for the routing experts, as I do not have that level of experience to determine this. TIA, -- Tim P Very content SpamCop Subscriber since 4/2002 From nobody at devnull.spamcop.net Tue Mar 29 12:17:22 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Mar 29 12:20:04 2005 Subject: [SC-Help] Re: What can/should I do if I mistakenly report a message as spam? References: Message-ID: ... > realized it and deselected the check-box for that message, it was too > late. Is there any way I can retract that report? > > Donna Hanlon Nope, pretty sure there isn't. Once you hit Submit, it's on its way down the barrel of the weapon. One report probably won't make any difference to anything, but if you want to stay in good standing, it might be good to offer an apology and promise to be more careful in the future. I think we've all done that a time or three. Pop From y33sw5g02 at sneakemail.com Tue Mar 29 16:43:40 2005 From: y33sw5g02 at sneakemail.com (ScrapeThis) Date: Tue Mar 29 16:45:48 2005 Subject: [SC-Help] Re: What can/should I do if I mistakenly report a message as spam? References: Message-ID: "Donna" wrote in message news:d2brlo$38v$1@news.spamcop.net... > Hi all, > > Usually, I'm pretty careful before reporting messages as spam, checking > both the user and subject to make sure it's really spam. This morning, > though, I was a bit trigger happy, and I reported a message from Amazon > Marketplace as spam. It was a survey asking for feedback on the seller, > and since I use the ratings, this is a valid message. But by the time I > realized it and deselected the check-box for that message, it was too > late. Is there any way I can retract that report? > > Donna Hanlon > donna.hanlon@spamcop.net > Donna, You should start by emailing the SpamCop deputies (@spamcop.net) along with the tracking info... then send a follow up email to the provider you sent the complaints too... and explain that this was a false report, include reporting ID and Tracker info... you may also want to email Amazon incase they try and unsubscribe you after this report... Being proactive about this will probably lessen the penalties that the deputies have to take according to the SpamCop TOS... http://www.spamcop.net/fom-serve/cache/125.html (Bottom of Page) Misreporting Spam. Calling something spam when it is not spam is harmful. Erroneous reports cause abuse desks to take SpamCop reports less seriously; they also lead to the unjust and unfair suspension or termination of the reported account. SpamCop's maintainers and deputies must handle erroneously filed reports, which is not an effective use of SpamCop staff resources. Additionally, spam reports feed the SpamCop Blocking List (SCBL). Erroneous reports make the SCBL less accurate and potentially cause thousands of sites to block mistakenly wanted, solicited email. For these reasons, there are penalties for violating the rules that have been set forth here and in the Acceptable Use Policy. Free Reporting Service Users: SpamCop will ban users of the free reporting service who violate these rules. Paying Reporting Service Members: SpamCop may fine, suspend or terminate the accounts of paid members who violate these rules. (Flat rate) Mail Service Subscribers: SpamCop will revoke access to the (free) reporting service for subscribers to the flat rate mail system who break reporting rules. Subscribers may continue to use the mail service (with CESMail) but are not be able to use the reporting system. Users should consult the FAQ or the forum if they have any question about SpamCop policy. If in doubt, users should ask before acting. We do not want to take discliplinary action against our users. Cheers, ScrapeThis From bar_n0ne at hotmail.com Wed Mar 30 19:51:26 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Mar 30 10:55:04 2005 Subject: [SC-Help] Re: EXPERTS ONLY on www.wwwatches.info References: Message-ID: "Tim P." wrote in message news:Xns9628691118E90dwvbo91q4001sneakema@216.154.195.61... > The website www.wwwatches.info is getting the parser the incorrect ip (?) > Since this is an EXPERTS ONLY question, I need clarification. > The report I would like to send is not going to the proper party, or > is it? > > www.wwwatches.info resolves differently for different viewpoints: > > SNIP ALL af them and