From porpoise1954 at yahoo.co.uk Mon Aug 1 00:39:09 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jul 31 18:45:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dcjj79$e6r$1@news.spamcop.net... > jdd wrote: > Agent (Toulouse) : Jean-Daniel Dodin > http://valerie.dodin.net/2004/img_1024.jpg > > Ooh la la :-) > Ooh la la????? Am I missing something?? From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 02:48:35 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sun Jul 31 19:50:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > yep it is what cablevision uses for shreveport What is what cablevision uses for shreveport? You've bottom-quoted several dozens of lines to add a single-line answer. That's several dozens multiplied by 100% overhead, multiplied by the number of receivers. Add to that the fact that your answer isn't clear that way. All of us read many messages here, are we supposed to read the whole bottom-quote again for the off chance we might then be able to understand your answer? Proper quoting style: - Trim the quote. Don't join spammers in wasting resources that are not your own. - Reply beneath the quote. Show the question followed by the answer, because people understand it that way. Joris From nobody at devnull.spamcop.net Mon Aug 1 12:48:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Jul 31 22:50:03 2005 Subject: [SpamCop-List] Re: Ignoring more than 4 user-notify addresses - STUPID! In-Reply-To: References: Message-ID: Johannes Froemter wrote: > Why Spamcop cancel mails to user-notify addresses completely if there > are more than 4 addresses instead of ignoring the addresses exceeding > the limit? > > Extra stupid: if you add for example abuse@pub.sd.cninfo.net to the > user-notify addresses filed then it will be replaced by five (!) > addresses and therefore completely ignored. > > >>abuse net pub.sd.cninfo.net = postmaster@pub.sd.cninfo.net, ctsummary@special.abuse.net, postmaster@sd.cninfo.net, support@pub.sd.cninfo.net, security@pub.sd.cninfo.net >> >>Ignoring more than 4 user-notify addresses Agreed. I think it is a bug, it should send the 1st four, and ignore the rest. This has been reported a long time ago, but nothing came of it. From nobody at devnull.spamcop.net Mon Aug 1 13:05:02 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Jul 31 23:10:02 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Joris Van Damme wrote: >>There's nothing about spamcop reporting which is prone to motivate >>tekcom or dtag to do anything. A SC report is toothless for >>spamvertisers. > > > Still, I can understand J.G.'s reasoning. I've come to the same conclusion: > nearly all spam comes from just a handfull of people. And nobody's stopping > them. ... Not quite true; haven't you seen last week's news article http://mosnews.com/news/2005/07/25/spammerdead.shtml ? From devnull at spamcop.net Mon Aug 1 00:23:38 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Jul 31 23:30:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: "wayne" | > Picking up on a post from Mike Easter in a previous thread... | > | > > We are all very glad that SC now allows such reportage, which it once | > > didn't; and SC's decision to allow such reports is having a very | > > beneficial effect on all of those various misconfigurations. | > | > Mike, I hope you don't mind my saying so... but I am someon who is | > /not/ glad that SC now classes backscatter as spam! | | Well, put me down as someone who is very glad that SC *IS* allowing | backscatter and email worms/viruses to be reported. They are | unsolicited because I didn't consent to have my email address forged. | They are bulk because the content of these bounces and virus | notifications are substantially the same. And, of course, they are | email. As a result, they are UBE and therefore spam as far as I'm | concerned. Hear hear, my email addy my rules. From jdd at dodin.org Mon Aug 1 08:34:06 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:35:07 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Mike Easter wrote: > jdd wrote: > Agent (Toulouse) : Jean-Daniel Dodin > http://valerie.dodin.net/2004/img_1024.jpg > > Ooh la la :-) > > nice, isn't it :-) jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:35:29 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:40:03 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Mike Easter wrote: > I interpreted jdd to be Jean-Daniel Dodin, right father, of Valerie Dodin. that is :-) two daughters singers ! jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:47:02 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:50:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Peter Pearson wrote: > Hoping this helps - - - > yes, really, such explanation is somehow more comprehensive than faq ones. in fact I though there was an other step (seems I was mistaking). I was thinking of some kind of spamassassin spam tag (CRC... or such) that could make spassassin (and other products) more effective. I'm not found of RBL blocking, having already had problem with it. My local LUG uses it for it's mailing list, but was obliged to discard RBL for the major french FAI because there where frequently blacklisted ans don't care of. I have two concerns, in two different thing * I build a imap server with squirrelmail and try to make spamassassin better. Squirrel sent me to spamcop. * I'm semi-retired with a few time free (but no money :-() and I try to help free software. spamcop may not be completely free, it's a very nice thing. I'm not a programmer, but teacher and writer and try to help this way jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:50:24 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:55:02 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Patto wrote: > Not quite true; haven't you seen last week's news article > http://mosnews.com/news/2005/07/25/spammerdead.shtml ? this is fairly rude :-( jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From nobody at devnull.spamcop.net Mon Aug 1 16:49:50 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Aug 1 02:50:03 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: jdd wrote: > Patto wrote: > >>Not quite true; haven't you seen last week's news article >>http://mosnews.com/news/2005/07/25/spammerdead.shtml ? > > > this is fairly rude :-( > jdd Sorry if I offended you. While I generally do not condone violence, I cannot really say that I mourn the death of a notorious spammer. I don't think many people in this newsgroup do. From rcarlton at spamcop.net Mon Aug 1 01:51:20 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Mon Aug 1 03:50:04 2005 Subject: [SpamCop-List] 66.240.235.0/24 Reports Going to Spammer Message-ID: Report: http://www.spamcop.net/sc?id=z791889829zae64abf2b46122159f3796935308e413z This should probably go to abuse@cari.net - for all the good it will do. Spamcop can't resolve the spamvertized link - jsok3klf6y.miraneais.com - but it points to web2.radarinternet.com - on 66.240.235.8. Spamcop wants to report the originating IP - 66.240.235.88 - to hostmaster@radarinternet.com. Senderbase shows it quite busy - up 531% in the last day and 1444% in the last month. But - the spamvertized domain - miraneais.com - is also registered to Radar Internet. The contact number is in or near Jacksonville, FL, not Livonia MI. Radar Internet is not registered with the state of Michigan nor the state of Florida. It redirects to cashanyday.com on 206.15.66.65 - listed as SBL27180, Brian Haberstroh & Atriks. On top of that - this block is allocated to Realdata Hosting - aka Venture Provider. Same contact, etc - as seen in http://www.spamhaus.org/sbl/sbl.lasso?query=SBL23962 - with the exception this this class C is not listed here or there. Could we change that maybe? whois -h whois.directi.com miraneais.com ... Registration Service Provided By: BESTSOLUTIONS Contact: +011.2527489 Domain Name: MIRANEAIS.COM Registrant: Radar Internet Solutions DNS Hostmaster (hostmaster@radarinternet.com) 33006 Seven Mile Rd. #211 Livonia MI,48152 US Tel. +1.9042077022 Creation Date: 15-Jul-2005 Expiration Date: 15-Jul-2006 Domain servers in listed order: ns1.radarinternet.com ns2.radarinternet.com Administrative, Billing, Technical Contact: Radar Internet Solutions DNS Hostmaster (hostmaster@radarinternet.com) 33006 Seven Mile Rd. #211 Livonia MI,48152 US Tel. +1.9042077022 All listed domians point back to the exact same registration information. And every single one redirects to cashanyday.com IP Address Resolved Name *************************************************************** 66.240.235.1 sndgo-ca-brd-235.radarinternet.com 66.240.235.2 www.radarinternet.com 66.240.235.3 ns1.radarinternet.com 66.240.235.4 ns2.radarinternet.com 66.240.235.5 mail1.radarinternet.com 66.240.235.6 mail2.radarinternet.com 66.240.235.7 web1.radarinternet.com 66.240.235.8 web2.radarinternet.com 66.240.235.9 web3.radarinternet.com 66.240.235.10 gnzq4z.paratcheths.com 66.240.235.11 ex52wj.mirenilaus.com 66.240.235.12 q1ndmr.segaciachen.com 66.240.235.13 e07p9h.gathranduts.com 66.240.235.14 alx2dl.embippucund.com 66.240.235.15 ea0w0m.anohihiis.com 66.240.235.16 fem54e.pitaileme.com 66.240.235.17 zvdzac.fuaperude.com 66.240.235.18 cltlni.ightisong.com 66.240.235.19 q02npi.siellotege.com 66.240.235.20 ktd4ea.preshiste.com 66.240.235.21 z2xkux.mactaolom.com 66.240.235.22 rawixw.pibliotge.com 66.240.235.23 amm6fj.codgeong.com 66.240.235.24 j6rrtw.cincumea.com 66.240.235.25 iz5hsp.bolencrigs.com 66.240.235.26 c185ab.holurines.com 66.240.235.27 k0oufn.golinust.com 66.240.235.28 mj9mxo.muaterceos.com 66.240.235.29 si69mc.alsempern.com 66.240.235.30 k0ccjn.senopoplos.com 66.240.235.31 ddwmvw.ponergeneel.com 66.240.235.32 yyymmn.flatskal.com 66.240.235.33 yq2f2g.ackaciyros.com 66.240.235.34 k085zq.dimmefal.com 66.240.235.35 t73hnl.tegochpams.com 66.240.235.36 vqewej.bitetaig.com 66.240.235.37 nst0ut.suthines.com 66.240.235.38 kqmovu.gectossic.com 66.240.235.39 nhbf2j.roscasuses.com 66.240.235.40 xb18dl.dahemmis.com 66.240.235.41 ca5h7c.cricroresms.com 66.240.235.42 kykjhu.velolids.com 66.240.235.43 w8yi3p.wranalenaon.com 66.240.235.44 o21jif.ulloramirec.com 66.240.235.45 qav0pc.tephapifre.com 66.240.235.46 kfexnb.ursarmels.com 66.240.235.47 s0jsng.mimpenchas.com 66.240.235.48 qtfy0k.coblihias.com 66.240.235.49 rz58wx.ubicosuas.com 66.240.235.50 kr518x.sitoanallah.com 66.240.235.51 pwcxlp.severahad.com 66.240.235.52 kcw3wh.tistovatul.com 66.240.235.53 py66kz.ahuraner.com 66.240.235.54 jvk1oc.cuipplons.com 66.240.235.55 mkq50n.toantners.com 66.240.235.56 jr03pm.vobacipig.com 66.240.235.57 sz38yw.cickorus.com 66.240.235.58 wj2zjv.consumblar.com 66.240.235.59 tmgimm.anisascy.com 66.240.235.60 r8wyco.pametrerues.com 66.240.235.61 eft9ep.focurbis.com 66.240.235.62 shfj9z.slickast.com 66.240.235.63 a4qunf.saksooler.com 66.240.235.64 lz09eq.aciggalmut.com 66.240.235.65 yav95r.pisaeldinir.com 66.240.235.66 og84do.shessniish.com 66.240.235.67 btljhj.otaddlonges.com 66.240.235.68 b4apha.abcagnies.com 66.240.235.69 np056w.estopisirse.com 66.240.235.70 pytjks.eblovoug.com 66.240.235.71 x3p4bx.ulugones.com 66.240.235.72 r110vr.nirtuvatos.com 66.240.235.73 gw0g5o.braenafy.com 66.240.235.74 xlra4u.ynspitis.com 66.240.235.75 audujd.faxcinste.com 66.240.235.76 e0jl6a.mastetrets.com 66.240.235.77 dv88yk.fegrarmuss.com 66.240.235.78 nr2upb.titbecks.com 66.240.235.79 yt6pzb.plushens.com 66.240.235.80 l65r0m.dimucallaum.com 66.240.235.81 xf6l2n.lycoleliwi.com 66.240.235.82 pcnb3h.tentonang.com 66.240.235.83 kvd8dt.fullacods.com 66.240.235.84 wdcpzb.sedibumahis.com 66.240.235.85 kt2dsj.mertenatid.com 66.240.235.86 nc6yon.swaynepolis.com 66.240.235.87 mogj9r.dothasmeas.com 66.240.235.88 nt2s9o.miraneais.com 66.240.235.89 qpkahd.fasinine.com 66.240.235.90 iw8ghw.cleocuns.com 66.240.235.91 du8f1p.gleflamas.com 66.240.235.92 ovowon.saonimets.com 66.240.235.93 z1nr1e.utcoliod.com 66.240.235.94 cmhjvs.potalilduch.com 66.240.235.95 dfyhbp.contincyte.com 66.240.235.96 elewwx.seperene.com 66.240.235.97 b3m16c.siespens.com 66.240.235.98 z4858e.satchiig.com 66.240.235.99 fbmgnw.dictecleth.com 66.240.235.100 o8pv3k.dotcromangs.com 66.240.235.101 q4nppq.caghtelast.com 66.240.235.102 vpgo7o.costilita.com 66.240.235.103 b844cj.chustehs.com 66.240.235.104 rz7yco.cinglacan.com 66.240.235.105 cweypi.sehardyreos.com 66.240.235.106 ytvhag.hagrelid.com 66.240.235.107 t251ek.cetirong.com 66.240.235.108 zj32dx.benthibi.com 66.240.235.109 ul17bu.talleluit.com 66.240.235.110 ukfykb.horbitres.com 66.240.235.111 ybspii.paliisecs.com 66.240.235.112 fu0xou.mintasatie.com 66.240.235.113 owjxvr.bactrists.com 66.240.235.114 j2r83r.tipiigme.com 66.240.235.115 tsf7or.cantyring.com 66.240.235.116 xia8am.fesinswet.com 66.240.235.117 mr7b7f.tirazeramig.com 66.240.235.118 e42g4p.brenflar.com 66.240.235.119 es92xp.coffsaos.com 66.240.235.120 evz3bj.gandasuhers.com 66.240.235.121 oux8lz.rotriomiss.com 66.240.235.122 zmvuac.rirdwechals.com 66.240.235.123 zrx77w.memurilphis.com 66.240.235.124 ii42ot.ictamiemode.com 66.240.235.125 yvskrl.flonaged.com 66.240.235.126 opap5s.fotewlopen.com 66.240.235.127 p70a0b.thoreepty.com 66.240.235.128 oqd2hd.stedlods.com 66.240.235.129 tptscc.secksongos.com 66.240.235.130 ntuook.tinticke.com 66.240.235.131 fmw5ah.sheriterts.com 66.240.235.132 p7xshq.parthosmoto.com 66.240.235.133 o8ufkc.weppigee.com 66.240.235.134 cl60ao.tatollol.com 66.240.235.135 g2gpdy.piulacovyct.com 66.240.235.136 dbcpci.gocyruzewus.com 66.240.235.137 an1r0t.dirlolesh.com 66.240.235.138 nwq00k.ollagamim.com 66.240.235.139 qwsj8v.canspangs.com 66.240.235.140 ta2iln.phillahy.com 66.240.235.141 ystd7l.tahtenite.com 66.240.235.142 tlsx9b.dathixerbis.com 66.240.235.143 l1zx4w.wescenaead.com 66.240.235.144 i9546p.sigtheta.com 66.240.235.145 ggcwiz.aeclasms.com 66.240.235.146 go92oz.chronozert.com 66.240.235.147 j9pz1u.donanlid.com 66.240.235.148 ed9mrp.podelossom.com 66.240.235.149 ezg32u.tacyphery.com 66.240.235.150 hxhyva.seciserds.com 66.240.235.151 m79iva.byllaestass.com 66.240.235.152 p2qmgq.sitrintime.com 66.240.235.153 brq3dt.bentiqatile.com 66.240.235.154 g11zcd.pescroang.com 66.240.235.155 h7b7my.pyontriws.com 66.240.235.156 z3f83b.moniompas.com 66.240.235.157 sy7khg.ruwdilose.com 66.240.235.158 dqep1m.fropharm.com 66.240.235.159 z61m4u.bumetemmys.com 66.240.235.160 tprppq.yxturmaimas.com 66.240.235.161 uxap6n.blengemaht.com 66.240.235.162 pofxpo.virsonag.com 66.240.235.163 ffj0pz.leedisnel.com 66.240.235.164 xalj5x.belfeaed.com 66.240.235.165 kux6rd.pucawenady.com 66.240.235.166 lt0a8e.pospottarm.com 66.240.235.167 eat02a.cuncettend.com 66.240.235.168 gc06ku.ugaltinsos.com 66.240.235.169 tbejgp.happehight.com 66.240.235.170 t4c2mb.paagonad.com 66.240.235.171 pj4t5a.curistung.com 66.240.235.172 sarv5e.phengosig.com 66.240.235.173 lwpzxa.sentigablek.com 66.240.235.174 n65m1l.pelutaras.com 66.240.235.175 nitkft.prenfleus.com 66.240.235.176 ad947p.nenemusis.com 66.240.235.177 mtrgxy.binunditums.com 66.240.235.178 ccm8wa.treunulet.com 66.240.235.179 kqw0em.phatrihe.com 66.240.235.180 dno80l.caggilestut.com 66.240.235.181 mj0v2u.linedere.com 66.240.235.182 sf76lu.thenidad.com 66.240.235.183 iqwaok.repesmiky.com 66.240.235.184 s6qjer.piressyrs.com 66.240.235.185 hu6dcf.busehusees.com 66.240.235.186 g2i4er.siphevecun.com 66.240.235.187 a1xoew.mihavught.com 66.240.235.188 gf0v7r.ridynalasas.com 66.240.235.189 yna7jc.mapepigeos.com 66.240.235.190 t2yzbu.tistrems.com 66.240.235.191 w9un8j.asmoolirid.com 66.240.235.192 l22eyq.efrigrulem.com 66.240.235.193 rber0l.tenapeongs.com 66.240.235.194 rcdi2e.cherrhang.com 66.240.235.195 r7d9hw.beockaos.com 66.240.235.196 w1d1yt.danisting.com 66.240.235.197 i3opnb.moagligs.com 66.240.235.198 zrlylk.dusaivery.com 66.240.235.199 qdmdnk.seculisang.com 66.240.235.200 mt5r9x.mismanysina.com 66.240.235.201 pjsl9c.pedederots.com 66.240.235.202 pvx5ed.tillosenars.com 66.240.235.203 pzk46b.vabizeid.com 66.240.235.204 pmjbts.semiflest.com 66.240.235.205 a0y9yp.totorast.com 66.240.235.206 dm40ys.cirliterby.com 66.240.235.207 ni1edq.roibblolds.com 66.240.235.208 nw0h9r.dasoedwong.com 66.240.235.209 cm5jep.echmeunsed.com From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 11:59:09 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 05:00:49 2005 Subject: [SpamCop-List] Re: rsg References: Message-ID: "jdd" wrote in message news:dckd70$sgg$2@news.spamcop.net... > Patto wrote: > > > Not quite true; haven't you seen last week's news article > > http://mosnews.com/news/2005/07/25/spammerdead.shtml ? > > this is fairly rude :-( > jdd No, it's not. It's an excellent illustration of the kind of man these people are. If someone has so little conciense and good sense as to waste half the planet's e-mail resources on fake drug scemes and abuse of people's weaknesses, then chances are his into all kinds of crime, and chances are crime catches up with him. World is a better place now, as far as I'm concerned. Joris From nobody at devnull.spamcop.net Mon Aug 1 05:55:14 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Aug 1 05:50:16 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcijj2$sf2$1@news.spamcop.net... > > Well, somebody has to report it at some point or nobody would know > > what to reject. And, I think, technically the spam that is > > rejected has been filtered, but the action was rejection, not a > > particular folder. > > No, it's a rejection based on the IP or domain there is no filtering. Or, > the IP is blocked at the router so they can't even connect. A long time ago, I had a discussion on nanae that was going nowhere until I realized that 'filter' to them meant /any/ action that decided what to do with emails including rejection. Like you, I considered filtering to be something that was done after acceptance. Possibly the usage has changed - like the term 'bounce' - because what happens at the server and after acceptance has so completely different outcomes. However, to be technical, one is 'filtering' incoming email if there is any decision that is made about it. Miss Betsy From nobody at devnull.spamcop.net Mon Aug 1 06:05:41 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Aug 1 06:00:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: "Mike Easter" wrote in message news:dcingi$umg$1@news.spamcop.net... > Peter Gradwell wrote: > > > Presumably, it is acceptable to scan the mail during the SMTP session > > and to generate an smtp rejection along the lines of: > > > > 550 "Mail Rejected. Click http://www.gradwell.com/cr/1234 to > > whitelist" > > > > Which could then add you to my whitelist and deliver the email to me. > > Rejecting with a link would be just fine, ie it is not abusive > whatsoever, as opposed to the challenges. It might not 'work' as > expected for some automated or nonhuman senders, such as a typical > mailing list. The mailing list demon would probably interpret the > result as a regular bounce, the same as 'no such user' or even 'mailbox > full'. But that wouldn't matter since, presumably, he signed up for the mailing list and has it on his whitelist already. And mailing lists don't change without warning subscribers because so many people do have whitelists. Miss Betsy From nobody at nowhere.invalid Mon Aug 1 13:46:01 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Aug 1 06:50:02 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: On Mon, 1 Aug 2005 05:05:41 -0500, Miss Betsy coughed into spamcop and left this in : > But that wouldn't matter since, presumably, he signed up for the > mailing list and has it on his whitelist already. And mailing > lists don't change without warning subscribers because so many > people do have whitelists. You'd be surprised how many people *do* challenge mailing list traffic (ever posted anything to bugtraq, which is supposed to be populated by clued up people?). Their crapware is malconfigured for 2 reasons: 1) It sends the challenge to the address in the From: header, not to the SMTP FROM: address, which is reproduced in the Return-Path: header. 2) It sends challenges to stuff which is easily identifiable as list traffic through the RFC2369 headers. -- Steve BASIC: A programming language. Related to certain social diseases in that those who have it will not admit it in polite company. From nobody at xyzzy.claranet.de Mon Aug 1 13:47:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Aug 1 06:55:03 2005 Subject: [SpamCop-List] Re: Backscatter References: <42E62BCE.5AF9@xyzzy.claranet.de> <42E69488.1FF1@xyzzy.claranet.de> <42E75A5F.3D49@xyzzy.claranet.de> Message-ID: <42EDFDA5.6EC6@xyzzy.claranet.de> McWebber wrote: > LDAP is not an accounting database. Many systems, > with multiple MX use it. Another system I've heard of is a kind of relay test: Like "call-back-verification", only forward to the RCPT TO at the next hop instead of backwards to the MAIL FROM. It has some obvious timing issues, the sender won't wait forever for an "okay" or "error" after the RCPT TO. Probably LDAP has similar problems. It defeats the idea of a backup MX, it should take over when the main site incl. primary MXs and LDAP is unavailable. >> But the default for all identified worm should be >> "don't bounce". Dito for spam. > Unfortunately, it's not. Which is why a lot of > backscatter is getting reported. From SC's POV the only problem with these reports is that they are almost identical to any "unavoidable" backscatter. SC is only a script, it's smart enough to get "bounce" vs. "spam" right, but then it cannot identify "avoidable" vs. "unavoidable". > Please cite the law. Google says it's (de) "206 StGB Postunterdr?ckung": > Is it then illegal in your country to have a catchall > address? Now I have a catchall address. That's why I'm interested in this thread and SPF. One spammer decided that this is also a good time to forge my addresses sgain, I got about 160 backscatter mails today (the first major attack after about 10 months). Reporting this crap with SC is now very simple. I have a FAIL sender policy, so it is 100% "avoidable" as soon as the forged MAIL FROM appears in the SMTP dialogue. > You would then receive the misdirected email and do with > it as you please, including deleting it. Yes, I know all the fun with catchall addresses, especially Message-IDs. All reported via SC and deleted, no problem if I do it. My mail provider would have a problem if he accepts and deletes mail for me without telling me. It's not different for catchall addresses. > Not "bouncing" to the forged sender causes no abuse to > any innocent party. First you have to _know_ that it's forged. Or at least to guess, e.g. worm => default forged => delete. And it's not always possible to get this right without a sender policy. E,g. if something in your setup decides "over quota", and therefore you never check what it is (a worm), then you're not in the position to decide "forged". The only place to catch all forgeries is at the first MX, if the forged sender publishes a FAIL sender policy, and the first MX checks it. Otherwise, if you hope to get it right later, you depend on spam detection heuristics and less reliable tricks, and that might file => bounce. That's also what SC says in its FAQ about "misdirected" bounces. SC only forgot to enforce that senders really must have a FAIL sender policy or a similar DKIM policy before they can report all bounces. There's no incentive for senders to protect themselves, they can just report all bounces as spam without doing anything on their side. That will backfire, it's wrong. [bounce example] >> avoidable. Some outblaze mailer. > Outblaze? goodname.net has nothing to do with Outblaze. Yes, today it doen't mumble something about "outblaze" in its greeting, probably I screwed up, s/net/com/ (?) Tested again: using MAIL.MOSTBOX.COM for goodname.net 20050801 12:42:39 TCP connection with MAIL.MOSTBOX.COM:25 42:39.91 220 mail.mostbox.com ESMTP 42:39.91 ehlo xyzzy.dnsalias.org 42:40.38 250-mail.mostbox.com 42:40.38 250-PIPELINING 42:40.38 250 8BITMIME 42:40.38 mail from: 42:40.82 250 ok 42:40.82 rcpt to: 42:41.28 250 ok 42:41.28 quit 42:41.72 221 mail.mostbox.com Avoidable, assuming that gggjhggg@ doesn't exist. Bye From nobody at nowhere.invalid Mon Aug 1 13:54:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Aug 1 06:55:07 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: On Mon, 1 Aug 2005 01:48:35 +0200, Joris Van Damme coughed into spamcop and left this in : > What is what cablevision uses for shreveport? > > You've bottom-quoted several dozens of lines ...below the signature separator, meaning that some people won't see what was quoted. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From nobody at xyzzy.claranet.de Mon Aug 1 14:38:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Aug 1 07:40:03 2005 Subject: [SpamCop-List] Re: Backscatter References: <42E62BCE.5AF9@xyzzy.claranet.de> <42E73ED9.76FF@xyzzy.claranet.de> Message-ID: <42EE09AA.1C8B@xyzzy.claranet.de> Blammo wrote: > blackmailing others into suporting one's (SPF) own buggy > software is unreasonable Just reported in another article, today I got my first load of spam backscatter since about 10 months, reported manually with a very polite note: "Erroneous spam bounce / challenge / forward - please use a filter and/or SPF" I really don't care _how_ they avoid it, it's only important that they always _could_ do it using my published SPF policy. It's an open standard, they can write their own software if they don't like the available implementations. > Without going into details, which you probably know anyway, > it is not anti-spam nor real sender verification It's anti-forgery. Not one of the 160 bounces I got today was necessary, they'd all result in FAIL and reject if tested at the first MX on the side of the victims. Also unnecessary: all spams that made it to their victims with my MAIL FROM in this spam run. Also unnecessary: all other spams with unprotected addresses from the same zombies. As soon as SPF checks throw some FAIL results the receiver should know what he has to expect from the sending IP in the next hours. The latter might be faster than the SCBL, you can reject the zombie immediately, even before it's reported / blacklisted. And of course there are systems doing this already, using SpamAssassin 3 or similar toools, and on those systems not one spam with my forged MAIL FROM reached its victim. >From those systems it was also not bounced to me, it was simply rejected. So that is a typical win-win scenario for all participants. > very user unfriendly. Depends on how tricky the sender policy wants to be. I'm no fan of the more complex "features", for xyzzy.claranet.de it is plain simple (two queries): xyzzy.claranet.de text = "v=spf1 redirect=claranet.de" claranet.de text = "v=spf1 ip4:212.82.225.0/24 ip4:195.170.96.0/24 -all" So if you get MAIL FROM: and the IP is not one of the 2 * 256 listed IPs, please reject this as forgery. Obvious without digging deep in the spec. > However, when used after spam and virus detection, such > as with Spamassassin, it is a useful tool. The best order depends on the average costs. If you do it after spam / worm detection you already have the mail DATA. It's better to do it between MAIL FROM and DATA - no reason why you should waste your MTA's time receiving this crap if you could know that it's forged before the DATA. Of course you can also check it later together with other tests. Actually you can mix both approaches, if it's a FAIL policy do it a.s.a.p., if it's a policy without FAIL chance do it later (combined with scoring maybe) or maybe never (?) The most expensive steps are the DNS queries. Bye, Frank From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 16:03:56 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 09:05:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > > You've bottom-quoted several dozens of lines > > ...below the signature separator, meaning that some people won't see > what was quoted. Thanks for the clarification, I wasn't aware. It would be a shame if these people missed your signature, though... It's a nice one. ;-) Joris From glnews030922 at highspot.net Mon Aug 1 15:13:42 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Aug 1 09:15:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: jdd wrote: > however I build a new mail server and needs to reach it from web mail > (squirrelmali), and so install spamssassin and didn't know how to make > sa learn what is spam like mozilla do. Short answer: man sa-learn :-p Longer answer: My mail is held in mbox format, if you're using maildir, then miss out the --mbox part. If you're using mbx, then use --mbx instead. sa-learn --ham --mbox /path/to/ham/mail/folder sa-learn --spam --mbox /path/to/spam/mail/folder sa-learn --sync Best way to deal with it is to set up a cron job to do it for you every day. I have a cron job that learns from 2 spam and 5 ham folders and then does a sync to the Bayes database at 2am every day. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From mcwebber at my-deja.com Mon Aug 1 10:30:50 2005 From: mcwebber at my-deja.com (McWebber) Date: Mon Aug 1 09:35:04 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "Miss Betsy" wrote in message news:dckr5n$3qr$1@news.spamcop.net... > > A long time ago, I had a discussion on nanae that was going nowhere > until I realized that 'filter' to them meant /any/ action that > decided what to do with emails including rejection. Like you, I > considered filtering to be something that was done after > acceptance. Possibly the usage has changed - like the term > 'bounce' - because what happens at the server and after acceptance > has so completely different outcomes. However, to be technical, > one is 'filtering' incoming email if there is any decision that is > made about it. > No decision is made about the email. If the IP or domain is blocked, there is no email to filter. -- McWebber "Richter points to the lack of legal action against his company as proof that he's operating appropriately." Information Week, November 10, 2003 From kjz at despammed.com Mon Aug 1 16:57:52 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Mon Aug 1 10:00:03 2005 Subject: [SpamCop-List] Re: Auna.es In-Reply-To: References: Message-ID: Pete wrote: > Why does spamcop still try to mail abuse@auna.es? When you check the DNS > information for auna.NET, the registrant email address that pops up is > dominios.administracion@auna.es . It seems as though auna.es is actually > auna.net, or am I missing a link here? Does Auna actually react or do they only run an ignorebot so complaints will be useless either? - kjz From jr70 at blackhole.invalid Mon Aug 1 08:54:06 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 10:55:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: Ant wrote: > "McWebber" wrote: > >> There's probably and RFC about top-posting as well. > > RFC 1855. > 3.1.1 General Guidelines for mailing lists and NetNews > "If you are sending a reply to a message or a posting be sure you > summarize the original at the top of the message, or include just > enough text of the original to give a context". > > But I expect you knew that. That's not a very solid defense for bottom posting. "Summarize the original at the top" implies *new* text where the new responder restates (in his own words) the point made by the previous poster. The alternate option "include just enough text of the original" does not state where that quoted text should be positioned. -- John Richards From jr70 at blackhole.invalid Mon Aug 1 09:09:10 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 11:10:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: >> yep it is what cablevision uses for shreveport > > What is what cablevision uses for shreveport? > > You've bottom-quoted several dozens of lines to add a single-line answer. > That's several dozens multiplied by 100% overhead, multiplied by the number > of receivers. Add to that the fact that your answer isn't clear that way. > All of us read many messages here, are we supposed to read the whole > bottom-quote again for the off chance we might then be able to understand > your answer? > > Proper quoting style: > - Trim the quote. Don't join spammers in wasting resources that are not your > own. > - Reply beneath the quote. Show the question followed by the answer, because > people understand it that way. > > > Joris It would have been worse if he had put that one-line reply *after* several screens of quoted text. I understood mikeyhsd's reply immediately without having to reread the quoted text, because I remembered the pertinent section in the prior post from Mike Easter. The issue is not so much whether one top-posts or bottom-posts but whether extraneous quoted material is snipped (for those readers with poor recollection or *not* familiar with prior posts in that thread). -- John Richards From MikeE at ster.invalid Mon Aug 1 09:15:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 11:15:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: John Richards wrote: > That's not a very solid defense for bottom posting. Bottom posting does not equal trimmed contextualization. Trimming = trimming, first concept in the argument and the first step in the process. The preceding message should be trimmed down to /only/ the part which is going to be commented on. Contextual = conversationally sequential commentary on the trimmed result above -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Mon Aug 1 09:17:47 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 11:20:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: jdd wrote: > for example, I'm not sure to understand this: > > SpamCop will send email on your behalf to the appropriate > network administrator. Before using SpamCop... If you think *that* explanation is unclear, you should read the one about Mailhosts... -- John Richards From jdd at dodin.org Mon Aug 1 18:18:13 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 11:20:05 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Joris Van Damme wrote: > are. If someone has so little conciense and good sense as to waste half the > planet's e-mail resources I don't wan to start a troll, but death penalty for spam is not fair (anyway I don't think he was murdered for this). This man didn't kill anybody and if the internet is ready to let anybody use freely helf of it's ressources, it deserve his problem. nobody, even the worst man, is responsible to the weakness of some net responsibles. jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 18:23:58 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 11:25:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Graeme Leith wrote: > Short answer: man sa-learn :-p I've seen this. needs console access and manual moving of spam, but iy's nice. anyway I won't disturb anymore this list with "sa" questions. thanks jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 18:27:42 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 11:35:02 2005 Subject: [SpamCop-List] Re: rsg References: Message-ID: > I don't wan to start a troll Indeed, let's not go into this too deeply. > but death penalty for spam is > not fair (anyway I don't think he was murdered for this). Of course. My personal opinion, I don't want to kill anyone. (That's as far as my personal opinion goes. If I were to take it any further, along the same line - which is not my responsability - then I'd say no reason is good enough to kill anyone, including Bush-Christian values and re-election and stuff. Murder is murder is murder, whether commited by a layman, a judge, or a soldier. Worse still, last two are professionals.) > This man didn't kill anybody and if the internet is ready to > let anybody use freely helf of it's ressources, it deserve > his problem. True, in the sense that it is logically correct. > nobody, even the worst man, is responsible to the weakness > of some net responsibles. Also true. I would like to stress that I never dissagreed with any of this, and never will. However, the point raised is that a man is responsible for his abuse of another man's weakness, which is quite different from being responsible for the weaknesses themselves. Another point raised, is related to the fact that I personally don't mind making jokes over the spammer's death, which is quite different from killing him. I also stated that the world is a better place without the sorts of criminals that likely get themselves killed by fellow sorry asses. That too, is a statement I'm quite willing to repeat and stick by. It's not the same as killing him, or defending death penalty or whatever murdurous activity itself. I don't think we dissagree, really. In any case, I don't dissagree with anything you said here. Joris From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 18:33:03 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 11:35:04 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > It would have been worse if he had put that one-line reply *after* several > screens of quoted text. So? Something A being worse then B being worse then C, does not mean B is the recommend way to go. C is. > The issue is not so much whether one top-posts or bottom-posts > but whether extraneous quoted material is snipped (for those readers > with poor recollection or *not* familiar with prior posts in that thread). I've poor recollection, but good bookmarks: http://web.presby.edu/~nnqadmin/nnq/nquote.html Joris From anon at coks.net Mon Aug 1 09:53:02 2005 From: anon at coks.net (J G) Date: Mon Aug 1 11:55:02 2005 Subject: [SpamCop-List] whats in a name... Message-ID: http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z fartingfritter - gotta love it... From anon at coks.net Mon Aug 1 10:32:45 2005 From: anon at coks.net (J G) Date: Mon Aug 1 12:35:03 2005 Subject: [SpamCop-List] Great reply form, thanks to Andrew @ NANAE... Message-ID: Your idea advocates a (x) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.) ( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (x) Requires immediate total cooperation from everybody at once (x) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (x) Anyone could anonymously destroy anyone else's career or business Specifically, your plan fails to account for ( ) Laws expressly prohibiting it (x) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (x) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money (x) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (x) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam (x) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers (x) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering (x) Outlook and the following philosophical objections may also apply: (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free (x) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough Furthermore, this is what I think about you: (x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down! -- Andrew Oakley andrew/atsymbol/aoakley/stop/com From kenbrody at spamcop.net Mon Aug 1 13:18:29 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Aug 1 12:45:04 2005 Subject: [SpamCop-List] Re: Lying with statistics (was Re: turning spammy servers off) References: <42E775E9.A88EBB45@spamcop.net> <7dgkve46do2d$.dlg@news.spamcop.net> <1ndoxhi65dgbh.dlg@news.spamcop.net> <42EAA1C0.6EA18228@spamcop.net> Message-ID: <42EE4B55.8BC8E01E@spamcop.net> Porpoise wrote: > > "Kenneth Brody" wrote in message > news:42EAA1C0.6EA18228@spamcop.net... > > > > How to lie with statistics... :-) > > > > But, you end up with 2 (a 100% increase) rather than 3 (a 200% increase). > > Therefore, you have a 100% decrease in the amount of zombies. (100% is > > 100% less than 200%.) > > > > That's not actually correct - 100% less of anything is 0 > > If you're talking about the % movement from 3 (which is now the 100% figure) > to 2, then the percentage reduction is 1-2/3*100 = 33.333333' . Whichever > direction you're going in, the *starting* figure is always 100%. Well, I did rename this subject "lying with statistics". :-) 200 bananas is 100 bananas less than 300 bananas, correct? 200 people is 100 people less than 300 people, correct? 200 zorkmids is 100 zorkmids less than 300 zorkmids, correct? Therefore... 200 percent is 100 percent less than 300 percent. Correct? :-) Many years ago, I worked in a retail store, and learned their spin on markup percentage. If you buy something for 1 dollar and sell it for 2 dollars, it is called a "50% markup", despite the 100% increase in the price. Why? Because the markup was 50% of the final price. (That is, you're not saying "we marked up the price by X percent", but rather "our markup was Y percent of the price we sold it at".) Same thing with "X% free!" on boxes of merchandise. If the "normal" size is 100 oz. and they then have 125 oz. boxes for the same price, they'll mark it as "25% free". Actually, only 20% of the 125 oz. is "free". And even then, their normal 125 oz package does not cost 125% the price of the 100 oz. package. So, it's not really "25% free", but rather "15% off the normal 125 oz. package price", but that doesn't sound as good. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Mon Aug 1 13:30:42 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Aug 1 12:45:07 2005 Subject: [SpamCop-List] Re: whats in a name... References: Message-ID: <42EE4E32.47896C36@spamcop.net> J G wrote: > > http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z > > fartingfritter - gotta love it... Following the subject of this thread (though not spamcop-related)... http://www.answers.com/topic/brfxxccxxmnpcccclllmmnprxvclmnckssqlbb11116 -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From PossumTrot at dont.spam.me Mon Aug 1 10:35:03 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:10 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From PossumTrot at dont.spam.me Mon Aug 1 10:35:17 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:12 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From PossumTrot at dont.spam.me Mon Aug 1 10:36:02 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:15 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From anon at coks.net Mon Aug 1 11:27:03 2005 From: anon at coks.net (J G) Date: Mon Aug 1 13:30:03 2005 Subject: [SpamCop-List] Re: whats in a name... In-Reply-To: <42EE4E32.47896C36@spamcop.net> References: <42EE4E32.47896C36@spamcop.net> Message-ID: On 8/1/2005 9:30 AM Kenneth Brody scribbled: > J G wrote: > >>http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z >> >>fartingfritter - gotta love it... > > > Following the subject of this thread (though not spamcop-related)... > > http://www.answers.com/topic/brfxxccxxmnpcccclllmmnprxvclmnckssqlbb11116 > betcha he's running the RSG... From anon at coks.net Mon Aug 1 11:33:17 2005 From: anon at coks.net (J G) Date: Mon Aug 1 13:35:03 2005 Subject: [SpamCop-List] forenjoy Message-ID: http://www.spamcop.net/sc?id=z792098540z00313d1cdc1e9fd46ed0ac8b258a4e76z Does SC go through all those gyrations of deobfuscating and then ignoring because the URL is blackhat, or can it really not figure forenjoy out? Its been around quite a while... From glnews030922 at highspot.net Mon Aug 1 21:21:30 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Aug 1 15:20:04 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: jdd wrote: > Graeme Leith wrote: > >> Short answer: man sa-learn :-p > > > I've seen this. needs console access and manual moving of spam, but iy's > nice. anyway I won't disturb anymore this list with "sa" questions. thanks > jdd If you have console access to the box you're talking about and you want some help getting your system set up to automatically update its Bayes database and move SA identified spam to a special folder as it arrives, then drop me a line off group. The email address I use here is valid. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From click1510 at earthlink.net Mon Aug 1 13:51:13 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Mon Aug 1 15:55:03 2005 Subject: [SpamCop-List] Re: Great reply form, thanks to Andrew @ NANAE... References: Message-ID: "J G" wrote in message news:dclioc$gn5$1@news.spamcop.net... > Your idea advocates a > > (x) technical ( ) legislative ( ) market-based ( ) vigilante Which idea was this referring to? C_O From nobody at spamcop.net Mon Aug 1 13:56:23 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Aug 1 16:00:02 2005 Subject: [SpamCop-List] Reporting USENET spam? Message-ID: Is it appropriate to report Usenet spam via spamcop if there is an IP address? GB -- "That intellectual torpor maybe sufficient to earn a job at some disaster prone part of the world like Chernobyl or NASA, but it won't cut the mustard with me." - Professor Maximillian Arturo From MikeE at ster.invalid Mon Aug 1 14:47:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 16:50:02 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: NerdRevenge wrote: > Is it appropriate to report Usenet spam via spamcop if there is an IP > address? Appropriate is a complicated word, but the short answer before the philosophy is 'yes' -- maybe it will work and maybe it won't. Reporting usenet spam is complicated by the fact that usenet headers are very often unreliable. It is also complicated by the fact that what you might think is 'usenet spam' isn't necessarily usenet spam, because the criteria for acceptably posting something into a newsgroup are very very different than the unacceptability of someone emailing you the same item. It is also typically 'unclear' about whether or not usenet spamming is actually against any given provider's AUP or not. Some providers consider usenet 'misbehaviors' in a very vague way. A surprising number of providers have a usenet policy which is roughtly equivalent to "Be nice." because they don't want to enforces anything about newsgroup misbehavior because it can be defined so variably. An oversimplification is that some newsgroups permit commercial messages - and some providers allow some kind of usenet spamming - and some usenet spamming is permissibly defined by such things as the Breidbart index. You should also read SC's 'bizarre' advice about reporting usenet spam. SC advises you to send an email to the spammer and ask hir to not do that. Very often when you parse a usenet spam with the SC parser it will bail on determining a source because SC requires that a usenet spam header be 'just so' before it will offer to make a report. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Aug 1 14:51:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 16:55:02 2005 Subject: [SpamCop-List] Re: forenjoy References: Message-ID: J G wrote: www.spamcop.net/sc?id=z792098540z00313d1cdc1e9fd46ed0ac8b258a4e76z > > Does SC go through all those gyrations of deobfuscating and then > ignoring because the URL is blackhat, or can it really not figure > forenjoy out? SC can resolve the naked URL Parsing input: http://forenjoy.info/fgh.php host forenjoy.info (checking ip) = 221.4.179.229 but SC's apnic mirror is currently shot ch455-ap = So it has to devnull on that basis. > Its been around quite a while... -- Mike Easter kibitzer, not SC admin From anon at coks.net Mon Aug 1 15:29:58 2005 From: anon at coks.net (J G) Date: Mon Aug 1 17:30:03 2005 Subject: [SpamCop-List] Re: Great reply form, thanks to Andrew @ NANAE... In-Reply-To: References: Message-ID: On 8/1/2005 12:51 PM CO-DBA-SC-EL scribbled: > "J G" wrote in message news:dclioc$gn5$1@news.spamcop.net... > >>Your idea advocates a >> >>(x) technical ( ) legislative ( ) market-based ( ) vigilante > > > Which idea was this referring to? > > C_O > > Sorry, don't know - wasn't following that thread and there was no quote included. I thought it was clever and could be used with the next pipedream suggestion which may be floated around here... From petzl at spamcop.net Tue Aug 2 08:58:50 2005 From: petzl at spamcop.net (petzl) Date: Mon Aug 1 18:00:03 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: "NerdRevenge" wrote in message news:dclunf$ngu$1@news.spamcop.net... > Is it appropriate to report Usenet spam via spamcop if there is an IP > address? > > > GB > Use SpamCop by all means However Newsgroup reporting is not one of SpamCops strengths Most postings are anonymous but usually name the posting machine not the posting host Most do have an address to report abuse to Once you have found the abuse address you are best advertise this in your group such as report this spam to abusewhoever.com (do not use the @ as spammers runprograms to scrape email addresses off the internet The more that report newsgroup spamming the more effect you become Petzl From porpoise1954 at yahoo.co.uk Tue Aug 2 02:06:23 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Aug 1 20:10:04 2005 Subject: [SpamCop-List] Re: Lying with statistics (was Re: turning spammy servers off) References: <42E775E9.A88EBB45@spamcop.net> <7dgkve46do2d$.dlg@news.spamcop.net> <1ndoxhi65dgbh.dlg@news.spamcop.net> <42EAA1C0.6EA18228@spamcop.net> <42EE4B55.8BC8E01E@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:42EE4B55.8BC8E01E@spamcop.net... > Porpoise wrote: >> >> That's not actually correct - 100% less of anything is 0 >> >> If you're talking about the % movement from 3 (which is now the 100% >> figure) >> to 2, then the percentage reduction is 1-2/3*100 = 33.333333' . >> Whichever >> direction you're going in, the *starting* figure is always 100%. > > Well, I did rename this subject "lying with statistics". :-) > > 200 bananas is 100 bananas less than 300 bananas, correct? Correct > > 200 people is 100 people less than 300 people, correct? Correct > > 200 zorkmids is 100 zorkmids less than 300 zorkmids, correct? Correct > > Therefore... > > 200 percent is 100 percent less than 300 percent. > Mmmm....Sort of......... But only if it's applied to something - such as 200% of 50 bananas (100) is 100% of 50 bananas (50) less than 300% of 50 bananas (150). Unless it is "of" something, it is meaningless. In the same way - 50 bananas - 100% of 50 bananas = 0 For example: 1. If I have 10 apples and I decide to give you 100% of them, how many am I left with? 2. If I have 10 apples and I decide to give you 300% of them, how many do I have left? 3. If I have 10 apples and I decide to give you 200% of them, how many am I left with? From nobody at devnull.spamcop.net Mon Aug 1 21:00:52 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Aug 1 21:05:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Peter Pearson" wrote in message news:dcjmls$g7k$1@news.spamcop.net... > > You're right: Spamcop's documentation is confusing and unclear. > From time to time, somebody makes noise about fixing that > problem, but . . . Hmmm, "FAQ sucks, hard to navigate, can't find anything ..." http://forum.spamcop.net/forums/index.php?showtopic=2238 single-page access point created as a possibility / work-horse "Don't know how to ...." http://forum.spamcop.net/forums/index.php?showforum=13 How to Use .... forum section created http://forum.spamcop.net/forums/index.php?showtopic=2385 How I use my SpamCop E-mail Account examples "Crap needs to be on a web-page ...." http://forum.spamcop.net/forums/index.php?act=home web page/portal created . asked for input . got "it's broken in FureFox" .. fixed FireFox issue .. no more input I'd have to suggest that a bit more than "noises" have been attempted. > here we are, still. I don't have a good > overview of all Spamcop's activities, but I think I understand > well the part that I use, so I'll describe that. Would be great fodder for the "How I Use ...." sections .... . From nobody at spamcop.net Mon Aug 1 19:43:34 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Aug 1 21:45:03 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: "petzl" wrote in message news:dcm5uu$rqe$1@news.spamcop.net... > > "NerdRevenge" wrote in message > news:dclunf$ngu$1@news.spamcop.net... >> Is it appropriate to report Usenet spam via spamcop if there is an IP >> address? >> >> >> GB >> > Use SpamCop by all means > However Newsgroup reporting is not one of SpamCops strengths > Most postings are anonymous but usually name the posting machine not the > posting host > Most do have an address to report abuse to > > Once you have found the abuse address you are best advertise this in your > group > such as > report this spam to > abusewhoever.com (do not use the @ as spammers runprograms to scrape > email addresses off the internet > The more that report newsgroup spamming the more effect you become I did report 23 spams today from the same IP adress in the same newsgroup posted within moments of each other. The "Make Millions with PayPal" scam. Result..No IP listed There are also others who love to flood some groups with copyrighted news stories that have nothing to do with the subject group. Resut..No IP listed and flooding continues > > Petzl > From dfm2a3l0t2 at spymac.com Mon Aug 1 23:12:39 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Aug 1 22:15:02 2005 Subject: [SpamCop-List] Re: How was I reporting my own service providers? References: Message-ID: In article , "Mike Easter" wrote: > > I have never seen the provider for either address listed. > > On the face of it, that would seem to negate the assumption above -- or > imply that either you or Don is in error. > > > So how was I reporting my providers? > > I suspect there is a discrepancy of 'something or other' in what we are > hearing here. Some uknown as yet error. > > > I asked Don this in my reply, but he did not respond. > > Yeah, if he had named even one report in which you were in error, your > confidence in being error-free would be altered. I e-mailed Don again about this. Here's his reply: > You probably wouldn't have recognized the connection. > > The parse went after 198.212.10.108 = permemail05.alumniconnections.com, > which is your alumni association's server. > > http://www.spamcop.net/sc?id=z790544389z37e92665f5ae3f07362d378ed6b10eb4z > > You can use that link to review the parse. The "View entire message" link > will show you the message text. > > Submitted: Wednesday, July 27, 2005 18:24:18 -0600: show / trace / munged / > raw > By: dfmanno@alumni.upenn.edu (dfmanno@localnet.com) > She wants a better sex? All you need's here! > > * 1477077100 ( 198.212.10.108 ) To: postmaster@bcharrispub.com > * 1477077096 ( 198.212.10.108 ) To: abuse@mci.com Mystery solved. -- D.F. Manno | dfm2a3l0t2@spymac.com "As democracy is perfected, the office represents, more and more closely, the inner soul of the people. We move toward a lofty ideal. On some great and glorious day the plain folks of the land will reach their heart's desire at last, and the White House will be adorned by a downright moron." - H. L. Mencken, in the Baltimore Sun, July 26, 1920 From MikeE at ster.invalid Mon Aug 1 20:32:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 22:35:04 2005 Subject: [SpamCop-List] Re: How was I reporting my own service providers? References: Message-ID: D.F. Manno wrote: >> The parse went after 198.212.10.108 = >> permemail05.alumniconnections.com, which is your alumni >> association's server. In a non-mailhost, the noncompliant bottom line will cause the alumni to be named. Abbreviated Received lines *comment from cavtel.net [64.83.0.22] by cavtel.net *serves you from permemail05.alumniconnections.com [198.212.10.108] by cavtel.net *forwards? from bzq-218-200-61.red.bezeqint.net (81.218.200.61) by permemail05 *sourceline SC couldn't chain from the 2nd line's 'from' field to the bottom line's 'by' field because permemail didn't use a proper domainname. When SC wants to report the alumni server, it didn't offer the report in a 'recognizable' form, because the alumni server notify is to Harris Publishing. bcharrispub.com > Mystery solved. The advantage of mailhosting is that that screwy/noncompliant bottom line 'by' field doesn't matter. -- Mike Easter kibitzer, not SC admin From h9vzc2i02 at sneakemail.com Mon Aug 1 20:53:46 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Aug 1 22:55:03 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506281105.1dNhEa1743Nl3pw0@timothy.mail.atl.earthlink.net> Message-ID: "Mike B" wrote in message news:d9uja8$g86$1@news.spamcop.net... > "John E. Malmberg" wrote in message > news:MFFwIH7AZHYR@eisner.encompasserve.org > > > > It seems to me that a good application to hide on a laptop is one > > where it periodically contacts "Mother" to explain where it is. If > > it can not contact "Mother" and the user does not know a special > > password, or "Mother" tells it it is stolen, than the laptop can take > > evasive action, like cranking up it's speakers to full volume and > > explaining in several locally used languages > > how a reward can be obtained for it's recovery. > > > > You might get lucky in that the thief may not wipe the hard drive, > > and if the reward is about the same amount as a fence will pay, you > > may recover the device. > > > > A laptop with a power-on password, a harddrive password and a different > admin password set is practically useless to a thief. May not stop it from > getting nicked, but at least it can't be used. > *** Do all those passwords mean that the Feds, cops, etc. cannot read your hard drive - who are you kidding, if they can 'break' the passwords, so can a thief. The stolen laptop can always have the hard drive reformatted which kills all your protection. -- A SpamCop user and forum reader, Not Admin *** > -- > Mike B > > From h9vzc2i02 at sneakemail.com Mon Aug 1 21:02:52 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Aug 1 23:05:03 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506281105.1dNhEa1743Nl3pw0@timothy.mail.atl.earthlink.net> Message-ID: "indigo" wrote in message news:d9ui9d$f9c$1@news.spamcop.net... > > > J G wrote: > > On 6/28/2005 3:50 PM Trish Roberts-Miller scribbled: > > > > > > > > > > Since then, almost all of my pump-and-dump stock spam has been > > > downloaded as though it's already been read. (I use mozilla, in case > > > that's relevant.) The sysadmin and I have both assumed that my mail > > > is compromised, and acted accordingly, but I thought I would ask > > > here, as perhaps it's a well-known phenomenon that pump-and-dump > > > mail *looks* read. > > > > > I'd join Mike and ask, what do you mean, already read? > > Don't see how Mozilla has anything to do with it - I don't know how > > you mean pump and dump looks read - I *know* how it looks old... > > I'm assuming she's referring to something like the way Mickeysoft email > software works -- if the message hasn't been read, the subject line is in > bold. Once it's marked as read the line is normal text, not in bold. > > ** Additionally, in OE, there is a right-click drop down menu that allows one to 'mark' a message as 'read' or 'unread', no matter what the current condition actually is. That, of course, does not change what you know about the message (whether you have opened the message or not), just its appearance in the message list. -- A SpamCop user and forum reader, Not Admin *** From jr70 at blackhole.invalid Mon Aug 1 21:45:20 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 23:50:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: >> It would have been worse if he had put that one-line reply *after* several >> screens of quoted text. > > So? Something A being worse then B being worse then C, does not mean B is > the recommend way to go. C is. > >> The issue is not so much whether one top-posts or bottom-posts >> but whether extraneous quoted material is snipped (for those readers >> with poor recollection or *not* familiar with prior posts in that thread). > > I've poor recollection, but good bookmarks: > > http://web.presby.edu/~nnqadmin/nnq/nquote.html Referencing someone else's opinion does not prove a point. As we used to say in Dutch: Elke ketter heeft zijn letter. -- John Richards (Dutch expatriate) From anon at coks.net Mon Aug 1 21:55:12 2005 From: anon at coks.net (J G) Date: Mon Aug 1 23:55:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies In-Reply-To: References: Message-ID: On 8/1/2005 8:45 PM John Richards scribbled: > Referencing someone else's opinion does not prove a point. > As we used to say in Dutch: > Elke ketter heeft zijn letter. > Whats a ketter? From anon at coks.net Mon Aug 1 21:59:01 2005 From: anon at coks.net (J G) Date: Tue Aug 2 00:00:03 2005 Subject: [SpamCop-List] kook awards Message-ID: They're cooking over @ NANAE, for those that haven't noticed... From MikeE at ster.invalid Mon Aug 1 22:11:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 00:15:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: J G wrote: > John Richards scribbled: > >> Referencing someone else's opinion does not prove a point. >> As we used to say in Dutch: >> Elke ketter heeft zijn letter. >> > Whats a ketter? I think it means every/each heretic has his text. If you wanted to get 'Biblical' about it, there's the saying that 'The Devil can cite Scripture for his purpose.' However, that being sed, the referenced article in the news.newusers.questions faq links is a 'nice' and polite and helpful article to help new news posters who don't understand the traditionally accepted ng quoting style. -- Mike Easter kibitzer, not SC admin From jdd at dodin.org Tue Aug 2 10:59:09 2005 From: jdd at dodin.org (jdd) Date: Tue Aug 2 04:00:04 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: WazoO wrote: > I'd have to suggest that a bit more than "noises" have > been attempted. having a forum is great, but having the web pages understandable is better. why the forum's clues are not at least linked from the relevant pages? jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From nobody at nowhere.invalid Tue Aug 2 11:26:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Aug 2 04:30:03 2005 Subject: [SpamCop-List] Re: kook awards References: Message-ID: On Mon, 01 Aug 2005 20:59:01 -0700, J G coughed into spamcop and left this in : > They're cooking over @ NANAE, for those that haven't noticed... When aren't they? -- Steve Just remember, if the world didn't suck, we'd all fall off. From PleaseReplyTo at TheGroupInstead.be Tue Aug 2 11:48:28 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 04:50:41 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > > I've poor recollection, but good bookmarks: > > > > http://web.presby.edu/~nnqadmin/nnq/nquote.html > > Referencing someone else's opinion does not prove a point. > As we used to say in Dutch: > Elke ketter heeft zijn letter. Very true, of course. However, this ketter is in good company: see Mike's letter. Also, I didn't quote to prove a point, I quoted to point to a helpful and friendly article that has been around since usenet stone age, and has been the singe accepted guideline of its kind ever since. In this article, my point is explained very well and very thoroughly, much better then I could hope to do in an alien language and this short space. For example, what said in the answer to question 9 seems to address a point you made earlier. So if you do want to continue the discussion, I suggest you try and invalidate what's said in the answer to question 7, in the quoted article. Joris From nobody at devnull.spamcop.net Tue Aug 2 07:33:46 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Aug 2 07:30:18 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcn94d$edt$1@news.spamcop.net... > WazoO wrote: > > > I'd have to suggest that a bit more than "noises" have > > been attempted. > > having a forum is great, but having the web pages > understandable is better. why the forum's clues are not at > least linked from the relevant pages? Absolutely, the web pages should be revised. However, nobody who is charge of the web pages apparently thinks that it is necessary (or at least, revision is at the bottom of a 'to do' pile that never gets low enough to get revisions done). There have been many volunteers over the years to clarify the web pages, but TPTB have never accepted help. If you are interested in clarifying instructions, then the only place that your comments will be considered and used is the forum. Or, if you do not like the forum, you can make your own boilerplate answers and whenever someone asks a question in the newsgroup, you can give them a clear answer. Actually, in spite of the web pages, most reporters manage to muddle through and rarely access either the ng or the forum for help. IMHO, part of the rationale for not revising the pages is to eliminate those reporters who are technically non-fluent and are either incapable or unwilling to learn the basics. Those, as reporters, would be more likely to make mistakes and thereby lessen the usefulness of the scbl. Miss Betsy From MikeE at ster.invalid Tue Aug 2 08:54:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 10:55:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Miss Betsy wrote: > IMHO, part of the rationale for not revising the pages is to > eliminate those reporters who are technically non-fluent and are > either incapable or unwilling to learn the basics. I really don't think there is a conscious effort to create an information gap or hurdle to deter any users. I can't imagine that you would even think that. > Those, as > reporters, would be more likely to make mistakes and thereby lessen > the usefulness of the scbl. I'm sure that 'everyone' wishes that anyone who would want to be a reporter, or a user of the SCbl, or anyone who was every affected by the SCbl, be it admin or user, would be able to go to the 'real' web faq and 'instantly' and painlessly and easily navigated to exactly the page where they would be able to immediately read a crystal clear and succinct uptodate explanation of whatever it was they wanted to know. The way to do that would be to have a faq which was up-to-date, intuitively organized, and frequently reorganized and clarified and amended. Further, there also needs to be a 'simplistic' way that someone can ask a question and have it answered. The forum is a pretty good approximation of that, because a certain percentage of the population doesn't 'do' newsgroup questions. However, most of that same group also doesn't 'do' navigating either. The forum is also a rough approximation of a place to create some dynamic adjusting and pinning to the faq -- but it in no way resembles what I described above about a real faq -- properly organized for natural and intuitive navigation and enabling immediate and simple introduction to the answer. The forum is not a faq, and it also isn't some kind of magical oak tree that we used to joke about here. The magical oak tree that I refer to harkens back to a time when people could write a question into a box that was an entry to the mailing list of the newsgroup. Often it seemed that those who so subscribed fully expected that if they came back to that page, there would be an answer waiting for them. It reminded me of a condition of someone coming along to a magic oak tree, leaving a note inside a knothole, and coming back to the hole later and finding their answer inside. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 12:12:51 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 11:15:02 2005 Subject: [SpamCop-List] Internic Whois Data Problem Message-ID: Has anyone actually had any success getting a spammer's domain delisted through Internic where the registrant info is fraudulent? i.e., through the mechanism provided at http://wdprs.internic.net/ I reported RECIPIENTNETWORK.COM for data inaccuracy. The registrant just keeps modifying their record with more bogus info (i.e., the current address is HQ office for Victoria's Secret...funny that one). The current phone listed is disconnected, etc.. Internic keeps sending notice that the registrant info has been changed and it is left to me to determine whether the info is inaccurate. Don't they do any due diligence themselves? And after 10 submissions of inaccurate info (seriously), why don't they just delist the domain? From MikeE at ster.invalid Tue Aug 2 09:36:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 11:40:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Eponym wrote: > Has anyone actually had any success getting a spammer's domain > delisted through Internic where the registrant info is fraudulent? > i.e., through the mechanism provided at http://wdprs.internic.net/ I think you aren't understanding the process and who is responsible to whom. That is, I think you are understanding the 'process' by which you bring bogus whois information to the attention of internic. The process which you might not understand is that that is a 'conduit' by which internic can oversee the questioning of the domain registrar by 'anyone'. That is, there's a rule that registrars are supposed to maintain accurate information uptodate -- and registrars are certified by internic. So the registrar has a responsibility to internic. The way it is supposed to be is that the registrar is supposed to be acting responsibly in order to be a registrar. > I reported RECIPIENTNETWORK.COM for data inaccuracy. The registrant > just keeps modifying their record with more bogus info (i.e., the > current address is HQ office for Victoria's Secret...funny that one). > The current phone listed is disconnected, etc.. Internic keeps > sending notice that the registrant info has been changed and it is > left to me to determine whether the info is inaccurate. Don't they > do any due diligence themselves? And after 10 submissions of > inaccurate info (seriously), why don't they just delist the domain? Internic doesn't 'oversee' the accuracy of the information; internic only oversees the responsibility of the registrar. In a 'sense' internic doesn't see what you are seeing 'properly' because recipientnetwork is 'working' the system thru' the cooperation of the registrar. Domain Name: RECIPIENTNETWORK.COM Registrar: KEY-SYSTEMS GMBH Whois Server: whois.rrpproxy.net Referral URL: http://www.key-systems.net At this point, your beef is actually to internic about the registrar not performing due diligence. When you go to internic's front page, they have a different referral link about complaints about a registrar To submit a complaint about an accredited registrar go to the Registrar Problem Report form. http://reports.internic.net/cgi/registrars/problem-report.cgi That system is largely oriented toward some kind of financial beef or conflict between and registrar's customer and the registrar -- but since internic may not be 'paying attention' to the trend here, the usage of the registrar beef form might be more appropriate to let some light shine on the situation. That page sez "ICANN does monitor such complaints to discern trends." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 09:45:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 11:50:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Mike Easter wrote: > The way to do that would be to have a faq which was up-to-date, > intuitively organized, and frequently reorganized and clarified and > amended. > The forum is also a rough approximation of a place to create some > dynamic adjusting and pinning to the faq -- but it in no way resembles > what I described above about a real faq Just as an example of how the faq /can/ get adjusted or changed promptly for 'simplistic' issues. On Jul 30, adrianbye started a forum thread beefing about a problem with information used from the faq about SpamKiller http://forum.spamcop.net/forums/index.php?showtopic=4634&hl= The faq item 403 about blocking list information used to say this: SpamCop FAQ : SpamCop Blocking List information : How can I use the blocklist without mailserver configuration? Many spam filtering systems automatically use the SpamCop blocklist as part of a larger scheme. SpamCop does not review or garantee these third party products. One very effective and well-known filter is Spam Assassin; an open-source perl scoring system. Spam Assassin can be installed on unix-based systems in either system-wide or in "user land". It is highly configurable. SpamKiller from Minute Group is an outlook plugin which uses the Spamcop list to filter mail. It seems to use SpamCop's list exclusively for it's filtering logic. SpamKiller is a bad idea. After some discussion in the forum, the information was passed along and the faq was promptly amended by deleting the last par http://www.spamcop.net/fom-serve/cache/403.html So, that is 'evidence' of a couple of things. One is that the faq *CAN* be amended promptly if there is the right kind of attention. The other is that simple faq changes are more easily implemented than 'difficult' ones. Another is that the channels of communication have some preferences for the structures and input of the forum over whatever goes on in the newsgroups. -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Tue Aug 2 19:24:46 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 12:25:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Eponym wrote: > Has anyone actually had any success getting a spammer's domain delisted > through Internic where the registrant info is fraudulent? i.e., through the > mechanism provided at http://wdprs.internic.net/ Yes, but the responsibility differs from registrar to registrar. There are 'white hat' registrars which act very fast and others ('black hat') which didn't act at all, even if the whois record is blatant fraudulent. And some spammers seem to know where they have to register a domain... - kjz From nobody at devnull.spamcop.net Tue Aug 2 13:30:24 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 12:35:02 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: "Mike Easter" wrote in message news:dco3tb$vug$1@news.spamcop.net... Excellent answer...thanks for the additional reporting link. I will say one thing...the spam I was getting from that domain stopped....for now anyway. The spammer always uses the same technique of redirecting through Yahoo, and I haven't gotten any of those for awhile. I'm guessing I got list washed, since he's still using yahoo name servers. From anon at coks.net Tue Aug 2 10:40:25 2005 From: anon at coks.net (J G) Date: Tue Aug 2 12:40:03 2005 Subject: [SpamCop-List] rsp Message-ID: http://www.spamcop.net/sc?id=z792421432ze284768da5c9942974907e6431ad1a12z I illegally inserted www. in front of pr1ority.com and SC picked it up but discarded it. However * Using URL: www.pr1ority.com Listed in: * sbl.spamhaus.org 194.126.188.4 is a known spam source Why didn't the program figure this out? And, no, I wouldn't have reported it... From MikeE at ster.invalid Tue Aug 2 10:46:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 12:50:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Mike Easter wrote: > SpamKiller from Minute Group is an outlook plugin which uses the > Spamcop list to filter mail. It seems to use SpamCop's list > exclusively for it's filtering logic. > > SpamKiller is a bad idea. There may be some confusion about what SpamKiller is. SK McAfee is this http://us.mcafee.com/root/package.asp?pkgid=123&cid=3213 -- I guess we could call that SK-McAfee. The link which the SC faq provided was to here http://www.minutegroup.com/prodpg_spamkiller.htm -- which I guess we could call SK-Minute or SK-Payya Tec. If a person were looking for an enduser system which uses DNSbl/s and can use the SCbl they might consider SpamPal or others, but I think someone or Don decided to just back off from the business of mentioning anything besides SpamAssassin. How hard do you think it would be to talk about how that faq page should mention SpamPal instead of the MinuteGroup SpamKiller and have the faq be changed any time soon? There is something paradoxical about that. Under some conditions the faq is impossible to change. Under other conditions it is easy to change. The same page makes a disclaimer. The same page mentions SpamAssassin. The same page used to mention SK-Minute and provide a link. Why shouldn't the same page mention SpamPal and provide a link? Many people around here and other newsgroups commend SpamPal as a valuable way to use DNSbl/s such as SpamCop's, SP is free and well supported, like SA. Why should /n/x users be provided access to a link about SA, but Win users not provided access to a link about SP? It actually doesn't make any sense. The fact that such products compete with the SpamCop business of providing filtered mailservice should mean that there shouldn't even be a link to SpamAssassin either. -- Mike Easter kibitzer, not SC admin From windsorfoxNOSPAM at cox.net Tue Aug 2 12:50:40 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 12:55:04 2005 Subject: [SpamCop-List] Re: ALGX and XO In-Reply-To: References: Message-ID: Mike Easter wrote: > WindsorFox[SS] wrote: > >> I am recieving insessant, constant garbage from ultimate free >>laptops .com. I Did the unsubscribe for 2 weeks and they still come. >>Now, Spamcop reports them to abuse@algx.com , but it seems like it >>should goto abuse@xo.com ?? These people are glib and could not care >>less if you paid them to. > > > If you want to discuss how SC notifies for something you should post a > tracker -- working with something like 'laptops.com' is not adequate > information, especially in the context in which you placed it. > > It also sounds like you are having trouble unsubbing to something you > subbed. > Exactly. It's a gmail addy that I made specially to use for one of those get a free laptop/ get a free sites. I followed all of the unsub links and they just totally disreguard the unsubs. The point here is that all of these places are on a network called AGLX. a little research shows that ALGX was bought by XO. A phone call to the number I found gives me a minimum wadge 15 yo who says abuse@algx.com is no longer a good email it has to goto abuse@xo.com, which I am sure some would argue is not a very good address either. At any rate I noticed about a week after I made the original post here *poof* all the mail parsed through Spamcop now contains the XO abuse address instead of the ALGX address. From MikeE at ster.invalid Tue Aug 2 10:59:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 13:00:02 2005 Subject: [SpamCop-List] Re: rsp References: Message-ID: J G wrote: www.spamcop.net/sc?id=z792421432ze284768da5c9942974907e6431ad1a12z > > I illegally inserted www. in front of pr1ority.com and SC picked it up > but discarded it. I don't know what kind of experiment you are trying to do with the forgery of changing pr1ority.com to www.pr1ority.com to see what happens. A simpler experiment would be to just put the naked 'URL' into the parser and see if it can resolve -- because when you fool around with trial and error of forgeries for that particular spam you are dealing with the additional layer of how the spam is 'misconstructed'. It is using some kind of crude or simplistic RTF rich text format and calling it text/html. > However > * Using URL: www.pr1ority.com > Listed in: > * sbl.spamhaus.org > 194.126.188.4 is a known spam source > > Why didn't the program figure this out? > And, no, I wouldn't have reported it... The simpler experiment shows that the naked url/s [with and without www] in the parser aren't resolved by SC. -- Mike Easter kibitzer, not SC admin From anon at coks.net Tue Aug 2 11:10:47 2005 From: anon at coks.net (J G) Date: Tue Aug 2 13:10:03 2005 Subject: [SpamCop-List] Re: rsp In-Reply-To: References: Message-ID: On 8/2/2005 9:59 AM Mike Easter scribbled: > I don't know what kind of experiment you are trying to do with the > forgery of changing pr1ority.com to www.pr1ority.com to see what > happens. > w/o the www., which is what the original msg. was and reported as such, SC didn't see the URL at all. I just added www. to see if that made the program see it, and it did but could not resolve it, which my utility did. I was curious as to why SC didn't resolve to 194.126.188.4 /after/ picking up the URL. > A simpler experiment would be to just put the naked 'URL' into the > parser and see if it can resolve -- because when you fool around with > trial and error of forgeries for that particular spam you are dealing > with the additional layer of how the spam is 'misconstructed'. > It is using some kind of crude or simplistic RTF rich text format and > calling it text/html. I didn't know that was possible - thought one needed headers and such... > The simpler experiment shows that the naked url/s [with and without www] > in the parser aren't resolved by SC. > From spamcop at oitc.com Tue Aug 2 14:30:14 2005 From: spamcop at oitc.com (spamcop) Date: Tue Aug 2 13:35:03 2005 Subject: [SpamCop-List] The message is not spam because...... Message-ID: Check this reply out. It refers to a submittal which was sent to a spam trap in a domain only used for traps! The message is not spam because, "This message is intended for those interested in search marketing"! Subject: Spamcop report id:1480536574 From: "Erin Johns" To: <1480536574@reports.spamcop.net> Hello SpamCop user, We have been informed by SpamCop that you have reported our e-mail as Spam. This message is intended for those interested in search marketing and is not spam. If you would no longer like to receive messages from us, please reply with the e-mail address you would like to have excluded from our mailing list or you can click on the opt-out link as well.? http://www.metricsdirect.com /about/optout.aspx -- Please use the link below to review the report in question: http://www.spamcop.net/mcgi?action=showhistory;slice=reportid;val=14805365 74 From kjz at despammed.com Tue Aug 2 20:32:55 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 13:35:07 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Mike Easter wrote: > That system is largely oriented toward some kind of financial beef or > conflict between and registrar's customer and the registrar -- but since > internic may not be 'paying attention' to the trend here, the usage of > the registrar beef form might be more appropriate to let some light > shine on the situation. That page sez "ICANN does monitor such > complaints to discern trends." Yes, and you can see the results at: http://www.icann.org/whois/wdprs-report-final-31mar05.htm - kjz From windsorfoxNOSPAM at cox.net Tue Aug 2 13:54:27 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 13:55:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: Sylvesterthekat wrote: > "Miss Betsy" wrote in message > news:dbu9ba$ekr$1@news.spamcop.net... > > >>"Sylvesterthekat" wrote in message >>news:dbu2a5$ad2$1@news.spamcop.net... >> >> >>>Shut the fuck up spammer. I hope you go out of business. >> >> >>Please ignore the troll. (trolls only post to be rude and make >>trouble) >> >>Miss Betsy >> > > > OK, we'll ignore you then. M0r0n. I figured Ellen or someone would have block this waste of bandwidth from the servers by now... From MikeE at ster.invalid Tue Aug 2 12:01:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 14:05:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: spamcop wrote: > Check this reply out. It refers to a submittal which was sent to a > spam trap in a domain only used for traps! The message is not spam > because, "This message is intended for those interested in search > marketing"! The concept that is going on there is that the marketer 'gets to' send out their email to any address which is on the list that they [bought, stole, manufactured, swapped, etc] and it is the 'responsibility' of anyone who doesn't want /that/ mail to unsubscribe. Further, since they are clearly spammers, that unsubscribe is /also/ a lie. The marketer/spammer idea of what to do with the unsubscribers is just as inventive as is/was where to get their original mailing list from. Unsubscribers make up some /other/ list/s. If you will just send them your unsub, they will move you around or rather use that information as well, perhaps taking you off one list and putting you on 42 more. Depending upon how cleverly they have performed the initial spam construction for a unique identity, they may or may not know which address corresponds to a particular SC report # when they receive a copy of the spamreport. -- Mike Easter kibitzer, not SC admin From windsorfoxNOSPAM at cox.net Tue Aug 2 14:04:03 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:05:08 2005 Subject: [SpamCop-List] Re: kook awards In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Mon, 01 Aug 2005 20:59:01 -0700, J G coughed into spamcop and left > this in : > > >>They're cooking over @ NANAE, for those that haven't noticed... > > > When aren't they? > It's been exceedingly high lately. From MikeE at ster.invalid Tue Aug 2 12:08:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 14:10:02 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Karl-Josef Ziegler wrote: > Mike Easter wrote: > >> That system is largely oriented toward some kind of financial beef or >> conflict between and registrar's customer and the registrar -- but >> since internic may not be 'paying attention' to the trend here, the >> usage of the registrar beef form might be more appropriate to let >> some light shine on the situation. That page sez "ICANN does >> monitor such complaints to discern trends." > > Yes, and you can see the results at: > > http://www.icann.org/whois/wdprs-report-final-31mar05.htm That page is very useful for outlining the responsibilities of icann vis internic and the registrars. The internic page I referred to earlier apparently wants the individual who is unhappy about whois information and the performance of the particular registrar in that regard to be 'working it out' with the registrar. "If you have a problem with one of the registrars, you should first try to resolve it with that registrar. " "If you cannot resolve your complaint with the registrar, you should address it to private-sector agencies involved in addressing customer complaints or governmental consumer-protection agencies." -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Tue Aug 2 20:23:58 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Aug 2 14:20:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: spamcop wrote: > Check this reply out. It refers to a submittal which was sent to a spam trap > in a domain only used for traps! The message is not spam because, "This > message is intended for those interested in search marketing"! http://www.metricsdirect.com/About/Privacy.aspx MetricsDirect is a service of 180solutions. http://www.doxdesk.com/parasite/nCase.html http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 Total scum no matter where you encounter them. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From windsorfoxNOSPAM at cox.net Tue Aug 2 14:36:42 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:40:03 2005 Subject: [SpamCop-List] Re: NEW WEBSITE In-Reply-To: References: Message-ID: Brian wrote: > indigo wrote: > >> Mike Easter wrote: >> >>> It is conceivable that some other different Salem OR comcast client in >>> cahoots with Chad Ayers spamposted here, but I doubt it. Don't forget >>> about the rules for spammers, especially #1 & #2 -- spammers lie and >>> if you ever think they are telling the truth, consult #1. >> >> >> >> Hey, maybe he meant his wife did it (he did say "other person" ;-) >> >> > > I've been considering calling Sue and ask about her hubby's spamming for > his porn site. I'm only a couple of hours away, maybe she would like a > personal visit. ;) > You might tip off something she doesn't know about ! ROFL!! From nobody at spamcop.net Tue Aug 2 15:35:48 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 2 14:40:07 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: WindsorFox[SS] wrote: > > > I figured Ellen or someone would have block this waste of > bandwidth from the servers by now... Can't do it, trollboi posts from different open proxies on near daily basis. From kjz at despammed.com Tue Aug 2 21:45:05 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 14:50:06 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Mike Easter wrote: > That page is very useful for outlining the responsibilities of icann vis > internic and the registrars. Especially interesting I found the following information: As this table shows, fewer than 1% of all those who filed reports (20 people) were responsible for over 58% (18,317 out of 31,533) of all Whois inaccuracy reports submitted to ICANN during the reporting period. The 2004 Report indicated that the top 20 ( 0.3%) of reporters were responsible for over 40% (9,938 out of 24,148) of Whois inaccuracy reports. >From both anecdotal information received by ICANN and text accompanying the body of these reports we conclude that most, if not all of the high volume reporters are driven by a concern about abuses involving spam. In well over 80% of the reports filed, the reporter indicated "spam" as a factor in the body of the report. [...] there are a number of "power users" of the system. Given that they account for more than 50% of the reports, and that at least 74% of the reports are for legitimately bad Whois information, it is reasonable to assume that these industrious individuals are indeed finding many domains with incorrect Whois information. It might be reasonable to offer features in the interface to help these users. - kjz From windsorfoxNOSPAM at cox.net Tue Aug 2 14:49:11 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:50:11 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Mike Easter wrote: > spamcop wrote: > >>Check this reply out. It refers to a submittal which was sent to a >>spam trap in a domain only used for traps! The message is not spam >>because, "This message is intended for those interested in search >>marketing"! > > > The concept that is going on there is that the marketer 'gets to' send > out their email to any address which is on the list that they [bought, > stole, manufactured, swapped, etc] and it is the 'responsibility' of > anyone who doesn't want /that/ mail to unsubscribe. Ten years in a Turkish prison might just point out his error in that assumption. From windsorfoxNOSPAM at cox.net Tue Aug 2 14:50:39 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:50:13 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: indigo wrote: > WindsorFox[SS] wrote: > >> >> I figured Ellen or someone would have block this waste of >>bandwidth from the servers by now... > > > Can't do it, trollboi posts from different open proxies on near daily basis. > > Okay, and is there a reason that all these open proxies are not blocked?? From johnl at spamcop.net Tue Aug 2 19:57:45 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 15:00:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WindsorFox[SS]" wrote in news:dcof7j$6k7$3 @news.spamcop.net: > Okay, and is there a reason that all these open proxies are not > blocked?? Also, isn't there a requirement to register to post to the NG's? I thought there was something about that quite some time ago. (and if not, why not make it that way) From bryn.lawrence at ntlworld.com Tue Aug 2 21:01:41 2005 From: bryn.lawrence at ntlworld.com (bryn lawrence) Date: Tue Aug 2 15:10:02 2005 Subject: [SpamCop-List] Re: forwarding spams by attachment References: Message-ID: I have been having the same problems in the last 3 to 4 days i have sent nearly 50 reports in but only had 5 or 6 back . Is this a problem with spam cop or could it be with ntl "Ivan Leo Puoti" wrote in message news:dcdqmf$ii7$1@news.spamcop.net... > Today I reported 6 spams sent with return receipt, two returned with a > relayed confirmation, the others have disappeared into thin air, none have > ended up in the spam queue, has anyone else seen this sort of problem? > > Ivan. From nobody at spamcop.net Tue Aug 2 16:13:20 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 2 15:15:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: JohnL wrote: > "WindsorFox[SS]" wrote in news:dcof7j$6k7$3 > @news.spamcop.net: > > > Okay, and is there a reason that all these open proxies are not > > blocked?? Because JT can't be arsed to incorporate some type of blocking routine into the server. He said he'd just as soon shut it down than waste his time trying to fight off trolls. > > Also, isn't there a requirement to register to post to the NG's? Nope. > I thought there was something about that quite some time ago. > (and if not, why not make it that way) Not that I can recall....... From PleaseReplyTo at TheGroupInstead.be Tue Aug 2 22:22:24 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 15:25:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > http://www.doxdesk.com/parasite/nCase.html > http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 > > Total scum no matter where you encounter them. Ha, no, that's just it, these people are not scum, the ads and viri and filth are intended for those people interested in ads and viri and filth. If your windows box still works after you've been stupid enough to let filth in, just unsubscribe, and... (see Mike's excellent comment). Really, I'm starting to think the old dream of a world-wide network of information is lost. Joris From MikeE at ster.invalid Tue Aug 2 13:32:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 15:35:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: JohnL wrote: > Also, isn't there a requirement to register to post to the NG's? No. The ng/s aren't limited to SC reporter registrants. They are open, a public 'specialty' newsserver. > I thought there was something about that quite some time ago. > (and if not, why not make it that way) The ng/s were intended for anyone 'off the street' to be able to post to ask questions. That configuration arose before there was a forum. Since there's a forum now, and since the forum *does* require registration to post, one might consider that there be a reconsideration of the status or condtion of the ng/s. However, the business of 'integrating' the SC registered reporters list into a scheme for authorizing access to news.spamcop.net might or not be non-trivial. I think it is also still possible to email into the ng/s - so that's another little issue. There's a general concept that since the newsserver is run by someone who is partial to the forum, that creating waves about alterations in or demands on newserver management wouldn't be in the best interests of those who want very much there to be newsgroups. The fear is that if the newsgroups were too much trouble, there just wouldn't be any newsgroups. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 13:35:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 15:40:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: Mike Easter wrote: > However, the business of 'integrating' the SC registered reporters > list into a scheme for authorizing access to news.spamcop.net might > or not be non-trivial. I suppose that one could also consider using the same registration process and db as is used for the forum. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 16:58:49 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 16:00:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: "Mike Easter" wrote in message news:dco3tb$vug$1@news.spamcop.net... > > To submit a complaint about an accredited registrar go to the Registrar > Problem Report form. > http://reports.internic.net/cgi/registrars/problem-report.cgi > I already received a real person response back...seems they don't like being reported through Internic. The response was rather whiney. From johnl at spamcop.net Tue Aug 2 21:16:12 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 16:20:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "indigo" wrote in news:dcogkg$8ep$1@news.spamcop.net: > Because JT can't be arsed to incorporate some type of blocking routine > into the server. He said he'd just as soon shut it down than waste his > time trying to fight off trolls. I just find it a little amazing that when someone makes 'some' money, all of a sudden, it gets to be "their way or the highway". Amazing how this has become a waste of his time now. From nobody at spamcop.net Tue Aug 2 14:19:34 2005 From: nobody at spamcop.net (N. Miller) Date: Tue Aug 2 16:20:09 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Tue, 2 Aug 2005 21:22:24 +0200, Joris Van Damme wrote: >> http://www.doxdesk.com/parasite/nCase.html >> > http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 >> >> Total scum no matter where you encounter them. > > Ha, no, that's just it, these people are not scum, the ads and viri and > filth are intended for those people interested in ads and viri and filth. If > your windows box still works after you've been stupid enough to let filth > in, just unsubscribe, and... (see Mike's excellent comment). > > Really, I'm starting to think the old dream of a world-wide network of > information is lost. Hardly. All marketers[1] are purveyors of "information". Isn't that what they've been trying to tell us? [1] It is getting damned hard to tell the "marketers" apart from the spammers... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Tue Aug 2 14:23:56 2005 From: nobody at spamcop.net (N. Miller) Date: Tue Aug 2 16:25:02 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: <4ai4afbc2wia.dlg@news.spamcop.net> On Mon, 1 Aug 2005 18:43:34 -0700, NerdRevenge wrote: > I did report 23 spams today from the same IP adress in the same newsgroup > posted within moments of each other. The "Make Millions with PayPal" scam. > > Result..No IP listed > > There are also others who love to flood some groups with copyrighted news > stories that have nothing to do with the subject group. > Resut..No IP listed and flooding continues I am not sure of the value of adding Usenet posting IP addresses to the SCBL; unless the same IP address is the source of email spam. The SCBL is not used against Usenet posts, as nearly as I can tell. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Tue Aug 2 14:43:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 16:45:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Eponym wrote: > "Mike Easter" >> To submit a complaint about an accredited registrar go to the >> Registrar Problem Report form. >> http://reports.internic.net/cgi/registrars/problem-report.cgi >> > > I already received a real person response back...seems they don't > like being reported through Internic. The response was rather whiney. Maybe the respondent registrar needs to be reminded of what ICANN sez about the registrar's responsibilities. How does it make any sense for them to be repetitively not vetting the information being submitted to them by some known bogus information submitter. And over and over again. I think part of the problem is that the registrars are sensitive to the issue that people don't like their information posted publicly; and many registrars and 3rd party systems have mechanisms in place so that people don't actually have to post anything of their own at all -- but instead post the information of some 'agent' for the domain registration. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 14:50:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 16:55:04 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: <4ai4afbc2wia.