From jeffg at spamcop.net Thu Dec 1 04:35:24 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 1 04:40:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: "Mike Easter" wrote in message news:dmkna7$lkc$1@news.spamcop.net... > jg wrote: > > and came up with (via Sam Spade): > > > How do 3 bogus rDNS entries pop up and is this the result of spammy? > > academic question... > > I think but I'm not sure that in this context 'bogus' simply means that > 'paranoid' lookup doesn't work. > > That is, if an IP will rDNS but the rDNS doesn't DNS to the original IP > that the report sez 'bogus' -- which seems like an unkind term for that > particular behavior. 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' would be a little long for such a purpose, don't you think? I think "bogus" fits because the rdns names (the right sides of the PTR Records) are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com (the person responsible for the zones in all three parent SOA records) for the whole mess. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From devnull at spamcop.net Thu Dec 1 08:32:49 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 08:35:03 2005 Subject: [SpamCop-List] Re: Deserving of a LART - where would be a good address? References: Message-ID: "Ron B." | > www.spamcop.net/sc?id=z832218066z00305e1d2baeb27c894985a7f1404f35z | > | > | >>They are going to give away free pirated software - model citizens... | > | > | > You must be talking about something you read by clicking on one of the | > spamvertised links. There's nothing in the spam about free software. | > | | | Cut and paste: | | our corporation is doing what it can to help and has decided to give | away our services and software without cost to charities and nonprofits | in need, OT Might look at: http://www.compumentor.org/ http://www.techsoup.org/ If there is a need for free and very low cost software for NP. BTW there is a place on the techsoup.org web site to volunteer tech support if you are of a mind to do that. I'm doing that in this area on the premise that in the land of the blind the one eyed man in king. As little as I know I'm far better than most hear as there are clowns in this area charging $50-75+ per hour to bollix unsuspecting peoples computers. From devnull at spamcop.net Thu Dec 1 08:44:01 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 09:05:02 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: | >>> Questioning to a local editor the technical accuracy of one of the few | >>> strips that does deal with spam is a bad move. | >> | >> This comment just brings more questions. Explain. | > | > You can cause the strip to get cancelled from the local paper as | > "too complicated". | | So? No skin off my teeth... We'd all be better served to get spammy canceled than a cartoon on spam canceled. From mwnospam at comcast.net Thu Dec 1 09:24:59 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 09:25:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmj0p3$pdo$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmi7gv$asc$1@news.spamcop.net... > > > > > > I mean somthing like > > > > http:/\ZEh<7Jssx.0>0.pha > > r/:#3\|maserious.com > > > > Well, AFAIC, anyone clicking on a link that looks like that deserves all > they get hit with... > > The URL is associated with an image ie bunch of colorful pills, a bottle of "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably deserves what they get. But unless they look at the bottom of the screen, they don't see the gibberish URL. From porpoise1954 at yahoo.co.uk Thu Dec 1 14:43:07 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 09:45:02 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmn13g$rkh$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmj0p3$pdo$1@news.spamcop.net... >> >> >> > > The URL is associated with an image ie bunch of colorful pills, a bottle > of > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > deserves what they get. But unless they look at the bottom of the > screen, > they don't see the gibberish URL. > > Yup! That's why you should always know what the link is before clicking it! I *think* that's why the browser shows you that info in the status bar - and, if there's any doubt, view the source............ Of course, if they're clicking links in email .......... smack 'em round the ear! From mwnospam at comcast.net Thu Dec 1 12:29:41 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 12:30:10 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmn286$sb8$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmn13g$rkh$1@news.spamcop.net... > > > > "Porpoise" wrote in message > > news:dmj0p3$pdo$1@news.spamcop.net... > >> > >> > >> > > > > The URL is associated with an image ie bunch of colorful pills, a bottle > > of > > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > > deserves what they get. But unless they look at the bottom of the > > screen, > > they don't see the gibberish URL. > > > > > > Yup! That's why you should always know what the link is before clicking it! > I *think* that's why the browser shows you that info in the status bar - > and, if there's any doubt, view the source............ Of course, if they're > clicking links in email .......... smack 'em round the ear! > > The point is, why should the browser allow the gibberish URL in the first place? From Kilgallen at SpamCop.net Thu Dec 1 12:34:42 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Dec 1 13:35:04 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: In article , baloo@ursine.ca writes: > Larry Kilgallen wrote: >> In article , baloo@ursine.ca writes: >>> Larry Kilgallen wrote: >>>> Questioning to a local editor the technical accuracy of one of the few >>>> strips that does deal with spam is a bad move. >>> >>> This comment just brings more questions. Explain. >> >> You can cause the strip to get cancelled from the local paper as >> "too complicated". > > So? No skin off my teeth... Whereas I believe that it is better to have the subject of spam come up frequently in the popular literature. Consider the Chicago quote "It does not matter what they say about you in the papers, just so they get your name right." Nobody believes popular literature completely anyway, and inaccuracy leading to discussion may be better than accuracy leading to lack of discussion. From porpoise1954 at yahoo.co.uk Thu Dec 1 23:14:35 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 18:20:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmnbtp$1mf$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmn286$sb8$1@news.spamcop.net... >> >> >> Yup! That's why you should always know what the link is before clicking > it! >> I *think* that's why the browser shows you that info in the status bar - >> and, if there's any doubt, view the source............ Of course, if > they're >> clicking links in email .......... smack 'em round the ear! >> >> > > The point is, why should the browser allow the gibberish URL in the first > place? > Because a URL *can* be gibberish - same as any text - it's down to the user to determine whether it's meaningful gibberish. (NOTE: A "tiny" URL is gibberish, most URLs with session IDs are gibberish. There are plenty of legitimate URLs that are gibberish - but they are still valid URLs, so the browsers accept them as such). From zypher at spamcop.net Thu Dec 1 17:29:33 2005 From: zypher at spamcop.net (Ron B.) Date: Thu Dec 1 18:30:02 2005 Subject: [SpamCop-List] (MEDIA) -Mail Promising Tax Refund Is Phishing Scam Message-ID: -Mail Promising Tax Refund Is Phishing Scam Federal tax collectors are warning consumers not to be fooled by a bogus e-mail that appears to come from the Internal Revenue Service and promises a tax refund. The e-mail is an identity theft phishing scam that attempts to fool recipients into revealing personal and financial information. From borgholio at storymind.com Thu Dec 1 17:02:48 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 1 20:05:02 2005 Subject: [SpamCop-List] SEC no longer accepting spam forwards? Message-ID: I used to forward my stock spams to the SEC as attachments...but today I get this: Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 12.154.80.37 failed after I sent the message. Remote host said: 550 Error: SECPFR For security reasons we reject attachments of this type Should I start forwarding the spam inline, even though that kills the headers? From MikeE at ster.invalid Thu Dec 1 17:24:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 1 20:25:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but > today I get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. This is a permanent error; I've given up. Sorry it didn't > work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? Except for spamcop's submit addy, all spam I send to abuse desks and such is sent inline, not as an attachment -- but it is sent inline with complete headers. If the mail agent were OE, I would use File/ Properties/ Details/ Message Source button and copy the complete headers continuous with the unrendered spambody and paste that into the body of the email message after a delimitor and a brief 1 line explanation of why they're getting it. That has been the traditional way of doing it -- however, that method is actually 'inferior' to sending it as an attachment, because the mailuser agent will change what has been pasted into the body by adding linewraps -- so if someone really cares about 'evidence' insisting that it be put into the body is a dumb position to take because the evidence gets modified by the transmission. All in all it is a dumb position for anything as 'sophisticated' as an abuse desk or its equivalent to not be able to properly handle whichever format proper evidence comes in, attachment or not. My provider has some zany instructions for rendering spam and putting the full headers over a copy of the rendered spam -- but my provider has a host of stupid corporate and administrative policies and behaviors. Obviously there are some things that rendering would 'ruin' the evidence such as phish information. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Thu Dec 1 22:29:07 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 22:30:03 2005 Subject: [SpamCop-List] Re: KIDC.NET References: Message-ID: "spamacyde" wrote in message news:dmcftc$33b$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmb622$g9b$1@news.spamcop.net... > > Most of my spam is spamvertising KIDC.NET. Is KIDC.NET "black hat?" > > > > Thanks > > > > > > It is South Korea, right? > > I just received spam from South Korea promoting mainland China watches. Go figure. From SC.10.myspamgobbler at spamcowboy.net Thu Dec 1 22:42:31 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Fri Dec 2 01:50:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but today I > get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? I send multiple stock spam as attachments to SEC and am still getting their normal response that they've received it. Did you mistakenly include a malware laden message? -- Brian SC.10.myspamgobbler@spamcowboy.net From Kilgallen at SpamCop.net Fri Dec 2 08:32:52 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Dec 2 09:35:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: In article , Brian writes: > Borgholio wrote: >> I used to forward my stock spams to the SEC as attachments...but today I >> get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? I would hope the SEC is not using systems susceptible to malware. From nobody at spamcop.net Fri Dec 2 07:59:11 2005 From: nobody at spamcop.net (maulaf) Date: Fri Dec 2 11:00:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type I formerly used to "Save As..." and then attached the result in a separate e-mail to SEC(*). When I first received this error, the implication was that attachments with a .eml extension were a problem to the SEC. I tried "Save As..." and simply specified that the result should be .txt file. E-mail with .txt attachments, it turns out, are just fine as far as the SEC is concerned. So, you could try that little trick. (*) Various reasons for sending separate e-mail rather than having the SEC as a "Public standard report recipient"; e.g. the sudden recent unannounced switch from unchecked by default to checked by default, the severe limit on the number of recipients that can be listed, etc. From borgholio at storymind.com Fri Dec 2 09:46:07 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Dec 2 12:50:04 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Brian wrote: > Borgholio wrote: > >> I used to forward my stock spams to the SEC as attachments...but today >> I get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? > Not that I'm aware of.... From nobody at spamcop.net Fri Dec 2 13:49:25 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 13:50:03 2005 Subject: [SpamCop-List] system problems? Message-ID: Just tried to report a spam, I should have been logged in without seeing the log in screen (I allow SC cookies), and I got that "password is incorrect" error message. And nuts, I seem to have lost my SC cookie! How the heck did that happen? From nobody at devnull.spamcop.net Fri Dec 2 13:47:55 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Dec 2 14:50:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats Would have to guess that you hit during that last "undocumented" dip ..... System outages/instability http://forum.spamcop.net/forums/index.php?showtopic=5288 From nobody at spamcop.net Fri Dec 2 14:54:52 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 14:55:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: WazoO wrote: > "indigo" wrote in message > news:dmq4vl$fl8$1@news.spamcop.net... > > Just tried to report a spam, I should have been logged in without > > seeing the log in screen (I allow SC cookies), and I got that > > "password is incorrect" error message. > > System outages/instability > http://forum.spamcop.net/forums/index.php?showtopic=5288 Hmmm....well, I reset my password and it worked....I hope Ellen won't spank me! ;-) P.S. Seems no one propogated the news over to the NNTP groups like she asked.....tsk, tsk....but thanks for replying, Waz. From nobody at nowhere.invalid Fri Dec 2 21:09:28 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 2 15:10:02 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: On 2 Dec 2005 08:32:52 -0600, Larry Kilgallen coughed into spamcop and left this in : > I would hope the SEC is not using systems susceptible to malware. The chances are they're using M$-Windows desktops. Therefore not only are they susceptible to malware, but they're also already running it. -- Steve The original point and click interface was a Smith & Wesson. From nobody at spamcop.net Fri Dec 2 15:21:23 2005 From: nobody at spamcop.net (Ellen) Date: Fri Dec 2 15:30:04 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. And nuts, I seem to have lost my SC cookie! How the heck did > that happen? > > I have been on the system all day and have not seen any problems. I just checked with ops and they have not seen any either. I have no idea where your cookie went -- maybe it just expired. I notice down the thread that you got back in so that is good. Ellen SpamCop From bud at telus.net Fri Dec 2 15:31:46 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:03 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:33:32 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:07 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:36:38 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:40:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlkd$p48$2@news.spamcop.net... > http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z > http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez > > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are > open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: > > "Thank you for your information regarding the alleged violation of the > Shaw > Internet Acceptable Use Policy. > Based on the information provided, we have identified the offending > computer and will take appropriate action(s). > These actions may be: > - Issue a warning by email indicating a complaint has been registered > - Issue a warning that service may be suspended if activity continues > - Suspend or terminate Shaw Internet connection to customer" > > Acceptable Use Policy Management Team > Shaw High-Speed Internet Service > Shaw Cablesystems G.P. > 2400 - 32nd Avenue N.E. > Calgary, Alberta, T2E 9A7 > Telephone: (403)750-7420 > Facsimile: (403)539-6831 > > (gb) > > > I don't want to filter this spam because it's now become a crusade for me. > I could phone, but I'm not sure at this stage I could keep my composure. > What can I do to get through to this provider? > > -- > Bud I don't know how this got duplicated -- B. From porpoise1954 at yahoo.co.uk Fri Dec 2 23:51:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 2 18:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlqa$pa3$1@news.spamcop.net... > SNIPPED >> >> I don't want to filter this spam because it's now become a crusade for >> me. >> I could phone, but I'm not sure at this stage I could keep my composure. >> What can I do to get through to this provider? >> >> -- >> Bud > I don't know how this got duplicated > -- > B. > Now it just got triplicated. ;-0 From MikeE at ster.invalid Fri Dec 2 16:06:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I don't know how this got duplicated Sometimes it is interesting to compare the msgid/s and timestamp/s, and sometimes it isn't. Date: Fri, 2 Dec 2005 15:31:46 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:33 +0000 (UTC) Date: Fri, 2 Dec 2005 15:33:32 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:34 +0000 (UTC) The only thing which is interesting to me about the comparison is the difference in seconds between the nntp date stamped by the server and the date stamped by your machine. Your machine sez a difference of 1min 46sec -- whereas the nntp stamp sez a difference of 1 sec. You would expect a hiccup to have closer times on your end than the newsserver's - I would think. Some people's news agents, I think OE does this, put stamp the item based on when the person starts editing the item. At least I think I formed that theory once upon a time when I was being the volunteer clock police person and would pull Ellen over for clock discrepancies. It seemed that the explanation was not based on her clock being set wrong, but the fact that she sometimes starts a news message and finishes it later and then posts it. Or something like that, I think. OTOH, if you were trying to imagine a scenario to make a longer time for your agent vs the newsserver, you would have your agent *not* stamping its time until it got 'hooked up' with the server. So, if it were having a delay in the hookup, then it would be waiting and waiting to get hooked up, and while it was waiting it would hiccup. Then, in the same second as the hiccup the agent and server hooked up - like hookup plus hiccup - and then the server would get 'both' of them almost simultaneously, ie 1 second apart. But, that scenario doesn't fit with my current concept of how a message gets dated by the user's agent. My provider's newsserver changes my date to its own, which annoys me as a newsserver behavior. I think it should leave it alone. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 2 16:13:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:15:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume > are open proxies. Correct, and listed in proxytrojan spamtrap hits like CBL, also spamsource like spamcop, also nonresponsive provider, like spews. And others. The first is cbl, the 2nd is njabl, the 2nd isn't currently scbl/ed. Spews has a zillion shaws listed, just like it has a zillion comcasts. > I don't want to filter this spam because it's now become a crusade > for me. I could phone, but I'm not sure at this stage I could keep my > composure. What can I do to get through to this provider? If they don't respond to the larger community such as spews and others, they aren't likely to jump up and respond to you. Just keep doing your reporting and the source IPs will stay or get in SCbl. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sat Dec 3 00:18:08 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 19:20:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: I consider sjrb.ca as black hat. I also get a lot of spam from them and since they do not accept unmunged reports they do not get any of my reports. -- Robert Blair From jg at coks.net Fri Dec 2 16:47:12 2005 From: jg at coks.net (jg) Date: Fri Dec 2 19:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 4:18 PM Robert Blair scribbled: > On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > > >>I have been plagued for the last two weeks by spam coming from two IP >>addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open >>proxies. I have SC reported every one. I have reported each IP address to >>internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a >>standard response: > > > I consider sjrb.ca as black hat. I also get a lot of spam from them > and since they do not accept unmunged reports they do not get any of > my reports. > > I thought they didn't accept /munged/ reports - if they don't accept /unmunged/ reports, then they don't accept /any/ reports, which would decidely put them into the greyer shade of hat... From johnl at in.newsgroup.only Sat Dec 3 01:46:50 2005 From: johnl at in.newsgroup.only (JohnL) Date: Fri Dec 2 20:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: jg wrote in news:dmqpqj$rkj$1@news.spamcop.net: > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... They /do/ accept UNmunged reports. From MikeE at ster.invalid Fri Dec 2 18:06:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 21:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > open proxies. > What can I do to get through to this provider? Buy them a gizmo: We're launching a new product called F-Secure Network Control Appliance based on this technology. It will tackle spam and computer zombies for service providers automatically. This box will monitor traffic from end-users at the network edge, automatically denying offending computers access to the network. Those using too much bandwidth or operating as spam zombies will automatically get redirected to a self-help web page, explaining what they have to do (like "clean your PC - install patches!") in order to regain network connectivity. This is smart compared to the current model where ISPs and other service providers are manually trying to figure out who is a zombie and who is not - and when they find one they will just cut the user off, leaving him wondering what's going on and making support calls. This technology works: it is already being used to monitor around half a million subscriber lines. http://www.f-secure.com/weblog/ http://www.f-secure.com/products/fsnc/ F-Secure Network Control for Service Providers pic http://www.f-secure.com/weblog/archives/fsnc1.gif -- Mike Easter kibitzer, not SC admin From bud at telus.net Fri Dec 2 19:24:47 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 22:25:04 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Mike Easter" wrote in message news:dmquj3$u63$1@news.spamcop.net... > Bud wrote: > >> open proxies. > >> What can I do to get through to this provider? > > Buy them a gizmo: > > > We're launching a new product called F-Secure Network Control Appliance > based on this technology. It will tackle spam and computer zombies for > service providers automatically. This box will monitor traffic from > end-users at the network edge, automatically denying offending computers > access to the network. Those using too much bandwidth or operating as > spam zombies will automatically get redirected to a self-help web page, > explaining what they have to do (like "clean your PC - install > patches!") in order to regain network connectivity. > > This is smart compared to the current model where ISPs and other service > providers are manually trying to figure out who is a zombie and who is > not - and when they find one they will just cut the user off, leaving > him wondering what's going on and making support calls. > > This technology works: it is already being used to monitor around half a > million subscriber lines. > http://www.f-secure.com/weblog/ > http://www.f-secure.com/products/fsnc/ F-Secure Network Control for > Service Providers > > pic http://www.f-secure.com/weblog/archives/fsnc1.gif > > > -- > Mike Easter > kibitzer, not SC admin Terrific! Sent to Shaw and my own provider, Telus. We'll see what response I get. -- Bud From nobody at nowhere.not Sat Dec 3 04:52:01 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 23:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Sat, 3 Dec 2005 00:47:12 UTC, jg wrote: > > I consider sjrb.ca as black hat. I also get a lot of spam from them > > and since they do not accept unmunged reports they do not get any of > > my reports. > > > > > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... That was a BIG typo. I meant to say the do not accept munged reports (I wonder what my fingers thought my brain was sending to them, things do not function like they did in days gone by). -- Robert Blair From exfenestrate at spammers.invalid Fri Dec 2 22:22:40 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:25:03 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <5z4zq6wg26l4.dlg@grc.aosake.net> On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > "Mike Easter" wrote in message > news:dmkna7$lkc$1@news.spamcop.net... >> jg wrote: >>> and came up with (via Sam Spade): >>> >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? >>> academic question... >> I think but I'm not sure that in this context 'bogus' simply means >> that 'paranoid' lookup doesn't work. >> >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original >> IP that the report sez 'bogus' -- which seems like an unkind term for >> that particular behavior. > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > would be a little long for such a purpose, don't you think? I think > "bogus" fits because the rdns names (the right sides of the PTR Records) > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > (the person responsible for the zones in all three parent SOA records) > for the whole mess. Does it have an adverse affect on routing packets? These are intermediary routers, here, not end-point hosts. I should think that, as long as the packets are being properly routed, there is no _serious_ problem. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Fri Dec 2 22:29:48 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:30:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <1u178mqi2xgi6.dlg@grc.aosake.net> On Wed, 30 Nov 2005 08:20:56 -0800, jg wrote: > Been getting a lot of these lately. > While looking for something more definitive as to origin (curiousity) I > did a trace on 24.22.212.4 > and came up with (via Sam Spade)... An unremarkable trace route. Comcast has a contract, or peering agreement with AT&T, whoops, that is now "at&t"; seriously. Since SBC has completed its purchase of AT&T, and changed the company name to, "at&t", and the "Deathstar" logo for good measure, there may be some changes in the routing. I expect that at&t may decide to adjust the routing computations to spread the load among all of the at&t backbone routers, including the former SBC backbone routers. Or not. In any case, the old AT&T backbone is known to Comcast customers for being a routing choke point, prone to high latency. Right, none of that, nor the lack of responsiveness of the customer host ti ICMP packets, has a lot of bearing on the spam source. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From edb2000 at spamcop.net Fri Dec 2 23:15:00 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Dec 3 02:20:02 2005 Subject: [SpamCop-List] nacio listwashing Message-ID: Another example of 'not clear on the concept'. I do not believe the SC report was a request to be listwashed, but they do. Beware of email lists hosted as *.lyris.net: > Date: Fri, 2 Dec 2005 15:30:37 -0800 From: Mindy Wallen > Subject: re: Spam Notification Organization: Lyris > Technologies > > Hello, > > Thanks for bringing this to our attention. I have removed your email > address from the mailing list SiteBrand_S5_List. I have also filed a > formal spam complaint on your behalf and a representative here will > investigate this list's activity. > > If you desire any further assistance, please let me know. > > Thanks & take care, Mindy Wallen Abuse Department > > > >>> Nacio has received the following SPAM complaints for your server. >>> Please investigate this matter and take appropriate action. Thank >>> you, NACIO Abuse Dept abuse@nacio.com > Subject : Spam Notification Date : Fri, 2 Dec 2005 10:33:00 -0800 > From : "ABUSE" > To : Cc : ABUSE > > > > > > Nacio has received the following SPAM complaints for your server. > Please investigate this matter and take appropriate action. > > Thank you, > > NACIO Abuse Dept > > abuse@nacio.com -- Don Wannit A paid SpamCop user since 1999 From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:51:32 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:13 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? > > Did you check for any crumbs under your desk? >snicker< :-D From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:53:46 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:18 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote in news:dmo6fa$g9v$1@news.spamcop.net: > > > Should I start forwarding the spam inline, even though that kills the > headers? > I'm assuming this is on Yahoo. I do a copy/paste of the headers over the quoted stuff on the inline. That usually works for me. From bar_n0ne at hotmail.com Sat Dec 3 16:10:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 3 07:15:01 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Redstone" wrote in message SNIP > I do a copy/paste of the headers over the quoted stuff on the inline. That > usually works for me. I no longer bother, 2 reasons: 1) Default for Public non-standard recipients is checked on, I too often forgot to uncheck non-relevant ones.. 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes the gif and puts it in a separate folder. Larts only contain the name of the gif file, not the gif, so there is no payload my MUA choices (corporate) are Eudora or Outlook,, I have a nice workflow using outlook express to get complete spam (except in these cases), more work is not worth the trouble. From jg at coks.net Sat Dec 3 09:04:00 2005 From: jg at coks.net (jg) Date: Sat Dec 3 12:05:12 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 8:52 PM Robert Blair scribbled: > > That was a BIG typo. I meant to say the do not accept munged reports > (I wonder what my fingers thought my brain was sending to them, things > do not function like they did in days gone by). > > Don't feel like the Lone Ranger... From MikeE at ster.invalid Sat Dec 3 10:10:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 13:15:02 2005 Subject: [SpamCop-List] Re: a new kind of 419 References: Message-ID: Technomage Hawke wrote: > please see it in .spam. this one is new. Technomage Hawke wrote: > this arrived in my e-mail today. > I was rather a bit taken aback by this. > anyone know what to make of it? It is a spamscam sourced from a Belltech Lagos .ng IP via hotmail webmailer. The notifies are for the hotmailer usmanbello007@hotmail.com abuse@hotmail.com report_spam@hotmail.com (for hotmail.com) abuse@microsoft.com (for microsoft.com) abuse@msn.com (for msn.com) the source provider's admin/tech contact: bimboabubakar@yahoo.com and the AS25228 SkyVision for the general shabby condition of Belltech's Lagos contact listing in RIPE as well as no rDNS on the sourcce IP and thus no proper abuse.net listing for belltech's block ripeadm@sky-vision.net abuse@sky-vision.net Tatyana.Knaifel@sky-vision.net lir@sky-vision.net steve.birnbaum@sky-vision.net dimitry.raitses@sky-vision.net (for sky-vision.net) > Received: from 217.194.155.83 by by24fd.bay24.hotmail.msn.com with > HTTP; Fri, 02 Dec 2005 11:22:09 GMT > X-Originating-IP: [217.194.155.83] > X-Originating-Email: [usmanbello007@hotmail.com] > We have resolved to pay you immediately according to the directives > and mandate from the Ecowas heads of states and council of the ecowas > finance ministers. Immediately we hear from you, we shall give > directives to you on how to receive your fund. -- Mike Easter kibitzer, not SC admin -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Sat Dec 3 15:34:04 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Dec 3 15:35:03 2005 Subject: [SpamCop-List] Re: (MEDIA) -Mail Promising Tax Refund Is Phishing Scam References: Message-ID: In article , "Ron B." wrote: > -Mail Promising Tax Refund Is Phishing Scam > > Federal tax collectors are warning consumers not to be fooled by a bogus > e-mail that appears to come from the Internal Revenue Service and > promises a tax refund. > > The e-mail is an identity theft phishing scam that attempts to fool > recipients into revealing personal and financial information. > > Doesn't everybody know that the IRS only looks for you when you owe them money, not the other way around? -- D.F. Manno | dfm2a3l0t2@spymac.com Support the troops. Bring them home NOW! From newspost at deletethispart.hypercreations.com Sat Dec 3 21:08:40 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Sat Dec 3 16:10:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? This has been happening on and off to ALL of us for months, so it has nothing to do with our local computers/browsers/connections/etc....it's system instability, and it's being watched and documented at the Forums, as Wazoo indicated. In fact, there was a total shutdown for some minutes today (Saturday, Dec. 3) that caused the same behaviour, in addition to some interesting errors from intermediate servers, such as: An error occurred while processing your request. Reference #97.bbfb746.1133641925.ae63253 and: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.12bfb746.1133641841.42d6a15 Even though many of us accept and have even "protected" our SC cookies, it seems that the server problems cause FireFox to "forget" the memorized userid/password (login) information. I've seen it happen many times, and this isn't happening with *any* other sites I log in to. DT From borgholio at storymind.com Sat Dec 3 14:14:36 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 17:15:02 2005 Subject: [SpamCop-List] TeamAaronShara... Message-ID: Anybody else getting a ton of spam from these idiots? The emails seem to be coming from several different networks, all over the world. What's the deal? From jeffg at spamcop.net Sat Dec 3 17:56:07 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 18:00:04 2005 Subject: [SpamCop-List] Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Norman Miller" wrote in message news:5z4zq6wg26l4.dlg@grc.aosake.net... > On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > > "Mike Easter" wrote in message > > news:dmkna7$lkc$1@news.spamcop.net... > >> jg wrote: > >>> and came up with (via Sam Spade): > >>> > >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? > >>> academic question... > >> I think but I'm not sure that in this context 'bogus' simply means > >> that 'paranoid' lookup doesn't work. > >> > >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original > >> IP that the report sez 'bogus' -- which seems like an unkind term for > >> that particular behavior. > > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > > would be a little long for such a purpose, don't you think? I think > > "bogus" fits because the rdns names (the right sides of the PTR Records) > > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > > (the person responsible for the zones in all three parent SOA records) > > for the whole mess. > Does it have an adverse affect on routing packets? These are intermediary > routers, here, not end-point hosts. I should think that, as long as the > packets are being properly routed, there is no _serious_ problem. No, it does not "have an adverse affect on routing packets", but it does "have an adverse affect on troubleshooting of routing packets" -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jg at coks.net Sat Dec 3 16:11:29 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:10:07 2005 Subject: [SpamCop-List] OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 2:56 PM Jeff G. scribbled: > "Norman Miller" wrote in message > news:5z4zq6wg26l4.dlg@grc.aosake.net... > >>On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: >> >>>"Mike Easter" wrote in message >>>news:dmkna7$lkc$1@news.spamcop.net... >>> >>>>jg wrote: >>>> >>>>>and came up with (via Sam Spade): >>>>> >>>>>How do 3 bogus rDNS entries pop up and is this the result of > > spammy? > >>>>>academic question... >>>> >>>>I think but I'm not sure that in this context 'bogus' simply means >>>>that 'paranoid' lookup doesn't work. >>>> >>>>That is, if an IP will rDNS but the rDNS doesn't DNS to the > > original > >>>>IP that the report sez 'bogus' -- which seems like an unkind term > > for > >>>>that particular behavior. >>> >>>'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>>IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" > > at > >>>http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 > > ' > >>>would be a little long for such a purpose, don't you think? I think >>>"bogus" fits because the rdns names (the right sides of the PTR > > Records) > >>>are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, >>>tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net >>>authoritatively don't exist, and I blame > > rm-hostmaster[at]ems.att.com > >>>(the person responsible for the zones in all three parent SOA > > records) > >>>for the whole mess. >> >>Does it have an adverse affect on routing packets? These are > > intermediary > >>routers, here, not end-point hosts. I should think that, as long as > > the > >>packets are being properly routed, there is no _serious_ problem. > > > No, it does not "have an adverse affect on routing packets", but it does > "have an adverse affect on troubleshooting of routing packets" > Jeff, you need QuoteFix to go along with your doubtlook client - I got cross eyed reading the orig of above post... sorry... From jg at coks.net Sat Dec 3 16:13:13 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:15:04 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 2:14 PM Borgholio scribbled: > Anybody else getting a ton of spam from these idiots? The emails seem to be > coming from several different networks, all over the world. What's the deal? Doesn't sound familiar here - So. Cal. - just as well, got enuff of my own idiots falling in... From borgholio at storymind.com Sat Dec 3 16:13:16 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:15:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: jg wrote: > On 12/3/2005 2:14 PM Borgholio scribbled: > > >>Anybody else getting a ton of spam from these idiots? The emails seem to be >>coming from several different networks, all over the world. What's the deal? > > Doesn't sound familiar here - So. Cal. - just as well, got enuff of my > own idiots falling in... I live in Burbank...the epitome of SoCal. :) From MikeE at ster.invalid Sat Dec 3 16:20:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 19:25:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: > Jeff, you need QuoteFix to go along with your doubtlook client - I got > cross eyed reading the orig of above post... > sorry... While I'm in favor of as many people using QuoteFix as need to, my QF fixed Jeff's post; see below. If yours did not, then your QF has run out of its 'memory leak space' buffer, and you need to: - configure QF to 'depend on OE' in its advanced options and - integrate OE & QF to be 'OE with QF' and - periodically shutdown the OE/QF integrated operation and restart it and - when you do, you are likely to find that QF works better to fix such things Jeff G. wrote: > "Norman Miller" >> Jeff G. wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> and came up with (via Sam Spade): >>>>> >>>>> How do 3 bogus rDNS entries pop up and is this the result of >>>>> spammy? academic question... >>>> I think but I'm not sure that in this context 'bogus' simply means >>>> that 'paranoid' lookup doesn't work. >>>> >>>> That is, if an IP will rDNS but the rDNS doesn't DNS to the >>>> original IP that the report sez 'bogus' -- which seems like an >>>> unkind term for that particular behavior. >>> 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>> IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" >>> at >>> http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 >>> ' would be a little long for such a purpose, don't you think? I >>> think "bogus" fits because the rdns names (the right sides of the >>> PTR Records) are in fact "not genuine" because >>> tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and >>> tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame >>> rm-hostmaster[at]ems.att.com (the person responsible for the zones >>> in all three parent SOA records) for the whole mess. >> Does it have an adverse affect on routing packets? These are >> intermediary routers, here, not end-point hosts. I should think >> that, as long as the packets are being properly routed, there is no >> _serious_ problem. > > No, it does not "have an adverse affect on routing packets", but it > does "have an adverse affect on troubleshooting of routing packets" -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Sat Dec 3 16:40:26 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:45:03 2005 Subject: [SpamCop-List] Spamcop not reporting weblinks in spam Message-ID: Full spam posted in .spam. Manually reporting spam should report spamvertised sites, right? Well it's not, at least in this case. Most of the time it locates the links but doesn't report them, nor does it give any indication of why it's not reporting. What's up? From jeffg at spamcop.net Sat Dec 3 19:58:01 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:00:04 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: "Borgholio" wrote in message news:dmtdt2$6f6$1@news.spamcop.net... > Full spam posted in .spam. Manually reporting spam should report > spamvertised sites, right? Well it's not, at least in this case. Most of > the time it locates the links but doesn't report them, nor does it give any > indication of why it's not reporting. What's up? SNAFU. Refresh enough times and it should work. Please direct your complaints to SpamCop Admin. Ref: http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z and "FAQ Entry: The Link Analysis Process" at http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:02:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:05:03 2005 Subject: [SpamCop-List] Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Borgholio" a écrit dans le message de news: dmt5bk$14g$2@news.spamcop.net... > Anybody else getting a ton of spam from these idiots? The emails seem to > be coming from several different networks, all over the world. What's the > deal? I get LOTS of these spams from all over the world (many sources, most of them on dialup IP addresses of various ISPs, so this spam comes from PCs infected by viral worm that hosts a spamware). Unfortunately, the criminal that controls the list of abused PCs is using my own email address in ALL its repeated commands (so I receive a copy of this spam and scam since a couple of week at least 2 or 3 times PER MINUTE). It looks like a revenge against my past reports. I am currently reporting about 20 of these spams each day (only the most recent ones received in the last hour, when I check my emails), and I drop all the other copies. For now, my antispam system (hosted by my ISP) still does not detect it automatically, I had to add a manual exclusion to the blacklist for the subject line: Return-Path: Received: from mwinf5102.me-wanadoo.net (mwinf5102.me-wanadoo.net) by mwinb0306 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 9D2CD1C0FCE3 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from smtp12.wanadoo.fr (mwinf1207 [172.22.143.37]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 97D841C0FCE7 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 8C0F51C00098 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinb0403.me-wanadoo.net (mwinb0403 [172.22.165.25]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 823AB1C00090 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:31 +0100 (CET) X-ME-UUID: 20051204004031533.823AB1C00090@mwinf1207.wanadoo.fr Received: by mwinb0403.me-wanadoo.net (SMTP Server, from userid 1001) id 5D6AC18032; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinf1212.wanadoo.fr (mwinf1212.wanadoo.fr) by mwinb0403 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1212.wanadoo.fr (SMTP Server) with ESMTP id 2FA953C04B81 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from 193.252.22.89 (unknown [218.150.241.94]) by mwinf1212.wanadoo.fr (SMTP Server) with SMTP id EEB093C04B90 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:21 +0100 (CET) X-ME-UUID: 20051204004022977.EEB093C04B90@mwinf1212.wanadoo.fr Received: from 218.150.241.94 Message-ID: From: "TeamAaronShara" Reply-To: "TeamAaronShara" To: (hidden)@wanadoo.fr Subject: Want to make EASY Money? TeamAaronShara will show you how! Date: Sun, 04 Dec 2005 03:33:21 +0300 X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--115803255982665" X-Priority: 3 X-MSMail-Priority: Normal X-me-spamlevel: not-spam X-me-spamrating: 30.025481 X-Antivirus: AVG for E-mail 7.1.362 [267.13.11/191] ----115803255982665 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Untitled Document


= Want to make some fast extra CASH before the holidays? <= /font>Read on and TeamAaronShara walk you through the easy steps to easy money
and success. Aaron and I have been making money the easy way for many ye= ars now and sharing our knowledge and success with others
less fortunate than ourselves. Our followers have placed an unprecedente= d amount of trust in our judgement to bring them great HYIP
investment programs, money doublers, matrix programs, randomizers and ml= m programs. We are now bringing these programs directly to
you so that you can prosper with us. All our mon= ey making program picks are 100% safe to invest in!

http://www.teamaaronshara.com/daily.html

Our site walks you through = and holds your hand while investing in the many tried and tested easy wealth schem= es that are listed, all we ask is that
you join programs using our referral link so that we earn a little for t= he introduction. We show you where to get an online money account, how to
fund it and most importantly how to invest into the programs on offer an= d start earning immediately and all from the comfort of your armchair.

TeamAaronShara has a daily = newsletter so that you can learn about new money making opportunities the minute th= ey launch, all you need to do is
subscribe on our page to receive the latest news everyday. We have 1000'= s of subscribers already so come and join us and let's make our fortunes
together.