probably more, finding the IP by the same route a few minutes later will resolve differently again. From anjahnoaoed at fl.net.invalid Thu Mar 31 08:25:34 2005 From: anjahnoaoed at fl.net.invalid (You have no need to know) Date: Wed Mar 30 17:30:12 2005 Subject: [SC-Help] Spamcop treats MX differently depending on where it appears in chain Message-ID: I am seeing problem when my ISP's mail servers don't report the name that Spamcom expects in their received line. If the MX is the first receiver it gets marked as the spam source rather than the original source. (Before someone asks, the ISP has two names and all MXs for one are MXs for the other. I have munged one as ISP.MX and the other as isp-other-name.mx) e.g. Received: from 4dmail.co.uk (p548FF904.dip.t-dialin.net [84.143.249.4]) by OTHERNAME.FOR.ISP.MX (Postfix) with ESMTP id 60BB36E; Tue, 29 Mar 2005 05:56:46 +1000 (EST) Received: from OTHERNAME.FOR.ISP.MX (othername.for.isp.mx [1.2.3.4]) by isp-other-name.mx (Postfix) with ESMTP id 8E0685B588A; Tue, 29 Mar 2005 06:03:20 +1000 (EST) .... 1.2.3.4 is not an MX for othername.for.isp.mx host othername.for.isp.mx (checking ip) ip not found ; othername.for.isp.mx discarded as fake. cannot find an mx for othername.for.isp.mx cannot find an mx for isp.mx .... host OTHERNAME.FOR.ISP.MX (checking ip) ip not found ; OTHERNAME.FOR.ISP.MX discarded as fake. Chain test:OTHERNAME.FOR.ISP.MX =? 1.2.3.4 1.2.3.4 is not an MX for OTHERNAME.FOR.ISP.MX host OTHERNAME.FOR.ISP.MX (checking ip) ip not found ; OTHERNAME.FOR.ISP.MX discarded as fake. cannot find an mx for OTHERNAME.FOR.ISP.MX cannot find an mx for isp.mx Chain test failed .... 1.2.3.4 not listed in dnsbl.sorbs.net If the MX is NOT the first receiver it gets accepted as a relay after its address is matched to one of the addresses in the MX records. e.g. Received: from smarthost3.tiscali.dk (smarthost3.tiscali.dk [62.79.79.29]) by OTHERNAME.FOR.ISP.MX (Postfix) with ESMTP id 9B56E1E for ; Wed, 30 Mar 2005 10:15:40 +1000 (EST) Received: from cpmail.dk.tiscali.com (mail.tiscali.dk [212.54.64.159]) by smarthost3.tiscali.dk (8.13.1/8.13.1) with ESMTP id j2U0Bpuw026791; Wed, 30 Mar 2005 02:12:05 +0200 (CEST) Received: from smarthost3.tiscali.dk (smarthost3.tiscali.dk [62.79.79.29]) by OTHERNAME.FOR.ISP.MX (Postfix) with ESMTP id 9B56E1E for ; Wed, 30 Mar 2005 10:15:40 +1000 (EST) .... 1.2.3.4 not listed in dnsbl.sorbs.net Chain test:OTHERNAME.FOR.ISP.MX =? othername.for.isp.mx host othername.for.isp.mx (checking ip) = 1.2.3.4 1.2.3.4 is an MX for isp.mx 1.2.3.4 is mx OTHERNAME.FOR.ISP.MX and othername.for.isp.mx have close IP addresses - chain verified -- Avoid reality at all costs. $email =~ s/n(.)a(.)n(.)a(.)e(.+)invalid/$1$2$3$4$5au/; icbm: 33.43.46S 150.59.27E From MikeE at ster.invalid Wed Mar 30 14:44:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 30 17:45:16 2005 Subject: [SC-Help] Re: Spamcop treats MX differently depending on where it appears in chain References: Message-ID: You have no need to know wrote: > I am seeing problem when my ISP's mail servers don't report the name > that > Spamcom expects in their received line. SC has an algorithm by which it chains from upper 'from' field IP to the preceding lower 'by' field hostname and 'considers' the chaining for integrity based on a combination of what I call 'mx-ness' and SC's familiarity with the apparent relay, eg if it has been previously sent to relay testers. This also requires correlation between the rDNS of the IP compared to the hostname. If too many things don't fit, non-mx, unfamiliarity, poor rDNS relationship -- then SC can't make what I call the 'mx step' and it is forced to break the chain instead of chaining from the upperline to the lower line toward the sourceline. That leads to the server being named as source instead of the source from which the server received the item. There are alternate solutions to that problem. Sometimes the problem can resolve as familiarity develops. Sometimes the problem can be resolved if the rDNS works properly. The most reliable solution is to engage the mailhosts option. It is necessary that the mailhost setup involve any 'variations' from each other. The idea is to provide SC with a template of your mailhost's [stupid] inconsistency. -- Mike Easter kibitzer, not SC admin