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > I am not sure of the value of adding Usenet posting IP addresses to > the SCBL; unless the same IP address is the source of email spam. The > SCBL is not used against Usenet posts, as nearly as I can tell. It is true that the report doesn't do anything useful for the SCbl and that the SCbl doesn't have anything to do with usenet. The only thing a usenet spam reporter can hope for is that the provider cares whether or not the user IP is 'offending' someone with what appears to be bulked and commercial and disproportionately benefitting the poster. You can't call it unsolicited because it isn't email. Whether or not it is bulked or 'appropriately' bulked is not determined, and the provider isn't going to go looking around and see where it was posted and how many times and what the charters of the groups were it was posted are to know if it was against any groups charters. You can't even call it against the TOS of the particular provider unless you've read the provider's TOS/AUP. I think that providers typically don't act on reports of usenet spam. Unfortunately and more significantly they don't even act on reports of spam, real spam, email spam, emitting from proxified trojan users. If providers aren't going to be acting against email spam from their proxied users, they certainly aren't going to act against what someone considers an inappropriately posted newsgroup message. Even if it is a scam or phish instead of a 'routine' commercial message. -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Tue Aug 2 15:25:17 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Aug 2 17:30:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: J G wrote: > On 8/1/2005 8:45 PM John Richards scribbled: > >> Referencing someone else's opinion does not prove a point. >> As we used to say in Dutch: >> Elke ketter heeft zijn letter. >> > Whats a ketter? The translation of that Dutch sentence is: Every heretic has his [bible] verse. Aside from the original meaning, it's more widely used to indicate that just because you're quoting an authoritative source doesn't mean you're not taking it out of context or misapplying it. -- John Richards From jr70 at blackhole.invalid Tue Aug 2 15:53:38 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Aug 2 17:55:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: >>> I've poor recollection, but good bookmarks: >>> >>> http://web.presby.edu/~nnqadmin/nnq/nquote.html >> >> Referencing someone else's opinion does not prove a point. >> As we used to say in Dutch: >> Elke ketter heeft zijn letter. > > Very true, of course. > > However, this ketter is in good company: see Mike's letter. > > Also, I didn't quote to prove a point, I quoted to point to a helpful and > friendly article that has been around since usenet stone age, and has been > the singe accepted guideline of its kind ever since. In this article, my > point is explained very well and very thoroughly, much better then I could > hope to do in an alien language and this short space. > > For example, what said in the answer to question 9 seems to address a point > you made earlier. So if you do want to continue the discussion, I suggest > you try and invalidate what's said in the answer to question 7, in the > quoted article. > > > Joris Actually this discussion has reared its ugly head several times already in the spamcop newsgroups, so we're not going over new ground. Both conventions (bottom posting and top posting) have positives and negatives. My habit is to go with whatever convention is already being used in a given thread. My biggest objection to bottom posting is when someone uses it without trimming the quoted material to a minimal amount. It is really annoying to have to scroll down through one or more screens of quoted text before seeing a one-liner reply! To be fair, this is not much of an issue in these SC newsgroups, but it is a rampant problem in many other newsgroups. To answer Question 7, I would say that I don't write to be read by some faceless mob of newbies who have never read the thread before. I write to be read by the regulars in that newsgroup. I routinely follow about 50 different newsgroups, and mostly by the time I finish reading the latest response in a thread, I will have recalled the gist of the post being responded to, so I have no need to reread the post being responded to. In the few instances that I don't recall the gist, it's a simple matter to read a little further down in order to jog my memory. So, in a nutshell, it's a time saver technique for me. More than that, though, I find it annoying when people take up valuable time to castigate a fellow poster for top posting. I say, live and let live! -- John Richards From borgholio at storymind.com Tue Aug 2 15:57:10 2005 From: borgholio at storymind.com (Borgholio) Date: Tue Aug 2 18:00:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Joris Van Damme wrote: >>http://www.doxdesk.com/parasite/nCase.html >> > > http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 > >>Total scum no matter where you encounter them. > > > Ha, no, that's just it, these people are not scum, the ads and viri and > filth are intended for those people interested in ads and viri and filth. If > your windows box still works after you've been stupid enough to let filth > in, just unsubscribe, and... (see Mike's excellent comment). > > Really, I'm starting to think the old dream of a world-wide network of > information is lost. > > > Joris > > Oh it's not lost...just twisted and perverted into something that the Sci-Fi writers of the 1960's could only have nightmares about. From borgholio at storymind.com Tue Aug 2 15:59:54 2005 From: borgholio at storymind.com (Borgholio) Date: Tue Aug 2 18:00:08 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: JohnL wrote: > "indigo" wrote in > news:dcogkg$8ep$1@news.spamcop.net: > > >>Because JT can't be arsed to incorporate some type of blocking routine >>into the server. He said he'd just as soon shut it down than waste his >>time trying to fight off trolls. > > > I just find it a little amazing that when someone makes 'some' money, all > of a sudden, it gets to be "their way or the highway". > Amazing how this has become a waste of his time now. We had this discussion a year or two back, if I recall...when trollboi first showed up. I sent a few emails to JT (through Ellen) and got a reply that basically said "JT is not interested in working with the newsgroups, and will shut them down if too many people complain about the troll." Well I said it before and I'll say it again. I think JT is nothing more than a lazy bastard. Why he doesn't pawn the newsgroups over to someone who is actually willing to lift a finger to help? From jr70 at blackhole.invalid Tue Aug 2 16:00:48 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Aug 2 18:05:04 2005 Subject: [SpamCop-List] Re: kook awards References: Message-ID: WindsorFox[SS] wrote: > Steven Maesslein wrote: >> On Mon, 01 Aug 2005 20:59:01 -0700, J G coughed into spamcop and left >> this in : >> >> >>> They're cooking over @ NANAE, for those that haven't noticed... >> >> >> When aren't they? >> > > It's been exceedingly high lately. Yeah, I gave up following that NG several years ago. The volume is too high and too many kook posters. -- John Richards From johnl at spamcop.net Tue Aug 2 23:03:35 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 18:05:10 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: Borgholio wrote in news:dcoqcd$e36$2@news.spamcop.net: > Well I said it before and I'll say it again. I think JT is nothing > more than a lazy bastard. Why he doesn't pawn the newsgroups over to > someone who is actually willing to lift a finger to help? But then if he did that, he might not be able to justify "other things". Lazy? Maybe. Thinks maybe to highly of self? More likely than not. Has he lost respect from others? Quite Likely. Does he give a shit what anyone thinks? Not even a thought. From borgholio at storymind.com Tue Aug 2 16:12:08 2005 From: borgholio at storymind.com (Borgholio) Date: Tue Aug 2 18:15:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: JohnL wrote: > Borgholio wrote in > news:dcoqcd$e36$2@news.spamcop.net: > > >>Well I said it before and I'll say it again. I think JT is nothing >>more than a lazy bastard. Why he doesn't pawn the newsgroups over to >>someone who is actually willing to lift a finger to help? > > > But then if he did that, he might not be able to justify "other things". > > Lazy? Maybe. > Thinks maybe to highly of self? More likely than not. > > Has he lost respect from others? Quite Likely. > Does he give a shit what anyone thinks? Not even a thought. Hmm...when you put it that way, he sounds like a spammer! From not at home.today Wed Aug 3 00:13:33 2005 From: not at home.today (Ant) Date: Tue Aug 2 18:15:07 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: "John Richards" wrote: > My biggest objection to bottom posting is when someone uses it > without trimming the quoted material to a minimal amount. Like you didn't do in this (your) post. [top-posting] > So, in a nutshell, it's a time saver technique for me. And a nuisance for everyone else. From nobody at devnull.spamcop.net Tue Aug 2 19:16:40 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 18:20:02 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: "Mike Easter" wrote in message news:dcolsu$bso$1@news.spamcop.net... > > I think part of the problem is that the registrars are sensitive to the > issue that people don't like their information posted publicly; and > many registrars and 3rd party systems have mechanisms in place so that > people don't actually have to post anything of their own at all -- but > instead post the information of some 'agent' for the domain > registration. > Anonomity and the internet are a bad combination....for email anyway. Being sensitive in respect to some whistle-blower's web site or the like makes sense. Hiding spammers does not. I've encountered some spammers hiding behind an 'agent' and I suspect that is where a lot of them will go eventually. However, I'm curious as to whether these 'agents' assume any responsibility to ICANN or others in respect to spammers. Can the 'agent' be sued for damages? From johnl at spamcop.net Tue Aug 2 23:16:44 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 18:20:06 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: Borgholio wrote in news:dcor3a$f1o$1 @news.spamcop.net: > Hmm...when you put it that way, he sounds like a spammer! ROTFLMAO!! OW!! My side hurts!!! From MikeE at ster.invalid Tue Aug 2 16:17:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 18:20:11 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: John Richards wrote: > Both conventions (bottom posting and top posting) have positives > and negatives. Not bottom posting; trimmed contextualized. No one here is arguing for untrimmed bottom posting. And /typical/ topposting is *always* untrimmed. Bringing up an argument about trimmed topposting is artificially manufacturing a stalking horse argument; in which one is allegedly arguing about what is bad about untrimmed bottom posting with what is right about trimmed top posting, which is fundamentally 'unheard of'. The two fundamental halves of the argument are trimmed and contextualized versus untrimmed topposted TOFU. And even if there were a discussion about trimmed top posting, it also doesn't work right because it fails to provide for the argument discussed in the article we are discussing in Q7. The salient sentences in that answer are - Keep in mind that you're not writing just for the person whose posting you're responding to. - it's impossible to predict in advance whether a response will draw another response. > To answer Question 7, Which you didn't address sufficiently. > I would say that I don't write to be read > by some faceless mob of newbies who have never read the thread > before. I write to be read by the regulars in that newsgroup. The regulars in the newsgroup are going to be further replying; and the topposter, whether trimmed or untrimmed, is going to create disorderly chaos out of the thread. > So, in a nutshell, it's a time saver technique for me. We all have to do our part to keep the topic orderly. If you are trimming properly, you have not saved any time by top posting. It takes exactly as long to trim and post on top as it does to trim and post contextually. If you are reading trimmed and contextualized posts, it doesn't take any longer to read a trimmed contextualized post than it does to read a trimmed top post. > More than that, though, I find it annoying when people take up > valuable time to castigate a fellow poster for top posting. The top post is disruptive to the conversation of the group. It is not egalitarian, or fair and equal. It is selfish and self-centered. > I say, live and let live! This is a community. We need to work together and 'flow' our 'traffic' together, drive on the right, pass on the left. Somewhere else they drive on the left and pass on the right. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 16:28:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 18:30:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Mike Easter wrote: > The top post is disruptive to the conversation of the group. It is > not egalitarian, or fair and equal. It is selfish and self-centered. In addition to being selfish and self-centered, it also typically fails to precisely address the exact words and the issue of what has become the 'ignored' cite. That is, the topposter started thinking about an answer to something. When they hit reply they are no longer looking at the exact words to which they are replying. In addition to the fact that they aren't looking at them, they have already forgotten exactly what it is they are replying to, and instead the reply becomes a reply to how it was they remembered what kinds of feelings were going thru' their mind when they were reading the now forgotten exact words. So, the top poster is not only selfish and self-centered, but also imprecise and inaccurate. It doesn't work right. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 16:44:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 18:45:04 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: This discussion started with 'us' [advocates of trimmed contextualizing vs top posted TOFU] wishing for this: mikeyhsd wrote: > "Mike Easter" >> mikeyhsd wrote: >>> mikeyhsd@sport.rr.com >> >> I couldn't figger out sport.rr.com or sport.res.rr.com at first, >> thinking about 'sport' instead of a city or region, until I started >> messing with it. Some of Louisiana uses sw.rr.com -- but there's a >> large population base around Shreveport, so it has its own little RR >> geographic. > yep it is what cablevision uses for shreveport ... instead of this, which is a big mess. mikeyhsd wrote: > yep it is what cablevision uses for shreveport > > > > "Mike Easter" wrote in message > news:dcii7c$rpj$1@news.spamcop.net... >> mikeyhsd wrote: >>> there was a recent post on where to look for info on messages that >>> spamcop would ignore. >>> like over a certain size for instance. >> >> SC truncates messages submitted to the parser which are too long. >> That can result in missing some URL/s, but... many things can >> result in missing urls. Anyway, fat spams don't prevent the parse >> -- and the header/source is a primary target. >> >>> this is really creates a BIG problem. >>> since all the spammers have to do, and yes they read these groups >>> to, is to read these rules for messges that spamcop will not report >>> and construct their spam accordingly. >>> >>> there by bypassing reporting via spamcop. >> >> The business about discussing what causes problems for the parser >> typically is an exposure of what some spammer is currently doing. We >> aren't providing research for how to defeat the parser here, but >> rather 'shining the light of day' on some problem that would >> otherwise be in the dark. I think you are bringing up the concept >> of 'security through obscurity' as it applies to spammertrix. >> >>> mikeyhsd@sport.rr.com >> >> I couldn't figger out sport.rr.com or sport.res.rr.com at first, >> thinking about 'sport' instead of a city or region, until I started >> messing with it. Some of Louisiana uses sw.rr.com -- but there's a >> large population base around Shreveport, so it has its own little RR >> geographic. >> >> >> -- >> Mike Easter >> kibitzer, not SC admin -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 19:04:13 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:05:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WindsorFox[SS]" wrote in message news:dcobuo$4o8$1@news.spamcop.net... > > I figured Ellen or someone would have block this waste of bandwidth > from the servers by now... Ellen has no direct control over the newsgroups, Forum, or SpamCop e-mail accounts .. all that being housed on JT's hardware. From nobody at devnull.spamcop.net Tue Aug 2 19:08:06 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:10:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WindsorFox[SS]" wrote in message news:dcof7j$6k7$3@news.spamcop.net... > indigo wrote: > > > > Can't do it, trollboi posts from different open proxies on near daily basis. > > Okay, and is there a reason that all these open proxies are not > blocked?? The first obvious ... do you have that (constantly updated) list of open proxies handy? I can only relate that JT did not want me to toss up an .htaccess file on the forum server. From nobody at devnull.spamcop.net Tue Aug 2 19:12:33 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:15:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "JohnL" wrote in message news:Xns96A6912C0537Fjohnlspamcopnet@216.154.195.61... > > I just find it a little amazing that when someone makes 'some' money, all > of a sudden, it gets to be "their way or the highway". > Amazing how this has become a waste of his time now. Having to assume this is relating to the publicized "millions of dollars" involved .. and admitting that I don't know any of the business arrangements ... just pointing out that the IronPort side if things is thus far all on the reporting side of the house. News, forum, SpamCop e-mail accounts are all maintained on JT's hardware. From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 02:12:39 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 19:15:06 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > In addition to being selfish and self-centered, it also typically fails > to precisely address the exact words and the issue of what has become > the 'ignored' cite. That is, the topposter started thinking about an > answer to something. When they hit reply they are no longer looking at > the exact words to which they are replying. In addition to the fact > that they aren't looking at them, they have already forgotten exactly > what it is they are replying to, and instead the reply becomes a reply > to how it was they remembered what kinds of feelings were going thru' > their mind when they were reading the now forgotten exact words. > > So, the top poster is not only selfish and self-centered, but also > imprecise and inaccurate. > > It doesn't work right. Indeed, very true! I've quoted this entirely since I find it a very good argument, and I regret that it's not included on the page I've quoted. I consistently find that bottom-quoters more often just repeat there original argument, instead of actually answering what they bottom-quote. That's simply because the question is below the answer, and ignored when the answer's written. Instead, when one top-quotes, one start with trimming and selecting those parts one wishes to answer. Next, in a logical, chronological order, one writes the answer below, and the answer quote naturally becomes a real answer that relates to the question. It quite simply works. Joris From nobody at devnull.spamcop.net Tue Aug 2 19:16:41 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:20:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "Borgholio" wrote in message news:dcoqcd$e36$2@news.spamcop.net... > > We had this discussion a year or two back, if I recall...when trollboi first > showed up. I sent a few emails to JT (through Ellen) and got a reply that > basically said "JT is not interested in working with the newsgroups, and > will shut them down if too many people complain about the troll." JT has his own address, not sure why the "through Ellen" thing was your vehicle. > Well I said it before and I'll say it again. I think JT is nothing more > than a lazy bastard. Why he doesn't pawn the newsgroups over to > someone who is actually willing to lift a finger to help? I can say that I've volunteered a couple of times, but you'll note the reactions caused by my volunteer efforts on the Forum. From nobody at devnull.spamcop.net Tue Aug 2 20:16:44 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 2 19:20:09 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dco815$2o4$1@news.spamcop.net... > Mike Easter wrote: > > >> SpamKiller from Minute Group is an outlook plugin >> which uses the >> Spamcop list to filter mail. It seems to use >> SpamCop's list >> exclusively for it's filtering logic. >> > >> SpamKiller is a bad idea. > > There may be some confusion about what SpamKiller is. > SK McAfee is this > http://us.mcafee.com/root/package.asp?pkgid=123&cid=3213 - > - I guess we > could call that SK-McAfee. The link which the SC faq > provided was to > here > http://www.minutegroup.com/prodpg_spamkiller.htm -- > which I guess > we could call SK-Minute or SK-Payya Tec. > > If a person were looking for an enduser system which > uses DNSbl/s and > can use the SCbl they might consider SpamPal or > others, but I think > someone or Don decided to just back off from the > business of mentioning > anything besides SpamAssassin. How hard do you think > it would be to > talk about how that faq page should mention SpamPal > instead of the > MinuteGroup SpamKiller and have the faq be changed > any time soon? > > There is something paradoxical about that. Under > some conditions the > faq is impossible to change. Under other conditions > it is easy to > change. The same page makes a disclaimer. The same > page mentions > SpamAssassin. The same page used to mention > SK-Minute and provide a > link. Why shouldn't the same page mention SpamPal > and provide a link? > Many people around here and other newsgroups commend > SpamPal as a > valuable way to use DNSbl/s such as SpamCop's, SP is > free and well > supported, like SA. > > Why should /n/x users be provided access to a link > about SA, but Win > users not provided access to a link about SP? It > actually doesn't make > any sense. > > The fact that such products compete with the SpamCop > business of > providing filtered mailservice should mean that there > shouldn't even be > a link to SpamAssassin either. > > > -- > Mike Easter > kibitzer, not SC admin > Might's well admit it, really, that SC has de-progressed into an oprhaned set of newsgroups with no official support and no solid link to be sure that those who DO do the support are kept current with the latest changes and goings on. There are the loyal and trusted people here, and they work hard, and have the best of intentions, but I worry that they're quickly approaching a point of diminishing returns, or maybe even already have without realizing it. Spamcop, IMO, is a tool only, and not even the tool it used to be, although it does in several ways "keep up" with the spammer's strategies to a fair degree. It's probably my perpetual beginner status, but it seems now that all SC is, really, is more, sometimes less, a location where several tools at once can be run against a header set. And that's all it is, and isn't progressing anywhere positive. Some other places are beginning to be similar but so far as I know, no one has as yet put together a collection of tools as SC has and has had for some time, that operates with so little effort on the part of the complainer. But lately it's stagnating. To me that's important because I can't keep up with the comings and goings of all those tools but I get a little better with it every day. There are things that SC just doesn't do, and that no one has any intention of having it do, so we're left to our own to find other methodologies. As for the newsgroup succumbing and going away, I say if that's how they feel, then let it be. I've no wish to be where I'm not wanted. I seldom able to contribute anything other than a few confirms to the bl, I'm sure. So, if there's no newsgroup, and the crowd here insists on a newsgroup, well, from what I read, it's not that hard to create a group. What really bugs me is, the old saw about 20% of the people doing 80% of the work that gets done is dismally out of kilter here. It's a very small percentage of people doing ALL the work here, and that's not fair in my book. It seems to give new meaning to "thankless" tasks. Oh well, enough fitching for now I guess. I think I'm just disappointed that my predictions of a couple years ago about SC's future are coming true, but it is taking longer than I thought it would. Sometimes momentum can be a very powerful thing indeed. Regards to all who deserve it, and you know who you are, Pop From johnl at spamcop.net Wed Aug 3 00:19:51 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 19:20:14 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WazoO" wrote in news:dcoul1$huq$1 @news.spamcop.net: > Having to assume this is relating to the publicized "millions of > dollars" involved .. and admitting that I don't know any of > the business arrangements ... just pointing out that the IronPort > side if things is thus far all on the reporting side of the house. > News, forum, SpamCop e-mail accounts are all maintained > on JT's hardware Who's talking "millions of dollars"??? I'm just talking common business sense! If JT doesn't waht to give a shit about what HIS clients want, then it's up to him what he loses. Common sense would show that most people that have been around SC for a while would know that the NG's/forums/e-mail is seperate from ironport. Doesn't make it right for JT to simply ignore anything he doesn't feel he wants to address! From johnl at spamcop.net Wed Aug 3 00:22:56 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 19:25:04 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WazoO" wrote in news:dcousp$ia8$1 @news.spamcop.net: > I can say that I've volunteered a couple of times, but you'll note > the reactions caused by my volunteer efforts on the Forum. While your attitude isn't always the best , you have put in a lot of time and effort. But it still remains that JT just doesn't give a damm about anything that might cost him anything extra. Even tho, when I was paying for his services, one of the main reasons was for the "services", his attitude to me when I asked regarding problems in any way, was "deal with it". IOW.... FOAD From porpoise1954 at yahoo.co.uk Wed Aug 3 01:24:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Aug 2 19:25:08 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: "Joris Van Damme" wrote in message news:dcoumj$hv1$1@news.spamcop.net... > > Instead, when one top-quotes, one start with trimming and selecting those > parts one wishes to answer. Next, in a logical, chronological order, one > writes the answer below, and the answer quote naturally becomes a real > answer that relates to the question. It quite simply works. > Except what you're describing (trimming and contextualising) isn't top-posting. To start inserting yet a different (top-quoting) just confuses the shit out of everyone...... ;-) From MikeE at ster.invalid Tue Aug 2 17:27:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 19:30:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: > Instead, when one top-quotes, one start with trimming and selecting > those parts one wishes to answer. Next, in a logical, chronological > order, one writes the answer below, and the answer quote naturally > becomes a real answer that relates to the question. It quite simply > works. The very words, exactly, precisely, to which the reply is being made are sitting there right before one's eyes. In addition, the very process of 'precisely' trimming, so that the trimmed quote accurately and exactly reflects what it is that is being answered or commented on 'forces' the trimmer to be rereading those words. Also, that trimming process creates a transient 'separation' between the feelings and thoughts which were being generated while the respondent was first reading. The sequence becomes that the respondent is reading a message, the 'reaction' or reflex comes along to respond to the thoughts which arise during the reading. So then, the reply button is hit. But, the respondent doesn't just get to 'blurt out' what s/he was thinking. Instead, there is a delay while the previous post is being 'edited' by the accurate trimming process. This allows the thoughts to 'simmer' in the 'glow' of the process of the trimming; which necessitates re-reading the words - the exact words - which are going to be replied to. This results in the thoughts which are now going to be converted into the words of the response being 'better' -- they are better words because they've simmered and because they are applied to the exact words which preceded. And, they are better words for the next reader, because now the next reader can see the exact and precise context to which it belongs; not some context as the next reader remembers. People don't remember perfectly. They remember approximately, in the ballpark. And some people don't even remember in the correct ballpark -- because they were thinking about soccer instead of baseball. As opposed to the poster who topposts reflexly, like a knee jerk. They are reading, a thought jumps into their head, they hit reply and blurt out what they are thinking -- the context isn't even there. So very many times they fail to properly 'consider' what it was that they are 'attempting' to respond to -- they regularly 'miss the point' -- as if they weren't paying attention properly to what they are responding. Which they weren't when compared to how the trimming contextualizer is paying attention. The trimming contextualizer is not only paying better attention to what s/he is answering, but s/he is helping the reader pay better attention to what was said and what is being replied in precise context and precise responsiveness. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 19:29:45 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:30:11 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "Mike Easter" wrote in message news:dcohnm$962$1@news.spamcop.net... > > The ng/s were intended for anyone 'off the street' to be able to post to > ask questions. That configuration arose before there was a forum. Yes and no ... not sure what you consider the AnyBoard scenario ..?? > Since there's a forum now, and since the forum *does* require > registration to post, one might consider that there be a reconsideration > of the status or condtion of the ng/s. Not the final answer .. even with e-mail validation involved, I've banned two users that PM'd other users (one a Moderator) with 419 crap ... just this morning set a "warn" flag on a "Hi friends! I was born in Nigeria, now of Dubai, and ... just checking the valid of this site ..." sent to me. > However, the business of 'integrating' the SC registered reporters list > into a scheme for authorizing access to news.spamcop.net might or not be > non-trivial. Interestingly enough, the next version of the Forum app (due real soon) is supposed to have a completed "Converge" application, for sharing account data between applications ... such that one login data set could be used between a forum, web-page access, e-mail account, etc. > I think it is also still possible to email into the ng/s - so that's > another little issue. Mailing lists still work, though seemingly on auto-pilot ... Haven't heard Pete say much about any of that in ages. > There's a general concept that since the newsserver is run by someone > who is partial to the forum, that creating waves about alterations in or > demands on newserver management wouldn't be in the best interests of > those who want very much there to be newsgroups. The fear is that if > the newsgroups were too much trouble, there just wouldn't be any > newsgroups. Maybe you missed my last (though that doesn't sound like you) .. JT is not a large presence in the Forum either. Recall, SpamCop support is but a portion of his CES business. From amenex at amenex.com Tue Aug 2 20:36:18 2005 From: amenex at amenex.com (George Langford, Sc.D.) Date: Tue Aug 2 19:36:28 2005 Subject: [SpamCop-List] Source of reporting addresses for abuse reports Message-ID: <200508022336.j72NaIC01468@email1.voicenet.com> Ever since the demise of OpenRBL.org as we knew it, CompleteWhoIs has gotten slower & slower, until now it is impossible to get anything back from there. What is a struggling phish reporter to do ? For example, here's a recent SpamCop tracker for an eBay phish: http://www.spamcop.net/sc?id=z792513837z8f782546c38c7829381977b1ba379fedz Spamcop picked up abuse@hostnoc.net like I did, but I could not get any WhoIs information from EasyWhoIs or from CompleteWhoIs ... and I had to use TraceRT to pick up [abuse@]Level3.net. amenex From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 02:45:33 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 19:50:04 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > Except what you're describing (trimming and contextualising) isn't > top-posting. To start inserting yet a different (top-quoting) just > confuses the shit out of everyone...... I do agree my answer was confusing. I'm not native english, and often I have to do a lot of editing on any sentence I try to barf. Quite often, this means parts and pieces of previous versions end up in the final version, and, as we all know, it's hard to accurately re-read when you *think* you know what's there already. To make my point absolutely clear, this is what I tried to agree to: * top-posting = bottom-quoting = 'reflexly, like a knee jerk' * bottom-posting = top-quoting * top-quoters trim the quoting more often, since they see the need, since it's 'sitting there right before one's eyes' * for the same reason, they also tend to re-read what they are actually respond to, and the respons tends to be better I would like to stress this is not the only argument in favor of bottom-posting = top-quoting, but an additional argument, on top of the ones given in http://web.presby.edu/~nnqadmin/nnq/nquote.html, though it is a very good one. Joris From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 02:45:47 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 19:50:11 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > The sequence becomes that the respondent is reading a message, the > 'reaction' or reflex comes along to respond to the thoughts which arise > during the reading. So then, the reply button is hit. But, the > respondent doesn't just get to 'blurt out' what s/he was thinking. > Instead, there is a delay while the previous post is being 'edited' by > the accurate trimming process. > ... > As opposed to the poster who topposts reflexly, like a knee jerk.... Yes, I agree enterily. It is a very good point. I may want to add a page about good quoting style to my own site. Is it allright if I add parts and pieces of what you've said here to that? I'm not native english, and couldn't hope to explain this point equally well. Joris From nobody at devnull.spamcop.net Tue Aug 2 19:49:17 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 19:50:16 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcn94d$edt$1@news.spamcop.net... > > having a forum is great, but having the web pages > understandable is better. why the forum's clues are not at > least linked from the relevant pages? http://news.spamcop.net/pipermail/spamcop-list/2004-January/thread.html#71447 for the beginning of the Forum. Housed on different hardware, in a different part of the country, by another person. Although in the Admin slot on the Forum, I have no access to the www.spamcop.net system. From MikeE at ster.invalid Tue Aug 2 18:00:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 20:05:03 2005 Subject: [SpamCop-List] Re: Source of reporting addresses for abuse reports References: Message-ID: George Langford, Sc.D. wrote: www.spamcop.net/sc?id=z792513837z8f782546c38c7829381977b1ba379fedz > > Spamcop picked up abuse@hostnoc.net like I did, but I > could not get any WhoIs information from EasyWhoIs or > from CompleteWhoIs ... and I had to use TraceRT to pick > up [abuse@]Level3.net. I'm not sure I completely understand. We are talking about SC finding, deobfuscating, and resolving the phish when I look at the tracker. http://myebaysignin.net/ws/ebayisapidllsignin.htm host myebaysignin.net (checking ip) = 66.197.255.212 host 66.197.255.212 = 66-197-255-212.hostnoc.net (cached) Re: http://myebaysignin.net/ws/ebayisapidllsignin.htm (Administrator of network hosting website referenced in spam) abuse@hostnoc.net Internal spamcop handling: (level3) abuse#burst.net@devnull.spamcop.net That corresponds to my lookups: whois -h whois.arin.net 66.197.255.212 ... Network Operations Center 66.197.128.0 - 66.197.255.255 @hostnoc.net Nocster 66.197.240.0 - 66.197.255.255 @hostnoc.net whois -h whois.abuse.net hostnoc.net ... spamtool@level3.net abuse@level3.net abuse@hostnoc.net abuse@burst.net (for hostnoc.net) I just get that stuff from my SamSpadeWin console, but there are lots of ways. I also use the tools at dnsstuff. > Ever since the demise of OpenRBL.org as we knew it, > CompleteWhoIs has gotten slower & slower, until > now it is impossible to get anything back from there. I'm not sure how I would use openrbl on that; let me see It will resolve myebaysignin.net to 66.197.255.212 -- but I'm not acquainted with how to use it for anything but blocklistings. > What is a struggling phish reporter to do ? The openrbl has links to both dnsstuff and declude, which will look up a lot of blocklists, which that IP isn't on. Dnsstuff also has a whois function and an abuse.net lookup. Declude just links to dnsstuff. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Tue Aug 2 18:02:27 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Tue Aug 2 20:05:07 2005 Subject: [SpamCop-List] Re: Source of reporting addresses for abuse reports In-Reply-To: References: Message-ID: George Langford, Sc.D. wrote: > Ever since the demise of OpenRBL.org as we knew it, > CompleteWhoIs has gotten slower & slower, until > now it is impossible to get anything back from there. > > What is a struggling phish reporter to do ? Dunno, but it's already down from here. From MikeE at ster.invalid Tue Aug 2 18:02:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 20:05:13 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: > I may want to add a page about good quoting style to my own site. Is > it allright if I add parts and pieces of what you've said here to > that? I'm not native english, and couldn't hope to explain this point > equally well. Go for it. As is, with your own spin/ modifications, whatever you like. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 20:04:42 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 20:05:21 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dco1fh$ud2$1@news.spamcop.net... > > I'm sure that 'everyone' wishes that anyone who would want to be a > reporter, or a user of the SCbl, or anyone who was every affected by the > SCbl, be it admin or user, would be able to go to the 'real' web faq and > 'instantly' and painlessly and easily navigated to exactly the page > where they would be able to immediately read a crystal clear and > succinct uptodate explanation of whatever it was they wanted to know. And it was due to the complaints of the "hard to navigate" amd "not up to date" that caused me to toss together the single-page version offered up in the Forum. > The way to do that would be to have a faq which was up-to-date, > intuitively organized, and frequently reorganized and clarified and > amended. and as far as I can tell, the FAQ in the Forum meets at least most of those requirements. Lacking is the input from others to flush it out ... just yesterday was a suggested entry on "forwarding e-mail from PINE" .. answering a user-query from back in August on if it was possible to do multiple e-mail submittals .... > The forum is also a rough approximation of a place to create some > dynamic adjusting and pinning to the faq -- but it in no way resembles > what I described above about a real faq -- properly organized for > natural and intuitive navigation and enabling immediate and simple > introduction to the answer. As stated a few times before, JT offered to blow the money on a knowledgebase tool (pulling in your magical oak tree reference) ... but feedback on that query has been next to nill ..... > The forum is not a faq, and it also isn't some kind of magical oak tree > that we used to joke about here. True, but the Forum offers a version of 'the' FAQ that incorporates the one you call "the real FAQ" .... It's "all" there plus what continues to be added .... > The magical oak tree that I refer to harkens back to a time when people > could write a question into a box that was an entry to the mailing list > of the newsgroup. Often it seemed that those who so subscribed fully > expected that if they came back to that page, there would be an answer > waiting for them. It reminded me of a condition of someone coming along > to a magic oak tree, leaving a note inside a knothole, and coming back > to the hole later and finding their answer inside. Amazing to note that Microsoft still offers the same, some weird web interface to their newsgroups ... and still there are folks asking why all they see are questions, never any answers provided ... not knowing that if they hit the "+" at the left of the subject line, that all the answers would "magically" appear .... From MikeE at ster.invalid Tue Aug 2 18:10:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 20:15:03 2005 Subject: [SpamCop-List] Re: Source of reporting addresses for abuse reports References: Message-ID: George Langford, Sc.D. wrote: > and I had to use TraceRT to pick > up [abuse@]Level3.net. I think I'm going to focus on that part and see if I can clear anything up. Here is whatall SC said about the notifies for the URL. Resolves to 66.197.255.212 Routing details for 66.197.255.212 [refresh/show] Cached whois for 66.197.255.212 : postmaster@hostnoc.net Using abuse net on postmaster@hostnoc.net abuse net hostnoc.net = abuse@hostnoc.net, abuse@burst.net, abuse@level3.net, spamtool@level3.net Using best contacts abuse@hostnoc.net abuse@burst.net abuse@level3.net spamtool@level3.net abuse@burst.net bounces (17459 sent : 8789 bounces) Using abuse#burst.net@devnull.spamcop.net for statistical tracking. abuse@level3.net redirects to level3@admin.spamcop.net spamtool@level3.net redirects to level3@admin.spamcop.net Whatall that sez is that SC takes the hostnoc addy and uses abuse.net on it. As a result of that, it gets those 4 addresses for 'best contacts' -- then it uses its 'experience' with those addresses, one bounces too much so it has a devnull. 2 of them redirect to a special handling address for level3. So, at the 'bottom line' it just sez to the tracker reader abuse@hostnoc.net and the internal level3 and drops the bouncing burst. -- Mike Easter kibitzer, not SC admin From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 03:11:12 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 20:15:08 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > Go for it. Thanks! Joris From nobody at devnull.spamcop.net Tue Aug 2 20:16:49 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 20:20:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dco4el$k9$1@news.spamcop.net... > > Just as an example of how the faq /can/ get adjusted or changed promptly > for 'simplistic' issues. > > On Jul 30, adrianbye started a forum thread beefing about a problem with > information used from the faq about SpamKiller > http://forum.spamcop.net/forums/index.php?showtopic=4634&hl= > > So, that is 'evidence' of a couple of things. One is that the faq *CAN* > be amended promptly if there is the right kind of attention. The other > is that simple faq changes are more easily implemented than 'difficult' > ones. Another is that the channels of communication have some > preferences for the structures and input of the forum over whatever goes > on in the newsgroups. Just so there's no confusion, this FAQ change was accomplished based on an e-mail request from me ... using DavidT's analysis for justification. That the discussion took place in the Forum was just the decision of the poster .... Most of the Deputies admit that the Forum is "if they have the time" thing (being inundated with e-mail, then the newsgroups if time allows) ... In general, I only 'see' them there in response to an e-mail that I kick up on an issue. R.W. has stated that changes to that FAQ now need to be staffed, to include IronPort's legal ... so, no, making massive changes these days are not easy. On the other hand, all but one of my last dozen or so "change requests" have been done. (and on yet another hand, keeping up with some of those pages / entries is a manual thing .. as in your example, I have no idea when this SpamKiller app was added to that entry.) From MikeE at ster.invalid Tue Aug 2 18:40:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 20:45:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: WazoO wrote: > And it was due to the complaints of the "hard to navigate" amd "not > up to date" that caused me to toss together the single-page version > offered up in the Forum. And I think you are doing a great job with what you have to work with in the forum -- don't misunderstand that part of what I'm saying. A really great job. >> The way to do that would be to have a faq which was up-to-date, >> intuitively organized, and frequently reorganized and clarified and >> amended. > > and as far as I can tell, the FAQ in the Forum meets at least most > of those requirements. It is a forum. It navigates like a forum. It has links to webpages and other forum sections. Those webpages need to be well integrated with each other and optimized for navigational clarity and intuitiveness. I understand the faq and I can navigate the faq. I can also navigate the forum, but I don't like its navigation much. That webfaq needs improvement and inclusion of that content which can only be found in the forum. And finding the pieces in the forum requires navigation. I think that navigation can be done better with normal webpages, not a forum. Forum navigation is kludgy. >> The forum is also a rough approximation of a place to create some >> dynamic adjusting and pinning to the faq -- but it in no way >> resembles what I described above about a real faq -- properly >> organized for natural and intuitive navigation and enabling >> immediate and simple introduction to the answer. > > As stated a few times before, JT offered to blow the money on a > knowledgebase tool (pulling in your magical oak tree reference) ... > but feedback on that query has been next to nill ..... I don't know what kind of money needs to be spent. Maybe none. I would think that properly constructed webpages wouldn't be any money spent at all, but someone's time and authority to do so. The idea that you have to have an attorney's approval to change a faq page is absurd. >> The forum is not a faq, and it also isn't some kind of magical oak >> tree that we used to joke about here. > > True, but the Forum offers a version of 'the' FAQ that incorporates > the one you call "the real FAQ" .... It's "all" there plus what > continues to be added .... What needs to happen is that that old as well as new adjusted information needs to be in a webpage faq instead of a forum faq, IMO. >> The magical oak tree > that if they hit the "+" at the left of the subject line, that all the > answers would "magically" appear .... I was surprised at finding the MS webforum the other day. I'd only participated in the nntp newsserver groups. It also navigated poorly. Also the search tool in the forum works poorly. The other day I gave up on it and googled for the term using google web advanced limited to forum.spamcop.net. No I can't remember the example. I wanted a short phrase in quotes and it included short words or a short word and that was unacceptable. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 21:27:43 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Aug 2 21:30:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dcp3pe$m0f$1@news.spamcop.net... > WazoO wrote: > > Forum navigation is kludgy. no argument here > > As stated a few times before, JT offered to blow the money on a > > knowledgebase tool (pulling in your magical oak tree reference) ... > > but feedback on that query has been next to nill ..... > > I don't know what kind of money needs to be spent. Maybe none. I would > think that properly constructed webpages wouldn't be any money spent at > all, but someone's time and authority to do so. The idea that you have > to have an attorney's approval to change a faq page is absurd. JT'd suggestion / my query for input was looking at "Lore" ... example found at http://docs.invisionpower.com/kb/ Technically, I'll jump up and say that this particular knowledge base also sucks, but again, based on lack of input. Very few of the issues I've run into (and those posting in the support forums there) are actually addressed in this 'tree' .... (though allegedly the upcoming version will be much better documented) .. issue driven by the same scenario as SpamCop ... one magical programmer that is too busy coding to waste time trying to keep up with documentation ... > I was surprised at finding the MS webforum the other day. I'd only > participated in the nntp newsserver groups. It also navigated poorly. It was the newsgroup posts by folks using that interface that had me confused ... again, that "can't see this anywhere" while I'm looking at the same query 320 time in the last 400 posts (oly a slight exaggeration ) > Also the search tool in the forum works poorly. The other day I gave up > on it and googled for the term using google web advanced limited to > forum.spamcop.net. No I can't remember the example. I wanted a short > phrase in quotes and it included short words or a short word and that > was unacceptable. a mysql thing, no indexing words 3-letters or less ... thus the inclusion of the Google search function at the top of the Forum screens. As far as that goes, I couldn't find one of my own posts using either the Forum search tool of the Google interface ... obviously forgetting my own 'magic' words for a successful search ... had to do the research once again to come up with the needed data .... From skiwi at spamcop.net Tue Aug 2 19:31:04 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Aug 2 21:35:03 2005 Subject: [SpamCop-List] Now THIS is some good link obfuscation :-) Message-ID: http://www.spamcop.net/sc?id=z792521703z1377c70926ecee37065a5ef413ed2de0z From anon at coks.net Tue Aug 2 20:04:46 2005 From: anon at coks.net (J G) Date: Tue Aug 2 22:05:04 2005 Subject: [SpamCop-List] Re: Now THIS is some good link obfuscation :-) In-Reply-To: References: Message-ID: On 8/2/2005 6:31 PM Skiwi scribbled: > http://www.spamcop.net/sc?id=z792521703z1377c70926ecee37065a5ef413ed2de0z Got one of them last week - couldn't believe it. I think its Beijing retaliating for losing Unocal... From nobody at devnull.spamcop.net Wed Aug 3 13:18:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Aug 2 23:20:02 2005 Subject: [SpamCop-List] Re: Source of reporting addresses for abuse reports In-Reply-To: References: Message-ID: George Langford, Sc.D. wrote: > Ever since the demise of OpenRBL.org as we knew it, > CompleteWhoIs has gotten slower & slower, until > now it is impossible to get anything back from there. > > What is a struggling phish reporter to do ? > > For example, here's a recent SpamCop tracker for an > eBay phish: > http://www.spamcop.net/sc?id=z792513837z8f782546c38c7829381977b1ba379fedz > > Spamcop picked up abuse@hostnoc.net like I did, but I > could not get any WhoIs information from EasyWhoIs or > from CompleteWhoIs ... and I had to use TraceRT to pick > up [abuse@]Level3.net. > > amenex My guess is that you are talking about http://myebaysignin.net/ I use Sam Spade to get the IP address, which is 66.197.255.212. I feed this into http://www.completewhois.com/ which returns "Network Operations Center Inc." (NOC) = hostnoc.net I know, CompleteWhois sometimes has some short delays, but the information above was returned instantly. From petzl at spamcop.net Wed Aug 3 20:54:11 2005 From: petzl at spamcop.net (petzl) Date: Wed Aug 3 05:55:03 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: "NerdRevenge" wrote in message news:dcmj2i$2ds$1@news.spamcop.net... > > "petzl" wrote in message > news:dcm5uu$rqe$1@news.spamcop.net... >> >> "NerdRevenge" wrote in message >> news:dclunf$ngu$1@news.spamcop.net... > I did report 23 spams today from the same IP adress in the same newsgroup > posted within moments of each other. The "Make Millions with PayPal" scam. > > Result..No IP listed > > There are also others who love to flood some groups with copyrighted news > stories that have nothing to do with the subject group. > Resut..No IP listed and flooding continues All SpamCop is going to do with usernet is to try and identify and abuse address (Usernet is NOT a SpamCop strong point and SpamCop will NOT add any usernet IP to its SCBL) I repeat if you have an abuse address *advertise it* in that usernet group I found this succesful in some usernet groups (The Idea is if MANY complain more is likleytobe done blocking the spammer) Petzl From peter at gradwell.com Wed Aug 3 12:33:56 2005 From: peter at gradwell.com (Peter Gradwell) Date: Wed Aug 3 06:35:04 2005 Subject: [SpamCop-List] listing of inbound mail relays Message-ID: Hello Spamcop have reported a spam which we received as an inbound email forwarder. i.e. spamer -> forwarder -> final destination Surely this is wrong? I thought the spamcop parsers were clever enough to figure out which servers are forwarding mail? cheers peter -----Original Message----- From: Darran [mailto:1465687303@reports.spamcop.net] Sent: 11 July 2005 15:33 To: helpdesk@newnet.co.uk Subject: [SpamCop (relay:80.175.47.10) id:1465687303]Otc Stox Newsletter presents just the facts [ SpamCop V1.466 ] This message is brief for your comfort. Please use links below for details. Email passed through 80.175.47.10 / Mon, 11 Jul 2005 15:32:45 +0100 http://www.spamcop.net/w3m?i=z1465687303z3309b15cd8735b53552f101792705914z [ Offending message ] X-Symantec-TimeoutProtection: 0 Envelope-to: x Delivery-date: Mon, 11 Jul 2005 15:33:35 +0100 Received: from sh-mail-2.gradwell.net ([80.175.47.10]) by pih-mxcore07.plus.net with esmtp (PlusNet MXCore v2.00) id 1DrzLj-0007Pl-24 for x; Mon, 11 Jul 2005 15:33:35 +0100 X-Gradwell-Mailfilter: SpamAssassin hits were [Mon, 11 Jul 2005 15:33:02 +0100] [rule id 2118 (default)] X-Gradwell-Mailfilter: Not Spam, SpamAssassin hits of 0.0 (5 required) [Mon, 11 Jul 2005 15:33:02 +0100] [rule id 2118 (default)] X-Envelope-To: x X-Forwarding-To: x Delivered-To: forwarding-x Received: from 200216042226.user.veloxzone.com.br ([200.216.42.226]) by sh-mail-2.gradwell.net with smtp (Gradwell gwh-smtpd 1.185) id 42d2830d.e193.3c4 for x; Mon, 11 Jul 2005 15:32:45 +0100 (envelope-sender ) Received: from [127.107.116.62] (port=3291 helo=[Gordon]) by 200216042226.user.veloxzone.com.br with esmtp id 10186786489Nikhil6777 for x; Mon, 11 Jul 2005 12:34:33 -0200 Mime-Version: 1.0 (987) Content-Transfer-Encoding: 7bit Message-Id: <1044______________5562@200216042226.user.veloxzone.com.br> Content-Type: text/plain; charset=US-ASCII; format=flowed To: x From: Mickey Subject: Otc Stox Newsletter presents just the facts Date: Mon, 11 Jul 2005 12:34:32 -0200 X-Mailer: WinApple SMail (987) X-RegEx-Score: 59.6 X-RegEx: [59.6] FROM_AND_RECEIVED_DO_NOT_MATCH FQDN in From and Received header do not match X-SpamPal: PASS -- peter gradwell. gradwell dot com Ltd. http://www.gradwell.com/ -- engineering & hosting services for email, web and voip -- -- http://www.peter.me.uk/ -- http://www.voip.org.uk/ -- From nobody at devnull.spamcop.net Wed Aug 3 07:02:31 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Aug 3 07:00:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" wrote in message news:dcoh5e$8q6$1@news.spamcop.net... > > http://www.doxdesk.com/parasite/nCase.html > Really, I'm starting to think the old dream of a world-wide network of > information is lost. The information is still out there and safely accessible. However, if one uses the internet for purchasing items also, then one can have a problem distinguishing between honest merchants and spammers. But email is limited to those you know unless you maintain throwaway accounts and spend time filtering all email. Miss Betsy From nobody at devnull.spamcop.net Wed Aug 3 07:30:14 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Aug 3 07:25:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dco1fh$ud2$1@news.spamcop.net... > Miss Betsy wrote: > > IMHO, part of the rationale for not revising the pages is to > > eliminate those reporters who are technically non-fluent and are > > either incapable or unwilling to learn the basics. > > I really don't think there is a conscious effort to create an > information gap or hurdle to deter any users. I can't imagine that you > would even think that. It may not be entirely conscious or deliberate. However, obviously TPTB think the FAQ are sufficient as is and are not concerned with those who can't find answers. Many of the people who use spamcop are admins and it was not designed to be used by a simple end user who doesn't have control of the server - though it can be used by end users. > > > The way to do that would be to have a faq which was up-to-date, > intuitively organized, and frequently reorganized and clarified and > amended. > > Further, there also needs to be a 'simplistic' way that someone can ask > a question and have it answered. The forum is a pretty good > approximation of that, because a certain percentage of the population > doesn't 'do' newsgroup questions. However, most of that same group > also doesn't 'do' navigating either. > > The forum is also a rough approximation of a place to create some > dynamic adjusting and pinning to the faq -- but it in no way resembles > what I described above about a real faq -- properly organized for > natural and intuitive navigation and enabling immediate and simple > introduction to the answer. > > The forum is not a faq, and it also isn't some kind of magical oak tree > that we used to joke about here. I have written 'manuals' informally and it is amazing what people will do that you haven't covered or how they will misunderstand what you have written. It probably requires a person with a special gift plus lots of experience to produce what you have described. The forum is not a FAQ, but it does have a FAQ section. ISTM, that there are not so many 'newbie' questions on either the forum or the ng since the Forum FAQ has been established. However, my statement that revision of the main SpamCop web pages is low priority still stands including that TPTB have no interest in volunteers who would improve them since not even the appointed volunteer Forum moderators can get changes made. My guess is as good as yours why this is so, but that it is so is evident. Miss Betsy From nobody at devnull.spamcop.net Wed Aug 3 07:35:51 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Aug 3 07:30:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "WazoO" wrote in message news:dcp6ig$nd5$1@news.spamcop.net... > "Mike Easter" wrote in message > news:dcp3pe$m0f$1@news.spamcop.net... > > Also the search tool in the forum works poorly. The other day I gave up > > on it and googled for the term using google web advanced limited to > > forum.spamcop.net. No I can't remember the example. I wanted a short > > phrase in quotes and it included short words or a short word and that > > was unacceptable. > > a mysql thing, no indexing words 3-letters or less ... thus the > inclusion of the Google search function at the top of the > Forum screens. As far as that goes, I couldn't find one of > my own posts using either the Forum search tool of the > Google interface ... obviously forgetting my own 'magic' > words for a successful search ... had to do the research > once again to come up with the needed data .... Well, I am glad that the 'experts' have trouble with the 'search' in the forum! I don't feel like such an idiot because I couldn't find what I wanted! Miss Betsy From MikeE at ster.invalid Wed Aug 3 06:22:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Aug 3 08:25:03 2005 Subject: [SpamCop-List] Re: listing of inbound mail relays References: Message-ID: Peter Gradwell wrote: > Spamcop have reported a spam which we received as an inbound email > forwarder. > > i.e. spamer -> forwarder -> final destination Here's what the headers show: Abbreviated Received lines *comment from sh-mail-2.gradwell.net ([80.175.47.10]) by pih-mxcore07.plus.net *serves you from 200216042226.user.veloxzone.com.br ([200.216.42.226]) by sh-mail-2.gradwell.net *sourceline from [127.107.116.62] by 200216042226.user.veloxzone.com.br *bogusline The 2nd line is a user IP, not a server. The bottomline is a non-routing or 'special use' IP block - all of 127. > Surely this is wrong? I thought the spamcop parsers were clever enough > to figure out which servers are forwarding mail? I'm not understanding what 'forwarding' is bothering you. The spamsource is .br, gradwell forwards to plus. SC correctly names the .br spamsource. Are you thinking that the 127 IP should be the source? The report which was sent about the intermediary server gradwell was sent at the 'request' of the server's admin. http://www.spamcop.net/sc?id=z784747632z555f21b6db0d6b35b4f851336f1c3dcbz If reported today, reports would be sent to: Re: 200.216.42.226 (Administrator of IP block - statistics only) postmaster@telemar.net.br The tracker also sez that reports were sent to the relay/ forwarder/ intermediary handler , at the request of the relay Reports regarding this spam have already been sent: Re: 200.216.42.226 (Administrator of network where email originates) Re: 80.175.47.10 (Administrator interested in intermediary handling of spam) Reportid: 1465687303 To: helpdesk@newnet.co.uk Reportid: 1465687307 To: postmaster@newnet.co.uk -- Mike Easter kibitzer, not SC admin From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 15:22:58 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Wed Aug 3 08:25:09 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > The information is still out there and safely accessible. I doubt that. When is the last time you actually surfed the web, you know, following links, finding good stuff, reading up, following links, finding etc... Most people I know lost that habit about 5 years ago, simply because the ratio filth/information got too bad. Additionally, pop-ups and stuff made it impossible. And people stopped caring about breaking the browser's back button. Real content sites got hijacked, duplicated, abandoned, and thus most links on actual content sites are dead now. Chronologically last, the 'good' folks simply stopped linking to good content, like they used to do because they used to regard it their netcitizen duty. Thus, 'the information', in the sense of the 'Great Library of all Mankind' that we once dreamt about, it's defenetly lost. The web is in a state often refered to as 'linux' by windows users: there's some good stuff, sure, but it will not be there tomorrow, it's not maintained, and it's totally burried under a huge pile of garbadge and dead corpses. In short, the web as a whole, becaome totaly useless. That's why we don't browse it anymore, and need hit-and-run-and-return-to-google tactics instead, that'll still bring out some use, up to this day, from time to time. Of course, the real tragedy is that users adapt. We used to be singing Nina Simone and Aretha Franklin. Today, we're singing commercial tunes. We used to illegally copy Office, today we're paying for screensavers. Pretty soon, we'll actually be subscribing to spam, mark my words. Pop-ups and pop-unders will be regarded as useful. Newest generation of internet users will not be able to understand why we once tried to block out such enourmously hip information. We'll be paying big bucks to turn our machine into the best zombie in the army of the hippest most famous spammer, and that'll be the new definition of 'internet'. 