Learn how to use autorespon= ders, generate targeted email leads and get information on what tools to use f= or large mailing campaigns to your
hot prospects. We have it all and so can you! Remember, you will never lose money while following TeamAaronShara!

http://www.teamaaronshara.com/daily.html

Here Is A Recent Photo, its= not a very good one, but you can get an idea.. As You Can See We Are A Normal = Looking Couple, No Different Than Any
Of You :). Now You Can Put Faces With The Words, And For Some Of You The= Voices. We have a huge following on the www.moneymakergroup.com
discussion forum where we are both forum moderators and respected by all= We live in a wonderful new luxury home, have a new Mercedes, a new Lexus fo= r
Aaron and more money in the bank than we could ever have dreamed of. We = both wear gold Rolex watches set with diamonds, have a luxury ski boat, luxur= y
beach appartment in Florida and are completely without debt. You might a= sk how we managed to achieve all this wealth and that would be a very good ques= tion
which we will assume that you have already asked and will answer for you=

All our money is made from = the Internet by telling others about wonderful investment opportunities and being a p= art of them ourselves. Before we became switched
onto the Internet fountain of wealth we used to both work day jobs, Aaro= n would be away from home upto 12 hours a day working a construction job while I= worked
part time as an actress in adult movies. Neither of us were satisfied wi= th our jobs so we decided to radically change our careers and take our chances = on the Internet. It
turned out to be a wiser choice than we could ever have dreamed of and o= ur success can become your success too! Just visit our site to embark on your new w= ay of life
and the easy road to riches and success. We have now become one of the b= iggest and most followed promotors of HYIP programs on the web!

http://www.teamaaronshara.com/daily.html

Testim= onials:

Three months ago I was s= truggling to make ends meet in a country with a high inflation rate and things tha= t I can buy a year ago are now out of my budget. Add to the fact
that I have a 2-month old baby with growing needs, I thought I had to fi= nd another source of income. I turned to the internet and boy was that an eye opene= r! Opportunities
left and right bundled with scammers in abundance that it was truly a ga= mble which program to join and try to make money out of. After much research = on the net I came
across the TeamAaronShara Newsletter. A great resource for a newcomer li= ke me to get a grip on the trends and curveballs of the money making programs = of the internet
which is updated even if it's midnight in their time zone! Now I just st= ay home and "work" three hours a day on the internet and I get to play= with my 5-month old son all the
time and watch him grow right in front of my eyes. No more coming home t= o find out I miss his first smile or first crawl! :) I owe that to you TeamAaro= nShara! Thank you
from the bottom of my heart! Alvic C

TeamAaronShara is the best. There have been several times when I have ha= d a question or needed assistance concerning one of the programs that they o= ffered on the site.
Well, they ALWAYS answer my emails and return my phone calls with the co= rrect answer. They diligently study all the programs within their site and onl= y promote those
programs that pass a strict due diligence. If you are thinking about joi= ning any of the programs on this site I STRONGLY recommend that you sign up u= nder TeamAaronShara
because you will get the best support available anywhere on the internet= and the latest updates on what's hot and what's not. Brian K

=

http://www.teamaaronshara.com/daily.html

= Have a Great Day!!
Aaron and Shara
http://www.teamaaronshara.com

----115803255982665-- From verdy_p at wanadoo.fr Sun Dec 4 02:16:39 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:20:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" a écrit dans le message de news: dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. > > I am currently reporting about 20 of these spams each day (only the most > recent ones received in the last hour, when I check my emails), and I drop > all the other copies. These spams are constantly reported to spamcop@imaphost.com which seems to be the owner of the networks where all the zombies are installed. It's strange that a service provider like imaphost.com which has signed an agreement with SpamCop.Net to get special reports doesnot take any action to block these repeted emails at its source before it lets its users forwards these emails worldwide. Is imaphost.com really serious? I am quite ready to blacklist imaphost.com completely... From g.hyde at bigpond.net.au Sun Dec 4 11:18:09 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Mike Easter" wrote in message news:dmtcom$5tt$1@news.spamcop.net... > jg wrote: > >> Jeff, you need QuoteFix to go along with your doubtlook client - I got >> cross eyed reading the orig of above post... >> sorry... > > While I'm in favor of as many people using QuoteFix as need to, my QF > fixed Jeff's post; see below. > > If yours did not, then your QF has run out of its 'memory leak space' > buffer, and you need to: I think what he meant was that Jeff needs to download and install the QF client, and that Jeff doesn't have it installed - for one reason or another. -- Cheers ... Geoffrey Hyde From g.hyde at bigpond.net.au Sun Dec 4 11:25:52 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:08 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" wrote in message news:dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. Are you saying that your ISP can't/won't stop address bounce errors?? If so, perhaps you should explain the problem to them, if you can get ahold of a reasonably intelligent real-life tech support guy at the other end of the phone support number. If not, you need to find out where the infected PC that is sending the spam is located, and have them and their service provider notified so that they can shut off spammy's flow. Much of which has been described in various ways here. If you are finding that the problem is your ISP doesn't seem sympathetic or is clueless, I'd recommend switching to one who is not as clueless. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sat Dec 3 20:37:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:40:02 2005 Subject: [SpamCop-List] Popgate "Cannot contact server" Message-ID: All of my MSN Hotmail and Yahoo! Accounts at POP Configuration are showing "Cannot contact server" with Error Counts from 11 to 12 (indicating errors going back 165 minutes (2.75 hours) to 180 minutes (3.0 hours)). Are others of you having the same problem? I have notified JT. Updates to this situation will be at http://forum.spamcop.net/forums/index.php?showtopic=5462&view=findpost&p=37149 . -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:40:57 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:45:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Geoffrey Hyde" a écrit dans le message de news: dmtgj3$87e$2@news.spamcop.net... > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold > of a reasonably intelligent real-life tech support guy at the other end of > the phone support number. There's no bounce error. These are real spams sent directly from known open relays. > If not, you need to find out where the infected PC that is sending the > spam is located, and have them and their service provider notified so that > they can shut off spammy's flow. Much of which has been described in > various ways here. Not needed. I let Spamcop determine the source itself and report spams correctly to the appropriate abuse desks. Regarding this spam, all the Spamcop-generated reports seem to go to spamcop@imaphost.com (in addition to another ISP). This looks like imaphost.com is acting as a relay for the infected PCs that are running zomby viral spamwares, and imaphost.com currently does not close the relay authorization from its customers. > If you are finding that the problem is your ISP doesn't seem sympathetic > or is clueless, I'd recommend switching to one who is not as clueless. There's no problem at my ISP. The problem is at the source network that is hosting the open-relays, apparently all of them being related to imaphost.com (that's not my ISP). The effective propagation is: - spammer sends instructions and posts lists of emails to some IRC server, where the zombies can discover themselves andact as a large spamming network. - infected PCs are listening for instructions from this IRC server, and they download lists of emails addresses to send spam to - the infected PCs (that are acting as open-relays) are sending a copy of the spam email to their current email provider (imaphost.com) - imaphost.com relays those spams, because it currently trusts these sources that appear to be among their subscribed customers - imaphost.com relays the spam to my ISP that accepts it because it currently trusts (doesnot block) imaphost.com - these spams fill my mailbox despite I have subscribed (and paid) an antispam option that should direct them to another folder with limited capacity. - I have informed my ISP that its antispam filter is currently not blocking those spams as it should; I am waiting for them to update their filter) - for now I need to setup my own personal blocking list on top of my ISP's filter. From jeffg at spamcop.net Sat Dec 3 20:47:54 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:50:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > [copy of spam with headers] Why did you post that spam in this newsgroup? Philippe Verdy wrote: > These spams are constantly reported to spamcop@imaphost.com which > seems to be the owner of the networks where all the zombies are > installed. > > It's strange that a service provider like imaphost.com which has > signed an agreement with SpamCop.Net to get special reports doesnot > take any action to block these repeted emails at its source before it > lets its users forwards these emails worldwide. > > Is imaphost.com really serious? I am quite ready to blacklist > imaphost.com completely... That's Cyveillance. Google is your friend. :) -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:58:11 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > Philippe Verdy wrote: >> [copy of spam with headers] > > Why did you post that spam in this newsgroup? I forgot that rule for posting here (it's been a long time since I have used this newsgroup, given that my antispam systems are now working very effectively to block almost all of them, about 400 to 800 spams each day, and only a few not blocked; but this TeamAaronShara spamisthe most active one and it currently escapes from the blocking rules,andI don't know why,given that it has a static content and a very easily identifiable signature). In fact I avoid newsgroups most of the time, as they are the *easiest* way for spammers to collect more active email addresses in their illegal databases (and they often know the various tricks used in newsgroups to "encypher" personnal email addresses like this in this message, using various string transformations, such as automatic removal of parenthesized comments in email addresses, transformation of "(at)" into "@", and so on...) > Philippe Verdy wrote: >> These spams are constantly reported to spamcop@imaphost.com which >> seems to be the owner of the networks where all the zombies are >> installed. > > That's Cyveillance. Google is your friend. :) OK, thanks for noting that (in the past Cyveillance used other (hidden) report addresses, I did not know that it was changed to use imaphost.com). Well Spamcop also always reports to a second address. I should have read more carefully the Spamcop processing messages. From jeffg at spamcop.net Sat Dec 3 21:03:09 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 21:05:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" wrote in message > news:dmtcom$5tt$1@news.spamcop.net... >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I didn't have it running because for viewing it is incompatible with my new light-on-dark color scheme. Sorry for the inconvenience. I ran it again as a test just for you. It is "Version 1.19.2", http://flash.to/oblivion appears to have been taken over, and that is the latest version per http://home.in.tum.de/~jain/software/oe-quotefix/downloads.php . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 03:04:29 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:10:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. I do not provide Official SpamCop.Net Customer Support - please > see "How To Get Official SpamCop.Net Customer Support" at > http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. Thanks for pointing this information in your signature. I did not know that there was a web forum now. I think it's best for me to post there instead of this unsecure newsgroup, because the forum will protect the privacy of my email address. From MikeE at ster.invalid Sat Dec 3 18:08:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 21:10:06 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I understand what he meant; and what I meant and described in detail was that what jg posted to demonstrate what was the 'problem' with Jeff's post demonstrated instead what was wrong with the way jg's OE/QF was working, so I was telling jg how to fix his OE/QF so that it would work properly. Properly functioning, OEQF is designed to fix existent formatting problems as well as prevent them. The reformatting works 'all over the place'. But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't working right it malfunctions; if you configure it properly, you can unscramble its 'limited' brainpower and 'force' it to work properly again. I was providing a formula to jg for doing that, as well as a demonstration of the difference between a properly working QF and a 'sick' one. Downloading and installing OE/QF is one thing. Making it work right is another. We're way beyond downloading it; now we're talking about mastering it. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Dec 3 21:58:55 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 22:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > "Jeff G." a ?crit dans le message de news: > dmthsu$94h$1@news.spamcop.net... >> I have been a SpamCop User/Member/Customer since 1999 and am a >> Moderator of the new web-based forums (now the primary method for >> getting help, http://forum.spamcop.net). Please contact me via Forum >> only. I do not provide Official SpamCop.Net Customer Support - >> please see "How To Get Official SpamCop.Net Customer Support" at >> http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. > > Thanks for pointing this information in your signature. I did not > know that there was a web forum now. I think it's best for me to post > there instead of this unsecure newsgroup, because the forum will > protect the privacy of my email address. You're quite welcome! -- Best Regards, Jeff G. [rest of sig above] From borgholio at storymind.com Sat Dec 3 19:25:02 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 22:25:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam In-Reply-To: References: Message-ID: Jeff G. wrote: > "Borgholio" wrote in message > news:dmtdt2$6f6$1@news.spamcop.net... > >>Full spam posted in .spam. Manually reporting spam should report >>spamvertised sites, right? Well it's not, at least in this case. > > Most of > >>the time it locates the links but doesn't report them, nor does it > > give any > >>indication of why it's not reporting. What's up? > > > SNAFU. Refresh enough times and it should work. Please direct your > complaints to SpamCop Admin. Ref: > http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z > and "FAQ Entry: The Link Analysis Process" at > http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? From rwcs at spamcop.net Sat Dec 3 23:16:31 2005 From: rwcs at spamcop.net (BMW) Date: Sat Dec 3 23:20:02 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: Borgholio wrote: > Anybody else getting a ton of spam from these idiots? The emails seem > to be coming from several different networks, all over the world. > What's the deal? I have read through the threads in this discussion, and I'm not seeing what to do about TeamAaronShara. It is blatantly obvious to the casual observer that spamcop reports only fuel the fire, and no amount of reporting is going to deter this spammer. Sure would like to find an effective solution to this problem. From borgholio at storymind.com Sun Dec 4 00:03:08 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 03:05:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: BMW wrote: > Borgholio wrote: > >> Anybody else getting a ton of spam from these idiots? The emails seem >> to be coming from several different networks, all over the world. >> What's the deal? > > > I have read through the threads in this discussion, and I'm not seeing > what to do about TeamAaronShara. It is blatantly obvious to the casual > observer that spamcop reports only fuel the fire, and no amount of > reporting is going to deter this spammer. Sure would like to find an > effective solution to this problem. I'm manually reporting them in hopes of getting the spamvertised sites shut down too...or at least "harassed". But Spamcop is acting wanky right now and isn't reporting spamvertised links. :-/ From borgholio at storymind.com Sun Dec 4 01:52:52 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 04:55:25 2005 Subject: [SpamCop-List] Update on TeamAaronShara - they claim it's a joe job Message-ID: Here's their link: http://www.teamaaronshara.com/daily.html Based on how it's a pretty decent sized flood that came out of nowhere, I'm half-inclined to believe them. Some forum posts I found on Google were from people who claimed TAS was a scam organization...so that if this is a joe-job, that's the culprit. From redford_stone at INVERSE_OF_COLDmail.com Sun Dec 4 11:03:51 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sun Dec 4 06:05:11 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Berny" wrote in news:dms20c$fmn$1@news.spamcop.net: > > 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes > the gif and puts it in a separate folder. Larts only contain the name > of the gif file, not the gif, so there is no payload > There are always exceptions.. this is one of them. (Looks like we are being spammed by the same spammer.) When I have time, I'm going to try an OCR program to convert it to a text document. From nobody at nowhere.invalid Sun Dec 4 12:12:07 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 4 06:15:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Sun, 4 Dec 2005 11:25:52 +1000, Geoffrey Hyde coughed into spamcop and left this in : > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold of > a reasonably intelligent real-life tech support guy at the other end of the > phone support number. There's no such thing as a "reasonably intelligent" life form in the whole organisation of his ISP: Wanadoo.fr. -- Steve Linux: the choice of a GNU generation -- ksh @ cis . ufl . edu put this on Tshirts in '93 From jeffg at spamcop.net Sun Dec 4 06:32:00 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 06:45:02 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: Borgholio wrote: > Jeff G. wrote: >> "Borgholio" wrote in message >> news:dmtdt2$6f6$1@news.spamcop.net... >> >>> Full spam posted in .spam. Manually reporting spam should report >>> spamvertised sites, right? Well it's not, at least in this case. >>> Most of the time it locates the links but doesn't report them, nor >>> does it give any indication of why it's not reporting. What's up? >> SNAFU. Refresh enough times and it should work. Please direct your >> complaints to SpamCop Admin. Ref: >> http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z >> and "FAQ Entry: The Link Analysis Process" at >> http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? You can email service[at]admin.spamcop.net or see the bottom link in my sig below. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 08:54:10 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 08:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: Borgholio wrote: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, > I'm half-inclined to believe them. Some forum posts I found on Google > were from people who claimed TAS was a scam organization...so that if > this is a joe-job, that's the culprit. Help me out here, What is a joe-job? From rwcs at spamcop.net Sun Dec 4 08:58:33 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 09:00:03 2005 Subject: [SpamCop-List] Spamcop Blacklist Message-ID: Does SC accept any IP block syntax in the blacklist? Does the Blacklist apply to the "Held Mail"? From jeffg at spamcop.net Sun Dec 4 09:45:23 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: I assume you are referring to the SCBL (the SpamCop Blocking List). Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL for details. BMW wrote: > Does SC accept any IP block syntax in the blacklist? No, IP Addresses wind up on the SCBL by way of having been Reported as having been the source of spam using the SpamCop Parsing and Reporting System. Please see http://www.spamcop.net/fom-serve/cache/297.html for more details. > Does the Blacklist apply to the "Held Mail"? That depends on the personal preference of the SpamCop Email System Customer, specifically the status of the Checkbox for it on https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more details. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Sun Dec 4 09:50:03 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job References: Message-ID: BMW wrote: > Borgholio wrote: >> Here's their link: >> >> http://www.teamaaronshara.com/daily.html >> >> Based on how it's a pretty decent sized flood that came out of >> nowhere, I'm half-inclined to believe them. Some forum posts I >> found on Google were from people who claimed TAS was a scam >> organization...so that if this is a joe-job, that's the culprit. > Help me out here, What is a joe-job? Per http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916&#Joe : 1. A "joe job" is a spam run forged to appear to come from another innocent party, with the intention of generating complaints about the victim and damaging their reputation. 2. A Joe job is an e-mail spam designed to tarnish the reputation of an innocent third party. Despite having existed since at least 1996, Joe jobs are uncommon compared to other types of spam because they provide no commercial benefit to the Joe jobber. 3. A "joe job" is something far above and distinct from the all too typical spammer construct of a "From" Address Forgery For more info: "Why am I getting all these bounces?" at http://forum.spamcop.net/forums/index.php?showtopic=203 http://spamlinks.net/faqs-joejob.htm http://en.wikipedia.org/wiki/Joe_jobs -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 11:07:00 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 11:10:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Jeff G. wrote: > I assume you are referring to the SCBL (the SpamCop Blocking List). > Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL > for details. > > BMW wrote: > >>Does SC accept any IP block syntax in the blacklist? > > > No, IP Addresses wind up on the SCBL by way of having been Reported as > having been the source of spam using the SpamCop Parsing and Reporting > System. Please see http://www.spamcop.net/fom-serve/cache/297.html for > more details. > > >>Does the Blacklist apply to the "Held Mail"? > > > That depends on the personal preference of the SpamCop Email System > Customer, specifically the status of the Checkbox for it on > https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or > http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please > see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more > details. > No, I am not referring to SCBL. Please be patient with my rant, I'm growing increasingly frustrated with the SC service. 1) I'm configured to "Block All", which means if the sender isn't on my whitelist the email remains in my "Held Mail". This is most effective in blocking 99.99% of the Spam directed at my email addresses. My problem is with a lack of control and filtering of my Held Mail. There seems to be NO way to reject mail from chronic, persistent sources. 2) I understand SC's mission, and I wish to be cooperative up to a point. That point is were SC is obviously ineffective. Please don't think I'm ragging on SC and it's efforts, they are a great team and a noble effort BUT they can't control everyone or everything. There are spammers and providers that SC can't affect. There are enough other people reporting this stuff, I don't need to be bothered with it. 3) This morning was a perfect example of my problem. . . 140 messages in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net address). As this clutter increases, my error rate follows. . . mail reported when it shouldn't be, important messages missed, etc. I don't believe for a nanosecond that reporting yet another message from TeamAaronShara is going to have ANY positive effect. I need a way to simply block or reject messages from my SC account and I need it NOW. 4) SC has to address this problem SOON or I will be forced to drop the service, because it is not working for me. From jg at coks.net Sun Dec 4 08:26:59 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:25:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 6:08 PM Mike Easter scribbled: > Geoffrey Hyde wrote: > >>"Mike Easter" >> >>>jg wrote: >>> >>> >>>>Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>got cross eyed reading the orig of above post... >>>>sorry... >>> >>>While I'm in favor of as many people using QuoteFix as need to, my QF >>>fixed Jeff's post; see below. >>> >>>If yours did not, then your QF has run out of its 'memory leak space' >>>buffer, and you need to: >> >>I think what he meant was that Jeff needs to download and install the >>QF client, and that Jeff doesn't have it installed - for one reason >>or another. > > > I understand what he meant; and what I meant and described in detail > was that what jg posted to demonstrate what was the 'problem' with > Jeff's post demonstrated instead what was wrong with the way jg's OE/QF > was working, so I was telling jg how to fix his OE/QF so that it would > work properly. > > Properly functioning, OEQF is designed to fix existent formatting > problems as well as prevent them. The reformatting works 'all over the > place'. > > But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't > working right it malfunctions; if you configure it properly, you can > unscramble its 'limited' brainpower and 'force' it to work properly > again. I was providing a formula to jg for doing that, as well as a > demonstration of the difference between a properly working QF and a > 'sick' one. > > Downloading and installing OE/QF is one thing. Making it work right is > another. We're way beyond downloading it; now we're talking about > mastering it. > > Geoff had it right... I don't use OE so QF won't do me much good, thanks anyway. From jg at coks.net Sun Dec 4 08:29:02 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:30:03 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 4:13 PM Borgholio scribbled: > jg wrote: > >>On 12/3/2005 2:14 PM Borgholio scribbled: >> >> >> >>>Anybody else getting a ton of spam from these idiots? The emails seem to be >>>coming from several different networks, all over the world. What's the deal? >> >>Doesn't sound familiar here - So. Cal. - just as well, got enuff of my >>own idiots falling in... > > > I live in Burbank...the epitome of SoCal. :) It was for Johnny Carson, but IMHO Venice is the epitome.. From MikeE at ster.invalid Sun Dec 4 08:44:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 11:45:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: >>> Does SC accept any IP block syntax in the blacklist? >>> Does the Blacklist apply to the "Held Mail"? > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. I don't use SC mail, so I'm only speaking as a total 'outsider' who can't even see the SC mailsystem configuration page. But I understand what you are saying. > 1) I'm configured to "Block All", which means if the sender isn't on > my whitelist the email remains in my "Held Mail". That would be what I call 'whitelisteds only'. I use a client side spamfilter. I could configure it in that way. I could even configure the primitive mailuseragent OE to put only my whitelisteds into my Inbox. However, my client is not a server. A server is capable of rejecting mail during the smtp transaction. I don't have that capability. > This is most > effective in blocking 99.99% of the Spam directed at my email > addresses. My problem is with a lack of control and filtering of my > Held Mail. There seems to be NO way to reject mail from chronic, > persistent sources. You are correct. Your SC mailbox is not a server. I suppose there /might/ be some way to automatically delete some of your held mail but I can't see the SC mail place.. > 2) I understand SC's mission, and I wish to be cooperative up to a > point. That point is were SC is obviously ineffective. Please don't > think I'm ragging on SC and it's efforts, they are a great team and a > noble effort BUT they can't control everyone or everything. There are > spammers and providers that SC can't affect. There are enough other > people reporting this stuff, I don't need to be bothered with it. I understand that you are saying that some subset of your held mail you don't want held [any longer than being diverted there] and you don't want to report it, you just want it to disappear. You want a function with 3 forks, inbox, held, and deleted by being blocked from inbox or held. My provider's spamblocker setting on high provides 3 forks, known, suspect, and inbox for whitelisteds. My gmail account has a 'crude' filter system for from, to, subject, or words which gmail would handle according to my wishes. > 3) This morning was a perfect example of my problem. . . 140 messages > in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net > address). As this clutter increases, my error rate follows. . . mail > reported when it shouldn't be, important messages missed, etc. I > don't believe for a nanosecond that reporting yet another message from > TeamAaronShara is going to have ANY positive effect. I need a way to > simply block or reject messages from my SC account and I need it NOW. I don't know if SC has a 3 fork system or not. Many spam filters like to handle an item as 'positive' or 'negative' as a 2 fork process. > 4) SC has to address this problem SOON or I will be forced to drop the > service, because it is not working for me. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 4 09:00:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: Mike Easter wrote: > BMW wrote: > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > >> 1) I'm configured to "Block All", which means if the sender isn't on >> my whitelist the email remains in my "Held Mail". I understand that there is also a personal blacklist, but I don't know what happens to something which you put there. http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal Blacklist and Whitelist -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 12:06:13 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:10:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > BMW wrote: > > >>>>Does SC accept any IP block syntax in the blacklist? > > >>>>Does the Blacklist apply to the "Held Mail"? > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > > >>1) I'm configured to "Block All", which means if the sender isn't on >>my whitelist the email remains in my "Held Mail". > > > That would be what I call 'whitelisteds only'. I use a client side > spamfilter. I could configure it in that way. I could even configure > the primitive mailuseragent OE to put only my whitelisteds into my > Inbox. > > However, my client is not a server. A server is capable of rejecting > mail during the smtp transaction. I don't have that capability. > > >>This is most >>effective in blocking 99.99% of the Spam directed at my email >>addresses. My problem is with a lack of control and filtering of my >>Held Mail. There seems to be NO way to reject mail from chronic, >>persistent sources. > > > You are correct. Your SC mailbox is not a server. I suppose there > /might/ be some way to automatically delete some of your held mail but I > can't see the SC mail place.. > > >>2) I understand SC's mission, and I wish to be cooperative up to a >>point. That point is were SC is obviously ineffective. Please don't >>think I'm ragging on SC and it's efforts, they are a great team and a >>noble effort BUT they can't control everyone or everything. There are >>spammers and providers that SC can't affect. There are enough other >>people reporting this stuff, I don't need to be bothered with it. > > > I understand that you are saying that some subset of your held mail you > don't want held [any longer than being diverted there] and you don't > want to report it, you just want it to disappear. You want a function > with 3 forks, inbox, held, and deleted by being blocked from inbox or > held. > > My provider's spamblocker setting on high provides 3 forks, known, > suspect, and inbox for whitelisteds. My gmail account has a 'crude' > filter system for from, to, subject, or words which gmail would handle > according to my wishes. > > >>3) This morning was a perfect example of my problem. . . 140 messages >>in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net >>address). As this clutter increases, my error rate follows. . . mail >>reported when it shouldn't be, important messages missed, etc. I >>don't believe for a nanosecond that reporting yet another message from >>TeamAaronShara is going to have ANY positive effect. I need a way to >>simply block or reject messages from my SC account and I need it NOW. > > > I don't know if SC has a 3 fork system or not. Many spam filters like > to handle an item as 'positive' or 'negative' as a 2 fork process. > > >>4) SC has to address this problem SOON or I will be forced to drop the >>service, because it is not working for me. > > I have a web presence, and my contact info "routes" through SC. I really can't afford to miss new business. So the SC system of block all works well 99% of the time (first contact is delayed for review). The problem becomes one of clutter. It is unfortunate that SC is ineffective against the determined spammers, BUT it is a fact of life. SC admin PLEASE PLEASE PLEASE develop a solution! From rwcs at spamcop.net Sun Dec 4 12:14:36 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:15:04 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>BMW wrote: > > >>I don't use SC mail, so I'm only speaking as a total 'outsider' who >>can't even see the SC mailsystem configuration page. But I understand >>what you are saying. >> >> >>>1) I'm configured to "Block All", which means if the sender isn't on >>>my whitelist the email remains in my "Held Mail". > > > I understand that there is also a personal blacklist, but I don't know > what happens to something which you put there. > > http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal > Blacklist and Whitelist > > > It is my understanding ALL filters, blacklists, and the like, affect what is allowed through to your Inbox. I'm becoming painfully aware there is no solution here for the TeamAaronShara's of the world when it comes to your Held Mail box. (SC wants the stuff reported rather than deleted or rejected). The paradox is that reporting is ineffective as a control in some cases. From MikeE at ster.invalid Sun Dec 4 09:16:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:20:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: >Mike Easter scribbled: >> Geoffrey Hyde wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>> got cross eyed reading the orig of above post... >>>>> sorry... >>>> >>>> While I'm in favor of as many people using QuoteFix as need to, my >>>> QF fixed Jeff's post; see below. > Geoff had it right... > I don't use OE so QF won't do me much good, thanks anyway. Oh, I get it now. You were telling Jeff to dl and use QF with his OE, but not because /you/ were using QF. Furrfu. If you *had* been using OE with QF, you wouldn't have been having the problem with seeing what you were seeing with Tbird or Mozilla or whatever it is you use. That is, as bad as OE is about its formatting problem, the improvement in the reading of badly formatted posts which QF provides is much better than what you get with your newsreader -- Mike Easter kibitzer, not SC admin From jg at coks.net Sun Dec 4 09:27:05 2005 From: jg at coks.net (jg) Date: Sun Dec 4 12:25:02 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: On 12/4/2005 1:52 AM Borgholio scribbled: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, I'm > half-inclined to believe them. Some forum posts I found on Google were from > people who claimed TAS was a scam organization...so that if this is a > joe-job, that's the culprit. Given their chosen /business/ , I would expect joejob to be a normal and recurring event. Nothing pisses you off more than losing money with your own stupidity. And if you beleive this system, you are stupid... From MikeE at ster.invalid Sun Dec 4 09:34:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:35:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Mike Easter wrote: >> I understand that there is also a personal blacklist, but I don't >> know what happens to something which you put there. > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants th69.174.179.116e stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. I can't help finetune or 'subfilter' something I can't see. But I know that on all of my mail systems ie my provider EL and my gmail account and my SpamPal proxy filter and my primitive mailuseragent OE, that I could segregate a specific item such as TeamAaronShara and handle it differently by putting it into its own folder or deleting it automatically. I could have it in a gmail folder or trashed. My EL could keep it out of my other unknown nonwhitelisteds by blacklisting it on a high spamblocker setting. My OE could autodelete it or put it in its own folder. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sun Dec 4 11:47:38 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Dec 4 12:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , BMW writes: > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. If you had posted in spamcop.mail, the notion that you are referring to the SpamCop Filtering Service would be more clear. From MikeE at ster.invalid Sun Dec 4 09:48:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:50:07 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants the stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. You don't have to report anything which is SC held that you don't want to report. When I read about other mail services, such as cotse, those services allow you to mail discriminate at the server^1 level. Also, the blacklisting process works like this: 'Blacklisting Sender(s) is a useful tool for preventing specific individuals, specific organizations, or entire domains from contacting you via email. Any time you receive an email you don't want, you can blacklist the sender or domain for the future by simply clicking a link while the email is open in your webmail interface (i.e., when you are looking at the message page). You can also manually edit your blacklist to add or delete particular senders or domains. All mail from blacklisted sources will be delivered to your Trash folder, deleted, or rejected, at your option." ^1 Whereas most systems deliver mail to your inbox and then apply filters, Cotse's filters are server-side, i.e., they are applied before the mail ever gets to you. Note that you do not need to choose among spam filtering methods: you can enable any or all of the following: http://www.cotse.net/emailfilters.html Of course, cotse is a lot of other things besides just a mail service, so it doesn't cost $30/y, it costs about $6/mo for the whole enchilada, but you get a lot. Oho, I see here that cotse now has an email only account of $50/y purchasable as 6 mos. Personally if I were going to buy cotse's email, I would buy the whole thing for about $22/y more. -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 13:41:52 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 13:45:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , BMW writes: > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > If you had posted in spamcop.mail, the notion that you are referring > to the SpamCop Filtering Service would be more clear. Yet another layer of frustration, SC has seven, count them, 7 forums. How can anyone (any casual user) figure out which one is most appropriate for any given issue? Some of us are NOT interested in becoming geeks, we just want easy to use, effective services. In retrospect I can see how stupid I've been posting spamcop issues on the spamcop forum! I have got to go find some other answer, you guys really don't get it! From MikeE at ster.invalid Sun Dec 4 11:00:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 14:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Larry Kilgallen wrote: >> If you had posted in spamcop.mail, the notion that you are referring >> to the SpamCop Filtering Service would be more clear. > > Yet another layer of frustration, SC has seven, count them, 7 forums. Actually news.spamcop.net has 10 ng/s - counting test, control, and control cancel > How can anyone (any casual user) figure out which one is most > appropriate for any given issue? That is a fair question and the answer is not handled well at SC at all -- I've been crabbing about that subject for a long time. There are several sources of answers. First of all, you can use your newsreader to acquire an nntp description of all of the groups. Without posting all of the descriptions here, I'll just point out that appropriate descriptions exist for geeks and social and all of the rest but one and also that the descriptions of the groups spamcop, mail, and help are as follows: spamcop: General SpamCop Discussion spamcop.help: Help with spam and using spamcop spamcop.mail: Notice that the description for spamcop.mail is empty. Another source of information is on this page http://www.spamcop.net/help.shtml#nntp which names and describes 4 of the groups, but doesn't even mention help or mail.-- as if they didn't exist on the newsserver. > Some of us are NOT interested in > becoming geeks, we just want easy to use, effective services. In > retrospect I can see how stupid I've been posting spamcop issues on > the spamcop forum! I have got to go find some other answer, you guys > really don't get it! The powers that be who perform most of the support for mail are partial to the webforum, and some links to the forum discussions have been posted here in the very earliest reply message. However, at the time of that posting, the confusion over the intent of your original post was prevalent. There's a whole section for spamcop mail related questions in the forum at http://forum.spamcop.net/forums/index.php?showforum=4 SpamCop Email System & Accounts Subforums -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 14:03:25 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 14:05:09 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , BMW writes: > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > If you had posted in spamcop.mail, the notion that you are referring > to the SpamCop Filtering Service would be more clear. FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail forum. (Lists only 4 of the 7 forums available). I've looked at the .mail forum and I'm not having ANY problems with my Inbox filters. From jg at coks.net Sun Dec 4 11:11:20 2005 From: jg at coks.net (jg) Date: Sun Dec 4 14:10:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/4/2005 9:16 AM Mike Easter scribbled: > > That is, as bad as OE is about its formatting problem, the improvement > in the reading of badly formatted posts which QF provides is much better > than what you get with your newsreader > > Errr, whatever, Mike, and your point is?? /Everyone/ should use OE and QF so that they don't see the problem? OE did the bad formatting and I should find a way to fix it? Thanks anyway... From MikeE at ster.invalid Sun Dec 4 11:31:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 14:35:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: > Mike Easter scribbled: >> >> That is, as bad as OE is about its formatting problem, the >> improvement in the reading of badly formatted posts which QF >> provides is much better than what you get with your newsreader >> >> > Errr, whatever, Mike, and your point is?? That ideally newsreaders shouldn't format badly, but many of them do, and OE is one of the worst. Because so many newsreaders do format badly or imperfectly, ideally newsreaders should reformat, to undo what bad newsreader formatting has been done, and many do. > /Everyone/ should use OE and QF so that they don't see the problem? No. I agree with your premise that OE users should use QF to prevent its bad formatting problems. > OE did the bad formatting and I should find a way to fix it? Correct. See above 'because so many newsreaders format badly, ideally newsreaders should reformat to undo what bad newsreader formatting has done'. In the case of OE, it is necessary to use a 3rd party addon to do that reformatting as well as prevent the bad formatting in the first place. In the case of other newsreaders, the reformatting is built-in. > Thanks anyway... In the case of Tbird mozilla, the bad formatting behavior seen in OE doesn't appear to be much of a problem, but the reformatting of bad formatting isn't done as well as other 'reformatting' newsreaders or as well as QF's reformatting. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sun Dec 4 14:54:37 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 15:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "BMW" wrote in message news:dmv473$22k$1@news.spamcop.net... > Jeff G. wrote: > > I assume you are referring to the SCBL (the SpamCop Blocking List). > No, I am not referring to SCBL. Sorry about the confusion. I suggest that you use the Webmail Filters on your "Held Mail" mailbox/Folder (you have to press the little funnel icon each time you want to do this) to delete the TeamAaronShara messages and any others that you'd rather delete than Report. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From borgholio at storymind.com Sun Dec 4 12:15:19 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 15:15:02 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: jg wrote: > On 12/3/2005 4:13 PM Borgholio scribbled: > > >>jg wrote: >> >> >>>On 12/3/2005 2:14 PM Borgholio scribbled: >>> >>> >>> >>> >>>>Anybody else getting a ton of spam from these idiots? The emails seem to be >>>>coming from several different networks, all over the world. What's the deal? >>> >>>Doesn't sound familiar here - So. Cal. - just as well, got enuff of my >>>own idiots falling in... >> >> >>I live in Burbank...the epitome of SoCal. :) > > It was for Johnny Carson, but IMHO Venice is the epitome.. It was when it actually had canals. :) From borgholio at storymind.com Sun Dec 4 12:16:19 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 15:20:02 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: jg wrote: > On 12/4/2005 1:52 AM Borgholio scribbled: > > >>Here's their link: >> >>http://www.teamaaronshara.com/daily.html >> >>Based on how it's a pretty decent sized flood that came out of nowhere, I'm >>half-inclined to believe them. Some forum posts I found on Google were from >>people who claimed TAS was a scam organization...so that if this is a >>joe-job, that's the culprit. > > Given their chosen /business/ , I would expect joejob to be a normal and > recurring event. > Nothing pisses you off more than losing money with your own stupidity. > And if you beleive this system, you are stupid... I agree completely, they're definitely dubious...if not outright scammers. But if what they're doing is not outright illegal, it makes sense they'd piss someone off enough to joe-job them. From not at home.today Sun Dec 4 20:22:53 2005 From: not at home.today (Ant) Date: Sun Dec 4 15:25:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Mike Easter" wrote: > [...] In the case of OE, it is necessary to use a 3rd party addon to > do that reformatting as well as prevent the bad formatting in the first > place. Bah! No add-ons or plugins necessary. Set OE line length to the max, and use a text editor (capable of showing line length) to format your posts and repair bad cites. Then what you see is what you post is what everyone else gets. From / at /.cn Mon Dec 5 07:29:55 2005 From: / at /.cn (Petzl) Date: Sun Dec 4 15:35:03 2005 Subject: [SpamCop-List] Re: TeamAaronShara... References: Message-ID: "Borgholio" wrote in message news:dmu7r1$j67$1@news.spamcop.net... > BMW wrote: >> Borgholio wrote: >> >>> Anybody else getting a ton of spam from these idiots? The emails seem >>> to be coming from several different networks, all over the world. >>> What's the deal? >> >> >> I have read through the threads in this discussion, and I'm not seeing >> what to do about TeamAaronShara. It is blatantly obvious to the casual >> observer that spamcop reports only fuel the fire, and no amount of >> reporting is going to deter this spammer. Sure would like to find an >> effective solution to this problem. > > I'm manually reporting them in hopes of getting the spamvertised sites > shut down too...or at least "harassed". But Spamcop is acting wanky right > now and isn't reporting spamvertised links. :-/ The site mentioned by this spammer are a JoeJob Quick reporting is adequate to keep the and any injection point IP listed and blocked SpamAssassin is 100% accurate in sorting this junk into my Very Easy Reporting folder None is getting to my in box Have checked some of the source IP's and all are listed by SCBL Petzl From jg at coks.net Sun Dec 4 12:45:56 2005 From: jg at coks.net (jg) Date: Sun Dec 4 15:45:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/4/2005 11:31 AM Mike Easter scribbled: > In the case of Tbird mozilla, the bad formatting behavior seen in OE > doesn't appear to be much of a problem, but the reformatting of bad > formatting isn't done as well as other 'reformatting' newsreaders or as > well as QF's reformatting. > Kinda hard to make a silk purse out of a sow's ear - my Mom says... From rwcs at spamcop.net Sun Dec 4 17:12:52 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 17:15:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Jeff G. wrote: > "BMW" wrote in message > news:dmv473$22k$1@news.spamcop.net... > >>Jeff G. wrote: >> >>>I assume you are referring to the SCBL (the SpamCop Blocking List). >> >>No, I am not referring to SCBL. > > > Sorry about the confusion. I suggest that you use the Webmail Filters > on your "Held Mail" mailbox/Folder (you have to press the little funnel > icon each time you want to do this) to delete the TeamAaronShara > messages and any others that you'd rather delete than Report. > Good idea thanks, I didn't know that existed. . . can you use the selection feature to "Report"? From rwcs at spamcop.net Sun Dec 4 17:14:39 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 17:15:06 2005 Subject: [SpamCop-List] Seeking Advice Message-ID: This is my third and last thread on the subject. I'm not getting through the maze of these forums with a usable answer for me and my business. Please if you don't use the paid service, and you are not familiar with how it differs from the free service, Please don't muddy the waters with irrelevant responses. Things in my email world have to change. My current structure has things that work well and things that are seriously broken, with little prospect for a solution. My structure - I have multiple domains at which I receive email, some of which are posted as contact info on my web sites (spam is a given in this situation). I need the new business so I'm unwilling to remove the email addresses from my web pages. SC collects mail from these domain POPs and places them in my "Held Mailbox". Also the mail that is sent directly to my spamcop.net account also goes into my Held Mail. If the mail "passes" through a filter it is moved to my Inbox. My domain POPs offer filtering so that the "TeamAaronShara's" are easily controlled. BUT SC doesn't. When I get these mail bombs it is very difficult and time consuming to sort through hundreds of messages in Held Mail looking for legit communications. The frustrating part is that SC doesn't offer any filter for the Held Mailbox, NO select by string, so mail sent directly to the spamcop address always ends up in the Held Mail NO MATTER What, and selection of the messages is all or individual clicks. I'm thinking I'm at least going to have to change my spamcop.net address. . . and not give it out to anyone (as inconvenient as that is). Forcing all communications through my domain POP, were I have a fighting chance to mitigate the effects of the un-controllable. At the point were I'm ready to surrender my spamcop.net address I need to evaluate whether or not I need to continue to pay SC for an account. There are lots of spam control competitors out there. I'm going to have to restructure, and I'm looking for ideas. . . Gotta get it right this time. From skiwi at spamcop.net Sun Dec 4 14:39:49 2005 From: skiwi at spamcop.net (Skiwi) Date: Sun Dec 4 17:40:02 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] In-Reply-To: References: Message-ID: BMW wrote: [snip] > The frustrating part is that SC doesn't offer > any filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual clicks. [snip] I just: - logged into my paid account - went to webmail (i.e., the portal from where my local client POPs it off) - clicked the filters icon in the tool bar - clicked 'edit your filter rules' under filter setting - clicked 'new rule' on the following screen - named the new rule, selected my conditions ("TeamAaronShara" in body as an example), and set the 'do this' to discard - saved it Am I missing something that you wanted to do? (I think I found what you were after amongst your postings verbiage...) From MikeE at ster.invalid Sun Dec 4 14:59:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 18:00:02 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > I'm not getting > through the maze of these forums with a usable answer for me and my > business. Not forums. Typically newsgroups are called newsgroups, and web based forums are called forums. While forums can be anything from newsgroups to old fashioned bulletin boards to mailing lists -- in the context of spamcop, there is a webforum community and an nntp newsgroup community. This is the nntp newsgroup community, the webforum community is over there ==> > Please if you don't use the paid service, and you are not familiar > with how it differs from the free service, Please don't muddy the > waters with irrelevant responses. Re Please I'm sure anyone will comment who feels like it. You are being the muddying one. Spamcop reporting comes in free and paid. Spamcop mail is always paid, never free, and the users of the spamcop mail system have reporting facilitated for them. > Things in my email world have to change. My current structure has > things that work well and things that are seriously broken, with > little prospect for a solution. Then you should keep your ears open for suggestions. > My structure - I have multiple domains at which I receive email, some > of which are posted as contact info on my web sites (spam is a given > in this situation). There are a 'zillion' ways to publish easily mailable web addresses without hanging naked mailto/s out there for the webbots to scrape up. One site that has about half a zillion different demonstrated ways is this one -- oops, the link isn't accessible right now for me to finetune, so I'll get back to it later. > I need the new business so I'm unwilling to > remove the email addresses from my web pages. You should fix them so that they aren't naked mailto/s. The link came back up. I'll put it at the bottom^1 > SC collects mail from > these domain POPs and places them in my "Held Mailbox". You haven't actually described how SC gets the mail from some other mailbox, but you used the word pop, so I'm going to assume that you are popping them to spamcop rather than forwarding them. When you forward, there is an opportunity to exert some filtering influence by the forwarding system. And, actually it isn't SC which writes the rules for things going to your held mailbox, but you. That is, you tell SC how to put things into your held mailbox. > Also the > mail that is sent directly to my spamcop.net account also goes into > my Held Mail. According to your own rules. > If the mail "passes" through a filter it is moved to > my Inbox. My domain POPs offer filtering so that the > "TeamAaronShara's" are easily controlled. BUT SC doesn't. If you were forwarding instead of popping to SC you might be able to use some of your domain's server's filtering. Maybe. > When I get > these mail bombs it is very difficult and time consuming to sort > through hundreds of messages in Held Mail looking for legit > communications. One of the advantages of using a whitelisting only system is that the whitelisted mail is very 'clean'. One of the disadvantages of using a whitelisted only system is that if you get unknown unwhitelisted but wanted mail, it is going to be all mixed up with tons of spam. So as a result you are going to be 'digging through' tons of spam to find your uknown unwhitelisted. You would be better off with a better discriminatory system than whitelisted only if you are in the business of getting unknown wanted mail. The only people who can use whitelisted only easily are the people who only get mail from their friends or mailing lists and not uknown wanted. You aren't choosing a good strategy for your needs. >The frustrating part is that SC doesn't offer any > filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual > clicks. That's the part I have no comment on. > I'm thinking I'm at least going to have to change my spamcop.net > address. . . and not give it out to anyone (as inconvenient as that > is). Forcing all communications through my domain POP, were I have a > fighting chance to mitigate the effects of the un-controllable. > > At the point were I'm ready to surrender my spamcop.net address I need > to evaluate whether or not I need to continue to pay SC for an > account. There are lots of spam control competitors out there. You are correct. > I'm going to have to restructure, and I'm looking for ideas. . . Gotta > get it right this time. ^1 http://spamlinks.net/prevent-spambots-hiding.htm Generalised Hiders and Descriptions Javascript Email Encoders HTML Character Entities CSS Encoding Passive Web-based Scripts Web-based Contact Pages Other Methods Manual Address Munging -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 18:56:14 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 19:00:03 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] In-Reply-To: References: Message-ID: Skiwi wrote: > BMW wrote: > > [snip] > >> The frustrating part is that SC doesn't offer any filter for the Held >> Mailbox, NO select by string, so mail sent directly to the spamcop >> address always ends up in the Held Mail NO MATTER What, and selection >> of the messages is all or individual clicks. > > > [snip] > > I just: > > - logged into my paid account > > - went to webmail (i.e., the portal from where my local client POPs it > off) > > - clicked the filters icon in the tool bar > > - clicked 'edit your filter rules' under filter setting > > - clicked 'new rule' on the following screen > > - named the new rule, selected my conditions ("TeamAaronShara" in body > as an example), and set the 'do this' to discard > > - saved it > > Am I missing something that you wanted to do? (I think I found what you > were after amongst your postings verbiage...) I admit I have been using the http://mailsc.spamcop.net/reportheld?action=heldlog as opposed to http://webmail.spamcop.net. . . as far as I know the filter you refer to effects the contents of the Inbox, and my problem is sorting through Held Mail. I have tried some of the filters and they seem to have NO effect on the Held Mail Box. . . I could be wrong or missed something. From pxpearson at spamxcop.net Sun Dec 4 16:09:08 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Dec 4 19:10:03 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > My structure - I have multiple domains at which I receive email, some of > which are posted as contact info on my web sites (spam is a given in > this situation). Have you considered presenting your email address as an image, rather than as text? That makes it harder for automated address-scrapers to retrieve. > . . .. The frustrating part is that SC doesn't offer > any filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual clicks. You can define and apply filters to your Held Mail folder. I use this myself, as described at http://dodin.org/mediawiki/index.php/SpamCop (French). After clicking my way to my Held Mail folder, I click on the "filter" icon (located down on the line that begins "Held Mail"; not the filter on the higher toolbar line), and the filters I've defined move the obvious spam into a folder named "Spam for sure". I then review the surviving Held Mail messages myself (seldom finding even a single non-Spam there, which is a credit to the way Spamcop sorted my messages into Inbox versus Held Mail), select them all, report them as spam, change to my Spam For Sure folder, select all, report as spam. It helps if you configure your Held Mail page to display many many messages (e.g., 100) simultaneously, rather than just a handful. My only filtering strategies are (1) specific words that I'm sure no prospective client would use in the subject line of his introductory email, and (2) Spam Assassin ratings. If your business is selling kumquats, you might use a filter to steer messages mentioning kumquats back to your Inbox. I have a Python program that establishes an IMAP4 SSL connection to Spamcop and does fancier filtering, moving messages from Held Mail into Spam For Sure based on rules like mixing digits with letters, and I'd be happy to share it with you, but personally I haven't found it as useful as I hoped, and I don't run it any more. I hope you won't despair. Spamcop has been very effective for me, and I strongly suspect that you're having trouble only because Spamcop's powers are hidden behind a haze of poor documentation. The contributors to this newsgroup can help a lot. -- Remove the two x's to get a good email address. From pxpearson at spamxcop.net Sun Dec 4 16:14:56 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Dec 4 19:15:03 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] References: Message-ID: BMW wrote: > . . . as far as I know the > filter you refer to effects the contents of the Inbox, and my problem is > sorting through Held Mail. I have tried some of the filters and they > seem to have NO effect on the Held Mail Box. . . I could be wrong or > missed something. If I view my Held Mail folder and click the funnel icon that appears to the right of the words Held Mail, the filters seem to get applied to the Held Mail folder. I've made random guesses in attempts to get the filters applied automatically (e.g., at login), but to no avail; so I have to do an extra mouse click (namely, on the funnel icon) and wait for one screen refresh to arrive at the point where I'm looking at my filtered Held Mail folder. -- Remove the two x's to get a good email address. From verdy_p at wanadoo.fr Mon Dec 5 01:18:26 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sun Dec 4 19:20:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Steven Maesslein" a écrit dans le message de news: slrndp5jo7.4cg.nobody@127.0.0.1... > On Sun, 4 Dec 2005 11:25:52 +1000, Geoffrey Hyde coughed into spamcop > and left this in : > >> Are you saying that your ISP can't/won't stop address bounce errors?? If >> so, perhaps you should explain the problem to them, if you can get ahold >> of >> a reasonably intelligent real-life tech support guy at the other end of >> the >> phone support number. > > There's no such thing as a "reasonably intelligent" life form in the > whole organisation of his ISP: Wanadoo.fr. Stop ranting. This is clearly not the purpose of my report and you are out of topic. There are MUCH MUCH more worse ISPs than Wanadoo in the world. Wanadoo is acting reasonnably well given its size, and acts quite fast to spam reports, although it's not perfect. I have still never received any spam from Wanadoo customers, even on my other mailboxes hosted in other systems (MSN, Hotmail, Yahoo, and others, not all French ISPs). It may happen sometime, but will not persist as long as it is for other ISPs that are hosting LOTS of customers with indected PCs running viral spamware acting as open-relays. Almost all the spams I receive comes from a small subset of ISPs that are hosted in US, China, Brasil and Portugal, and often theses ISPs are much smaller than Wanadoo in terms of the volime of emails they are legitimately relaying for their customers, so they connect invoke a problem of size. Today, most Wanadoo customers use a external device (named "LiveBox") that is acting as a NAT router, a basic firewall that blocks outgoing SMTP connections, offers a VoIP decoder, a digital TV router over ATM connections, and so on. The effective spams that remain from Wanadoo customers is constantly going down. Also the spam/mail ratio is extremely low. Note that Wanadoo has been listed in the past for issues that it could not resolve itself (for example regarding reported emails for which the sender is no longer the customer, and for which Wanadoo and already dropped the account; there are still reports persisting in reporting those sites despite they are no longer in use since long by the spamming customer.) Note that French law still limits the time under which email relying logs canbekept by the ISP; this time has been recently extended by law, and these extended logs are now required for justice investigation, and a French ISP is now directly responsible for the illegal content it can help transfering, but is allowed now to act preemptively, a recent law against which several groups for the defense of freedom of expression and privacy are protesting, because it requires the ISP monitoring email that is no longer consider like private snail mail; the French law is insprired and was in fact required by the European EUDC Act, which is also a reponse to the US sollicitation to help secure the net against abuses and criminal or terrorist actions. From jg at coks.net Sun Dec 4 16:44:16 2005 From: jg at coks.net (jg) Date: Sun Dec 4 19:45:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! In-Reply-To: References: Message-ID: On 12/4/2005 4:18 PM Philippe Verdy scribbled: > > Note that French law still limits the time under which email relying logs > canbekept by the ISP; this time has been recently extended by law, and these > extended logs are now required for justice investigation, and a French ISP > is now directly responsible for the illegal content it can help transfering, > but is allowed now to act preemptively, a recent law against which several > groups for the defense of freedom of expression and privacy are protesting, > because it requires the ISP monitoring email that is no longer consider like > private snail mail; the French law is insprired and was in fact required by > the European EUDC Act, which is also a reponse to the US sollicitation to > help secure the net against abuses and criminal or terrorist actions. > > I for one am glad to hear of such positive things coming out of wanadoo, since from my end of the world, I receive a substantial amount of spam from that both .fr and .es wanadoos - had 1 yesterday. I wouldn't put them in the same class as kornet or cert.br or comcor.ru or *cn, leastwise by volume. From jg at coks.net Sun Dec 4 16:52:56 2005 From: jg at coks.net (jg) Date: Sun Dec 4 19:55:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! In-Reply-To: References: Message-ID: On 12/4/2005 4:44 PM jg scribbled: > On 12/4/2005 4:18 PM Philippe Verdy scribbled: > > > >>Note that French law still limits the time under which email relying logs >>canbekept by the ISP; this time has been recently extended by law, and these >>extended logs are now required for justice investigation, and a French ISP >>is now directly responsible for the illegal content it can help transfering, >>but is allowed now to act preemptively, a recent law against which several >>groups for the defense of freedom of expression and privacy are protesting, >>because it requires the ISP monitoring email that is no longer consider like >>private snail mail; the French law is insprired and was in fact required by >>the European EUDC Act, which is also a reponse to the US sollicitation to >>help secure the net against abuses and criminal or terrorist actions. >> >> > > I for one am glad to hear of such positive things coming out of wanadoo, > since from my end of the world, I receive a substantial amount of spam > from that both .fr and .es wanadoos - had 1 yesterday. I wouldn't put > them in the same class as kornet or cert.br or comcor.ru or *cn, > leastwise by volume. > Here's one from a minute ago... http://www.spamcop.net/sc?id=z836463173z5d511313386620ef170ee647677cb6acz From rwcs at spamcop.net Sun Dec 4 20:14:00 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 20:15:03 2005 Subject: [SpamCop-List] Re: Seeking Advice In-Reply-To: References: Message-ID: Mike Easter wrote: > BMW wrote: > > >> I'm not getting >>through the maze of these forums with a usable answer for me and my >>business. > > > Not forums. > > Typically newsgroups are called newsgroups, and web based forums are > called forums. While forums can be anything from newsgroups to old > fashioned bulletin boards to mailing lists -- in the context of spamcop, > there is a webforum community and an nntp newsgroup community. This is > the nntp newsgroup community, the webforum community is over there ==> > >>Please if you don't use the paid service, and you are not familiar >>with how it differs from the free service, Please don't muddy the >>waters with irrelevant responses. > > > Re Please > > I'm sure anyone will comment who feels like it. You are being the > muddying one. Spamcop reporting comes in free and paid. Spamcop mail > is always paid, never free, and the users of the spamcop mail system > have reporting facilitated for them. > > >>Things in my email world have to change. My current structure has >>things that work well and things that are seriously broken, with >>little prospect for a solution. > > > Then you should keep your ears open for suggestions. > > >>My structure - I have multiple domains at which I receive email, some >>of which are posted as contact info on my web sites (spam is a given >>in this situation). > > > There are a 'zillion' ways to publish easily mailable web addresses > without hanging naked mailto/s out there for the webbots to scrape up. > One site that has about half a zillion different demonstrated ways is > this one -- oops, the link isn't accessible right now for me to > finetune, so I'll get back to it later. > > >> I need the new business so I'm unwilling to >>remove the email addresses from my web pages. > > > You should fix them so that they aren't naked mailto/s. The link came > back up. I'll put it at the bottom^1 > > >> SC collects mail from >>these domain POPs and places them in my "Held Mailbox". > > > You haven't actually described how SC gets the mail from some other > mailbox, but you used the word pop, so I'm going to assume that you are > popping them to spamcop rather than forwarding them. When you forward, > there is an opportunity to exert some filtering influence by the > forwarding system. And, actually it isn't SC which writes the rules for > things going to your held mailbox, but you. That is, you tell SC how to > put things into your held mailbox. > > >>Also the >>mail that is sent directly to my spamcop.net account also goes into >>my Held Mail. > > > According to your own rules. > > >>If the mail "passes" through a filter it is moved to >>my Inbox. My domain POPs offer filtering so that the >>"TeamAaronShara's" are easily controlled. BUT SC doesn't. > > > If you were forwarding instead of popping to SC you might be able to use > some of your domain's server's filtering. Maybe. > > >>When I get >>these mail bombs it is very difficult and time consuming to sort >>through hundreds of messages in Held Mail looking for legit >>communications. > > > One of the advantages of using a whitelisting only system is that the > whitelisted mail is very 'clean'. One of the disadvantages of using a > whitelisted only system is that if you get unknown unwhitelisted but > wanted mail, it is going to be all mixed up with tons of spam. So as a > result you are going to be 'digging through' tons of spam to find your > uknown unwhitelisted. You would be better off with a better > discriminatory system than whitelisted only if you are in the business > of getting unknown wanted mail. > > The only people who can use whitelisted only easily are the people who > only get mail from their friends or mailing lists and not uknown wanted. > You aren't choosing a good strategy for your needs. > > >>The frustrating part is that SC doesn't offer any >>filter for the Held Mailbox, NO select by string, so mail sent >>directly to the spamcop address always ends up in the Held Mail NO >>MATTER What, and selection of the messages is all or individual >>clicks. > > > That's the part I have no comment on. > > >>I'm thinking I'm at least going to have to change my spamcop.net >>address. . . and not give it out to anyone (as inconvenient as that >> is). Forcing all communications through my domain POP, were I have a >>fighting chance to mitigate the effects of the un-controllable. >> >>At the point were I'm ready to surrender my spamcop.net address I need >>to evaluate whether or not I need to continue to pay SC for an >> account. There are lots of spam control competitors out there. > > > You are correct. > > >>I'm going to have to restructure, and I'm looking for ideas. . . Gotta >>get it right this time. > > > > ^1 http://spamlinks.net/prevent-spambots-hiding.htm > > Generalised Hiders and Descriptions > Javascript Email Encoders > HTML Character Entities > CSS Encoding > Passive Web-based Scripts > Web-based Contact Pages > Other Methods > Manual Address Munging > Thanks for the VERY relevant comments, they really are appreciated. I'd like to understand his difference between having SC "pop fetch" and setting up a "forwarding" system. I think I found a check-box that allows filters to be applied to ALL mailboxes. This could work. I would like to find a script (could be CGI or perl) that would open YOUR mail client with To & Subject filled in. The "TO" mail address could be buried in the script, and not available to bots. There will always be problems like D&B who will sell your address etc. Thanks again Mike for taking the time to understand my problem and suggest solutions. From nobody at spamcop.net Mon Dec 5 00:11:31 2005 From: nobody at spamcop.net (RW) Date: Mon Dec 5 01:15:14 2005 Subject: [SpamCop-List] Re: Seeking Advice In-Reply-To: References: Message-ID: BMW wrote: > I would like to find a script (could be CGI or perl) that would open > YOUR mail client with To & Subject filled in. The "TO" mail address > could be buried in the script, and not available to bots. There will > always be problems like D&B who will sell your address etc. Such scripts are available. In the meantime, since you are already living with your addresses exposed on your websites, you could change the links to a mailto:/subject link so the subject is already inserted when someone clicks on it. i.e. subject=example.com feedback. Then, you could write up a filter rule based on the subject lines you choose and have that delivered to your inbox, or even to a new 'my website mail' folder. I know this isn't the reason for your post, but it would lessen the amount of ham in your held mail making the sorting there easier. Richard From bar_n0ne at hotmail.com Mon Dec 5 10:24:39 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 5 01:25:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: "Borgholio" wrote in message news:dmtdt2$6f6$1@news.spamcop.net... > Full spam posted in .spam. Manually reporting spam should report > spamvertised sites, right? Well it's not, at least in this case. Most of > the time it locates the links but doesn't report them, nor does it give any > indication of why it's not reporting. What's up? This is the first time you've noticed this? This has been going on for ages, for a while it was mostly happening to links in Tietong space, now mainly it is links in Geocities and Lycos (tripod) space, but it can happen with any link. As jg points out in another post, refreshes can cause the links to get parsed. From nobody at nowhere.invalid Mon Dec 5 11:22:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:25:10 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Sun, 04 Dec 2005 13:41:52 -0500, BMW coughed into spamcop and left this in : > Yet another layer of frustration, SC has seven, count them, 7 forums. ??? I'm only aware of one. There is, however, more than one newsgroup. -- Steve QUARK: The sound made by a well-bred duck: From nobody at nowhere.invalid Mon Dec 5 11:23:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:25:20 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left this in : > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail > forum. (Lists only 4 of the 7 forums available). I've looked at the > .mail forum and I'm not having ANY problems with my Inbox filters. Please.... Newsgroups are not forums. -- Steve QUARK: The sound made by a well-bred duck: From nobody at nowhere.invalid Mon Dec 5 11:50:29 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:55:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop and left this in : >> There's no such thing as a "reasonably intelligent" life form in the >> whole organisation of his ISP: Wanadoo.fr. > > Stop ranting. This is clearly not the purpose of my report and you are out > of topic. > > There are MUCH MUCH more worse ISPs than Wanadoo in the world. And your point is? FWIW they get blocked, too. Just because wanadoo is the lesser of two evils doesn't mean that everything's peachy again. > Wanadoo is acting reasonnably well given its size, and acts quite fast > to spam reports, although it's not perfect. Doesn't look like it from here. Until I blocked them outright I was being spammed by the same spammer THROUGH WANADOO'S OFFICIAL SMTP CHANNEL (not trojanned windows machines) for months on end. From spamcop's POV, abuse@wanadoo.fr is wired to /dev/null and postmaster bounces. > I have still never received any spam from Wanadoo customers, 90% of the mail I used to see from wanadoo customers was spam. > Today, most Wanadoo customers use a external device (named "LiveBox") that > is acting as a NAT router, a basic firewall that blocks outgoing SMTP > connections, offers a VoIP decoder, a digital TV router over ATM > connections, and so on. The effective spams that remain from Wanadoo > customers is constantly going down. Also the spam/mail ratio is extremely > low. This is inaccurate. I happen to live in France and use a FreeBox myself. *New* wanadoodoo subscribers are being issued a LiveBox, but existing customers are still using their old SpeedTouch, HiFocus or Sagem F@st900 modem. Furthermore, the LiveBox is "usually" connected as a layer-2 bridge over a USB connection, meaning that it is acting as anything but a NAT/firewall even though it can. Your average cluetard using a Windows machine wouldn't know a network card if they saw one (last time I had any contact with that species it was because they connected the phone line to the NIC), but a USB plug is something they can neither stick in the wrong hole, nor in the right hole but the wrong way round. > Note that Wanadoo has been listed in the past for issues that it could not > resolve itself (for example regarding reported emails for which the sender > is no longer the customer, and for which Wanadoo and already dropped the > account; there are still reports persisting in reporting those sites despite > they are no longer in use since long by the spamming customer.) What does this have to do with the multiple *real* causes for listing? > Note that French law still limits the time under which email relying logs > can be kept by the ISP; If (whatever masquerades as) the wanadoo abuse desk acted *promptly* on abuse comnplaints then there wouldn't be any need for logs going back for months. And wanadoo wouldn't have the reputation it now has either. > this time has been recently extended by law, and these extended logs > are now required for justice investigation, and a French ISP is now > directly responsible for the illegal content it can help transfering, > but is allowed now to act preemptively, a recent law against which > several groups for the defense of freedom of expression and privacy > are protesting, because it requires the ISP monitoring email that is > no longer consider like private snail mail; It never was. Anyone thinking that e-mail offers any form of privacy whatsoever (short of encryption) needs their head looked at. Furthermore, there have been content filters on outbound mail chez wanadoo for years, literally. I was one of their unfortunate clients until 2 years ago and there were cases of mail of mine being rejected at the SMTP level by their content filters. I was therefore unable to send mail with certain keywords and when I enquired about it with the hotline, I was told to double-check my Outlook Express settings, despite the fact that I use Linux and despite the fact that it was obviously something fishy going on their end. > the French law is insprired and was in fact required by the European > EUDC Act, which is also a reponse to the US sollicitation to help > secure the net against abuses and criminal or terrorist actions. Maybe so. However, it neither explains nor cancels out the persistent, corporate lack of $clue within wanadoo/FT/orange/whatever_they_call_ themselves_today. -- Steve Give a man a fish and he will eat for a day. Teach him how to fish, and he will sit in a boat and drink beer all day. From MikeE at ster.invalid Mon Dec 5 05:59:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 5 09:00:04 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > Mike Easter wrote: >> You haven't actually described how SC gets the mail from some other >> mailbox, but you used the word pop, so I'm going to assume that you >> are popping them to spamcop rather than forwarding them. > I'd like to understand his difference between having SC "pop fetch" > and setting up a "forwarding" system. According to the mail faq, forwarding is the first choice over popping, if your mail account has the feature to forward. My provider does and my gmail does, and my gmail filters work on the mail before it is forwarded. Gmail has very good spamfilters, and now they are also filtering viruses. You configure your email provider to forward to the SC mail account. For my provider and gmail that is done by logging into the webmail account. That forwarding is done at the time of initial setup instead of configuring SC to access your mailprovider mailbox with your username and pw. I don't know how to 'unsetup' the popping. http://www.spamcop.net/ces/setup_step1.shtml SpamCop Email Setup Step 1 -- Getting mail into SpamCop -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Dec 5 11:35:28 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 11:45:03 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: "Mike Easter" wrote in message news:dn1h49$f22$1@news.spamcop.net... > I don't know how to 'unsetup' the popping. Stopping SpamCop from POPping on your behalf is pretty simple: on your "POP Configuration" page https://webmail.spamcop.net/horde/imp/spamcop/popconfig.php or http://webmail.spamcop.net/horde/imp/spamcop/popconfig.php , Click the "Delete this Entry" Checkbox for each appropriate Entry, then Click the "Modify" Button. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Mon Dec 5 11:40:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 11:45:07 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "Steven Maesslein" wrote in message news:slrndp858f.upd.nobody@127.0.0.1... > On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left > this in : > > > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail > > forum. (Lists only 4 of the 7 forums available). I've looked at the > > .mail forum and I'm not having ANY problems with my Inbox filters. > > Please.... Newsgroups are not forums. Prior to two years ago, these SpamCop Newsgroups were referred to as the Forums. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Mon Dec 5 11:48:33 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 12:15:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "BMW" wrote in message news:dmvpl2$f59$1@news.spamcop.net... > Jeff G. wrote: > > "BMW" wrote in message > > news:dmv473$22k$1@news.spamcop.net... > >>Jeff G. wrote: > >>>I assume you are referring to the SCBL (the SpamCop Blocking List). > >>No, I am not referring to SCBL. > > Sorry about the confusion. I suggest that you use the Webmail Filters > > on your "Held Mail" mailbox/Folder (you have to press the little funnel > > icon each time you want to do this) to delete the TeamAaronShara > > messages and any others that you'd rather delete than Report. > Good idea thanks, I didn't know that existed. . . You're welcome. > can you use the selection feature to "Report"? You can use the selection checkboxes to the left of the messages to "Quick Report" using the "Report as Spam" button, or to forward as attachment to your Confidential Submit Address for normal/slow/full reporting. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From Kilgallen at SpamCop.net Mon Dec 5 11:32:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Dec 5 12:35:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , "Jeff G." writes: > Prior to two years ago, these SpamCop Newsgroups were referred to as the > Forums. Not by those with respect for established terminology. From nobody at spamcop.net Mon Dec 5 12:40:00 2005 From: nobody at spamcop.net (indigo) Date: Mon Dec 5 12:40:03 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: Redstone wrote: > "indigo" wrote in > news:dmq4vl$fl8$1@news.spamcop.net: > > > Just tried to report a spam, I should have been logged in without > > seeing the log in screen (I allow SC cookies), and I got that > > "password is incorrect" error message. And nuts, I seem to have lost > > my SC cookie! How the heck did that happen? > > > > > > > Did you check for any crumbs under your desk? >snicker< :-D Shaddup, you, you......californian you..... From geary at fnord.io.com Mon Dec 5 20:07:47 2005 From: geary at fnord.io.com (Mark Geary) Date: Mon Dec 5 15:10:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , Steven Maesslein wrote: < On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left < this in : < < > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail < > forum. (Lists only 4 of the 7 forums available). I've looked at the < > .mail forum and I'm not having ANY problems with my Inbox filters. < < Please.... Newsgroups are not forums. It seems to me that the set of Newsgroups is a subset of the set of forums (or fora). Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From geary at fnord.io.com Mon Dec 5 20:23:02 2005 From: geary at fnord.io.com (Mark Geary) Date: Mon Dec 5 15:25:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , Larry Kilgallen wrote: < In article , "Jeff G." < writes: < < > Prior to two years ago, these SpamCop Newsgroups were referred to as the < > Forums. < < Not by those with respect for established terminology. Can you supply references for your assertion? Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From nobody at nowhere.invalid Mon Dec 5 21:41:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 15:45:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Mon, 5 Dec 2005 11:40:02 -0500, Jeff G. coughed into spamcop and left this in : > Prior to two years ago, these SpamCop Newsgroups were referred to as the > Forums. And it would have been incorrect back then, too. Forums are run on a webserver. The "postings" are stored in a unique location (the server running the forum or the database back-end) and accessed via HTTP. These are newsgroups, which are accessed - and propagated - by NNTP. The postings are stored in as many locations as there are news servers carrying the newsgroup in question. Unless you're in the unfortunate situation where you can only access newsgroups via a web2news gateway (such as googlegropes) then you access the postings using an NNTP client, aka newsreader. Some of these SpamCop newsgroups are also hooked up to a mail2news gateway, which allows you to participate using an e-mail client. -- Steve Doctors can be frustrating. You wait six weeks for an appointment and he says, "I wish you'd come to me sooner." From Kilgallen at SpamCop.net Mon Dec 5 16:06:01 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Dec 5 17:10:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , geary@fnord.io.com (Mark Geary) writes: > In article , > Larry Kilgallen wrote: > < In article , "Jeff G." > < writes: > < > < > Prior to two years ago, these SpamCop Newsgroups were referred to as the > < > Forums. > < > < Not by those with respect for established terminology. > > Can you supply references for your assertion? It is impossible to prove a negative. From porpoise1954 at yahoo.co.uk Tue Dec 6 00:46:58 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 5 19:50:08 2005 Subject: [SpamCop-List] CIA Spoof Message-ID: Haven't seen one of these before. Is this what some others have been talking about recently? http://www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez From anthony.edwards at uk.easynet.net Tue Dec 6 01:08:36 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Mon Dec 5 20:10:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Tue, 6 Dec 2005 00:46:58 -0000, Porpoise wrote: > Haven't seen one of these before. Is this what some others have been talking > about recently? > > http://www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez Highly likely to be an email generated by a machine infected by the recently discovered W32/Sober@MM!M681 email borne virus: http://vil.nai.com/vil/content/v_137072.htm If you yourself have opened the attachment that it contained, your own machine is now likely to be infected. The freely downloadable McAfee AVERT Stinger tool can identify and remove this virus: http://vil.nai.com/vil/stinger/ -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From MikeE at ster.invalid Mon Dec 5 17:19:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 5 20:20:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > Haven't seen one of these before. Is this what some others have been > talking about recently? > www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez Presumably the b64 encoded bqj522.zip attach contains a sober variant. If you want to characterize it accurately, you can isolate the b64 part and decode it into the zip and then unzip the executable into a folder and use your AV agent on the target. That way you can also test that your AV recognizes it, and if it isn't recognized you can submit it to a virus submission place. If you feel like fooling with it. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Dec 5 23:25:44 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 23:30:02 2005 Subject: [SpamCop-List] SpamCop Email System Not Responding Message-ID: pop, imap, webmail, and mail all seem to be affected. I have notified JT. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From g.hyde at bigpond.net.au Tue Dec 6 19:17:48 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Dec 6 04:20:03 2005 Subject: [SpamCop-List] How to find lost tracker URLs? Message-ID: I just reported a spoofed paypal spam, purporting to be from paypal until I started sniffing around the headers which revealed it was from anywhere but paypal.com - unfortunately I've lost the tracker URL for it. It was a pretty good spam email which might have fooled some people if I hadn't had my email client in plaintext mode. Permanently, thanks to scammers and spooofers. Unfortunately SpamCop didn't recognize it as a paypal spoof email. I've manually forwarded this onto the spoof [at] paypal [dot] com address. I don't know of any more useful addresses I can forward it onto but I'm sure someone out there has a list? This is the submission date of the spam: Tuesday, December 06, 2005 7:01:07 PM +1000: Cheers ... Geoffrey Hyde From nobody at devnull.spamcop.net Tue Dec 6 05:01:45 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 05:05:09 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" did this: > I just reported a spoofed paypal spam, purporting to be from paypal until I > started sniffing around the headers which revealed it was from anywhere but > paypal.com - unfortunately I've lost the tracker URL for it. It was a > pretty good spam email which might have fooled some people if I hadn't had > my email client in plaintext mode. Permanently, thanks to scammers and > spooofers. But he did not do this (as only he or an Admin might): 1). login and click on "Past Reports" tab. 2). click on link "View recent reports" 3). find the item and click on the report # (looks like this: 1570792830 where the URL is http://www.spamcop.net/mcgi?action=gettrack&reportid=1570792830) 4). Find link marked "Parse" which is anchored to the parse tracker as looks like: http://www.spamcop.net/sc?id=z834404702z3dc61c6ae47176feb4bd7f2761cd7b37z Pls post your parse tracker... I work evil spells on PayPal phishing sites for personal entertainment. I have a cluster of addies for reporting such things as does magical and wondrous unmentionable things to shams and scams. Tx, Glenn From porpoise1954 at yahoo.co.uk Tue Dec 6 10:32:17 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 05:35:12 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn2ouc$4pm$1@news.spamcop.net... > Porpoise wrote: >> Haven't seen one of these before. Is this what some others have been >> talking about recently? >> > www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez > > Presumably the b64 encoded bqj522.zip attach contains a sober variant. > > If you want to characterize it accurately, you can isolate the b64 part > and decode it into the zip and then unzip the executable into a folder > and use your AV agent on the target. That way you can also test that > your AV recognizes it, and if it isn't recognized you can submit it to a > virus submission place. > > If you feel like fooling with it. > Got around to having a look this morning: Scanning Report 06 December 2005 10:25:59 - 10:26:35 Computer name: XXXXXXX Target: C:\TEMP\bqj522.zip Result: 1 viruses found C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx F-Secure site has this to say: http://www.f-secure.com/v-descs/agent.shtml From g.hyde at bigpond.net.au Tue Dec 6 20:37:45 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Dec 6 05:40:03 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: http://www.spamcop.net/sc?id=z837127930z25cdeed42a189669e727ef44630570bdz Well, there you go - I knew someone around here knows a lot. :) Hope that helps. BTW the PayPal team is already working *their* magic on it ... ;) Cheers ... Geoffrey Hyde "Glenn Daniels" wrote in message news:dn3nhs$kpg$1@news.spamcop.net... > "Geoffrey Hyde" did this: >> I just reported a spoofed paypal spam, purporting to be from paypal until > I >> started sniffing around the headers which revealed it was from anywhere > but >> paypal.com - unfortunately I've lost the tracker URL for it. It was a >> pretty good spam email which might have fooled some people if I hadn't >> had >> my email client in plaintext mode. Permanently, thanks to scammers and >> spooofers. > > But he did not do this (as only he or an Admin might): > 1). login and click on "Past Reports" tab. > 2). click on link "View recent reports" > 3). find the item and click on the report # > (looks like this: 1570792830 where the URL is > http://www.spamcop.net/mcgi?action=gettrack&reportid=1570792830) > 4). Find link marked "Parse" which is anchored to the parse tracker > as looks like: > http://www.spamcop.net/sc?id=z834404702z3dc61c6ae47176feb4bd7f2761cd7b37z > > Pls post your parse tracker... I work evil spells on PayPal > phishing sites for personal entertainment. I have a cluster > of addies for reporting such things as does magical and > wondrous unmentionable things to shams and scams. > > Tx, > Glenn > > From nobody at devnull.spamcop.net Tue Dec 6 06:28:56 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 06:30:02 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" wrote in message news:dn3pln$lv3$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z837127930z25cdeed42a189669e727ef44630570bdz > > Well, there you go - I knew someone around here knows a lot. :) > > Hope that helps. BTW the PayPal team is already working *their* magic on it > ... ;) > > > Cheers ... > Yeppers, you betcha! Is already "404 compliant". They (tint) just do not want me to have any fun! Thanks for trying, Glenn From nobody at nowhere.invalid Tue Dec 6 13:09:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 07:10:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop and left this in : > There are MUCH MUCH more worse ISPs than Wanadoo in the world. Wanadoo is > acting reasonnably well given its size, Ptooooey.... They're accepting and then bouncing virus-laden mail to non-existent users now (duly reported to the SCBL in the hope that it'll get wanacloo's outbound SMTP servers sh*tlisted). Geez... How clueless can you get? -- Steve 'Palladium' is an answer to a question no one asked. You want safety, trusted code and no viruses? Get Linux. From BNRAGMAOKKXT at spammotel.com Tue Dec 6 12:59:45 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 08:00:08 2005 Subject: [SpamCop-List] Submiting Via Yahoo Mail Message-ID: Anyone having any problems with this? Since my IP, ntlworld, implemented aggressive spam filtering which has been blocking submissions to SpamCop I have been using Yahoo Mail for this. Over the last few days connection to Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it doesn't happen with ordinary mail and I suspect Yahoo may have implemented bad spam filters on outgoing mail. -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at nowhere.invalid Tue Dec 6 14:17:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 08:20:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus coughed into spamcop and left this in : > Over the last few days connection to Yahoo Mail via pop3 has dropped > whenever I try to submit spam via it, You got me lost there. How do you submit spam via POP3? -- Steve unix soit qui mal y pense From BNRAGMAOKKXT at spammotel.com Tue Dec 6 13:24:53 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 08:25:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Steven Maesslein on 06/12/2005 wrote: >On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus coughed into spamcop >and left this in : > >>Over the last few days connection to Yahoo Mail via pop3 has dropped >>whenever I try to submit spam via it, > >You got me lost there. How do you submit spam via POP3? By using my mail client configured to connect to Yahoo Mail using pop3 to send spam to SpamCop using my Yahoo account as compared to using the Yahoo Mail web form. Yahoo like many other web based mail facilities can be accessed from a mail client using the pop3 protocol, I'm surprised you don't know this considering you fight spam and would know a little about mail protocol. -- Rob http://www.flickr.com/photos/canopus_archives/ From MikeE at ster.invalid Tue Dec 6 06:00:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 09:05:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > Result: 1 viruses found > C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx > > F-Secure site has this to say: > http://www.f-secure.com/v-descs/agent.shtml -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 6 06:33:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 09:35:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Mike Easter wrote: > Porpoise wrote: >> Result: 1 viruses found >> C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx >> >> F-Secure site has this to say: >> http://www.f-secure.com/v-descs/agent.shtml What I meant to say before that got away, was that that description at fsecure is a very 'quaint' effect; in which the infected gets their Word files posted onto newsgroups. Then I went looking for a description at other AV places that use the term Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I didn't find enough to suit me there, and nothing using the term at symantec. So then I decided to look at the item myself, but that didn't work out very well either. The b64 turned into bqj522.zip ok -- but my unzipper wasn't happy with the structure of the zip, and said "End of central directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk/s of this archive." and it didn't extract qform.exe I used a hex viewer on bqj522.zip which looks like it should extract to the name you found, qform.exe. I also used my AV agent AVG on the folder of the zip and it did not detect anything. I'm accustomed to AVs not finding virms which are zipped up, but I'm surprised at the several differences between your results and mine. I'm wondering if you isolated the bqj522.zip in a different manner, say from the original mail itself, and somehow had something better to work with than what I got from the tracker's attachment. I was working with what I isolated from the original post's tracker's attachment, selecting the b64 in isolation, b64 decoding into the zip, and working with that zip. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Dec 6 14:46:37 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 09:50:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn47fq$tgh$1@news.spamcop.net... > Mike Easter wrote: > > I used a hex viewer on bqj522.zip which looks like it should extract to > the name you found, qform.exe. I also used my AV agent AVG on the > folder of the zip and it did not detect anything. I'm accustomed to AVs > not finding virms which are zipped up, but I'm surprised at the several > differences between your results and mine. I'm wondering if you > isolated the bqj522.zip in a different manner, say from the original > mail itself, and somehow had something better to work with than what I > got from the tracker's attachment. > > I was working with what I isolated from the original post's tracker's > attachment, selecting the b64 in isolation, b64 decoding into the zip, > and working with that zip. > Errr.... Yes. I isolated it from the email into a temporary folder and went to work on it from there. F-Secure also wouldn't scan it whilst still encapsulated within the email but the result I posted was from scanning the resulting temporarily saved .zip file. I haven't yet pulled it into Winhex to analyse it. The most important aspect for me though, was that it's not being picked up by virus-scanners whilst it's still embedded within the email structure. That makes it more dangerous to the unedified, who might be temped to open the .zip file - on the basis that their virus-scanner hadn't sed it was a virus. From MikeE at ster.invalid Tue Dec 6 07:01:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 10:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > The most important > aspect for me though, was that it's not being picked up by > virus-scanners whilst it's still embedded within the email structure. > That makes it more dangerous to the unedified, who might be temped to > open the .zip file - on the basis that their virus-scanner hadn't sed > it was a virus. Well, a b64 encoded zip of an executable is pretty wrapped up. The AV which can see inside the zip should see it when the mua decodes the b64 into the zip attachment; the AV which can't see inside the zip should see it when the unwitting target tries to unzip the executable. Last chance would be at the attempt to open the executable itself. Naturally all of that depends upon the target's running a AV with a .dat for the viral template. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Tue Dec 6 16:28:51 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 10:30:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: On Tue, 6 Dec 2005 13:24:53 +0000 (UTC), Canopus coughed into spamcop and left this in : > By using my mail client configured to connect to Yahoo Mail using pop3 to > send spam.......... Bzzzzzzzzzzzzt. POP3 is used for *receiving* mail, not sending it. -- Steve From geary at fnord.io.com Tue Dec 6 15:47:14 2005 From: geary at fnord.io.com (Mark Geary) Date: Tue Dec 6 10:50:02 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: In article , Steven Maesslein wrote: < On Mon, 5 Dec 2005 11:40:02 -0500, Jeff G. coughed into spamcop and left < this in : < < > Prior to two years ago, these SpamCop Newsgroups were referred to as the < > Forums. < < And it would have been incorrect back then, too. < < Forums are run on a webserver. The "postings" are stored in a unique < location (the server running the forum or the database back-end) and < accessed via HTTP. Yes, this is a newsgroup, but it is also a forum. Newsgroups are a subset of forums (or fora, if you prefer). Consider the entry in the _New Hacker's Dictionary_ (aka Jargon file): forum n. [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group accessible through a dial-in BBS, a mailing list, or a newsgroup (see the network). A forum functions much like a bulletin board; users submit postings for all to read and discussion ensues. Contrast real-time chat via talk mode or point-to-point personal email. Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From MikeE at ster.invalid Tue Dec 6 08:12:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 11:15:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mark Geary wrote: > Yes, this is a newsgroup, but it is also a forum. Newsgroups are a > subset of forums (or fora, if you prefer). Consider the entry in the > _New Hacker's Dictionary_ (aka Jargon file): > > forum n. > > [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group > accessible through a dial-in BBS, a mailing list, or a newsgroup > (see the network). A forum functions much like a bulletin board; > users submit postings for all to read and discussion > ensues. Contrast real-time chat via talk mode or point-to-point > personal email. Notice the ancient history in that definition. Back in the 80s I was very active in the Atari ST 'forums' [ie RoundTables] on GEnie, which was a commercial BBS with a different 'style' than CompuServe. At the time I was using a 2400 baud modem, the Atari ST had 1 meg of ram and no hdd, and my Flash telecom app used its capture buffer and some Basic types of macro commands so that I could automate zooming around to the various Atari groups. Amazingly the 1 meg of ram and The Atari-ites mostly hung around on GEnie, which had a 'good deal' on connectivity. General Electric had a network of modems nationwide, so you were able to get unlimited local access in the evenings. The commercial BBS was moderated -- an important Atari ST moderator was Darlah Hudson later Potechin. I suppose we could go back to the Roman forum to be all inclusive about what a forum is and isn't. These definitions evolve with time. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Tue Dec 6 10:20:36 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Tue Dec 6 11:25:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4201$q4r$1@news.spamcop.net... > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. > > -- > Rob > > http://www.flickr.com/photos/canopus_archives/ Is NTL blocking your outbound e-mails to SpamCop? Or is NTL blocking the inbound e-mails with SpamCop's response and URL link (for you to complete the submission)? If NTL has a spam filter on your inbound e-mails, do they let YOU opt in to it? Having a spam filter that doesn't let the user choose to enable or disable it is a disservice to users. It is up to YOU as to whether you want ANY mails tagged and handled as spam. Since NTL has the option to spam tag inbound mails, they probably also have a whitelist function. So add SpamCop's e-mail address or domain to your server-side whitelist. POP3 is used to *RECEIVE* mails, not send them. So while you may have POP3 access to *receive* mails from your Yahoo account, like the SpamCop response with the URL link to complete your submission at SpamCop's web form, perhaps you are still using NTL's SMTP server to *send* your mails to SpamCop. From MikeE at ster.invalid Tue Dec 6 08:24:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 11:25:07 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: > Amazingly the 1 meg of ram and Oops, that was supposed to be a separate sentence relating to the 1 meg of ram and the Motorola 68000 16/32 bit architecture [thereby ST] running at 8 MHz with an efficient little OS loaded from a ROM chip. My preferred monitor was B&W which came in a 'hirez' 640x400 which looked much better than the ugly color 320x200. Amazing that such a tiny OS on a rom chip could do so much -- the interface was entirely graphical. > The Atari-ites mostly hung around on GEnie, -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Dec 6 16:30:04 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 11:35:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn4943$uev$1@news.spamcop.net... > Naturally all of that depends upon the target's running a AV with a .dat > for the viral template. And a fair proportion of those not even understanding what you just sed there, doesn't bode well for them knowing what to do about it. From jeffg at spamcop.net Tue Dec 6 11:39:01 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 12:10:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4201$q4r$1@news.spamcop.net... > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. What exact error message are you getting? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Tue Dec 6 11:43:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 12:10:08 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" wrote in message news:dn3kvo$jif$1@news.spamcop.net... > paypal spoof email. ... I > don't know of any more useful addresses I can forward it onto but I'm sure > someone out there has a list? My current list is: spoof[at]paypal.com, reportphishing[at]antiphishing.org, spoof[at]millersmiles.co.uk, nophishing[at]cbbb.bbb.org, submit[at]phishcop.net -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From geary at eris.io.com Tue Dec 6 17:22:00 2005 From: geary at eris.io.com (Mark Geary) Date: Tue Dec 6 12:25:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: In article , Mike Easter wrote: < Mark Geary wrote: < > Yes, this is a newsgroup, but it is also a forum. Newsgroups are a < > subset of forums (or fora, if you prefer). Consider the entry in the < > _New Hacker's Dictionary_ (aka Jargon file): < > < > forum n. < > < > [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group < > accessible through a dial-in BBS, a mailing list, or a newsgroup < > (see the network). A forum functions much like a bulletin board; < > users submit postings for all to read and discussion < > ensues. Contrast real-time chat via talk mode or point-to-point < > personal email. < < Notice the ancient history in that definition. Back in the 80s I was < very active in the Atari ST 'forums' [ie RoundTables] on GEnie, which < was a commercial BBS with a different 'style' than CompuServe. < < [example of ancient history delete] < < I suppose we could go back to the Roman forum to be all inclusive about < what a forum is and isn't. These definitions evolve with time. So, what term do we use today when we want to refer to all web-based forums, newsgroups, and other on-line discussions? Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From nobody at devnull.spamcop.net Tue Dec 6 12:26:56 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 12:30:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message > Mike Easter wrote: > > Porpoise wrote: > >> Result: 1 viruses found > >> C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx > >> > >> F-Secure site has this to say: > >> http://www.f-secure.com/v-descs/agent.shtml > > What I meant to say before that got away, was that that description at > fsecure is a very 'quaint' effect; in which the infected gets their > Word files posted onto newsgroups. Then I went looking for a > description at other AV places that use the term > Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I didn't > find enough to suit me there, and nothing using the term at symantec. > Look here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html > So then I decided to look at the item myself, but that didn't work out > very well either. The b64 turned into bqj522.zip ok -- but my unzipper > wasn't happy with the structure of the zip, and said "End of central > directory signature not found. Either this file is not a zipfile, or it > constitutes one disk of a multi-part archive. In the latter case the > central directory and zipfile comment will be found on the last disk/s > of this archive." and it didn't extract qform.exe > > I used a hex viewer on bqj522.zip which looks like it should extract to > the name you found, qform.exe. I also used my AV agent AVG on the > folder of the zip and it did not detect anything. I'm accustomed to AVs > not finding virms which are zipped up, but I'm surprised at the several > differences between your results and mine. I'm wondering if you > isolated the bqj522.zip in a different manner, say from the original > mail itself, and somehow had something better to work with than what I > got from the tracker's attachment. > > I was working with what I isolated from the original post's tracker's > attachment, selecting the b64 in isolation, b64 decoding into the zip, > and working with that zip. > Mebbe you b0rked it. ;-) I fetched the email from the tracker, (after turning off my AV as that denied access to the page). The recreated .eml scanned positive for "Agent-FE", and I encountered no problemo saving the .zip to disk and extracting the qform.exe for addition to my bug collection. Scanning qform.exe with Norton's brings in their name for it as "Trojan.danmec" as I used to acquire the URL above. Want McAfee or Trend descriptors? Laters, G From bar_n0ne at hotmail.com Tue Dec 6 21:36:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 6 12:40:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: "Mike Easter" wrote in message news:dn4dul$1al$1@news.spamcop.net... > Mike Easter wrote: > > Amazingly the 1 meg of ram and > > Oops, that was supposed to be a separate sentence relating to the 1 meg > of ram and the Motorola 68000 16/32 bit architecture [thereby ST] > running at 8 MHz with an efficient little OS loaded from a ROM chip. My > preferred monitor was B&W which came in a 'hirez' 640x400 which looked > much better than the ugly color 320x200. Amazing that such a tiny OS on > a rom chip could do so much -- the interface was entirely graphical. > > > The Atari-ites mostly hung around on GEnie, Mike, So, You were one of the guys that dissed the Amiga in Forums.? :-)) NO No, where's the extinguisher mom? From MikeE at ster.invalid Tue Dec 6 10:07:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 13:10:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Berny wrote: > "Mike Easter" >> Oops, that was supposed to be a separate sentence relating to the 1 >> meg of ram and the Motorola 68000 16/32 bit architecture [thereby ST] >> running at 8 MHz with an efficient little OS loaded from a ROM chip. >> My preferred monitor was B&W which came in a 'hirez' 640x400 which >> looked much better than the ugly color 320x200. Amazing that such a >> tiny OS on a rom chip could do so much -- the interface was entirely >> graphical. >> >>> The Atari-ites mostly hung around on GEnie, > > > Mike, > > So, You were one of the guys that dissed the Amiga in Forums.? :-)) Yes. The OS wars were very intense in those days. My OS is better than your OS. The Atari-ites believed that their OS was better than the Amiga's, the Apple's, definitely the IBM & DOS related rigs. Even tho' the Amiga developed some rather advanced features compared to the others. Some of us tinkered with emulating Macs with a gizmo called the Magic Sac. It had a set of Mac roms in a cartridge and you could boot up in Mac mode -- but the Mac system was so much less efficient than the Atari TOS that it wasn't really an enjoyable experience to me. The Amiga surpassed the ST and its offspring kinfolks in sales worldwide, altho' I think the Atari outsold Amiga in the US. And, the Amiga is still 'alive' today, whereas Atari is only a game name. > NO No, where's the extinguisher mom? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 6 10:07:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 13:10:10 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: > The Atari-ites mostly hung around on GEnie, I never had anything to do with the Atari 8 bit game machines at all, and never played games on the ST, but I just ran into this little tidbit of ancient Warner Comm [yes, the Warner later to be TW & AOL/TW] history which I didn't know about. The 70s were the Atari 8bit era. // Bushnell sold Atari to Warner Communications in 1976 for an estimated $28-$32 million, using part of the money to buy the Folgers Mansion. [...] At its peak, Atari accounted for a third of Warner's annual income and became the fastest-growing company in the history of the United States (at the time).// Wikipedia. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Tue Dec 6 13:55:00 2005 From: mwnospam at comcast.net (spamacyde) Date: Tue Dec 6 13:55:02 2005 Subject: [SpamCop-List] Soft on Sale Message-ID: Been receiving a lot of spam from Soft on Sale(TM in superscript, (yeh, right)). It's safe to assume that they are selling pirated software. Who should I forward t hese messages to besides Spamcop. Thanks From MikeE at ster.invalid Tue Dec 6 10:57:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 14:00:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Glenn Daniels wrote: > "Mike Easter" >> Then I went looking for a >> description at other AV places that use the term >> Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I >> didn't find enough to suit me there, and nothing using the term at >> symantec. >> > > Look here: > http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html Well, I saw that, but I didn't want to get into why I said 'nothing' at symantec. But the term nothing wasn't accurate. Symantec has the danmec discussion and has the Agent.hx attached to that discussion. But I wasn't satisfied about that. Notice how much difference there is in that discussion and the fsecure discussion and how that is different from what is 'supposed to be' in the cia & fbi virms. But clearly this is a danmec type, not a sober. >> So then I decided to look at the item myself, but that didn't work >> out very well either. The b64 turned into bqj522.zip ok -- but my >> unzipper wasn't happy with the structure of the zip, and said "End >> of central directory signature not found. Either this file is not a >> zipfile, or it constitutes one disk of a multi-part archive. In the >> latter case the central directory and zipfile comment will be found >> on the last disk/s of this archive." and it didn't extract qform.exe >> >> I used a hex viewer on bqj522.zip which looks like it should extract >> to the name you found, qform.exe. I also used my AV agent AVG on the >> folder of the zip and it did not detect anything. I'm accustomed to >> AVs not finding virms which are zipped up, but I'm surprised at the >> several differences between your results and mine. I'm wondering if >> you isolated the bqj522.zip in a different manner, say from the >> original mail itself, and somehow had something better to work with >> than what I got from the tracker's attachment. >> >> I was working with what I isolated from the original post's tracker's >> attachment, selecting the b64 in isolation, b64 decoding into the >> zip, and working with that zip. >> > > Mebbe you b0rked it. ;-) Maybe/apparently so -- I have a different set of results from the above now, but..... > I fetched the email from the tracker, (after turning off my AV > as that denied access to the page). The recreated .eml scanned > positive for "Agent-FE", and I encountered no problemo > saving the .zip to disk and extracting the qform.exe for > addition to my bug collection. > > Scanning qform.exe with Norton's brings in their name for it > as "Trojan.danmec" as I used to acquire the URL above. My latest efforts were to start all over again on the attachment isolation from the tracker. This time I cut off the last part of the last line of the b64 at the '=' sign -- because I didn't like the way it was making the b64 line too long. As per above, the b64 becomes bqj522.zip -- but now I can unzip the bqj522.zip without any unzipper complaint into qform.exe However, my AVG free with the latest updates fresh as of today does not see a virus in the .zip or the .exe > Want McAfee or Trend descriptors? Well, I see the general direction that the crossreference places for different names of viruses are going -- definitely not sober. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Tue Dec 6 14:33:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 14:35:03 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "spamacyde" wrote in message news:dn4mq1$6vr$1@news.spamcop.net... > spam ... selling pirated software. Who should I forward t hese messages to besides Spamcop. I usually forward them to software[at]bsa.org, danglin[at]siia.net, piracy[at]microsoft.com, piracy[at]adobe.com. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Tue Dec 6 20:35:24 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 6 14:40:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Steven Maesslein" a écrit dans le message de news: slrndp86rl.upd.nobody@127.0.0.1... > On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop > and left this in : > >>> There's no such thing as a "reasonably intelligent" life form in the >>> whole organisation of his ISP: Wanadoo.fr. >> >> Stop ranting. This is clearly not the purpose of my report and you are >> out >> of topic. >> >> There are MUCH MUCH more worse ISPs than Wanadoo in the world. > > And your point is? FWIW they get blocked, too. Just because wanadoo is > the lesser of two evils doesn't mean that everything's peachy again. > >> Wanadoo is acting reasonnably well given its size, and acts quite fast >> to spam reports, although it's not perfect. > > Doesn't look like it from here. Until I blocked them outright I was > being spammed by the same spammer THROUGH WANADOO'S OFFICIAL SMTP > CHANNEL (not trojanned windows machines) for months on end. From > spamcop's POV, abuse@wanadoo.fr is wired to /dev/null and postmaster > bounces. > >> I have still never received any spam from Wanadoo customers, > > 90% of the mail I used to see from wanadoo customers was spam. > >> Today, most Wanadoo customers use a external device (named "LiveBox") >> that >> is acting as a NAT router, a basic firewall that blocks outgoing SMTP >> connections, offers a VoIP decoder, a digital TV router over ATM >> connections, and so on. The effective spams that remain from Wanadoo >> customers is constantly going down. Also the spam/mail ratio is extremely >> low. > > This is inaccurate. I happen to live in France and use a FreeBox myself. And Free hasa much longer history of inaction against spam. Look at the various logs on the Internet and you'll see that Wanadoo is VERY FAR WAY at the bottom of the spam sources, after hundreds of ISPs of various sizes. On the opposite, Iliad/Online.net/Free.fr are listed in the top 30 spam sources, and often within the weekly top 10 ones. Free.fr isnot expensive foronegood reason: insufficient humane resources working to monitor their network activity, little proactive actions to enforce usage policies, nothing invested in research to help improve the efficiency of this activity. Free is better known as a commercial only company very interested only in advertizing, putting lots of pressure on its workers, and with many of its most competent workers leaving this company which has very antisocial behavior. Don't be surprised if Free.fr is wellknown for its very poor customer support, for its expensive and lengthy support phone number. Free.fr is really a unmanned company that makes huges profits for the benefit of a few share holders. Free.fr used to be agood service provider. Now that they have enough clients, they really neglect them, have a long history of legal actions against them (probably the longest one in France, with so many unsolved problems, and abusive contracts with customers that can't even get any connection with them for months, despite they are paying for it, and when they want to leave it, they have to support very expensive fees, and must even continue to pay a full year after their contract is canceled; Free.fr isalso using expensive bill recovery services against these unsatisfied clients,despite Free.fr has failed to provide any service for these customers). I won't trust Free.fr at any time now. Lookat the statistics on spamcop.net: Free.fr is almost constantly listed in the top worldwide sources, and the volume of spams coming from it is constantly increasing: Free has not invested any euro to support the growth of their existing customer base. For most cases, either you are lucky when your connection works, else you'll have a lot of difficulties to make it work or just to leave this non-working service. Free.fr is constantly using illegal arguments trying to convince their clients that they are not responsible for the defects of a service they are fully selling themselves. (WhenFree.fr invokes repsonsability of FranceTelecom, most often it is completely false, and anyway, even if thiswas the case, under French law, they are responsible for their customer, andcustomers don't need to know the details that links Free to FranceTelecom for providing the connection to the local loop. Free clearly ignores all check procedures that are needed when they accept a newsubscription. all they want is a subscription, and they absolutely don't care about the quality of their service, and constantly report their own reponsability to the customers (illegal: Free has been condamned many times with the help of consumer associations. Look at the UFC/Que Choisir web site for the long bad history of Free whose abusive contractual claused are cancelled by justice, but still applied. Free equals AOL under this perspective, with false advertizing). From BNRAGMAOKKXT at spammotel.com Tue Dec 6 20:58:28 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 16:00:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Vanguard on 06/12/2005 wrote: >Is NTL blocking your outbound e-mails to SpamCop? Or is NTL blocking the >inbound e-mails with SpamCop's response and URL link (for you to complete >the submission)? > It's blocking outbound to SpamCop, no submissions are received by SpamCop. >If NTL has a spam filter on your inbound e-mails, do they let YOU opt in >to it? Having a spam filter that doesn't let the user choose to enable or >disable it is a disservice to users. It is up to YOU as to whether you >want ANY mails tagged and handled as spam. > I can turn it on or off, no other options. >Since NTL has the option to spam tag inbound mails, they probably also >have a whitelist function. So add SpamCop's e-mail address or domain to >your server-side whitelist. > No Whitelist functions available, that's the first thing I explored when it started happening. >POP3 is used to RECEIVE mails, not send them. So while you may have POP3 >access to receive mails from your Yahoo account, like the SpamCop response >with the URL link to complete your submission at SpamCop's web form, >perhaps you are still using NTL's SMTP server to send your mails to >SpamCop. OK, I got it the wrong way around and it should have been SMTP. However, Yahoo mail *is* going through Yahoo servers not NTL servers, mail client is set up correctly for this. It's tending to be more sparodic at present, could be just a major hiccup with Yahoo, hence why I asked original question of whether anyone else is having this problem. -- Rob http://www.flickr.com/photos/canopus_archives/ From masfjorden at spamcop.net Tue Dec 6 21:59:00 2005 From: masfjorden at spamcop.net (helge) Date: Tue Dec 6 16:00:09 2005 Subject: [SpamCop-List] nomaster interested in email source? Message-ID: http://www.spamcop.net/sc?id=z837387162z9bb19892815665441294cdc0ad2e063dz "Re: 196.1.176.53 (Third party interested in email source) nomaster@devnull.spamcop.net spamcop@imaphost.com " helge From BNRAGMAOKKXT at spammotel.com Tue Dec 6 21:00:03 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 16:05:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Jeff G. on 06/12/2005 wrote: >What exact error message are you getting? Can't remember exact wording, but, to the effect that Yahoo purposely closed the connection -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at spamcop.net Tue Dec 6 16:08:58 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 6 16:10:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: Some of us tinkered with emulating Macs with a gizmo > called the Magic Sac. I think I got a spam about one of those the other day.....different purpose though... From not at home.today Tue Dec 6 21:17:20 2005 From: not at home.today (Ant) Date: Tue Dec 6 16:20:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote: > Glenn Daniels wrote: >> http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html > > [...] But clearly this is a danmec type, not a sober. I can confirm that. Sophos detected it as Troj/Danmec-F http://www.sophos.com/virusinfo/analyses/trojdanmecf.html I received another exactly the same, with the FBI text, today. > However, my AVG free with the latest updates fresh as of today does not > see a virus in the .zip or the .exe The Sophos update was released yesterday. BTW, the exe is packed with UPX 1.92. I unpacked it, but couldn't find any interesting strings inside. From cpollock at earthlink.net Tue Dec 6 19:06:49 2005 From: cpollock at earthlink.net (Chris) Date: Tue Dec 6 20:10:03 2005 Subject: [SpamCop-List] Blacklisting, what does it take? Message-ID: I've been reporting this ip 66.162.83.183, for about 3 or 4 days now. I've sent in probably about 50 or so reports. This ip has been sending out the sober.* worm for over a week now. It belongs to the mccombs.com netblock which is in turn part of twtelecom.net. It was previously being sent out with the *.190 ip however, after multi reports to abuse@twtelecom.net I received a reply stating this from someone at mccombshq.com: Please note that the propagation of this address is spoofed. The address you are questioning is a global IP for a firewall and is not sending or passing the virus. from one of the contacts listed for this ip. When I argued that something must be wrong then because the virus is comeing from his ip, he replied with: I can assure you that it is indeed a mistake. These need to be removed at once or this will get very ugly! I received a message from someone at IP Security for twtelecom.net saying this was due to the sober.* worm, gee, no kidding. Below are headers from one of the messages, does anyone disagree with me that these are indeed coming from 66.162.83.183? Status: U Return-Path: Received: from pop.earthlink.net [209.86.93.201] ????????by localhost with POP3 (fetchmail-6.2.5) ????????for cpollock@localhost (single-drop); Tue, 06 Dec 2005 18:16:32 -0600 (CST) Received: from ijthkqvgn.com ([66.162.83.183]) ????????by mx-nebolish.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1eJMXh6uj3Nl3490 ????????Tue, 6 Dec 2005 19:14:37 -0500 (EST) From: postmaster@mccombshq.com To: zfreemailer7495@earthlink.net Date: Tue, 06 Dec 2005 23:49:57 UTC Subject: Your Password Importance: Normal X-Priority: 3 (Normal) Message-ID: <8c261691ee.69bf51bf@lxmcb.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="72e6fe5772e048db7d1ea" Content-Transfer-Encoding: 7bit X-SenderIP: 66.162.83.183 X-ASN: ASN-4323 X-CIDR: 66.162.80.0/20 So, guess my actual question here is just what does it take for an ip to get blacklisted by spamcop? One other side note, since the 24th of Nov I've reported this ip netblock, whether it was 66.162.83.190 or 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really been done about it. -- Chris RLU 283774 Mandriva 10.1 Official 18:51:56 up 3 days, 1:54, 1 user, load average: 1.07, 0.67, 0.41 From MikeE at ster.invalid Tue Dec 6 17:16:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 20:20:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Posted to spamcop & .spam, f/ups to spamcop Robert Williams wrote: > I JUST received an e-mail, and SpamCop listed it as too old. After > looking at the header I can see why. Below is a copy of the e-mail. > From what it looks like, the sending mail server held onto the spam > until it was too late for anyone to report it. Those headers, apparently including your mailhost, are a mess. Your mailhost seems to me to be a problem -- or perhaps your mailhost configuration is not correct. www.spamcop.net/sc?id=z837423240z31f18c639a0d6e1f671ab56cd75c7392z "Hostname verified: mail.cleartel.net" When you post a tracker like you did, you don't need to post the spam, and actually you shouldn't, because the spam is available at the tracker. The ng .spam is only for posting spam, not for discussing it. The ng/s spamcop or help are for discussions, but no spam is allowed in them. Sooo, it is better to post just the tracker, no spam, and to post the tracker into the discussion group, not .spam, so that it can be discussed where you posted the tracker. F/ups accordingly. Abbreviated Received lines *comment from mail.cleartel.net ([206.72.209.41]) by server1.DANJONENGINEERING.LOCAL from [206.72.209.49] (helo=mail.4-serv.com) by mail.cleartel.net with esmtp *timestamp 17d, servesyou, bogushelo from 4technology.net ([90.66.225.30]) by mwcp.4technology.net *bogusline SC seems to think that cleartel is your mailhost, but cleartel is a crazy bogus helo stamping server, so that 'upsets' me. In this spam's case, the reason SC sez the spam is too old is that SC sez that your mailhost is cleartel. Cleartel is who was holding that spam for 17 days. Cleartel is also who is using a totally bogus helo 'mail.4-serv.com' -- which I have no explanation for, except that it is very problematic. If that spam were in my mailbox, I would be calling cleartel [=albany.net] the source, as this tracker demonstrates. http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz Report Spam to: Re: 206.72.209.49 (Administrator of network where email originates) To: postmaster@albany.net (Notes) But, if you could approve the report [which you had no option to do, because of the age problem with a mailhosted account] -- you would be reporting your own provider [according to SC's mailhost configuration handling] -- so I guess it is 'lucky' that your own provider decided to stick the mail for 17 days. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 01:18:22 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 20:20:08 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn4muc$737$1@news.spamcop.net... > Glenn Daniels wrote: > > My latest efforts were to start all over again on the attachment > isolation from the tracker. > > This time I cut off the last part of the last line of the b64 at the '=' > sign -- because I didn't like the way it was making the b64 line too > long. > > As per above, the b64 becomes bqj522.zip -- but now I can unzip the > bqj522.zip without any unzipper complaint into qform.exe > > However, my AVG free with the latest updates fresh as of today does not > see a virus in the .zip or the .exe That doesn't bode very well for AVG......... > >> Want McAfee or Trend descriptors? > > Well, I see the general direction that the crossreference places for > different names of viruses are going -- definitely not sober. > I haven't yet had time to Winhex it yet either.... From MikeE at ster.invalid Tue Dec 6 18:01:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 21:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > "Mike Easter" >> However, my AVG free with the latest updates fresh as of today does >> not see a virus in the .zip or the .exe Finally AVG sees it. Trojan horse Proxy ASZ > That doesn't bode very well for AVG....... Now I 'manually' updated AVG from the program accessing from the grisoft server and now it sees the virus in both the zip and the exe. The previous updating which was performed earlier today was an automatic one, also from the grisoft server I was beginning to think I should go get Avast and take it for a spin, but after reading some comparisons between the two, I think I'll stick with AVG. There are some things I don't exactly like about configuration choices, but I can live with them. > I haven't yet had time to Winhex it yet either.... -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Dec 7 12:02:37 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 6 22:05:03 2005 Subject: [SpamCop-List] Re: Soft on Sale In-Reply-To: References: Message-ID: Jeff G. wrote: > "spamacyde" wrote in message > news:dn4mq1$6vr$1@news.spamcop.net... >> spam ... selling pirated software. Who should I forward t hese > messages to besides Spamcop. > > > I usually forward them to software[at]bsa.org, danglin[at]siia.net, > piracy[at]microsoft.com, piracy[at]adobe.com ...and, depending who else's pirated software is mentioned: piracy[at]symantec.com piracy[at]alias.com piracy[at]apple.com piracy[at]autodesk.com piracy[at]borland.com nopiracy[at]corel.com tip[at]macromedia.com The Microsoft piracy address recently bounces anything that looks like spam. The SIIA address I know is piracy[at]siia.net From vanguard.code at comcastNIX.net Tue Dec 6 22:42:49 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Tue Dec 6 23:45:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4u4j$bqh$1@news.spamcop.net... > Jeff G. on 06/12/2005 wrote: > >>What exact error message are you getting? > > Can't remember exact wording, but, to the effect that Yahoo purposely > closed the connection > > -- > Rob > > http://www.flickr.com/photos/canopus_archives/ Maybe looking at SpamCop shows Yahoo is getting blacklisted, so Yahoo retaliates by blacklisting SpamCop. Hey, it's possible (i.e. blacklisting the blacklisters). Yahoo doesn't want to bother getting any more complaints from SpamCop for their lack of spam control (including outbound spewage from trojaned users) so they think that throttling their own users might be a way to reduce the complaint mails they get from SpamCop. Of course, maybe you didn't go through the process of adding your mailhosts to your SpamCop account so your own mail servers wouldn't get included in your spam reports (i.e., you ended up adding your mail servers to the spam report rather than for the spammer). I've seen mentioned of where users shot themself in their foot by actually reporting themself as the spammer. Have you gone through SpamCop's procedure to add your mailhosts to your account at SpamCop? From jeffg at spamcop.net Tue Dec 6 23:44:15 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 23:45:11 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "Patto" wrote in message news:dn5jce$oil$1@news.spamcop.net... > Jeff G. wrote: > > danglin[at]siia.net > The SIIA address I know is piracy[at]siia.net I had some sort of problem with that address some time ago, but I can't find the details at present. I'll try using that address again. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Wed Dec 7 00:02:13 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 7 00:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn5fpk$ml2$1@news.spamcop.net... > Porpoise wrote: > > "Mike Easter" > >> However, my AVG free with the latest updates fresh as of today does > >> not see a virus in the .zip or the .exe > Finally AVG sees it. Trojan horse Proxy ASZ > > That doesn't bode very well for AVG....... > Now I 'manually' updated AVG from the program accessing from the grisoft > server and now it sees the virus in both the zip and the exe. The > previous updating which was performed earlier today was an automatic > one, also from the grisoft server Does Grisoft have a set time of day (with timezone) after which it's best to get an update? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From MikeE at ster.invalid Tue Dec 6 21:18:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 00:20:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Jeff G. wrote: > "Mike Easter" >> Finally AVG sees it. Trojan horse Proxy ASZ >> Now I 'manually' updated AVG from the program accessing from the >> grisoft server and now it sees the virus in both the zip and the >> exe. The previous updating which was performed earlier today was an >> automatic one, also from the grisoft server > Does Grisoft have a set time of day (with timezone) after which it's > best to get an update? Probably, but I don't know the answer. I've always just let the auto-updates do the work. When I was reading a comparison between AVG and Avast, apparently some people had complaints about the free AVG being 'slow' [I considered that to be a complaint of slow in processing, not slow as in 'behind' in viral templates] compared to the pay AVG .dat serving. The website also seems to imply that there is more likely to be a slowness problem with the free .dat servers vs the paid ones on the comparison page. I guess the concept is that there are so many free AVG users and therefore so much .dat serving that the servers get behind, since the .dat updates are very frequent, often daily. This is the first time I've had the experience of 'fetching' a .dat file more or less manually and then that newer .dat, which presumably I would've gotten by the auto-update process tomorrow, being more uptodate than the .dat file I got earlier today, this morning. I haven't experienced 'slowness' in terms of the AVG server being pokey -- in terms of the 'process' of hooking up or downloading the update files -- it seems reasonable to me. Very seldom do the updates require rebooting, altho' the one from this morning did. All of that autoupdate requiring reboot for implementation had all been accomplished before I messed with the virus we're talking about here. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Wed Dec 7 09:23:00 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:25:03 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn5cj9$kle$1@news.spamcop.net... SNIP > So, guess my actual question here is just what does it take for an ip to > get blacklisted by spamcop? One other side note, since the 24th of Nov > I've reported this ip netblock, whether it was 66.162.83.190 or > 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really > been done about it. Virus emitters, are usually only sending to email addresses that can be dredged up from the infected machines hard drives. Depending on the nature of business use of the machine in question that is typically a small number of addresses, or at least a small number of addresses outside the local net. Odds of hitting more than one, or even one SC reporter thus can be very small indeed. For a listing, at leaset 2 independent spam reporters need to report the address, and then the total number of reports is still normalized relative to the "typical email output" as determined by Ironport. So, unless a viral propagator has access to a millions CD, odds are it's not going to get listed. If you're the only reporter receiving from that machine it definitely will never get listed. From bar_n0ne at hotmail.com Wed Dec 7 09:29:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:30:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Vanguard" wrote in message news:dn5p89$rpk$1@news.spamcop.net... > "Canopus" wrote in message > news:dn4u4j$bqh$1@news.spamcop.net... > > Jeff G. on 06/12/2005 wrote: BLAH BLAH I don't know about SMTP mail from Yahoo, I lost that ability years ago sometime after Yahoo bought GeoCities, however, Yahoo is forwarding my spam to SC just fine using its web interface, with the occasional aggravation of having to respond to a CAPTCHA prompt. From bar_n0ne at hotmail.com Wed Dec 7 09:52:10 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:55:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: "Mike Easter" wrote in message news:dn4k00$52v$1@news.spamcop.net... > Berny wrote: > > "Mike Easter" > Yes. The OS wars were very intense in those days. My OS is better than > your OS. The Atari-ites believed that their OS was better than the > Amiga's, the Apple's, definitely the IBM & DOS related rigs. Even tho' > the Amiga developed some rather advanced features compared to the > others. Some of us tinkered with emulating Macs with a gizmo called the > Magic Sac. It had a set of Mac roms in a cartridge and you could boot > up in Mac mode -- but the Mac system was so much less efficient than the > Atari TOS that it wasn't really an enjoyable experience to me. Hmm,, I had a software emulator for the mac (Shareware) on my amiga, and while the graphics were about the same, it was as fast as or faster than the mac on the same hardware. And it was sure nice to have a real multitasking machine, something none of the others provided until Win95 (sort of) and Mac OS8 (sort of). I had been spoiled working on VM370 (IBM) using TSO, and CMS, and I just couldn't concieve of using a computer that could only run one application and that had never heard of intertask communication, and that didn't have a common macro language (REXX) that could address most well written applications as well as the OS. Well since leaving the Amiga behind, I still don't have most of that. The OS supplied text editors for Win and UNIX/Linux frankly suck compared to IBM XEDIT, none of the macro languages or Command line shells can talk to each other let alone an application. The closest thing now is Virtual Basic, but it only talks to primarily M$oft applications, and not all of them. No modern computers allow dedicated hardware access by user/task without expensive add ons, so we now have LANS where when you put a tape or a CD in a drive it belongs to everybody unless it's on your own CPU. Sigh,,, If you want to talk a real operating system the closest you come to it is VaxVMS nowadays, ugly as it may be. From exfenestrate at spammers.invalid Tue Dec 6 23:42:14 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 7 02:45:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: <3lxwynkoa4wf.dlg@grc.aosake.net> On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus wrote: > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. I haven't used the Yahoo! SMTP servers to submit spam lately. But I tried it tonight, and the submission went through. I pulled the headers of my submission and submitted them to SpamCop for a parse, with these results: http://www.spamcop.net/sc?id=z837597217z1b646e93723f9351d345309c96f740b7z So I don't think Yahoo! has a generic block in place. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at xyzzy.claranet.de Wed Dec 7 09:10:20 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 03:15:03 2005 Subject: [SpamCop-List] RIPE lookup bug (?) Message-ID: <439698EC.2241@xyzzy.claranet.de> Hi, for occupantware.com = 193.238.120.4 in... http://www.spamcop.net/sc?id=z837595270ze1994f1c6190543387ad38764cb2e68fz ...I get "No reporting addresses found for 193.238.120.4, using devnull for tracking." The "display data" for "whois 193.238.120.4@whois.ripe.net" says: | inetnum: 193.238.120.0 - 193.238.123.255 | netname: POLIVEKTOR-JSC | descr: Polivektor JSC network | country: RU | org: ORG-POLI1-RIPE | admin-c: POLI2-RIPE | tech-c: POLI2-RIPE [...] | organisation: ORG-POLI1-RIPE | org-name: Polivektor JSC | org-type: NON-REGISTRY | address: kalanchevskaya st. 4, Moscow Russia, 194568 | e-mail: admin@polivektor.com [...] | person: Polivektor Techical | address: 194568, Kalanchevkaya st. 4, Moscow Russia | phone: +7 (095) 780-22-87 | nic-hdl: POLI2-RIPE [...] No mail address for tech-c / admin-c, but there is an address for the organization. It's also the only item on the left side with an "@" in the filtered RIPE output. SC ignores this and tries "Lookup poli2-ripe@whois.ripe.net". That's wrong, it got handle POLI2-RIPE already for its first query. Asking again won't change the fact that there's no mail address in this object. Bye, Frank From nobody at xyzzy.claranet.de Wed Dec 7 09:30:54 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 03:35:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: <43969DBE.6FBB@xyzzy.claranet.de> Jeff G. wrote: > see the bottom link in my sig below. JFTR, that's an excessively annoying sig. Bye, Frank From nobody at devnull.spamcop.net Wed Dec 7 17:52:00 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Dec 7 03:55:03 2005 Subject: [SpamCop-List] Re: Soft on Sale In-Reply-To: References: Message-ID: Jeff G. wrote: > "Patto" wrote in message > news:dn5jce$oil$1@news.spamcop.net... >> Jeff G. wrote: >>> danglin[at]siia.net >> The SIIA address I know is piracy[at]siia.net > > I had some sort of problem with that address some time ago, but I can't > find the details at present. I'll try using that address again. Actually I remembered incorrectly, I used netpiracy[at]siia.net in the past. This seems to be the correct address to report Internet piracy. See http://www.siia.net/piracy/report/internet.asp From nobody at xyzzy.claranet.de Wed Dec 7 09:51:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 04:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: <4396A2AB.4F71@xyzzy.claranet.de> Philippe Verdy wrote: > There are MUCH MUCH more worse ISPs than Wanadoo in the > world Maybe they're getting better, no Wanadoo in SC's "hall of shame". 2003/04 (in the times of SWEN) "WannaSpew" was a pest only trumped by SpamCast. Bye, Frank From pantheus at suespammers.org Wed Dec 7 01:18:19 2005 From: pantheus at suespammers.org (Ken Knull) Date: Wed Dec 7 04:20:02 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: On Wed, 07 Dec 2005 09:30:54 +0100, Frank Ellermann wrote: > Jeff G. wrote: > >> see the bottom link in my sig below. > > JFTR, that's an excessively annoying sig. Bye, Frank I agree ... that 7 line sig is 4-5 lines too many, especially when it isn't trimmed. -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From spam_hjp at yahoo.com Wed Dec 7 05:05:20 2005 From: spam_hjp at yahoo.com (Jim) Date: Wed Dec 7 05:10:29 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail In-Reply-To: References: Message-ID: I just let SpamCop WebMail pop my Yahoo and Hotmail email. It has work good most of the time. A few delays lately because of the traffic on Yahoo and Hotmail servers because of the worms. From bar_n0ne at hotmail.com Wed Dec 7 14:31:36 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 05:35:03 2005 Subject: [SpamCop-List] what's up with "messenger.msn.click-url.com" Message-ID: Anyone know what this website on savvis is that keeps appearing in "cam-dating" spam? from a parse: -Quote-- Tracking link: http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ [report history] ISP does not wish to receive report regarding http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ Resolves to 216.39.69.75 Routing details for 216.39.69.75 [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net Using abuse net on abuse@savvis.net abuse net savvis.net = abuse@savvis.net Using best contacts abuse@savvis.net ISP does not wish to receive reports regarding http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date available http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been appealed previously. -EndQuote- This thing looks fishy enough to me at least outwardly, because official messenger related sites would be in msn, or microsoft domains. Anybody braved a look at it? From bar_n0ne at hotmail.com Wed Dec 7 14:35:35 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 05:40:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: <4396A2AB.4F71@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:4396A2AB.4F71@xyzzy.claranet.de... > Philippe Verdy wrote: > > > There are MUCH MUCH more worse ISPs than Wanadoo in the > > world > > Maybe they're getting better, no Wanadoo in SC's "hall of > shame". 2003/04 (in the times of SWEN) "WannaSpew" was a > pest only trumped by SpamCast. > Bye, Frank Yabbut, Kornet and Hanaro almost never make a showing there either, and until very recently 50% of my considerable spam originated there. So I'm not sure what that really means. I still get way more spam from either of those than from SpamCast, or WannaSpew, across email accounts. From cpollock at earthlink.net Wed Dec 7 06:07:45 2005 From: cpollock at earthlink.net (Chris) Date: Wed Dec 7 07:10:03 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: Berny wrote: > > "Chris" wrote in message > news:dn5cj9$kle$1@news.spamcop.net... > SNIP >> So, guess my actual question here is just what does it take for an ip to >> get blacklisted by spamcop? One other side note, since the 24th of Nov >> I've reported this ip netblock, whether it was 66.162.83.190 or >> 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really >> been done about it. > > Virus emitters, are usually only sending to email addresses that can be > dredged up from the infected machines hard drives. > Depending on the nature of business use of the machine in question that > is typically a small number of addresses, or at least a small number of > addresses outside the local net. Odds of hitting more than one, or even > one SC reporter thus can be very small indeed. For a listing, at leaset 2 > independent spam reporters need to report the address, and then the total > number of reports is still normalized relative to the "typical email > output" as determined by Ironport. > > So, unless a viral propagator has access to a millions CD, odds are it's > not going to get listed. If you're the only reporter receiving from that > machine it definitely will never get listed. Thanks Berny, odd thing, I've never done bussiness with McCombs Enterprises. Although none of these are personally addressed to me, I assume that the BCC is. -- Chris RLU 283774 Mandriva 10.1 Official 06:03:49 up 3 days, 13:06, 1 user, load average: 0.44, 1.07, 1.14 From bar_n0ne at hotmail.com Wed Dec 7 17:00:53 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 08:05:02 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn6jai$b7s$1@news.spamcop.net... > Berny wrote: SNIP > Thanks Berny, odd thing, I've never done bussiness with McCombs > Enterprises. Although none of these are personally addressed to me, I > assume that the BCC is. You might simply be a CC one some mail the McCombs guy has. you might be in the cc list on a spam item in his mail folders, or have a mutal acquaintance, or business contact, or mutual FWD:FWD:FWD mailer Those can have a wide spread.. From nobody at spamcop.net Wed Dec 7 06:30:58 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 08:30:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: -- "Mike Easter" wrote in message news:dn5rac$t6v$1@news.spamcop.net... > > This is the first time I've had the experience of 'fetching' a .dat file > more or less manually and then that newer .dat, which presumably I > would've gotten by the auto-update process tomorrow, being more uptodate > than the .dat file I got earlier today, this morning. I do auto-update also and every so often I throw in a manual update just to see if a new one has shown up on days when I see a lot of "news" about new virus/wrom/trojan releases. This AM -- reading this thread -- I clicked update manually and blink there was an update downloaded. The little message at the bottom of the control center when it ended seemed to imply there was yet another update waiting so I clicked update again -- bingo a second update downloaded. After that finished I clicked update a 3rd time and yet another one. Same thing on another machine. Very odd. Never seen that before. > > I haven't experienced 'slowness' in terms of the AVG server being > pokey -- in terms of the 'process' of hooking up or downloading the > update files -- it seems reasonable to me. Very seldom do the updates > require rebooting, altho' the one from this morning did. All of that > autoupdate requiring reboot for implementation had all been accomplished > before I messed with the virus we're talking about here. Interesting the one of the ones from this AM did not ask me to reboot but it did demand that eudora be closed before proceeding. The updates are fast -- and have been the last 8mths? year? since they apparently installed new hardware or rewrote the software. There was a period a year ago? longer? where it was just about impossible to get an update downloaded, that went on for several weeks. As to whether the scanning of the mail is slow when you get new mail, sometimes it seems slower than others altho I can't positively identify if that is AVG or just that my system desperately needs more memory. But of all the AVs I have tried over the years this is the one that hasn't screwed up my system or done other intensely annoying things. Ellen From nobody at spamcop.net Wed Dec 7 06:38:35 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 08:30:09 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn5cj9$kle$1@news.spamcop.net... > I've been reporting this ip 66.162.83.183, for about 3 or 4 days now. Yeah I see it in the database. >I've > sent in probably about 50 or so reports. This ip has been sending out the > sober.* worm for over a week now. Nah -- more like 95 since 12/3 >It belongs to the mccombs.com netblock > which is in turn part of twtelecom.net. It was previously being sent out > with the *.190 ip however, Nope don't see reports for 66.162.83.190 >after multi reports to abuse@twtelecom.net I > received a reply stating this from someone at mccombshq.com: > > Please note that the propagation of this address is spoofed. The address > you are questioning is a global IP for a firewall and is not sending or > passing the virus. They are very wrong. They have a compromised machine sending viruses thru that IP. Unfortunately they are not sending to traps or other SC users. > > from one of the contacts listed for this ip. When I argued that something > must be wrong then because the virus is comeing from his ip, he replied > with: > > I can assure you that it is indeed a mistake. These need to be removed > at once or this will get very ugly! You can refer that to us if you hear from them again. deputies admin.spamcop.net > > > So, guess my actual question here is just what does it take for an ip to > get blacklisted by spamcop? More than one reporter unfortunately. Ellen From borisgomez at alphait.ws Wed Dec 7 08:28:30 2005 From: borisgomez at alphait.ws (Boris) Date: Wed Dec 7 09:30:03 2005 Subject: [SpamCop-List] Domain Problems Message-ID: Some times that our user send mail, appear a message box inform that spamcop.net is blocking theirs mail messages because theirs domain mail was marked how spam mail. How can I do to unmark our domain name from spam list?? Thanks for your help From bar_n0ne at hotmail.com Wed Dec 7 18:40:43 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 09:45:03 2005 Subject: [SpamCop-List] Re: Domain Problems References: Message-ID: "Boris" wrote in message news:dn6rij$gbd$1@news.spamcop.net... > Some times that our user send mail, appear a message box inform that > spamcop.net is blocking theirs mail messages because theirs domain mail was > marked how spam mail. How can I do to unmark our domain name from spam > list?? > > Thanks for your help Well the only effective way is to stay off the list. Make sure your network doesn;t have spamming clients. Make sure that auto-responses are not being "bounced" to forged senders (recieved and then returned to the reply to address. From MikeE at ster.invalid Wed Dec 7 07:16:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 10:20:03 2005 Subject: [SpamCop-List] Re: Domain Problems References: Message-ID: Boris wrote: > Some times that our user send mail, appear a message box inform that > spamcop.net is blocking theirs mail messages because theirs domain > mail was marked how spam mail. How can I do to unmark our domain name > from spam list?? SCbl SpamCop blocklist does not block mail, but the SCbl is used by people and servers to defend against spam, including to reject mail from a listed IP address. SCbl does not list domainnames, only IP addresses. Your own posting IP 200.13.167.202 no rDNS is listed in SCbl as a spamsource and CBL as hitting spamtraps & appearing as a proxy/trojan. And there are other IPs of your provider which are similarly listed which are not the output server for ladylee.com or the same netblock, but have higher output volumes, presumably in the form of spam 200.13.167.30 scbl, cbl, njabl, sorbs 200.13.167.228 scbl, cbl 200.13.167.202 scbl, cbl 200.13.167.58 outmail.ladylee.com -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 7 08:10:50 2005 From: nobody at spamcop.net (Antispam Knight) Date: Wed Dec 7 11:15:02 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: "Berny" wrote in message news:dn6dma$85a$1@news.spamcop.net... > Anyone know what this website on savvis is that keeps appearing in > "cam-dating" spam? > > from a parse: > > -Quote-- > Tracking link: > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > [report history] > ISP does not wish to receive report regarding > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > Resolves to 216.39.69.75 > Routing details for 216.39.69.75 > [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net > Using abuse net on abuse@savvis.net > abuse net savvis.net = abuse@savvis.net > Using best contacts abuse@savvis.net > > ISP does not wish to receive reports regarding > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date > available > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been > appealed previously. > -EndQuote- > > This thing looks fishy enough to me at least outwardly, because official > messenger related sites would be in msn, or microsoft domains. > > Anybody braved a look at it? > > It redirects to http://click.atdmt.com/go/onm00200471ave/direct/01/ atdmt.com is registered to: http://www.networksolutions.com Registrant: aQuantive Inc. 821 2nd Avenue Suite 1700 SEATTLE, WA 98104 US Domain Name: ATDMT.COM Administrative Contact, Technical Contact: aQuantive Inc. domains@aquantive.com 821 2nd Avenue Suite 1700 SEATTLE, WA 98104 US 206 816 8700 fax: 206 816 8909 Record expires on 17-Aug-2006. Record created on 17-Aug-2001. Database last updated on 7-Dec-2005 11:06:16 EST. Domain servers in listed order: DAL1GLB01.AQUANTIVE.COM 216.39.68.40 SEA1GLB01.AQUANTIVE.COM 216.34.88.151 WHK1GLB01.AQUANTIVE.COM 64.14.42.151 REGISTRY WHOIS: Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ATDMT.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: SEA1GLB01.AQUANTIVE.COM Name Server: WHK1GLB01.AQUANTIVE.COM Name Server: DAL1GLB01.AQUANTIVE.COM Status: REGISTRAR-LOCK Updated Date: 06-dec-2005 Creation Date: 17-aug-2001 Expiration Date: 17-aug-2006 >>> Last update of whois database: Wed, 7 Dec 2005 02:26:26 EST <<< From exfenestrate at spammers.invalid Wed Dec 7 08:13:43 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 7 11:15:08 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: <1thybjvflw3qy$.dlg@grc.aosake.net> On Wed, 7 Dec 2005 14:31:36 +0400, Berny wrote: > Anyone know what this website on savvis is that keeps appearing in > "cam-dating" spam? The actual domain is just the part ahead of the TLD; "click-url.com" in this case. I use "msn" as a host name for my domain, but only so I can identify incoming email related to my MSN stuff. I don't use it as a web site host name. You are correct, it looks "phishy". -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jg at coks.net Wed Dec 7 08:42:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 11:45:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 3:30 AM Ellen scribbled: curious as to how this will look /had to quote differently - you left Mike's sig deliniter in/ Interesting the one of the ones from this AM did not ask me to reboot but it did demand that eudora be closed before proceeding. /I had to close Excel/ The updates are fast -- and have been the last 8mths? year? since they apparently installed new hardware or rewrote the software. /I've always considered them fast - the process- using a mem disadvantaged machine as well/ There was a period a year ago? longer? where it was just about impossible to get an update downloaded, that went on for several weeks. /That seemed to be server overload back then - Grisoft often recommended to 'try later' - they were getting slash dotted for awhile/ As to whether the scanning of the mail is slow when you get new mail, sometimes it seems slower than others altho I can't positively identify if that is AVG or just that my system desperately needs more memory. /I dropped using that - never caught anything tho I don't know if thats my ISP catching the virus 1st or if I just don't get any - I've never played with the gifs the way you guys do - do you consider it useful? I don't like the added header lines - I'm confused enough/ But of all the AVs I have tried over the years this is the one that hasn't screwed up my system or done other intensely annoying things. /I agree, tho it conflicts with Firefox - which should probably be closed anyway while running AVG/ From jg at coks.net Wed Dec 7 08:53:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 11:55:01 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 8:42 AM jg scribbled: > On 12/7/2005 3:30 AM Ellen scribbled: > curious as to how this will look > /had to quote differently - you left Mike's sig deliniter in/ > apologies to Jeff G. - I chided him on Quote Fix the other day and here I am screwing up this post... Guess the / only works on the same line... From SC.10.myspamgobbler at spamcowboy.net Wed Dec 7 08:53:27 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Wed Dec 7 12:00:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: Ellen wrote: "Mike Easter" wrote in message news:dn5rac$t6v$1@news.spamcop.net... > > > > I haven't experienced 'slowness' in terms of the AVG server being > > pokey -- in terms of the 'process' of hooking up or downloading the > > update files -- it seems reasonable to me. Very seldom do the updates > > require rebooting, altho' the one from this morning did. All of that > > autoupdate requiring reboot for implementation had all been accomplished > > before I messed with the virus we're talking about here. >Interesting the one of the ones from this AM did not ask me to reboot >but it did demand that eudora be closed before proceeding. The updates >are fast and have been the last 8mths? year? since they apparently >installed new hardware or rewrote the software. There was a period a >year ago? longer? where it was just about impossible to get an update >downloaded, that went on for several weeks. > >As to whether the scanning of the mail is slow when you get new mail, >sometimes it seems slower than others altho I can't positively identify >if that is AVG or just that my system desperately needs more memory. > >But of all the AVs I have tried over the years this is the one that >hasn't screwed up my system or done other intensely annoying things. The reboot was required for my Win98 laptop, which, IIRC, is what Mike is using (Win98 that is, not my laptop :) I don't recall it being required on my XP machine, but I've been very busy and don't always notice. I have installed AVG on a large number of computers and I am very satisfied with the way it works. Many of my clients are very computer illiterate and AVG is one program that I've had extremely few support issues with. -- Brian SC.10.myspamgobbler@spamcowboy.net From nobody at spamcop.net Wed Dec 7 11:07:13 2005 From: nobody at spamcop.net (Antispam Knight) Date: Wed Dec 7 14:10:02 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: "Antispam Knight" wrote in message news:dn71ib$k02$1@news.spamcop.net... > > "Berny" wrote in message > news:dn6dma$85a$1@news.spamcop.net... >> Anyone know what this website on savvis is that keeps appearing in >> "cam-dating" spam? >> >> from a parse: >> >> -Quote-- >> Tracking link: >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> [report history] >> ISP does not wish to receive report regarding >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> Resolves to 216.39.69.75 >> Routing details for 216.39.69.75 >> [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net >> Using abuse net on abuse@savvis.net >> abuse net savvis.net = abuse@savvis.net >> Using best contacts abuse@savvis.net >> >> ISP does not wish to receive reports regarding >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date >> available >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been >> appealed previously. >> -EndQuote- >> >> This thing looks fishy enough to me at least outwardly, because official >> messenger related sites would be in msn, or microsoft domains. >> >> Anybody braved a look at it? >> >> > > It redirects to http://click.atdmt.com/go/onm00200471ave/direct/01/ > > atdmt.com is registered to: > > http://www.networksolutions.com > > Registrant: > aQuantive Inc. > 821 2nd Avenue > Suite 1700 > SEATTLE, WA 98104 > US > > Domain Name: ATDMT.COM > > Administrative Contact, Technical Contact: > aQuantive Inc. domains@aquantive.com > 821 2nd Avenue > Suite 1700 > SEATTLE, WA 98104 > US > 206 816 8700 fax: 206 816 8909 > > Record expires on 17-Aug-2006. > Record created on 17-Aug-2001. > Database last updated on 7-Dec-2005 11:06:16 EST. > > Domain servers in listed order: > > DAL1GLB01.AQUANTIVE.COM 216.39.68.40 > SEA1GLB01.AQUANTIVE.COM 216.34.88.151 > WHK1GLB01.AQUANTIVE.COM 64.14.42.151 > > REGISTRY WHOIS: > > Whois Server Version 1.3 > > Domain names in the .com and .net domains can now be registered with many > different competing registrars. Go to http://www.internic.net for detailed > information. > > > Domain Name: ATDMT.COM > Registrar: NETWORK SOLUTIONS, LLC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: SEA1GLB01.AQUANTIVE.COM > Name Server: WHK1GLB01.AQUANTIVE.COM > Name Server: DAL1GLB01.AQUANTIVE.COM > Status: REGISTRAR-LOCK > Updated Date: 06-dec-2005 > Creation Date: 17-aug-2001 > Expiration Date: 17-aug-2006 > >>>> Last update of whois database: Wed, 7 Dec 2005 02:26:26 EST <<< > As a further note, Aquantive is a Washington State corporation. The Registered Agent and the domain registration have the same address, so one might infer that Linda Schoemaker is a principal in the corporation. Or, they might just be using a third party for both: Corporations Division - Registration Data Search AQUANTIVE, INC. UBI Number 601 857 172 Category Regular Corporation Profit/Nonprofit Profit Active/Inactive Active State of Incorporation WA Date of Incorporation 02/27/1998 License Expiration Date 02/28/2006 Registered Agent Information Agent Name LINDA SCHOEMAKER Address 821 SECOND AVE # 1800 City SEATTLE State WA ZIP 98104 From nobody at spamcop.net Wed Dec 7 14:04:15 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 14:50:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "jg" wrote in message news:dn739j$l89$1@news.spamcop.net... > On 12/7/2005 3:30 AM Ellen scribbled: > curious as to how this will look > /had to quote differently - you left Mike's sig deliniter in/ sorry > > As to whether the scanning of the mail is slow when you get new mail, > sometimes it seems slower than others altho I can't positively identify if > that is AVG or just that my system desperately needs more memory. > > /I dropped using that - never caught anything tho I don't know if thats > my ISP catching the virus 1st or if I just don't get any - I've never > played with the gifs the way you guys do - do you consider it useful? I > don't like the added header lines - I'm confused enough/ I never play with gifs. I suppose I could turn it off also -- all my mail passes thru at least one other AV filtering system -- and sometimes two before I see it. And I don't open attachments anyway. > > /I agree, tho it conflicts with Firefox - which should probably be > closed anyway while running AVG/ I run firefox -- I don't see any interference. What are you seeing? Ellen From BNRAGMAOKKXT at spammotel.com Wed Dec 7 20:10:31 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Wed Dec 7 15:15:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: Norman Miller on 07/12/2005 wrote: >So I don't think Yahoo! has a generic block in place. No, I don't think so either. I've been doing a little experimenting since yesterday with my NTL account and also further error info for my Yahoo account. NTL: Neither forwarding spam to SpamCop as pasted to body nor as attachment now works with NTL accounts. No notifications from NTL that they are blocked or deleted, they just don't get through. Attempted to submit 25 spam to SpamCop at 1330 hrs GMT using Yahoo SMTP, 20 were sent before following error message was generated: "Connection intensionally closed. SMTP server returned unexpected error 521." About 20 minutes later I tried again with a further spam. Error message as above plus the following: "Yahoo.com closing transmissions channel. User is over the limit for messages allowed to be sent in a single day." I've never seen this before and I can't find any info on this limit on the Yahoo Mail site. I've mailed them about it. At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. The five mails submitted successfully, which in turn seems to contradict the previous error message. -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at spamcop.net Wed Dec 7 15:54:22 2005 From: nobody at spamcop.net (John Anderson) Date: Wed Dec 7 16:55:03 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: An error occurred while processing your request. Reference #97.8042d33f.1133992346.e76741 This is what I get trying to login! John Anderson From jg at coks.net Wed Dec 7 14:03:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 17:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 11:04 AM Ellen scribbled:> > > I run firefox -- I don't see any interference. What are you seeing? > > Ellen > > Just a /real/ slowdown - but like I mentioned, my box is memory disadvantaged. From nobody at devnull.spamcop.net Wed Dec 7 17:13:43 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Dec 7 17:15:02 2005 Subject: [SpamCop-List] Roxio traces to doubleclick? Message-ID: http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z Hi, I've had a lot of phishing spam/scams of late and I -think- this is one, tracker above, but something interesting happened when I submitted it manually for parsing. The reporting addresses are all to doubleclick.net, a long-ago banned outfit from my systems. At least to me, that doesn't make sense.?.? So, am I right, that it is another phishing scam? And what's with double-click being the listed source? I assume it's just forgery, but if not, well ... ? TIA, Pop -- --- twaynesdomain.com: Best little website in the North Country! From MikeE at ster.invalid Wed Dec 7 14:20:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 17:25:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: jg wrote: > /had to quote differently - you left Mike's sig deliniter in/ There was a sig delimitor at the top of Ellen's post, which makes things a little tricker, but I think it wasn't mine left over, but hers, as an 'empty sig'. However, this turns into another QF discussion again. OE doesn't trim sigs all by itself, I configure OEQF to trim sigs for me. In the case of Ellen's post, I would have /thought/ my sig trimmer would've 'wiped out' her entire post, making the cite problem difficult to deal with; so I was planning on demonstrating here how I could turn off my sig trimmer [by reconfiguring QF or disabling it] and cause Ellen's post to work right. But, when I went to Ellen's post to demonstrate the wipeout effect to myself, I discovered that her post didn't get wiped out at all. For some reason my system with sig trimming enabled didn't trim away her post. I don't think I understand yet why not. But, my point is that I would assume that you jg can optionally disable MozTbird's sig trimming so you wouldn't have to struggle with that citing problem. -- Mike Easter kibitzer, not SC admin From jg at coks.net Wed Dec 7 14:32:31 2005 From: jg at coks.net (jg) Date: Wed Dec 7 17:35:02 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 2:20 PM Mike Easter scribbled: > I don't think I understand yet why not. > > But, my point is that I would assume that you jg can optionally disable > MozTbird's sig trimming so you wouldn't have to struggle with that > citing problem. > > It wasn't really a struggle - just took me a couple of minutes to figure out why Ellen's post didn't quote. Day in and out, this is a rare occurence for me but it gave me some exercise. There is no way to turn that off via normal settings with Tbird - I could probably find a reset somewhere in prefs.js but haven't had the need as of yet. Isn't the use of this delimiter and its behavior pretty much universal? From porpoise1954 at yahoo.co.uk Wed Dec 7 22:48:24 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 17:50:03 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: Well, a minor update. Have managed to Winhex the file but there is nothing that jumps out at me (that I can decypher). Basically just another variant of the Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything strange or unusual....... !??! From MikeE at ster.invalid Wed Dec 7 14:50:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 17:55:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: jg wrote: > Isn't the use of this delimiter and its behavior pretty much > universal? The ever-noncompliant OE is a huge leader in the field of sig noncompliance. In the first place, OE has 'always' had the problem of its autosig going at the top where it doesn't belong -- forcing the OE users who need to trim and contextualize their news replies to turn off the autosig and 'manually' [by clicking something] put in their sig after they have trimmed and contextualized their replies. Then, the next noncompliance of OE is that the OE sig wasn't a properly constructed sig delimitor, because the OE editor eliminated the space which comes at the end of dash dash space -- so the OE sigs [used to] not be auto-trimmable by all of the newsreaders with sig trimmers. Nowadays OE can finally make a proper sig delimitor. Unfortunately, it still can't autosig anywhere but the top of a reply and it still can't autotrim sigs. So, except for OE, most of the rest of the world of newsreaders have been handling sigs compliantly for a long time. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 22:55:59 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 18:00:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: "Canopus" wrote in message news:dn7fjn$ttd$1@news.spamcop.net... > Norman Miller on 07/12/2005 wrote: > >>So I don't think Yahoo! has a generic block in place. > > No, I don't think so either. I've been doing a little experimenting since > yesterday with my NTL account and also further error info for my Yahoo > account. > > NTL: Neither forwarding spam to SpamCop as pasted to body nor as > attachment now works with NTL accounts. No notifications from NTL that > they are blocked or deleted, they just don't get through. > > Attempted to submit 25 spam to SpamCop at 1330 hrs GMT using Yahoo SMTP, > 20 were sent before following error message was generated: > > "Connection intensionally closed. SMTP server returned unexpected error > 521." > > About 20 minutes later I tried again with a further spam. Error message > as above plus the following: > > "Yahoo.com closing transmissions channel. User is over the limit for > messages allowed to be sent in a single day." > > I've never seen this before and I can't find any info on this limit on the > Yahoo Mail site. I've mailed them about it. > > At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. > The five mails submitted successfully, which in turn seems to contradict > the previous error message. It seems to me that they have put a choke on the SMTP server(s) in an attempt to thwart spam runs, by limiting users to sending only a limited number of emails within a given period. In one way, it could be seen as a *good* idea (reduces the amount of spam) but could be construed as a PITA for those who may have need to send tons of 'legitimate' emails every day. Although, it could be argued that anyone needing to send that number of legitimate emails on a daily basis ought to have a "proper" email account for such a purpose ......... From MikeE at ster.invalid Wed Dec 7 15:06:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:10:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: Pop wrote: www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. Pop is saying he's reporting a phish, but... > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? ... it doesn't make sense to him that doubleclick is the report addy. > So, am I right, that it is another phishing scam? So, now he's saying, "Is this a phish?" ... which means 'we' are going to have to look at/ read/ a spam. There are 'rules' around here for reading spams. #1 rule is that anytime we are getting ready to read a spam, we read/ analyze/ the headers first. > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? The headers show a straightup item, in which the From = the source = the spamvertiser. There is no header bogosity. From: "Roxio" Received: from (mta.email.sonic.com [198.31.62.67]) Spamvertise: http://email.sonic.com/cgi-bin15/DM/y/mUyZ0G3Ll50Ctg0MLR0HA&email=x This condition is often associated with legitimate communications to a registrant. Body content: If you would like to receive new product information and exclusive promotional offers from Roxio, including a one-time 50% off the latest version of Easy Media Creator, just click here: If you do not reply, you will not receive any software update email notifications from us. First line: As a registered owner of Easy Media Creator, we feel you should know we have released [...] If you are a reg'd user of Easy Media Creator, then that's why you got this offer to optin. It appears to be an optin to a reg'd user, not an optout. email.sonic.com and its output mailserver are DoubleClick. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 7 15:12:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:15:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: Mike Easter wrote: > Body content: I meant appears to be optin, of course. > If you are a reg'd user of Easy Media Creator, then that's why you got > this offer to optin. It appears to be an optin to a reg'd user, not > an optout. email.sonic.com and its output mailserver are DoubleClick. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 7 18:01:43 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 18:15:08 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn7n7b$38s$1@news.spamcop.net... > > But, when I went to Ellen's post to demonstrate the wipeout effect to > myself, I discovered that her post didn't get wiped out at all. For > some reason my system with sig trimming enabled didn't trim away her > post. > > I don't think I understand yet why not. > Your system is smart enough to know not to wipe out my posts .... or else .... Ellen From nobody at spamcop.net Wed Dec 7 18:05:50 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 18:15:14 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: "Pop" wrote in message news:dn7mqm$2t3$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > > Hi, > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? > > So, am I right, that it is another phishing scam? > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? > Looks like mail about Roxio -- doesn't look like a phish to me. Ellen From nobody at nowhere.not Wed Dec 7 23:17:46 2005 From: nobody at nowhere.not (Robert Blair) Date: Wed Dec 7 18:20:06 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Wed, 7 Dec 2005 22:32:31 UTC, jg wrote: > It wasn't really a struggle - just took me a couple of minutes to figure > out why Ellen's post didn't quote. Day in and out, this is a rare > occurence for me but it gave me some exercise. > There is no way to turn that off via normal settings with Tbird - I > could probably find a reset somewhere in prefs.js but haven't had the > need as of yet. > Isn't the use of this delimiter and its behavior pretty much universal? My news reader truncates Ellen's entire message as would be expected. But if I highlight a portion of the text it gets quoted properly. I very seldom reply without highlighting (for trimming) so I seldom see this kind of problem. -- Robert Blair From MikeE at ster.invalid Wed Dec 7 15:20:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:25:05 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Ellen wrote: > "Mike Easter" >> But, when I went to Ellen's post to demonstrate the wipeout effect to >> myself, I discovered that her post didn't get wiped out at all. For >> some reason my system with sig trimming enabled didn't trim away her >> post. >> >> I don't think I understand yet why not. > Your system is smart enough to know not to wipe out my posts .... or > else .... Heh heh. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 23:59:56 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 19:05:04 2005 Subject: [SpamCop-List] Another SysAdmin that requires a clue Message-ID: http://www.spamcop.net/sc?id=z837926949zf94cbbdc94fb6f33ea222dedbf02c2aez As well as sending reports, I also sent a mail to the sender advising them (with link to the FAQ) why sending "newmails" to forged From: is really not a very clever thing to be doing. From cpollock at earthlink.net Wed Dec 7 19:20:24 2005 From: cpollock at earthlink.net (Chris) Date: Wed Dec 7 20:25:04 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: Ellen wrote: >> >> Please note that the propagation of this address is spoofed. The address >> you are questioning is a global IP for a firewall and is not sending or >> passing the virus. > > They are very wrong. They have a compromised machine sending viruses thru > that IP. Unfortunately they are not sending to traps or other SC users. And they won't admit it either. > >> >> from one of the contacts listed for this ip. When I argued that >> something must be wrong then because the virus is comeing from his ip, >> he replied with: >> >> I can assure you that it is indeed a mistake. These need to be removed >> at once or this will get very ugly! > > You can refer that to us if you hear from them again. deputies > admin.spamcop.net Will do, in the meantime I've again addressed this issue to all contacts listed that I can find minus the individual at mccombshqs.com who denies that he has a compromised machine. > >> So, guess my actual question here is just what does it take for an ip to >> get blacklisted by spamcop? > > More than one reporter unfortunately. I understand that now, I must be the only one getting hit from this ip then. > > > Ellen Thanks Ellen for your feedback. -- Chris RLU 283774 Mandriva 10.1 Official 19:15:55 up 4 days, 2:18, 1 user, load average: 0.20, 0.40, 0.35 From not at home.today Thu Dec 8 01:41:24 2005 From: not at home.today (Ant) Date: Wed Dec 7 20:45:02 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: "Porpoise" wrote: > Have managed to Winhex the file but there is nothing that jumps out at me > (that I can decypher). Basically just another variant of the > Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything > strange or unusual....... !??! The exe is packed with UPX 1.93 (not 1.92 as I stated earlier). Did you run UPX on it? More strings become visible, but nothing special. From porpoise1954 at yahoo.co.uk Thu Dec 8 01:56:36 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 21:00:03 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: "Ant" wrote in message news:dn830a$eik$1@news.spamcop.net... > "Porpoise" wrote: > >> Have managed to Winhex the file but there is nothing that jumps out at me >> (that I can decypher). Basically just another variant of the >> Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything >> strange or unusual....... !??! > > The exe is packed with UPX 1.93 (not 1.92 as I stated earlier). Did > you run UPX on it? More strings become visible, but nothing special. > No. Just done the usual notifies and moved on........ From jg at coks.net Wed Dec 7 18:07:15 2005 From: jg at coks.net (jg) Date: Wed Dec 7 21:10:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 2:50 PM Mike Easter scribbled: > jg wrote: > > >>Isn't the use of this delimiter and its behavior pretty much >>universal? > > > The ever-noncompliant OE is a huge leader in the field of sig > noncompliance. In the first place, OE has 'always' had the problem of > its autosig going at the top where it doesn't belong -- forcing the OE > users who need to trim and contextualize their news replies to turn off > the autosig and 'manually' [by clicking something] put in their sig > after they have trimmed and contextualized their replies. > > Then, the next noncompliance of OE is that the OE sig wasn't a properly > constructed sig delimitor, because the OE editor eliminated the space > which comes at the end of dash dash space -- so the OE sigs [used to] > not be auto-trimmable by all of the newsreaders with sig trimmers. > > Nowadays OE can finally make a proper sig delimitor. Unfortunately, it > still can't autosig anywhere but the top of a reply and it still can't > autotrim sigs. > > So, except for OE, most of the rest of the world of newsreaders have > been handling sigs compliantly for a long time. > > you sound like the parent of an ugly child - OE has a face only a mother could love... From jg at coks.net Wed Dec 7 18:11:56 2005 From: jg at coks.net (jg) Date: Wed Dec 7 21:10:11 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 3:17 PM Robert Blair scribbled: > On Wed, 7 Dec 2005 22:32:31 UTC, jg wrote: > > >>It wasn't really a struggle - just took me a couple of minutes to figure >>out why Ellen's post didn't quote. Day in and out, this is a rare >>occurence for me but it gave me some exercise. >>There is no way to turn that off via normal settings with Tbird - I >>could probably find a reset somewhere in prefs.js but haven't had the >>need as of yet. >>Isn't the use of this delimiter and its behavior pretty much universal? > > > My news reader truncates Ellen's entire message as would be expected. > But if I highlight a portion of the text it gets quoted properly. I > very seldom reply without highlighting (for trimming) so I seldom see > this kind of problem. > > just when I thought the thread was done... where do you highlight? in the orig msg pane? and that overrides truncation by the delimiter? ya just gotta love computers - 2000 ways to blow your nose... From edb2000 at spamcop.net Wed Dec 7 20:48:56 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Wed Dec 7 23:50:02 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? In-Reply-To: References: Message-ID: Pop wrote: > http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > > Hi, > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? > > So, am I right, that it is another phishing scam? > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? No, it's legit (or what I would call legit). They are sending an invitation to opt in to a mailing list to receive info about their software deals, and they are sending this one-time invite to users who registered their software products and provided an email address. I got two myself, for two registered products. You would have to be pretty hard-core to consider this spam. But it's certainly not a phishing expedition. -- Don Wannit A paid SpamCop user since 1999 From jeffg at spamcop.net Thu Dec 8 00:25:48 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 00:30:02 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "Patto" wrote in message news:dn67rg$4h3$1@news.spamcop.net... > Actually I remembered incorrectly, I used netpiracy[at]siia.net in the > past. This seems to be the correct address to report Internet piracy. > See http://www.siia.net/piracy/report/internet.asp Interestingly, I see netpiracy@spa.org on that page. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Thu Dec 8 00:48:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 00:50:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:43969DBE.6FBB@xyzzy.claranet.de... > Jeff G. wrote: > > > see the bottom link in my sig below. > JFTR, that's an excessively annoying sig. Bye, Frank And yours looks like you are saying "Bye" to yourself. Is the following better? -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From g.hyde at bigpond.net.au Thu Dec 8 16:24:24 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 01:25:02 2005 Subject: [SpamCop-List] I am getting more messages from this .pk server about listserver messages I can do nothing about. Message-ID: http://www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z OK this is getting ridiculous. I keep getting failure messages due in part to an improperly configured listserver which contain news messages I've posted somewhere. This is to me a spam email, as there is NOTHING, I repeat, NOTHING that I can do about it. Do I report this as a spam item or what? I would like for the listserver owner to be notified so they can fix this problem with their listserver, however, that doesn't seem likely unless I can pin down the reason it is listing me as the original sender. It is currently sitting unreported on the above tracker URL. If deputies would like to submit it as a spam to someone in particular, please do so. Cheers ... Geoffrey Hyde From borgholio at storymind.com Wed Dec 7 22:35:44 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 8 01:40:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z > > OK this is getting ridiculous. I keep getting failure messages due in part > to an improperly configured listserver which contain news messages I've > posted somewhere. This is to me a spam email, as there is NOTHING, I > repeat, NOTHING that I can do about it. > > Do I report this as a spam item or what? I would like for the listserver > owner to be notified so they can fix this problem with their listserver, > however, that doesn't seem likely unless I can pin down the reason it is > listing me as the original sender. > > It is currently sitting unreported on the above tracker URL. If deputies > would like to submit it as a spam to someone in particular, please do so. > > > Cheers ... > > Geoffrey Hyde > > > Misdirected bounces ARE considered spam by Spamcop and should be reported. I get dozens per day...sometimes after a virus swarm or spam swarm I wake up with hundreds in my box. I report them all. From jeffg at spamcop.net Thu Dec 8 01:38:06 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 01:40:09 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "John Anderson" wrote in message news:dn7llq$1qj$1@news.spamcop.net... > An error occurred while processing your request. > Reference #97.8042d33f.1133992346.e76741 > > > > This is what I get trying to login! Yes, there was a drop (SpamCop Parsing and Reporting System Outage AKA "down and dead" status) at the time per http://alpha.cesmail.net/graphics/spamstats.gif , displays of it at http://www.spamcop.net/spamgraph.shtml?spamstats and http://forum.spamcop.net/forums/index.php?showtopic=5247 and http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats , and my analysis in the Announcement at http://forum.spamcop.net/forums/index.php?showtopic=5288 (specifically at http://forum.spamcop.net/forums/index.php?showtopic=5288&view=findpost&p=37370 ) . Also, please be aware of the following Post by Don at http://forum.spamcop.net/forums/index.php?showtopic=5514&st=0&p=37151&#entry37151 . ----- Begin Quote ----- Those errors *can* be caused by an Akamai server with a problem, but it is extremely rare, and always isolated. What you're seeing is the result of SpamCop being down and dead at the time. It's caused by our database crashing, which brings down the whole system because the database is the heart. Fortunately, we have developed alarm systems that alert us to the problem when it starts, and methods of bringing the database back up rapidly when it goes down. In many cases, the outage is only for a few minutes, and sometimes during dire straights, a few hours. As far as the users and deputies go, there isn't anything we can do but wait for the system to come back up. We're acutely aware of the problem, I assure you. We all access SpamCop from outside, just like everybody else, so we're often the first to know. If the duty engineer isn't already on the problem, which they usually are, we page them. Unfortunately, our database and the way we use it is *hugely* complicated and we haven't found the root cause of the problem. We've found and fixed several little items that help keep things from going awry, but not everything. All I can ask is that you bear with us while we work on the problem. - Don D'Minion - SpamCop Admin - ----- End Quote ----- -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From bar_n0ne at hotmail.com Thu Dec 8 11:06:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Dec 8 02:10:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: "Canopus" wrote in message news:dn7fjn$ttd$1@news.spamcop.net... > Norman Miller on 07/12/2005 wrote: > > > At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. > The five mails submitted successfully, which in turn seems to contradict > the previous error message. the 24 hour definition may be X mails between 00:00 and 24:00 in some particular timezone , say PST or EST From porpoise1954 at yahoo.co.uk Thu Dec 8 08:39:42 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 8 03:45:04 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "jg" wrote in message news:dn84lc$g0s$1@news.spamcop.net... > On 12/7/2005 3:17 PM Robert Blair scribbled: > just when I thought the thread was done... > where do you highlight? > in the orig msg pane? > and that overrides truncation by the delimiter? > ya just gotta love computers - 2000 ways to blow your nose... Isn't it XP ways to blow your nose now?? ;-) From redford_stone at INVERSE_OF_COLDmail.com Thu Dec 8 09:12:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Dec 8 04:15:03 2005 Subject: [SpamCop-List] Question regarding "\x[hexnumber]" code. Message-ID: I'm curious to know exactly what kind of code "\x" is. The spammer who hides behind Geocities sites appear to be using this type of code as means to hide the final site. It is coded in this manner: "\x[hex number]" Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." I've tried digging around but Gargle doesn't give me much of anything meaningful I can use for decrapting this. From g.hyde at bigpond.net.au Thu Dec 8 19:37:29 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 04:40:04 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: http://www.google.com.au/search?hl=en&q=backslash+x+%5Bnnn%5D&meta= Try that - you might need to put in the equals sign, though that's what I came up with. after inserting '\backslash x [nnn]' into google. (without the quotes) HTH. :-) http://www.google.com.au/search?hl=en&q=backslash+x+%5Bxxxx%5D&meta= - also this, after a bit of refining of the string. Cheers ... Geoffrey Hyde "Redstone" wrote in message news:Xns9726C63D293Dtinlc@216.154.195.61... > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. > From bar_n0ne at hotmail.com Thu Dec 8 14:17:27 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Dec 8 05:20:12 2005 Subject: [SpamCop-List] "spamcopped" Message-ID: Well, I am pleased and displeased, Pleased to see that there really are folks using SC to block incoming mail. Displeased because (one of) the corporate mailserver(s) I use was blocked. Strangely, the party I was sending to has specific addresses set up for use by my employer, which is a fairly major client, so you;d think we'd have been whitelisted in this particular case. Seems we are blocked for back-scatter. I guess lot's of people still ahve auto responders or vacation notices, and I can verify that the spam blocking/filtering/miltering is far from leakproof, theres enough getting through that backscatter would be a problem. Anyway I sent a note to our security people, It's not my mess to deal with. Ah well. From nobody at nowhere.invalid Thu Dec 8 11:45:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 8 05:50:04 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Wed, 07 Dec 2005 14:32:31 -0800, jg coughed into spamcop and left this in : > Isn't the use of this delimiter and its behavior pretty much universal? Yes. Which probably explains why Outlook Express doesn't know about it. -- Steve From nobody at devnull.spamcop.net Thu Dec 8 08:33:18 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Dec 8 08:35:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: "Pop" wrote in message news:dn7mqm$2t3$1@news.spamcop.net... : http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z : : Hi, : I've had a lot of phishing spam/scams of late and I -think- ... : So, am I right, that it is another phishing scam? : And what's with double-click being the listed source? : I assume it's just forgery, but if not, well ... ? : Huh; OK, thanks for your inputs & consideration. I tried to check the Roxio site yesterday too since I am a registered owner, but must have tried it at the same time everyone else did; couldn't get a screen to paint completely. I'll try again later today. I was still confused about doubleclick, so I checked out their site; haven't done that in years. Also interesting how doubleclick and double-click go to two different places. Doubleclick actually looks relatively respectable if all the hype and name-dropping there is true. Double-click looks a lot spammier, but nothign immediately scary, redirecting to http://www.dartmotif.com/, (which is doubleclick's) apparently one of their marketing strategies. Neither site tried to place any cookies or probe anything - near as I could tell - THAT surprised me! They do like to throw unannounced PDF's at you, but otherwise nothing actually looked wrong. Maybe they're legit nowadays, dunno. IMO, it's still "bad" when I receive a mail from a roxio that in no way traces to a roxio though; but then it's their choice to use such methods. Thanks again, Pop From nobody at example.com Thu Dec 8 14:25:40 2005 From: nobody at example.com (John Smith) Date: Thu Dec 8 09:30:02 2005 Subject: [SpamCop-List] phishing or virus? Message-ID: This spam seems to link to a PDF file (which has probably already been removed by the webmaster). Is it phishing, a virus, or something else? Short link to the spam: http://babyurl.com/AfsRBh Full link: http://www.spamcop.net/sc?id=z838211460zc5e8b37e973105a86e8035ba50a34d64z;action=display From blacklist-me at davjam.org Thu Dec 8 14:23:55 2005 From: blacklist-me at davjam.org (David Bolt) Date: Thu Dec 8 09:35:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: On Thu, 8 Dec 2005, Redstone wrote:- >I'm curious to know exactly what kind of code "\x" is. > >The spammer who hides behind Geocities sites appear to be using this type >of code as means to hide the final site. > >It is coded in this manner: "\x[hex number]" > >Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > >I've tried digging around but Gargle doesn't give me much of anything >meaningful I can use for decrapting this. Try this: There's both Linux and Windows (Cygwin) versions and it handles that sort of encoding, and the %xx type, very nicely. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11 AMD2400(32) 768Mb SUSE 10.0 | RPC600 129Mb RISCOS 3.6 | Falcon 14Mb TOS 4.02 AMD2600(64) 512Mb SUSE 10.0 | A4000 4Mb RISCOS 3.11 | STE 4Mb TOS 1.62 From MikeE at ster.invalid Thu Dec 8 07:09:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:10:03 2005 Subject: [SpamCop-List] Re: phishing or virus? References: Message-ID: John Smith wrote: > This spam seems to link to a PDF file (which has probably already been > removed by the webmaster). Is it phishing, a virus, or something else? Not .pdf, which would be a 'portable document format' developed by Adobe, but .pif which is an executable 'program information file' developed by TopView, extended by DesqView, and dominated by MicroSoft You should make yourself a mental list of all of the 'dangerous' or executable file extenders .bat .com .pif .exe .scr .lnk .cmd and also enable your system to be able to see all the extenders. Such file extensions are typically dangerous to clickon. www.spamcop.net/sc?id=z838211460zc5e8b37e973105a86e8035ba50a34d64z The html was designed to make the link look like it was going to http://www.THE-ADDRESS-OF-THE-SPAMCOP-REPORTER@cellectivity.com/confirm.php?account=cellectivity.com but instead it was going to the .pif file named Confirmation_Sheet.pif at 84.94.228.177 rDNS 84.94.228.177.static.012.net.il The words say "According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons. [...] After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience." I can't get the payload with my GET function. You don't have permission to access /~nesher/Confirmation_Sheet.pif on this server. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 07:28:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Borgholio wrote: > Geoffrey Hyde wrote: www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z >> >> OK this is getting ridiculous. I keep getting failure messages due >> in part to an improperly configured listserver which contain news >> messages I've posted somewhere. Can you figure out where you posted the message? >> This is to me a spam email, as >> there is NOTHING, I repeat, NOTHING that I can do about it. Part of the problem with reporting this is that what you received is not /exactly/ a misdirected bounce, as you were the 'originator' of the message which bounced -- except that you didn't send your message to the server which bounced it, but I think you are saying you sent it to a newsserver somewhere. The 'offending' server is actually a linux group's server news-gateway@lugnet.com >> Do I report this as a spam item or what? I would like for the >> listserver owner to be notified so they can fix this problem with >> their listserver, however, that doesn't seem likely unless I can pin >> down the reason it is listing me as the original sender. >From my reading of it, you /are/ the original sender -- but [perhaps] to a newsgroup, not an email recipient. But, I can't find the original newsgroup posted item, so perhaps it was posted to a webforum or something like that. >> It is currently sitting unreported on the above tracker URL. If >> deputies would like to submit it as a spam to someone in particular, >> please do so. I think it would be more worthwhile to figger out what is going on here than report the 'innocent' server which received something which it shouldn't have received. > Misdirected bounces ARE considered spam by Spamcop and should be > reported. I get dozens per day...sometimes after a virus swarm or > spam swarm I wake up with hundreds in my box. I report them all. This isn't a 'normal' misdirected bounce. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 07:53:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z > > OK this is getting ridiculous. I keep getting failure messages due > in part to an improperly configured listserver which contain news > messages I've posted somewhere. Now I remember. We had a discussion about this in late Sep early Oct There are some missing pieces in the thread here: http://news.spamcop.net/pipermail/spamcop-list/2005-October/105110.html Newsgroups: spamcop Subject: Re: What the blazes happened here? Date: Fri, 30 Sep 2005 07:14:04 -0700 ..but I still have my copies, which show some initial confusion which I eventually straightened out. At that time I was able to access the lugnet.robotics system. The gist is that there is a webforum integrated with an nntp newsserver and the webforum is also integrated with a mailing list -- so people can signup to have the forum posts [which are also news posts] mailed to them. You post to the nntp newsserver using a good addy. That post gets mailed to a mailing list recipient whose server bounces your item, for whatever reason. That isn't the bouncing server's fault. That is the fault of the way the lego robotics system is configured. > This is to me a spam email, as there > is NOTHING, I repeat, NOTHING that I can do about it. What you should do is use an invalid addy in your postings to that group or newsserver. Which I said back then. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 08:08:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 11:10:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > The 'offending' server is actually a linux group's server > news-gateway@lugnet.com Not linux -- lego and lego robotics http://www.lugnet.com/ http://news.lugnet.com/ LUGNET News Server Server: lugnet.com News-by-mail -- Mail Setup subscribe to any group as a mailing list. Here's the message which you posted corresponding to the tracker item http://news.lugnet.com/robotics/?n=24691 Subject: Re: New contest Author: Geoffrey Hyde Newsgroups: lugnet.robotics Date: Thu, 8 Dec 2005 00:33:30 GMT It would appear to have a munged From and Reply-To -- but I can't tell everything I need to tell from your tracker which replaces some parts with 'x' Somehow your mungeing doesn't prevent the recipient of the mailing list which your news posts feeds into from bouncing your news2mail post back to you. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 08:13:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 11:15:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > It would appear to have a munged From and Reply-To Au contraire -- you do *NOT* have a munged From. Here is the original -- the mungeing only shows on the html version; the original format as you posted shows your good email From clearly http://news.lugnet.com/news/raw.cgi?lugnet.robotics,24691 You should configure your newsreader to put an invalid address into the >From [and reply-to] for that newsserver. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 09:03:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 12:05:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > Here's the message which you posted corresponding to the tracker item > http://news.lugnet.com/robotics/?n=24691 > > Subject: Re: New contest > Author: Geoffrey Hyde > Newsgroups: lugnet.robotics > Date: Thu, 8 Dec 2005 00:33:30 GMT I can also access your message with its unmunged From on the newsserver lugnet.com if I use port 1119, as its port 119 doesn't work for me. Newsgroups: lugnet.robotics Subject: Re: New contest Message-ID: Date: Thu, 8 Dec 2005 00:33:30 GMT The lugnet terms of use here http://www.lugnet.com/admin/terms/agreement in items #3 & 4 would seem to prohibit posting unless there is a human decipherable good email address in the From -- but antispam mungeing is permitted. There's also some 'research material' about the interface here: "Mailing list format - Note: The lugnet.robotics newsgroup and the lugnet.robotics@lugnet.com mailing lists are gatewayed with the lego-robotics@crynwr.com mailing list. (See Russell Nelson's LEGO Mindstorms Internals webpage http://www.crynwr.com/lego-robotics/ for more details about the lego-robotics@crynwr.com mailing list or how to unsubscribe from it.)" http://news.lugnet.com/robotics/ -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 8 13:02:39 2005 From: nobody at spamcop.net (John Anderson) Date: Thu Dec 8 14:05:04 2005 Subject: [SpamCop-List] Spamcop is not accepting my password! Message-ID: I have been trying to sign in with my registered password, but spamcop keeps asking for something else, does not accept the one I have registered. John Anderson From spam_hjp at yahoo.com Thu Dec 8 14:10:01 2005 From: spam_hjp at yahoo.com (Jim) Date: Thu Dec 8 14:15:03 2005 Subject: [SpamCop-List] Re: Spamcop is not accepting my password! In-Reply-To: References: Message-ID: > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats shows it as being down From tmcgraw at spamcop.net Thu Dec 8 11:10:34 2005 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 8 14:15:09 2005 Subject: [SpamCop-List] Re: Spamcop is not accepting my password! In-Reply-To: References: Message-ID: I'm getting "No user found for input: tmcgraw" and resetting pswd does not generate a new pswd by email... but I am able to log into my web mail inbox. John Anderson wrote: > I have been trying to sign in with my registered password, but > spamcop keeps asking for something else, does not accept > the one I have registered. > > John Anderson From snowbat at geocities.com Thu Dec 8 17:46:27 2005 From: snowbat at geocities.com (Snowbat) Date: Thu Dec 8 14:50:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Steven Maesslein wrote: > On Tue, 6 Dec 2005 13:24:53 +0000 (UTC), Canopus coughed into spamcop > and left this in : > >> By using my mail client configured to connect to Yahoo Mail using pop3 to >> send spam.......... > > Bzzzzzzzzzzzzt. > > POP3 is used for *receiving* mail, not sending it. Not always - XTND XMIT is supported by one of the three POP3 servers I use. http://musicm.mcgill.ca/msi/http/pop3xtndxmit.html From MikeE at ster.invalid Thu Dec 8 12:41:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 15:45:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: posted to .spam and spamcop, f/ups to spamcop Robert Williams wrote: > Here is what I get out of the header: Your message is badly deformatted by the wrapping and extra EOLs. It would be helpful to me if you would post a *TRACKER* /not/ a spam, of a 'normally' parsing spam in reply to this message without changing the newsgroup back to .spam so that I can see what your normal headers look like. -- Mike Easter kibitzer, not SC admin From RobertW at danjonengineering.com Thu Dec 8 13:10:19 2005 From: RobertW at danjonengineering.com (Robert Williams) Date: Thu Dec 8 16:15:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Ok, Mike, here is a Tracker: http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 "Mike Easter" wrote in message news:dna5ol$l4d$1@news.spamcop.net... > posted to .spam and spamcop, f/ups to spamcop > > Robert Williams wrote: > > Here is what I get out of the header: > > Your message is badly deformatted by the wrapping and extra EOLs. > > It would be helpful to me if you would post a *TRACKER* /not/ a spam, of > a 'normally' parsing spam in reply to this message without changing the > newsgroup back to .spam so that I can see what your normal headers look > like. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Thu Dec 8 13:26:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 16:30:04 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Robert Williams wrote: > Ok, Mike, here is a Tracker: > > http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 Well, we're getting closer. That reportid link can be used by *you* -- but not by me -- to access the /real/ tracker. The way you could give me/us a tracker out of that reportid would be for you to access that reportid, and at the very top of the spam with headers which only you can see is a link called 'Parse'. That 'Parse' link is the tracker I/we need. You can right click it and copy it and paste it in here, or you can click it and then copy the tracker url from the addressline of your browser. If I click on your link [converted from a members only link] -- I would get what you would get if you click on this link http://www.spamcop.net/mcgi?action=gettrack&reportid=1577656720 It doesn't work for you to click on a reportid as above which is only for me, and it doesn't work for me to click on a reportid which is only for you. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 13:34:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 16:35:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Mike Easter wrote: > Robert Williams wrote: >> Ok, Mike, here is a Tracker: >> >> http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 > > Well, we're getting closer. That reportid link can be used by *you* > -- but not by me -- to access the /real/ tracker. Oh, I forgot to mention. Here's the format of a real tracker http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz After the id= comes the unique coding for the parse, consisting of 2 'z' segments. The first z field is a 9 digit decimal number; the 2nd z field is a 32 digit hexadecimal number A reportid link is 'just' a 10 digit decimal after the reportid= -- Mike Easter kibitzer, not SC admin From RobertW at danjonengineering.com Thu Dec 8 13:50:06 2005 From: RobertW at danjonengineering.com (Robert Williams) Date: Thu Dec 8 16:55:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Sorry about that, I somehow had a feeling I was supposed to click the Parse link. Anyways, http://members.spamcop.net/sc?id=z838364690zf1b826e68318eb9ee341bae5588d527az This should give you some idea of what my headers normally look like. "Mike Easter" wrote in message news:dna8t2$nbv$1@news.spamcop.net... > Mike Easter wrote: > > Robert Williams wrote: > >> Ok, Mike, here is a Tracker: > >> > >> http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 > > > > Well, we're getting closer. That reportid link can be used by *you* > > -- but not by me -- to access the /real/ tracker. > > Oh, I forgot to mention. Here's the format of a real tracker > > http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz > > After the id= comes the unique coding for the parse, consisting of 2 'z' > segments. > > The first z field is a 9 digit decimal number; the 2nd z field is a 32 > digit hexadecimal number > > A reportid link is 'just' a 10 digit decimal after the reportid= > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Thu Dec 8 14:20:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 17:20:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Robert Williams wrote: > http://members.spamcop.net/sc?id=z838364690zf1b826e68318eb9ee341bae5588d527az > > This should give you some idea of what my headers normally look like. Okey dokey thanks. Oh, I see. You don't have anything to do with cleartel. I misinterpreted something that SC said in the verbose^1 and tho't it cleartel had something to do with you. It isn't the first time I have misunderstood something SC sez about a mailhost. ^1 "Hostname verified: mail.cleartel.net" In that case, I will revise my earlier abbreviated headers of the item this all started wtih. Abbreviated Received lines *comment from mail.cleartel.net ([206.72.209.41]) by server1.DANJONENGINEERING.LOCAL *sourceline vs relay output from [206.72.209.49] (helo=mail.4-serv.com) by mail.cleartel.net *timestamp 17d, bogushelo, ?bogusline vs sourceIP from 4technology.net ([90.66.225.30]) by mwcp.4technology.net *bogusline >From a human parser's point of view, the notified source would be albany.net for cleartel in any case, it is just a matter of whether you want to say the source IP is the cleartel output server or a userIP behind it. The server IP is also listed in PSBL, which gives evidence which looks like your spamitem, ie the same IP 'behind' the server and the same 'modus' of a bogus helo in that line. http://psbl.surriel.com/evidence?ip=206.72.209.41&action=Check+evidence I personally think the problem is an insecurity between 206.72.209.49 & its server -- that the spam may be being injected at .49 and going out thru' the server 'belatedly' [getting stuck there] and getting the timestamp discrepancy. The other possibility is that the server is insecure and the timestamp problem line is bogus. It is worse for the server to be listed than the user IP, because the server is the #1 output server for the cleartel. -- Mike Easter kibitzer, not SC admin From not at home.today Thu Dec 8 23:35:22 2005 From: not at home.today (Ant) Date: Thu Dec 8 18:40:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: "Redstone" wrote: > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. Create an html document as shown below, paste the encoded text into the form window, and press "Decode" as many times as needed to get clear text. Will unscramble hex values coded with "\x" or "%". (thanks to Spamless for the idea)

From g.hyde at bigpond.net.au Fri Dec 9 09:53:17 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 18:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dn9ksf$aqo$1@news.spamcop.net... > Geoffrey Hyde wrote: >> This is to me a spam email, as there >> is NOTHING, I repeat, NOTHING that I can do about it. > > What you should do is use an invalid addy in your postings to that group > or newsserver. Which I said back then. Which would do nothing but infuriate some poor random user somewhere who does get my message due to the server not figuring out who it should go to. The worst case scenario is that nobody gets it and nobody does anything about it and it just fills up some mailbox somewhere until a human administrator examines it and determines it was my munged from address that filled the mailbox up in the first place, so cancels my account. I don't need unexpected account cancellations thank you very much, Mr. Easter. So I would really prefer to leave things unmunged - spammers may have my address but they WILL get reported. Unfortunately, the only possible resolution here is if the .pk server wakes up and stops bouncing listserver email to places that a human observer could quite easily see it should NOT go to. And why, of all places, does it have to be .pk - or Pakistan? Because everyone elsewhere seems to know how to properly configure their mailserver in order to avoid misdirected bounces like this one. If I could, I'd have it SC reported to admin@lugnet.com, since you seem to have identified them as the listserver owner. I'm pretty sure this spam email is breaking more than a few RFC protocols. If the mailserver at lugnet is the sender, it should be the recipient, or at the very least the Reply-to:, which it isn't. Cheers ... Geoffrey Hyde From mwnospam at comcast.net Thu Dec 8 18:59:29 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 8 19:00:03 2005 Subject: [SpamCop-List] Spamcop and Comcast Message-ID: Is Comcast using Spamcop to screen email for Spam? If not, should I lobby Comcast to do so? Thanks From vanguard.code at comcastNIX.net Thu Dec 8 18:20:31 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Thu Dec 8 19:25:03 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "spamacyde" wrote in message news:dnahco$st7$1@news.spamcop.net... > Is Comcast using Spamcop to screen email for Spam? If not, should I lobby > Comcast to do so? SpamCop is considered, even amonst the DNSBLs, as an aggressive blacklist. ISPs might add some spam filtering but they don't want to be overly aggressive. They would get far more angry complaints from their customers regarding lost "good" mails (false positives) than for spam that got past the ISP's filter. Comcast uses Brightmail for spam filtering. Read http://www.comcast.com/Support/Corp1/FAQ/FaqDetail_1560.html. Lobbying Comcast to make changes won't work. Never has. Ever use their webmail interface to your mail account. Sucks. As yet, and after many years of repeated asking, they still don't let users define server-side rules to get rid of spam so the user doesn't have to waste CPU cycles and bandwidth to get rid of unwanted messages, or even to let webmail-only customers organize their e-mails. From usenet2 at DE.LETE.THISljvideo.com Fri Dec 9 00:43:40 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Dec 8 19:45:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: Waiving the right to remain silent, "Vanguard" said: > "spamacyde" wrote in message > news:dnahco$st7$1@news.spamcop.net... >> Is Comcast using Spamcop to screen email for Spam? If not, >> should I lobby Comcast to do so? > > > SpamCop is considered, even amonst the DNSBLs, as an aggressive > blacklist. ISPs might add some spam filtering but they don't > want to be overly aggressive. They would get far more angry > complaints from their customers regarding lost "good" mails > (false positives) than for spam that got past the ISP's filter. My mailhost, Futurequest, allows the use of SpamCop's BL, but recommends against it for those reasons. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "I've come here to enjoy nature. Don't talk to me about the environment!" - 'Denny Crane' From MikeE at ster.invalid Thu Dec 8 17:43:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 20:45:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> Geoffrey Hyde wrote: >>> This is to me a spam email, as there >>> is NOTHING, I repeat, NOTHING that I can do about it. >> >> What you should do is use an invalid addy in your postings to that >> group or newsserver. Which I said back then. > > Which would do nothing but infuriate some poor random user somewhere > who does get my message due to the server not figuring out who it > should go to. Your message is going to appear on the newsserver and the webforum and the mailing list. What do you mean 'get my message not figuring out who it should go to'? The mailing list recipients are those who sign up for lugnet.robotics. If this scenario unfolds in which a mailing list recipient's mailbox server wants to belatedly bounce to a From, the belated bounce would be emailed to an invalid addy, which goes nowhere. >The worst case scenario is that nobody gets it and > nobody does anything about it and it just fills up some mailbox > somewhere until a human administrator examines it and determines it > was my munged from address that filled the mailbox up in the first > place, so cancels my account. That scenario doesn't work at all. And antispam mungeing is expected and normal behavior -- antispam mungeing of a From doesn't cause you adverse effects. > I don't need unexpected account cancellations thank you very much, Mr. > Easter. So I would really prefer to leave things unmunged - spammers > may have my address but they WILL get reported. You are reporting a server which is doing nothing wrong. That is *not* a good scenario. It is arguably bad reporting by spamcop, which /can/ get you in trouble. > Unfortunately, the only possible resolution here is if the .pk server > wakes up and stops bouncing listserver email to places that a human > observer could quite easily see it should NOT go to. The .pk server is receiving a mail which was posted by you, with your >From and belatedly bouncing it to you. That is not /exactly/ misdirected. The problem is that you are intereacting with a system which is causing that to happen. Using SpamCop as a bludgeon against the .pk server is not the same thing as using SC for 'normal' misdirected bounces. Normally misdirected bounces are bouncing an item to an abused forged From. In this case the bounces are going to the /real/ From, not a forged one.. > And why, of all places, does it have to be .pk - or Pakistan? Because > everyone elsewhere seems to know how to properly configure their > mailserver in order to avoid misdirected bounces like this one. If I > could, I'd have it SC reported to admin@lugnet.com, since you seem to > have identified them as the listserver owner. I think that lugnet needs to be dealing with this situation. It is their setup which is causing your news post to go flying around the mail system and causing trouble for mail servers. > I'm pretty sure this spam email is breaking more than a few RFC > protocols. If the mailserver at lugnet is the sender, it should be > the recipient, or at the very least the Reply-to:, which it isn't. Correct. The ideal situation would be that the lugnet process would be stamping the mail in a proper way, and that the .pk server would be rejecting a mail it can't deliver and that the rejection would be 'signalled' to the lugnet server, which should know if a mailing list recipient's mail isn't working properly. But, as a general rule, the advisability of your From being munged is an almost universal bit of advice. Very very few people think you should be posting to 'some' newsservers with an unmunged From. I can see that you use an unmunged From here, and this is a private newsserver like the lugnet one -- so maybe it is your conviction that this type of newsserver should get a real From -- so I can't argue strongly about that decision. I'm just saying that IMO this is not a normal spamcop misdirected bounce. It is not misdirected because it is directed at a true unforged From, not a bogus or forged From. So, if the bounce isn't misdirected, then it isn't reportable. I say that if you wish you can leave your addy unmunged for this newsserver, but you can't spamcop report the bounce which isn't misdirected. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Thu Dec 8 21:43:46 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Thu Dec 8 22:45:04 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "Larry J." wrote in message news:Xns9726B457777AEthefrogprince@216.154.195.61... > Waiving the right to remain silent, "Vanguard" > said: > >> "spamacyde" wrote in message >> news:dnahco$st7$1@news.spamcop.net... >>> Is Comcast using Spamcop to screen email for Spam? If not, >>> should I lobby Comcast to do so? >> >> >> SpamCop is considered, even amonst the DNSBLs, as an aggressive >> blacklist. ISPs might add some spam filtering but they don't >> want to be overly aggressive. They would get far more angry >> complaints from their customers regarding lost "good" mails >> (false positives) than for spam that got past the ISP's filter. > > My mailhost, Futurequest, allows the use of SpamCop's BL, but > recommends against it for those reasons. > > -- > Larry J. - Remove spamtrap in ALLCAPS to e-mail > > "I've come here to enjoy nature. Don't talk to me > about the environment!" - 'Denny Crane' Some ISPs (the smaller ones) might also give the user a sliding scale of aggressiveness so the user can configure what they are comfortable with for false positives (non-spam marked as spam) and false negatives (spam not detected as spam). My ISP's spam filter is sloppy but I like it that way. It pretty much guarantees that it doesn't have false positives. I've checked the Screened Mail (aka Junk) folder where the spam-tagged mails get moved (which is in a webmail folder on the server that gets emptied once a week) and I cannot recall ever seeing a false positive. However, it still does detect lots of spam that gets moved out of the Inbox and which local e-mail client never has to waste resources to download its headers and/or body. Think of like a mining sluice where the first mesh screens (i.e., server-side filters) are very coarse and only take out the big rocks and the last mesh filter (i.e., your client-side filters) take out the small-grained dirt so you are left with having to search through a lot less dross (i.e., spam) at the end of the chute. You want to scan the fine-grained stuff at the end of the chute rather than have to bother with all the obvious dross at the front end. If my ISP's spam filter were overly "tight" (lots of false positives), I would have to turn it off and waste the time to download it all to have my client-side spam filter get rid of the dross. When you fill your car's gas tank, do you want to insert a restrictive filter funnel into the spout and waste time with the slower funneling and filtering because the gasoline wasn't prefiltered? Even though the gasoline is prefiltered, are you really going to remove that fuel filter in your car's fuel line? Catch the big turds first to reduce the resources later needed to filter out the little turds. From caroljean52 at yahoo.com Thu Dec 8 20:31:11 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Thu Dec 8 23:35:03 2005 Subject: [SpamCop-List] [media] AvTech Direct fined $3 million for spamming Message-ID: $3 million in fines for spamming school district http://seattlepi.nwsource.com/local/251271_kcbriefs08.html From yea at right.com Thu Dec 8 20:34:48 2005 From: yea at right.com (Spaz) Date: Thu Dec 8 23:35:10 2005 Subject: [SpamCop-List] OEM Soft Store? Message-ID: I keep getting spam advertising Microsoft software at very cheap prices. I sent the email to piracy@microsoft.com and they emailed me back saying the link in the email didn't work and asked me to give them information from the website such as name, location, phone number and email address. The link worked for me and it took me to a website called OEM Soft Store. The spam email completely obfuscates the web address but once I got to the website, I got the following link. http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ Of course, the bastards give no location or contact information and they obfuscate all their web links. Does anyone have any info on these jerks? From uheep2 at comcast.net Thu Dec 8 23:45:09 2005 From: uheep2 at comcast.net (Alex Gitlin) Date: Thu Dec 8 23:50:04 2005 Subject: [SpamCop-List] Spam from China Message-ID: A lot of spam comes from China. What are the statistics like - are those spam reports we submit actually useful, are they paying off? (Or do the Chinese sysadmins simply ignore them?) So far I'm not seeing much improvement on the amount of spam coming in, but I've only been on Spamcop for a couple of weeks. Alex. From g.hyde at bigpond.net.au Fri Dec 9 16:04:28 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 01:10:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnanek$l7$1@news.spamcop.net... > Geoffrey Hyde wrote: >> "Mike Easter" >>> Geoffrey Hyde wrote: >>>> This is to me a spam email, as there >>>> is NOTHING, I repeat, NOTHING that I can do about it. >>> >>> What you should do is use an invalid addy in your postings to that >>> group or newsserver. Which I said back then. >> >> Which would do nothing but infuriate some poor random user somewhere >> who does get my message due to the server not figuring out who it >> should go to. > > Your message is going to appear on the newsserver and the webforum and > the mailing list. What do you mean 'get my message not figuring out who > it should go to'? The mailing list recipients are those who sign up for > lugnet.robotics. If this scenario unfolds in which a mailing list > recipient's mailbox server wants to belatedly bounce to a From, the > belated bounce would be emailed to an invalid addy, which goes nowhere. So you say. But then again, I came across a situation which would enable the recipient to see my email regardless of whether there was a valid address or not. >>The worst case scenario is that nobody gets it and >> nobody does anything about it and it just fills up some mailbox >> somewhere until a human administrator examines it and determines it >> was my munged from address that filled the mailbox up in the first >> place, so cancels my account. > > That scenario doesn't work at all. And antispam mungeing is expected > and normal behavior -- antispam mungeing of a From doesn't cause you > adverse effects. If I wanted it munged, yes. But I don't want it munged. QED. >> I don't need unexpected account cancellations thank you very much, Mr. >> Easter. So I would really prefer to leave things unmunged - spammers >> may have my address but they WILL get reported. > > You are reporting a server which is doing nothing wrong. That is *not* > a good scenario. It is arguably bad reporting by spamcop, which /can/ > get you in trouble. IF it is bad SC reporting, as you say, the SC admins will have to improve their servers to handle the problems. Their SC parser isn't built to handle listserver messages at all. And I wouldn't doubt that they could handle this problem somewhat differently IF they choose to. >> Unfortunately, the only possible resolution here is if the .pk server >> wakes up and stops bouncing listserver email to places that a human >> observer could quite easily see it should NOT go to. > > The .pk server is receiving a mail which was posted by you, with your > From and belatedly bouncing it to you. That is not /exactly/ > misdirected. Not quite, the headers don't properly indicate the From: field and I would say there is quite a bit of noncompliant header information in there. > The problem is that you are intereacting with a system which is causing > that to happen. Using SpamCop as a bludgeon against the .pk server is > not the same thing as using SC for 'normal' misdirected bounces. I am not the person asking it to send me an email message about a failure message triggered by another user. If you cannot see this, you cannot see that I see this as spam. Again, QED. (Unless you get a clue, and start reading things properly.) > Normally misdirected bounces are bouncing an item to an abused forged > From. In this case the bounces are going to the /real/ From, not a > forged one.. Or in this case, a From which has not been properly inserted in the headers of the email message, a From which should indicate the lugnet server as the origiator of the email, not me. Again, QED. >> And why, of all places, does it have to be .pk - or Pakistan? Because >> everyone elsewhere seems to know how to properly configure their >> mailserver in order to avoid misdirected bounces like this one. If I >> could, I'd have it SC reported to admin@lugnet.com, since you seem to >> have identified them as the listserver owner. > > I think that lugnet needs to be dealing with this situation. It is > their setup which is causing your news post to go flying around the mail > system and causing trouble for mail servers. Got that right. But how to convince you that this problem is something I can't do anything about, and is therefore spam? (QED, btw.) >> I'm pretty sure this spam email is breaking more than a few RFC >> protocols. If the mailserver at lugnet is the sender, it should be >> the recipient, or at the very least the Reply-to:, which it isn't. > > Correct. The ideal situation would be that the lugnet process would be > stamping the mail in a proper way, and that the .pk server would be > rejecting a mail it can't deliver and that the rejection would be > 'signalled' to the lugnet server, which should know if a mailing list > recipient's mail isn't working properly. You're getting warmer. And closer to the real problem at hand. But take this bit of advice with you when you examine these emails - I did not ask for the lugnet server to set me up as the Failure-notice recipient. Therefore, it is causing me to be spammed by the .pk mailserver. Spam. And, once again, QED. > But, as a general rule, the advisability of your From being munged is an > almost universal bit of advice. Very very few people think you should > be posting to 'some' newsservers with an unmunged From. I can see that > you use an unmunged From here, and this is a private newsserver like the > lugnet one -- so maybe it is your conviction that this type of > newsserver should get a real From -- so I can't argue strongly about > that decision. I'm just saying that IMO this is not a normal spamcop > misdirected bounce. It is not misdirected because it is directed at a > true unforged From, not a bogus or forged From. So, if the bounce isn't > misdirected, then it isn't reportable. I don't /want/ or /need/ an unmunged From: - why do I want one? You haven't answered that question at all, and unless you have something more concrete than not receiving stupid mailserver bounces, again, QED. > I say that if you wish you can leave your addy unmunged for this > newsserver, but you can't spamcop report the bounce which isn't > misdirected. I can if I think it is spam. And I've ample evidence, backed up by you, which will make further emails of this type be SC reported, unless SC fixes the parser to handle mailserver bounce messages. FWIW, the listserver protocol is probably very out-of-date, I still consider these to be spam messages, and by no means did I sign up anywhere for any of it. So you can take your "this isn't spam" and "this isn't spamcop reportable" and STUFF IT!! QED. Cheers ... Geoffrey Hyde From borgholio at storymind.com Thu Dec 8 22:48:33 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Dec 9 01:50:03 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: Alex Gitlin wrote: > A lot of spam comes from China. What are the statistics like - are those > spam reports we submit actually useful, are they paying off? (Or do the > Chinese sysadmins simply ignore them?) So far I'm not seeing much > improvement on the amount of spam coming in, but I've only been on Spamcop > for a couple of weeks. > > Alex. > > Terrible. I have a blacklist that blocks the whole damn country, and I've never seen even one legit email get caught...probably because there isn't any such thing. :) From yea at right.com Thu Dec 8 23:09:33 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 02:10:03 2005 Subject: [SpamCop-List] I want more spam! Message-ID: I'm creating a database of spam messages but I only get 3-6 spams about every other day. What's the best way for me to get on a good spam list? I'm going to set up a special email address just for spam. From yea at right.com Thu Dec 8 23:13:17 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 02:15:03 2005 Subject: [SpamCop-List] Re: [media] AvTech Direct fined $3 million for spamming References: Message-ID: Cool! How do I get on their spam list? If they have that kind of money, I want to sue them too! "caroljean52" wrote in message news:dnb1ah$602$1@news.spamcop.net... > $3 million in fines for spamming school district > http://seattlepi.nwsource.com/local/251271_kcbriefs08.html > > From porpoise1954 at yahoo.co.uk Fri Dec 9 08:37:11 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 9 03:40:03 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: Message-ID: "Justin" wrote in message news:dnbbuf$bgm$1@news.spamcop.net... over in spamcop.spam. As they don't give a web address where you can go and see their product catalogue/contact details etc., I would say it is most likely a scam - or they don't have a clue on how to conduct business........ From joseph_k at invalid.com Fri Dec 9 02:06:24 2005 From: joseph_k at invalid.com (Joseph_K) Date: Fri Dec 9 05:10:28 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: On Thu, 8 Dec 2005 20:34:48 -0800, "Spaz" wrote: >I keep getting spam advertising Microsoft software at very cheap >prices. I sent the email to piracy@microsoft.com and they emailed >me back saying the link in the email didn't work and asked me to >give them information from the website such as name, location, phone >number and email address. The link worked for me and it took me to a >website called OEM Soft Store. The spam email completely obfuscates >the web address but once I got to the website, I got the following >link. > >http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ Forward this still working URL to them. You have done your part. If they cannot do their own leg work, well.... -- ---------+---------+---------+---------+---------+---------+---------+ Joseph K Seattle, WA, USA From 96q7vwa02 at sneakemail.com Fri Dec 9 01:10:27 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 05:15:13 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: Message-ID: "Porpoise" wrote in message news:dnbfpt$dph$1@news.spamcop.net... > > "Justin" wrote in message > news:dnbbuf$bgm$1@news.spamcop.net... > over in spamcop.spam. > Not most likely but absolutely it is spam. Variation of the 419 variety Fred k. From nobody at nowhere.invalid Fri Dec 9 11:51:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 9 05:55:07 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and left this in : > Terrible. I have a blacklist that blocks the whole damn country, and I've > never seen even one legit email get caught...probably because there isn't > any such thing. :) Ditto here. You can say the same for all of APNIC space except Australia and New Zealand. Most of it *isn't* in the local BL here - because it's in the firewall. There's no point allowing the connection to happen and an instance of sendmail to be started when I know full well it's going to be spam knocking on my door, so I don't even allow these areas access to my port 25. Saves CPU cycles and allows the machine to get on with more useful tasks. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From MikeE at ster.invalid Fri Dec 9 06:57:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 10:00:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> antispam mungeing of a From doesn't cause you >> adverse effects. > > If I wanted it munged, yes. But I don't want it munged. QED. I'm not trying to /convince/ you to munge your From -- I believe that it is your 'right' to maintain a good From, and I support the arguments of those who argue for using a good From instead of mungeing it. Normally the reasons for mungeing the From are to counteract the effect of addresses harvesters which scrape the From addies from the overview. In this case I suggested or recommended mungeing the From because you are posting into a system which you and I both know is going onto a webforum board which /does/ munge your From automatically as an antispam measure and is also going out a mailing list which is causing you to be receiving belated bounces addressed to your From. Which belated bounces are *not* misdirected in terms of spamcop reportability. >> You are reporting a server which is doing nothing wrong. That is >> *not* a good scenario. It is arguably bad reporting by spamcop, >> which /can/ get you in trouble. > > IF it is bad SC reporting, as you say, the SC admins will have to > improve their servers to handle the problems. There are several SC 'strategies' to prevent problems. One of the strategies is to make rules for the reporters. For example, there are rules about not reporting mailing list spam, unless you are reporting it as the mailing list admin. Another rule used to be to not report misdirected bounces. Now, the rules have been changed to allow reporting of a misdirected bounce which are received as a consequence of a forged or bogus From. But this situation we are discussing isn't covered precisely in the rules as written. What I'm saying is that your situation is closer to being that of a problem caused by a mailing list condition, which you are not supposed to report. What I'm also saying is that your situation is *not* that of receiving a misdirected bounce due to a forged or bogus From, because the bounce you are receiving is not misdirected because it /is/ your From. > Their SC parser isn't > built to handle listserver messages at all. The SC rules are that you aren't supposed to report mailing list spam. > Not quite, the headers don't properly indicate the From: field and I > would say there is quite a bit of noncompliant header information in > there. There is a big problem for mailservers to handle all of the different varieties of headers which mailing lists present to them. I'm going to give one example further down. >> The problem is that you are intereacting with a system which is >> causing that to happen. Using SpamCop as a bludgeon against the .pk >> server is not the same thing as using SC for 'normal' misdirected >> bounces. > > I am not the person asking it to send me an email message about a > failure message triggered by another user. You are [indirectly] sending to a mailing list. Receiving unwanted items as a result of 'misadventures' of mailing list traffic is not spamcop reportable. As a personal example: I belong to a DShield mailing list whose headers I'll talk about below. I have received 'out of office' bounces because of that mailing list. I do *NOT* report such an outofoffice bounce as spam to the spamcop system because the bounce is a 'manifestation' of my mailing list 'condition'. While it is true that I shouldn't have gotten the bounce and while it is also true that we have 'discussed' in the list the potential for outofoffice responders to get themselves spamcop reported, I didn't find what I received to be an appropriate report. > If you cannot see this, > you cannot see that I see this as spam. It is /definitely/ not a 'spam' by definition. It is an unwanted mail. It is a bounce of your own mail to a mailing list. > (Unless you get > a clue, and start reading things properly.) We are disagreeing about the interpretation of the reportability. >> Normally misdirected bounces are bouncing an item to an abused forged >> From. In this case the bounces are going to the /real/ From, not a >> forged one.. > > Or in this case, a From which has not been properly inserted in the > headers of the email message, a From which should indicate the lugnet > server as the origiator of the email, not me. You are mistaken. It is 'normal' and acceptable for mailing list items to maintain the From of the sender. There are many many different ways for mailing list headers to contain information. Perhaps we should start a subthread and discuss that, but I'm going to show one example below. >> I think that lugnet needs to be dealing with this situation. It is >> their setup which is causing your news post to go flying around the >> mail system and causing trouble for mail servers. > > Got that right. But how to convince you that this problem is > something I can't do anything about, and is therefore spam? (QED, > btw.) It is not spam. It is a bounce of your contribution to a mailing list. What we agree on is that it is unwanted and that the bounce should be going to the lugnet server and not you. > I > did not ask for the lugnet server to set me up as the Failure-notice > recipient. There isn't an official 'failure-notice' condition here. > Therefore, it is causing me to be spammed by the .pk > mailserver. Not spammed > I don't /want/ or /need/ an unmunged From: - why do I want one? OK. I won't argue about that with you. >> I say that if you wish you can leave your addy unmunged for this >> newsserver, but you can't spamcop report the bounce which isn't >> misdirected. > > I can if I think it is spam. Not spam. We are currently discussing if such a report is against the rules because it pertains to mailing list problems and also that it is not included in the rules because it is not a misdirected bounce. It is definitely not spam. Now I'm here at the bottom and I'll mention one mailing lists headers. My gmail address subscribes to the dshield list. The dshield list goes to my gmail which is forwarded to my earthlink address. I'll leave out the headers that involve the forwarding and truncate the various other headers here. From: Subscriber's address To: "'General DShield Discussion List'" Sender: list-bounces@lists.dshield.org Errors-To: list-bounces@lists.dshield.org If a list someone's outofoffice were misconfigured and my addy were in the From and I got the outofoffice bounce, I would not report it, because it is a consequence of my involvement with a mailing list. There are many other variations of the above headers of mailing list items. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Fri Dec 9 18:59:41 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Dec 9 10:00:11 2005 Subject: [SpamCop-List] Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! Message-ID: Aren't I privileged?. If you are really keen on reading this PHISH here's a tracker. http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez But honestly, don't bother. From MikeE at ster.invalid Fri Dec 9 07:26:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 10:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > It is not spam. It is a bounce of your contribution to a mailing > list. > > What we agree on is that it is unwanted and that the bounce should be > going to the lugnet server and not you. > There are many other variations of the above headers of mailing list > items. Here are the headers of the item to the .pk university server nu.edu.pk [namely National University of Computer and Emerging Sciences which has campuses at Islamabad, Karachi, Lahore, and Peshawar] From: Geoffrey Hyde [unmunged] Sender: news-gateway@lugnet.com Reply-To: Geoffrey Hyde [munged] To: funky addy at nu.edu.pk Subject: Re: New contest When you report such an item, you list the .pk university server. That isn't what SC wants to be doing. Naturally the item should be rejected during the transaction or if newmailed, it should be newmailed to the Sender. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Dec 9 07:43:05 2005 From: nobody at spamcop.net (Antispam Knight) Date: Fri Dec 9 10:45:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: "Redstone" wrote in message news:Xns9726C63D293Dtinlc@216.154.195.61... > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. > I just paste it into notepad, go to the beginning of the file, hit "replace" or ctrl-h. In the "find" window, type in \x, in the "replace with" window type in %. Open a browser window at http://scriptasylum.com/tutorials/encdec/encode-decode.html and paste the decoded script from notepad into the right window above, and hit the arrow pointing to the left (<-). Paste the unescaped string in the left window into notepad (I paste it right below the original % script). Do a search for http (this will tell you win what directory the URL resides (ie. you might find http:http%3A//fix.%27%3B%0D%0A... which tells you that the spamvertised sites will all be of the form http://fix.someurl.com). Now go back to the beginning of this long string and do a search for .com. Each hit will be one of the spamvertised sites. This spammer used to use about 10-20 different sites per geocities webpage. The script alternates between all of them, one at a time. It changes each time one visits or refreshes the geocities site. Lately, he's been using 2-4 addresses per geocities webpage. All of the final sites above which I have uncovered, resolve to : 222.168.100.164 218.12.197.160 222.60.14.176 222.60.14.175 218.106.35.211 218.104.136.188 222.168.100.163 218.106.35.213 and maybe a few others I've overlooked. All of the whois data is with BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN. Almost all of the data is bogus, and has been reported. I have yet to see the registrar nuke any of the literally hundreds I have reported, and a complaint has been filed with ICANN, for all the good it'll do. Hope this data helps someone. AK From nobody at spamcop.net Fri Dec 9 10:56:02 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 11:00:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > Is Comcast using Spamcop to screen email for Spam? If not, should I > lobby Comcast to do so? > > Thanks No. I suggest that you use SpamPal if you have Comcast (I do). Brightmail sucks donkey balls. From nobody at spamcop.net Fri Dec 9 10:56:39 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 11:00:09 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: Spaz wrote: > I'm creating a database of spam messages but I only get 3-6 spams > about every other day. What's the best way for me to get on a good > spam list? I'm going to set up a special email address just for spam. Are you off your meds or what?!? Want mine? From nospam at nospam.com Fri Dec 9 09:59:57 2005 From: nospam at nospam.com (Justin) Date: Fri Dec 9 11:00:15 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: References: Message-ID: <4399A9FD.8080806@nospam.com> Fred K. wrote: > "Porpoise" wrote in message > news:dnbfpt$dph$1@news.spamcop.net... >> "Justin" wrote in message >> news:dnbbuf$bgm$1@news.spamcop.net... >> over in spamcop.spam. >> > Not most likely but absolutely it is spam. Variation of the 419 variety > > Fred k. > > Yeah I am thinking about playing along with this spam just to have a little bit of fun with this spammer any ideas on some things i could do . From jg at coks.net Fri Dec 9 08:12:45 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:03 2005 Subject: [SpamCop-List] meds spam Message-ID: http://www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z Been getting a flood (for me) of these sourced by various blackhat networks with spamverts hosted by comcor. I am unable to get any info on these sites beyond comcor - are all these /originating/ from ru? Or is the spammer able to bury his id - I'm tinking he's in the U.S. somewhere but am missing something (or am wrong on that...) From jg at coks.net Fri Dec 9 08:15:31 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:09 2005 Subject: [SpamCop-List] x- line in header question... Message-ID: http://www.spamcop.net/sc?id=z838748053z80e0379c1c062b745f52a2dbf306449cz One of the header lines relates to pgp - whats with this? From jg at coks.net Fri Dec 9 08:17:08 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:15 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast In-Reply-To: References: Message-ID: On 12/9/2005 7:56 AM indigo scribbled: > No. I suggest that you use SpamPal if you have Comcast (I do). Brightmail > sucks donkey balls. > > pretty descriptive... From MikeE at ster.invalid Fri Dec 9 08:38:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 11:40:03 2005 Subject: [SpamCop-List] Re: x- line in header question... References: Message-ID: jg wrote: www.spamcop.net/sc?id=z838748053z80e0379c1c062b745f52a2dbf306449cz > > One of the header lines relates to pgp - whats with this? An X-line in a normal mail without forged headers has 'meaning' to something on one end or the other and are extemely variable in the type of information they might hold. An X-line in spam which is likely to contain forged headers may be a 'normal' xline with meaning to something on one end or the other, or it may be totally bogus. It is not normally a valuable expenditure of time to determine whether or not the spam's x-line is bogus or real, or if bogus why the spammer chose that bogosity, or if real what difference it makes. It is sometimes educational to research what an xline means when it is real, but that is an entirely different subject than what a similar xline means in a particular spamitem. A normal X-PGP-Key line is a means of the sender communicating something about their own pgp key information, such as where it can be found or what the keyid is. Normally a keyid is a hexadecimal value such as 0x0DC67BE6 or a fingerprint such as 295F A899 A81A 156D B522 48A7 6394 F08A 0DC6 7BE6 or a location on a website or keyserver This value is OjoHgrn2KwN72f30YIaihLzpcOeQF2gZIqAayYyVkj8IdztndJfi4nTakkz4Xanm which I don't recognize and wouldn't spend much time trying to decipher. -- Mike Easter kibitzer, not SC admin From devnull at spamcop.net Fri Dec 9 11:15:53 2005 From: devnull at spamcop.net (Frog Prince) Date: Fri Dec 9 11:40:11 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Spaz" wrote in message news:dnb1h7$618$1@news.spamcop.net... | I keep getting spam advertising Microsoft software at very cheap prices. I sent the email to | piracy@microsoft.com and they emailed me back saying the link in the email didn't work and asked me | to give them information from the website such as name, location, phone number and email address. | The link worked for me and it took me to a website called OEM Soft Store. The spam email completely | obfuscates the web address but once I got to the website, I got the following link. | | http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ | | Of course, the bastards give no location or contact information and they obfuscate all their web | links. Does anyone have any info on these jerks? Speaks well for MS technical ability ... can't even do the leg work necessary to protect their products/market. From nobody at spamcop.net Fri Dec 9 10:16:51 2005 From: nobody at spamcop.net (Ellen) Date: Fri Dec 9 11:55:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Steven Maesslein" wrote in message news:slrndpiock.52e.nobody@127.0.0.1... > On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and > left this in : > > > Terrible. I have a blacklist that blocks the whole damn country, and I've > > never seen even one legit email get caught...probably because there isn't > > any such thing. :) > > Ditto here. You can say the same for all of APNIC space except Australia > and New Zealand. Most of it *isn't* in the local BL here - because it's > in the firewall. There's no point allowing the connection to happen and > an instance of sendmail to be started when I know full well it's going > to be spam knocking on my door, so I don't even allow these areas access > to my port 25. Saves CPU cycles and allows the machine to get on with > more useful tasks. > Well actually we *are* hearing from admins in China nowadays. This is a nice change. Of course, it is a large country (obviously) and the ones we are hearing from are cleaning up their little bits of it. So things are improving altho it may not be terribly obvious yet. Ellen From jg at coks.net Fri Dec 9 09:02:39 2005 From: jg at coks.net (jg) Date: Fri Dec 9 12:05:03 2005 Subject: [SpamCop-List] Re: x- line in header question... In-Reply-To: References: Message-ID: On 12/9/2005 8:38 AM Mike Easter scribbled: > This value is > OjoHgrn2KwN72f30YIaihLzpcOeQF2gZIqAayYyVkj8IdztndJfi4nTakkz4Xanm which I > don't recognize and wouldn't spend much time trying to decipher. > Thanks, Mike, I won't waste anymore time. Goodness, a bogusity - surprise... From MikeE at ster.invalid Fri Dec 9 09:06:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 12:10:03 2005 Subject: [SpamCop-List] Re: meds spam References: Message-ID: jg wrote: www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z The tracker has a verbose. The verbose says about the source 220.116.205.97 listed in cbl.abuseat.org 220.116.205.97 is an open proxy Administrator of network where email originates abuse@kornet.net > I am unable to get any info on these sites beyond comcor - are all > these /originating/ from ru? What do you mean, exactly? Originating as in spamsource? When an item is spamsourced from an open proxy you can't tell who was manipulating and injecting the spam behind the proxy. Originating as in who is 'behind' the spamvertiser domainname? The IP of the spamvertiser is spamhaused as an SBL here http://www.spamhaus.org/SBL/sbl.lasso?query=SBL35314 Your current item is named zanozav.com which is reg'd in whois.nic.ru like this: Contact Name: Yulia A Fridman Contact Organization: Yulia A Contact Street1: 87, 188 Tallinkskaya Contact City: Moscow which is similar to the spamhaus information > Or is the spammer able to bury his id - I'm tinking he's in the U.S. > somewhere but am missing something (or am wrong on that...) Using terms like 'spammer' and 'from' is ambiguous. We have spamvertisers which are domainnames for the URL at a website provider, and we have spamsources which are sourced at a provider and which are often open proxies or trojans. We can notify the source and/or webspace providers or not. We can notify an interested agency or not. We can be vigilantes or not. We can notify appropriate upstream adjacencies or not. We can sleuth around and try to guess at the meatspace identities behind or orchestrating a particular spam 'type' or not. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Fri Dec 9 17:21:44 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Fri Dec 9 12:25:03 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: Berny wrote: > > But honestly, don't bother. > > Heh, I know what you mean. It's becoming so much S2D2 (Same Shit, Different Day). From jg at coks.net Fri Dec 9 09:24:10 2005 From: jg at coks.net (jg) Date: Fri Dec 9 12:25:09 2005 Subject: [SpamCop-List] Re: meds spam In-Reply-To: References: Message-ID: On 12/9/2005 9:06 AM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z > > The tracker has a verbose. The verbose says about the source > abuse@kornet.net I know that is the source.... > >>I am unable to get any info on these sites beyond comcor - are all >>these /originating/ from ru? > > What do you mean, exactly? Originating as in spamsource? When an item > is spamsourced from an open proxy you can't tell who was manipulating > and injecting the spam behind the proxy. Originating as in who is > 'behind' the spamvertiser domainname? > > The IP of the spamvertiser is spamhaused as an SBL here > http://www.spamhaus.org/SBL/sbl.lasso?query=SBL35314 > > Your current item is named zanozav.com which is reg'd in whois.nic.ru > like this: > > Contact Name: Yulia A Fridman > Contact Organization: Yulia A > Contact Street1: 87, 188 Tallinkskaya > Contact City: Moscow > > which is similar to the spamhaus information > > >... try to guess at the meatspace identities behind or > orchestrating a particular spam 'type' or not. > I guess I was trying to guess at the "meatspace" (new term to me) - I just had the feeling it was somewhere outside ru space, it being so similiar to a spammer that was recently indicted in -?- So. Carolina... From 96q7vwa02 at sneakemail.com Fri Dec 9 08:28:53 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 12:40:03 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: <4399A9FD.8080806@nospam.com> Message-ID: "Justin" wrote in message news:4399A9FD.8080806@nospam.com... > Yeah I am thinking about playing along with this spam just to have a > little bit of fun with this spammer any ideas on some things i could do . Reply to the email address in the body as long as you use an email address that you can throw away when that address gets spread around the spammer world. Fred k From MikeE at ster.invalid Fri Dec 9 09:49:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 12:50:03 2005 Subject: [SpamCop-List] Re: meds spam References: Message-ID: jg wrote: > I guess I was trying to guess at the "meatspace" (new term to me) The concept of meatspace is sometimes for those who are interested in identity sleuthing. When sleuthing, we typically 'see' the cyberspace persona. Your cyberspace persona here in the SC ng/s is jg. We can derive your posting IP and if we 'follow you around' sufficiently as a sleuthing process, we learn to recognize your 'handwriting' from your posts here and we might find other and alternate cyberspace identity characteristics, such as email addies and different handles. After we develop a thorough cyberspace profile which might involve quite a number of eml addies and handles and handwriting characteristics, we would put that together with other search techniques to try to determine who/what the meatspace persona is, which would be the realname, snail address, telno and then expand that into ownership or registration information or drivers license information or social security number or bank account and routing information or CC #s or PINS or whatever. Most identity sleuths who do it for the fun of it are only interested in 'modest' amounts of meatspace identity information -- they are not into embarassing or harassing or stealing the identity or the resources of the target. Speaking of 'meat' -- there's a very old 'story' or skit called "They're Made out of Meat" which was written by Terry Bisson and won a Nebula award and was published in Omni mag almost 15 years ago which circulates around the internet which I like. Here's a link to it http://www.terrybisson.com/meat.html THEY'RE MADE OUT OF MEAT There are a lot of links for the story, some in 'prettier' html, but I chose the one which is at Terry's site -- Mike Easter kibitzer, not SC admin From yea at right.com Fri Dec 9 11:21:17 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 14:25:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Frog Prince" wrote in message news:dncbuo$uhs$1@news.spamcop.net... > > Speaks well for MS technical ability ... can't even do the leg work > necessary to protect their products/market. Here's their response in case you're interested. ----- Original Message ----- From: "Microsoft Anti-Piracy Team" To: <> Sent: Thursday, December 08, 2005 6:26 PM Subject: spam piracy [Incident: 051207-000098] Subject --------------------------------------------------------------- spam piracy Discussion Thread --------------------------------------------------------------- Response (+) - 12/08/2005 07:26 PM Hello, Thank you for contacting the Microsoft Anti-Piracy Team. We appreciate that you have taken the time to forward anti-piracy leads to our team. The website linked in the email you forwarded is no longer valid or has been lost in the forwarding process. In order for us to process the lead, we need to have certain additional information regarding the company you are reporting. If you were able to capture information from the linked website prior to forwarding the email to piracy@microsoft.com, please send us all the information you have such as: Company name Company address including city and state Company phone number Company email address Company website With the above information we will be able to process the lead as requested. Again, thank you for your interest in our anti-piracy campaign. You may also visit our Internet site on http://www.microsoft.com/piracy and http://www.howtotell.com to review additional information on recognizing genuine Microsoft product and Microsoft's licensing policies. Again, thank you for your interest in our anti-piracy campaign. Microsoft Corporation Worldwide Sales Group Date Received 12/07/2005 08:28 AM ==================== Message Attachment ==================== ==================== text File Attachment ==================== Attachment 1.txt, 1362 bytes, added to incident ==================== image File Attachment ==================== Ebd.GIF, 7551 bytes, added to incident Auto-Response - 12/07/2005 08:28 AM Microsoft Corporation thanks you for your recent correspondence to our Anti-Piracy team. As an international company that believes in protecting intellectual property, Microsoft devotes substantial time and effort towards fighting software piracy, and we appreciate your shared interest in this cause. Our staff promptly handles questions or requests for information on software piracy. We actively pursue all reports of possible unauthorized copying and/or distribution of Microsoft software. Due to the sensitive legal nature of these matters, it is not possible for us to provide feedback or updates about actions taken on your submission. However, this in no way reduces the importance of your submission to us. Please be assured that every submission is taken seriously, investigated, and followed by whatever action is deemed necessary. Microsoft makes available valuable information you can use to protect yourself from pirated software, as well as information about Microsoft initiatives designed to protect customers and combat software piracy. To find out more, visit www.microsoft.com/genuine and www.microsoft.com/piracy where you can learn to recognize genuine Microsoft software and learn more about Microsoft's licensing policies. Additional information - Reporting Software Piracy to Microsoft Online: https://microsoft.com/resources/howtotell/ww/reports/report.aspx --------------------------------------------------------------------------------- Reporting Software Piracy to Microsoft within USA or Canada: Call 1-800-RU-LEGIT --------------------------------------------------------------------------------- Reporting Software Piracy to Microsoft outside of USA or Canada: Visit http://www.microsoft.com/piracy/Reporting_out.mspx for local telephone numbers --------------------------------------------------------------------------------- For information on recognizing genuine Microsoft software acquired with a new PC: Visit http://www.microsoft.com/piracy/howtotell --------------------------------------------------------------------------------- Microsoft Authorized Distributors: Visit http://www.microsoft.com/directaccess. --------------------------------------------------------------------------------- Microsoft Authorized OEM Distributors: Visit http://www.microsoft.com/oem --------------------------------------------------------------------------------- Listing of Microsoft volume licensing programs: Visit http://www.microsoft.com/licensing --------------------------------------------------------------------------------- Additional information about Anti-Piracy from the Business Software Alliance: Visit http://www.bsa.org. Once again, we thank you for your interest and participation in fighting software piracy! Yours sincerely, Microsoft Corporation Anti-Piracy Team From mwnospam at comcast.net Fri Dec 9 14:49:15 2005 From: mwnospam at comcast.net (spamacyde) Date: Fri Dec 9 14:50:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: Ok, If Comcast isn't using Spamcop, should I report my spam to Brightmail or Spampal rather than Spamcop? "spamacyde" wrote in message news:dnahco$st7$1@news.spamcop.net... > Is Comcast using Spamcop to screen email for Spam? If not, should I lobby > Comcast to do so? > > Thanks > > From MikeE at ster.invalid Fri Dec 9 12:07:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 15:10:04 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > If Comcast isn't using Spamcop, should I report my spam to Brightmail > or Spampal rather than Spamcop? Brightmail allegedly has a process in place for the enterprise level subscribers [ie EL or comcast] to their services to allow users to submit spam via the corporate client -- eg EL subscribers submit items to a junkmail addy that allegedly feeds the Brightmail system.... . .. but, Brightmail executives have said at conferences that such spam contributions which are made by the end users are not a good source of 'information' for their filter building, because the endusers aren't reliable and the endusers report all kinds of things which shouldn't have been considered in the spam 'pile'. Brightmail actually prefers their own 'methods' for improving their filters rather than user input. That user unreliability index is also supported here by comments from SC deputies who confirm that mistakes from entirely automatic nonhuman spamtrap reports are less common than mistakes made by spamcop reporters, who are supposed to have read and follow the rules. My own opinion is that such as Brightmail almost completely disregards any input from the end users of their corporate clients. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Fri Dec 9 20:37:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 9 15:40:02 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! References: Message-ID: "Tim" wrote in message news:dncedo$lc$1@news.spamcop.net... > Berny wrote: >> >> But honestly, don't bother. >> >> > Heh, I know what you mean. > > It's becoming so much S2D2 (Same Shit, Different Day). 2S2D From nobody at spamcop.net Fri Dec 9 15:53:32 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 15:55:03 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > Ok, > > If Comcast isn't using Spamcop, should I report my spam to Brightmail > or Spampal rather than Spamcop? > SpamPal is a user-configureable client-side filter that uses a collection of public blocklists, nobody to report spam to ..... From yea at right.com Fri Dec 9 14:21:47 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 17:25:02 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "indigo" wrote in message news:dnc9fo$sm8$1@news.spamcop.net... > > Are you off your meds or what?!? Want mine? No, but I would like to know how you got them so I can start receiving them too. From nobody at devnull.spamcop.net Fri Dec 9 17:34:36 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Dec 9 17:35:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: You would be better to lobby them to close open proxies and notify customers of trojans. All my porn spam comes from Comcast. And they pay absolutely no attention to reports. Miss Betsy From 96q7vwa02 at sneakemail.com Fri Dec 9 13:50:07 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 17:55:03 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Spaz" wrote in message news:dnd01q$bfu$1@news.spamcop.net... > No, but I would like to know how you got them so I can start receiving > them too. > Go to spamvertized sites and unsubscribe/opt out with the addy you want spammed. It might take a while, but eventually you get what you want. For more places to use, follow tracker links to spamverized sites. Fred k. From g.hyde at bigpond.net.au Sat Dec 10 09:27:57 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 18:30:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnc7mh$qr6$1@news.spamcop.net... > When you report such an item, you list the .pk university server. That > isn't what SC wants to be doing. I've asked you, repeatedly, to point to guidelines - /excluding/ the SC website - that say this is what normal mailing list behaviour should be, and that these are normal behaviours regarding servers which handle mailing list mails. You haven't provided one shred of evidence so far to support your theories. > Naturally the item should be rejected during the transaction or if > newmailed, it should be newmailed to the Sender. Therefore, until such time as you post the requested information above, I will be ignoring any further debate or discussion with you on this topic. As far as I'm concerned, it's spam and will be fed to SC for reporting. And I don't care what the SC reporting guidelines are, I want to know what the internet "RFC" or current equivalent protocol states about internet mailing list emails. Google wasn't of much help ... Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Dec 9 15:52:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 18:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> When you report such an item, you list the .pk university server. >> That isn't what SC wants to be doing. > > I've asked you, repeatedly, to point to guidelines - /excluding/ the > SC website - that say this is what normal mailing list behaviour > should be, and that these are normal behaviours regarding servers > which handle mailing list mails. You haven't provided one shred of > evidence so far to support your theories. Let me refresh you about what we agree on and what we disagree on. We agree that your posts to a newsserver are going to a webforum and a mailing list and that those posts contain your unmunged From. We agree that the optimal management of the server handling the mailing list's mail should be to reject it from the sending server which is lugnet or at the worst belatedly bounce it to the Sender line of the item and not the From. We also agree that you have the right to let your From be unmunged, if you so wish. What we disagree on is that what you are reporting is called 'spam' and we disagree on whether or not spamcop reporting it breaks the spamcop rules and we disagree on how to approach this problem. The people you should be having this longwinded conversation with is not me, but the lugnet 'system' which is handling your newsmessage and turning it into a mail which they are not getting bounces for when undelivered. Both you and lugnet agree that they want that mail item and you don't. The lugnet system isn't a system which *I* am having a problem with. The lugnet system is a system which *you* are having a problem with. If anyone should be looking around for something, it should be you, not me. >> Naturally the item should be rejected during the transaction or if >> newmailed, it should be newmailed to the Sender. > > Therefore, until such time as you post the requested information > above, I will be ignoring any further debate or discussion with you > on this topic. As far as I'm concerned, it's spam and will be fed to > SC for reporting. I'm only a kibitzer around here, not any kind of admin. Generally the punishment for breaking a rule, especially if the situation is fuzzy, shouldn't be too harsh. The way it would unfold is that a provider who gets spamcop blocklisted and whose mail delivery is interfered with, such as the .pk university server's admin, takes a look at the reports of alleged spam which they are receiving copies of. When that admin looks at something which is not spam whose report causes their server to become listed, then they contact the deputy at spamcop and tell them that a reporter is making false reports of something which is not spam, but instead is something which was mailed to a mailing list. Then, the deputy takes a look at the situation based on the reportid or tracker and determines that it is not spam and that it is something which was sent to a mailing list by you and then the deputy determines that it was a bad report and against the rules. Hopefully all that will happen is that the deputy will 'admonish' you to not be making those kinds of reports in the future rather than being more severe because of all of this conversation you and I are having --- in which there was plenty of opportunity for you to determine that those reports weren't really a good idea, all things considered. So, you could take the attitude that you will continue to report them until such time as you are admonished by a real admin. Or, you could try to help out lugnet by letting them know about the problem and letting lugnet and the .pk server admin talk to each other on a server admin to server admin level. > And I don't care what the SC reporting guidelines are, You should *DEFINITELY* care what the SC reporting guidelines are if we are talking about you making a SC report. If we are not talking about making a SC report, then the SC reporting guidelines don't make any difference for just chatting about here. > I want to know > what the internet "RFC" or current equivalent protocol states about > internet mailing list emails. Google wasn't of much help ... The way it works is that there are some major majordomos or listservs which do things a particular way, and there are some RFCs which are 'integrated' with those softwares and there are some server softwares which are also configured accordingly so that normally things work the way they are supposed to -- which is where you don't get the bounce which is 'soft' or belated and the list server does get a bounce which is either hard as a rejection or soft as a belated newmail to the Sender line. That is the part you and I agree on. We are debating how to manage the current problem in the meantime. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Sat Dec 10 10:06:34 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 19:10:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnd5b9$e7t$1@news.spamcop.net... > Geoffrey Hyde wrote: >> "Mike Easter" >> I've asked you, repeatedly, to point to guidelines - /excluding/ the >> SC website - that say this is what normal mailing list behaviour >> should be, and that these are normal behaviours regarding servers >> which handle mailing list mails. You haven't provided one shred of >> evidence so far to support your theories. > > Let me refresh you about what we agree on and what we disagree on. We > agree that your posts to a newsserver are going to a webforum and a [snip] QED, mate. You were asked, you haven't responded, goodbye. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Dec 9 17:10:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 20:10:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > QED, mate. Now that we've finished discussing the issue which initiated this thread, let me remark on your usage of Q.E.D. in a discussion or debate or disagreement of this nature -- because I also disagree with your usage of that term or abbreviation, which has appeared a number of times lately. quod erat demonstrandum means, at the bottom of the mathematical proof, that the 'which was to be demonstrated' has, in fact, been demonstrated. In the course of a discussion or 'debate', throwing a premature qed into the conversation isn't at all effective in the debate process. It falls quite flat, even in implying that the user is comfortable throwing around Latin phrases or their abbreviations. Especially when it doesn't come at the 'conclusion' of some kind of irrefutable evidence. Then it is just so much junk cluttering up the corners like a dust bunny. ergo Geoffrey's QED = a dust bunny mathematically speaking, of course -- Mike Easter kibitzer, not SC admin From villandra at austin.rr.com Fri Dec 9 19:32:15 2005 From: villandra at austin.rr.com (Dora Smith) Date: Fri Dec 9 20:35:03 2005 Subject: [SpamCop-List] How do I get my e-mail address UNBLOCKED?????? Message-ID: How do I get spamwhatever to UNBLOCK my work e-mail address? I do not want to hear what I have to tell my sytem adminstrator that he isn't going to do anyway. I don't want to hear what extra measures he has to do to satisfy spamwhatever. I merely want to know how to tell it that e-mail coming from me at a certain IP address, which of all the addresses my work mail server uses spamwhatever selectively blocks, and that inconsistently, to the Anglican mailing list! How do I or the adminstrator of my mailing list inform Spamwhatever to stop blocking my mail server IP? Yours, Dora Smith From not at home.today Sat Dec 10 02:29:07 2005 From: not at home.today (Ant) Date: Fri Dec 9 21:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote: > In the course of a discussion or 'debate', throwing a premature qed > into the conversation isn't at all effective in the debate process. The only things I see being thrown are teddy bears ;) > Geoffrey's QED = a dust bunny Quite Evidently Dust. From MikeE at ster.invalid Fri Dec 9 18:35:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 21:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: Dora Smith wrote: > How do I get spamwhatever to UNBLOCK my work e-mail address? You have provided absolutely zero information as pertains to problems with some IP address having trouble with its mail out. spamwhatever? myworkemailaddress? Typically email addresses, as in username@work.com are not what a server blocks. A server blocks an IP address, such as 70.112.162.119 -- which is not a blocked IP address. > I do not want to hear what I have to tell my sytem adminstrator that > he isn't going to do anyway. OK. However, if you are planning on sending mail out an IP address which is blocked, you should be working on either seeing if anything you can do will help to get the IP address unblocked, or if your recipients can whitelist your mail [which whitelisting can be based on username@work.com, depending] or else you should find a different way to send your mailout so that you don't have to use a blocked or blocklisted server. > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Does this mean that you are quite accustomed to using a server for your mail out which finds itself listed by a blocklist or blocklists a lot? Mayhaps you should be sending your mail another way. > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server > uses spamwhatever selectively blocks, and that inconsistently, to the > Anglican mailing list! Let me see if I can follow what you are saying. You want to know how to tell 'it' [undefined it, let us assume that is the recipient's server's spamwhatever's [where spamwhatever = some kind of DNSBL blocklisting filter] that email coming from your IP address [no that method isn't going to work] and then things you are saying get all jumbled up. What is the Anglican mailing list? Do you have a meaningfuly delivery status notification failed which might be helpful about some of the things which you are concealing? Does this mean that there is an Anglican mailing list and that when you email to it via your work server -- which is named what? you should know the name of the server which you use to mail from -- and from your experience with this issue, you probably also know the IP address which is blocked but you are being purposely obscure. Name the Anglican mailing list's domainname. Name your work smtp server's domainname. > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? You can't do it that way, probably. You might be able to get the recipient to ask their server admin to whitelist an address. -- Mike Easter kibitzer, not SC admin From jg at coks.net Fri Dec 9 19:09:23 2005 From: jg at coks.net (jg) Date: Fri Dec 9 22:10:02 2005 Subject: [SpamCop-List] Re: meds spam In-Reply-To: References: Message-ID: On 12/9/2005 9:49 AM Mike Easter scribbled: > Most identity sleuths who do it for the fun of it are only interested in > 'modest' amounts of meatspace identity information -- they are not into > embarassing or harassing or stealing the identity or the resources of > the target. > I wasn't speaking of anysuch thing here - I was looking for the actual spammer behind the spamvert and didn't believe it was some russki in Moscow trying to sell me via*gra. But I couldn't get any further than Moscow, so I thought I was doing something wrong. meatspace - gotta google that. > Speaking of 'meat' -- there's a very old 'story' or skit called "They're > Made out of Meat" which was written by Terry Bisson and won a Nebula > award and was published in Omni mag almost 15 years ago which circulates > around the internet which I like. > > Here's a link to it http://www.terrybisson.com/meat.html THEY'RE MADE > OUT OF MEAT That sounds awfully familiar, but if it was in Omni, had to be over 20 yrs ago, since thats when I last had a subscription. Then again, I may have read it in one of those Nebula award winners compilations - I find one about once a year somewhere... Dhalgren is one of my favorites... From jg at coks.net Fri Dec 9 19:13:28 2005 From: jg at coks.net (jg) Date: Fri Dec 9 22:15:02 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: On 12/9/2005 6:59 AM Berny scribbled: > Aren't I privileged?. > > If you are really keen on reading this PHISH here's a tracker. > > http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez > > But honestly, don't bother. > > Whatever you do, "Please Make Sure This /is/ spam"... From h9vzc2i02 at sneakemail.com Fri Dec 9 19:21:15 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Fri Dec 9 22:20:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. > > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server uses > spamwhatever selectively blocks, and that inconsistently, to the > Anglican mailing list! > > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? > > Yours, > Dora Smith *** The best way to get your server unblocked is to quit having spam sent from it. If your server IS on Spamcop's blocklist, it means that your server has sent spam either to people who do not want the mail sent therefrom or that your server has sent mail to a 'spamtrap' (an address that has not sent any mail TO anyone, therefore its address is not available to anyone 'out there'.) Most important, Spamcop.net does NOT block anyone's mail - it is unable to have any direst affect on YOUR or anyone else's mail. If you want any further help form this newsgroup, please furnish your IP address (copying the 'reject message' which includes this needed IP address would help.) -- A SpamCop user and forum reader, Not Admin *** From mwnospam at comcast.net Fri Dec 9 22:31:10 2005 From: mwnospam at comcast.net (spamacyde) Date: Fri Dec 9 22:35:02 2005 Subject: [SpamCop-List] XXX@devnul.spamcop.net Message-ID: For reports sent to devnul.spamcop.net, What does devnul mean? Is this going to Spamcop or the offending ISP? Thanks From MikeE at ster.invalid Fri Dec 9 19:59:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 23:00:02 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > For reports sent to devnul.spamcop.net, > > What does devnul mean? > > Is this going to Spamcop or the offending ISP? devnul is an abbreviation for null device, a unix term for a file/device that takes input and causes it to go away nowhere. A particular at devnul is a mechanism for dropping a notification for some reason, for example: postmaster#wanadoo.fr[at]devnull.spamcop.net is dropping what would otherwise be a notification to the wanadoo.fr pm. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Fri Dec 9 22:28:20 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Fri Dec 9 23:30:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "spamacyde" wrote in message news:dncn3f$6br$1@news.spamcop.net... > Ok, > > If Comcast isn't using Spamcop, should I report my spam to Brightmail or > Spampal rather than Spamcop? > > "spamacyde" wrote in message > news:dnahco$st7$1@news.spamcop.net... >> Is Comcast using Spamcop to screen email for Spam? If not, should I >> lobby >> Comcast to do so? For spam that leaks past the Brightmail filter (as Comcast has configured it) then send them a copy of the missed spam to: missed-spam@comcast.net You can also configure your SpamCop preferences to add this e-mail contact so whenever you submit a report then this recipient will also be included and selected by default (so all spams that you report through SpamCop will have a copy of the report sent to Comcast). Read: http://www.comcast.net/help/faq/index.jsp?faq=EmailSpam17785 From jeffg at spamcop.net Fri Dec 9 23:29:39 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Dec 9 23:30:12 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Spaz" wrote in message news:dnbajd$aos$1@news.spamcop.net... > What's the best way for me to get on a good spam list? In addition to what the others have written, you could also: read your spam, with HTML rendered subscribe to news.admin.net-abuse.sightings follow the links in the spam messages found above, unsubscribing at the unsubscribe links post to news.admin.net-abuse.email and alt.test If you are serious and will accept misdirected bounces as spam, I have a spigot of a few hundred misdirected bounces per day that I could direct at your mailbox. :) -- Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From vanguard.code at comcastNIX.net Fri Dec 9 22:31:31 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Fri Dec 9 23:35:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. > > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server uses > spamwhatever selectively blocks, and that inconsistently, to the Anglican > mailing list! > > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? Geez, and when did the *company's* network and mail server become your personal property? Not yours, so not your choice. Duh. The IP address is THEIR IP address, not yours. If they don't want to desist on sending spam then you are trapped by that e-mail provider's decisions. So obviously your remaining decision is to use a different e-mail provider. From nospam at nospam.com Fri Dec 9 23:03:45 2005 From: nospam at nospam.com (Justin) Date: Sat Dec 10 00:05:02 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: References: <4399A9FD.8080806@nospam.com> Message-ID: <439A61B1.2090109@nospam.com> Fred K. wrote: > "Justin" wrote in message > news:4399A9FD.8080806@nospam.com... > >> Yeah I am thinking about playing along with this spam just to have a >> little bit of fun with this spammer any ideas on some things i could do . > > Reply to the email address in the body as long as you use an email address > that you can throw away when that address gets spread around the spammer > world. > > Fred k > > Yeah I was trying to think of something to say to the spammer to play a long with the scam. I think this guy is a newbie cause i think he left his real address in the reply . I really would like to trick him into spamming his ISP but I don't think im that good :) From g.hyde at bigpond.net.au Sat Dec 10 15:21:27 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 00:25:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnd9si$grc$1@news.spamcop.net... > Geoffrey Hyde wrote: > >> QED, mate. > > Now that we've finished discussing the issue which initiated this > thread, let me remark on your usage of Q.E.D. in a discussion or debate > or disagreement of this nature -- because I also disagree with your > usage of that term or abbreviation, which has appeared a number of times > lately. Gee mate, I didn't think you'd taken to nitpicking. But if you insist, go right ahead. > quod erat demonstrandum means, at the bottom of the mathematical proof, > that the 'which was to be demonstrated' has, in fact, been demonstrated. How about Qibbled with, Exhaustively discussed, and Dismissed? ;-) Of course, that leaves some of the letters out but abbreviations are rife on the internet nowadays. > In the course of a discussion or 'debate', throwing a premature qed into > the conversation isn't at all effective in the debate process. It falls > quite flat, even in implying that the user is comfortable throwing > around Latin phrases or their abbreviations. I could say that I've demonstrably argued that it is spam I'm dealing with, and that I'm trying to end my demonstration of what is spam about it, with you. > Especially when it doesn't come at the 'conclusion' of some kind of > irrefutable evidence. Then it is just so much junk cluttering up the > corners like a dust bunny. Per aspera ad astra. And yes, I looked it up so I know what it means. If I want further discussion from you, mate, I'll give it to you. :-) Cheers ... Geoffrey Hyde From borgholio at storymind.com Fri Dec 9 21:23:41 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 10 00:25:09 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: <439A61B1.2090109@nospam.com> References: <4399A9FD.8080806@nospam.com> <439A61B1.2090109@nospam.com> Message-ID: Justin wrote: > Fred K. wrote: > >> "Justin" wrote in message >> news:4399A9FD.8080806@nospam.com... >> >>> Yeah I am thinking about playing along with this spam just to have a >>> little bit of fun with this spammer any ideas on some things i could >>> do . >> >> >> Reply to the email address in the body as long as you use an email >> address that you can throw away when that address gets spread around >> the spammer world. >> >> Fred k >> > > Yeah I was trying to think of something to say to the spammer to play a > long with the scam. I think this guy is a newbie cause i think he left > his real address in the reply . I really would like to trick him into > spamming his ISP but I don't think im that good :) With the nigerian scams, I use an automated generator to create a reply, then if they bite, I string them along until they get tired of me (or until their email accounts get cancelled. When they ask for phone numbers, I give them the numbers of other nigerian scammers that I dealt with in the past. Same with addresses. I got this one guy to drive to a city about 6 hours away from Lagos to get a wire transfer that I "mistakenly" sent there, instead of directly to him. He sure was a bit upset when he got back. :) From nobody at nowhere.not Sat Dec 10 06:26:33 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Dec 10 01:30:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: On Sat, 10 Dec 2005 05:21:27 UTC, "Geoffrey Hyde" wrote: > I could say that I've demonstrably argued that it is spam I'm dealing with, > and that I'm trying to end my demonstration of what is spam about it, with > you. It is not spam from my point of view. Unwanted yes, spam no. -- Robert Blair From joseph_k at invalid.com Fri Dec 9 22:29:42 2005 From: joseph_k at invalid.com (Joseph_K) Date: Sat Dec 10 01:35:02 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: <50tkp1hlopr44grnh10vlnkdoh83p08qrh@4ax.com> On Fri, 9 Dec 2005 11:21:17 -0800, "Spaz" wrote: >"Frog Prince" wrote in message news:dncbuo$uhs$1@news.spamcop.net... >> >> Speaks well for MS technical ability ... can't even do the leg work >> necessary to protect their products/market. > >Here's their response in case you're interested. > > >----- Original Message ----- >From: "Microsoft Anti-Piracy Team" >To: <> >Sent: Thursday, December 08, 2005 6:26 PM >Subject: spam piracy [Incident: 051207-000098] > > > >Subject >--------------------------------------------------------------- >spam piracy > > >Discussion Thread >--------------------------------------------------------------- >Response (+) - 12/08/2005 07:26 PM >Hello, > >Thank you for contacting the Microsoft Anti-Piracy Team. > >We appreciate that you have taken the time to forward anti-piracy leads to our team. > I have received those, too. And each time I would go to my original reporting email and test the unobfuscated URL and every time it was still valid and active. Oh, well. -- ---------+---------+---------+---------+---------+---------+---------+ Joseph K Seattle, WA, USA From bar_n0ne at hotmail.com Sat Dec 10 10:32:27 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 01:35:10 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! References: Message-ID: "jg" wrote in message news:dndh0m$k9b$2@news.spamcop.net... > On 12/9/2005 6:59 AM Berny scribbled: > > > Aren't I privileged?. > > > > If you are really keen on reading this PHISH here's a tracker. > > > > http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez > > > > But honestly, don't bother. > > > > > Whatever you do, "Please Make Sure This /is/ spam"... A PHISH, the one time I browsed ebay, I had no hotmail accounts. From bar_n0ne at hotmail.com Sat Dec 10 10:37:20 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 01:40:02 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:dncq0t$84u$1@news.spamcop.net... > > "Tim" wrote in message SNIP > > It's becoming so much S2D2 (Same Shit, Different Day). > > 2S2D Nope, Tim's correct, SSDD = S2D2 (S squared, D squared) From baloo at ursine.ca Fri Dec 9 22:24:40 2005 From: baloo at ursine.ca (baloo@ursine.ca) Date: Sat Dec 10 02:10:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: <8u8q63-h52.ln1@ursine.ca> Dora Smith wrote: > How do I get spamwhatever to UNBLOCK my work e-mail address? Search the FAQ. Answer is there already. You should have done this before posting. > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. Then you should switch to a different network provider if your sysadmin isn't going to do anything. Or if it's your company network, take it up with your sysadmin's boss. > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Then you are spam friendly. Nice knowing you. Have a nice day. From g.hyde at bigpond.net.au Sat Dec 10 17:34:12 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 02:35:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: It is spam because it fulfils the following conditions: 1. It is private listserver email intended for the original recipient who sent a mailing list setup to it. Not me. Because of some non-compliant header botchup that places me in the From: field. Therefore, spam. 2. Whoever or whatever sent the email that triggered this caused the server to spam me, because I have an apparently valid From: in there, instead of the address of the list server. See point #1 above. This to me means it is spamming me. 3. It's also breaking rules in that it shouldn't be sending me failure-notice messages, only to itself or to a null: email address and the original sender. The reason it's spamming me with this totally useless information is because my From: address is in there, despite the Reply-To being munged. Below is the full message source that was received. It apparently fills me in as the From: recipient, which I understand is very bad practice if you are running a mailing list server. The only place mailing list failures should go is to the mailing list server that originally sent it out, which, incidentally, hasn't done it's job very well, either, having not put itself in as the From: recipient. It's also spam because for a very long time the LugNet admins have been supposed to take care of this problem, however, they apparently haven't fixed it yet. Longer than two years is in my book an awfully long time to fix a listserver problem. Cheers ... Geoffrey Hyde Return-Path: <> Received: from highway.nu.edu.pk ([202.83.174.53]) by imta06sl.mx.bigpond.com with ESMTP id <20051208035327.HXSM112.imta06sl.mx.bigpond.com@highway.nu.edu.pk> for ; Thu, 8 Dec 2005 03:53:27 +0000 Received: by ntc.net.pk with Internet Mail Service (5.5.2656.59) id ; Thu, 8 Dec 2005 08:49:49 +0500 Message-ID: <3B848F4FAFB98A43A09D301DAA62A778057925C6@ntc.net.pk> From: System Administrator To: g.hyde@bigpond.net.au Subject: Undeliverable: Re: New contest Date: Thu, 8 Dec 2005 08:49:48 +0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) X-MS-Embedded-Report: Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C5FBAA.6FA6F781" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C5FBAA.6FA6F781 Content-Type: text/plain; charset="iso-8859-1" Your message To: lugnet.robotics@lugnet.com Subject: Re: New contest Sent: Thu, 8 Dec 2005 05:33:30 +0500 did not reach the following recipient(s): 664@NU.EDU.PK on Thu, 8 Dec 2005 08:49:45 +0500 The recipient name is not recognized The MTS-ID of the original message is: c=us;a= ;p=fast;l=HIGHWAY0512080349YBAH0F7L MSEXCH:IMS:FAST:lhr:HIGHWAY 0 (000C05A6) Unknown Recipient ------_=_NextPart_000_01C5FBAA.6FA6F781 Content-Type: message/rfc822 Message-ID: From: Geoffrey Hyde Sender: news-gateway@lugnet.com Reply-To: Geoffrey Hyde To: lugnet.robotics@lugnet.com Subject: Re: New contest Date: Thu, 8 Dec 2005 05:33:30 +0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) X-MS-Embedded-Report: X-Loop: lugnet.robotics@lugnet.com X-MDRemoteIP: 65.163.27.210 X-Return-Path: g.hyde@bigpond.net.au X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) X-Spam-Report: X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.64 X-Spam-Processed: mydomain.local, Thu, 08 Dec 2005 08:46:48 +0500 X-MDAV-Processed: mydomain.local, Thu, 08 Dec 2005 08:46:48 +0500 X-MDaemon-Deliver-To: 664@nu.edu.pk Content-Type: text/plain; charset="iso-8859-1" "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-NCeTjTkPqlkW@dsl-206-55-144-107.tstonramp.com... > On Sat, 10 Dec 2005 05:21:27 UTC, "Geoffrey Hyde" > wrote: > >> I could say that I've demonstrably argued that it is spam I'm dealing >> with, >> and that I'm trying to end my demonstration of what is spam about it, >> with >> you. > > It is not spam from my point of view. Unwanted yes, spam no. > > > -- > Robert Blair From porpoise1954 at yahoo.co.uk Sat Dec 10 08:35:28 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 10 03:40:03 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Berny" wrote in message news:dndt32$rgg$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dncq0t$84u$1@news.spamcop.net... >> >> "Tim" wrote in message > SNIP >> > It's becoming so much S2D2 (Same Shit, Different Day). >> >> 2S2D > > Nope, Tim's correct, SSDD = S2D2 (S squared, D squared) No, no. It's not S x S x D x D (S squared x D squared) It's S + S, D + D (2 x S, 2 x D) = 2S, 2D From / at /.cn Sat Dec 10 20:27:12 2005 From: / at /.cn (Petzl) Date: Sat Dec 10 04:30:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Alex Gitlin" wrote in message news:dnb24h$6e1$1@news.spamcop.net... >A lot of spam comes from China. What are the statistics like - are those >spam reports we submit actually useful, are they paying off? (Or do the >Chinese sysadmins simply ignore them?) So far I'm not seeing much >improvement on the amount of spam coming in, but I've only been on Spamcop >for a couple of weeks. > > Alex. Personally I'm seeing China responding to spam complaints more and now and possibly being more active than many USa providers Not sure how many in China have computers accessing the Internet but suspect it is a huge number but there still is a lot of spam coming from China Very little spam comes from India which also has a huge Population The worst spam friendly tolerant country is no doubt Brazil where reported spam is simply ignored Ideally one should not accept a ISP's forced email account automatically from ones provider if they do not have this following criteria (if they do not offer these tell them you will not use there email and ask for a cost reduction You are not getting their dis-service for free) (1) offer spam and virus filtering allowing you to select a number of spam filters, blocklists, including the ability to block problem Countries like China Brazil etc, Most effective blocklist is the SpamCop Blocklist (SCBL) which blocks spam while it is being sent not after, releasing that IP only when it stops sending filth (2) Allows SpamCop Very Easy Reporting (VER) to ensure spamming IP's remain blocked by the SCBL (3) offer whitelist (this allows all whitelisted email to pass no matter what Black/Blocklist is selected) If you need (and everyone does) get a US$30 SpamCop email account. Which will accurately sort all email from all your existing accounts. (Hotmail Yahoo etc included) Email only, going to your inbox and spam going to your VER folder, reporting and blocking all of spam in VER takes three clicks of your mouse (after a quick check it is spam) Very easy and simple to do check it out http://www.spamcop.net/fom-serve/cache/323.html I'm from Sydney Australia and my reason to plug SpamCop is in the false hope that it may get ISP's to brush up there act instead of just milking credit cards and showing little interests in customers or the spam problem. I'm just another SpamCop user no other connections to SpamCop than this Merry Christmas to all Petzl From bar_n0ne at hotmail.com Sat Dec 10 13:44:30 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 04:45:31 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:dne432$vbf$1@news.spamcop.net... > No, no. It's not S x S x D x D (S squared x D squared) > It's S + S, D + D (2 x S, 2 x D) = 2S, 2D Arrrghghhhh :-\ From porpoise1954 at yahoo.co.uk Sat Dec 10 09:59:39 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 10 05:05:31 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Berny" wrote in message news:dne820$1of$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dne432$vbf$1@news.spamcop.net... >> No, no. It's not S x S x D x D (S squared x D squared) >> It's S + S, D + D (2 x S, 2 x D) = 2S, 2D > > Arrrghghhhh :-\ He, he, he.......... From Kilgallen at SpamCop.net Sat Dec 10 07:06:51 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 10 08:10:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: In article , Joseph_K writes: > On Thu, 8 Dec 2005 20:34:48 -0800, "Spaz" wrote: > >>I keep getting spam advertising Microsoft software at very cheap >>prices. I sent the email to piracy@microsoft.com and they emailed >>me back saying the link in the email didn't work and asked me to >>give them information from the website such as name, location, phone >>number and email address. The link worked for me and it took me to a >>website called OEM Soft Store. The spam email completely obfuscates >>the web address but once I got to the website, I got the following >>link. >> >>http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ > > Forward this still working URL to them. You have done your part. If > they cannot do their own leg work, well.... While I am not typically a defender of Microsoft technical ability, it is certainly possible the spammer arranged DNS to not provide proper answers to queries from Microsoft IP addresses. That sort of thing has certainly happened to SpamCop. From jg at coks.net Sat Dec 10 07:30:44 2005 From: jg at coks.net (jg) Date: Sat Dec 10 10:30:07 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: On 12/9/2005 10:32 PM Berny scribbled:>>> >> >>Whatever you do, "Please Make Sure This /is/ spam"... > > > A PHISH, the one time I browsed ebay, I had no hotmail accounts. > > I was parodying the SC admonition on the report page - whenever I get a full screen full of reports going to chinatietong, that little warning makes me laugh... From 96q7vwa02 at sneakemail.com Sat Dec 10 09:29:24 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Sat Dec 10 13:45:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > Nobody can be as clueless as the post suggests. Sounds to me like this is a troll. Fred k. From kenbrody at spamcop.net Sat Dec 10 14:31:47 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Dec 10 14:45:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: <439B2D23.2BB9F169@spamcop.net> "Fred K." wrote: > > "Dora Smith" wrote in message > news:dndb6m$hf1$1@news.spamcop.net... > > How do I get spamwhatever to UNBLOCK my work e-mail address? > > > Nobody can be as clueless as the post suggests. You've never worked in tech support, have you? :-) > Sounds to me like this is a troll. Perhaps. But given the number of "why is spamcop blocking my email" or "why is spamcop calling me a spammer" posts that we get here, it's just as likely to be for real. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From DougThegarden at invalid.com Sat Dec 10 20:20:30 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Dec 10 15:25:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: <439B2D23.2BB9F169@spamcop.net> References: <439B2D23.2BB9F169@spamcop.net> Message-ID: Kenneth Brody wrote: > > Perhaps. But given the number of "why is spamcop blocking my email" > or "why is spamcop calling me a spammer" posts that we get here, it's > just as likely to be for real. > Personally I think most of those are trolls too. Doug From vanguard.code at comcastNIX.net Sat Dec 10 14:40:45 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Sat Dec 10 15:45:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnf7iq$hr7$1@news.spamcop.net... > > "Dora Smith" wrote in message > news:dndb6m$hf1$1@news.spamcop.net... >> How do I get spamwhatever to UNBLOCK my work e-mail address? >> > Nobody can be as clueless as the post suggests. Sounds to me like this is > a troll. User: I was working on the computer but then the screen went completely blank. Tech: Is the monitor on? User: Yes. Tech: By blank, do you mean the monitor is off or that you get a background or blank window? User: It is completely dark just like it was powered off. Tech: How do you know the monitor is on? Is there an LED to show the power status? User: I was using it and then it went blank. Tech: Can you toggle the power switch, please? Do it twice but wait a few seconds after each push. User: No change when pushing the power switch. Tech: Sounds like the monitor has no power. Can you check if the power cord is plugged into the back of the monitor, or see if it is permanently attached? User: The cord is pushed all the way in. Tech: Is it possible the power cord got kicked so it was yanked out of the outlet? User: After a pause to crawl under the desk to look) It is plugged in. Tech: Is the video cable plugged into the back of the monitor? User: Yep. Tech: Is the video cable plugged into the back of the computer? User: Yep. Tech: Can you power cycle the computer please to reboot it? User: It won't reboot. No beeps, no disk whine, no fan noise. Tech: Can you check if the power cord is attached to the backside of the computer? User: Yep, it's plugged in. Tech: How about the other end of the power cord? User: I can't see that end because it is in an outlet behind the desk. Tech: If there is room between the desk and wall, or if you can pull out the desk a little, can you see if the cord is plugged in? User: It is too dark to see down there. Tech: Are there any lights you can turn on to look down behind the desk. User: Nope. There is a power outage so the room is dark. Tech: (Pause while tech clenches fist and mutes his phone so the user doesn't hear the obscenities.) There's a power outage? User: Yes. Tech: So where would the computer get its power to stay on when everything is off? Do you have a UPS? User: Don't know. Figured the computer would just stay on. What's a UPS? Tech: You'll have to wait until power is restored so you computer can get some. Is there anything else I can help you with. (Crosses fingers and hopes the dumbfuck user says No.) Because users can hit keys on a keyboard and do some minimal work which is the electronic equivalent of using the old mechanical devices (i.e., typewriters), they think they are computer users. Nope, they're just slightly smarter than monkeys (well, some are, some aren't). I like the story about the idiot that complained that their fax software wouldn't work because their document would not get scanned in while holding the document against the monitor. No wonder Stars Wars awed so many viewers. From devnull at spamcop.net Sat Dec 10 10:03:32 2005 From: devnull at spamcop.net (Frog Prince) Date: Sat Dec 10 15:50:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Larry Kilgallen" | >>I keep getting spam advertising Microsoft software at very cheap | >>prices. I sent the email to piracy@microsoft.com and they emailed | >>me back saying the link in the email didn't work and asked me to | >>give them information from the website such as name, location, phone | >>number and email address. The link worked for me and it took me to a | >>website called OEM Soft Store. The spam email completely obfuscates | >>the web address but once I got to the website, I got the following | >>link. | >> | >>http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ | > | > Forward this still working URL to them. You have done your part. If | > they cannot do their own leg work, well.... | | While I am not typically a defender of Microsoft technical ability, | it is certainly possible the spammer arranged DNS to not provide | proper answers to queries from Microsoft IP addresses. | | That sort of thing has certainly happened to SpamCop. And MS is not sharp enough to figure that out or do a work around? Do they hire their security staff from the homicide detective pool in Aruba? From yea at right.com Sat Dec 10 13:06:05 2005 From: yea at right.com (Spaz) Date: Sat Dec 10 16:10:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Frog Prince" wrote in message news:dnff0b$l9e$1@news.spamcop.net... > > And MS is not sharp enough to figure that out or do a work around? MS has become fat, dumb and happy with their market position. Why bother with petty little inconveniences when you're rolling in billions? > Do they hire their security staff from the homicide detective pool in Aruba? Their "security staff" is there just for show, not for results. I doubt they have the brains to hit the refresh button on their own web browser when a link doesn't load the first time. From nobody at devnull.spamcop.net Sat Dec 10 16:18:24 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Dec 10 16:20:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote in message news:dnfegd$l3r$1@news.spamcop.net... This is not a troll, IMHO. I think they did read the 'Why Am I blocked FAQ' on the forum, but decided not to post there - hopefully being a little bit more clued in. Email is not rocket science. It is not much more complicated than running an automobile. However, I really did know someone who threw away a tire because it went flat. Miss Betsy From nobody at spamcop.net Sat Dec 10 15:23:32 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Dec 10 16:25:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Steven Maesslein" wrote in message news:slrndpiock.52e.nobody@127.0.0.1... > On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and > left this in : > >> Terrible. I have a blacklist that blocks the whole damn country, and >> I've >> never seen even one legit email get caught...probably because there isn't >> any such thing. :) > > Ditto here. You can say the same for all of APNIC space except Australia > and New Zealand. Most of it *isn't* in the local BL here - because it's > in the firewall. There's no point allowing the connection to happen and > an instance of sendmail to be started when I know full well it's going > to be spam knocking on my door, so I don't even allow these areas access > to my port 25. Saves CPU cycles and allows the machine to get on with > more useful tasks. > Australia and NZ need to get on a different block, so that we in the west can ignore one huge solid block of the internet !! From kenbrody at spamcop.net Sat Dec 10 16:48:16 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Dec 10 16:50:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: <439B2D23.2BB9F169@spamcop.net> Message-ID: <439B4D20.293D9B37@spamcop.net> Doug Thegarden wrote: > > Kenneth Brody wrote: > > > > Perhaps. But given the number of "why is spamcop blocking my email" > > or "why is spamcop calling me a spammer" posts that we get here, it's > > just as likely to be for real. > > > > Personally I think most of those are trolls too. Well, at least some of them are because the sysadmin at another site decided to word the rejection message along the lines of "blocked by SpamCop". -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From DougThegarden at invalid.com Sat Dec 10 22:12:11 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Dec 10 17:15:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Vanguard wrote: > > I like the story about the idiot that complained that their fax software > wouldn't work because their document would not get scanned in while > holding the document against the monitor. > During a conference of European Leaders in the late 90's French President Chirac pointed to the projection screen with his mouse and wondered why it wasn't working. The Dutch Prime Minister Wim Kok didn't fare much better and had the misfortune to be caught on video: http://www.idemployee.id.tue.nl/g.w.m.rauterberg/presentations/UCD-works/wim_kok.avi (15Mb) Doug From nobody at spamcop.net Sat Dec 10 23:20:54 2005 From: nobody at spamcop.net (TimeLord) Date: Sat Dec 10 18:25:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Then I doubt you will get your mail unblocked. kev From not at home.today Sat Dec 10 23:31:59 2005 From: not at home.today (Ant) Date: Sat Dec 10 18:35:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote: > User: I was working on the computer but then the screen went completely > blank. [snip] > Tech: Are there any lights you can turn on to look down behind the desk. > User: Nope. There is a power outage so the room is dark. "A power... A power outage? Aha! Okay, we've got it licked now. Do you still have the boxes and manuals and packing stuff your computer came in?" "Well, yes. I keep them in the closet." "Good! Go get them and unplug your system and pack it up just like it was when you got it. Then take it back to the store you bought it from." "Really! Is it that bad?" "Yes, I'm afraid it is." "Well, all right then, I suppose. What do I tell them?" "Tell them you're too stupid to own a computer." http://www.snopes.com/humor/business/wordperf.htm From vanguard.code at comcastNIX.net Sat Dec 10 19:45:44 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Sat Dec 10 20:50:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Ant" wrote in message news:dnfohl$q9l$1@news.spamcop.net... > "Vanguard" wrote: > >> User: I was working on the computer but then the screen went completely >> blank. > > [snip] > >> Tech: Are there any lights you can turn on to look down behind the desk. >> User: Nope. There is a power outage so the room is dark. > > "A power... A power outage? Aha! Okay, we've got it licked now. Do you > still have the boxes and manuals and packing stuff your computer came in?" > > "Well, yes. I keep them in the closet." > > "Good! Go get them and unplug your system and pack it up just like it > was when you got it. Then take it back to the store you bought it from." > > "Really! Is it that bad?" > > "Yes, I'm afraid it is." > > "Well, all right then, I suppose. What do I tell them?" > > "Tell them you're too stupid to own a computer." > > http://www.snopes.com/humor/business/wordperf.htm > > Guess you haven't seen a guy banging on a television remote control without trying to replace the batteries. In the computer realm, the equivalent is the idiot banging his cordless mouse, whining about it in the newsgroups, and finally realizing that batteries do get exhausted. From nobody at nowhere.not Sun Dec 11 01:58:39 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Dec 10 21:00:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: On Sat, 10 Dec 2005 07:34:12 UTC, "Geoffrey Hyde" wrote: spam = UCE or UBE, your unwanted reply is neither of these. > It apparently fills me > in as the From: recipient, which I understand is very bad practice if you > are running a mailing list server. All of the mailing lists I belong to leave my email address in the FROM. Most also will insert a REPLY-TO (to the mailing list) if I do not insert a REPLY-TO in the headers. If I insert a REPLY-TO into the headers then the mailing list will pass it through so the reply will go to where ever I have set. -- Robert Blair From not at home.today Sun Dec 11 02:53:42 2005 From: not at home.today (Ant) Date: Sat Dec 10 21:55:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote: > "Ant" wrote: >> "Tell them you're too stupid to own a computer." >> >> http://www.snopes.com/humor/business/wordperf.htm > > Guess you haven't seen a guy banging on a television remote control > without trying to replace the batteries. I am that man! Well, almost. I replaced the batteries and the damn thing still didn't work. Or rather, it does work but the TV ignores it! One of these days I'll get around to replacing the set. I don't watch it much anyhow. From g.hyde at bigpond.net.au Sun Dec 11 13:53:51 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 22:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Well, I talked to someone (who probably would not want to be named anyway) in private mail and they said it's a very grey area, and whether it's spam is MY call. Next one I get WILL be considered spam. And it is highly annoying spam to boot. What I would like to be able to do though, is have the lugnet address recognized as a 3rd party which will need to be notifed of these - since they own the listserver, the spam problem is theirs to fix, not mine, and certainly their fault for not having set the damn thing up right in the first place. BTW, the following is the MAIN reason I consider it spam, and why I find it ought to be reportable as such: [paste] Your message To: lugnet.robotics@lugnet.com Subject: Re: New contest Sent: Thu, 8 Dec 2005 05:33:30 +0500 did not reach the following recipient(s): 664@NU.EDU.PK on Thu, 8 Dec 2005 08:49:45 +0500 The recipient name is not recognized The MTS-ID of the original message is: c=us;a= ;p=fast;l=HIGHWAY0512080349YBAH0F7L MSEXCH:IMS:FAST:lhr:HIGHWAY 0 (000C05A6) Unknown Recipient [end paste] The person it's trying to find @nu.edu.pk is the person it's supposed to be sending to. Since either it's a listserver or a mail server handling listserver traffic, it's most definitely not allowed to be spamming NON-mailing-list recipients (AFAIK, I once was on a very similar mailing list a long time ago, and one of the rules was that non-mailing-list recipients should not get spammed under any circumstances.) Because this is a gateway for so-called "news-by-mail" I am very annoyed at getting spammed because I already browse the newsgroups with Outlook and I certainly don't need the news server mailing list gateway spamming me or cauisng another server to be spamming me with regurgitated posts like this. Cheers ... Geoffrey Hyde "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-GK1fwdbcLq6J@dsl-206-55-144-107.tstonramp.com... > On Sat, 10 Dec 2005 07:34:12 UTC, "Geoffrey Hyde" > wrote: > > spam = UCE or UBE, your unwanted reply is neither of these. > > >> It apparently fills me >> in as the From: recipient, which I understand is very bad practice if you >> are running a mailing list server. > > All of the mailing lists I belong to leave my email address in the > FROM. Most also will insert a REPLY-TO (to the mailing list) if I do > not insert a REPLY-TO in the headers. If I insert a REPLY-TO into the > headers then the mailing list will pass it through so the reply will > go to where ever I have set. From MikeE at ster.invalid Sat Dec 10 20:19:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 10 23:20:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > What I would like to be able to do though, is have the lugnet address > recognized as a 3rd party which will need to be notifed of these - > since they own the listserver, the spam problem is theirs to fix, not > mine, and certainly their fault for not having set the damn thing up > right in the first place. You could just email the whole enchilada [bounce with your attached post] and an explanation of what is going on to lugnet and nu.edu.pk and leave SC reporting out of the loop. At the very least lugnet would remove/unsub the .pk subscriber and stop your pain. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sat Dec 10 22:35:17 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 10 23:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: In article , "Vanguard" writes: > Guess you haven't seen a guy banging on a television remote control without > trying to replace the batteries. Actually, that works for me quite often. I figure it to be oxidation on the battery contacts. From mwnospam at comcast.net Sat Dec 10 23:56:38 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Dec 11 00:00:03 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: "Mike Easter" wrote in message news:dndjq8$mqv$1@news.spamcop.net... > spamacyde wrote: > > For reports sent to devnul.spamcop.net, > > > > What does devnul mean? > > > > Is this going to Spamcop or the offending ISP? > > devnul is an abbreviation for null device, a unix term for a file/device > that takes input and causes it to go away nowhere. > > A particular at devnul is a mechanism for dropping a notification for > some reason, for example: > > postmaster#wanadoo.fr[at]devnull.spamcop.net > > is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > -- > Mike Easter > kibitzer, not SC admin > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going nowhere. Now did Spamcop choose this null address to receive reports or is the ISP not interested in receiving a report? Thanks From mwnospam at comcast.net Sat Dec 10 23:58:49 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Dec 11 00:00:11 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: "Mike Easter" wrote in message news:dndjq8$mqv$1@news.spamcop.net... > spamacyde wrote: > > For reports sent to devnul.spamcop.net, > > > > What does devnul mean? > > > > Is this going to Spamcop or the offending ISP? > > devnul is an abbreviation for null device, a unix term for a file/device > that takes input and causes it to go away nowhere. > > A particular at devnul is a mechanism for dropping a notification for > some reason, for example: > > postmaster#wanadoo.fr[at]devnull.spamcop.net > > is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > -- > Mike Easter > kibitzer, not SC admin As far as your example goes, did wanadoo.fr not want to see the report so they chose a null email address? Thanks From MikeE at ster.invalid Sat Dec 10 21:21:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 00:25:03 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going > nowhere. Now did Spamcop choose this null address to receive reports > or is the ISP not interested in receiving a report? I recently learned that you can't tell what is going on from the language in the verbose. What I had previously interpreted as a provider not wanting SC reports by the 'refuses' language robin.rain@sungard.com refuses SpamCop reports Using robin.rain#sungard.com@devnull.spamcop.net for statistical tracking. ... doesn't necessarily mean what it sez. The same word condition can prevail if a deputy has decided that SC doesn't want to send the address reports anymore for any number of reasons. Ellen sez: "We turn off addresses for various reasons including but limited to listwshing, ROKSO spammer, obviously ignoring reports, passing reports to inappropriate places, etc." news://news.spamcop.net/dn4vii$csk$1@news.spamcop.net -- Mike Easter kibitzer, not SC admin From jg at coks.net Sat Dec 10 22:19:44 2005 From: jg at coks.net (jg) Date: Sun Dec 11 01:20:03 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: On 12/10/2005 1:23 PM John Anderson scribbled: > one huge solid block of the internet !! > > > and the world... From MikeE at ster.invalid Sat Dec 10 22:19:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 01:20:12 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going > nowhere. Now did Spamcop choose this null address to receive reports > or is the ISP not interested in receiving a report? Another point I think is worth considering. Some people think that notifying a provider is a method or force of 'making' them do something. I think of SC notifying a provider as a 'courtesy' to the provider -- to let the provider know that if they would like to do something about a spamvertiser, here is evidence of spamvertising, but it is purely up to the spamvertiser provider to accept and act on the notify. Or not -- there are no consequences to ignoring the report. Similarly, if a spamsource provider wants to know about spam being sourced from their IP, here is the evidence, but it is purely up to the spamsource provider to accept or read or trash the notify. However, the report will still be counting toward the SCbl regardless of whether or not the spamsource provider wants to see the report or not. SC is very very cooperative with providers. If they don't want reports, they don't have to get them. If they want these kinds of reports but not those kinds of reports, SC will certainly oblige them -- any which way they want it, report or no report or some reports. SC is fundamentally toothless where it comes to spamvertisers except for what happens with the sc-surbl listings; and SC is a rather powerful force where it comes to spamsource listings. Whether any providers get any reports or not. If a whitehat provider for a spamvertiser is going to not only accept a report, but evaluate the situation and remedy something -- that's wonderful. If a blackhat provider for a spamvertiser doesn't want to hear anything, that's not wonderful, but it is immaterial. Not because of not getting a report, but because the provider is a blackhat. There is no point in sending a report to a provider who doesn't want to hear it; whether it gets devnulled on this end or on that end. Which brings me around to my argument that I think that spamvertiser providers don't *need* to be notified -- since there is virtually no consequence except for sc-surbl -- and the SC reporter should be able to configure to not resolve or notify spamvertisers. That way all of the spamvertisers which the reporter doesn't call IBs get devnull notified and sent to the statistics page or sc-surbl system and SC doesn't have to bother with resolving them at all. -- Mike Easter kibitzer, not SC admin From DougThegarden at invalid.com Sun Dec 11 08:26:05 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Dec 11 03:30:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Vanguard wrote: > > User: I was working on the computer but then the screen went completely > blank. > Tech: Is the monitor on?......... Users don't have the monopoly on stoopidity. User: "The computer boots up without any warning beeps, but nothing shows up on the screen." Tech: "Is the monitor connected." User: "Yes, but there is no display." Tech: "Did you install the drivers for the VGA card?" User: "How can I install them before I'm in DOS?" Tech: "You have to install the drivers first before you can get a display." User: "You don't need VGA drivers to boot to DOS like you do for Windows. I should be able to boot to DOS." Tech: "Well, insert the floppy you received with your card. Go to the A:\Utilities directory. Type 'readme.com'." User: "I cannot see anything. How do you expect me to read a file on the screen?" Tech: "Read the file, and it will explain everything." Doug From g.hyde at bigpond.net.au Sun Dec 11 19:21:42 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Dec 11 04:25:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Doug Thegarden" wrote in message news:dngnqu$ap8$1@news.spamcop.net... > Vanguard wrote: >> >> User: I was working on the computer but then the screen went completely >> blank. >> Tech: Is the monitor on?......... > > Users don't have the monopoly on stoopidity. > [snip joke] Actually, because most cards pop up a display by default nowadays, that's not half as funny as it sounds. You just plug the card in, put the monitor on the card, boot the computer, install drivers etc, and away it goes. What is funny is when you have an older computer where you have to disable the old display adapater (sometimes an onboard chip on the motherboard) and you have to disable the old display adapter before putting the graphics card into the machine. Cheers ... Geoffrey Hyde From DougThegarden at invalid.com Sun Dec 11 09:36:40 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Dec 11 04:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > Actually, because most cards pop up a display by default nowadays, that's > not half as funny as it sounds. > > You just plug the card in, put the monitor on the card, boot the computer, > install drivers etc, and away it goes. > Unless you have been supplied with a DOA monitor as in this case. I get tired of dealing with tech support that are convinced it is the user's incompetence not their product that's the problem. It took me 15 mins on Monday to convince the Vodafone 3G tech support to check their network status in the locality where I was having problems. They wanted me to check my computer, check my drivers, uninstall and reinstall software. Eventually by answering each attempt to get me to do something with "Would you please check your network status in this area" they eventually agreed to and lo and behold, they discovered their network was down Doug From yea at right.com Sun Dec 11 02:01:34 2005 From: yea at right.com (Spaz) Date: Sun Dec 11 05:05:30 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnd1na$cbd$1@news.spamcop.net... > Go to spamvertized sites and unsubscribe/opt out with the addy you want > spammed. It might take a while, but eventually you get what you want. For > more places to use, follow tracker links to spamverized sites. I found a few unsubscribe web pages but it hasn't worked so far; however, I did notice that these websites had good references like company name, email address, and overall professional webpage, so I think they truely were functional unsubscribe webpages. I doubt I can find the ones I want through google searches. Do you have some I could start with? Thanks! From g.hyde at bigpond.net.au Sun Dec 11 21:38:55 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Dec 11 06:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Doug Thegarden" wrote in message news:dngrv9$d67$1@news.spamcop.net... > Unless you have been supplied with a DOA monitor as in this case. > > I get tired of dealing with tech support that are convinced it is the > user's incompetence not their product that's the problem. It took me 15 > mins on Monday to convince the Vodafone 3G tech support to check their > network status in the locality where I was having problems. They wanted > me to check my computer, check my drivers, uninstall and reinstall > software. Eventually by answering each attempt to get me to do something > with "Would you please check your network status in this area" they > eventually agreed to and lo and behold, they discovered their network was > down I get tired of having to get tech support to figure out what is wrong, ADSL went down just recently, coincidentally, the computer I was on had it's power cord come unplugged (it was a power strip connected to a 3m extension lead, power strip plug became just detached enough from the extension lead socket to cause the electricity to stop flowing) and I had the feeling that had the ADSL not come back just when I'd started the chat with the tech support guy for the ADSL, that I would've been drawn into a long-winded version of shut computer down, reboot, etc etc. And there have been times when I know it is not me, it is them, and they still want to press on with this ridiculously long procedure they have to follow. Sometimes I'd like for them to toss it into the nearest paper shredder. There have been times when the computer network they were on was working fine one minute and the next it had shut down, that was interesting - Tech: "Hold on a minute here, my login seems to have stopped working" or "The network seems to have crashed, just hold the line while I get maintenance to look into it" etc. Fun fun fun. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sun Dec 11 09:18:15 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 09:20:02 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Ellen" wrote in message news:dn4vii$csk$1@news.spamcop.net... > We turn off [reporting] addresses > for various reasons including but limited to listwshing, ROKSO > spammer, obviously ignoring reports, passing reports to > inappropriate places, etc. Ellen, did you mean "listwashing" rather than "listwshing" and "not limited" rather than "limited"? -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From nobody at spamcop.net Sun Dec 11 10:43:18 2005 From: nobody at spamcop.net (Ellen) Date: Sun Dec 11 10:45:02 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Jeff G." wrote in message news:dnhchg$l45$1@news.spamcop.net... > "Ellen" wrote in message > news:dn4vii$csk$1@news.spamcop.net... > > We turn off [reporting] addresses > > for various reasons including but limited to listwshing, ROKSO > > spammer, obviously ignoring reports, passing reports to > > inappropriate places, etc. > > Ellen, did you mean "listwashing" rather than "listwshing" and "not > limited" rather than "limited"? > yes We turn off [reporting] addresses for various reasons including, but not limited to, listwashing, ROKSO listing, obviously ignoring reports, passing reports to inappropriate places, etc. Ellen From nobody at xyzzy.claranet.de Sun Dec 11 17:46:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 11:50:02 2005 Subject: [SpamCop-List] list washing (was: Contact for NET-66-179-0-0-1) References: Message-ID: <439C57C9.31C0@xyzzy.claranet.de> Ellen wrote: > We turn off [reporting] addresses for various reasons > including, but not limited to, listwashing, ROKSO listing, > obviously ignoring reports, passing reports to > inappropriate places, etc. BTW, when "my" spammer tested the effect of SPF FAIL with my vanity host for two weeks in August I switched to "unmunged", and later sticked to it. This had no positive effect on the amount of spam I get, and maybe I get even more now. Whatever Leo does, "listwashing" is apparently not in his book. Maybe he has an upper limit for the same campaign sent to the same domain per day, but more likely he just doesn't care about this detail. If Leo uses the number of SC-reported spams as pseudo-evidence for his spamvertizing customers, then limiting the "dupes" to Message-IDs and other catchall addresses could be counter- productive from his POV. I assume that he already optimizes the usage of his zombies with the SCBL (as far as possible). Bye, Frank From nobody at xyzzy.claranet.de Sun Dec 11 18:15:15 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 12:20:02 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: <439C5EA3.56AE@xyzzy.claranet.de> spamacyde wrote: > As far as your example goes, did wanadoo.fr not want to see > the report so they chose a null email address? No, these situations are indicated differently in the "show technical details" style of output. xxx@devnull.spamcop often comes with "(x reports sent, y bounces)" counters, that's for cases where SC determined that address xxx should be (one of) the possible proper reporting addreses, but SC reports sent to xxx were rejected / bounced. The switch from "try xxx" to "give up" (= xxx@devnull.spamcop) is apparently automatical. The admins can reset the counters manually. Maybe the counters also expire automatically. If SC uses xxx@devnull.spamcop _without_ showing the counters it's a manual decision on the side of SC, not by xxx. Ellen just explained how that works in this thread. Bye, Frank From nobody at xyzzy.claranet.de Sun Dec 11 18:36:19 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 12:40:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: <439C6393.6481@xyzzy.claranet.de> Alex Gitlin wrote: > A lot of spam comes from China. What are the statistics like > - are those spam reports we submit actually useful, are they > paying off? Clueful admins hating spam exist everywhere. Admittedly I only "met" one in China so far (infected Win-box at an university), but with my setup trying to report (SC or manual) can't hurt. There are nice guys'n'gals worldwide (e.g. RU). Bye, Frank From jeffg at spamcop.net Sun Dec 11 13:14:55 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 13:15:03 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Ellen" wrote in message news:dnhhho$nhi$1@news.spamcop.net... > We turn off [reporting] addresses > for various reasons including, but not limited to, listwashing, ROKSO > listing, obviously ignoring reports, passing reports to > inappropriate places, etc. Thanks, Ellen! -- Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From nobody at xyzzy.claranet.de Sun Dec 11 19:37:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 13:45:02 2005 Subject: [SpamCop-List] Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: <439C71F1.4C2B@xyzzy.claranet.de> Jeff G. wrote: > And yours looks like you are saying "Bye" to yourself. That's no "signature" (= the lines after a line "-- "), it's a bad case of DEnglish on my side. I know that "Cheers, Frank" is possible, and for formal mails I try "Regards, F.Ellermann". What's good for news and mailing lists if I don't want to use "Cheers", is "Greets" better ? [signature] > Is the following better? Yes for the size and your intention to display a link to the forum. Maybe say "for personal replies and more about me see" (or something in this direction) instead of "see my full sig": The case where I first stumbled over your old signature wasn't here but on your "recent SC glitches" forum page - a bunch of short entries (two or three lines) with the timetamps of some recent problems followed by the old long signature, resulting in a forum page, where most of it content were copies of your signature. That's apparently a technical problem with the forum software: There are already links to some personal info about the author of each entry, but ?showuser=2041 doesn't work for guests. In other words, the link in your new sig doesn't work for me (= no forum member, only an occasional reader). Probably for privacy reasons, maybe you need some kind of "public profile" in addition to the member-only-info-pages. Using signatures within forum articles because guests (among them GoogleBot, me, spammers, who knows) can't use ?showuser= is an odd kludge, it litters the forum. $TBD, Frank -- Suggestions for $TBD better than "bye" or "cheeers" welcome. From nobody at spamcop.net Sun Dec 11 12:57:15 2005 From: nobody at spamcop.net (RW) Date: Sun Dec 11 14:00:04 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net In-Reply-To: References: Message-ID: spamacyde wrote: > "Mike Easter" wrote in message >> >>A particular at devnul is a mechanism for dropping a notification for >>some reason, for example: >> >>postmaster#wanadoo.fr[at]devnull.spamcop.net >> >>is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > As far as your example goes, did wanadoo.fr not want to see the report so > they chose a null email address? > Thanks It depends on the reason the address was sent to devnul. With wanadoo.fr, abuse.net returns both postmaster@ and abuse@. We may have heard from wanadoo.fr telling us they don't need/want two copies of each report and to send to abuse@ only, so we'd devnull mail to postmaster@. In the case of wanadoo.fr though, postmaster@ has bounced more than 50% of reports sent, so the system set the account to bouncing and devnulls reports destined for the address. Richard From edb2000 at spamcop.net Sun Dec 11 11:53:58 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Dec 11 14:55:02 2005 Subject: [SpamCop-List] spam subject of the week Message-ID: Subject: triumphal gonorrhoea [yeah, it always wins in the end...] From MikeE at ster.invalid Sun Dec 11 12:10:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 15:15:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Jeff G. wrote: > >> And yours looks like you are saying "Bye" to yourself. > > That's no "signature" (= the lines after a line "-- "), it's a > bad case of DEnglish on my side. I know that "Cheers, Frank" > is possible, and for formal mails I try "Regards, F.Ellermann". > > What's good for news and mailing lists if I don't want to use > "Cheers", is "Greets