'Great Library of all Mankind' seems to have become a ridiculously farfetched notion, today already. All our efforts to improve software and hardware were in vain, because the bottleneck bug that we cannot work around is the user. All specifications we still try to maintain today are in vain, nobody cares about valid HTML as we massivelly start to think rendering in the hip browsers is what counts, and lost the ability to read specifications anyhow. Pretty soon, all that is posted in this newsgroup will be the question 'hi i want to anti-spam but not know how please help'. Mike Easter, or some other Last of the Mohikans, will respond with three or more pages of valuable content, until the day he drops dead. And the original poster will reply, bottom-quoting his entire message, in Outlook-HTML mail format for sure, adding a single line at the top 'just want anti-spam but not know how please help'. Then the day will come, Mike will drop dead, and all will be lost... Well, you surely get my point. I did try to look at it from the bright side, don't you think? ;-) Joris From nobody at spamcop.net Wed Aug 3 08:28:49 2005 From: nobody at spamcop.net (Ellen) Date: Wed Aug 3 08:25:14 2005 Subject: [SpamCop-List] Re: listing of inbound mail relays References: Message-ID: "Peter Gradwell" wrote in message news:dcq6i1$704$1@news.spamcop.net... > Hello > > Spamcop have reported a spam which we received as an inbound email > forwarder. > > i.e. spamer -> forwarder -> final destination > > Surely this is wrong? I thought the spamcop parsers were clever enough > to figure out which servers are forwarding mail? > > cheers > peter > The parse looks fine to me. If you see otherwise please write to us at deputies@admin.spamcop.net with your concerns. The parser finds the source to be 200.216.42.226. Ellen SpamCop From MikeE at ster.invalid Wed Aug 3 06:42:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Aug 3 08:45:03 2005 Subject: [SpamCop-List] Re: listing of inbound mail relays References: Message-ID: Peter Gradwell wrote: > Spamcop have reported a spam which we received as an inbound email > forwarder. The report was sent at the request of the admin for the forwarding server, to be notified of spams which were sourced elsewhere and forwarded. > i.e. spamer -> forwarder -> final destination > > Surely this is wrong? I thought the spamcop parsers were clever enough > to figure out which servers are forwarding mail? SC figured it out. SC determined the source was .br and the forwarder was gradwell and notified the provider for gradwell as well as the source provider. SC said that the source was .br and that the relayer/forwarded was gradwell and sent that notify to newnet.co.uk. > To: helpdesk@newnet.co.uk > Subject: [SpamCop (relay:80.175.47.10) id:1465687303]Otc Stox > Newsletter presents just the facts Notice that the report sez *relay* -- not source. > Email passed through 80.175.47.10 / Mon, 11 Jul 2005 15:32:45 +0100 Notice that it sez 'passed through' A provider can determine what kinds of reports to get, which can include relaying http://www.spamcop.net/fom-serve/cache/266.html How can I control what type of reports I receive? - SpamCop now allows selection of report types. If a provider signs up here http://www.spamcop.net/fom-serve/cache/94.html How can I get SpamCop reports about my network? -- Report routing -- Then they can get whatever kinds of reports they want by configuring their preferences. -- Mike Easter kibitzer, not SC admin From jdd at dodin.org Wed Aug 3 15:56:02 2005 From: jdd at dodin.org (jdd) Date: Wed Aug 3 09:00:03 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Interesting discussion :-) two things: * it should be easy to set the "help" link at the same level than others tags like "report spam" or "filtered e-mail". In most of my experience, little help link at the top of the screen is contextual help, concerning only the use of the actual page, not so appealing. * a wiki is the best method to hold longterm doc. It's mostly user's maintained. Hoaxes are very rare as intelligent users can fix this immediately. As a -small- participation, I setup a page about spamcop on my own french wiki http://dodin.org/mediawiki/index.php/SpamCop. Any french speaking visitor can add. jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From vincehoran at gmail.com Wed Aug 3 15:04:51 2005 From: vincehoran at gmail.com (Vince Horan) Date: Wed Aug 3 09:04:57 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: On 8/3/05, Joris Van Damme wrote: > Thus, 'the information', in the sense of the 'Great Library of all Mankind' > that we once dreamt about, it's defenetly lost. The web is in a state often > refered to as 'linux' by windows users: there's some good stuff, sure, but > it will not be there tomorrow, it's not maintained, and it's totally burried > under a huge pile of garbadge and dead corpses. In short, the web as a > whole, becaome totaly useless. That's why we don't browse it anymore, and > need hit-and-run-and-return-to-google tactics instead, that'll still bring > out some use, up to this day, from time to time. On the assumption your tongue is less in the cheek that it should be writing this stuff, a counter reply is needed :-) I am not sure what on the web you are interested in but there must be 100s/1000s of pursuits where the web remains invaluable and largely unpolluted resource. As an example, I am heavily into aviation. The web site www.airliners.net contains over 800,000 pictures of aircraft. Now that amount of storage doesn't come cheap, so there is an element of what you say as the site does carry banners or you can subscribe to go advert free. Likewise the sites www.planemad.net and www.airlinerslist.com contain a wealth of information for those wanting to watch planes. This can't be the only pursuit that remains relatively garbage and corpse free, shurely? PS. I have no commercial or otherwise interest in the mentioned sites other than being a user of them. Vince Horan Copthorne,UK From spamcop at oitc.com Wed Aug 3 10:01:08 2005 From: spamcop at oitc.com (spamcop) Date: Wed Aug 3 09:05:06 2005 Subject: [SpamCop-List] Finds URL but no report :-( Message-ID: RE: http://www.spamcop.net/sc?id=z792692063z8502ff095412a682e7078a4c00c008e9z Spamcop finds http://uk.geocities.com/olreybaker/?lklkivy=j.credit_card_balances_vani but doesn't report it. Tom From jdd at dodin.org Wed Aug 3 16:02:03 2005 From: jdd at dodin.org (jdd) Date: Wed Aug 3 09:05:12 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Joris Van Damme wrote: > to illegally copy Office, today we're paying for screensavers. Pretty soon, I think you are ready to join the open source world (from wich spamcop is very near). try http://tldp.org http://openoffice.org http://gnu.org http://www.mozilla.org not to mention http://www.ibiblio.org/ or http://sf.net and you will find meaningfull information, as I do most of the time. :-) jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 16:23:13 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Wed Aug 3 09:25:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > On the assumption your tongue is less in the cheek that it should be > writing this stuff, a counter reply is needed :-) Let me assure you your assumption is completely wrong, I did have a lot of fun writing that post. That does not mean I wrote it just for fun, though, of course not. I do believe there is some drift towards the hipper and away from the content-centered websites. And the more we write tongue-in-cheek messages like I did, the more chance new people have of becoming aware of these issues and doing better, despite the loads of bad examples out there. > The web site www.airliners.net ... Quick check: http://validator.w3.org/check?uri=http%3A%2F%2Fwww.airliners.net%2F&charset=%28detect+automatically%29&doctype=Inline&verbose=1 That's when I stop looking, when I'm in a bad mood. But please don't be offended, if your site is about actual content and does not break my browser back button or pop up additional windows in my face, then keep up the good work. Joris From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 16:23:51 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Wed Aug 3 09:25:10 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > I think you are ready to join the open source world (from > wich spamcop is very near). Probably, except that I have mouths to feed, and respect the fact that some of my fellow coders have mouths to feed to. Joris From MikeE at ster.invalid Wed Aug 3 07:53:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Aug 3 09:55:02 2005 Subject: [SpamCop-List] Re: Finds URL but no report :-( References: Message-ID: spamcop wrote: www.spamcop.net/sc?id=z792692063z8502ff095412a682e7078a4c00c008e9z > > Spamcop finds > http://uk.geocities.com/olreybaker/?lklkivy=j.credit_card_balances_vani > but doesn't report it. Sometimes SC finds a link and deobfuscates it but doesn't try to resolve it. On another occasion it might resolve it and offer to report. If you put that link into the parser naked, it will resolve to 66.218.77.68 and SC will offer the yahoo reporting addies. -- Mike Easter kibitzer, not SC admin From vincehoran at gmail.com Wed Aug 3 15:59:40 2005 From: vincehoran at gmail.com (Vince Horan) Date: Wed Aug 3 09:59:45 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: On 8/3/05, Joris Van Damme wrote: > > On the assumption your tongue is less in the cheek that it should be > > writing this stuff, a counter reply is needed :-) > > Quick check: > http://validator.w3.org/check?uri=http%3A%2F%2Fwww.airliners.net%2F&charset=%28detect+automatically%29&doctype=Inline&verbose=1 > > That's when I stop looking, when I'm in a bad mood. But please don't be > offended, if your site is about actual content and does not break my browser > back button or pop up additional windows in my face, then keep up the good > work. As stated this is not my site. I use alot and I know it is a little annoying that it does not obey the standards. There are ways around this for regular users, but this is too far off topic already :-))) Vince. From devnull at spamcop.net Wed Aug 3 12:12:12 2005 From: devnull at spamcop.net (Frog Prince) Date: Wed Aug 3 11:20:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" | > The information is still out there and safely accessible. | | I doubt that. When is the last time you actually surfed the web, you know, | following links, finding good stuff, reading up, following links, finding | etc... Most people I know lost that habit about 5 years ago, simply because | the ratio filth/information got too bad. Additionally, pop-ups and stuff | made it impossible. And people stopped caring about breaking the browser's | back button. Real content sites got hijacked, duplicated, abandoned, and | thus most links on actual content sites are dead now. Chronologically last, | the 'good' folks simply stopped linking to good content, like they used to | do because they used to regard it their netcitizen duty. | I've been an engineer for more than 40 years. In the olden days (pre internet) a data search was an arduous task and very expensive often involving a considerable staff. Many projects were not pursued due to the amount of physical effort and cost involved. I'm retired now and can very easily do the deed from my home computer. What's more instead of giving someone, say the family of an Alzheimer's patient, a ream of paper I can provide them with links to the specific data that applies to their situation. The same goes for research results on drugs. NASA has a tremendous amount of technical data that in the olden days took months to get into print and was often limited to people who had a specific interest in the subject and considerable funds to allow access. If I need a copy of the circuit diagram of an old 30's era radio ... there are none in print *anywhere* but I can access on the net. I've shown 95 year old ladies who grew up on dirt farms how to access and search the net. It's not a matter of what's where but of knowing how to do the deed. Like everything in life some are better at a given process than others. From jr70 at blackhole.invalid Wed Aug 3 09:49:58 2005 From: jr70 at blackhole.invalid (John Richards) Date: Wed Aug 3 11:50:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Joris Van Damme wrote: > Mike Easter, > or some other Last of the Mohikans, will respond with three or more pages of > valuable content, until the day he drops dead. And the original poster will Sometimes I think Mike gets paid IAW how many words he uses. Just kidding, I know better. -- John Richards From jr70 at blackhole.invalid Wed Aug 3 10:03:43 2005 From: jr70 at blackhole.invalid (John Richards) Date: Wed Aug 3 12:05:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Frog Prince wrote: > > I've been an engineer for more than 40 years. In the olden days (pre > internet) a data search was an arduous task and very expensive often > involving a considerable staff. Many projects were not pursued due to the > amount of physical effort and cost involved. > > I'm retired now and can very easily do the deed from my home computer. > What's more instead of giving someone, say the family of an Alzheimer's > patient, a ream of paper I can provide them with links to the specific data > that applies to their situation. The same goes for research results on > drugs. [snip] Like you, I'm a retired engineer (BSEE) who enjoys using the web and helping others to do the same. I'm also an unpaid beta tester for Microsoft, helping to improve new software that's coming down the pike. Things like searches will soon become easier and better. It's premature to shout that the sky is falling. But the world is indeed getting more complicated. Unless one is knowledgeable about concepts like firewalls, anti-virus software, anti-spy software, spam, and the like, it is easy to become a victim. -- John Richards From pxpearson at spamxcop.net Wed Aug 3 10:10:38 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Wed Aug 3 12:15:04 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: jdd wrote: [snip] > * a wiki is the best method to hold longterm doc. Yes! Excellent! A wiki. [snip] > wiki http://dodin.org/mediawiki/index.php/SpamCop. Any > french speaking visitor can add. How about anglophone visitors who just *think* they can speak French? Does the Academie Francaise send policemen to confiscate hard disks contaminated with franglais? Time will tell whether Spamcop has enough enemies to disable the wiki. -- Remove the two x's to get a good email address. From PleaseReplyTo at TheGroupInstead.be Wed Aug 3 19:16:59 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Wed Aug 3 12:20:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: You didn't actually get my point, I think. I said stuff like... > > That's why we don't browse it anymore, and > > need hit-and-run-and-return-to-google tactics instead, that'll still bring > > out some use, up to this day, from time to time. How does a reply like... > I've shown 95 year old ladies who grew up on dirt farms how to access and > search the net. ...contradict that? OK, you've shown the ladies how to use Google and/or how to type an URL in the address bar. So? How is that related? Please check if the 95 year old ladies are able to keep out the spyware, disregarding of course those that use nothing but their Outlook to send a message and Google to find a page and never actually install anything or such. That *is* related to what I said. I also said, and you've quoted: > > When is the last time you actually surfed the web, you know, > > following links, finding good stuff, reading up, following links, finding > > etc... Most people I know lost that habit about 5 years ago, simply > > because the ratio filth/information got too bad. That is, you've quoted that, but neglected to answer. When was the last time you actually surfed, following links that lead to other websites, that had usefull links, that lead to other websites, etc. Have you tried that recently? That *is* related to what I said. How heavy a pop-up and pop-under and filth blocker do you need when stepping outside websites like NASA's and those of university investigation into Alzheimer and such? And doing so, do you find that your browser back button is broken more often then not, by HTML-level 'redirects' that should actually have been HTTP-level 30x replies, and by "target="..."" attributes in tags and such? Now that is what I'm talking about. And I merely mention the most common stuff, I didn't even get back to what this all started with, the URLs to reports of filth such as... http://www.doxdesk.com/parasite/nCase.html http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 .. which is dozens of times worse. > Like everything in life some are better at a given process than > others. I thorougly resent that. I'm an old-school professional, and, like most, I have the tremendous ego to match it. I know most of the specifications I was refering to by heart, or very nearly so. Like you, I've been around longer then the internet itself, but, unlike you, the internet is directly related to my profession. I've had to do considerable effort making my own pages at least as visible in Google (amongst others) as the garbadge, and I did so successfully, learning more about its inner workings then most think is possible. With all due respect, but I think it's quite likely I do a better job finding the stuff I need, then you did reading the message you've replied to. Joris From nobody at devnull.spamcop.net Wed Aug 3 13:05:35 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Aug 3 13:10:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcqet3$bvr$1@news.spamcop.net... > Interesting discussion :-) > > * a wiki is the best method to hold longterm doc. It's mostly user's > maintained. Hoaxes are very rare as intelligent users can fix this > immediately. As a -small- participation, I setup a page about spamcop on > my own french wiki http://dodin.org/mediawiki/index.php/SpamCop. Any > french speaking visitor can add. Others have done similar things: Marjolein and Spambo are two that come to mind though their pages were more about spam in general, I believe. Miss Betsy From nobody at devnull.spamcop.net Wed Aug 3 14:55:25 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Aug 3 15:00:09 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcqet3$bvr$1@news.spamcop.net... > > * a wiki is the best method to hold longterm doc. It's > mostly user's maintained. Hoaxes are very rare as > intelligent users can fix this immediately. As a -small- > participation, I setup a page about spamcop on my own french > wiki http://dodin.org/mediawiki/index.php/SpamCop. Any > french speaking visitor can add. http://forum.spamcop.net/forums/index.php?showtopic=4236&st=0&p=12322&#entry12322 http://forum.spamcop.net/forums/index.php?showtopic=3486&st=0&p=23316&#entry23316 http://forum.spamcop.net/forums/index.php?showtopic=4387&st=0&p=29325&#entry29325 From devnull at spamcop.net Wed Aug 3 21:36:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Wed Aug 3 20:40:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" < | > Like everything in life some are better at a given process than others. | | I thoroughly resent that. I'm an old-school professional, and, like most, I have the tremendous ego to match it. I know most of the specifications I was referring to by heart, or very nearly so. Like you, I've been around longer then the internet itself, but, unlike you, the internet is directly related to my profession. I've had to do considerable effort making my own pages at least as visible in Google (amongst others) as the garbage, and I did so successfully, learning more about its inner workings then most think is possible. | | With all due respect, but I think it's quite likely I do a better job | finding the stuff I need, then you did reading the message you've replied | to. Make up your mind either the internet is too vast and too complicated or it's not. Either it's beyond your associates ability to navigate or it's not. Perhaps your associates gave up on the process as it did not provide what they needed in the manner they needed and they chose to go in a different direction? Bad stuff is out there, on the net and in real life. Part of the definition of intelligence is the ability to tell the difference and use that data to address the problem. Alternatively to have someone available that can teach you the difference with regard to what is good and is not good for your particular circumstance.. Einstein was once reflected (and I paraphrase) that 'knowledge is not having all the answers but knowing how to find the answers when you need them'. As to the old ladies, they don't need to know all the details about AV/firewalls, how an automobile runs or that the electrical power in their homes has the requisite safety features only that the necessary technology is in place. Their concern is that when they flip the switch the lights go on and the house does not burn down in the process. Not that it matters for this discussion, exactly how do you know the internet is not directly related to my profession? Would developing systems to transmit physiological data/images over Arpanet via 300 baud modems from dumb terminals count? FWIW I have an 11 y.o. grand daughter that is better at the internet than I am, likewise I know quite a few 16 year olds, in foster care no less, that have managed to out smart some sharp computer geeks. There is no reason that they should know how except in the manner of jail house lawyers. To my thinking your presumption and associated justifications that the internet is failing comes very close to Chicken Little's story about the sky falling and suggest either you are an alarmist or that you really don't understand the process. From PleaseReplyTo at TheGroupInstead.be Thu Aug 4 04:23:23 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Wed Aug 3 21:25:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > Make up your mind either the internet is too vast and too complicated or > it's not. Perhaps you wouldn't mind answering some of the particular issues I raised and questions I asked you. Perhaps then you would see that complication is not the key issue, and my own ability is not an issue at all. Good quoting style may help you identifying these issues and questions. Untill then, Joris From devnull at spamcop.net Wed Aug 3 22:46:23 2005 From: devnull at spamcop.net (Frog Prince) Date: Wed Aug 3 21:50:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" wrote in message news:dcrqm7$449$1@news.spamcop.net... | > Make up your mind either the internet is too vast and too complicated or | > it's not. | | Perhaps you wouldn't mind answering some of the particular issues I raised | and questions I asked you. Perhaps then you would see that complication is | not the key issue, and my own ability is not an issue at all. Good quoting | style may help you identifying these issues and questions. | | Untill then, Ignore the obvious if you will but it seems we agree on one thing ... there is no point in further discussion. From MikeE at ster.invalid Wed Aug 3 21:07:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Aug 3 23:10:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Joris Van Damme wrote: > When is the last time you actually surfed the web, you > know, following links, finding good stuff, reading up, following > links, finding etc... I do that all the time. I usually start with a target and google -- but then I get links which lead to links etc. I've been doing it for years and do it just about every day. My last 'venture' started with a recent article about 'The Lost City' and the 'surfing trip' took me all around to old year 2000 websites and the Univ. of Washington's oceanography dept.. Those sites and others which came in 2003 started being created and developed when the 'city' was discovered on an oceanographic trip. The city is made of hundreds of feet tall limestone underwater vents. The oceanographers were initially 'exploring' the Atlantis Massif, an undersea 12000 foot mountain. First they explored with manned submersible Alvin; now the city is explored with the unmanned Hercules and coordinated at the U of Wash. in Seattle. It is another example of remote exploration and high speed high quality data transmission, like the Mars rovers. > Thus, 'the information', in the sense of the 'Great Library of all > Mankind' that we once dreamt about, it's defenetly lost. I wouldn't say that. > In short, the web as a whole, becaome totaly > useless. No. I find it very useful. > All specifications we still try to maintain > today are in vain, nobody cares about valid HTML Very true. There's a proposal that everyone boycott IE7 because of MS's noncompliant behavior. http://www.windowsitpro.com/windowspaulthurrott/Article/ArticleID/47208/windowspaulthurrott_47208.html IE 7.0 Technical Changes Leave Web Developers, Users in the Lurch -- "My advice is simple: Boycott IE. It's a cancer on the Web that must be stopped. IE isn't secure and isn't standards-compliant, which makes it unworkable both for end users and Web content creators." That article was also the subject of a Slashdot discussion. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Thu Aug 4 05:18:51 2005 From: nobody at nowhere.not (Robert Blair) Date: Thu Aug 4 00:20:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Thu, 4 Aug 2005 03:07:32 UTC, "Mike Easter" wrote: > IE 7.0 Technical Changes Leave Web Developers, Users in the Lurch -- "My > advice is simple: Boycott IE. It's a cancer on the Web that must be > stopped. IE isn't secure and isn't standards-compliant, which makes it > unworkable both for end users and Web content creators." I have been doing that for years, not just IE but anything MS. I got tired of their junk many years ago and to date they have not demonstrated any improvement in what they sell. I have just reported problems to a web site trying to use their web pages in Firefox. I expect it works in IE but since I don't have windows I can not try it and see. The answer I expect is to use IE, and then we will start a very blunt discussion about what to use and what not to use on the net. -- Robert Blair From MikeE at ster.invalid Wed Aug 3 23:32:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Aug 4 01:35:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Robert Blair wrote: > "Mike Easter" >>IE isn't secure and isn't standards-compliant, which >> makes it unworkable both for end users and Web content creators." > I have just reported problems to a web site trying to use their web > pages in Firefox. I expect it works in IE but since I don't have > windows I can not try it and see. The answer I expect is to use IE, > and then we will start a very blunt discussion about what to use and > what not to use on the net. Well, every one of those little 'discussions' must help -- but the reality is that there is a 'massive' condtion of the web that web developers aren't competent to make compliant webpages. Their competence is barely limited to noncompliant IE. And, they are not sufficiently motivated to fix/ change/ undo/ that. They are of the opinion that that 'style' of webpage writing works just fine -- that those who aren't IE are some kind of small minority which they would rather 'write off' than try to write a site for compliance with some minority browsers which they don't know anything about. The webdeveloper uses IE and views hir result and functionality with IE; if it is compliant with IE, that's good enough, according to those developers. It is very sad but it is very true. It isn't going to change any time soon. -- Mike Easter kibitzer, not SC admin From jdd at dodin.org Thu Aug 4 09:45:16 2005 From: jdd at dodin.org (jdd) Date: Thu Aug 4 02:50:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Peter Pearson wrote: > jdd wrote: > [snip] > >>* a wiki is the best method to hold longterm doc. > > > Yes! Excellent! A wiki. > > [snip] > >>wiki http://dodin.org/mediawiki/index.php/SpamCop. Any >>french speaking visitor can add. > > > How about anglophone visitors who just *think* they can > speak French? Does the Academie Francaise send policemen > to confiscate hard disks contaminated with franglais? > > Time will tell whether Spamcop has enough enemies to > disable the wiki. > as long as I'm the owner of the wiki, I can even accept an english contribution and try to add an english translation. tanks jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Thu Aug 4 09:55:16 2005 From: jdd at dodin.org (jdd) Date: Thu Aug 4 03:00:03 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: WazoO wrote: > "jdd" wrote in message news:dcqet3$bvr$1@news.spamcop.net... > >>* a wiki is the best method to hold longterm doc. It's >>mostly user's maintained. Hoaxes are very rare as >>intelligent users can fix this immediately. As a -small- >>participation, I setup a page about spamcop on my own french >>wiki http://dodin.org/mediawiki/index.php/SpamCop. Any >>french speaking visitor can add. > > > http://forum.spamcop.net/forums/index.php?showtopic=4236&st=0&p=12322&#entry12322 > http://forum.spamcop.net/forums/index.php?showtopic=3486&st=0&p=23316&#entry23316 > http://forum.spamcop.net/forums/index.php?showtopic=4387&st=0&p=29325&#entry29325 > > and then? there are always people that say "this don't go" but don't do anything... wikipedia is here to demonstrate a wiki can do it. but it's a very diff?rent media than a forum or a FAQ. I understand it's very difficult to run an "official" wiki, and I don't wan to do any such thing. But, even on spamcop serveurs, an "unofficial" one could be usefull. jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Thu Aug 4 10:00:43 2005 From: jdd at dodin.org (jdd) Date: Thu Aug 4 03:05:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Joris Van Damme wrote: > That is, you've quoted that, but neglected to answer. When was the last time > you actually surfed, following links that lead to other websites, I do this any day that god do... jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From PleaseReplyTo at TheGroupInstead.be Thu Aug 4 10:10:17 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 03:15:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > I do that all the time. I usually start with a target and google -- but > then I get links which lead to links etc. I've been doing it for years > and do it just about every day. My last 'venture' started with a recent > article about 'The Lost City' and the 'surfing trip' took me all around > to old year 2000 websites and the Univ. of Washington's oceanography > dept.. OK, I'll except that. Most people I know react surprised to the question, didn't actually 'surf' for years and hadn't noticed they had lost the habit until I asked the question. The difference in your experience and mine, I'm not sure why that is, but maybe it's related to the subjects of interest. I can see that the particular subject you mention likely points to 'newer' websites, whilst most of my subject likely points me to the 'older'. This little 'poll' of mine is backed up by my own logs. I have a huge site on xxx. I've got very good incoming links from like *the* two other places on xxx, and aside from us three, there's not a lot xxx around. You'd expect these good incoming links account for most of my traffic, right? Wrong, from my apache logs, I'm consistently reading Google is at least ten times as important when it comes to directing traffic my way. I've got no other explanation then that even in my profession the 'surfing' user is dead, and turned to google hit-and-run tactics instead because of bad browsing experience. You will admit though, I think that you need lots of filth blocking technology? Pop-up and pop-under blockers for one, perhaps also FireFox tweeking to not let links open in secondary windows/tabs, perhaps plug-ins to eliminate the linking nature of dead links, and/or to mark PDF links properly as PDF links, etc? I'd be interested in seeing a list, perhaps there's a thing or two I can still do to improve my own surfin' experience. > > Thus, 'the information', in the sense of the 'Great Library of all > > Mankind' that we once dreamt about, it's defenetly lost. > > I wouldn't say that. I would hope not. I took a point of view, you've quoted it, but I would hope it was a bit extreme, which served the purpose of getting a message accross. And I've found myself an actual old-time 'surfer', so not all is lost. ;-) Later, you wrote: > but the > reality is that there is a 'massive' condtion of the web that web > developers aren't competent to make compliant webpages. Their > competence is barely limited to noncompliant IE. Seems we at least agree on that. There's a FireFox plug-in that always checks the page you're viewing, and real-time adds a little validation check result icon in the status bar. Possibly you may find it useful. It seems to be called 'HTML Validator (based on Tidy)' which is kinda surprising, because it's a HTML validator, I think it's based on Tidy. ;-) Joris From PleaseReplyTo at TheGroupInstead.be Thu Aug 4 10:30:28 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 03:35:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > There's a proposal that everyone boycott IE7 because of MS's > noncompliant behavior. > > http://www.windowsitpro.com/windowspaulthurrott/Article/ArticleID/47208/windowspaulthurrott_47208.html It's an interesting article, I'm not sure why I still use mainly IE... Here's an alternative/additional/complementary/invalidating/whatever point of view that I find very interesting. It may also possibly serve in getting my own basic point of view accross. It's on a page that doesn't flash, and hurt your eyes; you can actually focus on the actual text: http://www.neilgunton.com/rewrites_harmful/#html Joris From nobody at spamcop.net Thu Aug 4 03:42:18 2005 From: nobody at spamcop.net (N. Miller) Date: Thu Aug 4 05:45:17 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: <1wawyiuyjxumf.dlg@news.spamcop.net> On Wed, 3 Aug 2005 14:22:58 +0200, Joris Van Damme wrote: >> The information is still out there and safely accessible. > > I doubt that. When is the last time you actually surfed the web, you know, > following links, finding good stuff, reading up, following links, finding > etc... About three, or four hours ago. Found a link on the S.S. Titanic which contained information that I never knew before... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From spamcop at oitc.com Thu Aug 4 08:07:25 2005 From: spamcop at oitc.com (spamcop) Date: Thu Aug 4 07:10:10 2005 Subject: [SpamCop-List] Missed url Message-ID: RE http://www.spamcop.net/sc?id=z792983712zeda75bf05e044014f44888b380747719z Misses google redirects: http://www.google.co.uk/url?sa=U&start=4&q=http://218.25.39.22/java/primapag ina.htm Tom From nobody at spamcop.net Thu Aug 4 06:16:24 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Thu Aug 4 07:20:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Wed, 03 Aug 2005 16:23:51 +0200, Joris Van Damme wrote: >> I think you are ready to join the open source world (from wich spamcop >> is very near). > > Probably, except that I have mouths to feed, and respect the fact that > some of my fellow coders have mouths to feed to. I use open source and make a living doing it, and I know people who write open source and who make a living doing that. Also, I get paid for cleaning up spyware-riddled windows machines, so I do appreciate the fact that it's so insecure (though it does cost other businesses billions per year), but I only use it when absolutely necessary, as it's frustrating dealing with such a limited platform Thing is, getting paid for creating software is still possible with open source. If you want to stick to the old model of copy-protection, closed source and planned obsolescence, the gaming market is still very much like that, and MS wants you to stay that way. Much of the business world is getting tired of vendors who only offer overpriced, proprietary solutions, as migration is always a huge cost (something that MS forces on its customers as part of its business model), and businesses which need proprietary solutions might be better off hiring open source programmers in-house. But open source is not a threat to your livelihood, though you have to actually get your feet wet with it and be more creative with your thinking. Much of the web runs on open source; boycotting it is foolishness. - Lazlo From nobody at spamcop.net Thu Aug 4 06:32:23 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Thu Aug 4 07:35:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Thu, 04 Aug 2005 10:30:28 +0200, Joris Van Damme wrote: >> There's a proposal that everyone boycott IE7 because of MS's >> noncompliant behavior. >> >> > http://www.windowsitpro.com/windowspaulthurrott/Article/ArticleID/47208/windowspaulthurrott_47208.html > > It's an interesting article, I'm not sure why I still use mainly IE... > > Here's an alternative/additional/complementary/invalidating/whatever point > of view that I find very interesting. It may also possibly serve in > getting my own basic point of view accross. It's on a page that doesn't > flash, and hurt your eyes; you can actually focus on the actual text: > > http://www.neilgunton.com/rewrites_harmful/#html The capabilities of plain HTML are very limited. XML is not the be-all, end-all of markup, but what it did is allow the separation of markup from data, allowing much easier transitioning and migrating. CSS is so far above and beyond what HTML can do it's astounding it hasn't been adapted completely by MS, except that screws up their proprietary model. Standards are a good thing, as it allows everyone to write code which makes sense to other coders and can be integrated with others' work, as well as being cross-platform. Why should HTML (XHTML, etc.) be exempt from industry standards? Why should one company set the de facto standard by sheer market penetration and refuse to work with other companies to correct these issues, though the same company helped create the original standard? If C++ had a very loose standard and anyone and their dog could write it, you'd see a lot more buggy programs. Given what you've already said on the subject, not sure why you'd want to encourage mediocrity even more on the web. - Lazlo From PleaseReplyTo at TheGroupInstead.be Thu Aug 4 14:52:39 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 07:55:03 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Lazlo, I truelly started a storm... but I don't mind, it was half of the fun and the whole reason that I had put my point of view so extreme. And almost all replies have been at least twice as interesting as my original post, your reply here included, so that's worth spinning off-topic for sure. > > Probably, except that I have mouths to feed, and respect the fact that > > some of my fellow coders have mouths to feed to. > > I use open source and make a living doing it, and I know people who write > open source and who make a living doing that. Yes, that does exist. I know at least one respectable collegue who makes a living writing open source, and a few others who make a living as an independent contracter providing services and additional coding based on the open source projects they maintain. I would have to agree it exists. Of course, the mere fact that it exists, still does not prove that either more or fewer people are able to a) turn their passion into a socially fruitful profession that way, and b) the whole scheme of economics and material and technological progress is best served that way. It does not prove, nor does it disprove, nor can I do either of that. We'd need proper investigation and properly crunched numbers to prove or disprove either... and I don't know if these are available. Until the time I actually find good numerical proof (please point it out to me if you know of some), I prefer to play it safe, and also to go by my intuitive assumptions. I don't want to risc depriving a fellow human being of much needed and much deserved income by doing the same he's doing for free. > Much of the business > world is getting tired of vendors who only offer overpriced, proprietary > solutions, as migration is always a huge cost (something that MS forces on > its customers as part of its business model), and businesses which need > proprietary solutions might be better off hiring open source programmers > in-house. My own intuitive assumptions, that may very well be wrong, are that data that clearly needs to be suitable for interchange must be made to comply to completely open standards. In practice, that means more then just a specification, complete opennes about complicated data formats with specialized compression schemes and such, may in practice also require an open source codec. I consider it a hijack of the user's data when software is such that it is biased towards storage in closed formats. There's 'mad scientist' types of programmers out there, and there's golddiggers too, that have no objection to doing this sort of stuff, but I personally choose to consider it a violation of my code of conduct as a professional programmer. So, partly at least, I do not reject the open source notion. However, we don't just need public streets in any free part of the world, to move from one place to another, we also need houses. Whilst I consider a user's image data the user's property, and thus feel the need to provide him with open and free storage standards and feel doing otherwise would be a hijack, I do not consider the algorithms applied by image editors, for example, to be the user's property. I don't see there any ethical grounds for a gimp, for example. But I do see plenty of resoan to prefer not to contribute to the gimp myself: if the gimp were as good as photoshop, that would effectively hurt Adobe, but it would also hurt economy as a whole, the programmers employed by Adobe, and many others. Luckilly, it isn't, not by a long shot (and there's plenty of reason for that, which all by itself tells a not so nice story 'bout open source). Of course, that's just an example. And, on the whole, much of my opinion here is merely that: an opinion. I have not any actual factual figures to prove my point. This is all just merely my intuitive notion, and personal descision, and I do not want to present it as sure fact. > Much of the web runs on open source. Yes, that is defenetly one of its strongholds. Joris From PleaseReplyTo at TheGroupInstead.be Thu Aug 4 15:29:02 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 08:30:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Lazlo, I'm going to resort quotes, hope you'll forgive me. > Standards > are a good thing, as it allows everyone to write code which makes sense to > other coders and can be integrated with others' work, as well as being > cross-platform. I absolutely agree on that part, 100%. I've tried to make my agreement with this more clear in another answer to another post of yours in this same thread. > Why should one company set the de facto standard by sheer > market penetration and refuse to work with other companies to correct > these issues, though the same company helped create the original standard? > If C++ had a very loose standard and anyone and their dog could write it, > you'd see a lot more buggy programs. I completely agree on all this. I'm not sure what I might have said that made you think otherwise. > CSS is so far > above and beyond what HTML This is where I dissagree. We seen marketeers scream there's new technology that will revolutionize the web, and software developement, and all. We see them scream that same thing every six months or so, each time about something different that, trueth be told, I can personally hardly call 'new' but rather feel is the same old stuff re-invented and re-standardized in new ways yet again. On the other hand, we see users who feel there's little or no progress at all. They experience individual webpages like they did for the last five years (though they are decreasingly confident about even using it, that's another part of the story I have tried to bring up). They experience e-mail and word-processing much the same as they did ten years ago. Except that they need machines that are dozens of times more powerfull to deliver that same functionality with the same speed they got used to ten years ago. This is the user point of view reflected so perfectly on the page I mentioned, http://www.neilgunton.com/rewrites_harmful/#html, and I totally see that point. And so I don't see how CSS is a good thing. It kinda reminds me of that old discussion of the benefits of interpreters and compilers. a) Current application of CSS and XML and such may indeed have some benefits to you as a publisher, in that it may allow you to seperate actual data and actual layout, thus enable you to update either independently of the other. However, the clear drawback is that lots more 'resolving' is needed on the client part. Each and every single pageview, client has to access more data, in more seperate files, and do a lot more calculation to come up with the basic same rendering that users got used to umpty years ago. b) If you compare that to manually crafted old-style HTML, then sure, the benefit stated in a) still stands. The drawback stated in a) stands, too, though. c) Now regard a) as the 'interpreter' situation, and go and imagine what the 'compiler' situation would be like. You would be able to seperate actual data and actual layout, as a publisher. Next, the 'compiler', which would be your content management system(*), as opposed to the 'interpreting' client browser, would assemble all, once and for all, into plain old-style HTML. Bingo, here's the advantage we've discussed, without the drawback. I find it ridiculous to even consider loading the tremendous(**) amout of additional resolving needed for CSS and all on every single client, for every single pageview, when the result is always the same, which is why I build my own custom content management system that resolves all to the plainest, completely valid HTML, one time only, and upload just merely completely static plainest possible HTML files... Joris (*) Yes, I do know current notion of content management system is completely different. Instead of resolving, it typically brings even more layers of unessary overhead technology into the game. And it typically runs on the server, recalculting every single page request of the same page over and over and over again. And next the concept of cache is added to eliviate that pain somewhat... How sad. (**) Please don't answer that the tremendous additonal resolving need is negligable on today's machines. It's the standard answer I dispise most. The fact that many of us reason that why, is exactly why we need ever increasing hardware power to keep up with software going backwards, ending up in totally no performance progress at all from where the user is standing, even though he's forced into investing into new and better machines over and over again. Additionally, that kind of reasoning is also what is keeping software development to 'jump to the next level'... But I'm anticipating an answer I might not get, so I'll shut up 'bout that (for now?). From MikeE at ster.invalid Thu Aug 4 07:11:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Aug 4 09:15:02 2005 Subject: [SpamCop-List] Re: Missed url References: Message-ID: spamcop wrote: > RE > http://www.spamcop.net/sc?id=z792983712zeda75bf05e044014f44888b380747719z > > Misses google redirects: > http://www.google.co.uk/url?sa=U&start=4&q=http://218.25.39.22/java/primapag > ina.htm Yes, you are correct. A paid SC reporter can add the reporting addresses for http://218.25.39.22/java/primapagina.htm which can determined using the parser as a tool by putting in the naked url. Reporting addresses: abuse@chinanet.cn.net abuse@cnc-noc.net But a free reporter would have to make a manual report. That wouldn't really be worth the trouble in this case, as the provider at the above abuse addresses is known to be very unresponsive, even tho' the particular IP isn't in spews or spamhaus listed blocks. -- Mike Easter kibitzer, not SC admin From panoptes at iquest.net Thu Aug 4 13:36:21 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Thu Aug 4 13:40:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: <1h0rs77.133u30p1hohr16N%panoptes@iquest.net> Robert Blair wrote: > I have just reported problems to a web site trying to use their web > pages in Firefox. I expect it works in IE but since I don't have > windows I can not try it and see. The answer I expect is to use IE, > and then we will start a very blunt discussion about what to use and > what not to use on the net. This page might have some useful material for such a discussion: http://www.w3.org/People/Berners-Lee/FAQ.html#standards Especially the paragraph about the "dark ages of computing". -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From jdd at dodin.org Thu Aug 4 21:31:43 2005 From: jdd at dodin.org (jdd) Date: Thu Aug 4 14:35:04 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Joris Van Damme wrote: > my apache logs, I'm consistently reading Google is at least ten times as > important when it comes to directing traffic my way. I've got no other > explanation then that even in my profession the 'surfing' user is dead If you really mind this, and I think you do, I think your data is good but the inference is wrong. surfing is not dead, search engines are bloody goods. I have a hundred lines long bookmak file, but often use google. If I'm right, Google assumes that the most a page is referenced, the greater is the chance it's done for you. And this is true a surprising number og f times... let me gives a story. two days agos, I had to make again a thing I did 2 or 3 years ago. Linux is so stable that such thing arise :-) (on windows I always remember how to reinstall :-(). I looked at my notes (I write down nearly anything), no luck. I browsed my own internet sites FAQ, no luck. than I fired Google... and find the answer... a post I gave myself to my favourite mailing list with the solution, that many years ago :-). less surf, because the answer is found quicker, isn't that nice? jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From monterro.baretto at teledisnet.be Thu Aug 4 23:33:39 2005 From: monterro.baretto at teledisnet.be (OSV Computers) Date: Thu Aug 4 16:35:02 2005 Subject: [SpamCop-List] Who can help me? Message-ID: Who can help me? How to contact SPAMCOP? From nobody at spamcop.net Thu Aug 4 17:51:49 2005 From: nobody at spamcop.net (Anti-Spam) Date: Thu Aug 4 16:55:03 2005 Subject: [SpamCop-List] Re: Who can help me? References: Message-ID: "OSV Computers" wrote in message news:dctu34$bkp$1@news.spamcop.net... > Who can help me? > > How to contact SPAMCOP? > What sort of help are you looking for? The website has a FAQ, which has a lot of information although some find it confusingly organised. See www.spamcop.net>. In particular, mailserver administrators should read For questions, you can post here in this newsgroup, or the web forums on the website. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: muchw24@mitarksmje.com (generated by Webpoison) From nobody at devnull.spamcop.net Thu Aug 4 18:00:39 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 17:05:13 2005 Subject: [SpamCop-List] FPG: Re: The message is not spam because...... References: Message-ID: "Mike Easter" wrote in message news:dcs99i$dvq$1@news.spamcop.net... > Robert Blair wrote: >> "Mike Easter" > >>>IE isn't secure and isn't standards-compliant, which >>> makes it unworkable both for end users and Web >>> content creators." > >> I have just reported problems to a web site trying >> to use their web >> pages in Firefox. I expect it works in IE but since >> I don't have ... PRG; From the Peanut Gallery: Interesting stuff here. One of the things I keep coming across whenever I look at "specs" is age. I do visit w3c now and then, and even find now and then that I can understand some of their content! But ... whenever I find what's purported to be a "spec" it's, well, not old, but -ancient-! Am I just ignorant and not able to understand something here? Almost every time I try to look for an RFC, FYI, whatever, I end up with something more relevant to the Commodore 64 or worse, than it is to the existing circumstance of the web. Looking back at what I just wrote, I see it's pretty ambiguous, but ... An RFC is a -call-, not a spec, an FYI is just that, FYI and not a spec, so ... what ARE the specs? I must sound pretty ignorant, don't I? That aside, where, for instance, would I find, say, end-user information for e-mailing, for instance, other than at MS, Netscape, a few million baseless web sites, rfc1855, or whatever? Or am I just SO far out that's not even a question? I chose this point to ask in this thread because of my appreciation of your posting styles/informative bent, and respect. Starting a new thread, it would have been even harder to explain what I mean, so I jumped in here. Regards, Pop aka member of the Peanut Gallery of upstate NY From glnews030922 at highspot.net Thu Aug 4 23:05:05 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Thu Aug 4 17:05:28 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Joris Van Damme wrote: > I find it ridiculous to even consider loading the tremendous(**) amout of > additional resolving needed for CSS and all on every single client, for > every single pageview, when the result is always the same, which is why I > build my own custom content management system that resolves all to the > plainest, completely valid HTML, one time only, and upload just merely > completely static plainest possible HTML files... (Sorry to snip so much, but I think this paragraph leaves the basis or your argument.) You're missing one of the main benefits that you get for that extra lookup involved in a linked style sheet. The style sheet is cached by the browser and if you refresh a page that has changed content since you last visited, you'll get a 304 (not changed) return from the server for the CSS. Then the server will only deliver the content as you already have the style sheet. Since the use of CSS usually leads to somewhere between 20 and 40% savings in content size over tag soup, you save a lot more on bandwidth that you lose by having to process an extra request for the CSS. Requesting a changing page several times might look something like this: Tag soup: 1st load - 25k 2nd load - 30k 3rd load - 28k Total - 83k [X]HTML + CSS 1st load - 15k data + 5k CSS 2nd load - 20k data 3rd load - 17k data Total - 57k There are also other hidden advantages for some users. If you have tag soup and try to render it on a mobile device, 95% of the time, you end up with unviewable crap. Anyone wanting to provide their customers with mobile access has to code an entirely new site and run it in parallel to provide services to both types of users. If you do the same on a CSS enabled site (Bloglines does it well) you use the same content, but just allow the user to select a different presentation layer. You get the advantage of only maintaining one set of code. The user gets the advantage of multiple platform support. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From nobody at devnull.spamcop.net Thu Aug 4 18:11:17 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 17:15:04 2005 Subject: [SpamCop-List] OT Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" wrote in message news:dct1m8$rq2$1@news.spamcop.net... > Lazlo, > > I'm going to resort quotes, hope you'll forgive me. > >> Standards >> are a good thing, as it allows everyone to write >> code which ... ... Wow, if I were a teen, you'd have a new posse forming. It's great to hear someone saying what I've wished I could say for years! I even understand what you're saying! I don't know much about the inner workings of all these things, but I know progress for the sake of progress when I see it, and understand why it's grabbed so quickly by the medai and marketing types. But that doesn't mean it makes sense for the masses. Regards, Pop From PleaseReplyTo at TheGroupInstead.be Fri Aug 5 00:29:35 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 17:35:02 2005 Subject: [SpamCop-List] Re: Re: The message is not spam because...... References: Message-ID: > Almost every time I try to look for an RFC, FYI, > whatever, I end up with something more relevant to the > Commodore 64 or worse, than it is to the existing > circumstance of the web. As to RFCs, I find http://www.rfc-editor.org/cgi-bin/rfcsearch.pl particularly useful. You can type the RFC number as search query. In the search results is 'More info' column, that points to RFCs that are obsoleted by the search result, and RFCs that update the search result. This is quite a useful tool, because, yes, it is hard sometimes finding the right RFC, and finding out its status. > An RFC is a -call-, not a spec That's just words. For all practical purposes, most RFCs are to be regarded as specifications. It's just easier to not officially call them that, it allows faster development, and escapes some unwanted responsability. But for *practical purposes*, they are to be regarded as having specification status. > I must sound pretty ignorant, don't I? Absolutely not. I find the same problem pretty challanging. The forest of RFCs is huge, and finding the right tree is not always straightforward. > That aside, > where, for instance, would I find, say, end-user > information for e-mailing, for instance, other than at > MS, Netscape, a few million baseless web sites, > rfc1855, or whatever? Amongst the most important for SMTP and POP3 are RFC0821 (basis for SMTP) RFC0822 (basis for actual message format) RFC0977 (basis for NNTP) RFC1421 RFC1521 RFC1939 (basis for POP3) RFC2045 (basis for MIME) RFC2046 RFC2047 RFC2048 RFC2049 RFC2181 RFC2183 RFC2369 RFC2821 RFC2822 RFC2919 Joris From nobody at nowhere.not Thu Aug 4 22:59:32 2005 From: nobody at nowhere.not (Robert Blair) Date: Thu Aug 4 18:00:03 2005 Subject: [SpamCop-List] Re: FPG: Re: The message is not spam because...... References: Message-ID: On Thu, 4 Aug 2005 21:00:39 UTC, "Pop" wrote: > I must sound pretty ignorant, don't I? That aside, > where, for instance, would I find, say, end-user > information for e-mailing, for instance, other than at > MS, Netscape, a few million baseless web sites, > rfc1855, or whatever? I think you are confusing to different things. The RFCs define how email programs talk to each other, it has nothing about how the email program user interface works. RFC 2821 and a few others describe the protocol on how to format an email for transmission and the protocol for the actual transmission. The user interface is up to the people that wrote the email program and depends on how much control they want to give you in the formatting of the email that is sent, extra headers, from and reply-to that are not your email account information, etc. -- Robert Blair From PleaseReplyTo at TheGroupInstead.be Fri Aug 5 01:08:30 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Thu Aug 4 18:10:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: Graeme, I'll have to partly agree with you... > The style sheet is cached by > the browser and if you refresh a page that has changed content since you > last visited, you'll get a 304 (not changed) return from the server for > the CSS. Then the server will only deliver the content as you already > have the style sheet. > > ...you save a lot more on bandwidth > that you lose by having to process an extra request for the CSS. In theory, that is correct. In practice however, more often then not, for the same content, the publisher who go with the newest hippest technology often provide HTML/XML, not counting the CSS, that is larger then my own tag soup. I know, it doesn't make much sense... or does it? A publisher that consiously tries to present his pages in the least-possible-technology form, often is more aware of size issues and pays more attention to it, and also often publishes more plain pages, without the tremendous load of useles and irritating flashing knobs we see on high-techology pages. > Tag soup: > 1st load - 25k > ... > [X]HTML + CSS > 1st load - 15k data + 5k CSS > ... So this is where I find practice is often different. When 'tag soup' build by a consiously chosen low-technology workflow is 25 K, we typically see high-technology publishers offering the same content with the same functionality in a X/HTML page of say 50K and a CSS page of 10K. But at least in theory, I would have to agree with you, for sure. Plus, I cannot state the numbers given as factual averages of common practice, I've not done statistical investigation required to do that, and thus my answer is merely something I seem to have noticed. > If you have tag > soup and try to render it on a mobile device, 95% of the time, you end > up with unviewable crap. ... If you do the same on a CSS > enabled site (Bloglines does it well) you use the same content, but just > allow the user to select a different presentation layer. Again, in theory, this is very much correct, no doubt about it. Of course, you do need a vastly different rendering device for your argument to make sense, since low-technology HTML often can easilly be made to render perfectly fine on a wide range of more common devices. Plus, the argument only applies to content that makes sense on mobile devices, like blogs do most often. The degree in which it also applies to common practice, given the vastly different rendering device and the suitable content, may be greater then in your previous argument. In conclusion, I have to admit these are good argument. I don't personally feel they outweight what I have said and do not plan to change my workflow, but that's just a matter of taste and personal choice of priorities. Joris From porpoise1954 at yahoo.co.uk Fri Aug 5 00:51:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Aug 4 18:55:04 2005 Subject: [SpamCop-List] Brazillian Phisher Message-ID: Well, it's not exactly spam but having suffered a hack into a website, where a whole site had been uploaded into a subdirectory, I thought I might share some of the info here. I've removed all the relevant files from the site in question (changed logins etc.) and am in the process of investigating the contents and origins. Thus far, I have gleaned the following information about the "phone home" IP: 201.6.42.163 When I pass this through DNS_Stuff, I get the following: Location: Brazil ARIN says that this IP belongs to LACNIC; I'm looking it up there. NOTE: More information appears to be available at whois.registro.br. Using 0 day old cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address). % Copyright LACNIC lacnic.net % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to AS and IP numbers registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2005-08-03 14:14:30 (BRT -03:00) inetnum: 201.0/12 status: allocated owner: Comite Gestor da Internet no Brasil ownerid: BR-CGIN-LACNIC responsible: Frederico A C Neves address: Av. das Nações Unidas, 11541, 7° andar address: 04578-000 - São Paulo - SP country: BR phone: +55 11 9119-0304 [] owner-c: CGB tech-c: CGB inetrev: 201.0/12 nserver: A.DNS.BR nsstat: 20050730 AA nslastaa: 20050730 nserver: B.DNS.BR nsstat: 20050730 AA nslastaa: 20050730 nserver: C.DNS.BR nsstat: 20050730 AA nslastaa: 20050730 nserver: D.DNS.BR nsstat: 20050730 AA nslastaa: 20050730 nserver: E.DNS.BR nsstat: 20050730 AA nslastaa: 20050730 remarks: These addresses have been further assigned to Brazilian users. remarks: Contact information can be found at the WHOIS server located remarks: at whois.registro.br or at http://whois.registro.br created: 20030618 changed: 20030618 nic-hdl: CGB person: Comite Gestor da Internet no Brasil e-mail: ******@NIC.BR address: Av. das Nações Unidas, 11541, 7° andar address: 04578-000 - São Paulo - SP country: BR phone: +55 19 9119-0304 [] created: 20020902 changed: 20050621 ***************************************************************************************** If I then pass the IP through "whois.registro.br" I get: Location: Brazil Looking up 201.6.42.163 at whois.registro.br. Using 0 day old cached answer (or, you can get fresh results). Displaying E-mail address (use sparingly -- this will make it more likely that you will trigger our rate limiting system). % Copyright registro.br % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to domain name and IP number registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2005-08-04 08:19:49 (BRT -03:00) inetnum: 201.6/16 aut-num: AS28573 abuse-c: LFB owner: NET Serviços de Comunicação S.A. ownerid: 000.065.376/0002-65 responsible: Lauro Fernando Costa Barbosa address: Rua Verbo Divino, 1356, address: 04719-002 - São Paulo - SP phone: (11) 5186-2044 [] owner-c: RII19 tech-c: RII19 inetrev: 201.6.0/17 nserver: dns1.virtua.com.br nsstat: 20050801 AA nslastaa: 20050801 nserver: dns2.virtua.com.br nsstat: 20050801 AA nslastaa: 20050801 inetrev: 201.6.128/17 nserver: dns1.virtua.com.br nsstat: 20050802 AA nslastaa: 20050802 nserver: dns2.virtua.com.br nsstat: 20050802 AA nslastaa: 20050802 created: 20031127 changed: 20031208 nic-hdl-br: LFB person: Lauro Fernando Costa Barbosa e-mail: abuse@poa.virtua.com.br created: 19971218 changed: 20040910 nic-hdl-br: RII19 person: Ricardo Ide e-mail: ricardoide@globocabo.com.br created: 20011010 changed: 20011010 remarks: Security issues should also be addressed to remarks: cert@cert.br, http://www.cert.br/ remarks: Mail abuse issues should also be addressed to remarks: mail-abuse@cert.br This may or may not be of interest to anyone who frequents here but I figured anyone who's interested in fighting phishers might have some input/info on where to go from here............... From MikeE at ster.invalid Thu Aug 4 17:08:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Aug 4 19:10:11 2005 Subject: [SpamCop-List] Re: Brazillian Phisher References: Message-ID: Porpoise wrote: > "phone home" IP: 201.6.42.163 I don't know exactly what a phone home is, but the IP rDNS c9062aa3.virtua.com.br and is apparently dynamic. And there's a nice little collection at abuse.net mail-abuse@nic.br abuse@virtua.com.br antispambr@abuse.net (for virtua.com.br) The ip isn't listed in any nonresponsive type blocklists, except that it is .br, so I would also use the registro.br's > e-mail: abuse@poa.virtua.com.br > e-mail: ricardoide@globocabo.com.br > remarks: mail-abuse@cert.br -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Fri Aug 5 01:30:20 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Aug 4 19:35:02 2005 Subject: [SpamCop-List] Re: Brazillian Phisher References: Message-ID: "Mike Easter" wrote in message news:dcu75h$paq$1@news.spamcop.net... > Porpoise wrote: > >> "phone home" IP: 201.6.42.163 > > I don't know exactly what a phone home is, but the IP rDNS > c9062aa3.virtua.com.br and is apparently dynamic. It's the IP address that the phisher has "excepted" in his logfile of IPs which have "visited" any of the several phishing sites that were uploaded on the server. I suspect, in order that his own IP wouldn't get included in the log. Some of the files which make up the pages of the phished sites are coded in Hex, so they are indecypherable to a mere mortal such as me, so I haven't been able to dig up any info as to where the phished login details might get sent to/picked up from. If anyone is interested in forensics, I'd be happy to supply stuff for analysis. FTP4ALL was installed onto the site in question - which was obviously installed to bypass the system logins......... > > And there's a nice little collection at abuse.net > mail-abuse@nic.br abuse@virtua.com.br antispambr@abuse.net (for > virtua.com.br) > > The ip isn't listed in any nonresponsive type blocklists, except that it > is .br, so I would also use the registro.br's > >> e-mail: abuse@poa.virtua.com.br >> e-mail: ricardoide@globocabo.com.br > >> remarks: mail-abuse@cert.br Cheers Mike. There is also a Brazillian IT security guy on the case (it was he who first notified me that the site had been compromised). From porpoise1954 at yahoo.co.uk Fri Aug 5 01:35:35 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Aug 4 19:40:03 2005 Subject: [SpamCop-List] Re: Brazillian Phisher References: Message-ID: "Porpoise" wrote in message news:dcu8f8$qeh$1@news.spamcop.net... > > > It's the IP address that the phisher has "excepted" in his logfile of IPs > which have "visited" any of the several phishing sites that were uploaded > on the server. I suspect, in order that his own IP wouldn't get included > in the log. > Rather, I should have said - that is the IP address which is excepted in the code which generates the logfiles of the IP address which connect to the phishing sites. From zypher at spamcop.net Thu Aug 4 20:15:01 2005 From: zypher at spamcop.net (Ron B.) Date: Thu Aug 4 20:20:03 2005 Subject: [SpamCop-List] Media (Techdirt): Once Again (With Feeling): Complying With CANSPAM Doesn't Outlaw Filters Message-ID: http://techdirt.com/articles/20050803/164233_F.shtml Checkout FOIA request by spammer noted at end of article. From nobody at devnull.spamcop.net Thu Aug 4 20:19:46 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Aug 4 20:20:10 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcse4l$gtt$1@news.spamcop.net... > WazoO wrote: > > > > http://forum.spamcop.net/forums/index.php?showtopic=4236&st=0&p=12322&#entry12322 > > http://forum.spamcop.net/forums/index.php?showtopic=3486&st=0&p=23316&#entry23316 > > http://forum.spamcop.net/forums/index.php?showtopic=4387&st=0&p=29325&#entry29325 > > and then? there are always people that say "this don't go" > but don't do anything... There's no way you are talking to me with that statement. Therefore, I am lost on your response. > but it's a very différent media than a forum or a FAQ. I > understand it's very difficult to run an "official" wiki, > and I don't wan to do any such thing. But, even on spamcop > serveurs, an "unofficial" one could be usefull. Opportunity was there years back when anyone could add to the Faq-o-Matic. Didn't happen. Opportunity provided in the FAQ found in the Forum. Very few folks have taken advantage of this.Started a SpamCop oriented Glossary .. very few folks have jumped in on that. On and on .... From driehuis.fcnzpbc2005 at playbeing.com Fri Aug 5 03:22:32 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Thu Aug 4 20:25:03 2005 Subject: [SpamCop-List] Re: New stuff in parser References: Message-ID: <20050805022232.48959bed@wednesday.playbeing.org> On Sat, 30 Jul 2005 16:02:32 +0200 "Joris Van Damme" wrote: > Am I correct in assuming this spammer has control over his DNS server, > and this simply resolves every possible subdomain to the same machine? > > Thus he's able to > a) elude and mislead many domain blacklists Domain blacklists usually just look at the last two or three elements in a domain name, so this doesn't inconvenience the domain blacklist user one bit. Fortunately. > b) put identifying information in the particular subdomain - he might > be able to see who reported him, and/or match e-mail address with > visitor from the particular subdomain queried The spammer could also see if your e-mail client looked at the URL prior to reporting (and, if the URL is actually opened, record your IP address at the time and next time he spams you, he may have a lovely little footnote about how you opted in to receiving his crap on such-and-such a date and from that IP address). Oh, and the spammer could also tell if you cancelled the notification to his ISP. The tricks in this URL are similar to those pioneered by a bunch of spammers from Ohio (IIRC), a couple of years ago. When fed to IE, their URLs would point to the spammer website, when cut&pasted into Netscape they would point to www.aol.com or something like that. For most spammers, recipients who know how to install a different web browser are not an interesting part of their market, and many anti-spammers do not run IE. From driehuis.fcnzpbc2005 at playbeing.com Fri Aug 5 04:12:45 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Thu Aug 4 21:15:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: <20050805031245.6bd5ab27@wednesday.playbeing.org> On Tue, 2 Aug 2005 18:16:40 -0400 "Eponym" wrote: > Anonomity and the internet are a bad combination....for email anyway. > Being sensitive in respect to some whistle-blower's web site or the > like makes sense. Hiding spammers does not. I've encountered some > spammers hiding behind an 'agent' and I suspect that is where a lot > of them will go eventually. In my experience, most spammers who hide behind such registrar privacy features are relatively easy to block -- they hide precisely because they have something to lose when the domain gets yanked. The most annoying spammers buy their domains by the hundreds and burn them off, on or two per day, abandoning them after a few days when blocking gets too widespread. Those spammers don't even care if their domain gets yanked. > However, I'm curious as to whether these > 'agents' assume any responsibility to ICANN or others in respect to > spammers. Can the 'agent' be sued for damages? Obviously, you can sue them. Winning such a case is another matter altogether. :-) You can bet money that their legal ass is covered. For me, if someone uses such an anonymizing registrar service, it changes my "presumed innocence" outlook into "presumed guilty" (except for that registrar who requires a registered letter before they pass on a complaint to the spammer: domains registered there get whacked on sight when I get a complaint). From nobody at devnull.spamcop.net Thu Aug 4 22:27:42 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 21:40:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: ... > Opportunity was there years back when anyone could > add to the Faq-o-Matic. Didn't happen. Opportunity > provided in the FAQ found in the Forum. Very few > folks have taken advantage of this.Started a SpamCop > oriented Glossary .. very few folks have jumped in on > that. > On and on .... > > Hi Waz.., I'll go check again, but that's all news to me; I never noticed that kind of indo there. It's bad enough to do a thankless job but it's even worse when it goes unnoticed. Been there, done that: I'm a engine-neer turned teck-a-nickel righter, so it's just the way things go sometimes! Pop From driehuis.fcnzpbc2005 at playbeing.com Fri Aug 5 04:40:56 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Thu Aug 4 21:45:02 2005 Subject: [SpamCop-List] SPF record for bounces.spamcop.net borked, or pilot error? Message-ID: <20050805034056.7db625fd@wednesday.playbeing.org> I noticed that the "spamcop is ready to process your report" notifications are being flagged as spam over the last couple of days. I checked, and it's because they fail an SPF check: % host -ttxt bounces.spamcop.net bounces.spamcop.net descriptive text "v=spf1 ip4:64.74.133.224/27 -all" The mail reaches me through my spamcop.net forward, and lo and behold: the cesmail.net servers are not included in this SPF record. It does fit the SPF logic that I should SPF-whitelist my own e-mail forwarding, but it just changed a couple of days ago, so I wonder what changed. Were the SPF records only added recently? Wouldn't it make sense to include the cesmail.net netblock to the SPF record for bounces.spamcop.net? From nobody at devnull.spamcop.net Thu Aug 4 22:45:09 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 21:50:03 2005 Subject: [SpamCop-List] Re: Re: The message is not spam because...... References: Message-ID: "Joris Van Damme" wrote in message news:dcu1gn$hro$1@news.spamcop.net... ... > As to RFCs, I find > http://www.rfc-editor.org/cgi-bin/rfcsearch.pl > particularly useful. You can type the RFC number as > search query. In the ===> Hmm, thank you; I played around there for a few minutes and them bkmrkd it so I can go back when I can give it more proper attention. Interesting. ... >> An RFC is a -call-, not a spec > > That's just words. For all practical purposes, most > RFCs are to be regarded > as specifications. It's just easier to not officially > call them that, it > allows faster development, and escapes some unwanted > responsability. But for > *practical purposes*, they are to be regarded as > having specification > status. ===> I've heard that from various sources, and I do see an obvious dependency placed on RFC's, so I don't doubt your words; in fact, it's nice to have confirmation. This is rhetorical, but - I wonder why the job was left "unfinished"? Something to research someday - I'm the curious type and only know enough to be dangerous, but I keep plugging away. ... > Amongst the most important for SMTP and POP3 are > ===> Hmm, a couple of those are actually familiar! Thanks, I'll peruse at my liesure. I'm not in need of anything specific other than getting my head around something useful for the moment. > RFC0821 (basis for SMTP) > RFC0822 (basis for actual message format) > RFC0977 (basis for NNTP) > RFC1421 > RFC1521 > RFC1939 (basis for POP3) > RFC2045 (basis for MIME) > RFC2046 > RFC2047 > RFC2048 > RFC2049 > RFC2181 > RFC2183 > RFC2369 > RFC2821 > RFC2822 > RFC2919 .. Regards, Pop From nobody at devnull.spamcop.net Thu Aug 4 22:48:51 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 21:50:10 2005 Subject: [SpamCop-List] Re: FPG: Re: The message is not spam because...... References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-SFL2TCdzdyTl@dsl-206-55-144-107.tstonramp.com... > On Thu, 4 Aug 2005 21:00:39 UTC, "Pop" > > wrote: > >> I must sound pretty ignorant, don't I? That aside, >> where, for instance, would I find, say, end-user >> information for e-mailing, for instance, other than >> at >> MS, Netscape, a few million baseless web sites, >> rfc1855, or whatever? > > I think you are confusing to different things. ===> Umm, sort of, yeah, but no. I'm curious about that relationship, as a matter of fact, because there are such things as 1855 and a couple others for netiquette, but I think basically I have it in hand from that viewpoint. Thanks for the comeback though; every little bit helps, as they say. ... The RFCs define how > email programs talk to each other, it has nothing > about how the email > program user interface works. RFC 2821 and a few > others describe the > protocol on how to format an email for transmission > and the protocol > for the actual transmission. The user interface is > up to the people > that wrote the email program and depends on how much > control they want > to give you in the formatting of the email that is > sent, extra > headers, from and reply-to that are not your email > account > information, etc. Regards, Pop From nobody at devnull.spamcop.net Thu Aug 4 22:53:04 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Aug 4 21:55:02 2005 Subject: [SpamCop-List] Re: Who can help me? References: Message-ID: "OSV Computers" wrote in message news:dctu34$bkp$1@news.spamcop.net... > Who can help me? > > How to contact SPAMCOP? You've just accomplished it. I'm just a user, but SC is a user-supported system, and the PTB do frequent these groups. You'll get the fastest and most accurate answers here. If your question can't be answered here for whatever reason,you'll often be given a deputy address or other email contact, or even a FAQ which, although the information is all there, aren't the best in the world for the newcomer. Don't put personal/sensitive information here, but go ahead and ask your questions right here. If you go to spamcop.net you'll find the basic rules, etc linked there, but these groups are the main line of support. HTH, Pop From anon at coks.net Thu Aug 4 22:19:36 2005 From: anon at coks.net (J G) Date: Fri Aug 5 00:20:02 2005 Subject: [SpamCop-List] tekcom & dtag Message-ID: http://www.spamcop.net/sc?id=z793208793za0ef8768f2d6ea46fe2eac618e2ebc8bz curious if dtag accepts SC reports or not - I added 2 URLs as user added thinking it would save me the trouble of chasing my own tail twice, but it occurs to me that dtag may not accept SC munged reports - where can I look this up, if anywhere? tnx, jg From jdd at dodin.org Fri Aug 5 08:49:21 2005 From: jdd at dodin.org (jdd) Date: Fri Aug 5 01:50:04 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: WazoO wrote: >>and then? there are always people that say "this don't go" >>but don't do anything... > > > There's no way you are talking to me with that > statement. Therefore, I am lost on your response. sorry, my english is not so good :-(. I meant the work done writing such pages as you quoted should be better used elsewhere... > Opportunity was there years back when anyone could > add to the Faq-o-Matic. Didn't happen. Opportunity > provided in the FAQ found in the Forum. Very few > folks have taken advantage of this.Started a SpamCop > oriented Glossary .. very few folks have jumped in on that. > On and on .... if I understand well this mean lack of interest or lack of advertisement. This I can understand. if nobody is interested, let alone... I have already hade such kind of problem, setting a website and nobody seems interested. It's still here a year after, but I don't anymore work it. jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From nobody at nowhere.invalid Fri Aug 5 12:17:49 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Aug 5 05:20:21 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Thu, 04 Aug 2005 05:16:24 -0600, Lazlo Toth coughed into spamcop and left this in : > Much of the business world is getting tired of vendors who only offer > overpriced, proprietary solutions, Not just the business world. The City of Munich dumped Windows in favour of SuSE Linux last year some time. The French Ministry of Agriculture dumped Windows in favour of Mandriva Linux this week... > Much of the web runs on open source; boycotting it is foolishness. Exactly. Apache, which powers roughly 70% of websites, is open source. -- Steve The best way to accelerate a Windows-infested computer is at 9.8 m.s^-2 From nobody at nowhere.invalid Fri Aug 5 12:25:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Aug 5 05:25:04 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: Message-ID: On Thu, 04 Aug 2005 21:19:36 -0700, J G coughed into spamcop and left this in : > curious if dtag accepts SC reports or not - I added 2 URLs as user added > thinking it would save me the trouble of chasing my own tail twice, but > it occurs to me that dtag may not accept SC munged reports - where can I > look this up, if anywhere? Just try and send the report. If DTAG has informed spamcop that they don't want to accept munged reports, yours will be devnulled. This said, DTAG has already made it abundantly clear that they don't want reports about the tekcom.ru spammer outfit. -- Steve guru, n: A computer owner who can read the manual. From MikeE at ster.invalid Fri Aug 5 08:15:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Aug 5 10:20:04 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: Message-ID: Steven Maesslein wrote: > This said, DTAG has already made it abundantly clear that they don't > want reports about the tekcom.ru spammer outfit. I wonder what the contractual relationships between dtag and tekcom are. Is tekcom a dtag customer/client? Does tekcom have to 'behave' in any particular way in that relationship if there is one? The upstream adjacency of dtag doesn't prove anything about that relationship, but it raises the questions. -- Mike Easter kibitzer, not SC admin From anon at coks.net Fri Aug 5 08:39:11 2005 From: anon at coks.net (J G) Date: Fri Aug 5 10:40:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: Message-ID: On 8/5/2005 2:25 AM Steven Maesslein scribbled: > Just try and send the report. If DTAG has informed spamcop that they > don't want to accept munged reports, yours will be devnulled. How would I know that the devnull took place, or would I? Just don't want to waste time or bandwidth. > > This said, DTAG has already made it abundantly clear that they don't > want reports about the tekcom.ru spammer outfit. Mike's question mirrors my own - seems odd /no one/ can do anything about the problem... From SC.10.myspamgobbler at spamcowboy.net Fri Aug 5 11:39:35 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Fri Aug 5 13:45:02 2005 Subject: [SpamCop-List] SpamCop bug? Message-ID: I just registered for a new free reporting account. When I log in using the link in the email from SpamCop Authorization System, I am taken to the ISP Control page, not the Report Spam Page. Also, when at the site map page (http://www.spamcop.net/sitemap.shtml) and click the link for Spam Reporting under Member Functions I am also sent to the ISP control center page. I can't find a way to report or set up mailhosts :/ -- Brian SC.10.myspamgobbler@spamcowboy.net From panoptes at iquest.net Fri Aug 5 13:49:44 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Fri Aug 5 13:50:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: Message-ID: <1h0tnjx.1stv2jf1amfy6eN%panoptes@iquest.net> J G wrote: > On 8/5/2005 2:25 AM Steven Maesslein scribbled: > > > Just try and send the report. If DTAG has informed spamcop that they > > don't want to accept munged reports, yours will be devnulled. > > How would I know that the devnull took place, or would I? > Just don't want to waste time or bandwidth. Look at the address SpamCop says it will report to. If it says it will send to a normal user@domain.com address, it will send to a normal user@domain.com address. If it says it will send to a devnull address like user#domain.com@devnull.spamcop.net, it will devnull the report. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From nobody at spamcop.net Fri Aug 5 15:38:46 2005 From: nobody at spamcop.net (Ellen) Date: Fri Aug 5 14:50:03 2005 Subject: [SpamCop-List] Re: SpamCop bug? References: Message-ID: "Brian" wrote in message news:dd08f4$45k$1@news.spamcop.net... > I just registered for a new free reporting account. When I log in using > the link in the email from SpamCop Authorization System, I am taken to > the ISP Control page, not the Report Spam Page. > > Also, when at the site map page (http://www.spamcop.net/sitemap.shtml) > and click the link for Spam Reporting under Member Functions I am also > sent to the ISP control center page. > > I can't find a way to report or set up mailhosts :/ > -- > Brian > SC.10.myspamgobbler@spamcowboy.net Your account is apparently created as an ISP account not a reporting account. Send the account name to service@admin.spamcop.net and Don will get it straightened out. Ellen SpamCop From panoptes at iquest.net Fri Aug 5 18:45:02 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Fri Aug 5 18:50:02 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: Message-ID: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> J G wrote: > How would I know that the devnull took place, or would I? > Just don't want to waste time or bandwidth. Additional note - if the parse output includes two lines like the following with only the second checked: To: user@domain.com (refuses munged reports) (Notes) To: user#domain.com@devnull.spamcop.net (Notes) it means that the site refuses munged reports, and you can send an unmunged report by checking the box for the actual address. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From nobody at spamcop.net Fri Aug 5 19:16:52 2005 From: nobody at spamcop.net (N. Miller) Date: Fri Aug 5 21:20:02 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: <1c2kymx4xkpxt$.dlg@news.spamcop.net> On Fri, 5 Aug 2005 17:45:02 -0500, Daniel W. Johnson wrote: > Additional note - if the parse output includes two lines like the > following with only the second checked: > > To: user@domain.com (refuses munged reports) (Notes) > To: user#domain.com@devnull.spamcop.net (Notes) > > it means that the site refuses munged reports, and you can send an > unmunged report by checking the box for the actual address. Checking the box will send the report unmunged. It is not acceptable to munge the report before submitting it to the parser. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From dfm2a3l0t2 at spymac.com Fri Aug 5 22:51:31 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Aug 5 21:55:03 2005 Subject: [SpamCop-List] question about "couldn't parse head" errors Message-ID: I recently started using the AppleScript found at http://www.spamcop.net/fom-serve/cache/20.html to submit spam via e-mail using Eudora. (Otherwise I would have to cut-and-paste the spam to report it.) Sometimes it works. Sometimes I get the following: Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found as in the following tracker: http://www.spamcop.net/sc?id=z791795156zc8e77dc2b32beb027fbc940c99a2a9afz So I cancel the report and cut-and-paste. However, sometimes I then get the same list of reports as I did with the e-mail submission, as in this tracker for the same spam as the above tracker: http://www.spamcop.net/sc?id=z791797463z8e5b0d1f1f3d8a1a67122e16f79636daz I can't just ignore the error and send the reports anyway, because sometimes resubmitting the spam results in additional reports being sent. Is the problem with the script, with Eudora, or something else? -- D.F. Manno | dfm2a3l0t2@spymac.com "As democracy is perfected, the office represents, more and more closely, the inner soul of the people. We move toward a lofty ideal. On some great and glorious day the plain folks of the land will reach their heart's desire at last, and the White House will be adorned by a downright moron." - H. L. Mencken, in the Baltimore Sun, July 26, 1920 From MikeE at ster.invalid Fri Aug 5 20:31:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Aug 5 22:35:03 2005 Subject: [SpamCop-List] Re: question about "couldn't parse head" errors References: Message-ID: D.F. Manno wrote: > Finding links in message body The header is screwed up. Bad folding in the last 2 Received lines and an illegal/misconfigured fieldname at the very top. A fieldname has to have no spaces in it and end with a colon space followed by the field value. There's also a badly folded Xline X-SpamDetect www.spamcop.net/sc?id=z791795156zc8e77dc2b32beb027fbc940c99a2a9afz If I take that spam and remove the topline and unfold the bad part of the last 2 Received lines & the Xline and submit it to a non-mailhosted parser, I get http://www.spamcop.net/sc?id=z793519061ze835d9f81189e66bed6c5f338d91b2e7z Resolving link obfuscation http://uqquuc.goodcapsules.info/?sctulexwntvyujcmmnzpofpujnh which finds the same source, and also finds the body URL, but fails to resolve it. And the spam is too old. But the problem of 'couldn't parse head' is solved - what I parsed also looks like your second tracker. > Is the problem with the script, with Eudora, or something else? Figure out where those wraps and that top line are coming from. The 2nd tracker you posted didn't have any of the above mentioned condtions. -- Mike Easter kibitzer, not SC admin From anon at coks.net Fri Aug 5 22:21:30 2005 From: anon at coks.net (J G) Date: Sat Aug 6 00:20:04 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/5/2005 3:45 PM Daniel W. Johnson scribbled: > J G wrote: > > >>How would I know that the devnull took place, or would I? >>Just don't want to waste time or bandwidth. > > > Additional note - if the parse output includes two lines like the > following with only the second checked: > > To: user@domain.com (refuses munged reports) (Notes) > To: user#domain.com@devnull.spamcop.net (Notes) > > it means that the site refuses munged reports, and you can send an > unmunged report by checking the box for the actual address. That I can read - thats not the question - under the preferences, I can select parties to send reports to - it doesn't seem to be monitored. So, on the next report screen, I have these addys available via a checkbox. /If/ that source refused to accept SC reports, I would /assume/ it would tell me forthwith. Si? From anon at coks.net Fri Aug 5 22:44:38 2005 From: anon at coks.net (J G) Date: Sat Aug 6 00:45:03 2005 Subject: [SpamCop-List] Re: question about "couldn't parse head" errors In-Reply-To: References: Message-ID: On 8/5/2005 7:31 PM Mike Easter scribbled: > D.F. Manno wrote: > > >>Finding links in message body > > > The header is screwed up. Bad folding in the last 2 Received lines and > an illegal/misconfigured fieldname at the very top. A fieldname has to > have no spaces in it and end with a colon space followed by the field > value. There's also a badly folded Xline X-SpamDetect > > www.spamcop.net/sc?id=z791795156zc8e77dc2b32beb027fbc940c99a2a9afz > > If I take that spam and remove the topline and unfold the bad part of > the last 2 Received lines & the Xline and submit it to a non-mailhosted > parser, I get > > http://www.spamcop.net/sc?id=z793519061ze835d9f81189e66bed6c5f338d91b2e7z > > Resolving link obfuscation > http://uqquuc.goodcapsules.info/?sctulexwntvyujcmmnzpofpujnh > > which finds the same source, and also finds the body URL, but fails to > resolve it. And the spam is too old. But the problem of 'couldn't > parse head' is solved - what I parsed also looks like your second > tracker. > > >>Is the problem with the script, with Eudora, or something else? > > > Figure out where those wraps and that top line are coming from. The 2nd > tracker you posted didn't have any of the above mentioned condtions. > Mike, I'd like some of whatever it is you smoke... phew... From bud at telus.net Sat Aug 6 01:48:25 2005 From: bud at telus.net (Bud) Date: Sat Aug 6 03:50:03 2005 Subject: [SpamCop-List] "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". Message-ID: Is this a 'joe job'? I SC reported it anyway. http://www.spamcop.net/sc?id=z793574772z0006b918178cc7e9c57af762ca0b4b09z -- Bud From nobody at nowhere.invalid Sat Aug 6 12:13:01 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Aug 6 05:15:13 2005 Subject: [SpamCop-List] Re: "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". References: Message-ID: On Sat, 6 Aug 2005 00:48:25 -0700, Bud coughed into spamcop and left this in : > Is this a 'joe job'? I SC reported it anyway. > > http://www.spamcop.net/sc?id=z793574772z0006b918178cc7e9c57af762ca0b4b09z a) it *SCREAMS* joe-job. b) From the spamvertized site: "Please Note: Our webhosting does not allow spam in any way!!! We have been under attack from someone sending spam emails advertising our hosting to be spam friendly etc. We are very sorry if you are one of the people who received such an email and can assure you that we had nothing to do with this. This matter is currently under investigation by our technical team and internet specialists. We can assure anyone that we will not stop our investigation until the individual has been found and has been prosecuted !!!" -- Steve Recorded message on an answerphone: "This is not an answering machine, this is a telepathic thought-recording device. After the tone, think about your name, your number, and your reason for calling.... and I'll think about returning your call." From MikeE at ster.invalid Sat Aug 6 06:05:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 08:10:03 2005 Subject: [SpamCop-List] Re: question about "couldn't parse head" errors References: Message-ID: J G wrote: > Mike Easter >> D.F. Manno wrote: >>> Finding links in message body >> The header is screwed up. > Mike, I'd like some of whatever it is you smoke... > phew... It's not that hard. The message is that the parser can't handle the header 'properly'. After looking at a lot of headers that the parser has trouble with, you can/ I can/ just scan down the header looking for the 'normal' proper kind of header configuration. Bad folding jumps right out at me. If I miss something, the parser will tell me, because it still won't parse it correctly. It is such a common problem that there is even a faq for it http://www.spamcop.net/fom-serve/cache/368.html Problems with spam not in original format Another way of loosely describing the condition is saying "all headerlines should start with the right kind of 'word'" The right kind of 'word' is either a word with no spaces colon space or leading whitespace. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Aug 6 06:30:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 08:35:02 2005 Subject: [SpamCop-List] Re: "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". References: Message-ID: Bud wrote: > Is this a 'joe job'? I SC reported it anyway. www.spamcop.net/sc?id=z793574772z0006b918178cc7e9c57af762ca0b4b09z As a separate issue from the joejob that Steven has described, I'm puzzled about how you submitted the spam to the parser. There are a number of these same items in sightings, and those items show the whole spam. Yours does not. The whole original spam is an html item in the structure of header content saying multipart alternative and the body showing two parts separated by the designated mime boundary delimitors, one being plaintext and the other part being text/html. As a minor additional factor, the plaintext and html rendered portion are the same and show the website repeated six times separately above what your plaintext version shows. The report you submitted, which was only for the spamsource, which is fine, doesn't report the website, which is fine, because the parser doesn't find the website because of the discrepancy between the headers and the body you submitted. That is, the headers say multipart alternative, which is what the original would have been, but what you submitted was a modified plaintext version/portion. Just to add another level of confusion, sightings does show more than one version of the same joejob in the last 2 days, but none of them look like the version you submitted to the parser and none of them show a discrepancy between the header content type and the body like yours. -- Mike Easter kibitzer, not SC admin From petzl at spamcop.net Sat Aug 6 23:37:07 2005 From: petzl at spamcop.net (petzl) Date: Sat Aug 6 08:40:03 2005 Subject: [SpamCop-List] Re: "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". References: Message-ID: "Bud" wrote in message news:dd1q0a$mjq$1@news.spamcop.net... > Is this a 'joe job'? I SC reported it anyway. > > http://www.spamcop.net/sc?id=z793574772z0006b918178cc7e9c57af762ca0b4b09z > > -- > Bud www.nzwebhosting.co.nz claims it's a Joe Job From nobody at spamcop.net Sat Aug 6 10:34:45 2005 From: nobody at spamcop.net (N. Miller) Date: Sat Aug 6 12:35:10 2005 Subject: [SpamCop-List] Re: question about "couldn't parse head" errors References: Message-ID: <1n5c6vfik2m4h$.dlg@news.spamcop.net> On Sat, 6 Aug 2005 05:05:33 -0700, Mike Easter wrote: > It is such a common problem that there is even a faq for it > http://www.spamcop.net/fom-serve/cache/368.html Problems with spam not > in original format Because of the way I have to handle spam to my Juno accounts, I occasionally encounter that error. Usually because I failed to find all the places where the header was mangled. It really isn't hard to correct the bad wraps in my Juno mail spam; I just need to be diligent about finding, and correcting, the wrapping problems. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Sat Aug 6 20:37:27 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Aug 6 13:40:02 2005 Subject: [SpamCop-List] Re: SPF record for bounces.spamcop.net borked, or pilot error? References: <20050805034056.7db625fd@wednesday.playbeing.org> Message-ID: <42F4F557.2850@xyzzy.claranet.de> Bert Driehuis wrote: > Wouldn't it make sense to include the cesmail.net netblock > to the SPF record for bounces.spamcop.net? Generally no, forwarding is the business of the receiver, and the S in SPF is "sender". In your special case that might be somewhat different, because the forwarder is related to the sender, but it won't work if e.g. I send a mail to your SC address. General solutions: whitelist your forwarder (= don't check SPF behind it, it works only at the first MX, not later), or let your forwarder use its own "MAIL FROM" (same idea as for most mailing lists). Bye, Frank From edb2000 at spamcop.net Sat Aug 6 12:18:45 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Aug 6 14:20:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: J G wrote: > That I can read - thats not the question - under the preferences, I can > select parties to send reports to - it doesn't seem to be monitored. > So, on the next report screen, I have these addys available via a checkbox. > /If/ that source refused to accept SC reports, I would /assume/ it would > tell me forthwith. > Si? Non. I just tested it with my ISP account: with the option set to accept munged reports, I added my ISP account as a 3rd party address to receive a spam report. It was sent munged, as expected. I then turned on the "refuse munged reports" option for the ISP account, then reported a spam as usual but adding my ISP abuse account as a 3rd party. SC sent the report un-munged, without warning that it would be sent un-munged. So from this single test, it appears that if a reporting address (such as spoof -at- paypal.com) has been registered as an ISP account address with SC, and has set the "refuse munged reports" option for that SC ISP account, then any 3rd party reports sent will silently be sent un-munged. I don't know if there is any way for a SC reporter to check to see if a 3rd party address has been registered as an ISP with SC, and if so whether they accept munged reports or not. -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Sat Aug 6 12:35:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 14:40:04 2005 Subject: [SpamCop-List] Manual notify concern Message-ID: This is almost offtopic, but that's never stopped me even when I was really offtopic ;-) I am new to a mailing list, so I don't want to cause any trouble for its admin. But this shouldn't cause trouble for the mailing list admin unless one/some of the people/ abuse desks/ I'm notifying forward my 'complaint' to them to the mailing list admin. The first time I got a misdirected autoresponder, I warned the list that I was prone to notify about that. This is the 2nd misdirected autoresponder. Now that I think on it, it isn't really a big enough deal to discuss, but it's a quiet day :-) and I'm always trying to get server admins to fix abusive servers. Because of the way the headers of the mailing list work, the autoresponse doesn't go out to the list, it just goes to the address of the person who mailed an item to the list, but naturally it would go out to all of the individuals who happen to email to the list while the person is out of the office. I know I always scold others for describing something instead of posting the tracker, and I'll post the tracker too, but the tracker doesn't explain how I will /manually/ notify. The email address of the out of office person is hbpl.org munged, but the last server which shows up is surfcity-hb.org. Those are Huntington Beach Public Library and Huntington Beach City Hall respectively, and by tracelines the 'source' is the City Hall server, because it also fails to record its source IP. No hbpl.org IP appears in the tracelines. Level 3 Communications, Inc. 4.0.0.0 - 4.255.255.255 City of Huntington Beach-City Hall 4.23.14.0 - 4.23.14.31 So, my manual notify will be going to the addresses for level3 the parent of the blockspace for City Hall's server because there aren't reg'd abuse.net addresses -- and to a number of addresses corresponding to default addresses because there isn't a registered one re the misdirecting autoresponder, the noncompliant server line and the lack of reg'd abuse addresses. The only 'real' address is dkirk tech contact in arin. Attn level 3: abuse@level3.com spamtool@level3.net abuse@level3.net - parent of City of Huntington Beach-City Hall -- no registered abuse address for surfcity-hb.org or hbpl.org Attn surfcity-hb.org and hbpl.org: postmaster@surfcity-hb.org, abuse@surfcity-hb.org, postmaster@hbpl.org, abuse@hbpl.org, dkirk@surfcity-hb.org - misdirected autoresponder, misconfigured server traceline, no registered abuse.net contact address necessitating numerous additional and unnecessary notifies What I'm concerned about is some or several or all of those 8 or so addresses punching my complaint/ notify/ over toward the admin of the mailing list, who has nothing to do with this problem. The mailing list is DShield, and nothing about it appears in the header of the item, because the item went from the out of office person to me. Except that the DShield 'flag' appears in the subject, and being on the DShield mailing list is what caused the out of office person to get the item I mailed. In addition, spamcop sez that mailing list 'problems' such as spam should be worked out with the mailing list admin, not reported. Obviously that's because you don't want to be reporting the mailing list server as a source of mailing list spam. So, if anyone wants the tracker for the item, I'll go all through it and munge a number of personal items in the headers, because it goes thru' a 'chain' from gmail forwarded to earthlink with a lot of addresses of mine in there. -- Mike Easter kibitzer, not SC admin From bud at telus.net Sat Aug 6 13:21:15 2005 From: bud at telus.net (Bud) Date: Sat Aug 6 15:25:03 2005 Subject: [SpamCop-List] Re: "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". References: Message-ID: "Mike Easter" wrote in message news:dd2agu$u2c$1@news.spamcop.net... > Bud wrote: >> Is this a 'joe job'? I SC reported it anyway. > www.spamcop.net/sc?id=z793574772z0006b918178cc7e9c57af762ca0b4b09z > > As a separate issue from the joejob that Steven has described, I'm > puzzled about how you submitted the spam to the parser. > > There are a number of these same items in sightings, and those items > show the whole spam. Yours does not. Well, Mike, if I recall correctly, I copied it into notepad, and I figured, probably now incorrectly, since it showed in the body, a half dozen websites, all of which were identical, one was sufficient. I see now that doing that was not helpful. I got it again this morning and here it is in the orthodox manner of 'submit'. My apologies. -- Bud http://www.spamcop.net/sc?id=z793722937zbdb88d1be149f815f827310432baa7c2z From MikeE at ster.invalid Sat Aug 6 13:46:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 15:50:03 2005 Subject: [SpamCop-List] Re: This is nasty References: Message-ID: GreyWater wrote: > The attachment for this email was a zip file named "iPod Purchase > Agreement.zip" containing a file "iPod Purchase Agreement.scr". - don't post any kind of spam, email, virus propagations, or similar in the discussion groups, they are fat, almost no one wants to look at them, and there are much better ways to handle their 'display' to others - the absolute best way normally to show any kind of mailitem is to feed it to the parser which will parse it and you can copy the parsing tracking URL and cancel the reports or whatever you want. Then you post the tracking url into the discussion ng. - the only ng where such posting as you performed here can/should be done is the spamcop.spam ng, a 'special' group just for the purpose of posting spam which was created in the days before the parser was configured to be able to contain an entire spam in addition to the headers - one reason that you /might/ use spamcop.spam instead of the tracker in 'unusual' situations is if the parser would truncate an item such as this one. - it isn't actually very healthy to be posting executable malware 'in front of' other people, because they might try to do something stupid with it. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Aug 6 13:49:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 15:50:10 2005 Subject: [SpamCop-List] Re: "WE ALLOW BULK MAIL AND SPAMMING FROM OUR SERVERS". References: Message-ID: Bud wrote: > I got it again this morning and here it is in the orthodox manner of > 'submit'. Thanks for clearing that up. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Aug 6 13:58:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 16:00:03 2005 Subject: [SpamCop-List] Re: This is nasty References: Message-ID: Mike Easter wrote: > the absolute best way normally to show any kind of mailitem > is to feed it to the parser which will parse it and you can copy the > parsing tracking URL and cancel the reports or whatever you want. > Then you post the tracking url into the discussion ng. This is the tracking url for the item you posted Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z793730801z0853be213af376705ffde68ee81aa56az Also, even if you were to post such an item into spamcop.spam, where it is allowed, it would be 'damaged' and unusable for the parser because your newsreader induces spurious linewraps, which must be removed before doing any parsing work on it. The parser item of the tracker above has had the bad linewraps manually removed. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sat Aug 6 23:07:28 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Aug 6 18:10:03 2005 Subject: [SpamCop-List] Re: Manual notify concern References: Message-ID: On Sat, 6 Aug 2005 18:35:17 UTC, "Mike Easter" wrote: > In addition, spamcop sez that mailing list 'problems' such as spam > should be worked out with the mailing list admin, not reported. > Obviously that's because you don't want to be reporting the mailing list > server as a source of mailing list spam. I contact the list admin to unsubscribe the offender and the offenders ISP/organization because of the auto-ack being sent to a mailing list (some people never seem to learn). Since you say that some of the headers are bad I would report those errors to the people responsible for the system. -- Robert Blair From MikeE at ster.invalid Sat Aug 6 17:07:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 19:10:03 2005 Subject: [SpamCop-List] Re: Manual notify concern References: Message-ID: Robert Blair wrote: > I contact the list admin to unsubscribe the offender and the offenders > ISP/organization because of the auto-ack being sent to a mailing list > (some people never seem to learn). Yes. That's a good way. As it turns out, I've subsequently made another post to the mailing list and there's no autoresponder, so someone fixed something somehow. I'm inclined to drop the whole thing on the basis of laziness, it's 4 PM Sat local, and I'd rather have a beer and then some more than email 8 abuse addresses about a trivial problem. > Since you say that some of the headers are bad I would report those > errors to the people responsible for the system. I changed my mind; the headers aren't bad/ wrong - because the item originates from the server, not a user IP. -- Mike Easter kibitzer, not SC admin From anon at coks.net Sat Aug 6 18:09:59 2005 From: anon at coks.net (J G) Date: Sat Aug 6 20:10:04 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/6/2005 11:18 AM Don Wannit scribbled: > J G wrote: > > >>That I can read - thats not the question - under the preferences, I can >>select parties to send reports to - it doesn't seem to be monitored. >>So, on the next report screen, I have these addys available via a checkbox. >>/If/ that source refused to accept SC reports, I would /assume/ it would >>tell me forthwith. >>Si? > > > Non. I just tested it with my ISP account: with the option set > to accept munged reports, I added my ISP account as a 3rd party > address to receive a spam report. It was sent munged, as expected. I appreciate your efforts, but I was referring to the issue of munged/unmunged. I was thinking of one of those that "SC refuses to bother", in other words, those that won't accept reports period. I'm confused with the option you mention. Are you an ISP that can select accept/not accept munged reports? As a plain reporter, I am given a check box option to send to an ISP that won't accept munged reports and am told by SC that if I choose to send, it /will/ go unmunged > > I then turned on the "refuse munged reports" option for the ISP > account, then reported a spam as usual but adding my ISP abuse > account as a 3rd party. > SC sent the report un-munged, without warning that it would be sent > un-munged. see above... > > So from this single test, it appears that if a reporting address > (such as spoof -at- paypal.com) has been registered as an ISP > account address with SC, and has set the "refuse munged reports" > option for that SC ISP account, then any 3rd party reports sent > will silently be sent un-munged. see above... > > I don't know if there is any way for a SC reporter to check > to see if a 3rd party address has been registered as an ISP with > SC, and if so whether they accept munged reports or not. > From PleaseReplyTo at TheGroupInstead.be Sun Aug 7 03:17:37 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sat Aug 6 20:20:02 2005 Subject: [SpamCop-List] Re: This is nasty References: Message-ID: > containing a file "iPod Purchase Agreement.scr" > ... > Opening the file triggers MS Anti-Spyware, which opens a dialog box asking > if you want to run it. You don't need MS Anti-Spyware, but you do need a good list of executable file types. Any of the extensions scr, bat, com, exe, pif, and probably some others that I can't think of right now, are executables. As a user, executing them, means you totally trust them and allow them to wipe your hard drive or turn your machine into a spamming zombie or whatever. That is because executables are allowed to do that, and you, as a user, surely are allowed to wipe your hard drive or turn your machine into whatever it is you want. In fact, you would be very correct complaining about it if some form of 'security' dissallowed you from wiping your hard drive when you want to. That means there is no hole in your security, other then you yourself. Know a bmp or jpg from an exe. The first is merely data, nothing executable in there, and gets interpreted by whatever application is already installed on your computers and configured as the default handler of such types. The second is an application itself, and it can do and install whatever it sees fit. zip is a compressed type. That means it contains other files in a compressed form. Zip itself, is a safe type, in that it is purely data that gets interpreted by your WinZip or whatever application already installed and configured to be the default handler. However, the files inside can be bmp safe-data-type or exe allowed-to-do-everything-executable-type. In your case, it's scr, an executable type. Virusses often send themselves as scr inside zip. The reason they choose scr, is that at one time it wasn't the most widely known executable type, and you might intuitively guess it's a harmless image from that type of extension. (It was in fact a common extension for harmless images on old systems something like 20 years ago.) The reason they send the scr inside a zip, is that most anti-virus software blocks all executable types, but does not block a zip. The only good reason to ever execute an executable attachment, is if it's sent to you by a programmer you hired to do a custom programming job for you. In no other case should you trust that. It's really that simple, and I cannot understand there is no more user awareness campain over this. If we saw a simple list of executable file extensions and a simple explanation of what they can do, half as much as we saw advertissements of anti-spyware, and anti-viri, the problem would be solved and the filth would be eradicated from the face of the earth long time ago. But instead, the default in at least some versions of windows is to not even show the file extension... Not "user-friendly" enough? Is the user supposed to not even know if something is a bmp or doc file, and supposed to invest in anti-whatever ware that cripples his machine to check the files extension for him? Aren't users supposed to smart enough to check a small list of file extensions when in doubt? How sad. Joris From anon at coks.net Sat Aug 6 18:42:18 2005 From: anon at coks.net (J G) Date: Sat Aug 6 20:45:03 2005 Subject: [SpamCop-List] Where did cox get into this? Message-ID: http://www.spamcop.net/sc?id=z793776890zc8f831a4206917b5614951678e0eb748z curious...kinda close to home. Where did netscape.net come into play, claiming to be same IP #? From anon at coks.net Sat Aug 6 18:47:47 2005 From: anon at coks.net (J G) Date: Sat Aug 6 20:50:03 2005 Subject: [SpamCop-List] obfuscation plus... Message-ID: http://www.spamcop.net/sc?id=z793779382zcbc590095da9f42ac8a26c29c87f0c46z From MikeE at ster.invalid Sat Aug 6 19:19:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 21:20:03 2005 Subject: [SpamCop-List] Re: Where did cox get into this? References: Message-ID: J G wrote: www.spamcop.net/sc?id=z793776890zc8f831a4206917b5614951678e0eb748z > > curious...kinda close to home. Where did netscape.net come into play, > claiming to be same IP #? The front part of this line Received: from netscape.net ([68.228.3.219]) by fed1rmgxi15.cox.net is of the configuration Received: from helo ([so.ur.ce.IP]) by rece.iving.name The helo is the only thing on that line that the spammer can control and is typically bogus. Sometimes the line will contain both the helo and the rDNS of the IP, in which case it may be scooted in here Received: from helo (rDNS [so.ur.ce.IP]) by rece.iving.name in which case the front part of the line would've sed Received: from netscape.net (cdm-68-228-3-219.lkch.cox-internet.com [68.228.3.219]) by fed1rmgxi15.cox.net or it may have had HELO or helo designation somewhere in the front part. -- Mike Easter kibitzer, not SC admin From zypher at spamcop.net Sat Aug 6 22:01:45 2005 From: zypher at spamcop.net (Ron B.) Date: Sat Aug 6 22:05:04 2005 Subject: [SpamCop-List] (Media): ABC News,Internet Scammers Keep Working in Nigeria Message-ID: ABC News Internet Scammers Keep Working in Nigeria Despite Police Crackdown on E-Scams in Nigeria, Internet Scammers Keep on Working By DULUE MBACHU Associated Press Writer The Associated PressThe Associated Press LAGOS, Nigeria Aug 6, 2005 ? In Festac Town, an entire community of scammers overnights on the Internet. By day they flaunt their smart clothes and cars and hang around the Internet cafes, trading stories about successful cons and near misses, and hatching new plots. Festac Town is where communication specialists operating underground sell foreign telephone lines over which a scammer can purport to be calling from any city in the world. Here lurk master forgers and purveyors of such software as "e-mail extractors," which can harvest e-mail addresses by the million. Now, however, a 3-year-old crackdown is yielding results, Nigerian authorities say. http://abcnews.go.com/Technology/wireStory?id=1015520&CMP=OTC-RSSFeeds0312 From nobody at nowhere.not Sun Aug 7 03:40:43 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Aug 6 22:45:04 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria References: Message-ID: On Sun, 7 Aug 2005 02:01:45 UTC, "Ron B." wrote: > Now, however, a 3-year-old crackdown is > yielding results, Nigerian authorities say. Not according to my inbox. " This month the biggest international scam of all though not one involving the Internet ended in court convictions. Amaka Anajemba was sentenced to 2 1/2 years in prison and ordered to return $25.5 million of the $242 million she helped to steal from a Brazilian bank. " The sentence does not match the crime, it would hardly deter anyone. -- Robert Blair From nobody at spamcop.net Sat Aug 6 20:57:31 2005 From: nobody at spamcop.net (N. Miller) Date: Sat Aug 6 23:00:04 2005 Subject: [SpamCop-List] Re: This is nasty References: Message-ID: <1jukr1fhe4rtf.dlg@news.spamcop.net> On Sat, 6 Aug 2005 13:31:59 -0500, GreyWater wrote: > Path: news.spamcop.net!not-for-mail > From: "GreyWater" > Newsgroups: spamcop > Subject: This is nasty > Date: Sat, 6 Aug 2005 13:31:59 -0500 > Organization: SpamCop > Lines: 798 > Message-ID: > Reply-To: "GreyWater" > NNTP-Posting-Host: cpe-24-167-75-178.houston.res.rr.com > X-Trace: news.spamcop.net 1123356026 12257 24.167.75.178 (6 Aug 2005 19:20:26 GMT) > X-Complaints-To: news@news.spamcop.net > NNTP-Posting-Date: Sat, 6 Aug 2005 19:20:26 +0000 (UTC) > X-Priority: 3 > X-MSMail-Priority: Normal > X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 > X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > X-RFC2646: Format=Flowed; Original > Xref: news.spamcop.net spamcop:149616 > The attachment for this email was a zip file named "iPod Purchase > Agreement.zip" containing a file "iPod Purchase Agreement.scr". I have not > seen anything like this before. I guess it's supposed to make you upset so > you rush to open the attachment and run whatever nasty payload this carries. > > Opening the file triggers MS Anti-Spyware, which opens a dialog box asking > if you want to run it. Spamcop and AVG let it through.... Rats, now I have to clean this crap from my HDD. Probably hiding in the System Restore database. Thanks for nothing. The good news is that my news reader will delete the body. I will just quote the headers with your brief intro for my DB. Please, do not do that again. Heed Mike's excellent advice about posting trackers, and take Joris' advice to heart. The single most effective barrier against malware is the system operator. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From anon at coks.net Sat Aug 6 21:03:26 2005 From: anon at coks.net (J G) Date: Sat Aug 6 23:05:03 2005 Subject: [SpamCop-List] Re: Where did cox get into this? In-Reply-To: References: Message-ID: On 8/6/2005 6:19 PM Mike Easter scribbled: > J G wrote: > www.spamcop.net/sc?id=z793776890zc8f831a4206917b5614951678e0eb748z > >>curious...kinda close to home. Where did netscape.net come into play, >>claiming to be same IP #? > > > The front part of this line > > Received: from netscape.net ([68.228.3.219]) by fed1rmgxi15.cox.net > > is of the configuration > > Received: from helo ([so.ur.ce.IP]) by rece.iving.name > > The helo is the only thing on that line that the spammer can control and > is typically bogus. > > Sometimes the line will contain both the helo and the rDNS of the IP, in > which case it may be scooted in here > > Received: from helo (rDNS [so.ur.ce.IP]) by rece.iving.name > > in which case the front part of the line would've sed > > Received: from netscape.net (cdm-68-228-3-219.lkch.cox-internet.com > [68.228.3.219]) by fed1rmgxi15.cox.net > > or it may have had HELO or helo designation somewhere in the front part. > oh... From MikeE at ster.invalid Sat Aug 6 21:08:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Aug 6 23:10:02 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria References: Message-ID: Robert Blair wrote: > ordered to return $25.5 million > of the $242 million I /hate/ it when that happens. -- Mike Easter kibitzer, not SC admin From gezgin at spamcop.net Sun Aug 7 07:42:27 2005 From: gezgin at spamcop.net (Gezgin) Date: Sat Aug 6 23:45:02 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria References: Message-ID: "Robert Blair" wrote > sentenced to 2 1/2 years in prison and ordered to return > $25.5 million > of the $242 million she helped to steal from a Brazilian > bank. That works out to about a 10% tax... -- Bob Kanyak's Doghouse http://www.kanyak.com From edb2000 at spamcop.net Sun Aug 7 00:00:17 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 02:05:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: J G wrote: > I appreciate your efforts, but I was referring to the issue of > munged/unmunged. I was thinking of one of those that "SC refuses to > bother", in other words, those that won't accept reports period. I'm > confused with the option you mention. Are you an ISP that can select > accept/not accept munged reports? As a plain reporter, I am given a > check box option to send to an ISP that won't accept munged reports and > am told by SC that if I choose to send, it /will/ go unmunged Ah, I see I need to be even more explicit. Doesn't everybody have a left brain and a right brain? Or wear more than one hat? I am a paid SC user, a subscriber to the SC filtered email service. I use that SC account to report spam I receive, whether at my personal email account or at a business account. Wearing another hat, I am also the administrator of several delegated networks. Therefore, I have a separate SC account as an ISP, so that I receive SC reports (if any) related to the networks under my control. So, as a regular SC reporter, I reported a spam and added a 3rd party abuse reporting address to receive the report. Think of this as being the same as adding "enforcement@sec.gov" as a 3rd party when reporting a stock pump & dump spam. I asked that guy wearing the other hat whether he had registered with SC as an ISP that would accept munged reports, and he said "sure, mung away! we want to receive all SC reports so we can nip any problem in the bud." I sent the report, and asked that other guy what the SC report looked like. He told me it arrived with address information munged. Then, I asked him if he would be willing to temporarily set the SC option for ISPs to refuse munged reports. He said "sure", and did so. I then reported another spam, again adding the 3rd party reporting address. At no time did I see a pop-up or other warning that the reporting address refuses munged reports, nor did I see any warning that the report would be sent un-munged. There was no check-box to allow un-munged reports, so I could not check it. Having sent the report, I asked that other guy if he got the spam report. He said "yes, I did receive it, and it was un-munged. It had all header and other information intact, and your email address was fully revealed." He then changed his ISP reporting account back to his preferred setting to accept munged reports. Does that help? I must confess, I did not test submitting spam for reporting using a free account, I only tested it using my separate paid SC reporter account. If there is any difference in the results for paying vs. free SC reporting accounts, of course I did not encounter it. I have no idea what that "other guy" is paying for his SC ISP account :-) -- Don Wannit A paid SpamCop user since 1999 From mwnospam at comcast.net Sun Aug 7 09:35:14 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Aug 7 08:40:02 2005 Subject: [SpamCop-List] Spam from a "Friendly" Country Message-ID: Clinton didn't take out the N. Korean nuke complex in 1994 for the sake of S. Korea. Now we receive spam from S. Korea compliments of Kornet on a regular basis. Comments? Does anybody want to provide S. Korea spam addresses to reciprocate the spam? From mwnospam at comcast.net Sun Aug 7 09:53:37 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Aug 7 08:55:02 2005 Subject: [SpamCop-List] Spam Promoting Penny Stocks Message-ID: Are any agencies interested in investigating spam promoting penny stocks? Please reply by way of posts, not emails. From zypher at spamcop.net Sun Aug 7 09:17:26 2005 From: zypher at spamcop.net (Ron B.) Date: Sun Aug 7 09:20:02 2005 Subject: [SpamCop-List] Re: Spam Promoting Penny Stocks In-Reply-To: References: Message-ID: spamacyde wrote: > Are any agencies interested in investigating spam promoting penny stocks? > > Please reply by way of posts, not emails. > > http://www.sec.gov/complaint.shtml From nobody at devnull.spamcop.net Sun Aug 7 10:52:43 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Aug 7 10:55:13 2005 Subject: [SpamCop-List] SC account settings - was: Re: tekcom & dtag References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: "Don Wannit" wrote in message news:dd2uu6$a04$1@news.spamcop.net... > > So from this single test, it appears that if a reporting address > (such as spoof -at- paypal.com) has been registered as an ISP > account address with SC, and has set the "refuse munged reports" > option for that SC ISP account, then any 3rd party reports sent > will silently be sent un-munged. > > I don't know if there is any way for a SC reporter to check > to see if a 3rd party address has been registered as an ISP with > SC, and if so whether they accept munged reports or not. Before a lot of fur flies on this ... there is a setting in the account preferences as to whether "you" wish to mung or not ... I'm suspecting that your reporting account in this test is set to "not mung" .. thus the "no pop-up" ..??? From anon at coks.net Sun Aug 7 09:26:24 2005 From: anon at coks.net (J G) Date: Sun Aug 7 11:25:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/6/2005 11:00 PM Don Wannit scribbled: > J G wrote: > >>I appreciate your efforts, but I was referring to the issue of >>munged/unmunged. I was thinking of one of those that "SC refuses to >>bother", in other words, those that won't accept reports period. I'm >>confused with the option you mention. Are you an ISP that can select >>accept/not accept munged reports? As a plain reporter, I am given a >>check box option to send to an ISP that won't accept munged reports and >>am told by SC that if I choose to send, it /will/ go unmunged > > Typo - 1st sentence shud have read "I /wasn't/ referring to the munged/unmunged issue..." > Does that help? Interesting, but no. Maybe I shud be more specific. I'm getting a large volume of spam from the RSP @ tekcom, who are, suprise, nonresponsive. So I feel like playing Don Quixote since SC cannot deobfuscate /most/ of the RSP spamvertiser URLs. Only place I know I can go is next up, dtag, who don't seem too interested in doing anything anyway, but wtf, worth a try. This would involve, for me, since I know of no other way, my doing a lengthy email after deobfuscating the URL, verifying it to be Spamhaus listed (which they all are), and larting dtag with the spam. Cumbersome. So, I get the idea I can eliminate a few steps by adding the abuse addys to my SC screen and simply check the box when I see a particular address in the parse and know it to be /25. I know there are ISPs that won't accept SC reports and I guess I was wondering aloud whether dtag was one and if so, would SC reject my addon request and tell me so or not... > > I must confess, I did not test submitting spam for reporting > using a free account, I only tested it using my separate paid > SC reporter account. If there is any difference in the results > for paying vs. free SC reporting accounts, of course I did not > encounter it. > > I have no idea what that "other guy" is paying for his SC > ISP account :-) > From MikeE at ster.invalid Sun Aug 7 09:45:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Aug 7 11:50:09 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: J G wrote: > So, I get the idea I can eliminate a few steps by adding > the abuse addys to my SC screen and simply check the box when I see a > particular address in the parse and know it to be /25. > I know there are ISPs that won't accept SC reports and I guess I was > wondering aloud whether dtag was one and if so, would SC reject my > addon request and tell me so or not... Altho' I haven't actually done what you are saying, I'm [almost] sure the answer will be... SC isn't going to handle your add/on addresses in the same way it handles its 'official' spamcop report addresses. What you are sending isn't an official SC report of something which SC has determined, so SC doesn't care one way or the other about munge vs not requests on the part of the provider. SC is simply doing /you/ a favor by including a copy of the SC report to someone else. You could make it to the president of the US if you wanted to. It isn't an address which is spun off the SC 'process' so I wouldn't think any of the alerts about mungeing would work. I would further assume that if a SC selected address were configured to not accept munged reports and SC refused to let you send that address an official notification without demungeing, that you could choose to leave yourself munged, not 'officially' send to the notified, but add the notified as an additional notified and /still/ send it to them munged. That is all based on conjecture. Someone will have to try it and see what actually happens. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sun Aug 7 19:12:36 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Aug 7 12:15:06 2005 Subject: [SpamCop-List] Re: This is nasty References: Message-ID: <42F632F4.16B2@xyzzy.claranet.de> Joris Van Damme wrote: > Know a bmp or jpg from an exe. The first is merely data, > nothing executable in there, and gets interpreted by > whatever application is already installed on your computers > and configured as the default handler of such types. Be careful here, "GreyWater" obviously doesn't know the fine print: Even "merely data" can be dangerous for the associated application, e.g. 50 KB of compressed stuff expanding into several GB might cause havoc (limited to a reboot, but still). And something claiming to be "demo,JPG" could be in fact a "demo.JPG " (insert many spaces) " .EXE" or one of the less known variants of EXEcutable binaries (SCR, BAT, PIF, COM, etc. as you said) So far they all started with TV in the base 64 attachment, and that's just the begin of a base64 encoded MZ (found as magic header of almost all EXEcutable binaries). MZ (Mark Z.) was one of the inventors of DOS. Similar the ZIP crap: ZIPs always start with PK (Phil K.), or again with MZ (EXEcutable unpacker before the real ZIP). The base64 encoded version of PK starts with UE, and that's what "GreyWater" posted here: | --=_NextPart_2rfkindysadvnqw3nerasdf | Content-Type: application/octet-stream; | name="iPod Purchase Agreement.zip" | Content-Transfer-Encoding: base64 | Content-Disposition: attachment; | filename="iPod Purchase Agreement.zip" | | UEsDBBQAAAAIAMx+BjO9fvWta3wAACKvAAAbAAAAaVBvZCBQdXJjaGFzZSBB ^^ For the last years catching any base64 attachment starting with TV or UE would have eliminated most mail worms plus all normal ZIPs. AV-software is supposed to be smarter, it should also catch infected RAR archives, DOC files with malicious macros for Word, "GIF bombs", etc., and it should let harmless ZIPs pass, but of course there's always a small delay until fresh patterns to catch new malware make it to all customers. When I submit this attachment as is (undecoded, all lines from UE ... down to AA) at Kaspersky online they say: | x1iPod Purchase Agreement.scr - | infected by Trojan-Dropper.Win32.Agent.rp Cute, I didn't know that they also scan raw undecoded base64 "text". Bye, Frank From anon at coks.net Sun Aug 7 10:31:30 2005 From: anon at coks.net (J G) Date: Sun Aug 7 12:30:02 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/7/2005 8:45 AM Mike Easter scribbled: > J G wrote: > >>So, I get the idea I can eliminate a few steps by adding >>the abuse addys to my SC screen and simply check the box when I see a >>particular address in the parse and know it to be /25. >>I know there are ISPs that won't accept SC reports and I guess I was >>wondering aloud whether dtag was one and if so, would SC reject my >>addon request and tell me so or not... > > > Altho' I haven't actually done what you are saying, I'm [almost] sure > the answer will be... > > SC isn't going to handle your add/on addresses in the same way it > handles its 'official' spamcop report addresses. Well, we're getting closer, but I don't give a FF about the munging aspect which is being discussed - that is another ball of wax. > What you are sending isn't an official SC report of something which SC > has determined, so SC doesn't care one way or the other about munge vs > not requests on the part of the provider. I was thinking along the lines of those providers that refuse SC reports /period/ . > I would further assume that if a SC selected address were configured to > not accept munged reports and SC refused to let you send that address an > official notification without demungeing, that you could choose to leave > yourself munged, not 'officially' send to the notified, but add the > notified as an additional notified and /still/ send it to them munged. > That paragraph is munged... And that wouldn't make much sense, would it?? From MikeE at ster.invalid Sun Aug 7 10:55:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Aug 7 13:00:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: J G wrote: >> What you are sending isn't an official SC report of something which >> SC has determined, so SC doesn't care one way or the other about >> munge vs not requests on the part of the provider. > > I was thinking along the lines of those providers that refuse SC > reports /period/ . IMO, the same principles I am describing about mungeing issues would apply to the general concept of accepting spamcop reports. When you create an additional notified, you are stepping outside the official SC notification process. The faq sez it is for members only and 'experts' -- but it does not say "You cannot add an additional notified which has declined to be notified by the official spamcop notification process." >> I would further assume that if a SC selected address were configured >> to not accept munged reports and SC refused to let you send that >> address an official notification without demungeing, that you could >> choose to leave yourself munged, not 'officially' send to the >> notified, but add the notified as an additional notified and /still/ >> send it to them munged. >> > That paragraph is munged... What do you mean? > And that wouldn't make much sense, would it?? What do you mean? I'll try to restate the par. If SC determines an address to be notified, but that address either does not accept munged reports or doesn't accept spamcop reports at all, but you wanted to notify it anyway -- I expect that the SC configuration and emailing process would allow you to add the address as an additional notified. I expect that because I don't think that the addresses of additional notifieds are vetted in the same way as are the addresses for spamsource or spamvertiser. Again, this is untested conjecture. It is also untested as to whether or not that could cause problems for a reporter. I can imagine that if a provider has notified SC that they don't want SC reports, it is highly likely that they also don't want anything that /looks like/ a SC report. Additional notified reports look a lot like a regular SC report. If you don't pay attention to the exact words, you can't tell the difference. Someone recently posted here an example of an additional notified, and they had interpreted it as being a notification of being a spamsource instead of just an additional notified. -- Mike Easter kibitzer, not SC admin From PleaseReplyTo at TheGroupInstead.be Sun Aug 7 19:58:09 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sun Aug 7 13:00:12 2005 Subject: [SpamCop-List] Re: This is nasty References: <42F632F4.16B2@xyzzy.claranet.de> Message-ID: > Be careful here, "GreyWater" obviously doesn't know the fine > print: Even "merely data" can be dangerous for the associated > application, e.g. 50 KB of compressed stuff expanding into > several GB might cause havoc (limited to a reboot, but still). > > And something claiming to be "demo,JPG" could be in fact a > "demo.JPG " (insert many spaces) " .EXE" or one of > the less known variants of EXEcutable binaries (SCR, BAT, PIF, > COM, etc. as you said) Yes, there's all sorts of additional remarks to make. I should have at least mentioned the last one. Usually, when I tell such stuff to a family member or such, they ask 'what is an extension?' and that reminds me to also mention the many-spaces trick. In general, users should note the last part of the filename, following the last period. That is, if windows at least is made to show its braindead default setting to mask this vital information is changed (ask a smartass kid in your familly or neighbourhood to do that for you). They should pay special attention to the fact that it should really be the last part, if a '...' is visible near the end of the box showing the filename, that usually means there's a lot of spaces after what *appears* to be the last part, and thus the last part is something completely different and invisible. This, all by itself, is an indiciation of malware, normal users don't make such filenames. Still you can usually view the complete filename by stretching windows or by viewing a pop-up when mouse cursor is hoovered over the filename or such. > So far they all started with TV in the base 64 attachment, and > that's just the begin of a base64 encoded MZ (found as magic > header of almost all EXEcutable binaries). MZ (Mark Z.) was > one of the inventors of DOS. > > Similar the ZIP crap: ZIPs always start with PK (Phil K.), or > again with MZ (EXEcutable unpacker before the real ZIP). The > base64 encoded version of PK starts with UE, and that's what > "GreyWater" posted here: > > | --=_NextPart_2rfkindysadvnqw3nerasdf > | Content-Type: application/octet-stream; > | name="iPod Purchase Agreement.zip" > | Content-Transfer-Encoding: base64 > | Content-Disposition: attachment; > | filename="iPod Purchase Agreement.zip" > | > | UEsDBBQAAAAIAMx+BjO9fvWta3wAACKvAAAbAAAAaVBvZCBQdXJjaGFzZSBB > > ^^ > For the last years catching any base64 attachment starting with > TV or UE would have eliminated most mail worms plus all normal > ZIPs. AV-software is supposed to be smarter, it should also > catch infected RAR archives, DOC files with malicious macros > for Word, "GIF bombs", etc., and it should let harmless ZIPs > pass, but of course there's always a small delay until fresh > patterns to catch new malware make it to all customers. Yes, should have mentioned doc and sorts too... Apart from the really safe file types, like bmp and jpg, and the really dangerous, like exe and scr, there's also something like a twilight zone inbetween. Most Office file types are in this twilight zone. They can cause havoc in Office by installing malicious macro's and such. They cannot however screw up your complete system or turn it into a spamming zombie. The best advice is probably to accept and open this kind of file only if you really have to. If someone unknown sends you a message saying 'please open attachment' or anything of that sorts that is clearly aimed at triggering your curiosity, and the attachement is a twilight zone filetype like doc, don't open it. If someone you know send you something you expect, and it's a doc, ask yourself if the same kind of functionality could be delivered in safer filetypes, like txt. If it could, then inform the sender you prefer him to resend with a safer filetype (often senders are as unaware as most receivers, and by spreading the word you are doing them a favor). But if you run a translation agency, you cannot expect your clients to refrain from sending doc files and the like, of course. In that case, you probably have a good reason to install some kind of filth scanner after all, and you should investigate the ways to clear the macro stuff and/or backup it and such. I'm not much of an expert of Office files though, I hope I got it right. One finale piece of advice that is very important, is to update your os (windows) and software with the latest security patches and such regularly. Again, this is probably a job for the local smartass kid. The thing to remember is to not feel overwhelmed by this. Don't put your trust in anti-whatever ware, they cripple your machine, and a good virus nowadays is able to take over the planet in a couple of hours, which is by far faster then any firm is able to update the anti-whatever ware to stop it. So never mind the dog, beware of the owner. Remember what a file type is and what an extension is. Remember to check it, and make yourself a list of safe types, unsafe types, and twilight zone types. When in doubt, do doubt, don't trust. Find yourself a local smartass to regularly update your machine and check it for the presence of filth while he's at it. Don't trust easilly. If paypal seems to send you a mail and you know you've got no paypal accout, or even if you have, don't trust it. Anyone can send any mail. If you receive a mail telling you to delete this or that file from your windows system directoy because it's a virus, don't do it. This type of 'hoax' is the worst virus ever, and you'll be crippling your machine by deleting very crucial files. It's not complicated, it's a simple habit, and it'll save you lots of trouble. Don't trust, keep your box up to date, and check file extensions. Joris From edb2000 at spamcop.net Sun Aug 7 11:04:47 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 13:05:03 2005 Subject: [SpamCop-List] Re: SC account settings - was: Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: WazoO wrote: > Before a lot of fur flies on this ... there is a setting in the > account preferences as to whether "you" wish to mung > or not ... I'm suspecting that your reporting account in > this test is set to "not mung" .. thus the "no pop-up" ..??? > Negatory. I have my reporting preferences set to mung. -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Sun Aug 7 11:58:38 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 14:00:03 2005 Subject: [SpamCop-List] 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: [note: subject changed to reflect the diverging thread] Mike Easter wrote: > SC isn't going to handle your add/on addresses in the same way it > handles its 'official' spamcop report addresses. > > What you are sending isn't an official SC report of something which SC > has determined, so SC doesn't care one way or the other about munge vs > not requests on the part of the provider. SC is simply doing /you/ a > favor by including a copy of the SC report to someone else. > > You could make it to the president of the US if you wanted to. It isn't > an address which is spun off the SC 'process' so I wouldn't think any of > the alerts about mungeing would work. > > I would further assume that if a SC selected address were configured to > not accept munged reports and SC refused to let you send that address an > official notification without demungeing, that you could choose to leave > yourself munged, not 'officially' send to the notified, but add the > notified as an additional notified and /still/ send it to them munged. > > That is all based on conjecture. Someone will have to try it and see > what actually happens. > Yes, of course the 3rd party reports are simply a convenience offered by SC. Yes, you can send the SC report to any email address you type in, any address at all. I would have assumed that the report sent to this address is either munged or un-munged, based on the SC reporting account preference settings. Yet I have in my hand two reports sent to myself by entering an email address in that 3rd party address, and one is munged and the other is un-munged. The differences is that between sending the two reports I changed the setting on an SC ISP account (*not* the reporting account) to refuse to accept munged reports. The SC reporting account preferences were set to send munged reports in both cases. I'm concerned that SC appears to reveal the reporter's address even though the reporter has hir preferences set to mung, and gives no warning to the reporter that this is about to happen. I would have thought as you say above, that SC simply sends a copy of the report to that 3rd party address. It's quite surprising surprising that SC seems to take the extra step to look up the 3rd party address to see if it is registered with SC as an ISP reporting address, and then look up the preferences to see if the report should be munged or unmunged. Since anyone can create an SC "ISP account", it should be easy to duplicate my experiment and see the results. Mike, don't you already have an ISP account you use for testing purposes? 1) create a throw-away email address where you can receive email 2) create a new SC ISP account, and use that throw-away address to receive the reports 3) set the ISP account preferences to allow munged reports (which is the default, I believe) 4) log out of SC, and log into your SC reporter account (or log in on a different machine -- NOT just a different browser window) 5) verify that your SC reporting account preferences are set to mung reports 6) report a spam, and enter your throw-away email address as a 3rd party to receive a copy of the report 7) note that there is no indication whether the email address you type in has been registered with SC in connection with any ISP account interested in receiving SC reports 8) read the SC report that is sent to that throw-away 3rd party address, verify that it is munged 9) log out of SC, log into your SC ISP account, change the preferences to refuse munged reports 10) log out of SC, log into your SC reporter account 11) report another spam, enter the throw-away address to receive a copy of the report 12) note that there is no indication that the email address is registered with SC as an ISP address interested in receiving SC reports 13) note that there is no indication that the report will be sent to this 3rd party address un-munged, as there would be if SC had presented the address in the list of possible reports to send 14) read the SC report sent to the throw-away address. Verify that it is un-munged. -- Don Wannit A paid SpamCop user since 1999 From anon at coks.net Sun Aug 7 12:09:17 2005 From: anon at coks.net (J G) Date: Sun Aug 7 14:10:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/7/2005 9:55 AM Mike Easter scribbled: > > When you create an additional notified, you are stepping outside the > official SC notification process. The faq sez it is for members only > and 'experts' -- but it does not say "You cannot add an additional > notified which has declined to be notified by the official spamcop > notification process." I wasn't aware such notifies were not the same - never occured to me. > > >>>I would further assume that if a SC selected address were configured >>>to not accept munged reports and SC refused to let you send that >>>address an official notification without demungeing, that you could >>>choose to leave yourself munged, not 'officially' send to the >>>notified, but add the notified as an additional notified and /still/ >>>send it to them munged. >>> >> >>That paragraph is munged... > > > What do you mean? > What I meant was tongue in cheek - I had to read it real slow a second time before I understood what you were saying. Not being aware of the difference in reports, I didn't see your point at first. >>And that wouldn't make much sense, would it?? > > > What do you mean? It doesn't make sense to me that such a notify would be different than the "official" report, so it never occured to me that I should look in an FAQ for this information. In fact, when I "view past reports", both types are exactly the same - just a copy of the spam. > > I'll try to restate the par. If SC determines an address to be > notified, but that address either does not accept munged reports or > doesn't accept spamcop reports at all, but you wanted to notify it > anyway -- I expect that the SC configuration and emailing process would > allow you to add the address as an additional notified. I expect that > because I don't think that the addresses of additional notifieds are > vetted in the same way as are the addresses for spamsource or > spamvertiser. I would expect this could cause trouble for SC and that SC would not do so. > > Again, this is untested conjecture. It is also untested as to whether > or not that could cause problems for a reporter. This is what I'd like to know... > > I can imagine that if a provider has notified SC that they don't want SC > reports, it is highly likely that they also don't want anything that > /looks like/ a SC report. I'd expect so as well, which is what got me curious. Additional notified reports look a lot like a > regular SC report. If you don't pay attention to the exact words, you > can't tell the difference. As stated, I can see no difference when I view past reports via my input screen. > > Someone recently posted here an example of an additional notified, and > they had interpreted it as being a notification of being a spamsource > instead of just an additional notified. > I did not see that post. So, summing up, I'm probably pissing dtag off by pointing out the work of their adjancent. The concept of adjancency does what for the world, anyway, if folks can just ignore it? (rhetorical) From PleaseReplyTo at TheGroupInstead.be Sun Aug 7 21:11:18 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sun Aug 7 14:15:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: > Clinton didn't take out the N. Korean nuke complex in 1994 for the sake of > S. Korea. Now we receive spam from S. Korea compliments of Kornet on a > regular basis. Comments? Here's one: current escalation of all problems, current problem you mention here, is happening under the regime of a very different administation that is ready to shoot at just about anything that moves. > Does anybody want to provide S. Korea spam > addresses to reciprocate the spam? Wild guess: you're an american catholic, right? I'm probably a terrorist for arguing with you, a barbarian no doubt, and I probably need to be nuked for being evil, but I'm nevertheless signing this message with my own, legit, and full name. Will you do the same? Joris Van Damme From edb2000 at spamcop.net Sun Aug 7 12:12:43 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 14:15:10 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Forgot to add: You can add two 3rd party addresses and compare the two reports. Enter your throw-away ISP address (set to refuse munged reports), a comma, and your SC forwarding email address (the address SC sends your "spam is ready" messages to). Click Submit. Compare the two reports. One is munged, the other un-munged. -- Don Wannit A paid SpamCop user since 1999 From usenet2 at DE.LETE.THISljvideo.com Sun Aug 7 19:19:07 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sun Aug 7 14:20:02 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: Waiving the right to remain silent, "Joris Van Damme" said: >> Clinton didn't take out the N. Korean nuke complex in 1994 for >> the sake of S. Korea. Now we receive spam from S. Korea >> compliments of Kornet on a regular basis. Comments? > > Here's one: current escalation of all problems, current problem > you mention here, is happening under the regime of a very > different administation that is ready to shoot at just about > anything that moves. > >> Does anybody want to provide S. Korea spam addresses to >> reciprocate the spam? > > Wild guess: you're an american catholic, right? > > > I'm probably a terrorist for arguing with you, a barbarian no > doubt, and I probably need to be nuked for being evil, but I'm > nevertheless signing this message with my own, legit, and full > name. Will you do the same? alt.politics.democrat is that way -----------> -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From anon at coks.net Sun Aug 7 12:26:09 2005 From: anon at coks.net (J G) Date: Sun Aug 7 14:25:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country In-Reply-To: References: Message-ID: On 8/7/2005 11:19 AM Larry J. scribbled: > Waiving the right to remain silent, "Joris Van Damme" > said: > > >>>Clinton didn't take out the N. Korean nuke complex in 1994 for >>>the sake of S. Korea. Now we receive spam from S. Korea >>>compliments of Kornet on a regular basis. Comments? >> >>Here's one: current escalation of all problems, current problem >>you mention here, is happening under the regime of a very >>different administation that is ready to shoot at just about >>anything that moves. >> >> >>>Does anybody want to provide S. Korea spam addresses to >>>reciprocate the spam? >> >>Wild guess: you're an american catholic, right? >> >> >>I'm probably a terrorist for arguing with you, a barbarian no >>doubt, and I probably need to be nuked for being evil, but I'm >>nevertheless signing this message with my own, legit, and full >>name. Will you do the same? > > > alt.politics.democrat is that way -----------> > Since someone brought up Koreans, does anyone find it odd that all the recent Moonie spam is from China?? From PleaseReplyTo at TheGroupInstead.be Sun Aug 7 21:32:06 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sun Aug 7 14:35:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: > alt.politics.democrat is that way -----------> Yes, you are correct, and I appologise for that. Some things are just too disgusting, and I forget this is not the right place to make a statement about such stuff. I should not have forgotten. Joris From MikeE at ster.invalid Sun Aug 7 14:13:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Aug 7 16:15:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Don Wannit wrote: > Yet I have in my hand two reports sent to myself by entering an email > address in that 3rd party address, and one is munged and the other > is un-munged. So, in the case of additional notifies, the preference of the addtional notified rules over the preference of the reporter. I wonder then, if the preference of the additional notified re getting a report at all also rules. Logically it would seem to be so. I'm surprised SC can go to the trouble of checking some particular address which isn't an address which its own algorithm didn't derive. Interesting. > Since anyone can create an SC "ISP account", it should be easy to > duplicate my experiment and see the results. Mike, don't you > already have an ISP account you use for testing purposes? No. I understand the concept -- but it would only be a confirmation of what you have already experimentally demonstrated by strong incontrovertible evidence. The only other thing you could add to what you've already done is to [temporarily] configure to refuse reports and see if you get an additionally notified report anyway. The 'specifics' of that might be the telling issue. That is, a provider configures to not be notified about specifics, spamsource, spamvertiser, relay, or any reports. You would have to comment on how those options are provided since you are configured as a provider. SpamCop now allows selection of report types. You can elect to accept or refuse reports depending on their type (source of mail, web hosting, open relays, etc..). Also, you can refuse any report if the user has not agreed to reveal all header information, including recipient email addresses. So, that faq page put together with what you have reported tells me that the system is not working the same for also notifieds as it does for spamcop notifies. That is, that page isn't 'truthful' as regards also notifieds. That page is *specifically* about SC notifies, not also/s. So, then that means that 'all bets are off' re what the reporter of also notifieds is going to get regarding both mungeing, and I would also now guess regarding even being notified. If the system is going to respect the wishes of the provider primarily for the also notified process, then the also notified calls the shots about both mungeing and being notified at all. That is probably as it should be. SC has no special obligation to the reporter in this area. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Aug 7 14:42:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Aug 7 16:45:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > If the system is going to respect the wishes of the provider primarily > for the also notified process, then the also notified calls the shots > about both mungeing and being notified at all. > That is probably as it should be. SC has no special obligation to > the reporter in this area. *Except* -- that SC has some obligation to not allow or cause the reporter to expect or assume that condtions will be different than they are. That is, the faq should say that in the case of also notifieds, that the preferences of the also notified as registered with spamcop [which will be unknown to the reporter, who doesn't have access to the preferences as chosen by the provider ISP] will be the preferences of choice, not the preferences of the reporter using the also notified section. As a completely different subject which has nothing to do with this one -- except that this new subthread above represents something wrong about how SC is doing things or telling about the things it is doing or not telling about the things it is doing.... As a different subthread in that theme.. ... the business of spamcop and its challenges to providers is problematic. 'We' get to report challenges as spam because we don't like that configuration. Other systems are not only 'required' to accept SC challenges by a human being responding to a challenge mail, but if there isn't a human being there to read and accept the challenge, then the address is 'banished' or dropped from future notifications, just as a poster alleged "When an ISP replies to their first SpamCop report, the email is forwarded to the correct person. However, at the same time, the ISP is sent back a challenge email asking them to verify by clicking a URL. If the same ISP (as identified by their "from" or "reply-to" header) tries to reply to other SpamCop reports without first responding to the challenge, their email will be unceremoniously deleted." http://www.spamcop.net/fom-serve/cache/246.html The purposes of those challenges is to help SC live up to its Preferences configuration for reporters who only want replies from sentients. But, the business of SC using challenges as part of a system of mail handling was eliminated long ago. I think someone needs to reexamine whether or not SC should be doing any kind of challenging as a mail filtration process. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Sun Aug 7 15:23:40 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 17:25:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > So, in the case of additional notifies, the preference of the addtional > notified rules over the preference of the reporter. > > I wonder then, if the preference of the additional notified re getting a > report at all also rules. Logically it would seem to be so. I'm > surprised SC can go to the trouble of checking some particular address > which isn't an address which its own algorithm didn't derive. > Interesting. Hmm, hadn't thought of this angle. If a recipient has specifically said that they don't want SC reports, and a reporter adds that address anyway, it would be annoying to the recipient to get that unwanted report. That would discredit SC, even though it's really the reporter sending the report. So that might be the reason SC spends the extra cycles looking up the report address to see if it has preferences set. Obvious example: spam -at- ftc.gov might really not want to get SC reports, no matter how many times reporters type that address to get an additional notify. Perhaps SC got its collective ears boxes so many times that it was deemed worth spending some more overhead before sending reports. As for specific reports a recipient can choose to receive or not, I normally have them all enabled. Another experiment: turn off some reports, and try again. Now when I report a spam from my separate reporting SC account, after I click "Send Spam Report(s) Now" I see these lines at the top of the next page: Spam report id 1483834727 sent to: abuse@[source-of-spam] Spam report id 1483834728 sent to: root@[my-address] abuse@[my-address] does not wish to receive user-copied reports. The report received at the root address is munged, as I would have expected. There was no report received at the abuse address which I configured not to accept. There actually is a separate preference choice for the recipient to refuse or allow notify reports (User defined recipient). However, with the User defined recipient report allowed, and the recipient preferences set to refuse munged reports, but with the reporting account set to mung reports, SC sends an un-munged report to the User Notification address I manually entered. Not earth-shattering, but still it was unexpected. Reporters who are adamant about never sending un-munged reports should be aware that it might happen without their knowing it, if they type an additional report address into that User Notification field. Maybe the "solution" is as simple as adding the text "Caution: this report might be sent un-munged, depending on preference settings for the address you enter here." near the text box to add extra report addresses. -- Don Wannit A paid SpamCop user since 1999 From porpoise1954 at yahoo.co.uk Mon Aug 8 00:44:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Aug 7 18:50:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: "Don Wannit" wrote in message news:dd5u51$q6j$1@news.spamcop.net... > > Maybe the "solution" is as simple as adding the text > "Caution: this report might be sent un-munged, depending on > preference settings for the address you enter here." > near the text box to add extra report addresses. Or, maybe the solution is as simple as: if <(recipient not_want ("munged report")) and (sender not_want ("send un-munged report"))> { report = not_send; } From MikeE at ster.invalid Sun Aug 7 17:27:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Aug 7 19:30:10 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Porpoise wrote: > "Don Wannit" >> Maybe the "solution" is as simple as adding the text >> "Caution: this report might be sent un-munged, depending on >> preference settings for the address you enter here." >> near the text box to add extra report addresses. > > Or, maybe the solution is as simple as: > > if <(recipient not_want ("munged report")) and (sender not_want ("send > un-munged report"))> > { > report = not_send; > } The more I think on it, the more I disagree with the way SC is currently handling it according to Don's experimental results. The additional notified is being notified *purely* on the basis of the request of the reporter, not on the basis of any requesting by the additional, even if the additional is a SC registered ISP provider with preferences. If the reporter wants to *not* notify those requesting unmunged, then SC should *not* [by default] notify -- rather than providing unmunged at the request of the ISP provider with such registered preferences. That is, the reporter is saying, I want all of my notifieds [which includes by assumption those who are additionals] to be /only/ notified with munged reports, not unmunged, unless countermanded. Then, the handling of the notification of an additional should proceed along the same lines as the notification of an official report. That is, since SC has determined that it is going to perform a 'lookup' operation on the addresses of additional notifieds, which is to determined if they want to be notified and if they want to be notified unmunged, then it should continue to perform the rest of the operation. The rest of the operation is that SC should have to notify the reporter as to that status so determined -- this notified doesn't want to be notified, or this notified doesn't want to be notified munged -- so that the reporter can approve or disapprove unmunged notification. Currently the faq sez that mungeing is performed according to reporter preferences. That has been proven false for the case of additionals. Ergo the faq is false, a lie, a misrepresentation. -- Mike Easter kibitzer, not SC admin From anon at coks.net Sun Aug 7 17:52:16 2005 From: anon at coks.net (J G) Date: Sun Aug 7 19:55:04 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/7/2005 2:23 PM Don Wannit scribbled: > > Obvious example: spam -at- ftc.gov might really not want to get > SC reports, no matter how many times reporters type that address > to get an additional notify. Perhaps SC got its collective ears > boxes so many times that it was deemed worth spending some more > overhead before sending reports. Don, was this just a random pick or does the FTC /not/ want SC reports? Cause I have them as an additional notify and have to check the box every time - if they don't want it, I won't do it... > From nobody at spamcop.net Sun Aug 7 17:53:55 2005 From: nobody at spamcop.net (N. Miller) Date: Sun Aug 7 19:55:14 2005 Subject: [SpamCop-List] Re: Where did cox get into this? References: Message-ID: <1u3dyak6rdu9w.dlg@news.spamcop.net> On Sat, 06 Aug 2005 17:42:18 -0700, J G wrote: > http://www.spamcop.net/sc?id=z793776890zc8f831a4206917b5614951678e0eb748z > > curious...kinda close to home. Where did netscape.net come into play, > claiming to be same IP #? The parser says, directly below the line with the netscape.net, "Possible forgery. Supposed receiving system not associated with any of your mailhosts". So I would say that netscape.net is not in play in your example; rather, it is just a spammer invention. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Sun Aug 7 18:00:52 2005 From: nobody at spamcop.net (N. Miller) Date: Sun Aug 7 20:05:02 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: On Sun, 7 Aug 2005 20:11:18 +0200, Joris Van Damme wrote: > Here's one: current escalation of all problems, current problem you mention > here, is happening under the regime of a very different administation that > is ready to shoot at just about anything that moves. Incorrect assessment. Should have left that comment out because it really doesn't apply. If you have a beef with my comment, my "Reply-To:" email address works... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From edb2000 at spamcop.net Sun Aug 7 18:34:10 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Aug 7 20:35:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: J G wrote: > On 8/7/2005 2:23 PM Don Wannit scribbled: > >>Obvious example: spam -at- ftc.gov might really not want to get >>SC reports, no matter how many times reporters type that address >>to get an additional notify. Perhaps SC got its collective ears >>boxes so many times that it was deemed worth spending some more >>overhead before sending reports. > > > Don, was this just a random pick or does the FTC /not/ want SC reports? > Cause I have them as an additional notify and have to check the box > every time - if they don't want it, I won't do it... > No, that was a random pick. When that FTC address was first set up, they said they wanted copies of *all* spam so they could accumulate a large sample base. I have read from time to time here and "over there" (in the, ahem, SC Forum, ahem) that the FTC was inundated and overwhelmed by the quantity of SC reports they were receiving, so they requested that SC not automatically send reports any more. They do seem to accept (or at least not bounce) explicitly user-added notification reports. For now. I was using them as an hypothetical example. Sorry if that caused more confusion than clarity! -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Sun Aug 7 21:35:45 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Aug 7 21:40:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: "Don Wannit" wrote in message news:dd69a5$b8$1@news.spamcop.net... > > No, that was a random pick. When that FTC address was first > set up, they said they wanted copies of *all* spam so they > could accumulate a large sample base. I have read from time to > time here and "over there" (in the, ahem, SC Forum, ahem) > that the FTC was inundated and overwhelmed by the quantity of > SC reports they were receiving, so they requested that SC not > automatically send reports any more. They do seem to accept > (or at least not bounce) explicitly user-added notification > reports. For now. And the next level of change was the creation of a new address for those FTC spam submittals ... some dialog with FTC staff documented at the Forum version of the FAQ entry titled - "spam uce.gov replaces uce ftc.gov" http://forum.spamcop.net/forums/index.php?showtopic=1972&st=0&p=13792&#entry13792 From anon at coks.net Sun Aug 7 20:24:45 2005 From: anon at coks.net (J G) Date: Sun Aug 7 22:25:05 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On 8/7/2005 5:34 PM Don Wannit scribbled: > J G wrote: > > >>On 8/7/2005 2:23 PM Don Wannit scribbled: >> >> >>>Obvious example: spam -at- ftc.gov might really not want to get >>>SC reports, no matter how many times reporters type that address >>>to get an additional notify. Perhaps SC got its collective ears >>>boxes so many times that it was deemed worth spending some more >>>overhead before sending reports. >> >> >>Don, was this just a random pick or does the FTC /not/ want SC reports? >>Cause I have them as an additional notify and have to check the box >>every time - if they don't want it, I won't do it... >> > > > No, that was a random pick. When that FTC address was first > set up, they said they wanted copies of *all* spam so they > could accumulate a large sample base. I have read from time to > time here and "over there" (in the, ahem, SC Forum, ahem) > that the FTC was inundated and overwhelmed by the quantity of > SC reports they were receiving, so they requested that SC not > automatically send reports any more. They do seem to accept > (or at least not bounce) explicitly user-added notification > reports. For now. > > I was using them as an hypothetical example. Sorry if that > caused more confusion than clarity! > Given your contribution to this thread, no sorries needed. tnx - jg From nobody at spamcop.net Sun Aug 7 22:54:57 2005 From: nobody at spamcop.net (RW) Date: Sun Aug 7 23:55:03 2005 Subject: [SpamCop-List] Re: tekcom & dtag In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: <42F6D791.20803@spamcop.net> Don Wannit wrote: > J G wrote: > >> I appreciate your efforts, but I was referring to the issue of >> munged/unmunged. I was thinking of one of those that "SC refuses to >> bother", in other words, those that won't accept reports period. I'm >> confused with the option you mention. Are you an ISP that can select >> accept/not accept munged reports? As a plain reporter, I am given a >> check box option to send to an ISP that won't accept munged reports and >> am told by SC that if I choose to send, it /will/ go unmunged An excellent thread with some great discussion. My reply could go in many places, but instead I will insert it back where I came in. Mike has provided most of the right answers, but a little background: ISPs have always had the ability to refuse to accept SpamCop reports. Some major ISPs were starting to do just that because their legal departments were screaming that they couldn't action anonymous complaints. Others were concerned some tampering with headers leaves room for suspicion of other tampering. To prevent the complete refusal of SC reports, Julian entered into a compromise that ISPs could refuse munged reports. Next came the ability to refuse certain types of reports (originating, hosting, relaying, etc.). Finally, when all users were given the option of entering user targeted addresses, ISPs were given the option of refusing those too, because some users were abusing it. Julian also didn't want unmunged reports to be sent by default and want users to be aware the report would be sent unmunged, so he programmed the checkbox to be off by default and use javascript to pop up the warning when the user checked the box. IIRC, the default used to also be that you clicked "cancel" instead of "OK" to keep the box checked, just to make sure the user read the text. Then came along the problem of users that couldn't/wouldn't allow javascript. I foget if it meant they couldn't check the box to send unmunged reports or if it froze the browser, but that is where the default option was put in the user preferences. The intent is, if the user has the preference checked for 'munged only', they get the defaulted off checkbox and popup. If the user has selected 'send unmunged', the box should appear checked by default (therefore no javascript popus to contend with). The problem of sending munged vs unmunged for user notifies is a different problem, but has to do with the order things are done. When parsing, SC checks the ISP account and sees the unmunged only or refusal flag, so can take that into account when displaying the parsing page. SC doesn't know you're going to enter a user notify until you send the data to SC, i.e., hit send. By then it's too late. SC can't come back with an 'are you sure'. It does check the database though and will report back refusals and redirected addresses. I do agree this is an unintentional step in sending unmunged reports to user notifies based on the ISP preferences, but I'm not sure of a way around it. I suppose our easiest option will be to set ISP accounts to 'refuse user notifies' as we come across those that refuse munged reports. Now that I've refreshed the messages and see Don posted, this might all be moot. It may also be the the refuse route is the easiest (and maybe the only) one. Richard From zypher at spamcop.net Sun Aug 7 23:57:16 2005 From: zypher at spamcop.net (Ron B.) Date: Mon Aug 8 00:00:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: SpamCop Admin wrote: > I submitted a bug report asking that SpamCop be set to only send > unmunged "User Notify" reports if the user's Preferences are set to > allow it, or otherwise, to pop-up the standard warning message/dialog > box and give the user the opportunity to choose. > > I suspect the scenario of a user sending a personal report to an abuse > address that won't accept unmunged reports wasn't considered when the > code was written. > > - Don - If they won't accept unmunged reports, why would the accept any reports? From pantheus at suespammers.org Sun Aug 7 22:06:28 2005 From: pantheus at suespammers.org (Ken Knull) Date: Mon Aug 8 00:10:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: On Sun, 07 Aug 2005 20:35:45 -0500, WazoO wrote: > And the next level of change was the creation of a new address for those > FTC spam submittals ... some dialog with FTC staff documented at the Forum > version of the FAQ entry titled - "spam uce.gov replaces uce ftc.gov" This is old news, 9-12 months old... (but accurate news none the less.) -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From nobody at spamcop.net Sun Aug 7 23:12:59 2005 From: nobody at spamcop.net (RW) Date: Mon Aug 8 00:15:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] In-Reply-To: References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > Currently the faq sez that mungeing is performed according to reporter > preferences. That has been proven false for the case of additionals. > Ergo the faq is false, a lie, a misrepresentation. Since that is part of the preferences webpage and not a faq, I can't change the wording or post a warning. Technically, the second part is incorrect as well, depending how you read it: "If you select intact spam copies, SpamCop will send all reports unmodified." AFAIK, selecting 'intact' still only affects those that refuse munged reports and means the checkbox on the parsing page is checked by default. Reports to other ISPs who accept munged reports, get munged reports. Richard From zypher at spamcop.net Mon Aug 8 08:43:44 2005 From: zypher at spamcop.net (Ron B.) Date: Mon Aug 8 08:45:03 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria In-Reply-To: References: Message-ID: Robert Blair wrote: > On Sun, 7 Aug 2005 02:01:45 UTC, "Ron B." wrote: > > >> Now, however, a 3-year-old crackdown is >>yielding results, Nigerian authorities say. > > > Not according to my inbox. > > > " > This month the biggest international scam of all though not one > involving the Internet ended in court convictions. Amaka Anajemba was > sentenced to 2 1/2 years in prison and ordered to return $25.5 million > of the $242 million she helped to steal from a Brazilian bank. > " > > The sentence does not match the crime, it would hardly deter anyone. > > Please note the word "helped" in the quoted paragraph. Perhaps the whole $242 million were not in her control? From mcwebber at my-deja.com Mon Aug 8 09:43:45 2005 From: mcwebber at my-deja.com (McWebber) Date: Mon Aug 8 08:45:18 2005 Subject: [SpamCop-List] MSN Hosted Domains Message-ID: When Spamcop parses a spam and sees it hosted by MSN the report only goes to abuse@hotmail.com. According to a reply from an MSN address in the whois: If you wish to report an email or domain name abuse, please contact abuse_personaladdress@css.one.microsoft.com. -- McWebber No email replies read If someone tells you to forward an email to all your friends please forget that I'm your friend. From Kilgallen at SpamCop.net Mon Aug 8 09:46:49 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Aug 8 09:50:03 2005 Subject: [SpamCop-List] Re: MSN Hosted Domains References: Message-ID: In article , "McWebber" writes: > When Spamcop parses a spam and sees it hosted by MSN the report only goes to > abuse@hotmail.com. According to a reply from an MSN address in the whois: > > If you wish to report an email or domain name abuse, please contact > abuse_personaladdress@css.one.microsoft.com. That could be different from what MSN has said it wants SpamCop to do. From nobody at spamcop.net Mon Aug 8 08:35:47 2005 From: nobody at spamcop.net (Antispam Knight) Date: Mon Aug 8 10:40:03 2005 Subject: [SpamCop-List] Re: Spam Promoting Penny Stocks References: Message-ID: "spamacyde" wrote in message news:dd508r$a7a$1@news.spamcop.net... > Are any agencies interested in investigating spam promoting penny stocks? > > Please reply by way of posts, not emails. > > enforcement@sec.gov antispam knight From nobody at nowhere.not Mon Aug 8 18:27:37 2005 From: nobody at nowhere.not (Robert Blair) Date: Mon Aug 8 13:30:03 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria References: Message-ID: On Mon, 8 Aug 2005 12:43:44 UTC, "Ron B." wrote: > > " > > This month the biggest international scam of all though not one > > involving the Internet ended in court convictions. Amaka Anajemba was > > sentenced to 2 1/2 years in prison and ordered to return $25.5 million > > of the $242 million she helped to steal from a Brazilian bank. > > " > > > > The sentence does not match the crime, it would hardly deter anyone. > > > > > > Please note the word "helped" in the quoted paragraph. Perhaps the > whole $242 million were not in her control? Two and a half years is not very long. Also how much more does she have hidden away and will her accomplices give her more? I would expect they might to keep her quiet if they do not get caught. -- Robert Blair From nobody at devnull.spamcop.net Mon Aug 8 17:26:22 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Aug 8 16:30:03 2005 Subject: [SpamCop-List] OT, but ... Message-ID: Out of curiousity, I was just wondering if anyone here had noticed cookies coming from a site long after you had left the site, but still during the same session. Sometimes I let my cookie monitor tell me when cookies arrive. Today was one of those times. I went to Lowes web stie, spent some time there, put a couple items in my basket, then left, needing more info before I actually made the order. No order info was given yet. About fifteen minutes AFTER leaving the site, two cookies arrived from Lowes. A txt1, txt2, and something else I don't recall. NBD, really, but ... is that a common practice? And ... how is it done once I've closed the connection to their site (but of course still have my browser running). Is it as simple as just sending it? Do spammers use this technique? Makes a cookie app that much more valuable if so. I use WinPatrol to cach cookies. TIA. Pop From nobody at devnull.spamcop.net Mon Aug 8 19:47:36 2005 From: nobody at devnull.spamcop.net (Cat) Date: Mon Aug 8 19:50:02 2005 Subject: [SpamCop-List] Re: This is nasty In-Reply-To: References: Message-ID: GreyWater wrote: > The attachment for this email was a zip file named "iPod Purchase > Agreement.zip" containing a file "iPod Purchase Agreement.scr". I have not > seen anything like this before. I guess it's supposed to make you upset so > you rush to open the attachment and run whatever nasty payload this carries. > > Opening the file triggers MS Anti-Spyware, which opens a dialog box asking > if you want to run it. Spamcop and AVG let it through. So nasty that you felt the "no spam posting except in .spam" rule on the forum page didn't apply to you, so you posted it here anyway? We all get enough spam of our own without having to also look at yours in a place where we're promised a spam free environment. From anon at coks.net Mon Aug 8 19:28:26 2005 From: anon at coks.net (J G) Date: Mon Aug 8 21:30:04 2005 Subject: [SpamCop-List] NANAE has too much time on its hands... Message-ID: Don't think I've seen a serious post there in 3 weeks... From nobody at devnull.spamcop.net Tue Aug 9 12:11:24 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Aug 8 22:15:03 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Pop wrote: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, but still during the same session. > Sometimes I let my cookie monitor tell me when > cookies arrive. Today was one of those times. I went > to Lowes web stie, spent some time there, put a couple > items in my basket, then left, needing more info before > I actually made the order. No order info was given > yet. > About fifteen minutes AFTER leaving the site, two > cookies arrived from Lowes. A txt1, txt2, and > something else I don't recall. NBD, really, but ... is > that a common practice? > And ... how is it done once I've closed the > connection to their site (but of course still have my > browser running). > Is it as simple as just sending it? > Do spammers use this technique? Makes a cookie app > that much more valuable if so. > I use WinPatrol to cach cookies. I don't think that cookies can be created after you have left a website. They are normally created the moment you (or the site) request something to be stored locally. It may be that your "cookie monitor" discovers a new cookie file a bit late. B.t.w. I use Ccleaner to get rid of the cookies I don't want to keep. Very effective; you just select (once) the cookies you want to keep, the rest is delete - along with LOTS of other unnecessary stuff. From anon at coks.net Mon Aug 8 20:33:54 2005 From: anon at coks.net (J G) Date: Mon Aug 8 22:35:03 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: On 8/8/2005 7:11 PM Patto scribbled: > Pop wrote: > >>Out of curiousity, I was just wondering if anyone here >>had noticed cookies coming from a site long after you >>had left the site, but still during the same session. >> Sometimes I let my cookie monitor tell me when >>cookies arrive. Today was one of those times. I went >>to Lowes web stie, spent some time there, put a couple >>items in my basket, then left, needing more info before >>I actually made the order. No order info was given >>yet. >> About fifteen minutes AFTER leaving the site, two >>cookies arrived from Lowes. A txt1, txt2, and >>something else I don't recall. NBD, really, but ... is >>that a common practice? >> And ... how is it done once I've closed the >>connection to their site (but of course still have my >>browser running). >> Is it as simple as just sending it? >> Do spammers use this technique? Makes a cookie app >>that much more valuable if so. >> I use WinPatrol to cach cookies. > > > I don't think that cookies can be created after you have left a website. > They are normally created the moment you (or the site) request something > to be stored locally. > > It may be that your "cookie monitor" discovers a new cookie file a bit late. > > B.t.w. I use Ccleaner to get rid of the cookies I don't want to keep. > Very effective; you just select (once) the cookies you want to keep, the > rest is delete - along with LOTS of other unnecessary stuff. Patto, I se you use tbird - doesn't Firefox do the same with your cookies?? From Kilgallen at SpamCop.net Mon Aug 8 23:18:10 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Aug 8 23:20:02 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: In article , "Pop" writes: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, but still during the same session. I never thought to look. I just trust that not allowing cookies avoids them. From edb2000 at spamcop.net Mon Aug 8 21:57:35 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Aug 9 00:00:02 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Pop wrote: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, but still during the same session. > Sometimes I let my cookie monitor tell me when > cookies arrive. Today was one of those times. I went > to Lowes web stie, spent some time there, put a couple > items in my basket, then left, needing more info before > I actually made the order. No order info was given > yet. > About fifteen minutes AFTER leaving the site, two > cookies arrived from Lowes. A txt1, txt2, and > something else I don't recall. NBD, really, but ... is > that a common practice? > And ... how is it done once I've closed the > connection to their site (but of course still have my > browser running). > Is it as simple as just sending it? > Do spammers use this technique? Makes a cookie app > that much more valuable if so. > I use WinPatrol to cach cookies. > TIA. > > Pop > > No, that's not how cookies work. Cookies actually are sent as headers at the beginning of a web page that your browser requested. They are not sent or transmitted at the initiation of the web site. The HTML conversation is synchronous, not asynchronous. In other words, it's request, wait for reply, request, wait for reply. Your browser sends a request to a web server to fetch a particular web page (or other resource) by sending its URL. If your browser has a cookie stored for that web server's domain, your browser sends the cookie value as part of that request. The browser decides whether to send any cookie value, based on the domain of the web site and the page being requested. If the web site wants to store a new cookie, or a different value for an existing cookie (for which the old value was just received as part of the browser's request), the cookie name, value, expiration, and the domain and page it applies to are sent to the browser as an HTML header (just a line of ASCII, ending with a newline), followed by the HTML for the page itself. (multiple cookies can be sent, each on its own line, but all before the web page HTML code.) There is no way for the server to send a cookie later, asynchronously. The closest thing to that would be if your browser is honoring a "meta refresh", and is making a new request to download a page. But if by "after leaving the site" you mean to say that you closed all browser windows associated with that site (including possibly hidden pop-unders), then there wouldn't be anybody sending the new request. I suspect instead that it's WinPatrol belatedly reporting the cookie that was already sent to your browser. Not knowing anything about WinPatrol, I would hazard a guess that it is asynchronously (every so often) sneaking a peek at your browser's cookie file. If that's what it does, then it would miss "session cookies", which are cookies that expire immediately when you quit your browser. Or, it may be hot-wiring itself into IE (or whatever), using a published plug-in API or an unpublished (and therefore risky) interface. Dunno. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Tue Aug 9 15:01:35 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Aug 9 01:05:03 2005 Subject: [SpamCop-List] What's the point of devnull.spamcop.net when... Message-ID: http://www.spamcop.net/sc?id=z794466317z3e4ce04cd12dd17ced83a4499bb51328z A report is sent to abuse@fjdcb.fz.fj.cn for 218.66.186.249, where the message originated, and the IP address will go to the block list. Sometimes reports are sent to multiple addresses, which is fine with me. When no valid addresses are found, then the report is sent to a devnull.spamcop.net address, so that the IP address will go to the blocklist anyway. That is my understanding. But as in this case, a report is already being sent to abuse@fjdcb.fz.fj.cn, so why does SpamCop still wants to "send" a report to any devnull address(es)? Just curious, as it seems to be completely unnecessary. From jdd at dodin.org Tue Aug 9 08:44:16 2005 From: jdd at dodin.org (jdd) Date: Tue Aug 9 01:45:04 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Pop wrote: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, I don't see what navigatore you are using. but google bar and Mozilla can do "look ahead", that is look for pages they see a link in actual page loaded. that is if then you ask for the page it's already loaded (sort of cache) this is nasty because it gives extra unusefull web traffic and web hits. may be in these pages there where cookies? in summary your navigator can ask for pages you never intend to see... jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From edb2000 at spamcop.net Tue Aug 9 00:16:39 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Aug 9 02:20:03 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Dave Lerner wrote: > Cookies can also be set (and read) by Javascript, which can run > independently from the HTTP request/response cycle. > > I recently read about an exploit involving a Javascript popup window > with a delay, so that the popup would appear to originate from visiting > a site other than the one that generated the popup. In that case, the > popup was designed to steal login information. I wonder if a variation > on that could be involved here. Although it seems like a lot of trouble > to go to just to send a cookie. That's why I wondered what OP meant by "left the site". That's a sufficiently vague phrase as to be essentially meaningless, even though it's comfy to adopt the "go there, come back" metaphor for web surfing. If all browser windows associated with that site were closed, there should be nothing left to run Javascript, nor to time out on a refresh. If any window remains, even if it is an obscured pop-up, pop-under, or off-screen window, then you haven't "left the site". The login "phish" popup you mention requires something left behind to run that Javascript. Grabbing login information certainly is a serious theft of data. But simply storing a cookie in the browser (not necessarily sending it to the web server, but we don't know) sure doesn't seem to be very interesting. Not at first glance, anyway. -- Don Wannit A paid SpamCop user since 1999 From nobody at spamcop.net Tue Aug 9 00:58:13 2005 From: nobody at spamcop.net (N. Miller) Date: Tue Aug 9 03:20:14 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: On Mon, 8 Aug 2005 16:26:22 -0400, Pop wrote: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, but still during the same session. > Sometimes I let my cookie monitor tell me when > cookies arrive. Today was one of those times. I went > to Lowes web stie, spent some time there, put a couple > items in my basket, then left, needing more info before > I actually made the order. No order info was given > yet. > About fifteen minutes AFTER leaving the site, two > cookies arrived from Lowes. A txt1, txt2, and > something else I don't recall. NBD, really, but ... is > that a common practice? > And ... how is it done once I've closed the > connection to their site (but of course still have my > browser running). Do you use a NAT device[1] with an SPI filter, or a software firewall? If so, check your logs. Based on the way that TCP/IP works, if a site is still trying to reach your computer fifteen minutes after you have closed every connection with that site, you should see a refused connection in the logs. [1]I have just encountered a NAT device without either DHCP or SPI; an Efficient Networks SpeedStream 4100, configured for use with an SBC Yahoo! DSL Service Account! It is shipped configured to perform PPPoE on the modem, assign an RFC 1918 IP address to the computer; but it does not do anything else. It looks like the computer is in the DMZ when running Shields Up! against it. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From caroljean52 at yahoo.com Tue Aug 9 04:17:25 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Tue Aug 9 06:20:16 2005 Subject: [SpamCop-List] Re: (Media): ABC News,Internet Scammers Keep Working in Nigeria References: Message-ID: Here's a link to what seems to be the complete article: http://www.cnn.com/2005/TECH/internet/08/08/nigeria.scammers.ap/index.html From nobody at devnull.spamcop.net Tue Aug 9 09:57:13 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 9 09:00:05 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: "Larry Kilgallen" wrote in message news:K6DKk96xniuy@eisner.encompasserve.org... > In article , "Pop" > writes: >> Out of curiousity, I was just wondering if anyone >> here >> had noticed cookies coming from a site long after >> you >> had left the site, but still during the same >> session. > > I never thought to look. I just trust that not > allowing cookies avoids them. I'm sure it would; didn't mean to say they are getting past a barrier if you interpreted it that way. I'm trying to see if I can get it to happen again today. Pop From nobody at devnull.spamcop.net Tue Aug 9 10:19:34 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 9 09:20:03 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: "Don Wannit" wrote in message news:dd99jg$g91$1@news.spamcop.net... > Pop wrote: > >> Out of curiousity, I was just wondering if anyone >> here had noticed cookies coming from a site long >> after you had left the site, but still during the >> same session. >> ... ... ===> Ahh, it feels so good when someone explains the mystery of the ether to me! I've learned two things now: I can go back to be already! ;-) Other Comments inline: > > > No, that's not how cookies work. ... ... request, wait for > reply, request, wait for reply. > > Your browser sends a request to a web server to fetch > a > particular web page (or other resource) by sending > its URL. > If your browser has a cookie stored for that web > server's > domain, your browser sends the cookie value as part > of that > request. The browser decides whether to send any > cookie > value, based on the domain of the web site and the > page > being requested. > > If the web site wants to store a new cookie, or a > different > value for an existing cookie (for which the old value > was > just received as part of the browser's request), the > cookie > name, value, expiration, and the domain and page it > applies > to are sent to the browser as an HTML header (just a > line > of ASCII, ending with a newline), followed by the > HTML for > the page itself. (multiple cookies can be sent, > each on > its own line, but all before the web page HTML code.) ===> This makes sense, AND explains something else I've wondered about. Other than the obvious, one of the things I despise about cookies is that one cannot proceded to download the page until the cookie has been accepted or rejected. It becomes particularly obnoxious when a page partly displays and THEN you get a cookie, stopping the download until you act on it. Yes, I'm aware I don't have to "see" the cookies also. Please correct me if I'm wrong, but that would indicate: -- The page I received only partially was one page, and THEN it went to a different page, and sent a cookie? OR -- They don't -have- to be in headers? As you can tell, I'm no guru! > > There is no way for the server to send a cookie > later, > asynchronously. The closest thing to that would be > if your > browser is honoring a "meta refresh", and is making a > new > request to download a page. But if by "after leaving > the > site" you mean to say that you closed all browser > windows > associated with that site (including possibly hidden > pop-unders), then there wouldn't be anybody sending > the > new request. ===> Yes, I meant that I had closed all windows to that site. Sorry for being vague. Fortunately, pop-ups, under or over, show up in the task bar too, although in this case I checked specifically for pop unders because I inadvertanly closed every window, even the one I wanted to use ;=(. > > I suspect instead that it's WinPatrol belatedly > reporting > the cookie that was already sent to your browser. ... ===> And, there is the REAL answer! It's pretty disgusting to find out that RTFM had the answer all along but I never thought to check for a delay! It checks "every" ten minutes. Duhhh! ===> Thanks; I'm quitting for now since I've embarassed myself sufficiently! You're a gentleman and a scholar, Don! Regards, Pop > > -- > Don Wannit > A paid SpamCop user since 1999 From MikeE at ster.invalid Tue Aug 9 07:45:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 09:50:02 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: Since we're working OT here anyway.... Pop wrote: X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-RFC2646: Format=Flowed; Response Those headerlines indicate that you have the newest OE editor, whose 'format flowed' is supposed to be an improvement over OE's old editor which was notorious for how badly it chopped up its cited lines with EOL's -- what I call 'shortlines'. That terrible condition is what led to OE QuoteFix^1. OE QF solved a great many of OE's old deficiencies as a newsreader; the old non-compliant sig delimitor, which is now MS fixed, the lack of auto sig trimming which still isn't fixed, flexible cursor positioning and sig positioning which still isn't fixed, the ability to sometimes fix existing bad OE quotes, and many many others. Many OE users can solve a few of OE's quote problems by 'precisely' configuring their linewraps, but for various reasons often that doesn't work out either. Your linewraps 'act like' they are too short, but counting them, they actually aren't, or shouldn't be. For some reason, my OE-QF doesn't fix your shortlines. To me, shortlines look really really ugly -- I can't stand to see them. Whenever someone OE sends me an email which has been forwarded to them with a joke or story which is full of shortlines, I send it back to them reformatted, just so they can see how much better it 'reads' in a properly formatted condition. I do the reformatting by using an app called Text Cleanup, which strips quotemarks and linewraps configurably. ^1 http://home.in.tum.de/~jain/software/oe-quotefix/ Put an end to Outlook Express's messy quotes with this automated fix! -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Tue Aug 9 11:19:02 2005 From: mwnospam at comcast.net (spamacyde) Date: Tue Aug 9 10:20:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: I don't like receiving spam. I do not appreciate governments that condone spam, especially 'allies' that we protect. Receiving spam is in insult. It is the equivalent of being called stupid. South Korea is condoning the spamming of "stupid" Americans. Your reply is also an insult. You are stereotyping both Americans and Catholics. "Larry J." wrote in message news:Xns96AB732398E42larrythefrog@216.154.195.61... > Waiving the right to remain silent, "Joris Van Damme" > said: > > >> Clinton didn't take out the N. Korean nuke complex in 1994 for > >> the sake of S. Korea. Now we receive spam from S. Korea > >> compliments of Kornet on a regular basis. Comments? > > > > Here's one: current escalation of all problems, current problem > > you mention here, is happening under the regime of a very > > different administation that is ready to shoot at just about > > anything that moves. > > > >> Does anybody want to provide S. Korea spam addresses to > >> reciprocate the spam? > > > > Wild guess: you're an american catholic, right? > > > > > > I'm probably a terrorist for arguing with you, a barbarian no > > doubt, and I probably need to be nuked for being evil, but I'm > > nevertheless signing this message with my own, legit, and full > > name. Will you do the same? > > alt.politics.democrat is that way -----------> > > -- > Larry J. - Remove spamtrap in ALLCAPS to e-mail > > The United States is the greatest country in the world..! > Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Tue Aug 9 08:53:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 10:55:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: spamacyde wrote: > I don't like receiving spam. This isn't going to work. You cited two different people, Larry J. and Joris, but you didn't trim and put your 'reply' in context with what you were saying, so it wasn't a reply at all - you are just talking to the 'air' up there at the top. > Your reply is also an insult. The other thing that isn't going to work is having a 'war' or disagreement which is way off topic. Being OT and being 'friendly' or chatty is forgivable. Getting into a disagreement about politics, religion, and nationalities /unpleasantly/ needs to be done somewhere else. And it is especially important for an argument or disagreement to focus precisely on what and who you are arguing with by trimmed contextualization.. If you can't get along cooperatively, pretty soon your remarks will disappear from the screens of everyone who doesn't want to see what you are saying or how you are saying it. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Tue Aug 9 09:05:06 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Aug 9 11:10:03 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Pop wrote: > "Don Wannit" wrote in message > news:dd99jg$g91$1@news.spamcop.net... > >>Pop wrote: >> > > ===> This makes sense, AND explains something else I've > wondered about. > Other than the obvious, one of the things I despise > about cookies is that one cannot proceded to download > the page until the cookie has been accepted or > rejected. > > It becomes particularly obnoxious when a page partly > displays and THEN you get a cookie, stopping the > download until you act on it. Yes, I'm aware I don't > have to "see" the cookies also. Strictly speaking, this is an implementation choice by the creators of your browser. It doesn't need to stop accepting downloaded input, it only needs to defer storing the cookie until you respond. Or until it encounters inline Javascript that refers to the cookie. > Please correct me if I'm wrong, but that would > indicate: > -- The page I received only partially was one page, > and THEN it went to a different page, and sent a > cookie? That's right. There are lots of ways this could happen, frames for example, even images can send cookies in some cases. > OR > -- They don't -have- to be in headers? Nope, they must be in headers, before any HTML. > > As you can tell, I'm no guru! > [snip] > ===> Thanks; I'm quitting for now since I've embarassed > myself sufficiently! You're a gentleman and a scholar, > Don! > I'm glad I can offer information about something I actually know about, instead of always asking questions! -- Don Wannit A paid SpamCop user since 1999 From PossumTrot at dont.spam.me Tue Aug 9 09:48:31 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Tue Aug 9 11:55:04 2005 Subject: [SpamCop-List] Scott Richter pays M$ $7,000,000 ! Message-ID: A man once accused of being one of the world's top three spammers has agreed to pay $7 million in a settlement with Microsoft Corp., the software maker announced Tuesday. The money from Scott Richter and his company, OptInRealBig.com of Westminster, Colo., will be used to boost efforts to combat the illegal sending of unsolicited and misleading e-mail known as spam and other computer misuse, said Microsoft's chief counsel, Brad Smith, in a news release issued Tuesday morning. http://tinyurl.com/5lgeh From PleaseReplyTo at TheGroupInstead.be Tue Aug 9 19:55:37 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 9 13:00:02 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: Mike Easter wrote: > Getting into a disagreement about politics, > religion, and nationalities /unpleasantly/ needs to be done somewhere > else. I agree, and I've appologised for my mistake earlier in this thread. Still, if spam source continually gets mixed with who's being allie in what wars, and who's being the victims of war agression and who's not, as if war and spam are in any way related in nature or weight, and if any jail sentence continually gets refered to as insufficient, not even bringing into the equation that such things break mans lives, which is hardly in relation to receiving an unwanted mail in a mailbox, then it's understandably hard for me to ignore that a certain repressive political faction is over-represented in this newsgroup. But still, you're right, and I was incorrect and off-topic. I appologise again, I'm sorry, and I think I'll just unsubscribe from this newsgroup rather then to continue letting this sort of thing get on my nerves. Joris Van Damme (full name again) From PleaseReplyTo at TheGroupInstead.be Tue Aug 9 20:05:18 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 9 13:10:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: Mike Easter wrote: > Getting into a disagreement about politics, > religion, and nationalities /unpleasantly/ needs to be done somewhere > else. Oh, and, I do realize you didn't respond with the above quote to any message of mine. Still, I took it to also apply to me, since I made that same mistake. Hence my previous reply. (Sorry to not have mentioned this in that previous reply and thus adding to the quote confusion.) Joris From usenet2 at DE.LETE.THISljvideo.com Tue Aug 9 18:50:18 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Aug 9 13:55:03 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country References: Message-ID: Waiving the right to remain silent, "spamacyde" said: > I don't like receiving spam. I do not appreciate governments > that condone spam, especially 'allies' that we protect. > Receiving spam is in insult. It is the equivalent of being > called stupid. South Korea is condoning the spamming of > "stupid" Americans. > > Your reply is also an insult. You are stereotyping both > Americans and Catholics. > > "Larry J." wrote in message > news:Xns96AB732398E42larrythefrog@216.154.195.61... >> Waiving the right to remain silent, "Joris Van Damme" >> said: >> >> >> Clinton didn't take out the N. Korean nuke complex in 1994 >> >> for the sake of S. Korea. Now we receive spam from S. Korea >> >> compliments of Kornet on a regular basis. Comments? >> > >> > Here's one: current escalation of all problems, current >> > problem you mention here, is happening under the regime of a >> > very different administation that is ready to shoot at just >> > about anything that moves. >> > >> >> Does anybody want to provide S. Korea spam addresses to >> >> reciprocate the spam? >> > >> > Wild guess: you're an american catholic, right? >> > >> > >> > I'm probably a terrorist for arguing with you, a barbarian no >> > doubt, and I probably need to be nuked for being evil, but >> > I'm nevertheless signing this message with my own, legit, and >> > full name. Will you do the same? >> >> alt.politics.democrat is that way -----------> >> >> -- >> Larry J. - Remove spamtrap in ALLCAPS to e-mail >> >> The United States is the greatest country in the world..! >> Twenty-five million illegal aliens can't be wrong. You are replying (and top posting) to the wrong person. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From nobody at spamcop.net Tue Aug 9 11:59:27 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 14:00:02 2005 Subject: [SpamCop-List] Spammy Not listed Message-ID: Looking for a piece of software via search engine, I thought I found what I was looking for. The site indicated it needed to email mail the link to this "software" to download. I gave it my email and downloaded it. Before Installing this "software" I reviewed it and realized it was nothing but spammy ad-ware/spyware. Now I am getting spammed daily by this site. I report them, but it appears they do not get listed. Any reasons why? Here is the last report: http://www.spamcop.net/mcgi?action=gettrack&reportid=1485222736 -- "That intellectual torpor maybe sufficient to earn a job at some disaster prone part of the world like Chernobyl or NASA, but it won't cut the mustard with me." - Professor Maximillian Arturo From MikeE at ster.invalid Tue Aug 9 12:30:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 14:35:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: NerdRevenge wrote: > Here is the last report: > > http://www.spamcop.net/mcgi?action=gettrack&reportid=1485222736 If you want someone to look at a spam/mail associated with a report, you have to convert the reportid link into a tracker link. What you posted is a link to something which only you can see, no one else can access a link to a spam based on your reportid. When /you/ -- not me -- click your link above, you can see a view of the complete spam with the word 'Parse' as a link at the top just above the complete spam itself. If you R click that 'parse' word, you can copy the link, which is the tracker URL. If you will post that tracker URL, which will look like this http://www.spamcop.net/sc?id=z793730801z0853be213af376705ffde68ee81aa56az then we can click the tracker URL and see the spam/mail item you are trying to show us. Notice the difference in the structure of the two links. The reportid is a 10 digit decimal -- the tracker is a 'two piece' z + 9 digit decimal + z + 32 digit hexadecimal + z. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 9 13:27:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 15:30:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: NerdRevenge wrote: > I report them, but it appears they do not get listed. > > Any reasons why? The spamcop blocklist is a blocklist of IP addresses based on both reporter and spamtrap spamsource reports and calculated by formulas which are influenced by the number of source reports of which type, their recency, and against reputation points which are based on 'traffic' analysis derived from cumulative queries to the SCbl of items which are not spams. If you report one spam a day against a server source which has much traffic or reputation points, and there are no other reports, it will not become listed as a spamsource. Your reports have progressively less weighting value every day, and in a week, none. http://www.spamcop.net/fom-serve/cache/297.html What is the SpamCop Blocking List (SCBL)? -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Aug 9 16:07:39 2005 From: nobody at spamcop.net (Ellen) Date: Tue Aug 9 15:35:04 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "NerdRevenge" wrote in message news:ddaqte$bdq$1@news.spamcop.net... > Looking for a piece of software via search engine, I thought I found what I > was looking for. The site indicated it needed to email mail the link to this > "software" to download. I gave it my email and downloaded it. > > Before Installing this "software" I reviewed it and realized it was nothing > but spammy ad-ware/spyware. > > Now I am getting spammed daily by this site. > I report them, but it appears they do not get listed. > > Any reasons why? > > Here is the last report: > > http://www.spamcop.net/mcgi?action=gettrack&reportid=1485222736 > You are the only person reporting this. As you gave them your email address you shouldn't be super surpised that they are using it to mail you. What does their privacy policy say? Ellen From nobody at spamcop.net Tue Aug 9 13:50:02 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 15:50:02 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "Mike Easter" wrote in message news:ddasob$co2$1@news.spamcop.net... > NerdRevenge wrote: >> Here is the last report: >> >> http://www.spamcop.net/mcgi?action=gettrack&reportid=1485222736 > > If you want someone to look at a spam/mail associated with a report, you > have to convert the reportid link into a tracker link. > > What you posted is a link to something which only you can see, no one > else can access a link to a spam based on your reportid. > > When /you/ -- not me -- click your link above, you can see a view of the > complete spam with the word 'Parse' as a link at the top just above the > complete spam itself. If you R click that 'parse' word, you can copy > the link, which is the tracker URL. > > If you will post that tracker URL, which will look like this > http://www.spamcop.net/sc?id=z793730801z0853be213af376705ffde68ee81aa56az > > then we can click the tracker URL and see the spam/mail item you are > trying to show us. > My bad..here it is: http://www.spamcop.net/sc?id=z794643747zc7a7d9bf9b1d2b0ba9fd0fd0af97ed86z > Notice the difference in the structure of the two links. The reportid > is a 10 digit decimal -- the tracker is a 'two piece' z + 9 digit > decimal + z + 32 digit hexadecimal + z. > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Tue Aug 9 13:54:27 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 15:55:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "Ellen" wrote in message news:ddb089$enm$1@news.spamcop.net... > > > "NerdRevenge" wrote in message > news:ddaqte$bdq$1@news.spamcop.net... >> Looking for a piece of software via search engine, I thought I found what > I >> was looking for. The site indicated it needed to email mail the link to > this >> "software" to download. I gave it my email and downloaded it. >> >> Before Installing this "software" I reviewed it and realized it was > nothing >> but spammy ad-ware/spyware. >> >> Now I am getting spammed daily by this site. >> I report them, but it appears they do not get listed. >> >> Any reasons why? >> >> Here is the last report: >> >> http://www.spamcop.net/mcgi?action=gettrack&reportid=1485222736 >> > > You are the only person reporting this. As you gave them your email > address > you shouldn't be super surpised that they are using it to mail you. What > does their privacy policy say? > I am not the only person reporting this. The same IP address is listed in BLARSBL, DNSBLNETAUT1 , and DNSBLNETAURMST > Ellen > > From nobody at spamcop.net Tue Aug 9 13:58:49 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 16:00:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "Mike Easter" wrote in message news:ddb02k$ek4$1@news.spamcop.net... > NerdRevenge wrote: >> I report them, but it appears they do not get listed. >> >> Any reasons why? > > The spamcop blocklist is a blocklist of IP addresses based on both > reporter and spamtrap spamsource reports and calculated by formulas > which are influenced by the number of source reports of which type, > their recency, and against reputation points which are based on > 'traffic' analysis derived from cumulative queries to the SCbl of items > which are not spams. > > If you report one spam a day against a server source which has much > traffic or reputation points, and there are no other reports, it will > not become listed as a spamsource. Your reports have progressively less > weighting value every day, and in a week, none. > > http://www.spamcop.net/fom-serve/cache/297.html What is the SpamCop > Blocking List (SCBL)? That is not good. That on SCs part gives the service less credibility Guess I should just give it up and stop wasting my time reporting anything anymore. > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at nowhere.invalid Tue Aug 9 23:17:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Aug 9 16:20:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: On Tue, 9 Aug 2005 12:54:27 -0700, NerdRevenge coughed into spamcop and left this in : > I am not the only person reporting this. > The same IP address is listed in BLARSBL, Most of the entire ipv4 space is listed in BLARSBL. It is, to all intents and purposes, irrelevant. > DNSBLNETAUT1 , and > DNSBLNETAURMST Never heard of these DNSBLs. Are you sure they're not country or ISP-related? If they are, then the listing isn't based on reports but on the geographic location of the network or on the ISP hosting it. -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From MikeE at ster.invalid Tue Aug 9 14:28:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 16:30:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: NerdRevenge wrote: > My bad..here it is: > www.spamcop.net/sc?id=z794643747zc7a7d9bf9b1d2b0ba9fd0fd0af97ed86z That is an item of the 'straightup' configuration. Straightup means that the From = the source = the spamvertised site. 'Typical' spam abuses proxies, or has bogus Received lines or other types of bogosity, especially including a bogus From. Often straightup items which have none of those come as a result of subscribing to a mailing list. Whenever you subscribe to a mailing list or request promotional information to be sent to you, the most efficient way to be removed is to unsubscribe. Reporting to spamcop is an inefficient way to unsub, because the mailing address is munged by default. The source and the From and the remove are all www.yourequestedinfo.com Altho' the output mailserver has a different IP and rDNS, the output server is 'right there' in the same IP family as the MX and the nameservice and the rest. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 9 14:38:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 16:40:03 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: NerdRevenge wrote: > The same IP address is listed in BLARSBL, DNSBLNETAUT1 , and > DNSBLNETAURMST It is useful to familiarize yourself about how the different blocklists work. The business of how the SCbl works on spamsources was already discussed and linked. It is of great significance that the SCbl also automatically delists, which most bl/s don't. You are correct about the listings for 216.127.70.104 -- but you should read the blars and dnsbl pages. Blars has a single vague page^1 and a number of different returns whereas dnsbl has a number of pages and lists. To briefly summarize from declude: Blars: has 15 different return values, indicating the reason for the listing (IE could be split up into as many as 12 tests). Includes interesting tests such as no abuse@ address, and originating a DoS attack.. Does not have TXT records. Warning: May contain a number of IPs that no longer are associated with spammers, and are now allocated to legitimate customers that can not be removed. May also blacklist entire ISPs. Dnsblnetautrmst & t1: Reynolds Multiple Spam Traps Block List. [*Both ip4r and rhsbl*] Lists IPs/domains that send to spamtraps. Unclear where the domains come from (RHSBL, reverse DNS, HELO, etc.). -- Reynolds 'Type 1' Block List. Lists servers that are listed in any of the other Reynolds lists. ^1 http://www.blars.org/errors/block.html ^2 http://www.dnsbl.net.au/ Neither of those lists are based on the same mechanisms as are spamcops, do not automatically delist, and are therefore not as 'accurate' about spamsource recency as is spamcop. They also don't accept reports from volunteer reporters. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Aug 9 14:47:20 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 16:50:02 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "Mike Easter" wrote in message news:ddb3m2$gs8$1@news.spamcop.net... > NerdRevenge wrote: >> My bad..here it is: >> > www.spamcop.net/sc?id=z794643747zc7a7d9bf9b1d2b0ba9fd0fd0af97ed86z > > That is an item of the 'straightup' configuration. Straightup means > that the From = the source = the spamvertised site. > > 'Typical' spam abuses proxies, or has bogus Received lines or other > types of bogosity, especially including a bogus From. Often straightup > items which have none of those come as a result of subscribing to a > mailing list. > > Whenever you subscribe to a mailing list or request promotional > information to be sent to you, the most efficient way to be removed is > to unsubscribe. Reporting to spamcop is an inefficient way to unsub, > because the mailing address is munged by default. I never subscribed to any mailing list or promotional information. Strange how people on here promote that if someone has a mailing lists and someone requests to be added that there be a confirmation sent to the email address before the scheduled information is sent, otherwise they say it is spam. > > The source and the From and the remove are all www.yourequestedinfo.com > Altho' the output mailserver has a different IP and rDNS, the output > server is 'right there' in the same IP family as the MX and the > nameservice and the rest. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Tue Aug 9 17:48:58 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 9 16:50:12 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > If the system is going to respect the wishes of the provider primarily > for the also notified process, then the also notified calls the shots > about both mungeing and being notified at all. > > That is probably as it should be. SC has no special obligation to > the reporter in this area. You're kidding, right? You actually think that some ISP not directly involved in the spam report should have "priority" over a SC paying customer's wishes? That's nonsense. From nobody at spamcop.net Tue Aug 9 14:52:12 2005 From: nobody at spamcop.net (NerdRevenge) Date: Tue Aug 9 16:55:04 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "Mike Easter" wrote in message news:ddb3m2$gs8$1@news.spamcop.net... > NerdRevenge wrote: >> My bad..here it is: >> > www.spamcop.net/sc?id=z794643747zc7a7d9bf9b1d2b0ba9fd0fd0af97ed86z > > That is an item of the 'straightup' configuration. Straightup means > that the From = the source = the spamvertised site. > > 'Typical' spam abuses proxies, or has bogus Received lines or other > types of bogosity, especially including a bogus From. Often straightup > items which have none of those come as a result of subscribing to a > mailing list. > > Whenever you subscribe to a mailing list or request promotional > information to be sent to you, the most efficient way to be removed is > to unsubscribe. Reporting to spamcop is an inefficient way to unsub, > because the mailing address is munged by default. > I guess that reporting did work. I just got a "unsubscribed" email > The source and the From and the remove are all www.yourequestedinfo.com > Altho' the output mailserver has a different IP and rDNS, the output > server is 'right there' in the same IP family as the MX and the > nameservice and the rest. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Tue Aug 9 18:27:27 2005 From: nobody at spamcop.net (Ellen) Date: Tue Aug 9 17:35:04 2005 Subject: [SpamCop-List] Re: Spammy Not listed References: Message-ID: "NerdRevenge" wrote in message news:ddb1l5$fk8$1@news.spamcop.net... > > > I am not the only person reporting this. > The same IP address is listed in BLARSBL, DNSBLNETAUT1 , and > DNSBLNETAURMST > > Every blocklist has different criteria for listing. You are the only SC user reporting this. Here is a link to the listing criteria for the blocklist: http://www.spamcop.net/fom-serve/cache/297.html Ellen SpamCop From panoptes at iquest.net Tue Aug 9 17:39:49 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Tue Aug 9 17:40:03 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: <1h11cpo.1jch5va1qnhxxkN%panoptes@iquest.net> Pop wrote: > ===> This makes sense, AND explains something else I've > wondered about. > Other than the obvious, one of the things I despise > about cookies is that one cannot proceded to download > the page until the cookie has been accepted or > rejected. > > It becomes particularly obnoxious when a page partly > displays and THEN you get a cookie, stopping the > download until you act on it. Yes, I'm aware I don't > have to "see" the cookies also. > Please correct me if I'm wrong, but that would > indicate: > -- The page I received only partially was one page, > and THEN it went to a different page, and sent a > cookie? OR > -- They don't -have- to be in headers? > > As you can tell, I'm no guru! One slight correction to the previous answer: Cookie activity is part of HTTP, not HTML. And HTTP is also used to fetch any images that are embedded in the page. Since most browsers are set up to not try downloading all images simultaneously, it's easy for some of the images to be finished downloading before it requests an image that happens to come with a cookie. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From SC.10.myspamgobbler at spamcowboy.net Tue Aug 9 15:42:22 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Tue Aug 9 17:50:02 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: References: Message-ID: Pop wrote: > Out of curiousity, I was just wondering if anyone here > had noticed cookies coming from a site long after you > had left the site, but still during the same session. > Sometimes I let my cookie monitor tell me when > cookies arrive. Today was one of those times. I went > to Lowes web stie, spent some time there, put a couple > items in my basket, then left, needing more info before > I actually made the order. No order info was given > yet. > About fifteen minutes AFTER leaving the site, two > cookies arrived from Lowes. A txt1, txt2, and > something else I don't recall. NBD, really, but ... is > that a common practice? > And ... how is it done once I've closed the > connection to their site (but of course still have my > browser running). > Is it as simple as just sending it? > Do spammers use this technique? Makes a cookie app > that much more valuable if so. > I use WinPatrol to cach cookies. > TIA. > > Pop > > The simple answer is that WinPatrol is a little slow at reporting things. -- Brian SC.10.myspamgobbler@spamcowboy.net From MikeE at ster.invalid Tue Aug 9 15:49:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 17:50:12 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: indigo wrote: > Mike Easter wrote: >> If the system is going to respect the wishes of the provider >> primarily for the also notified process, then the also notified >> calls the shots about both mungeing and being notified at all. >> >> That is probably as it should be. SC has no special obligation to >> the reporter in this area. > > You're kidding, right? You actually think that some ISP not directly > involved in the spam report should have "priority" over a SC paying > customer's wishes? That's nonsense. I re-thought that and then said this: news://news.spamcop.net/dd65c0$ts6$1@news.spamcop.net Mike Easter wrote: > The more I think on it, the more I disagree with the way SC is > currently handling it according to Don's experimental results. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Aug 9 19:19:04 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 9 18:20:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > > You're kidding, right? You actually think that some ISP not directly > > involved in the spam report should have "priority" over a SC paying > > customer's wishes? That's nonsense. > > I re-thought that and then said this: > > news://news.spamcop.net/dd65c0$ts6$1@news.spamcop.net > > Mike Easter wrote: > > The more I think on it, the more I disagree with the way SC is > > currently handling it according to Don's experimental results. > Read that after I posted, of course ;-) From MikeE at ster.invalid Tue Aug 9 16:33:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 18:35:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: indigo wrote: > Mike Easter wrote: >> I re-thought that and then said this: > Read that after I posted, of course ;-) That reminds me of a big 'fight' or philosophical discussion disagreement I was recently in about newsreader threads. Hopefully it won't generate any controversy here, because I'm not trying to change how anyone chooses to run their own newsreader. Many many people configure their newsreaders to 'thread', whose 'definition' typically means to sort the messages based on the References line which contains the msgid/s. OE also has that function called 'group messages by conversation'. I, however, choose to not group my messages by conversation, but instead group them by subject primarily, which has the additional functionality of subgrouping or 'threading' those same subject items by date/timestamp. This works for me -- apparently others would rather their messages be grouped in 'chains' of subthreads relating to how the references 'hookup'. I occasionally use the group by conversation function if there is some need to, to restore a thread, but normally would then shift back to my usual subject/timestamp mode. It is possible to read messages 'out of order' chronologically if you thread by msgid/s ie group by conversation. Occasionally, reading one message before another when the order should have been the other way around can have an 'effect' on the mood and attitude of a thread -- which is what happened in the contentious thread in question. So, the moral of that story is, however you choose to thread your own reading of messages, remember that others may be reading the messages in a different order than you are. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 9 16:52:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 18:55:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Mike Easter wrote: > It is possible to read messages 'out of order' chronologically if you > thread by msgid/s ie group by conversation. That is, you could read a person's second post before you read their first one, if it happened that their 2nd post was a reply to a different subthread in the same topic. Example chronologic structure: Person A post 1, person A remarks on hir preceding post, person B remarks on person A's 1st post, person B remarks on person A's 2nd post. or - A1 A2 B1 B2 chronologically. In that example, the msgid threaders would read: Person A post 1, person A post 2, person B post 2, person B post 1 -- because the thread structure would cause person B's 2nd post to be 'structurally' under the subthread, which is going to come before the reply to the initial posting, because the reply to the initial posting is the beginning of the 2nd subthread, and all of the 1st subthread will come before any of the 2nd subthread. A1 A2 B2 B1 B2 is a reply to A2 and in the same subthread, B1 is a reply to A1 -- if it makes a difference in the mood if B1 should have preceded B2, then the msgid thread is a problem, since B is assuming that B1 would be read before B2, since it was both written later and was also a reply to a later post.. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Aug 10 01:03:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Aug 9 19:10:03 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: "Mike Easter" wrote in message news:ddbc30$m9v$1@news.spamcop.net... > Mike Easter wrote: > Example chronologic structure: Person A post 1, person A remarks on hir > preceding post, person B remarks on person A's 1st post, person B > remarks on person A's 2nd post. or - A1 A2 B1 B2 chronologically. I must be getting tired....... you lost me after A1........ ;-) From nobody at devnull.spamcop.net Tue Aug 9 20:39:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 9 19:40:03 2005 Subject: [SpamCop-List] Re: Scott Richter pays M$ $7,000,000 ! References: Message-ID: "Possum Trot" wrote in message news:ddajbj$6t1$1@news.spamcop.net... >A man once accused of being one of the world's top >three spammers has agreed to pay $7 million in a >settlement with Microsoft Corp., the software maker >announced Tuesday. > > The money from Scott Richter and his company, > OptInRealBig.com of Westminster, Colo., will be used > to boost efforts to combat the illegal sending of > unsolicited and misleading e-mail known as spam and > other computer misuse, said Microsoft's chief > counsel, Brad Smith, in a news release issued Tuesday > morning. > > http://tinyurl.com/5lgeh > > > > Here's the "actual" MS page on that instead of the round the barn route: http://www.microsoft.com/presspass/press/2005/aug05/08-09MSRichterSettlementPR.mspx Be sure the whole line gets used. From MikeE at ster.invalid Tue Aug 9 18:03:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 20:05:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Porpoise wrote: > "Mike Easter" >> Example chronologic structure: Person A post 1, > I must be getting tired....... you lost me after A1........ ;-) Yeah. As a chronological reader who mentally follows 'threads' otherwise related to msgid/s based on what someone cites and replies to, and doesn't structure the reading in those msgid threads and subthreads which can and do 'confound' the actual chronological order - I was struck by the concept - "How can that possibly me!?" "You mean 'all these people' who thread like that are accustomed to actually reading things out of order, sequentially and chronologically, for the sake of the msgid threading structured hierarchy?!" I was bedazzled and taken aback and actually couldn't believe it -- because my experience with that type threading order is so limited that I didn't have a full concept of its flaws. I was of the opinion that OE is a 'horrible threader' so I simply didn't use its msgid 'conversation' threading. Then I learned that its msgid threading is perfectly normal -- that's the way all newsreaders thread when they thread like that. That is 'standard' threading. Unbelievable. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 9 21:06:13 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 9 20:10:02 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: "Mike Easter" wrote in message news:ddac24$209$1@news.spamcop.net... > Since we're working OT here anyway.... > > Pop wrote: > X-Newsreader: Microsoft Outlook Express > 6.00.2900.2180 > X-RFC2646: Format=Flowed; Response > > Those headerlines indicate that you have the newest > OE editor, whose > 'format flowed' is supposed to be an improvement over > OE's old editor > which was notorious for how badly it chopped up its > cited lines with > EOL's -- what I call 'shortlines'. That terrible > condition is what led > to OE QuoteFix^1. OE QF solved a great many of OE's > old deficiencies as ... ===> Hmm, I used to use QF as a matter of fact. Not sure just why I dropped it, really, or when; I don't recall doing so at the moment. > Many OE users can solve a few of OE's quote problems > by 'precisely' > configuring their linewraps, but for various reasons > often that doesn't > work out either. Your linewraps 'act like' they are > too short, but > counting them, they actually aren't, or shouldn't be. > For some reason, > my OE-QF doesn't fix your shortlines. ===> Right now my auto line wrap for Sending is set to 55 characters and Indent on quotes. I -think- I settled on that number for communicating with a Japanese language translator I was working with. Wouldn't a shorter length auto-line wrap correct the shortlines? Font size appears to be fixed, at least in OE's Tools, so that shouldn't be creating shortlines. I'm assuming by "shortlines" you mean: The text typically expected to be on two lines might look a little like this, and thus breaks the flow, right? Or do I misunderstand you? I always thought it was my linelength vs. 'your' font size and spacing and where your reader wraps that caused that to happen. I keep mine large for reading because I have vision problems and on occasion I do have to downsize the font to see it comfortably. >... To me, shortlines look really > really ugly -- I can't stand to see them. Whenever > someone OE sends me > an email which has been forwarded to them with a joke > or story which is > full of shortlines, I send it back to them > reformatted, just so they can > see how much better it 'reads' in a properly > formatted condition. I do > the reformatting by using an app called Text Cleanup, > which strips > quotemarks and linewraps configurably. Is that a threat? ;+] I'd just as soon not see that happen! Seriously, I'm interested because I've heard that complaint before, but not for a long time. There are a couple of groups I use Mozilla for; perhaps I should consider expanding its usage if I can't "fix" this otherwise. I'm clunky enough without my stuff being unreadable. And, I'd much rather hear it from than thru a flame I might not bother to read when I saw what it was. Mozilla is just, well, clunky as a mail reader but it's decent for the groups. Problem is, I usually come here from emailing. That could be changed if I really wanted to. Regards, Pop > > ^1 http://home.in.tum.de/~jain/software/oe-quotefix/ > Put an end to > Outlook Express's messy quotes with this automated > fix! > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at devnull.spamcop.net Tue Aug 9 21:10:53 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Aug 9 20:15:03 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: "Don Wannit" wrote in message news:ddagn2$5dv$1@news.spamcop.net... > Pop wrote: > >> "Don Wannit" wrote in message >> news:dd99jg$g91$1@news.spamcop.net... >> >>>Pop wrote: .. > > I'm glad I can offer information about something I > actually > know about, instead of always asking questions! > > > > -- > Don Wannit > A paid SpamCop user since 1999 Hey, I get to say something unusual here, too! Glad I was able to help! ;-} Pop From MikeE at ster.invalid Tue Aug 9 18:26:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 20:30:02 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: Pop wrote: > ===> Hmm, I used to use QF as a matter of fact. Not > sure just why I dropped it, really, or when; I don't > recall doing so at the moment. It isn't perfect. I think it has a memory leak or a buffer overrun problem, but I compensate for it by a combination of configuration and shutting it down periodically and restarting it. I haven't heard of other people complaining of it, just my observation. But I beat pretty hard on my newsreader. > ===> Right now my auto line wrap for Sending is set to > 55 characters and Indent on quotes. Ohhh. That's very short. Since most people are going to be wrapping their lines at 72-74, you are going to be chopping them into shortlines. > Wouldn't a shorter length auto-line wrap correct the > shortlines? No. When you are shorter than everyone else, you make shortlines out of their quotes. When you are longer than everyone else, they make shortlines out of your quotes. Unless OE-QF gets into it. > Font size appears to be fixed, at least in > OE's Tools, so that shouldn't be creating shortlines. Correct. The font size has no impact. > I'm assuming by "shortlines" you mean: > > The text typically expected to be on two lines might > look > a little > like this, and thus breaks the flow, right? Correct. > I keep > mine large for reading because I have vision problems > and on occasion I do have to downsize the font to see > it comfortably. Keeping your fonts big shouldn't be a problem. I can't imagine them being so big that 72-74 of them wouldn't fit where they need to. > Is that a threat? ;+] I'd just as soon not see that > happen! Heh. No. > Seriously, I'm interested because I've heard that > complaint before, but not for a long time. > There are a couple of groups I use Mozilla for; > perhaps I should consider expanding its usage if I > can't "fix" this otherwise. I'm clunky enough without > my stuff being unreadable. I don't know how Mozilla behaves compared to OE in this regard. I do know that some newsreaders have very good editors which somehow manage to take care of all kinds of things. -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Tue Aug 9 19:54:43 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Aug 9 21:55:03 2005 Subject: [SpamCop-List] Re: Scott Richter pays M$ $7,000,000 ! In-Reply-To: References: Message-ID: Possum Trot wrote: > A man once accused of being one of the world's top three spammers has agreed > to pay $7 million in a settlement with Microsoft Corp., the software maker > announced Tuesday. [snip] Note - "has agreed to pay", NOT paid... drip feed plan anyone? also, if total profits >> total penalties, then why would he care that much? From anon at coks.net Tue Aug 9 20:16:43 2005 From: anon at coks.net (J G) Date: Tue Aug 9 22:20:03 2005 Subject: [SpamCop-List] resolve test... Message-ID: http://fzpthoqn.com%2e%20.bbezcheks3ihx4shyd92%2eclthriftbf.com#qkmxowp.net wtf? And it seems curious, quite a few spamvertisers are not there when checked, within 4 hours? Could this be a good sign? From jamie66000 at hotmail.com Wed Aug 10 00:00:09 2005 From: jamie66000 at hotmail.com (Jamie) Date: Tue Aug 9 23:05:03 2005 Subject: [SpamCop-List] Pill Spammers Message-ID: Anyone else getting hit with these pieces of spam I am getting a lot of them lately and I am getting multiple spams from them in the same day. I am getting bombed with this garbage. Of course the website is hosted in China and they are totally unresponsive to any complaints. A Few of the spamvertised websites are as follows http://www.de-koikoi.com/order.html 202.65.105.26 http://erectus1.rakuten-news.net/order.html 202.65.98.97 http://www.spamcop.net/sc?id=z794768188z50f64fc68f70f2bcd1c51b5b5f6e5a5cz http://www.spamcop.net/sc?track=http%3A%2F%2Ferectus1.rakuten-news.net%2Forder.html They are not being black listed by spamcop and continue to spam away sending me multiple spams in a single day. They are all being reported and nothing is being done because the spamvertised website is being hosted in China. 08/09/05 22:53:55 whois 202.65.105.26@whois.apnic.net whois -h whois.apnic.net 202.65.105.26 ... % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 202.65.105.26 - 202.65.105.26 netname: BB105026 country: HK descr: BB105026 admin-c: MM211-AP tech-c: MM211-AP status: ASSIGNED NON-PORTABLE changed: wmma@hkabc.net 20050531 mnt-by: MAINT-ABCNET source: APNIC person: Ma wai ming Ma wai ming nic-hdl: MM211-AP e-mail: wmma@hkabc.net address: HK phone: +852 2710 0275 fax-no: +852 2384 5872 country: HK changed: wmma@hkabc.net 20050530 mnt-by: MAINT-ABCNET source: APNIC 08/09/05 22:57:41 whois 202.65.98.97@whois.apnic.net whois -h whois.apnic.net 202.65.98.97 ... % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 202.65.98.0 - 202.65.98.255 netname: FM98 descr: FM Network country: HK admin-c: DA61-AP tech-c: DA61-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-ABCNET changed: wmma@hkabc.net 20050425 source: APNIC person: Domain Admin ABC NET domain admin address: ABC NET Ltd. address: 2/F Jade Mansion address: 40 Waterloo Road address: Yaumatei, KLN, HK country: HK phone: +852-2710-0333 fax-no: +852-2384-5872 e-mail: domainadmin@hkabc.net nic-hdl: DA61-AP mnt-by: MAINT-ABCNET changed: wmma@hkabc.net 20010903 source: APNIC Anyone have any suggestions as to what can be done with these scumbags? I am tired of being spammed by these scumbags and nothing being done. Reports are being sent but no action is taken against the spammer because it is being hosted in China. Thanks, Jamie From MikeE at ster.invalid Tue Aug 9 21:36:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 23:40:04 2005 Subject: [SpamCop-List] Re: Pill Spammers References: Message-ID: Jamie wrote: > Anyone else getting hit Don't ask 'anyone else?' - that question is 'dumb' and immaterial. This isn't a Gallup poll. www.spamcop.net/sc?id=z794768188z50f64fc68f70f2bcd1c51b5b5f6e5a5cz www.spamcop.net/sc?track=http%3A%2F%2Ferectus1.rakuten-news.net%2Forder. html > They are not being black listed by spamcop SC is a lister of *spamsources* not spamvertised sites. Get clear on that. The first and only tracker's spamsource is 12.221.130.51 rDNS 12-221-130-51.client.insightBB.com & SC notifies abuse@att.net The 2nd link is not a tracker, but the result of feeding a spamvertised site to the tracker. In case you haven't noticed in the time you've been around here, SCbl is a blocklist of spamsources, not spamvertisers. > Reports are being sent but no action is taken against the spammer because it is being hosted in China. SC doesn't list spamvertisers. Spews and spamhaus list spamvertisers. SC lists spamsources, only. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 9 21:39:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 9 23:40:14 2005 Subject: [SpamCop-List] Re: Pill Spammers References: Message-ID: Mike Easter wrote: > The 2nd link is not a tracker, but the result of feeding a > spamvertised site to the tracker. Error ... the result of feeding a spamvertised site to the /parser/ -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Aug 10 09:18:34 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Aug 10 03:20:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: "Mike Easter" wrote in message news:ddbg7f$p5u$1@news.spamcop.net... > Porpoise wrote: >> "Mike Easter" >>> Example chronologic structure: Person A post 1, > >> I must be getting tired....... you lost me after A1........ ;-) > > > I was of the opinion that OE is a 'horrible threader' so I simply didn't > use its msgid 'conversation' threading. Then I learned that its msgid > threading is perfectly normal -- that's the way all newsreaders thread > when they thread like that. That is 'standard' threading. > Unbelievable. Well it *is* pretty much how any filing system works Subject (client/job number) Followed by chronology of the papers within the file (thread) From edb2000 at spamcop.net Wed Aug 10 01:20:09 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Wed Aug 10 03:25:03 2005 Subject: [SpamCop-List] Re: OT, but ... In-Reply-To: <1h11cpo.1jch5va1qnhxxkN%panoptes@iquest.net> References: <1h11cpo.1jch5va1qnhxxkN%panoptes@iquest.net> Message-ID: Daniel W. Johnson wrote: > One slight correction to the previous answer: > > Cookie activity is part of HTTP, not HTML. And HTTP is also used to > fetch any images that are embedded in the page. Since most browsers are > set up to not try downloading all images simultaneously, it's easy for > some of the images to be finished downloading before it requests an > image that happens to come with a cookie. Yes, that's what I meant to say, but over-simplified. The HTTP protocol is about the request/reply conversation, and the HTML to describe the page content is one of the possible types of content of either the request or the reply (usually it's a reply, but it also could be a filled-in form or a file upload, for example). Deferred downloading of multiple images, framesets, or other kinds of embedded page data can cause cookies to be offered at later moments after the start of the main page. Spam foes usually are aware that the details of the URL for an embedded image can reveal exactly which email recipient's email is being read ("web bug" is one term for this). But it's not as widely known that images can include a cookie in the HTTP headers before the data following the Content-Type: header. Normally this does not happen for static images like ordinary GIF and JPG files. But dynamically-generated images, ranging from Google maps & satellite images to spam-bot fighting tactics like dynamically generated CAPTCHA pictures of text strings can send cookies to your browser, if they so choose (and which your browser can accept or reject, as it so chooses). The bottom line is that unless your browser is listening, no server can successfully send anything to it. And in general your browser will be listening only if it sent a request to get something, whether it's a web page or an image or something else requested by an embedded HTML link or you explicitly typing an URL. Even if a web server blams something out, fire-hose style, it won't matter. The TCP packets will get dropped if your browser isn't listening at the other end. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Wed Aug 10 19:09:20 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Aug 10 05:10:26 2005 Subject: [SpamCop-List] Re: Pill Spammers In-Reply-To: References: Message-ID: Jamie wrote: > ... > http://www.spamcop.net/sc?id=z794768188z50f64fc68f70f2bcd1c51b5b5f6e5a5cz http://www.hkabc.net/AUP/ They are actually hosted in Hong Kong. Post an override in routing, or manually send reports to the established abuse address. Both domain names are actually registered here in Japan, with yahoo.co.jp and hotmail.com contact addresses. Maybe report them to the registrar, and Yahoo & Hotmail as well? From nobody at devnull.spamcop.net Wed Aug 10 19:14:12 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Aug 10 05:15:11 2005 Subject: [SpamCop-List] Re: Pill Spammers In-Reply-To: References: Message-ID: Patto wrote: > Jamie wrote: > >>... >>http://www.spamcop.net/sc?id=z794768188z50f64fc68f70f2bcd1c51b5b5f6e5a5cz > > > http://www.hkabc.net/AUP/ > > They are actually hosted in Hong Kong. Post an override in routing, or > manually send reports to the established abuse address. > > Both domain names are actually registered here in Japan, with > yahoo.co.jp and hotmail.com contact addresses. Maybe report them to the > registrar, and Yahoo & Hotmail as well? Or their websites may have been hijacked? The rakuten-news.net site looks like a legitimate directory (with not much content, though). hkabc.net looks like the best bet for now. From nobody at devnull.spamcop.net Wed Aug 10 19:58:46 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Aug 10 06:00:15 2005 Subject: [SpamCop-List] Re: Spam from a "Friendly" Country In-Reply-To: References: Message-ID: spamacyde wrote: > Clinton didn't take out the N. Korean nuke complex in 1994 for the sake of > S. Korea. Now we receive spam from S. Korea compliments of Kornet on a > regular basis. Comments? Does anybody want to provide S. Korea spam > addresses to reciprocate the spam? Don't we all just hate spam from Korea - it must be the smell of kimchi that clings to it. Wholesome all-American spam from Comcast is so much better! (With the smell of SPAM?, perhaps?). From nobody at spamcop.net Wed Aug 10 09:38:53 2005 From: nobody at spamcop.net (indigo) Date: Wed Aug 10 08:40:02 2005 Subject: [SpamCop-List] Re: 3rd party SC reports [was Re: tekcom & dtag] References: <1h0u18g.880ub27xiorcN%panoptes@iquest.net> Message-ID: Porpoise wrote: > "Mike Easter" wrote in message > news:ddbc30$m9v$1@news.spamcop.net... > > Mike Easter wrote: > > Example chronologic structure: Person A post 1, person A remarks > > on hir preceding post, person B remarks on person A's 1st post, > > person B remarks on person A's 2nd post. or - A1 A2 B1 B2 > > chronologically. > > > I must be getting tired....... you lost me after A1........ ;-) Too early in the morning for me to follow too........ From nobody at spamcop.net Wed Aug 10 09:42:02 2005 From: nobody at spamcop.net (indigo) Date: Wed Aug 10 08:45:03 2005 Subject: [SpamCop-List] Re: OT, but ... References: Message-ID: