From nttp.sc.s at bigsleep.org Wed Jun 1 03:34:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 31 22:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: On 31 May 2005 Sofa King Tyred of Lar Ting entered spamcop and left news:d7j1co$lma$1@news.spamcop.net: > Any thoughts or experiences to share? Any other theories? > I'd say you've done more than your share, did they offer to pay for the work they wanted you do do? I never visit spam sites unless I'm paid to do so. -- | Ric | From bar_n0ne at hotmail.com Wed Jun 1 10:39:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:40:03 2005 Subject: [SpamCop-List] threatening spam from catty shaq Message-ID: qoute: You are receiving this communication because your e-mail
address was included on a CD of 100 million e-mail addresses
we bought and you opted in to be on it. The can spam act
allows us to mail you with offers so please do not make false
complaints or we will be forced take legal action against
false complainants to recover any losses caused to us. end quote LART with extreme prejudice From bar_n0ne at hotmail.com Wed Jun 1 10:43:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:45:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > qoute: >SNIPPED, Oh, I forgot, that one was brought to me through auna.es from our friends at Above.net, ipowerweb.com and gblx.net, No, they are not getting the unmunged spam reports. Not this time. Let the jerks use their decoder rings for a change. From nospam at fuck-off-and-die.com Wed Jun 1 13:01:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 02:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Bud, , the sand-blind, donkey-raping retard, and servant who performs all the menial tasks, hummed: > But.....note their spelling. ("CattyShaq") Not to be confused with > the movie Caddyshack. No shit, Shylock? From bar_n0ne at hotmail.com Wed Jun 1 12:29:07 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 03:30:03 2005 Subject: [SpamCop-List] catty shaq, joe job? or? not? Message-ID: the connection to above.net, ipowerweb, and gblx makes me deeply suspicious of joe job claims. Anyone looked into this? From nobody at spamcop.net Wed Jun 1 10:08:04 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:04 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > LART with extreme prejudice Ooops - Did you consider the possibilty of a Joe-Job ? I got quite a few of these and reconsidered ! A site like this (est 2003) would be an ideal target - as discussed in nanae http://groups.google.co.uk/groups?q=cattyshaq&hl=en&lr=&c2coff=1&sa=N&tab=wg http://snipurl.com/fa8i Either way - They are officially denying knowledge of it :- http://www.cattyshaq.com/forum/modules.php?name=Forums&file=viewtopic&t=1708&sid=337c8d154c1af3da1e9aeb3fa11a87b0 http://snipurl.com/fa8h Ciao Meno From nobody at spamcop.net Wed Jun 1 10:09:51 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:07 2005 Subject: [SpamCop-List] Re: catty shaq, joe job? or? not? References: Message-ID: "Berny" wrote in message news:d7jo44$2u9$1@news.spamcop.net... > the connection to above.net, ipowerweb, and gblx makes me deeply > suspicious > of joe job claims. Anyone looked into this? > See original Topic / Thread you started ! Ciao Meno From nobody at spamcop.net Wed Jun 1 10:32:57 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:35:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhto$v2r$1@news.spamcop.net... > Oh, I forgot, that one was brought to me through auna.es from our friends > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > unmunged spam reports. Not this time. Let the jerks use their decoder > rings for a change. Both nameservers appear fairly clean at the moment. NS1.IPOWERWEB.NET 64.70.61.130 NS1.IPOWERDNS.COM 66.235.217.202 http://www.openrbl.org/ip/64/70/61/130.htm http://www.openrbl.org/ip/66/235/217/202.htm Ciao Meno From agent01413 at my-deja.com Wed Jun 1 09:54:39 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 04:55:26 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: Sofa King Tyred of Lar Ting wrote in news:d7j1co$lma$1@news.spamcop.net: > Hi, > > I've recently been forwarding the spams I get regarding sites that > offer MS software at cheap prices to piracy@microsoft.com. Most of > them go through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy >> leads to our team. >> >> The website linked in the email you forwarded is no longer valid or >> has been lost in the forwarding process. In order for us to process >> the lead, we need to have certain additional information regarding >> the company you are reporting. If you were able to capture >> information from the linked website prior to forwarding the email to >> piracy@microsoft.com, please send us all the information you have >> such as: >> >> Company name >> Company address including city and state >> Company phone number >> Company email address >> Company website >> >> With the above information we will be able to process the lead as >> requested. Again, thank you for your interest in our anti-piracy >> campaign. >> >> You may also visit our Internet site on >> http://www.microsoft.com/piracy and http://www.howtotell.com to >> review additional information on recognizing genuine Microsoft >> product and Microsoft's licensing policies. >> >> Again, thank you for your interest in our anti-piracy campaign. >> >> Microsoft Corporation >> Worldwide Sales Group > > What irks me about this, is that in most if not all of these cases, > the web site was *still* valid when I got the reply. On a couple of > the reports since then, I have even sent the DNStools and SpamCop > reports about the URLs along with the forwarded spams. They, too, have > come back saying the site was no longer active. Upon trying, I see > that it's still active. > > Here are a couple of theories that explain this: > > * Microsoft is trying to get me to do their dirty work (finding > company name, etc.) on bulletproof hosts. > * Microsoft's droid is a complete boob and sends out the wrong reply. > * The pirates are blocking HTTP access to their sites from the > anti-pirate droids @ microsoft. > > Any thoughts or experiences to share? Any other theories? > > I'm beginning to think it's a waste of mouse clicks to forward these > things to piracy@microsoft.com. Somehow I thought the legal power of > Microsoft could be used to good of spam fighting... > > I'm particularly offended if my first theory is correct, especially > given their monopoly status! > Your set of emails from MSFT matches mine, except that in my case I responded with a link from nanas to multiple sightings. The second response I got looked more like that coming from someone with clue pre- installed. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From agent01413 at my-deja.com Wed Jun 1 09:59:41 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 05:00:06 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Brian (SnSR)" wrote in news:d7jeo7$t0r$1@news.spamcop.net: > Bud wrote: >> Posted in .spam >> >> http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e >> 33z >> >> > > Careful with this one. Not certain yet, but looking at the sites, and > with the way the "spam" is written, my gut reaction is Joe job. > > Brian the site is claiming joe job the site isnt selling anything the site goes after spammers, especially those involved in fraud this screams joe job at me. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From bar_n0ne at hotmail.com Wed Jun 1 14:13:11 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 05:15:07 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "me-no-no" wrote in message news:d7jrrg$4ui$1@news.spamcop.net... > "Berny" wrote in message > news:d7jhto$v2r$1@news.spamcop.net... > > > Oh, I forgot, that one was brought to me through auna.es from our friends > > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > > unmunged spam reports. Not this time. Let the jerks use their decoder > > rings for a change. > > Both nameservers appear fairly clean at the moment. > > NS1.IPOWERWEB.NET 64.70.61.130 > NS1.IPOWERDNS.COM 66.235.217.202 > http://www.openrbl.org/ip/64/70/61/130.htm > http://www.openrbl.org/ip/66/235/217/202.htm > > Ciao > Meno Wasn't so long ago that corner of the web was considered pretty black hat, so the knee jerk reaction is to LART anything from there. Imagine not LARTing spams with links in Whoa.com space, imagine opening one to see! and what exactly is meet my computer dot com about? From bar_n0ne at hotmail.com Wed Jun 1 15:17:31 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 06:20:03 2005 Subject: [SpamCop-List] Re: XO spam (tradepointone,pinpointmoney,servingones etc. (dot) com) not CanSpam compliant References: Message-ID: "Cat" wrote in message news:d7dr7i$saj$1@news.spamcop.net... SNIPPED: > > resolutionteam@support.xohost.com, monica.henderson@xo.com, > jim.tobias@xo.com > > SNIPPED > > Please feel free to continue to send any complaints > regarding this issue to myself > monica.henderson@xo.com and also to Jim Tobias > jim.tobias@xo.com." How many letters did it take? I wrote a relatively polite letter (did not reveal the spammed address, but provided tracking links to SC-munged reports.) But the crap still comes. Maybe I need to visit the spamvertized sites and see if there is an "unsubscribe procedure", and "unsubscribe" the above. Others have written that they tried to unsubscribe in the past, with no success. Probably these addresses use a milter that /dev/null's anything with a link or mention of spamcop in it. From gezgin at spamcop.net Wed Jun 1 15:12:43 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Jun 1 07:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Bud" wrote > While I've been doing this, I just got eight more, > ("CattyShaq" ), but again all > different 'received: from' IPs. This guy don't like me. The spew from "mypants.com" seems to be abating. I haven't received one in about half an hour. (Knock wood.) -- Bob Kanyak's Doghouse http://www.kanyak.com From nobody at devnull.spamcop.net Wed Jun 1 08:24:16 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Wed Jun 1 07:25:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Socks the Whitehouse Cat wrote: > > this screams joe job at me. > Especially this part of the spam: You are receiving this communication because your e-mail address was included on a CD of 100 million e-mail addresses we bought and you opted in to be on it. The can spam act allows us to mail you with offers so please do not make false complaints or we will be forced take legal action against false complainants to recover any losses caused to us. demesy -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From Kilgallen at SpamCop.net Wed Jun 1 07:41:44 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: In article , "N. Miller" writes: > On 31 May 2005 15:42:27 -0500, Larry Kilgallen wrote: > >> In article , Sofa King Tyred of Lar Ting writes: >>> Hi there, >>> >>> I use spampal which is linked into spamcop's block list. Lately SpamPal >>> has been trashing legit emails sent via hotmail. For example, it claims >>> that 65.54.175.200 is listed on the SPCOP list. Using the SC reporting >>> page, I can confirm this as true as of the time of this post. >>> >>> My question: >>> >>> I assume that this is due to lax response on behalf of hotmail. >> >> I would say, rather, that this is due to a faulty business model on >> the part of Hotmail. My understanding is that in at least some cases >> they offer email access without charge, so there is no way they can >> charge spammers a cleanup fee. > > This is true for any free email service. If it is offered free, how can > they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and Yahoo! as > well. As I said, a faulty busines model (vis. a vis. spam). From Kilgallen at SpamCop.net Wed Jun 1 07:42:36 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:05 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: In article , Sofa King Tyred of Lar Ting writes: > Hi, > > I've recently been forwarding the spams I get regarding sites that offer > MS software at cheap prices to piracy@microsoft.com. Most of them go > through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy leads to our team. I have _never_ gotten such a response from piracy@microsoft.com. From nobody at spamcop.net Wed Jun 1 09:13:28 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 08:20:02 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > Looks like a joe-job. I am setting the two urls to innocent bystander. If anyone finds out differently let me know. And yes you can report each one you receive. Ellen From nospam at fuck-off-and-die.com Wed Jun 1 19:15:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 08:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: <27291f7437274731b7e1957c8dcfae5a@you.soft-nosed-putrefactive-baggage.net> Gezgin, , the sickly, gill-equipped curryaholic, and oxherder, reprobated: > (Knock wood.) You'll be less likely to get splinters in your knuckles if you smooth-plane your head first. From nobodyy at devnull.spamcop.net Wed Jun 1 10:39:20 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 09:40:03 2005 Subject: [SpamCop-List] Someone using my SpamCop account? or is it Spam? Message-ID: I am not sure I am posting this to the right SC newsgroup. I don't need the headers parsed but am posting the header that came in the body of an email seemingly from SpamCop. I have a SpamCop paid account that is still active, but have not been using it lately. I don't think I have used it in 4 months or so. But I receive email [several to date] saying there is an error in processing spam. I have not sprcessed any spam at SpamCop. The following is the full email, not headers from the spam. What is this and is it pure Spam or is someone using my paid SpamCop account? ------------------------------------------------ SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. The email which triggered this auto-response had the following headers: Return-Path: Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com [192.168.18.81]) by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 for ; Wed, 1 Jun 2005 05:56:16 -0700 (PDT) Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 Date: Thu, 02 Jun 2005 04:04:32 +0000 From: Sbtt Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super D1sc0unt To: Submit.kwop3bwk540ooff0 References: <9H7EH064914KBF0D@spam.spamcop.net> In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> Message-ID: <8I3EF8F24DIG548D@atari-portal.net> Reply-To: Stimconfessing Sender: K6j32 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit -- Stello From MikeE at ster.invalid Wed Jun 1 08:03:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:05:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > I am not sure I am posting this to the right SC newsgroup. I don't > need the headers parsed but am posting the header that came in the > body of an email seemingly from SpamCop. Yabbut, you are posting some headers which were in the body of a mail whose headers we are interested in. What would've been better would have been if you had pasted the entire mail into the parser, copied the tracking url, cancelled the report, and pasted the tracker in here. That way we could look at the headers of the item you received, as well as this content which you've pasted here, which not only takes up more 'space' than a tracker, but also isn't quite as informative as having the entire thing. If you wanted or needed to do some modest mungeing of the item before submitting it to the parser, you should make it clear in your post how much you have munged. > I have a SpamCop paid account that is still active, but have not been > using it lately. I don't think I have used it in 4 months or so. > But I receive email [several to date] saying there is an error in > processing spam. I have not sprcessed any spam at SpamCop. The > following is the full email, not headers from the spam. What is > this and is it pure Spam or is someone using my paid SpamCop account? Your signup authorization letter contains a pw and a submit code which are/were secret. This item contains a submit code in more than one place. It also includes headers with a bogus helo. I suspect that if you examine your authorization registration letter, you will find your submit code matches that for this item. > for > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) 58.75.37.29 no rDNS is the .kr boranet > Subject: Submit.kwop3bwk540ooff0, New ??" C1AL1S S0FTABS ??" at Super > To: Submit.kwop3bwk540ooff0 That looks to me like spamcop received a spam sourced from the boranet IP with your personal 'secret' submit code in the To. That could have happened by your computer being infected with a virus and 'passing out' the various addresses which can be found on its drives. Theoretically no one else should have your personal secret submit address. You should be fixing your spamcop account and checking out your system for virms and spyware. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Jun 1 16:06:53 2005 From: nobody at spamcop.net (Bodger) Date: Wed Jun 1 10:10:02 2005 Subject: [SpamCop-List] Re: phishing site References: Message-ID: good "Larry Kilgallen" wrote in message news:K5ZpWRSzQl81@eisner.encompasserve.org... > In article , "Bodger" writes: > > I wish you would ignore my posts. > > Don't worry, as soon as someone responds to a top-posting complaint > by top-posting they are quickly entered into many killfiles. From MikeE at ster.invalid Wed Jun 1 08:13:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Socks the Whitehouse Cat wrote: > "Brian (SnSR)" >> Careful with this one. Not certain yet, but looking at the sites, and >> with the way the "spam" is written, my gut reaction is Joe job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > > this screams joe job at me. The problem with analyzing joe jobs is that we must not forget about bogus joejobs, fake joejobs, and trick fake joejobs. I seem to recall an issue in which it was never completely clear to me about what was apparent a joejob on the darksecrets forum, which was also a forum and which also wasn't selling anything, but which had something to gain by the attention being brought to it, and which could easily 'coast' in their response to their site provider to say "This is obviously a joejob. You can't whack me for all that spam." In the case of the darksecrets issue, the elements were different. The darksecrets forum was a little 'darker' than this forum -- and the spam content was more bogus, since it was ostensibly promoting illegal weapons, narcotics, and kiddy pr0n. So, this /may/ be a joejob; but don't forget about the possibility of a trick fake joejob. The forum will benefit from this attention, and they can claim joejob and skate as far as being whacked by their website provider. -- Mike Easter kibitzer, not SC admin From newandrew at rump.dk Wed Jun 1 15:17:27 2005 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Wed Jun 1 10:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Socks the Whitehouse Cat mumbled in news:Xns96681E68F25CAagent01413MYDEJACOM@216.154.195.61: > "Brian (SnSR)" wrote in > news:d7jeo7$t0r$1@news.spamcop.net: >> Careful with this one. Not certain yet, but looking at the sites, >> and with the way the "spam" is written, my gut reaction is Joe >> job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > this screams joe job at me. Agree. 3 of my domains received over 400 of these mails sent to a few users, including SpamCop e-mail addresses!?! For some unknown reason SpamCop do find the JoeJob'ed sites but do not take them in to the calculation - I would have expected the site to have been reported and appealed but that doesn't show on the SpamCop reporting page. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From PossumTrot at dont.spam.me Wed Jun 1 08:32:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Larry Kilgallen" wrote in message news:IBlqYdt92LZ0@eisner.encompasserve.org... > In article , Sofa King Tyred of Lar Ting > writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. I have reported well over 100 times to the piracy@microsoft.com address and have never gotten a response like the ones referred to by Sofa. Sounds like some microsoftie is clueless. Has M$ maybe outsourced this function to India? From PossumTrot at dont.spam.me Wed Jun 1 08:36:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:40:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > -- > Bud Also known as the You Can Spam Act, since it _allows_ Spammy to continue to spam if he/she/it follows the rules. From nobodyy at devnull.spamcop.net Wed Jun 1 11:42:18 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 10:45:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Mike Easter" wrote in message news:d7kf6k$fk9$1@news.spamcop.net... > Stello wrote: > Yabbut, you are posting some headers which were in the body of a mail > whose headers we are interested in. What would've been better would > have been if you had pasted the entire mail into the parser, copied the > tracking url, cancelled the report, and pasted the tracker in here. Is this the newsgroup to post the full headers? > > That way we could look at the headers of the item you received, as well > as this content which you've pasted here, which not only takes up more > 'space' than a tracker, but also isn't quite as informative as having > the entire thing. If you wanted or needed to do some modest mungeing of > the item before submitting it to the parser, you should make it clear in > your post how much you have munged. The headers in the body of the email I posted were not true headers. They were in the body of the email I received, supposedly from SpamCop. I looked for my personal information and didn't see any, which is why I think it is a spam, phishing, or spoof. No viruses on board this machine or spyware or trojans. > > Your signup authorization letter contains a pw and a submit code which > are/were secret. This item contains a submit code in more than one > place. It also includes headers with a bogus helo. I suspect that if > you examine your authorization registration letter, you will find your > submit code matches that for this item. Well once upon a time I may have had an authorization letter with a submit code. I have had this paid account for so long, I only need to sign in using an email address. I have long forgotten the rest. Ill check out my account. > > > -- > Mike Easter > kibitzer, not SC admin > From wb8tyw at qsl.network Wed Jun 1 11:02:39 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Jun 1 11:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: <4EDqLduTR1iw@eisner.encompasserve.org> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , > Sofa King Tyred of Lar Ting writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. Are you reporting them as additional addresses on your spamcop larts? In that case, spamcop.net is probably deleting the robot replies. I am getting several variations of the bed-bug letters from Microsoft, and a few months ago, a new variant showed up. It requested more information because at the time the program at Microsoft processed the URL, it was unable to resolve the domain that the spammer was using. Since I forward such spam as attachments to piracy@microsoft.com from one of my other e-mail addresses along with copies to the spam@uce.gov address, I am now putting the spamcop.net parsing information for the URL in the body of the message. If the spamcop.net parser can not resolve the domain, I plug it into http://moensted.dk/spam/ and this gives me a handy link to spamhaus.org (spamhaus.org now requires cookies). I then paste the spamhaus.org listing in the body of the message. Now I am only getting the ones requesting more information when neither spamcop.net or moensted.dk can resolve the domain name. So something at piracy@microsoft.com is processing the reports and wants to know what the contact information is for the spamvertized domains. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Wed Jun 1 09:11:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > "Mike Easter" >> What would've been better would >> have been if you had pasted the entire mail into the parser, copied >> the tracking url, cancelled the report, and pasted the tracker in >> here. > > Is this the newsgroup to post the full headers? What I was trying to say was that posting a tracker is the best way to communicate about any mail which we might have occasion to discuss here. The tracker is a 'storage vault' for the entire item, from top to bottom, the whole enchilada/ magillicutty whether it is a spam, some kind of mysterymail, or something pretending to be from your Aunt Betsy. It is undesirable for several reasons to be posting spam and other mail of question into this newsgroup. Previously the newsgroup spamcop.spam was intended for that purpose, but that was long ago before the parser storage vault could save the entire spam for discussing. To get a tracker, you select the item in question, spam or mysterymail, then you perform the necessary steps to get the whole enchilada copied; in the case of OE Outlook Express, that would be File/ Properties/ Details tab/ Message source - then ctrl-A ctrl-C will get it copied and pasted into the parser. Then, after the parsing, copy the tracker, which looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z770183536z7f45882dcf03c22fb82536c4f2297d7dz We can use that tracker to examine the mail's headers, body, attachments -- everything and nothing else needs to be posted here. >> That way we could look at the headers of the item you received, as >> well as this content which you've pasted here, which not only takes >> up more 'space' than a tracker, but also isn't quite as informative >> as having the entire thing. > The headers in the body of the email I posted were not true headers. > They were in the body of the email I received, supposedly from > SpamCop. I understand exactly what they were. I also believe them to be true headers as spamcop received the item. But the point is that if we were looking at the tracker instead of just the body of the mail, we would be able to see it all and actually verify that our/my assumptions are correct about that being an item which came from spamcop as a result of an html spam being addressed to /your/ personal secret submit address > I looked for my personal information and didn't see any, > which is why I think it is a spam, phishing, or spoof. No viruses on > board this machine or spyware or trojans. How do you propose the spammer got your personal secret submit address? > Well once upon a time I may have had an authorization letter with a > submit code. I have had this paid account for so long, I only need > to sign in using an email address. I have long forgotten the rest. The authorization letter contains your password and the submit code. Unless there's something different about pay accounts, your login with the password doesn't last forever. It likely maxes out as a year. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Wed Jun 1 11:11:41 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 11:15:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: <4EDqLduTR1iw@eisner.encompasserve.org> Message-ID: In article <4EDqLduTR1iw@eisner.encompasserve.org>, wb8tyw@qsl.network (John E. Malmberg) writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) writes: >> In article , >> Sofa King Tyred of Lar Ting writes: >>> Hi, >>> >>> I've recently been forwarding the spams I get regarding sites that offer >>> MS software at cheap prices to piracy@microsoft.com. Most of them go >>> through with a standard, semi-automated thank-you response. >>> >>> However, about 5 or 6 have come back later with a response that reads: >>> >>>> Hello, >>>> >>>> Thank you for contacting the Microsoft Anti-Piracy Team. >>>> >>>> We appreciate that you have taken the time to forward anti-piracy leads >>>> to our team. >> >> I have _never_ gotten such a response from piracy@microsoft.com. > > Are you reporting them as additional addresses on your spamcop larts? Yes -- that is the only way I send reports to people, including to news.admin.net-abuse.sightings. From MikeE at ster.invalid Wed Jun 1 09:29:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:30:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > The authorization letter contains your password and the submit code. Oops. This may not be correct. The initial authorization letter contains the password. After the login, the page http://www.spamcop.net/ contains the submit code in this line which is 2 lines above the parser window:: Forward your spam to: submit.16charANcodeNMBR@spam.spamcop.net or: where the 16charANcodeNMBR is case sensitive alphas and numerics. So, since the submit code isn't contained in the authorization letter, that puts a different spin on the question of where/how the spammer could get the submit. That is, it means that scraping it from the authorization letter isn't on the list of possibilities, I guess, unless the pay accounts are handled differently than free accounts. Someone else will have to answer that question. Does any kind of spamcop mail about a paid account contain the submit code information, or only the password? -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Wed Jun 1 12:36:47 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 1 11:40:04 2005 Subject: [SpamCop-List] over 50% spam skips over URL Message-ID: The "bug" that causes SC's parser to skip reporting a URL even though it sort-of finds it is now more than 50% of my daily spam. At what point does it become important enough to warrant an investigation? Just curious. As a refresher, this is what the "bug" looks like Finding links in message body Recurse multipart: Parsing HTML part Parsing text part Resolving link obfuscation http://www.jnaz.net/world/ http://www.jnaz.net/un.php Please make sure this email IS spam: there should be something between these last two lines: either a cannot resolve or a time out or something -but not just a blank line jnaz.net parses perfectly normally, manually with the following reporting address Reporting addresses: s_mal@informtelecom.ru It's as if the software spins out a thread to look up the DNS and reporting address and the main program forgets about the thread and continues on its merry way. But that's only a guess. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Wed Jun 1 10:19:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 12:20:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > So, since the submit code isn't contained in the authorization letter, > that puts a different spin on the question of where/how the spammer > could get the submit. That is, it means that scraping it from the > authorization letter isn't on the list of possibilities, I guess, Other places a submit address could 'reside'.... - in your addressbook if you ever used that address to submit - in the mail received by any other entity if you addressed copies to others to whom you report a spam. The first example could occur if you clicked on the mailto on the parser page, which would start an email with the submit address, which address if R clicked would provide an opportunity to enter into the addressbook. The second if you were going to submit an item to the spamcop submit address and decided to also send it to someone/something else. I don't know why you would do that, but it is possible. The other would be if you copied that address for some reason -- or if the SC pay account communication contained the submit. -- Mike Easter kibitzer, not SC admin From davigarQUITAESTO at excite.com Wed Jun 1 19:48:06 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 12:50:02 2005 Subject: [SpamCop-List] No recent reports, no history available Message-ID: Return-Path: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 From: "svsxfsszjjf" To: , , , , , , , , , , Cc: x , Subject: oxxxxycontin no scriptt Date: Mon, 02 May 2005 09:24:58 -0800 Message-ID: <0056______________________998c@wlhjv> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01C54EF8.CF0F0090" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal X-Antivirus: avast! (VPS 0522-6, 01/06/2005), Inbound message X-Antivirus-Status: CleanView entire message Parsing header: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 221.151.230.227 found host 221.151.230.227 (getting name) no name Possible spammer: 221.151.230.227 Received line accepted Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 no date found 203.208.205.207 found host 203.208.205.207 (getting name) no name 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays Tracking message source: 221.151.230.227: Routing details for 221.151.230.227 [refresh/show] Cached whois for 221.151.230.227 : bonbu@kt.co.kr ip@ns.kornet.net abuse@kornet.net Using best contacts abuse@kornet.net Yum, this spam is fresh! Message is 0 hours old 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) 221.151.230.227 is an open proxy 221.151.230.227 not listed in accredit.habeas.com 221.151.230.227 not listed in plus.bondedsender.org 221.151.230.227 not listed in iadb.isipp.com Finding links in message body Recurse multipart: Parsing text part Parsing HTML part Resolving link obfuscation http://phersermeds.com/tx host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://charlescharleycheckerchock.com/tx host charlescharleycheckerchock.com (checking ip) ip not found ; charlescharleycheckerchock.com discarded as fake. http://phersermeds.com host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. http://noremore.com host noremore.com (checking ip) ip not found ; noremore.com discarded as fake. Tracking link: http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d No recent reports, no history available Cannot resolve http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d Tracking link: http://noremore.com No recent reports, no history available Cannot resolve http://noremore.com Tracking link: http://charlescharleycheckerchock.com/tx No recent reports, no history available Cannot resolve http://charlescharleycheckerchock.com/tx Tracking link: http://phersermeds.com/tx No recent reports, no history available Cannot resolve http://phersermeds.com/tx Tracking link: http://phersermeds.com No recent reports, no history available Cannot resolve http://phersermeds.com Please make sure this email IS spam: From: "svsxfsszjjf" (oxxxxycontin no scriptt) This is a multi-part message in MIME format. ------=_NextPart_000_0053_01C54EF8.CF0F0090 ------------------ END OF SPAM------------------------------------------------ Hi All false one? . Fake domains. Nobody to whom to complain? ,-) http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez Regards From null at null.com.none Wed Jun 1 18:52:14 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 12:55:03 2005 Subject: [SpamCop-List] NTL mailhosts wrong again Message-ID: Can a deputy please sort out the NTL mailhosts, new mailservers without proper hostnames have been added, tried re-adding them on my mailhosts but the mailhosts just complain and wont update, now I have lost my mailhosts completly for ntl. Can some rename them from Tesco to NTL too. Heres the submision that spamcop mailhosts wont accept, always worked ok in the past;- Return-Path: Received: from mta02-winn.ispmail.ntl.com (mta02-winn.ispmail.ntl.com [81.103.221.42]) by marti.mine.nu (8.12.6/8.12.6/SuSE Linux 0.6) with ESMTP id j51GNvxm003289 for ; Wed, 1 Jun 2005 17:23:57 +0100 X-Envelope-From: service@admin.spamcop.net Received: from aamta03-winn.ispmail.ntl.com ([81.103.221.35]) by mta02-winn.ispmail.ntl.com with ESMTP id <20050601162357.ZKWO19182.mta02-winn.ispmail.ntl.com@aamta03-winn.ispmail.ntl.com> for ; Wed, 1 Jun 2005 17:23:57 +0100 Received: from spamcop.net ([64.74.133.245]) by aamta03-winn.ispmail.ntl.com with SMTP id <20050601162356.ZDWH11190.aamta03-winn.ispmail.ntl.com@spamcop.net> for ; Wed, 1 Jun 2005 17:23:56 +0100 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 Received: from [81.106.206.105, 82.3.32.71] by spamcop.net with HTTP; Wed, 01 Jun 2005 16:23:53 GMT From: SpamCop robot To: x@ntlworld.com Subject: SpamCop account configuration email Precedence: list Message-ID: Date: Wed, 01 Jun 2005 16:23:53 GMT X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) via http://www.spamcop.net/ v1.456 X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/) X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on marti.mine.nu X-Spam-Level: *** X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_40, DNS_FROM_RFC_ABUSE,FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, FROM_HAS_MIXED_NUMS autolearn=no X-UIDL: #7A!!>hl!!d4-!!8^2"! Hello SpamCop user, This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account. Please return this complete email, preserving full headers and the special tracking codes below. Visit this address: http://www.spamcop.net/mcgi?action=mhreturn Alternately, you may submit via email. Forward the message as an attachment to this address. Or create a new message and paste this email into it. Either way, send it to to: mhconf.9sexhjZFc8O7NHr1@cmds.spamcop.net Some email software may only support one or the other of these submission methods. For information on your email software and to learn how to get full headers see this FAQ: http://www.spamcop.net/fom-serve/cache/19.html Special codes follow: ################################################################ X-SpamCop-Mx: smtpin.ntlworld.com. X-SpamCop-Mx-Ip: 81.103.221.10 X-SpamCop-Mh-Name: NTL X-SpamCop-Recip: x@ntlworld.com X-SpamCop-Unixtime: 1117643033 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 X-SpamCop-Randomness: G5rDTtfiE341UC1y X-SpamCop-Hash: b0600fb68b16f9e89106bf5eecfbbdc2 ################################################################ From nobody at spamcop.net Wed Jun 1 12:45:42 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:25:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: -- "Stello" wrote in message news:d7kdq7$epm$1@news.spamcop.net... > I am not sure I am posting this to the right SC newsgroup. I don't need the > headers parsed but am posting the header that came in the body of an email > seemingly from SpamCop. > > I have a SpamCop paid account that is still active, but have not been using > it lately. I don't think I have used it in 4 months or so. But I receive > email [several to date] saying there is an error in processing spam. I have > not sprcessed any spam at SpamCop. The following is the full email, not > headers from the spam. What is this and is it pure Spam or is someone using > my paid SpamCop account? > > ------------------------------------------------ > > SpamCop encountered errors while saving spam for processing: > Message forwarded in html wrapper. > > When forwarding spam, use a MIME attachment or text-type message with > the spam enclosed. Do not send spam in HTML format. Sometimes this > error is caused by using a "resend" feature to forward spam. > > HTML spam should be sent in text (source code) format. > > > The email which triggered this auto-response had the following headers: > Return-Path: > Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com > [192.168.18.81]) > by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 > for ; Wed, 1 Jun 2005 > 05:56:16 -0700 (PDT) > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) > by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 > Date: Thu, 02 Jun 2005 04:04:32 +0000 > From: Sbtt > Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super > D1sc0unt > To: Submit.kwop3bwk540ooff0 > References: <9H7EH064914KBF0D@spam.spamcop.net> > In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> > Message-ID: <8I3EF8F24DIG548D@atari-portal.net> > Reply-To: Stimconfessing > Sender: K6j32 > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > > > -- > Stello > > I have suspended the reporting privileges on the account with that auth code. Please write to service admin.spamcop.net now and include your registered SpamCop email address. Don will get this straightened out and new auth codesw assigned. Ellen SpamCop From nobody at spamcop.net Wed Jun 1 14:31:49 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:40:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. > Heres the submision that spamcop mailhosts wont accept, always worked ok in > the past;- > After I got the headers unmangled then I noticed that you had modified the special codes section and the system will not accept that. If you want to send a copy with complete headers unmodified to us at deputies admin.spamcop.net then we will try to get the probe accepted. Do you happen to know the IPs of the new mailservers? Ellen SpamCop From nobody at devnull.spamcop.net Wed Jun 1 13:37:06 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Jun 1 13:40:05 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. Had you tried the identified support spot for MailHost configuration, you'd have found proper precedures and addresses for direct contact for such personal assistance. http://forum.spamcop.net/forums/ > This email contains special codes and tracking information to help SpamCop > figure out your specific email configuration. Do not post this email in > public. It contains confidential information related to the security of > your SpamCop account. What a way to demonstrate that you can follow directions. Now you've created yet another issue that needs resolving. > Alternately, you may submit via email. Forward the message as an > attachment to this address. Or create a new message and paste this email > into it. Either way, send it to to: > > @cmds.spamcop.net Now that you've posted your 'secret' codes ... good luck on getting things straightened out. Perhaps Ellen will pass through here and take some pity ... From nobody at spamcop.net Wed Jun 1 15:04:50 2005 From: nobody at spamcop.net (Anti-Spam) Date: Wed Jun 1 14:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Possum Trot" wrote in message news:d7kh1p$grv$1@news.spamcop.net... > > "Larry Kilgallen" wrote in message > news:IBlqYdt92LZ0@eisner.encompasserve.org... > > In article , Sofa King Tyred of Lar Ting > > writes: > >> Hi, > >> > >> I've recently been forwarding the spams I get regarding sites that offer > >> MS software at cheap prices to piracy@microsoft.com. Most of them go > >> through with a standard, semi-automated thank-you response. > >> > >> However, about 5 or 6 have come back later with a response that reads: > >> > >>> Hello, > >>> > >>> Thank you for contacting the Microsoft Anti-Piracy Team. > >>> > >>> We appreciate that you have taken the time to forward anti-piracy leads > >>> to our team. > > > > I have _never_ gotten such a response from piracy@microsoft.com. > > I have reported well over 100 times to the piracy@microsoft.com address and > have never gotten a response like the ones referred to by Sofa. Sounds like > some microsoftie is clueless. Has M$ maybe outsourced this function to > India? > I forward at least a couple of spam a day to piracy@microsoft.com (direct, not through SC) and get responses in bunches every few days, although not necessarily for every spam. There are about three standard form letters, and this 'no address found' seems to make up maybe 25% of them (WAG). I'd guess that these 'no address found' ones have been around since at least as far back as the beginning of the year. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: if@pdczugidxvfbhrctp.com (generated by Webpoison) From MikeE at ster.invalid Wed Jun 1 12:40:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 14:45:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez The tracker is a link to the original spam which was parsed, and it also demonstrates how SC would parse the item at the time of access. You could have posted just that and the result that none of the links were resolved, either in your words or pasted in SC's, such as a part of what you pasted here: > Resolving link obfuscation > http://phersermeds.com/tx > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://charlescharleycheckerchock.com/tx > host charlescharleycheckerchock.com (checking ip) ip not found ; > charlescharleycheckerchock.com discarded as fake. > http://phersermeds.com > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d > host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not > found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. > http://noremore.com > host noremore.com (checking ip) ip not found ; noremore.com discarded as > fake. noremore is a bad 'catch' -- it isn't a link in the spam. Parser error My resolver sez: phersermeds.com DNS 221.229.119.105 charlescharleycheckerchock.com DNS 221.229.119.105 viccxodinnes-hydrooocodxes-painnnkillerxz.comm doesn't resolve, of course noremore.com doesn't resolve and shouldn't have been in there We could discuss why SC's resolver doesn't resolve them if anyone is interested. -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Wed Jun 1 21:54:37 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 15:55:02 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > I would uncheck the reports sent about the two links (caddyshaq and > meetmycomputer). I'm still not sure about this, but from the looks of > the sites, I don't believe that they would be likely to spam. I could > be wrong. Cattyshaq looks to be innocent and the target of a joe-job. On the other hand, Meetyourcomputer has several links through clickbank to the sites of some "anti-spyware" products of extremely dubious nature. The sort where the free version tells you that you have spyware when you don't and then invites you to buy the full version to remove the non-existent spyware. One of the sites it links to is adwaredeluxe, which you can read more about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm Interestingly enough, on further digging, both spamvertised sites are registered to the same person. The more I look into it, the less it feels like a joe-job and the more it looks like the usual rogue affiliate spammer. Either that, or somebody who is proporting to protect people from online scams is not competent enough to do due diligence on their advertising links. I reported around 50 of these things this morning without LARTing the web host. If I get any more, I think I'll change that. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 21:56:36 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >WazoO" wrote in message >news:d7kro3$nq5$1@news.spamcop.net... > > Had you tried the identified support spot for MailHost configuration, > you'd have found proper precedures and addresses for direct > contact for such personal assistance. > http://forum.spamcop.net/forums/ I dont use forums I use usenet, so get over it > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > Where in the email back from spamcop saying it failed does it give me directions to follow, it dosent!! > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... > Well to be honest, this problem of new mailservers needs sorting out with the spamcop mailhosts sytem, it somehow needs to be able to auto-add new ones, I shouldnt have to delete and re-add your mailhosts everytime this happens. Next time I wont bother doing or saying anything, I will just leave it for the inempt spamcop reporters to report the ntl mail servers has they did before and let spamcops reputation of blocking incorrect addresses get worse. From glnews030922 at highspot.net Wed Jun 1 22:01:00 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 16:00:07 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? In-Reply-To: References: Message-ID: Ellen wrote: > "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > >>Posted in .spam >> >>http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z >> >> > > Looks like a joe-job. I am setting the two urls to innocent bystander. If > anyone finds out differently let me know. And yes you can report each one > you receive. Hi Ellen, The more I dig into these, the less it looks like a joe-job to me. The second site has affiliate links pointing to some products whose marketing tactics border on the fraudulent. See my other post in this thread. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 22:27:58 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:30:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >Ellen" wrote in message >news:d7krlm$npm$1@news.spamcop.net... > > > After I got the headers unmangled then I noticed that you had modified > the > special codes section and the system will not accept that. > > If you want to send a copy with complete headers unmodified to us at > deputies admin.spamcop.net > then we will try to get the probe accepted. > > Do you happen to know the IPs of the new mailservers? > > Ellen > SpamCop > I appologise if my post has caused you problems Ellen. Has for helping any further I don't feel inclined to after the Flame I got from Wazoo, maybe he would like to offer to sort it out for you. I wont be posting here again, I will leave it for someone else to pick up the peices next time this happens, which it will, because my ISP will carry on adding more mailservers on a regular basis. Regards Martin From nobody at spamcop.net Wed Jun 1 17:48:47 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 16:55:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l5of$tou$1@news.spamcop.net... > > > I appologise if my post has caused you problems Ellen. > Has for helping any further I don't feel inclined to after the Flame I got > from Wazoo, maybe he would like to offer to sort it out for you. > I wont be posting here again, I will leave it for someone else to pick up > the peices next time this happens, which it will, because my ISP will carry > on adding more mailservers on a regular basis. > > Regards Martin > > I did get an email from elsewhere with the new NTL server IPs in it and set a flag for them so the system does know they are mailservers. If you want to pursue adding your mailhosts back and have a problem you can write to me at deputies admin.spamcop.net and we can get that straightened out. Ellen SpamCop From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:33:13 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:35:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: *plonk* From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 16:32:19 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 18:35:06 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: > Brian (SnSR) wrote: > > >> I would uncheck the reports sent about the two links (caddyshaq and >> meetmycomputer). I'm still not sure about this, but from the looks of >> the sites, I don't believe that they would be likely to spam. I could >> be wrong. > > > Cattyshaq looks to be innocent and the target of a joe-job. > > On the other hand, Meetyourcomputer has several links through clickbank > to the sites of some "anti-spyware" products of extremely dubious > nature. The sort where the free version tells you that you have spyware > when you don't and then invites you to buy the full version to remove > the non-existent spyware. > > One of the sites it links to is adwaredeluxe, which you can read more > about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm > > Interestingly enough, on further digging, both spamvertised sites are > registered to the same person. The more I look into it, the less it > feels like a joe-job and the more it looks like the usual rogue > affiliate spammer. Either that, or somebody who is proporting to protect > people from online scams is not competent enough to do due diligence on > their advertising links. > > I reported around 50 of these things this morning without LARTing the > web host. If I get any more, I think I'll change that. > The domains being registered to the same person does not have anything to do with it being or not being a joe job. It is likely that, if this is a joe job, that the scammer has been reading their forum and most likely it is common knowledge that the two sites are related. I tried to signup for the forum earlier this morning, but have not received my confirmation. How would an affiliate get paid? Do they offer affiliate programs? Think about what the Caddy Shaq site is doing. Might this not piss off some scammer? Same with the meetyourcomputer site. Their host, ipowerweb also seems to be clean, at least on a quick, preliminary check. I haven't had time to really dig, so I may be wrong. One reason for caution, is that bad reporting gives anti-spammers a bad image. The link for adwaredeluxe.com is problematic, I agree. Brian From davigarQUITAESTO at excite.com Thu Jun 2 01:36:17 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 18:40:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: "Mike Easter" escribió en el mensaje news:d7kvf6$q3r$1@news.spamcop.net... > Averroes wrote: > > Surely. It was a small "divertimento" after to process tons of sweepings with the technique of the camouflage of domains. Sorry ;-) > We could discuss why SC's resolver doesn't resolve them if anyone is > interested. Ok. I suppose that the difficulty of the dredges of Spam Cop is because "fake domain" is redirected. Find "the true" domain of spamer Saludos From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:42:26 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:45:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: eddie wrote in news:pan.2005.05.31.16.32.16.564000@eddie.web: > > Looks as if we hit a spamkiddy. I love the smell of fresh spam - > smells like - like - - victory. > Thanks, Dharmy-kid for letting us know we got through to you. > Om mani padme hung one on you. > That guy is an idiot. That hotmail account is only used specifically for newsgroups and sending LARTs to dubious ISPs. Basically just a throwaway. I've already posted it here before and I do receive spam through it. (But Microsoft's recent improvements on the spamfilters has reduced the spam flow to near nothing.) Either way.. he has been escalated to plonk-on-sight permanently. From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:45:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:50:04 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: Blammo wrote in news:Xns966730861A38Dblammo@216.154.195.61: >> >> Try Xnews. It's free. >> > > And you don't need to install anything, you can tuck it away in a > folder somewhere, noone but you needs to know. Though it's pretty much > news only. > > No registry crap to worry about.. nothing. It was the way everyone installed programs 15 years ago when the only thing in town was MS-DOS. Those were they days. :-) But back to Xnews, It's quite a powerful little application too. :-) From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:58:35 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:00:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: Kilgallen@SpamCop.net (Larry Kilgallen) wrote in news:tX6lula4D5zF@eisner.encompasserve.org: >> >> This is true for any free email service. If it is offered free, how >> can they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and >> Yahoo! as well. > > As I said, a faulty busines model (vis. a vis. spam). > They do have limits on out-going email. But if a spammer opens numerous accounts and uses an automated program to get through the web interface, that could be a problem until all those open bum accounts get the mallet. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:05:15 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:10:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Anti-Spam" wrote in news:d7ktca$ov1$1@news.spamcop.net: >> > >> > I have _never_ gotten such a response from piracy@microsoft.com. >> >> I have reported well over 100 times to the piracy@microsoft.com >> address and have never gotten a response like the ones referred to by >> Sofa. Sounds like some microsoftie is clueless. Has M$ maybe >> outsourced this function to India? >> > > I forward at least a couple of spam a day to > piracy@microsoft.com (direct, not through SC) > and get responses in bunches every few days, > although not necessarily for every spam. There > are about three standard form letters, and this > 'no address found' seems to make up maybe > 25% of them (WAG). I'd guess that these > 'no address found' ones have been around since > at least as far back as the beginning of the year. > > -- > Bring in the death penalty for repeat spammers. > Non-functional spambait addr: if@pdczugidxvfbhrctp.com > (generated by Webpoison) > > > I have a feeling that Microsoft may have an bot that screens the piracy reports for links to see if it is active and/or may have references to Microsoft's products. (All speculation of course.) But it is to keep in mind that many of these pirate sites rotate their IP addresses using hijacked proxies to provide a forwarding service. If the DNS points to an IP address that is dead, then the true site will never show up until it refereshes with a new IP address. From MikeE at ster.invalid Wed Jun 1 17:09:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 19:10:07 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > "Mike Easter" >> We could discuss why SC's resolver doesn't resolve them if anyone is >> interested. > > Ok. The last time I summarized it with links was here: news://news.spamcop.net/d754p4$2r8$1@news.spamcop.net Subject: Re: Strange error: SpamCop finds links, but doesn't report Date: Thu, 26 May 2005 11:33:09 -0700 Mike Easter wrote: > You will observe many types of body url parsing 'faults' > - SC can't resolve, but on refresh will > - SC can't resolve but spends a lot of time trying -- cause is > presumably either pokey nameservice, blocking SC's resolver, or both > - SC doesn't resolve and doesn't spend any time either -- cause might > be SC's prioritization of its resources > > These behaviors have been discussed here and also in the forum at some > length. Currently 8 pages of forum discussion start here > http://snipurl.com/f62o WazoO's May 7 comment can be seen here > http://snipurl.com/f62v which is in the topic "URLs not reported, SC > finds, but does not offer to LART!" > > There's also "SpamCop reporting of spamvertized URLs, Viewpoint(s)" > http://snipurl.com/f632 - which contains commentary from me from this > newsgroup news://news.spamcop.net/d56o3h$oia$1@news.spamcop.net > > Subject: Re: Error-why? Last question > Date: Mon, 2 May 2005 19:38:30 -0700 > Message-ID: > I suppose that the difficulty of the dredges of Spam Cop is because > "fake domain" is redirected. Find "the true" domain of spamer No. The problem is in the resolution. When you are reading the verbose, some things you take 'seriously' as meaningful; other things you take as 'that's just what SC sez' -- but not seriously as meaningful. In this case the words 'ip not found' are at the heart of the matter. In this specific case, that means that SC 'tried' [however much is another subject] to resolve the url, but was not successful. You can't tell from the words whether the failure was because SC resolver was blocked or just timed out. The words 'discarded as fake' aren't meaningful and they don't have anything to do with a website redirecting. The business of how SC 'documents' its verbose output could use some work, because it is sometimes misleading or confusing. In order to provide you with a notify address, SC has to resolve the url and go from there. If it doesn't resolve because SC doesn't try or because it tries and is unsuccessful, then it isn't going to be forthcoming with a notify address -- the notify address is obtained from using the IP and finding its netblock in the RIR, and then the contact for that provider. No IP, no notify offered. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Jun 2 00:13:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 1 19:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: On 01 Jun 2005 Mike Easter entered spamcop and left news:d7kn71$l67$1@news.spamcop.net: > Other places a submit address could 'reside'.... > > - in your addressbook if you ever used that address to submit > - in the mail received by any other entity if you addressed copies to > others to whom you report a spam. > If the Spamcop login page is cached by the browser, then a virus could find it. However since we haven't seen the original headers, so we don't even know if this actually came from Spamcop. If Ellen's post implies it is, then it could always be (besides the already mentioned) a user error, such as forwarding to all, inadvertantly including spamcop.net. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:15:40 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:20:02 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in news:d7jhlo$uuh$1 @news.spamcop.net: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will be forced take legal action against
> false complainants to recover any losses caused to us. > > end quote > > LART with extreme prejudice > > I love these "frea speach" statements. LART with extreme prejudice? You bet. :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:20:29 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:25:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Ron B." wrote in news:d7j9br$qbm$1@news.spamcop.net: > > > LOL. Aren't you afraid that they will take legal action against your > "..false complaints..."? Yeah.. they'll retain Johnny Cochran to represent them. :-) From glnews030922 at highspot.net Thu Jun 2 01:34:19 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 19:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Graeme Leith wrote: > >> Cattyshaq looks to be innocent and the target of a joe-job. >> >> On the other hand, Meetyourcomputer has several links through >> clickbank to the sites of some "anti-spyware" products of extremely >> dubious nature. The sort where the free version tells you that you >> have spyware when you don't and then invites you to buy the full >> version to remove the non-existent spyware. >> >> One of the sites it links to is adwaredeluxe, which you can read more >> about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm >> >> Interestingly enough, on further digging, both spamvertised sites are >> registered to the same person. The more I look into it, the less it >> feels like a joe-job and the more it looks like the usual rogue >> affiliate spammer. Either that, or somebody who is proporting to >> protect people from online scams is not competent enough to do due >> diligence on their advertising links. >> >> I reported around 50 of these things this morning without LARTing the >> web host. If I get any more, I think I'll change that. >> > > The domains being registered to the same person does not have anything > to do with it being or not being a joe job. It is likely that, if this > is a joe job, that the scammer has been reading their forum and most > likely it is common knowledge that the two sites are related. I tried to > signup for the forum earlier this morning, but have not received my > confirmation. Yes, being registered to the same person doesn't mean anything, but the grey area products being offered by the second site makes me very suspicious about the whole thing. > How would an affiliate get paid? Do they offer affiliate programs? The advertising links all go to cattyshaq.hop.clickbank.com and are then redirected to the product site. It's then easy for them to track who gets paid for the signup based on the referrer. > Think about what the Caddy Shaq site is doing. Might this not piss off > some scammer? Same with the meetyourcomputer site. Their host, ipowerweb > also seems to be clean, at least on a quick, preliminary check. True, but why are they advertising products who rely on possibly fraudulent techniques to get people to buy their software? > I haven't had time to really dig, so I may be wrong. One reason for > caution, is that bad reporting gives anti-spammers a bad image. I'm not saying it's definitely not a joe-job, but the affiliate links for dodgy software on the second site provide a method that could make money from the spam run. If they weren't there, I'd say 100% joe-job, but pushing often spamvertised software makes me have second thoughts. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From zypher at spamcop.net Wed Jun 1 19:34:02 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Jun 1 19:35:05 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: (Major Snip) > > I'm not saying it's definitely not a joe-job, but the affiliate links > for dodgy software on the second site provide a method that could make > money from the spam run. If they weren't there, I'd say 100% joe-job, > but pushing often spamvertised software makes me have second thoughts. > If this is a joe-job, it's a slick one. If this isn't, then it is even slicker. From nobody at spamcop.net Wed Jun 1 22:52:44 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 22:15:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Ron B." wrote in message news:d7lglb$5dv$1@news.spamcop.net... > Graeme Leith wrote: > > (Major Snip) > > > > > I'm not saying it's definitely not a joe-job, but the affiliate links > > for dodgy software on the second site provide a method that could make > > money from the spam run. If they weren't there, I'd say 100% joe-job, > > but pushing often spamvertised software makes me have second thoughts. > > > > If this is a joe-job, it's a slick one. If this isn't, then it is even > slicker. At this point I am going to consider it a joe-job altho I take Graeme's comments under advisement. I suppose I am going to err on the side joe-job altho I am not 100% convinced. Ellen From Vangu at rd.invalid Wed Jun 1 22:41:25 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:45:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "WazoO" wrote in message news:d7kro3$nq5$1@news.spamcop.net... > "Martin" wrote in message > news:d7kp3u$m5m$1@news.spamcop.net... >> This email contains special codes and tracking information to help >> SpamCop >> figure out your specific email configuration. Do not post this email >> in >> public. It contains confidential information related to the security >> of >> your SpamCop account. > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > >> Alternately, you may submit via email. Forward the message as an >> attachment to this address. Or create a new message and paste this >> email >> into it. Either way, send it to to: >> >> @cmds.spamcop.net > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... Since Martin posted his secret code here (in the form of his username for his personalized submit e-mail address), shouldn't that qualify his account to get killed (so malcontents don't end up abusing his account)? Seems like Martin should be forced into creating a new account so now that he has been reminded to read the instructions then maybe he might comply with them. From Vangu at rd.invalid Wed Jun 1 22:46:18 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:50:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l3tl$seq$1@news.spamcop.net... > Where in the email back from spamcop saying it failed does it give me > directions to follow, it dosent!! Ummm, how about the very first paragraph that says: "This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account." "Do not post this email in public" was something you could not fathom? What, you thought Usenet was some private "forum" in which you and only the SpamCop admins can post and read those posts? Now slap your forehead and say "Duh-Uhhhh". From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 20:56:10 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 23:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again In-Reply-To: References: Message-ID: Vanguard wrote: > "WazoO" wrote in message > news:d7kro3$nq5$1@news.spamcop.net... > >> "Martin" wrote in message >> news:d7kp3u$m5m$1@news.spamcop.net... >> >>> This email contains special codes and tracking information to help >>> SpamCop >>> figure out your specific email configuration. Do not post this email in >>> public. It contains confidential information related to the security of >>> your SpamCop account. >> >> >> What a way to demonstrate that you can follow directions. Now >> you've created yet another issue that needs resolving. >> >>> Alternately, you may submit via email. Forward the message as an >>> attachment to this address. Or create a new message and paste this >>> email >>> into it. Either way, send it to to: >>> >>> @cmds.spamcop.net >> >> >> Now that you've posted your 'secret' codes ... good luck on >> getting things straightened out. Perhaps Ellen will pass through >> here and take some pity ... > > > Since Martin posted his secret code here (in the form of his username > for his personalized submit e-mail address), shouldn't that qualify his > account to get killed (so malcontents don't end up abusing his account)? > Seems like Martin should be forced into creating a new account so now > that he has been reminded to read the instructions then maybe he might > comply with them. Let's not forget that we are all doing what we can, with what we know, to help deal with spam. Well, maybe some of the trolls don't fit into this category, but most of us do. We all have started from a place where we didn't know much about spam or the process of reporting it. Let's try to help each other out instead of being so critical and turning noobs away. Yes, there are certain 'ways' that this newsgroup functions best. But for those that aren't familiar with those ways, give some slack. They will hopefully find out on there own by observation. If they don't get it for awhile, then inform them. When I first quit lurking and started posting, I was attacked severely. If I wasn't so resilient, I would probably have immediately left, and no longer put forth any effort to combat spam and scams. And yes, I would still do what I did, after learning all that I have. :P We are in this together. Don't make it hard for someone to join in. Brian From ThePulse at SpamCop.net Wed Jun 1 23:59:37 2005 From: ThePulse at SpamCop.net (ThePulse) Date: Wed Jun 1 23:00:06 2005 Subject: [SpamCop-List] Spam Reporting...torturous Message-ID: I must say that reporting spam via SC is really a pain. Don't get me wrong, I love knowing that I'm taking a bite out of spam just as much as the next guy. But since I report spam coming into our servers for customers as well as myself, I need to be able to report about 100 pieces of email at a time. I'm currently sending them as an attachment, which I guess is the quickest way possible, but having to click through each one on the website takes about an hour. I don't have that kind of time to spend each day, it's just impossible. Is there hope? Vito The Pulse From nobodyy at devnull.spamcop.net Thu Jun 2 00:26:10 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 23:30:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Ellen" wrote in message news:d7kqvf$n9b$1@news.spamcop.net... > > > I have suspended the reporting privileges on the account with that auth > code. Please write to service admin.spamcop.net now and include your > registered SpamCop email address. Don will get this straightened out and > new auth codesw assigned. > > Ellen > SpamCop SpamCop admin found me at my registered email address and fixed the problem. Thanks for your help and the explanations the others gave. [Some of which I did not understand] I had no idea anything real that pertained to me was in the body of that email. Spammers have become tricky and obnoxious, but Spam is probably here to stay. It has made the electronic communication less than instant communication like it was supposed to be. I had the displeasure of experiencing and extreme way of getting control of the flood of spam. It was not pleasant. I emailed the person about a business matter, received an auto response with a link to follow to request my email address be allowed to pass the filter. Then I had to type a brief note about the business I was emailing about, and enter 4 random letters in a security box then click a button to send. Supposedly the person I was trying to contact will check the filter and admit my email. Geesh! Emailing has become "painful". :) -- Stello From nttp.sc.s at bigsleep.org Thu Jun 2 05:46:01 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 00:50:03 2005 Subject: [SpamCop-List] App to remove shareware from your computer? Message-ID: Yea, I know, I don't read spam, but this had unusual headers for one that originated from a Hanaro IP. The message plays on the (apparent) extreme stupidity of some people, offering the undoubtedly virus-laden "anti-spyware tool", but this one has the added feature of removing that dreaded ShareWare as well... 'As a member of the information industry, I was particularly outraged by this attack. I don't want what happened to me to happen to another single user. So right now I'm offering everyone the chance to have their computer "diagnosed" for both AdWare and ShareWare infections. I'm that serioius. I won't charge you a single dime to have it done. You can run your no-cost scan starting here:' -- | Ric | From nttp.sc.s at bigsleep.org Thu Jun 2 05:55:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 01:00:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 01 Jun 2005 ThePulse entered spamcop and left news:d7lsn2$bdf$1@news.spamcop.net: > But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a > time. I never report other people's spam, I'm tempted to but it's not my spam and I never know if it may be something they subscribed to. I certainly wouldn't do it for free, and you could certainly charge for doing it (so what are you complaining about?). Why don't you just block this spam and them them report their own spam? I don't think it's important to report fast, the number of reporters is more important. The odds are that someone will have time to report the ones you didn't have the time to. Multiple people can report many times faster than one. -- | Ric | From spamcram at spymac.com Wed Jun 1 23:03:10 2005 From: spamcram at spymac.com (Vernon Hardapple) Date: Thu Jun 2 01:05:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous In-Reply-To: References: Message-ID: I'm curious. Why do you report other people's spam? Are these clients of yours? From alfred at china-ken.com Thu Jun 2 16:02:58 2005 From: alfred at china-ken.com (Alfred) Date: Thu Jun 2 03:05:02 2005 Subject: [SpamCop-List] Please remove my IP from your spam list Message-ID: Dear sirs, I applied a commercial mail server at chinadds.com, but while I send emails, it's always returned. This IP is innocent, please remove it from your list. 61.129.102.51 -- Alfred CHEN Yanfei Manager of No. 2 Overseas Operation Dept. ----------------------------------------- Global Marketing Center SHANGHAI KEN TOOLS CO. LTD. #5 Xinrong Rd., Xinqiao Town Songjiang District, Shanghai 201612 P. R. China Web: http://www.china-ken.com From Ilgaz at spamcop.net Thu Jun 2 11:13:33 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:15:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 2005-06-02 10:02:58 +0300, "Alfred" said: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 You can't remove anything that way. Even you have a innocent site, your mails won't come here too since as a user I blocked whole China by my wish (defaults to OFF). You know who to blame if you check the statistics at www.spamcop.net Follow the links at www.spamcop.net ,"for mailers". Notice a huge population on Internet has blocked China, nobody can do anything about it except your government and companies start taking spam reports serious! Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:19:36 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:20:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: On 2005-06-01 08:39:03 +0300, "Berny" said: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will > I wouldn't wait a second if I was american to call/mail offices. It would teach them what it means to abuse a law by falsely referencing in any part of the world. A jerk bugged my mailbox 4-5 times that he is petrol minister of UAE (Dubai), I got finally bored from sending reports and his spam ended in hands of Dubai police. I said "Its your minister, your ISP, your criminal, fix it" at additional notes I didn't hear from him since ;) Oh believe or not, he was using a UAE ISP. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:25:44 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 2005-06-02 05:59:37 +0300, "ThePulse" said: > I must say that reporting spam via SC is really a pain. Don't get me > wrong, I love knowing that I'm taking a bite out of spam just as much > as the next guy. But since I report spam coming into our servers for > customers as well as myself, I need to be able to report about 100 > pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the > quickest way possible, but having to click through each one on the > website takes about an hour. I don't have that kind of time to spend > each day, it's just impossible. > > Is there hope? > > Vito > The Pulse > You shouldn'T report anyones spam. If they wish, there must be a way to report their own spam. The thing is, e.g. that recent "Ringo". It can sound like spam to you but there are actual people (no comment) who uses it actually! Also, e.g. yesterday a $100.000 episode of a turkish TV series was in my "held mail" , you can never be sure lol. Guy clicked "send mail" from Yahoo, attach word file, added nothing. Of course hitting some funny spam score. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:27:16 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 2005-06-02 07:46:01 +0300, Blammo said: > Yea, I know, I don't read spam, but this had unusual headers for one > that originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one > has the added feature of removing that dreaded ShareWare as well... > > > 'As a member of the information industry, I was particularly outraged > by this attack. I don't want what happened to me to happen to > another single user. So right now I'm offering everyone the chance to > have their computer "diagnosed" for both AdWare and ShareWare > infections. I'm that serioius. I won't charge you a single dime to > have it done. You can run your no-cost scan starting here:' Lol, now thats funny. Will forward to mac shareware authors I know Ilgaz From nttp.sc.s at bigsleep.org Thu Jun 2 09:06:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 04:10:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 02 Jun 2005 Ilgaz Ocal entered spamcop and left news:d7mbit$ipj$2@news.spamcop.net: > On 2005-06-02 10:02:58 +0300, "Alfred" said: > >> >> 61.129.102.51 > > You can't remove anything that way. Even you have a innocent site, > your mails won't come here too since as a user I blocked whole China > by my wish (defaults to OFF). You know who to blame if you check the > statistics at www.spamcop.net > Only excuse I need... http://njabl.org/cgi-bin/lookup.cgi?query=61.129.102.51 I think being listed Spamcop is pretty insignificant here. -- | Ric | From nospam at fuck-off-and-die.com Thu Jun 2 15:39:18 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 04:55:29 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: Alfred, , the obese, rectal flake, and employee who sweeps the floor, hee-hawed: > Web: http://www.china-ken.com AAARRRRGGGHHHHH!!!! I'm blind! I'm blind! From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:23:52 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:25:10 2005 Subject: [SpamCop-List] [MEDIA] ICANN approves .xxx domain names Message-ID: http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 quote: "CM contends the "xxx" web addresses, which it plans to sell for $60 a year, will protect children from online smut if adult sites voluntarily adopt the suffix so filtering software used by families can more effectively block access to those sites. The $60 price is roughly ten times higher than prices other companies charge for dot-com names." The key here is "voluntary". Somehow I heavily doubt that those sites involved in spamming will go for this domain name. Particularly since it would be easy to simply dev/null any spam with the .xxx domain name. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:35:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:40:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in news:d7mavo$iq4$1@news.spamcop.net: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send > emails, it's always returned. This IP is innocent, please remove it > from your list. > > 61.129.102.51 > > -- > Alfred CHEN Yanfei > Manager of No. 2 Overseas Operation Dept. > ----------------------------------------- > Global Marketing Center > SHANGHAI KEN TOOLS CO. LTD. > #5 Xinrong Rd., Xinqiao Town > Songjiang District, Shanghai > 201612 P. R. China > Web: http://www.china-ken.com > > According to this: http://www.spamcop.net/w3m?action=checkblock&ip=61.129.102.51 Spamcop does not have the IP address listed. But Spamcop is the least of your troubles.. http://www.moensted.dk/spam/?addr=61.129.102.51&Submit=Submit China is listed on several blacklists. Meaning it will be extremely difficult trying to remove that IP address. Particularly from here: http://spews.org/html/S2632.html From Kilgallen at SpamCop.net Thu Jun 2 08:40:48 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 08:45:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , Blammo writes: > Yea, I know, I don't read spam, but this had unusual headers for one that > originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one has > the added feature of removing that dreaded ShareWare as well... One of the reasons for not posting spam in this newsgroup is so the rest of us don't have to (start to) read your spam. We all get enough of our own. From nospam at fuck-off-and-die.com Thu Jun 2 19:29:37 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 08:45:05 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: <1d2c5d5337b24490a82aed6e2afb7eea@you.double-faced-tempest-swept-boxer.net> Larry Kilgallen, , the tuberculate, anaemic measle, and prison warder and gaol keeper, cackled: > In article , Blammo > writes: >> Yea, I know, I don't read spam, but this had unusual headers for one >> that originated from a Hanaro IP. >> >> The message plays on the (apparent) extreme stupidity of some people, >> offering the undoubtedly virus-laden "anti-spyware tool", but this >> one has the added feature of removing that dreaded ShareWare as >> well... > > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. He was illustrating a humorous point, you fucking stupid, humourless cunt. From nospam at fuck-off-and-die.com Thu Jun 2 20:02:07 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 09:20:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: <73af851bef4a44409c735793a571cc27@you.obscure-stiffened-fish.com> Blammo, , the perplexed, pesky honky, and pickled herring packer, evangelised: > I never report other people's spam, I'm tempted to but it's not my > spam and I never know if it may be something they subscribed to. Is that an admission that you read other people's emails? [Insert "my box, my rules, yadda yadda yadda" here] From nobody at spamcop.net Thu Jun 2 06:51:07 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 2 09:20:07 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in message news:d7mavo$iq4$1@news.spamcop.net... > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 > IP 61.129.102.51 is not listed in the SpamCop blocklist; it delisted: 5/26/2005 9:30:06 PM -0400 Ellen SpamCop From eddie at eddie.web Thu Jun 2 12:25:39 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following reporting > address > Reporting addresses: > s_mal@informtelecom.ru > Update: This morning it was 70% of the URLs that managed to escape the SC parser in this same way. When all the spammers catch on and the level is 100% will that make this bug a higher priority? I no longer do multiple refreshes "in the hopes" of SC eventually catching the URL. I simply skip on to the next piece of spam. Those reporting in bulk probably never notice this bug. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Thu Jun 2 12:27:35 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:09 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: On Thu, 02 Jun 2005 12:23:52 +0000, Redstone scratched out the following: > http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 > > > quote: > > "CM contends the "xxx" web addresses, which it plans to sell for $60 a > year, will protect children from online smut if adult sites voluntarily > adopt the suffix so filtering software used by families can more > effectively block access to those sites. The $60 price is roughly ten > times higher than prices other companies charge for dot-com names." > > > The key here is "voluntary". Somehow I heavily doubt that those sites > involved in spamming will go for this domain name. Particularly since it > would be easy to simply dev/null any spam with the .xxx domain name. why would whitehouse.com, for example switch to whitehouse.xxx? Why would a pornographer do anything that is "voluntary?" That's like asking a criminal to register his gun if he has the time :) -- Once movie theaters gave out steak knives Today they confiscate them From devnull at spamcop.net Thu Jun 2 12:28:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Jun 2 11:35:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "Redstone" | http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 | | quote: | | "CM contends the "xxx" web addresses, which it plans to sell for $60 a | year, will protect children from online smut if adult sites voluntarily | adopt the suffix so filtering software used by families can more | effectively block access to those sites. The $60 price is roughly ten times | higher than prices other companies charge for dot-com names." | | | The key here is "voluntary". Somehow I heavily doubt that those sites | involved in spamming will go for this domain name. Particularly since it | would be easy to simply dev/null any spam with the .xxx domain name. $60 per year is chum change. If I were doing that business I'd have duplicate registrations. One I could span the h*ll out of and one that for those who were seeking porn. that way I'd get them going and coming ... or is it coming and coming? (D&R) My question: if the registration process is 'intended' to be a service how come the $60 reg rate? can we spell -profit center- ? From wb8tyw at qsl.network Thu Jun 2 12:20:19 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Jun 2 12:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: In article , eddie writes: > On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > > Update: > This morning it was 70% of the URLs that managed to escape the SC parser > in this same way. When all the spammers catch on and the level is 100% > will that make this bug a higher priority? A spot check of the URLs that spamcop.net does not resolve when I report them reveals that about 10% of them do not resolve by other means. The remaining 90% resolve to a source already listed by the sbl.spamhaus.org. I do not have a large sample, but the trend is pretty convincing. Note that a spot check of the URLs that do resolve generally shows that they are also listed in the sbl.spamhaus.org. A web host with listings in the sbl.spamhaus.org is probably not going to do anything to disconnect their pet spammer regarless of how many spamcop.net or other larts that they receive. The sbl.spamhaus.org is probably used by far more mail server and router owners than the bl.spamcop.net is. In addition, the spamhaus.org site is now posting something about having a list of I.P. ranges suitable for blocking at the router. Which means that none of those spammer web sites are accessable to the networks that take advantage of it. > I no longer do multiple refreshes "in the hopes" of SC eventually catching > the URL. I simply skip on to the next piece of spam. Those reporting in > bulk probably never notice this bug. The reports to the web hosts are mainly feeding internal spamcop statistics. As they are not feeding any blocking list, there is no teeth behind the larts. There have been posts from network owhers where one of these reports has alerted them to a zombie on their networks. There may be a case for not sending LARTs to sbl.spamhaus.org listed I.P. addresses. It is possible that the only thing being done with them is passing them through to the spammers who are using them to estimate how much of their spew made it through a mail server's filters. Most likely they are simply deleted unread as soon as they hit the mail server. -John wb8tyw@qsl.network Personal Opinion Only From jr70 at blackhole.invalid Thu Jun 2 11:51:47 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 13:55:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.01.15.36.46.675000@eddie.web... > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? > Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following > reporting address > Reporting addresses: > s_mal@informtelecom.ru > > It's as if the software spins out a thread to look up the DNS and > reporting address and the main program forgets about the thread and > continues on its merry way. But that's only a guess. I've been reporting this situation for months, but no one in the SC hierarchy seems very interested in it, only to the extent of making weak excuses. Something is seriously wrong. -- John Richards From jr70 at blackhole.invalid Thu Jun 2 11:59:40 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 14:00:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: "ThePulse" wrote in message news:d7lsn2$bdf$1@news.spamcop.net... >I must say that reporting spam via SC is really a pain. Don't get me wrong, > I love knowing that I'm taking a bite out of spam just as much as the next > guy. But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the quickest > way possible, but having to click through each one on the website takes > about an hour. I don't have that kind of time to spend each day, it's just > impossible. > > Is there hope? I report only spam that has managed to slip through my ISP's spam filters. That way the numbers are still manageable (about 12 per day). If my ISP's filter catches and tags it, I figure that it's a known spammer not requiring further reporting. -- John Richards From nttp.sc.s at bigsleep.org Thu Jun 2 19:05:25 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 14:10:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 02 Jun 2005 Larry Kilgallen entered spamcop and left news:UhBky5HTBT09@eisner.encompasserve.org: > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. > And you only pick on me, if you love me, why don't you just come out and say it? -- | Ric | From eddie at eddie.web Thu Jun 2 15:11:58 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 14:15:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 10:51:47 -0700, John Richards scratched out the following: > "eddie" wrote in message > news:pan.2005.06.01.15.36.46.675000@eddie.web... >> The "bug" that causes SC's parser to skip reporting a URL even though it >> sort-of finds it is now more than 50% of my daily spam. At what point >> does it become important enough to warrant an investigation? Just >> curious. > > I've been reporting this situation for months, but no one in the SC > hierarchy seems very interested in it, only to the extent of making weak > excuses. Something is seriously wrong. Yes, I agree. But SC only cares if we report the sender. They don't care about the URLs, as has been pointed out before, even though I consider that caveman 20th century thinking, and backwards at that. If you "follow the money" you hit the URL first, not the spammer which is usually a moronic user with a zombie that will be quickly replaced. The URL is the key to killing spam. My suggestion, and I am seriously considering it, is to cancel any spam that does not parse properly. Repeatedly hitting the refresh to do SC's work is not what I get paid for. SC gets paid for their blockling lists, so by refusing to report anything if the parser fails will eventually get somebody's attention at SC because of the drop in reports. If a spammer is smart enough to figure out a way around the system, I acknowledge his intelligence and dilligence and even though I don't like spam, I might give him a pass for being clever. Otherwise, SC might never do anything. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Thu Jun 2 16:05:56 2005 From: nobody at spamcop.net (indigo) Date: Thu Jun 2 15:10:03 2005 Subject: [SpamCop-List] Opinions wanted on Plaxo email service Message-ID: A friend of mine sent me a "request for personal info update" from Plaxo. I gave him my updated contact info (home address, phone numbers, etc.) but emailed it back to him, not thru Plaxo (if you hit "reply" the email goes to Plaxo, not your buddy). After a quick google search these two sites popped up in the first 4 sites listed and I did not like what I read. Opinions? Am I being over paranoid? I think not........ http://www.plaxo.com/css/about/wsj_20040227.html http://www.dynamoo.com/diary/plaxo-bebo-spam-spyware.htm From MikeE at ster.invalid Thu Jun 2 13:27:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 15:30:04 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Yes, I agree. But SC only cares if we report the sender. They don't > care about the URLs, as has been pointed out before, even though I > consider that caveman 20th century thinking, and backwards at that. > If you "follow the money" you hit the URL first, not the spammer > which is usually a moronic user with a zombie that will be quickly > replaced. The URL is the key to killing spam. The problem isn't that it isn't a good idea to do something about spamvertisers.... ... the problem is that the most common result of SC finding the url, resolving it to an IP, and notifying the provider for that IP block is not the result which you might wish. The most common result of a successful notify is that SC is sending a copy of the spam to a blackhat unresponsive provider. That is not a big plus, and it is sometimes accompanied by the spam containing unique content identifying the recipient/s. The other result is that nothing happens to the url except that it gets listed on the stats page for the sc-surbl scrape. If SC were notifying whitehat providers, the notify would have some value. Since that is rarely the case, the absence of the SC notify is very little loss. > My suggestion, and I am seriously considering it, is to cancel any > spam that does not parse properly. Repeatedly hitting the refresh to > do SC's work is not what I get paid for. I don't think hitting refresh is a good use of resources. It very very often wastes both your time and the parser resources. > SC gets paid for their > blockling > lists, so by refusing to report anything if the parser fails will > eventually get somebody's attention at SC because of the drop in > reports. SC isn't going to notice your failure to report amongst the millions of reports. It might not even notice 'a bunch' of standard reporters because of the 'weight' of the combination of spamtraps and quick reporters, neither of which are notifying spamvertiser providers. > If a spammer is smart enough to figure out a way around the > system, I acknowledge his intelligence and dilligence and even though > I don't like spam, I might give him a pass for being clever. > Otherwise, SC might never do anything. Your strategy for motivating SC to do something different about this isn't going to change whatever Julian is doing and thinking about. Personally, I would rather see the parser work differently, too. I would rather see it find the urls and offer to devnull [or not devnull] all of the spamvertisers and not even bother with trying to resolve them [as a reporter selected option.] Then, all of the spamvertisers which aren't IBs to the reporter would be getting onto the stats page. And the parser wouldn't be wasting its resources trying to deal with the resolution problem which just leads to a notify problem anyway. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Thu Jun 2 15:43:25 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 15:45:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: <9SDQ96zXefPJ@eisner.encompasserve.org> I think they are still spammers, just as they were a year or so ago. From nttp.sc.s at bigsleep.org Thu Jun 2 21:05:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 16:10:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: This post subject should probably read "Spammer offers App to remove shareware from your computer?" Larry's post brings up an interesting thought... Why he read my post Why he thought it was spam Why he took the time to complain I used the best subject I could think of at the time, however it could be considered a valid question, then when one reads it they get annoyed that it's not a question at all. That goes to show how Larry got fooled into reading the message based on the subject, how I got fooled into reading the spam I posted about, and how some can get fooled into responding to spam. This type of "sympathy spam" is designed to trick you into reading the entire message, to better convince you. The written word is given more weight, probably because of the processes involved in converting a group of words into an idea. So we have to retrain our minds into recognizing a group of words as bullshit, especially when trying to recognize spam. Now I started to read this spam because of the unusual headers, and only continued to read it because of the way it was written, as I pointed out. Most won't be looking at the headers, but will have to mentally rate it as bullshit (or not), based on their own bullshit system. Those who are fooled likely don't realize how harmful this type of spam can be. This is the (mostly intentional) point of my post. Or maybe Larry is reading every single post, or every one of my posts. -- | Ric | From MikeE at ster.invalid Thu Jun 2 14:35:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 16:40:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Blammo wrote: > The written word is given more weight, probably because of the > processes involved in converting a group of words into an idea. So we > have to retrain our minds into recognizing a group of words as > bullshit, especially when trying to recognize spam. > Now I started to read this spam because of the unusual headers, and > only continued to read it because of the way it was written, as I > pointed out. I think your point is akin to a 'situation' or disagreement which I run into in alt.spam and to a lesser extent over here. I'm trying to sell a 'basic' to the 'masses' about not reading spam subject lines, and not opening spam to find out if it is spam or to see what it sez, and most importantly not doing any of that insecurely or 'interestedly'. Not only do I think the 'masses' shouldn't be reading their spam subjects or opening their spams, I don't even think [most/all] spamfighters should be reading their spams either. Once upon a time when I manually moved my crudely message ruled spam from my Inbox to my Junk folder I never opened spam but I read more spam subjects and Froms and also I might have to examine an item from its message properties to determine something about it. But not open it and not 'read' it for curiosity or to see 'what the spammers are doing now'. In my little game, the spammer gets all of the points if s/he gets you to read a spam to find out what it is about, or gets you to open a spam by misleading or 'catching' you with its subject, which you shouldn't have been reading that way in the first place Nowadays I very rarely manually move a spam, and all of my spams have been combed and inspected by SpamPal, so they have SP headers. So, there is absolutely no need to investigate an item to find out if it is spam or not, it has already been investigated. If I want to look at something, I can look at its headers while it is being SC reported. So, I'm always trying to get people to not read their spam; and I also think that spamfighters are guilty of reading spam when they shouldn't. Some people in alt.spam misunderstand me about that.. People, including spamfighters, make up all kinds of 'excuses' about why they need to read spam; but the fact of the matter is that they actually don't. They read spam because they want to read spam. In my little game of keeping score, we call spamreaders 'losers'. [That ought to get some people outraged.] So I'll put a smiley way over here :-) -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Jun 2 21:46:44 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 16:50:02 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: On 02 Jun 2005 indigo entered spamcop and left news:d7nlal$9gf$1@news.spamcop.net: > A friend of mine sent me a "request for personal info update" from > Plaxo. I gave him my updated contact info (home address, phone > numbers, etc.) but emailed it back to him, not thru Plaxo A client also asked me about Plaxo, I replied with pretty much the same thing as what the Dynamoo site said. About a week after that discussion the client started getting flooded with ROKSO spam, some contain the client's name and address (not their company). This may be a coincidence, but we haven't yet been able to find any explanation, this address is not one they would be giving out, as in a reply to the eMail. -- | Ric | From dfm2a3l0t2 at spymac.com Thu Jun 2 17:50:53 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Jun 2 16:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: In article , eddie wrote: > why would whitehouse.com, for example switch to whitehouse.xxx? > Why would a pornographer do anything that is "voluntary?" That's like > asking a criminal to register his gun if he has the time :) Because the .xxx domain gives sites that are _just_ porn sites legal cover. They can say to parents who might complain that all they have to do is filter out .xxx to protect the kiddies. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From usenet2 at DE.LETE.THISljvideo.com Thu Jun 2 22:01:58 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Jun 2 17:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Waiving the right to remain silent, Kilgallen@SpamCop.net (Larry Kilgallen) said: > In article , Blammo > writes: >> Yea, I know, I don't read spam, but this had unusual headers >> for one that originated from a Hanaro IP. >> >> The message plays on the (apparent) extreme stupidity of some >> people, offering the undoubtedly virus-laden "anti-spyware >> tool", but this one has >> the added feature of removing that dreaded ShareWare as >> well... > > One of the reasons for not posting spam in this newsgroup is so > the rest of us don't have to (start to) read your spam. We all > get enough of our own. Geeze, dude. Find some joy in your life... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From glnews030922 at highspot.net Thu Jun 2 23:09:05 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Thu Jun 2 17:10:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service In-Reply-To: References: Message-ID: indigo wrote: > A friend of mine sent me a "request for personal info update" from Plaxo. I > gave him my updated contact info (home address, phone numbers, etc.) but > emailed it back to him, not thru Plaxo (if you hit "reply" the email goes to > Plaxo, not your buddy). After a quick google search these two sites popped > up in the first 4 sites listed and I did not like what I read. Opinions? Am > I being over paranoid? I think not........ I haven't seen any reports of them abusing the information they have and their privacy policy says they will never sell your information to third parties. That said, any privacy policy isn't worth the paper it's printed on. They can change it any time they feel like it. Last time I checked, they only offered a free service, with plans to offer a corporate paid service in the future. Beware of corporations without a revenue stream holding your personal information. No evidence of them abusing the data they hold, but if anyone sent me a request through Plaxo, I'd ask them to remove all my information from the site on principal. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From eddie at eddie.web Thu Jun 2 18:07:33 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 17:10:08 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 12:27:21 -0700, Mike Easter scratched out the following: snip >> If a spammer is smart enough to figure out a way around the system, I >> acknowledge his intelligence and dilligence and even though I don't like >> spam, I might give him a pass for being clever. Otherwise, SC might >> never do anything. > > Your strategy for motivating SC to do something different about this isn't > going to change whatever Julian is doing and thinking about. > > Personally, I would rather see the parser work differently, too. I would > rather see it find the urls and offer to devnull [or not devnull] all of > the spamvertisers and not even bother with trying to resolve them [as a > reporter selected option.] Then, all of the spamvertisers which aren't > IBs to the reporter would be getting onto the stats page. And the parser > wouldn't be wasting its resources trying to deal with the resolution > problem which just leads to a notify problem anyway. While I agree that I am just a drop in the ocean, I no longer feel that I am accomplishing anything by reporting spam that SC cannot handle properly. Once again, these URLs parse perfectly when manually copied into the SC parser - - they only fail when the rest of the SC software is running. I will leave the spam reporting to the other people and I have already begun canceling any spam with this error - neither the URL nor the orginator the the spam are notified or added to any list. It saves me lots of time and I will now consider SC more of an anti-spam filter than a method to reduce global spam until this bug is fixed. The fact is that if everone did what I have started to do, SC would indeed fix it immediately, so I know I am doing the right thing, even if it is not very effective. After all, if the SC parser breaks when finding a URL, how can I trust that it found the right reporting address for the spam itself? Yes I know that's very sarcastic, but it's also true. -- Once movie theaters gave out steak knives Today they confiscate them From nttp.sc.s at bigsleep.org Thu Jun 2 22:09:03 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 17:10:13 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 02 Jun 2005 Mike Easter entered spamcop and left news:d7nqhr$d4b$1@news.spamcop.net: > Nowadays I very rarely manually move a spam, and all of my spams have > been combed and inspected by SpamPal, so they have SP headers. So, > there is absolutely no need to investigate an item to find out if it is > spam or not, it has already been investigated. If I want to look at > something, I can look at its headers while it is being SC reported. That's true for me as well, but some get by all the filters, and this one was not fed to Spamcop. We still need to use our bullshit detector on the ones that slip past, since computers aren't very good at detecting bullshit. This is especially important for those who allow their ISP to decide what they can read, and think that anything not tagged is "approved". I get inquiries asking "is this eMail legit", I usually don't even have to go past the first couple headers. If that fails or there are no headers supplied, the bullshit detector comes into play. -- | Ric | From MikeE at ster.invalid Thu Jun 2 15:26:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 17:30:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Once again, these URLs parse perfectly when manually > copied into the SC parser - - they only fail when the rest of the SC > software is running. Yabbut, part of what we are arguing about or discussing is that even if SC were to have resolved the url to the IP and offered to report to that corresponding provider, the most likely thing is that it would *not* have been a 'good' notify. Many many of SC's notifies are not healthy notifies. You are unhappy because the parser is doing a bad job and not making bad notifies. It seems to me like that frustration is misplaced. It seems that it would be better to either be frustrated because the parser/notifier determiner is not well configured to resolve the URLs to IPs, determine which of the 'standard' configuration notifies would be bad notifies and notify differently or not at all about them while putting the URL on the stats page -- OR -- be frustrated [like me] because the parser notifier does all kinds of whacky things on its way to offering to make a bad notify or pukes on the resolution, both of which are most likely going to lead to no posting of the url on the stats page for my report. But instead, you are frustrated because you want SC to be making a bad notify. I can assure you that you are not going to teach those bad ol' spamvertisers a lesson by burying their blackhat unresponsive providers in SC notify mail. Those unresponsive blackhats are going to be either devnulling the SC reports or using them to their own advantage. You are not helping the spamfighter cause by sending those notifies. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Thu Jun 2 21:08:51 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 20:10:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 14:26:04 -0700, Mike Easter scratched out the following: > eddie wrote: >> Once again, these URLs parse perfectly when manually copied into the SC >> parser - - they only fail when the rest of the SC software is running. > > Yabbut, part of what we are arguing about or discussing is that even if SC > were to have resolved the url to the IP and offered to report to that > corresponding provider, the most likely thing is that it would *not* have > been a 'good' notify. > > Many many of SC's notifies are not healthy notifies. You are unhappy > because the parser is doing a bad job and not making bad notifies. No - the parser would be making good notifies because if I put the URL into the parser manually I get the correct notify address which I have checked on several occasions independently. The parser is simply failing when parsing the entire spam but not when parsing the URL as a separate item. This can only be a bug. If one refreshes the browser a few times, SC might "find" the reporting address as it normally does. The notify is as healthy as any other notify. Lately SC is larting zombies and ignoring the source of the zombies, the website. That's backwards. You kill a snake by cutting off its head, not its tail :) I just think SC programmers are doing other things these days. No big deal, it happens to all companies. And I am doing what I choose to do, which is only report full parses or parses where the message "cannot resolve ..." appears. This is understandable, but simply leaving a blank line as my example shows is a problem in synchronizing threads or something similar. It's a software bug - period. Nothing to do with health of notification. -- Once movie theaters gave out steak knives Today they confiscate them From cquinc at hotmail.com Thu Jun 2 19:15:59 2005 From: cquinc at hotmail.com (Quin) Date: Thu Jun 2 21:20:03 2005 Subject: [SpamCop-List] How do I submit my spam to spamcop? Message-ID: Hi, I know this isn't rocket science but I have registered with the site spamcop.net and logged in and then find a form to fill out with the instructions: Forward your spam to: submit.blah blah blah@spam.spamcop.net or: Paste entire spam (headers, blank line, body) - or - single address (one line only): I do not seem to get the type of response I expect. The email I signed up with was a hotmail account and it does not get any response. I thought I was suppost to get some sort of a letter to forward to the spammer ISP. Once I did get an addressed letter with no body information. Also should I not be able to just use the submit.blah blah blah@spam.spamcop.net adress to forward spam to? Then should I get some sort of response as to who to contact with the complaint? Does spamcop just send the complaint without my review? Reading the FAQ mostly just covers stuff like what is spam etc. Not what to expect from this site! Thanks! From nttp.sc.s at bigsleep.org Fri Jun 3 02:38:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 21:40:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 02 Jun 2005 Quin entered spamcop and left news:d7ob03$mtf$1@news.spamcop.net: > I do not seem to get the type of response I expect. The email I > signed up with was a hotmail account and it does not get any response. > I thought I was suppost to get some sort of a letter to forward to > the spammer ISP. Once I did get an addressed letter with no body > information. > The address you sign up with is the address spamcop replies to when you forward spam to "blah blah blah" address. Also this is your login name. > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get > some sort of response as to who to contact with the complaint? Does > spamcop just send the complaint without my review? > Close, but no cigar. You can forward spam as (single or multiple) attachments to the "blah blah blah" address, and then Spamcop replies with an eMail providing links to each report, where you can then review the report before sending it. Spamcop sends the reports for you, so you can report anonymously if you wish. This is known as "munging", where the Spamcop parser tries to hide your eMail address or anything that may contain that address (based I believe on the To: and Cc: headers, and possibly other headers), so that it isn't revealed in reports sent to providers and ISPs. Login to your Spamcop account and under Preferences you'll see where you can change these options. Some mail programs and some web mail programs can not forward complete original eMails. I know that mail.com works very well with Spamcop, not sure about any others. If you can't forward spam this way then one option is to login to Spamcop and past it into the submit box, that is assuming you can view the original message source, which also isn't often an option in web mail. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 03:04:48 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 22:05:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 02 Jun 2005 eddie entered spamcop and left news:pan.2005.06.03.00.08.51.521000@eddie.web: > This is understandable, but simply leaving a blank > line as my example shows is a problem in synchronizing threads or > something similar. We have talked about this before (and no I haven't checked the forum discussion on this, if that says anything new), and I have said something similar before: this isn't necessarily a bug, perhaps a "feature", though an unwanted one, that there is no output. The lack of output makes us wonder what's happening, timing out? not resolving? enough reports on this URL? skipping over a potential bug? The lack of a message there could simply mean there is no message. When I use grep on FreeBSD, and there is no match, it says nothing at all. Also it's been mentioned that the single line parser is different than the full parser. This is obvious because the output is completely different. I'm only disagreeing on your analysis of a "bug". You may be correct, but it's impossible for us to know. -- | Ric | From MikeE at ster.invalid Thu Jun 2 20:10:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 22:15:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Mike Easter >> Many many of SC's notifies are not healthy notifies. You are unhappy >> because the parser is doing a bad job and not making bad notifies. > > No - the parser would be making good notifies because if I put the URL > into the parser manually I get the correct notify address which I have > checked on several occasions independently. When I say a 'bad' notify or an 'unhealthy' notify, I don't mean it isn't correct from the algorithm's point of view. I mean the algorithmic determination of the notify isn't 'desirable'. If the result of the notify is that it is going to a blackhat or an unresponsive provider, such as is listed in spews or spamhaus, that isn't a desirable notify regardless of whether the algorithm determines it from being put in independently or as a part of a spam. > The notify is as healthy as any other notify. I'm saying that a very very high percentage of SC derived spamvertiser notifies are unhealthy. The only kind of healthy notify would be a notify to a provider which has demonstrated to be more whitehat than blackhat. I don't think we are arguing the same point. If you name an example of a spamvertised URL, and how SC would notify for it, I'll describe to you what I mean, ie what is the problem with that notify -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Jun 2 22:44:52 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Jun 2 22:45:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns9669C2268758blammo@216.154.195.61... > > We have talked about this before (and no I haven't checked the forum > discussion on this, if that says anything new), Nothing 'new' over there ... Mike Easter has pointed out the links a few times now, one of which included my blurb, his blurb, and the eventual blurb I got Don to offer (and that was a modified bit of a blurb from Ellen) ... As pointed out here, there, everywhere, the only person that actually "knows" what's going on is Julian, and his posting of the "inside details" hasn't been an item of celebration in years. > Also it's been mentioned that the single line parser is different > than the full parser. This is obvious because the > output is completely different. I've pointed that out numerous times, but apparently those that don't do code can't seem to get a handle on that concept. The only connection between the single-line entry mode and the spam parse is that the single-line entry point was merged into the using the same form/window .... perhaps a bit of history might help or at least show the concept .... http://forum.spamcop.net/forums/index.php?showtopic=4162&view=findpost&p=28223 From nttp.sc.s at bigsleep.org Fri Jun 3 04:01:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 23:05:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 02 Jun 2005 WazoO entered spamcop and left news:d7og74$pm6$1@news.spamcop.net: > The only connection between the single-line entry mode and the > spam parse is that the single-line entry point was merged into > the using the same form/window They actually don't output the same form unless there is "nothing to do". -- | Ric | From eddie at eddie.web Fri Jun 3 00:06:17 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 23:10:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Fri, 03 Jun 2005 02:04:48 +0000, Blammo scratched out the following: > On 02 Jun 2005 eddie entered spamcop and left > news:pan.2005.06.03.00.08.51.521000@eddie.web: > >> This is understandable, but simply leaving a blank line as my example >> shows is a problem in synchronizing threads or something similar. > > We have talked about this before (and no I haven't checked the forum > discussion on this, if that says anything new), and I have said something > similar before: this isn't necessarily a bug, perhaps a "feature", though > an unwanted one, that there is no output. The lack of output makes us > wonder what's happening, timing out? not resolving? enough reports on this > URL? skipping over a potential bug? The lack of a message there could > simply mean there is no message. When I use grep on FreeBSD, and there is > no match, it says nothing at all. Also it's been mentioned that the single > line parser is different than the full parser. This is obvious because the > output is completely different. > > I'm only disagreeing on your analysis of a "bug". You may be correct, but > it's impossible for us to know. My new rule is that if the parser returns an unexpected result, in this case a skipped line with no clue as to why, as in the example I posted earlier in this thread, the entire parse is suspect and I simply cancel the report completely, rather than send a partial one. If the parser simply said "I give up" or something to let me know what happened, I would send the report; but since it is obviously missing something, I kill it. -- Once movie theaters gave out steak knives Today they confiscate them From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:35:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:40:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "Frog Prince" wrote in news:d7n8t4$2h0$1@news.spamcop.net: > > $60 per year is chum change. If I were doing that business I'd have > duplicate registrations. One I could span the h*ll out of and one > that for those who were seeking porn. > > that way I'd get them going and coming ... or is it coming and coming? > (D&R) > Makes sense. Meaning this volunteer thing will not in any way stem the tide of porn spam. (Unless of course these porn sites are forced by law into accepting the .xxx domain.) > My question: if the registration process is 'intended' to be a > service how come the $60 reg rate? can we spell -profit center- ? > Major profits particularly with the money porn sites can draw in. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:37:46 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:40:07 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "D.F. Manno" wrote in news:dfm2a3l0t2- D6E7FB.16505302062005@news.cesmail.net: > >> why would whitehouse.com, for example switch to whitehouse.xxx? >> Why would a pornographer do anything that is "voluntary?" That's like >> asking a criminal to register his gun if he has the time :) > > Because the .xxx domain gives sites that are _just_ porn sites legal > cover. They can say to parents who might complain that all they have to > do is filter out .xxx to protect the kiddies. That would make it easier on the legal side regarding descency laws. But see Frog Princes hypothesis of what might happen. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:49:33 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:50:04 2005 Subject: [SpamCop-List] Response from Kornet Message-ID: Received this in response to a LART I sent earlier today: "This is Kornet Abuse Team of KT in Seoul We received your request of sending spam mails through our domain. As we recognize the complaint, we are trying to figure it out as soon as possible with our clients. Our domain is one of those who have many spammers, but most of our clients are not the real spammer but has been appropriated by spammers(ex. Open Relay..) Therefore we are always trying to protect our clients and work together to be free with spam.. Thank you for your request and please work with us till coming online world with our spam!!" I know that it can be difficult for those from other countries to write english.. but the last sentence threw me for a loop. :-) From nobody at spamcop.net Fri Jun 3 00:59:56 2005 From: nobody at spamcop.net (Dave Lerner) Date: Fri Jun 3 00:00:02 2005 Subject: [SpamCop-List] Re: Response from Kornet In-Reply-To: References: Message-ID: Redstone wrote on 06/02/2005 11:49 PM: > "This is Kornet Abuse Team of KT in Seoul > We received your request of sending spam mails through our domain. > As we recognize the complaint, we are trying to figure it out as soon as > possible with our clients. Our domain is one of those who have many > spammers, but most of our clients are not the real spammer but has been > appropriated by spammers(ex. Open Relay..) Therefore we are always trying > to protect our clients and work together to be free with spam.. Thank you > for your request and please work with us till coming online world with our > spam!!" > > > I know that it can be difficult for those from other countries to write > english.. but the last sentence threw me for a loop. :-) I think it means "All our spam are belong to you." From steve at prolynx.com Thu Jun 2 23:18:44 2005 From: steve at prolynx.com (Steve Sybesma) Date: Fri Jun 3 00:20:02 2005 Subject: [SpamCop-List] automation Message-ID: Hello, I'm new to this group. I would like to know how I can automate Outlook Express 6 in such a way as to right click on the highlighted messages I want to report, and have one of the context menu selections be "Forward As Attachment to SpamCop, then Send and Delete" so that the entire operation is done with only one click. This would make reporting spam exactly as easy as deleting the spam so that there would be no temptation to just say "Oh, not today". Of course I'm lazy, but computers are all about how to make things easier anyway. I don't know how to write macros for Outlook Express to do this, and I don't even know if it's possible, but I sure would find it valuable. I would like not to have to use a separate 3rd party program which gets me away from using OE, which otherwise takes care of all my other e-mail needs quite nicely. Thanks, Steve Sybesma Thornton, CO From nobody at devnull.spamcop.net Fri Jun 3 00:21:05 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 00:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > > I do not seem to get the type of response I expect. One would then have to ask what you might have actually been "expecting" ...???? > The email I signed up > with was a hotmail account and it does not get any response. Have you checked the Bulk Mail folder? Yes, you should have received a 'registration' e-mail .. and in the future, any e-mail from the SpamCop system will arrive at that address, but whether it shows up in the InBox or Bulk Folder is a bit nebulous. > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get some > sort of response as to who to contact with the complaint? Does spamcop just > send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not what to > expect from this site! Yes, you can forward your spam to that address ... however, that forwarding action has some stipulations. As you didn't seem to find what you needed in the www.spamcop.net FAQ, perhaps the expanded and single-page sourced Forum FAQ might help ... for sure the experiences of others should help fill in some gaps .. http://forum.spamcop.net/forums/ From nobody at devnull.spamcop.net Fri Jun 3 00:25:31 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 00:30:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns9669CBC6C1895blammo@216.154.195.61... > On 02 Jun 2005 WazoO entered spamcop and left > news:d7og74$pm6$1@news.spamcop.net: > > > The only connection between the single-line entry mode and the > > spam parse is that the single-line entry point was merged into > > the using the same form/window > > They actually don't output the same form unless there is "nothing to do". Not sure where the misunderstanding comes in here ... In the past the single-line entry point was in a separate box ... that separate box disappeared, the logic slipped into a decision point on the data entered into the remaining 'form/window' .. if a single line of text, it uses the old single-item entry look-up code branch ... if there is a new-line/carriage return at the end of the first line of text, the spam parser is invoked. From nobody at devnull.spamcop.net Fri Jun 3 01:45:03 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 3 01:50:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > for sure the experiences of others should help fill in some gaps .. > http://forum.spamcop.net/forums/ Since others have commented on your posts about this, I'm starting to notice it more as well. Why push the original poster to go to the web forum when there are enough people here in the newsgroups with the skills and knowledge to help with this? It's almost like you're trying to turn newbies away from the newsgroups as if the newsgroups aren't helpful enough. From jr70 at blackhole.invalid Fri Jun 3 00:31:45 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri Jun 3 02:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d7nmil$akn$1@news.spamcop.net... > > The problem isn't that it isn't a good idea to do something about > spamvertisers.... > > ... the problem is that the most common result of SC finding the url, > resolving it to an IP, and notifying the provider for that IP block is > not the result which you might wish. The most common result of a > successful notify is that SC is sending a copy of the spam to a blackhat > unresponsive provider. That is not a big plus, and it is sometimes > accompanied by the spam containing unique content identifying the > recipient/s. If the URL is known to be owned by an unresponsive blackhat, SC needs to go up the food chain and send the report to the provider's provider. At some point a responsible entity will be reached who has the power and integrity to take corrective action. I sometimes get the feeling that SC doesn't want to make any waves or rock the boat. -- John Richards From Vangu at rd.invalid Fri Jun 3 02:58:37 2005 From: Vangu at rd.invalid (Vanguard) Date: Fri Jun 3 03:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Brian (SnSR)" wrote in message news:d7lsi5$bcv$1@news.spamcop.net... > Vanguard wrote: >>> Now that you've posted your 'secret' codes ... good luck on >>> getting things straightened out. Perhaps Ellen will pass through >>> here and take some pity ... >> >> >> Since Martin posted his secret code here (in the form of his username >> for his personalized submit e-mail address), shouldn't that qualify >> his account to get killed (so malcontents don't end up abusing his >> account)? Seems like Martin should be forced into creating a new >> account so now that he has been reminded to read the instructions >> then maybe he might comply with them. > > Let's not forget that we are all doing what we can, with what we know, > to help deal with spam. Well, maybe some of the trolls don't fit into > this category, but most of us do. > > We all have started from a place where we didn't know much about spam > or the process of reporting it. Let's try to help each other out > instead of being so critical and turning noobs away. > We are in this together. Don't make it hard for someone to join in. Don't get too carried away here (i.e., don't bend over so far backwards that we see your smile between your knees). If Martin only has a freebie account, he should have no qualms about simply abandoning the old one (and it gets killed by an admin) and starting a new account. I've done that before. It's really easy. The only "thing" lost would the statistics on the user's reporting history but I don't need the ego-bloat stat of how fast I am at submitting spam reports. Martin won't lose much from his old account if he hasn't used it much (i.e., how valuable is it to him to review his past submitted reports?). It's not like some valuable asset has been lost if Martin has to start a new *freebie* account. If, however, Martin does have a paid SpamCop account then he will probably want to work with the admins (who should also change his submit username since he publicly exposed it). So he made a mistake. If all he had was a freebie reporting account, start another one (and disable/kill the old one). Pretty quick to do. There is lots of "slack" simply because creating another freebie account is so easy. From Vangu at rd.invalid Fri Jun 3 03:09:16 2005 From: Vangu at rd.invalid (Vanguard) Date: Fri Jun 3 03:10:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have registered with the site > spamcop.net and logged in and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - or - single address > (one line only): > > I do not seem to get the type of response I expect. The email I > signed up with was a hotmail account and it does not get any response. > I thought I was suppost to get some sort of a letter to forward to the > spammer ISP. Once I did get an addressed letter with no body > information. > > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get > some sort of response as to who to contact with the complaint? Does > spamcop just send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not > what to expect from this site! > > Thanks! > > If you forward the spam to SpamCop (using your submit e-mail address to SpamCop), make sure you forward it as an *attachment*. Forwarding inline will strip out all the headers from the original spam and make your report worthless. Configure your Hotmail account to forward as attachment. That way, the attached file will be the original message with the headers included. If you use the web form to copy/paste in the spam message, you need to see ALL of the headers. I don't believe Hotmail has a toggle option to let you switch between a normal view and a view showing all the headers. You'll need to go into to your global options to configure your Hotmail account to show ALL headers. However, whether spam or not, you'll then see all the headers for every e-mail that you view. Yahoo has a per-message toggle that lets you switch between normal and all-header view but Hotmail does not (except as a global option). If you use the web form, the parsing is immediate and you get the parse page with the option to send your report (which gets sent from the SpamCop domain, not by you). That eliminates the delay in waiting to get the submission response e-mail from SpamCop (which gets lower priority and may take several minutes to arrive). However, the trade-off is the nuisance of having to copy the headers, paste them, and then copy the body and paste that (and you should be copying the HTML code for an HTML-formatted message, *not* the rendered version of the spam). If you forward the spam as an attachment, you have to wait for SpamCop to send back a submission reply e-mail which provides a link for you to click on to get to the parser and submit page. If you have spam filtering enabled in your Hotmail account, you might have to whitelist e-mails coming from SpamCop. From nobody at nowhere.invalid Fri Jun 3 11:20:17 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Jun 3 04:25:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: On Thu, 2 Jun 2005 15:05:56 -0400, indigo coughed into spamcop and left this in : > A friend of mine sent me a "request for personal info update" from Plaxo. > > {snip} > > I being over paranoid? I think not........ Put it this way: how do you feel about giving your personal information to an unknown 3rd party offering a "free" service hosted on Internap, one of the worst sewers on the Internet? How do they pay for their infrastructure? Advertizing most likely, which means that they're either going to spam you themselves (and get away with it scot-free because they're on Intercrap) or they're going to sell your address to an ethikul direkt marketer. I too have had similar requests and the first thing I did was reply to the individual with a very stern e-mail demanding that my details be removed from the plaxo databases. -- Steve "I once had a rose named after me and I was very flattered. But I was not pleased to read the description in the catalogue: No good in a bed, but fine up against a wall." -- Eleanor Roosevelt From nospam at fuck-off-and-die.com Fri Jun 3 15:05:17 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Fri Jun 3 04:25:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: <3f64511aa7b04d2a80fac478ceed1f5d@you.two-a-penny-bonkers-heifer.com> Mike Easter, , the chopfallen, maniacal hoof, and sandwich board man, dribbled: > Not only do I think the 'masses' shouldn't be reading their spam > subjects or opening their spams, I don't even think Indeed. From Ilgaz at spamcop.net Fri Jun 3 13:07:38 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Jun 3 05:10:30 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 2005-06-02 15:35:34 +0300, Redstone said: > "Alfred" wrote in > news:d7mavo$iq4$1@news.spamcop.net: > Dear sirs, >> >> I applied a commercial mail server at chinadds.com, but while I send >> emails, it's always returned. This IP is innocent, please remove it >> from your list. >> 61.129.102.51 >> >> -- >> Alfred CHEN Yanfei >> Manager of No. 2 Overseas Operation Dept. >> ----------------------------------------- >> Global Marketing Center >> SHANGHAI KEN TOOLS CO. LTD. >> #5 Xinrong Rd., Xinqiao Town >> Songjiang District, Shanghai >> 201612 P. R. China >> Web: http://www.china-ken.com >> >> >> >> > According to this: > > http://www.spamcop.net/w3m?action=checkblock&ip=61.129.102.51 > > Spamcop does not have the IP address listed. > > But Spamcop is the least of your troubles.. > > http://www.moensted.dk/spam/?addr=61.129.102.51&Submit=Submit > > China is listed on several blacklists. Meaning it will be extremely > difficult trying to remove that IP address. Particularly from here: > > http://spews.org/html/S2632.html > > I think there is still a way if they are sending legit mails. I can't > name any site as I never needed such thing. Get mail service from a zero tolerance commercial mailing host. ZERO as (0!) and don't buy it from China of course :) Ilgaz ps: E.g. Samsung does it, they can't send product updates to legit users so they get such a service as they are a Korean company (eek!) From Ilgaz at spamcop.net Fri Jun 3 13:14:29 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Jun 3 05:15:05 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On 2005-06-03 06:49:33 +0300, Redstone said: > Received this in response to a LART I sent earlier today: > > > "This is Kornet Abuse Team of KT in Seoul > We received your request of sending spam mails through our domain. > As we recognize the complaint, we are trying to figure it out as soon > as possible with our clients. Our domain is one of those who have many > spammers, but most of our clients are not the real spammer but has been > appropriated by spammers(ex. Open Relay..) Therefore we are always > trying to protect our clients and work together to be free with spam.. > Thank you for your request and please work with us till coming online > world with our spam!!" > > > I know that it can be difficult for those from other countries to write > english.. but the last sentence threw me for a loop. :-) Go to some printshop and let them make it a good print with frame since you are one of rare persons in World got some sort of reply :) As I said couple of times, Kornet, hananet should be taken to parliament or something and their system should be taken to custody and every machine should be disconnected if they have simplest virus even. Its way beyond end user reports etc. If it wasn't politics, I'd say they should disconnect the entire IP block from outside planet until its fixed. I am amazed as LG, Samsung type giants aren't taking action as they are korean companies. At some point, I bet their business is effected too. Ilgaz From nospam at fuck-off-and-die.com Fri Jun 3 18:56:07 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Fri Jun 3 08:15:11 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: <8368ded094ca471a9dbf8ea180462bf0@you.clattering-doddering-frock.org> Martin, , the campy, gangling skunk, and silkworm breeder, averred: > Can a deputy please sort out the NTL mailhosts, new mailservers > without proper hostnames have been added, tried re-adding them on my > mailhosts but the mailhosts just complain and wont update, now I have > lost my mailhosts completly for ntl. Can some rename them from Tesco > to NTL too. Heres the submision that spamcop mailhosts wont accept, always > worked > ok in the past;- > > Return-Path: > Received: from mta02-winn.ispmail.ntl.com (mta02-winn.ispmail.ntl.com > [81.103.221.42]) > by marti.mine.nu (8.12.6/8.12.6/SuSE Linux 0.6) with ESMTP id > j51GNvxm003289 > for ; Wed, 1 Jun 2005 17:23:57 +0100 > X-Envelope-From: service@admin.spamcop.net > Received: from aamta03-winn.ispmail.ntl.com ([81.103.221.35]) > by mta02-winn.ispmail.ntl.com with ESMTP > id <20050601162357.ZKWO19182.mta02-winn.ispmail.ntl.com@aamta03-winn.ispmail.nt l.com> > for ; Wed, 1 Jun 2005 17:23:57 +0100 > Received: from spamcop.net ([64.74.133.245]) > by aamta03-winn.ispmail.ntl.com with SMTP > id > <20050601162356.ZDWH11190.aamta03-winn.ispmail.ntl.com@spamcop.net> > for ; Wed, 1 Jun 2005 17:23:56 +0100 > X-SpamCop-Conf: 9sexhjZFc8O7NHr1 > Received: from [81.106.206.105, 82.3.32.71] by spamcop.net > with HTTP; Wed, 01 Jun 2005 16:23:53 GMT > From: SpamCop robot > To: x@ntlworld.com > Subject: SpamCop account configuration email > Precedence: list > Message-ID: > Date: Wed, 01 Jun 2005 16:23:53 GMT > X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; > .NET CLR 1.1.4322) > via http://www.spamcop.net/ v1.456 > X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/) > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > marti.mine.nu X-Spam-Level: *** > X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_40, > DNS_FROM_RFC_ABUSE,FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, > FROM_HAS_MIXED_NUMS autolearn=no > X-UIDL: #7A!!>hl!!d4-!!8^2"! > > Hello SpamCop user, > > This email contains special codes and tracking information to help > SpamCop figure out your specific email configuration. Do not post > this email in public. It contains confidential information related > to the security of your SpamCop account. > > Please return this complete email, preserving full headers and the > special tracking codes below. Visit this address: > http://www.spamcop.net/mcgi?action=mhreturn > > Alternately, you may submit via email. Forward the message as an > attachment to this address. Or create a new message and paste this > email into it. Either way, send it to to: > > mhconf.9sexhjZFc8O7NHr1@cmds.spamcop.net > > Some email software may only support one or the other of these > submission methods. For information on your email software and to > learn how to get full headers see this FAQ: > http://www.spamcop.net/fom-serve/cache/19.html > > Special codes follow: > ################################################################ > X-SpamCop-Mx: smtpin.ntlworld.com. > X-SpamCop-Mx-Ip: 81.103.221.10 > X-SpamCop-Mh-Name: NTL > X-SpamCop-Recip: x@ntlworld.com > X-SpamCop-Unixtime: 1117643033 > X-SpamCop-Conf: 9sexhjZFc8O7NHr1 > X-SpamCop-Randomness: G5rDTtfiE341UC1y > X-SpamCop-Hash: b0600fb68b16f9e89106bf5eecfbbdc2 > ################################################################ How fucking dense can you get? "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." From kenbrody at spamcop.net Fri Jun 3 10:57:03 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Jun 3 10:00:03 2005 Subject: [SpamCop-List] Road Runner viruses Message-ID: <42A061AF.90DA7289@spamcop.net> It looks like a recent change at Road Runner is now causing all sorts of problems on my end from virus-laden systems. I am getting several dozen of these a day. Can I consider it spam for the sake of SpamCop reporting? First, they "bounce" e-mail to the forged "from". (I understand that this is now permitted to be reported via SpamCop.) Now, in an attempt to "help", they purposely allow viruses sent from their clients to continue on their way, after stripping the virus. So, I am now bombarded with e-mails containing the following "helpful" text. The rest of the e-mail is a blank attachment, since (as is the case with probably 99+% of virus-laden e-mail) the only purpose of the e-mail was to send the virus. ========== ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at abuse@rr.com. ========== Don't you just love the "Please be advised that Road Runner does not contact the original sender of the e-mail" part? (That, and the "contact the sender yourself" part as well.) So, viruses virtually always forge the "from", and tracking down the original sender would require skills beyond most Internet users, yet Road Runner puts the burden on the recipient rather than blocking it at its source, when Road Runner knows exactly who it is that is trying to send it. Also, note that the FAQ link requires that I fill in information about my ISP and location. (Naturally, the only choices for ISP are "Time Warner", "Bright House Networks", and "Insight", none of which apply to me.) The FAQ also requires cookies to view it. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From steve at prolynx.com Fri Jun 3 09:06:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Fri Jun 3 10:10:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I forgot to add that I have 'quick' reporting enabled. I'm trying to get this boiled down to absolutely the least amount of fuss possible. "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > Hello, > > I'm new to this group. > > I would like to know how I can automate Outlook Express 6 in such a way > as to right click on the highlighted messages I want to report, and have one > of > the context menu selections be "Forward As Attachment to SpamCop, then > Send and Delete" so that the entire operation is done with only one click. > > This would make reporting spam exactly as easy as deleting the spam so that > there would be no temptation to just say "Oh, not today". > > Of course I'm lazy, but computers are all about how to make things easier > anyway. > > I don't know how to write macros for Outlook Express to do this, and I don't > even > know if it's possible, but I sure would find it valuable. > > I would like not to have to use a separate 3rd party program which gets me > away > from using OE, which otherwise takes care of all my other e-mail needs > quite nicely. > > Thanks, > > Steve Sybesma > Thornton, CO > > From nobody at devnull.spamcop.net Fri Jun 3 11:20:48 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Jun 3 10:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have > registered with the site spamcop.net and logged in > and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah > blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - > or - single address (one line only): > > I do not seem to get the type of response I expect. > The email I signed up with was a hotmail account and > it does not get any response. I thought I was > suppost to get some sort of a letter to forward to > the spammer ISP. Once I did get an addressed letter > with no body information. > > Also should I not be able to just use the submit.blah > blah blah@spam.spamcop.net adress to forward spam to? > Then should I get some sort of response as to who to > contact with the complaint? Does spamcop just send > the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is > spam etc. Not what to expect from this site! > > Thanks! > > After reading the posts to date, I notice no one has suggested this yet, since you may have problems caused by Hotmail: -- Submit your spams by email. -- Wait a bit, then go and sign into Spamcop as though you were going to manually report a spam. -- On the page where you can paste in your spam, you'll find a note above the box that says something like "you have unreported spam saved", and there will be a REPORT NOW link. -- Click REPORT NOW, look each one over, and Send or Cancel it as appropriate. -- It comes back to the same REPORT NOW page after each spam, and when it's all gone, the REPORT NOW goes away. -- Those are the same spams that Spamcop sends you the email message to finish reporting with those links, which you don't seem to be getting. Downside: It can take varying amounts of time for the spam you email to show up as "saved spam" that you can REPORT NOW, but eventually you'll figure it out. Also if you don't clear out the saved spams daily, you're likely to start coming up with messages that the spam is too old to report. That can get to be a pain because you can only look at them one at a time. Actually, I prefer this method a lot of times when I've reported several spams; it's fewer clicks and a little faster most of the time. Not sure why nobody's mentioned this? It's very useful. Regards, Pop From MikeE at ster.invalid Fri Jun 3 08:42:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 10:45:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Cat wrote: > WazoO wrote: >> for sure the experiences of others should help fill in some gaps .. >> http://forum.spamcop.net/forums/ > Why push the original poster to go to the web > forum Yes. Those generic forum links which aren't actually pointed at an answer to a question which is residing in the forum are much more irritating. The message I see is that rather than the reply being an 'answer', it is an advertisement, like spam. "If you will go to the forum and post your question over there instead of in here, we will answer your question there." and "I'm not going to answer your question here, but someone may answer it over there." It is not at all the same as when a forum link is posted in which the site in the forum represents a specific answer to a specific question. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 3 11:59:47 2005 From: nobody at spamcop.net (indigo) Date: Fri Jun 3 11:00:02 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: Steven Maesslein wrote: > I too have had similar requests and the first thing I did was reply to > the individual with a very stern e-mail demanding that my details be > removed from the plaxo databases. Thanks for everyone who responded, you all backed up exactly what I figgered. I already sent my friend an email yesterday asking him to remove me from Plaxo, and sent him those web site links too. Haven't heard back from him yet, I'll be curious to hear his response. From pxpearson at spamxcop.net Fri Jun 3 09:26:10 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Fri Jun 3 11:25:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Quin wrote: > I do not seem to get the type of response I expect. The email I signed up > with was a hotmail account and it does not get any response. FWIW, I had a similar problem and discovered that my ISP (Charter Communications) was quietly discarding the email I was sending to Spamcop -- presumably because some filter recognized it as spam. I confirmed this diagnosis by CC'ing myself at another, non-Charter, email address. -- Remove the two x's to get a good email address. From cattysha at juno.com Fri Jun 3 16:22:59 2005 From: cattysha at juno.com (cattysha@juno.com) Date: Fri Jun 3 11:27:51 2005 Subject: [SpamCop-List] Re: Likely Joe job Message-ID: <20050603.082400.679.190935@webmail24.nyc.untd.com> My name is Brenda. I'm the owner of cattyshaq.com and meetyourcomputer.com. Even though you could rightly nail my hide to the wall for not investigating the software that I advertise at meetyourcomputer.com, I am innocent of the spamming. The people who participate at the cattyshaq.com forum would normally warn me that I should remove certain ads...perhaps they didn't realize themselves that there was a problem with the software. In an attempt to make a few dollars on the internet, I have signed up for several 'ad' programs but quickly had to remove them because they were based on key words which continually brought up 'get-rich-quick' sites, which is exactly what I warn AGAINST at cattyshaq.com. I originally had the site full of commission Junction ads but I lost the account because it made 0 profit in 6 months...I tried...and I will find something else if I ever get my site back. If any of you had a chance to visit cattyshaq.com, you should know that I am not out to scam anyone. My members won't even allow me to have Google ads on my site... I am the victim in this. I've lost my websites...just like the spammer intended. If any one in here helped me to lose my site, I'd like to ask you please to help me get it back. ___________________________________________________________________ Get Juno Platinum for as low as $4.97/month! Unlimited Internet Access with 250MB of Email Storage. Visit http://www.juno.com/half to sign up today! From nobody at devnull.spamcop.net Fri Jun 3 11:47:29 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 11:50:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7oqsn$v96$1@news.spamcop.net... > WazoO wrote: > > > for sure the experiences of others should help fill in some gaps .. > > http://forum.spamcop.net/forums/ > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Let's pick "this case" ... All the original poster provided was; 1. user 'registered at site" - one 'could' assume a free-reporting account 2. user talked about some form to fill in with some instructions (turns out 'we believe' he/she is talking about the logged-in www.spamcop.net web page ... 3.user's post headers indicate OE6 is use, but actually makes no mention of the e-mail application(s) involved ... again, on could 'assume' that the query is on use of OE6, but ...??? 4. user admitted that he/she had some kind of 'expectations' that were not seemingly met ...so there is still not a clue as to how / why SpamCop was located and registration process started 5. user manufactures a single paragraph out of nothing but questions, starting with e-mail submittals, which again brings up that the specific e-mail apps involved haven't been stated . 6. user states that "the FAQ" didn't answer the questions. Referral to the Forum seems to me to make perfect sense for this user ... and pointing to the "top" of the Forum to allow him/her to make his/her own decision on just what to go for first. Each 'component' section of the SpamCop tool-set has its own section. Problems with Reporting, go into the Reporting Help Forum, problems with the BL, go into the Block List Help section, etc ... The Forum FAQ started with making a single-page entry point of the www.spamcop.net FAQ to solve the issues some folks make about not being able to find things, too many mouse-clicks, etc, etc, etc (again, bringing up the years of complaints that it was never complete, stuff was out of date, etc. etc.) ... once that was done, then additional items were added to that FAQ, some new direct entries, some pointers to an discussion point, some items beat together by several users getting together and hammering out a consensus ... this also led to things like starting a Glossary (really triggered by the problem with the item now pretty much standardized name of "Tracking URL" .. and noting that this Glossary entry predates the parser code change that finally used those words to clear things up for the "rest of us") Between the Forum FAQ and the Forum contents, it should have popped up quickly that the e-mail apps involved need to be defined before an 'easy' answer could be provided for this user's questions. The original FAQ has the same data, but noting this user's description of that FAQ's contents "FAQ mostly just covers stuff like what is spam etc" This does sound like "How to get full headers" wasn't an item seen or read, such that it would have been apparent that this data would have been useful to mention in the original query. Newsgroup traffic ... at the time of this posting, I see three response that talk about how simple it is to "forward" the spam ... but I also note that the specific question of what (all) e-mail apps are in use had not been specifically asked. So if this user is tied to Outlook, the next batch of posts would be about how "Forwarding" only results in errors. Why not clear that up in the beginning? Had some of this data been provided in the original post, perhaps a specific Forum FAQ could have been pointed to. All I see is a lot of missing facts, so again, if I'm going to point, it only makes sense to point to the top of the Forum structure, thus allowing full view of the range of subject matter. As in this scenario, rather than having multiple response that go on at length, again pointing out that some of them are based on assumptions of what tools are in use, the skills and knowledge of the user, somehow ignoring that "expectations weren't met" situation ... even the original FAQ has some/most if that data existing. To keep it in the newsgroups, numerous previous posts could have been pulled up, an archive pointer could have been provided, all possibly leading to more confusion on the user's part, not knowing how to follow those links (adding that these posts do age off .. and the obvious that this user didn't spend a lot of time reading previous posts anyway) As I've stated before, I use NNTP, I use Forum applications, I use search engines, I use whatever tools I can find to solve the problem I'm dealing with at the time. I'll even state myself that Forum apps suck for the most part .... However, I also find it absurd to wade through newsgroup postings that ask the same question asked the day before, asked the week before, asked the month before, but the user didn't look at any of those previous posts, didn't recognize that the Subject line might have actually covered the query, only loaded the OE default of the last 100-300 posts, pick any reason, though usually none really a good/valid excuse .... I spent more and more time in the Forum as there were so few folks over there answering questions. I generated that (meant to be only temporary) Forum FAQ as an attempt to solve several issues ... solving the too-many-clicks complaints, the can't-find squat complaints, the out-of-date complaints, the incomplete complaints, making FAQ entries out of those Frequently Asked Questions ..... over time JT gave me more and more access to that application, I'm now modifying code, added a )Google) search function right at the top of the Forum page to help get around the limitations of the Forum search tool .... There are other knowledgeable folks volunteering their time there, especially pointing out that the only things I know about the e-mail side of the house are from reading all the problems posted. Bottom line, the Forum is another resource, many things are already documented there as either a Pinned entry in the specific /appropriate section or in the FAQ/Glossary ... entries into both of those items are always happening (flip the complaints about the www.spamcop.net FAQ not having enough data to the general complaint that the Forum FAQ contains too much data) There's even a link or two to pages that define "how to ask a question" that could have led to a better query from this original poster. Mike Easter does the hand-feeding thing, I point to research tools where the user may find other questions that hasn't come to his/her mind yet in addition to providing an already existing response to a particular query. I personally don't understand the animosity about another support point, actually still wondering why more folks wouldn't simply chip in and make it a better resource. I'll even do this a seventh time here ... JT offered to buy some software with the intent of building a knowledgeable as yet another support resource. Solving the www.spamcop.net FAQ issues, even taking the Forum FAQ out of the equation. Even the folks that bitch about either or both of these items have failed to actually get involved with responding to this request for interest. You'll note that the calls for a repeated "posting of the FAQ" have disappeared after Miss Betsy's attempt at the "Why am I Blocked" Forum FAQ entry and my posting of the Forum FAQ contents list. I'm done, as this has definitely gone on too long .... From nttp.sc.s at bigsleep.org Fri Jun 3 17:12:04 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:15:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 02 Jun 2005 Cat entered spamcop and left news:d7oqsn$v96$1@news.spamcop.net: > WazoO wrote: > > > >> for sure the experiences of others should help fill in some gaps .. >> http://forum.spamcop.net/forums/ > > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Rather than rant on WazoO, I have to wonder how the OP got here... If you click the help link you see Help Options: FAQ | Search | Forums Popular FAQs Search SpamCop [FAQ, forums, archive] Web-based Bulletin Boards Newsgroups (no spamcop.help listed) Seems to be plenty of links to the forums, and only one link here, which leads me to believe the OP opted to come here. Also, the questions are answered here (no login required) http://www.spamcop.net/fom-serve/cache/285.html http://www.spamcop.net/fom-serve/cache/166.html http://www.spamcop.net/fom-serve/cache/22.html Hey WazoO, just put a forums link in your sig. Well, you don't have one, but you could fake it. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:15:15 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:20:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 03 Jun 2005 Pop entered spamcop and left news:d7povs$eoo$1@news.spamcop.net: > Not sure why nobody's mentioned this? It's very > useful. > I thought about mentioning it, but wasn't sure what to say as it should be obvious when you login. I think you explained it better than I would have anyway. -- | Ric | From wb8tyw at qsl.network Fri Jun 3 12:17:24 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Jun 3 12:20:07 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: <0lwFLCUBIwf4@eisner.encompasserve.org> In article , "Pop" writes: > >> > After reading the posts to date, I notice no one has > suggested this yet, since you may have problems caused > by Hotmail: > > -- Submit your spams by email. > -- Wait a bit, then go and sign into Spamcop as though > you were going to manually report a spam. > -- On the page where you can paste in your spam, > you'll find a note above the box that says something > like "you have unreported spam saved", and there will > be a REPORT NOW link. > -- Click REPORT NOW, look each one over, and Send or > Cancel it as appropriate. > Not sure why nobody's mentioned this? It's very > useful. IIRC: The first mention of that technique that I saw was in the spamcop.help forum about a year or so ago. The poster was Larry Kilgallen. -John wb8tyw@qsl.network Personal Opinion Only From nospam at nowhere.com Fri Jun 3 13:21:45 2005 From: nospam at nowhere.com (Vito DeCarlo) Date: Fri Jun 3 12:25:02 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: I just starting reporting SPAM coming into all email addresses under our company domain, as well as a couple of client domains. My thought was that by quickly reporting SPAM of a larger volume, I would reduce the number of SPAM messages coming in. I now realize that was a impossible *dream*. Vito "Vernon Hardapple" wrote in message news:d7m3ug$f8v$1@news.spamcop.net... > I'm curious. Why do you report other people's spam? Are these clients of > yours? From nttp.sc.s at bigsleep.org Fri Jun 3 17:22:55 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:25:09 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 03 Jun 2005 Kenneth Brody entered spamcop and left news:42A061AF.90DA7289@spamcop.net: > So, viruses virtually always forge the "from", and tracking down the > original sender would require skills beyond most Internet users, yet > Road Runner puts the burden on the recipient rather than blocking it > at its source, when Road Runner knows exactly who it is that is trying > to send it. > I donno, I think Road Runner don't know what the hell they're doing. Perhaps if you explain this to them they will attempt to convince you that you don't know what you are talking about ;-) -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:29:39 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:30:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: On 03 Jun 2005 cattysha@juno.com entered spamcop and left news:mailman.21.1117812471.169.spamcop-list@news.spamcop.net: > Get Juno Platinum for as low as $4.97/month! > Unlimited Internet Access with 250MB of Email Storage. > Visit http://www.juno.com/half to sign up today! > That's spam in my book, and shows no respect for the people you communicate with. You can afford to run a website, but can't even afford to pay for an ISP. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:41:10 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:45:02 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 03 Jun 2005 Vito DeCarlo entered spamcop and left news:d7q02s$j2r$1@news.spamcop.net: > I just starting reporting SPAM coming into all email addresses under > our company domain, as well as a couple of client domains. My thought > was that by quickly reporting SPAM of a larger volume, I would reduce > the number of SPAM messages coming in. I now realize that was a > impossible *dream*. > If you want more spam to report, just get several eMail accounts (different ISPs and/or web mail), use the addresses on forums and newsgroups, then wait around for the spam flood. With some ISPs you don't even need to use the address anywhere. This may be more effective because the large ISPs probably get hit first, and you can use this information in your own block list. Actually opening spam should get you more as well. -- | Ric | From glnews030922 at highspot.net Fri Jun 3 19:49:06 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Fri Jun 3 13:45:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: cattysha@juno.com wrote: > My name is Brenda. I'm the owner of cattyshaq.com and > meetyourcomputer.com. Even though you could rightly nail my hide to > the wall for not investigating the software that I advertise at > meetyourcomputer.com, I am innocent of the spamming. The people who > participate at the cattyshaq.com forum would normally warn me that I > should remove certain ads...perhaps they didn't realize themselves > that there was a problem with the software. In an attempt to make a > few dollars on the internet, I have signed up for several 'ad' > programs but quickly had to remove them because they were based on > key words which continually brought up 'get-rich-quick' sites, which > is exactly what I warn AGAINST at cattyshaq.com. I originally had the > site full of commission Junction ads but I lost the account because > it made 0 profit in 6 months...I tried...and I will find something > else if I ever get my site back. Hi Brenda, thanks for taking the time to post here during what must be a traumatic time. I was the one who was suspicious that it wasn't a joe-job, based on the ads displayed on the site. Since you have come here openly, a thing spammers just wouldn't do, I now accept that it was indeed a joe-job attack on your sites and wish you the best of luck getting them up and running again. > If any of you had a chance to visit cattyshaq.com, you should know > that I am not out to scam anyone. My members won't even allow me to > have Google ads on my site... It may be possible for you to get specific ads delivered to your site instead of keyword based ones. I don't know a lot about the market, but it should be worth investigating. Why don't they like Google ads? They're pretty much the only ones I don't block. > I am the victim in this. I've lost my websites...just like the > spammer intended. If any one in here helped me to lose my site, I'd > like to ask you please to help me get it back. Although I expressed concerns that it wasn't a joe-job, I didn't actually report any of your sites, only the sources of the email. Ellen (a SpamCop employee) has since marked your sites as innocent bystanders and you shouldn't get any more reports. However, a lot of people probably reported them before they were marked as IB. It might be worth trying to get a dialog going between Ellen and your ISP. You can contact her at deputies >at< admin.spamcop.net. Best of luck getting things sorted out. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From nobody at devnull.spamcop.net Fri Jun 3 13:55:35 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 14:00:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Blammo" wrote in message news:Xns966A5DA7F1BFEblammo@216.154.195.61... > > Rather than rant on WazoO, I have to wonder how the OP got here... > If you click the help link you see > Help Options: FAQ | Search | Forums > Popular FAQs > Search SpamCop [FAQ, forums, archive] > Web-based Bulletin Boards > Newsgroups (no spamcop.help listed) > > Seems to be plenty of links to the forums, and only one link here, which > leads me to believe the OP opted to come here. No argument there, but also noting that had any of the Help stuff been read, the not-logged-in www.spamcop.net web page, or any of the starting www.spamcop.net FAQ been hit, one is lost on the "not working as expected" remarks. And as this is the post that even got Car excited, please explain where the "lack of answers" was in my original Reply. I re-read it and I see that I touched a couple of specifics. > Also, the questions are answered here (no login required) > http://www.spamcop.net/fom-serve/cache/285.html > http://www.spamcop.net/fom-serve/cache/166.html > http://www.spamcop.net/fom-serve/cache/22.html And once again pointing out that the poster had already stated that the www.spamcop.net FAQ had been looked at and answers weren't found. My statement in reply was; "As you didn't seem to find what you needed in the www.spamcop.net FAQ, perhaps the expanded and single-page sourced Forum FAQ might help ..." (noting also that there is no login required to "read" over there either. I'm really trying hard to figure out why there is such an uproar over that remark. > Hey WazoO, just put a forums link in your sig. Well, you don't have one, > but you could fake it. From nobody at devnull.spamcop.net Fri Jun 3 14:02:48 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 14:05:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Mike Easter" wrote in message news:d7pq8f$fjd$1@news.spamcop.net... > > Yes. Those generic forum links which aren't actually pointed at an > answer to a question which is residing in the forum are much more > irritating. As stated in another post, the original query was seen to ba lacking some specific details, what e-mail apps were in use for instance. Sire, one could assume OE as seen in the posting headers, but we all know that Outllok uses OE for NNTP ... so rather than make an assumption, suggesting hitting the Forum at the top seemed much wiser. > The message I see is that rather than the reply being an 'answer', it is > an advertisement, like spam. And again, this poster had already stated that the www.spamcop.net FAQ didn't answer his/her questions. And again noting that I had in fact touched a couple of specific issues before getting to the Forum FAQ suggestion. > "If you will go to the forum and post your question over there instead > of in here, we will answer your question there." and "I'm not going to > answer your question here, but someone may answer it over there." I didn't say squat about posting ... I was suggesting another resource for answers that may have been easier to use than the already described failed attempt at using the Help link from the web-page. > It is not at all the same as when a forum link is posted in which the > site in the forum represents a specific answer to a specific question. As so many questions and issues are wrapped up in that post, my logic is that the whole SpamCop experience seemed to be an issue for this poster. From nobody at spamcop.net Fri Jun 3 16:01:36 2005 From: nobody at spamcop.net (Ellen) Date: Fri Jun 3 15:05:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "Blammo" wrote in message news:Xns966A5F7EF460Dblammo@216.154.195.61... > On 03 Jun 2005 Kenneth Brody entered spamcop and left > news:42A061AF.90DA7289@spamcop.net: > > > So, viruses virtually always forge the "from", and tracking down the > > original sender would require skills beyond most Internet users, yet > > Road Runner puts the burden on the recipient rather than blocking it > > at its source, when Road Runner knows exactly who it is that is trying > > to send it. > > > > I donno, I think Road Runner don't know what the hell they're doing. > Perhaps if you explain this to them they will attempt to convince you that > you don't know what you are talking about ;-) > I was in contact with road runner abuse/security this AM. They are aware of the issue and working on it. No promises for an instant solution but the right people are in the loop. Ellen SpamCop From MikeE at ster.invalid Fri Jun 3 13:46:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 15:50:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WazoO wrote: > Let's pick "this case" ... All the original poster provided was; You have some very very valid arguments in here. > Referral to the Forum seems to me to make perfect sense > for this user ... and pointing to the "top" of the Forum to > allow him/her to make his/her own decision on just what > to go for first. That position is supported by your arguments. Your points are very valid. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 3 13:48:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 15:50:09 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WazoO wrote: > "Mike Easter" >> Yes. Those generic forum links which aren't actually pointed at an >> answer to a question which is residing in the forum are much more >> irritating. > > As stated in another post, the original query was seen to ba lacking > some specific details, Your points are well taken, detailed in the other post. -- Mike Easter kibitzer, not SC admin From cattysha at juno.com Fri Jun 3 21:02:19 2005 From: cattysha at juno.com (cattysha@juno.com) Date: Fri Jun 3 16:04:24 2005 Subject: [SpamCop-List] Re: Likely Joe job Message-ID: <20050603.130255.675.199524@webmail33.nyc.untd.com> "That's spam in my book, and shows no respect for the people you communicate with. You can afford to run a website, but can't even afford to pay for an ISP. -- | Ric |" Well aren't you just a ray of sunshine on a very dark day. Thanks, Ellen, and the others of you who were smart enough to see through this. Ipowerweb has now returned my sites! Now I will depart before Ric has a siezure. ___________________________________________________________________ Get Juno Platinum for as low as $4.97/month! Unlimited Internet Access with 250MB of Email Storage. Visit http://www.juno.com/half to sign up today! From jr70 at blackhole.invalid Fri Jun 3 14:14:26 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri Jun 3 16:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > I would like to know how I can automate Outlook Express 6 in such a way > as to right click on the highlighted messages I want to report, and have one > of > the context menu selections be "Forward As Attachment to SpamCop, then > Send and Delete" so that the entire operation is done with only one click. > > This would make reporting spam exactly as easy as deleting the spam so that > there would be no temptation to just say "Oh, not today". > > Of course I'm lazy, but computers are all about how to make things easier > anyway. > > I don't know how to write macros for Outlook Express to do this, and I don't > even > know if it's possible, but I sure would find it valuable. > > I would like not to have to use a separate 3rd party program which gets me > away > from using OE, which otherwise takes care of all my other e-mail needs > quite nicely. This sounds like something that the guy who developed OE-QuoteFix could easily do, but I'm not holding my breath. Meantime, I have spam reporting down to a minimum number of keystrokes: Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. -- John Richards From dfm2a3l0t2 at spymac.com Fri Jun 3 19:54:34 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Jun 3 18:55:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , "Mike Easter" wrote: > So, I'm always trying to get people to not read their spam; and I also > think that spamfighters are guilty of reading spam when they shouldn't. > Some people in alt.spam misunderstand me about that.. > > People, including spamfighters, make up all kinds of 'excuses' about why > they need to read spam; but the fact of the matter is that they > actually don't. They read spam because they want to read spam. In my > little game of keeping score, we call spamreaders 'losers'. [That ought > to get some people outraged.] So I'll put a smiley way over here :-) Some of us use Eudora, which means we have to open the spam so we can cut and paste the headers and the body into the Web report page. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Fri Jun 3 17:02:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 19:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: D.F. Manno wrote: > "Mike Easter" >> So, I'm always trying to get people to not read their spam; > Some of us use Eudora, which means we have to open the spam so we can > cut and paste the headers and the body into the Web report page. That's too bad. I get very exasperated with apps or other instructions which require people to open their spam. The standard EarthLink instructions [depending upon which instructions you read, which iterations are actually inconsistent with each other] for submitting spam to EL's junkmail system, instruct people to open their spam so that they can copy the rendered html so that they can paste that rendered html below the spam headers. Very detailed instructions for getting the headers separately from the rendered html. Makes me crazy. I am at odds with the various EL admins who rarely pop up in EL support ng/s. I'm telling people to blow off EL's junkmail reporting system because my investigations cause me to believe that it is a worthless reporting system -- besides the fact that the instructions make me crazy. People should 'refuse' to submit anything to EL's junkmail if for no other reason than the fact that they shouldn't be opening their spam. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 3 20:28:30 2005 From: nobody at spamcop.net (Dave Lerner) Date: Fri Jun 3 19:30:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Mike Easter wrote on 06/02/2005 04:35 PM: > Not only do I think the 'masses' shouldn't be reading their spam > subjects or opening their spams, I don't even think [most/all] > spamfighters should be reading their spams either. I don't understand what's so bad about reading spam. I usually glance over spam prior to reporting it to ensure that it's legimately reportable. I also check for embedded use of my name or email address, which might not be munged by the reporting tool. The spammer hasn't benefitted from my reading his spam, since I'm not going to buy anything he's advertised, and I'm not going to visit a spamvertised web site unless it's to obtain more accurate reporting data. My email client (currently thunderbird on linux) is configured to display all email as plain text. That avoids any side effects of viewing rendered HTML, web bugs or embedded scripting. From nobody at xyzzy.claranet.de Sat Jun 4 04:00:14 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Jun 3 21:05:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A0FD1E.19A1@xyzzy.claranet.de> Kenneth Brody wrote: > a recent change at Road Runner is now causing all sorts of > problems on my end from virus-laden systems. Not exactly new, grep nanas for "symantec.invalid" for a few older RR follies. > they "bounce" e-mail to the forged "from". (I understand > that this is now permitted to be reported via SpamCop.) For ordinary bounces (user over quota etc.) you should IMHO have a very convincing reason to report it, like an SPF FAIL policy protecting your MAIL FROM. > Now, in an attempt to "help", they purposely allow viruses > sent from their clients to continue on their way, after > stripping the virus. Maybe they've upgraded the Symantec crapware, and that caused again its "let's spam the world" mode. Spamcop it, post it in nanas, _hurt_ them as hard as you can. Bye, Frank From wb8tyw at qsl.network Fri Jun 3 22:53:39 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Jun 3 21:55:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. Are they also the ones that understand bouncing spam/viruses to forged addresses is a bad thing? I was getting over 20 bounces/second from each of two of their mail servers during the last sober outbreak because of an infected system that appeared to be on the other side of the world. -John wb8tyw@qsl.network Personal Opinion Only From johnnospam at nospamatall.com Fri Jun 3 21:58:02 2005 From: johnnospam at nospamatall.com (John Marion) Date: Fri Jun 3 22:00:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > "Blammo" wrote in message > news:Xns966A5F7EF460Dblammo@216.154.195.61... > >>On 03 Jun 2005 Kenneth Brody entered spamcop and left >>news:42A061AF.90DA7289@spamcop.net: >> >> >>>So, viruses virtually always forge the "from", and tracking down the >>>original sender would require skills beyond most Internet users, yet >>>Road Runner puts the burden on the recipient rather than blocking it >>>at its source, when Road Runner knows exactly who it is that is trying >>>to send it. >>> >> >>I donno, I think Road Runner don't know what the hell they're doing. >>Perhaps if you explain this to them they will attempt to convince you that >>you don't know what you are talking about ;-) >> > > > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. > > Ellen > SpamCop > > Thank you, Ellen. From MikeE at ster.invalid Fri Jun 3 20:36:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 22:40:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Dave Lerner wrote: > Mike Easter wrote on 06/02/2005 04:35 PM: >> Not only do I think the 'masses' shouldn't be reading their spam >> subjects or opening their spams, I don't even think [most/all] >> spamfighters should be reading their spams either. > > I don't understand what's so bad about reading spam. I usually glance > over spam prior to reporting it to ensure that it's legimately > reportable. I also check for embedded use of my name or email > address, which might not be munged by the reporting tool. I don't object to some kind of 'system' for examining the body for a $string -- you can do that by searching the raw html. It isn't necessary to render-read a spam as the spammer intended. The standard opening and rendering is what the spammer wants. > The spammer hasn't benefitted from my reading his spam, since I'm not > going to buy anything he's advertised, and I'm not going to visit a > spamvertised web site unless it's to obtain more accurate reporting > data. It is reassuring to me to hear 'bells' of pledged-ness -- where pledged is to never aid a spammer. > My email client (currently thunderbird on linux) is configured to > display all email as plain text. That avoids any side effects of > viewing rendered HTML, web bugs or embedded scripting. It is also reassuring to me to hear bells of security. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Jun 3 23:47:55 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 3 23:50:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Mike Easter wrote: >>Some of us use Eudora, which means we have to open the spam so we can >>cut and paste the headers and the body into the Web report page. > > > That's too bad. > > I get very exasperated with apps or other instructions which require > people to open their spam. Same thing with Yahoo and Gmail. You can't just forward it. You have to open it. Then again, I've had a few times where something looked spammy, but I had to open it to find out that it was actually e-mail I wanted to receive. It's rare that something like that happens, but it's a good thing I checked those e-mails, or I would have missed out on something important. From MikeE at ster.invalid Fri Jun 3 21:58:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:00:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: cattysha@juno.com wrote: > Thanks, Ellen, and the others of you who were smart enough to see > through this. Ipowerweb has now returned my sites! Now I will depart > before Ric has a siezure. Maybe you got off too easy, all things considered. > Get Juno Platinum for as low as $4.97/month! > Unlimited Internet Access with 250MB of Email Storage. > Visit http://www.juno.com/half to sign up today! In case you haven't seen it, this is what Ric was complaining about, not 'having a seizure'. If you are going to spam every newsgroup with your posts, you can expect to have some complaints about it. If you are going to engage ads which are likely to affiliate-spam your website, you can expect to have repercussions about it. If you are going to get bent-outa-shape because some people criticize you for behaviors that are clearly effectively spammish and you get spammish treatment for it, you aren't going to be sympathized with by everyone. If you website has overall benefitted from spam and you only paid a price of transient 'confusion' by your provider and the spamreporting community, you have gotten off easily and benefitted from it. If you were playing them for the fool, then so far you've won.-- but while you're gloating, don't be rubbing it in and popping off about seizures. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Jun 3 23:56:46 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 00:00:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Cat wrote: > Same thing with Yahoo and Gmail. You can't just forward it. You have to > open it. Then again, I've had a few times where something looked spammy, > but I had to open it to find out that it was actually e-mail I wanted to > receive. It's rare that something like that happens, but it's a good > thing I checked those e-mails, or I would have missed out on something > important. I meant to add also that I have html images turned off in those e-mail accounts. Fortunately, I don't get spam at my Gmail address, especially since very few people have that address...only a few people and a couple of other places online that I can trust won't give out my address to anyone. From MikeE at ster.invalid Fri Jun 3 22:04:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Cat wrote: > Mike Easter wrote: >> I get very exasperated with apps or other instructions which require >> people to open their spam. > > > > Same thing with Yahoo and Gmail. You can't just forward it. You have > to open it. Then again, I've had a few times where something looked > spammy, but I had to open it to find out that it was actually e-mail > I wanted to receive. It's rare that something like that happens, but > it's a good thing I checked those e-mails, or I would have missed out > on something important. The bad news about google is that you do have to open it to access the headers and/or original unrendered format. The good news about google is that its spamfilters are good in my experience. The bad news about google is that it is 'awkward' to report google spam. The overall result of that 'package' of google handling is that I don't report spam which has arrived at my google addy. Regarding handling unknowns. My choice of 'erring' about unknowns is to treat them as malware/ spam/ virus/ unsoliciteds/ for which they are cast into the suspicious/junk status and they are examined from their message properties *first* -- so that I'm never 'opening' an unknown mail without already knowing what is inside. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 3 22:43:38 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:45:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Mike Easter wrote: > My choice of 'erring' about unknowns is to treat them as malware/ > spam/ virus/ unsoliciteds/ for which they are cast into the > suspicious/junk status and they are examined from their message > properties *first* -- so that I'm never 'opening' an unknown mail > without already knowing what is inside. Maybe I should elaborate on that; perhaps it is at the 'heart' of my philosophy about not opening spam. I don't believe there should be any spam in my Inbox. Inbox mail is a different thing than spam. Inbox mail has some kind of reliable from. Spam and virms and such don't belong in the Inbox because of the element of From bogosity. If there were no other bogosity involved in the headers of something, bogus From is a 'sacrilege' and should be immediately purged from the Inbox. It doesn't belong there. So, if you look at your Inbox and it contains anything that doesn't represent 'your' Inbox mail -- it should not be in there. That is a different kind of problem for different kinds of people. For some people it is very very very simple. They could whitelist their friends and mailing lists and all of their spam would disappear and they would lose no wanted mail. For others, it is a little more complicated, because they have necessity to receive some kind of unknown wanted mail. Because of that, every mail recipient's 'problems' about spam have to be handled uniquely or individually -- but it isn't really all that hard. It is harder for some than others, to be sure. But it is highly likely that the vast majority of spam is going to have headers consistent with spam, and a tiny minority of spam would need to be evaluated by a filter on the basis of its body composition. If people are looking at spam subjects and froms to figure out if something is spam, and then being confused by the information they see, then they are doing something wrong about their spam filtering. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Jun 4 09:51:22 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 4 00:55:02 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Ilgaz Ocal" wrote in message news:d7mbu8$ipj$3@news.spamcop.net... > On 2005-06-01 08:39:03 +0300, "Berny" said: > > > qoute: > > > > You are receiving this communication because your e-mail
> > address was included on a CD of 100 million e-mail addresses
> > we bought and you opted in to be on it. The can spam act
> > allows us to mail you with offers so please do not make false
> > complaints or we will > > > I wouldn't wait a second if I was american to call/mail offices. > > It would teach them what it means to abuse a law by falsely referencing > in any part of the world. > > A jerk bugged my mailbox 4-5 times that he is petrol minister of UAE > (Dubai), I got finally bored from sending reports and his spam ended in > hands of Dubai police. I said "Its your minister, your ISP, your > criminal, fix it" at additional notes > > I didn't hear from him since ;) > > Oh believe or not, he was using a UAE ISP. > > Ilgaz > He ( the 419'er ) was playing a dangerous game, communication is heavily monitored, police and ISP are pretty competent, at best (for him) s/he's back in his/her home country and banned. (For many this means a return to extreme povery and unemployment) From bud at telus.net Fri Jun 3 22:58:25 2005 From: bud at telus.net (Bud) Date: Sat Jun 4 01:00:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Mike Easter" wrote in message news:d7r8sc$92k$1@news.spamcop.net... > cattysha@juno.com wrote: >> Thanks, Ellen, and the others of you who were smart enough to see >> through this. Ipowerweb has now returned my sites! Now I will depart >> before Ric has a siezure. > > Maybe you got off too easy, all things considered. > >> Get Juno Platinum for as low as $4.97/month! >> Unlimited Internet Access with 250MB of Email Storage. >> Visit http://www.juno.com/half to sign up today! >> If you were playing them for the fool, then so far you've won.-- but > while you're gloating, don't be rubbing it in and popping off about > seizures. > > -- > Mike Easter > kibitzer, not SC admin -- Amen Bud From bar_n0ne at hotmail.com Sat Jun 4 10:17:37 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 4 01:20:03 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: "Redstone" wrote in message news:Xns9668A07EEA16Etinlc@216.154.195.61... > Blammo wrote in > news:Xns966730861A38Dblammo@216.154.195.61: > > > >> > >> Try Xnews. It's free. > >> > > > > And you don't need to install anything, you can tuck it away in a > > folder somewhere, noone but you needs to know. Though it's pretty much > > news only. > > > > > > No registry crap to worry about.. nothing. It was the way everyone > installed programs 15 years ago when the only thing in town was MS-DOS. > Those were they days. :-) > > But back to Xnews, It's quite a powerful little application too. :-) Ummm.... what town where you in 15 years ago? There were semoe very internet competent OS "things" in my town; Mac, Amiga, Atari, OS/2, not to mention SunOS (BSD), VAX/VMS and others for those with heavier requirements and budgets. From nttp.sc.s at bigsleep.org Sat Jun 4 06:51:27 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 01:55:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 03 Jun 2005 Mike Easter entered spamcop and left news:d7r43c$6va$1@news.spamcop.net: > I don't object to some kind of 'system' for examining the body for a > $string -- you can do that by searching the raw html. It isn't > necessary to render-read a spam as the spammer intended. The standard > opening and rendering is what the spammer wants. > This is what I always do, I did that with my OP. In Mozilla you close the preview pane, select the message and press CTRL+U. Using IMAP I see the perfectly original message source (this is nothing new as far as Netscape/Mozilla goes), I actually copied from the source, only removing the html
at the end of each line. Also the spam filters and message filter rules do a good job of moving everything into the junk folder so I don't have to look at it. I don't need to add a [spam] tag to the subject because, like Eudora, Mozilla lets you make up rules for any header. Believe it or not, there is even a filter for "Sender not in my address book". Unfortunately it isn't quite perfect because it is effected by the case- sensitivity bug: http://bugzilla.mozilla.org/show_bug.cgi?id=129393 Also I don't know who all might be sending me eMail, so I do have to look at senders and subjects. Being a postmaster I have to check every single bounce, so I can't just assume it's all junk. On 03 Jun 2005 Mike Easter entered spamcop and left news:d7rbhm$agm$1@news.spamcop.net: > ... > So, if you look at your Inbox and it contains anything that doesn't > represent 'your' Inbox mail -- it should not be in there. > ... I almost said; for most people your logic works, but actually there are many who do business over the Internet or give out their address, and based on the false positives I see filters just don't work that good. People really do need to be careful, but I can't expect anyone to never look at a spam subject. -- | Ric | From nttp.sc.s at bigsleep.org Sat Jun 4 06:57:00 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 02:00:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 03 Jun 2005 WazoO entered spamcop and left news:d7q5in$m9u$1@news.spamcop.net: > I re-read it and I see that I touched a couple of specifics. I did notice that, which is why I'm not ranting on you. I find it funny that whenever we get on these long threads, we usually never see the OP again. I wonder if our bickering scares them away? -- | Ric | From nttp.sc.s at bigsleep.org Sat Jun 4 07:11:56 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 02:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: On 03 Jun 2005 cattysha@juno.com entered spamcop and left news:mailman.22.1117829065.169.spamcop-list@news.spamcop.net: > Well aren't you just a ray of sunshine on a very dark day. > Yes, I can be a jerk, could be because I ain't getting any. > > Now I will depart before Ric has a siezure. > Good, I won't have to look at those Juno ads. Nothing against you, I just hate those ads, I even bitch to my friends about them. -- | Ric | From nobody at spamcop.net Sat Jun 4 07:13:35 2005 From: nobody at spamcop.net (StampOutSpam) Date: Sat Jun 4 02:15:08 2005 Subject: [SpamCop-List] Re: Where's oc3@devnull? References: Message-ID: The OC3 spammers seem to be on a new ISP: http://www.spamcop.net/sc?id=z771133035z5e721f210b00e0639da4a1baae3fa4b1z 69.40.127.52 - abuse@alltel.net From nobody at nowhere.invalid Sat Jun 4 12:31:04 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 05:35:09 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On Fri, 3 Jun 2005 21:04:19 -0700, Mike Easter coughed into spamcop and left this in : > The bad news about google is that you do have to open it to access the > headers and/or original unrendered format. The good news about google > is that its spamfilters are good in my experience. The bad news about > google is that it is 'awkward' to report google spam. Have they fixed that stupidity whereby they *always* insert a Reply-To: header whether you want it or not (and which fscks up mailing list traffic)? -- Steve There's no place like ~ From nobody at spamcop.net Sat Jun 4 08:56:17 2005 From: nobody at spamcop.net (Ellen) Date: Sat Jun 4 08:00:07 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "John E. Malmberg" wrote in message news:d7r1j3$5ks$1@news.spamcop.net... > Ellen wrote: > > I was in contact with road runner abuse/security this AM. They are aware of > > the issue and working on it. No promises for an instant solution but the > > right people are in the loop. > > Are they also the ones that understand bouncing spam/viruses to forged > addresses is a bad thing? > > I was getting over 20 bounces/second from each of two of their mail > servers during the last sober outbreak because of an infected system > that appeared to be on the other side of the world. > In almost every case where I have spoken with an abuse person at an ISP of any size, the abuse person understands with crystal clarity the "bounce to forged from address" issue. Unfortunately fixing the problem is a whole lot harder than understanding it and involves getting all the various groups on board including the network architects, the security people, the marketing people, etc; getting upper level management to agree that it needs to be fixed and that it will cost $$ to do this; getting the project onto the fix schedule; architecting the way to fix it including hardware and software changes; buying the hardware to implement the fix; writing or modifying the software; testing hardware and software, setting up the schedule to implement and then implementing. One ISP of, I guess, small-medium size had most of the above steps already done when I talked to them -- i.e. they knew they needed to minimize the bounce problem dramatically to the point where it was basically a non-problem, they had the necessary agreements from the corporate sign-off chain, they had done the architecting, they had the POs to order equipment and it still took at least a couple of months to get it installed, tested and into production ... Solving this problem is not slam-dunk simple. And when all is said and done, the RFCs mandate bounces/NDRs if a message is received and then not delivered --- for non-spam they make sense. As do OOO, mailbox full and other random autobots ... I am not trying to excuse the flood of bounces -- I see them just as y'all do and for a while there last week some random ISP in Europe was happily sending the deputies address bounces -- but just trying to point out that the understanding/seeing the visible part of the problem is easy; fixing it is more complicated. Companies -- non-ISPs -- are way, way harder to convince that bounces are a problem. Sigh ... now if we could just get people to not click on attachments .... but that's a rant for another time .... Ellen From nobody at nowhere.invalid Sat Jun 4 15:05:14 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 08:10:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On Sat, 4 Jun 2005 07:56:17 -0400, Ellen coughed into spamcop and left this in : > Sigh ... now if we could just get people to not click on attachments .... ITYM: Sigh ... now if we could just get people to stop using software that doesn't need them to click on an attachment to run it .... -- Steve Why is it that people say they slept like a baby when babies wake up every two hours? From nospam at fuck-off-and-die.com Sat Jun 4 19:21:06 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Sat Jun 4 08:40:05 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: Steven Maesslein, , the befouled, disturbed miscreant, and seller of gorse for brooms, illumed: > On Sat, 4 Jun 2005 07:56:17 -0400, Ellen coughed into spamcop and left > this in : > >> Sigh ... now if we could just get people to not click on attachments >> .... > > ITYM: > > Sigh ... now if we could just get people to stop using software that > doesn't need them to click on an attachment to run it .... User-Agent: slrn/0.9.8.1 (Linux) Fucktard cunt. From nobody at devnull.spamcop.net Sat Jun 4 09:36:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Jun 4 08:40:12 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: ... > > I'm really trying hard to figure out why there is > such an uproar > over that remark. > >> Hey WazoO, just put a forums link in your sig. Well, >> you don't have one, >> but you could fake it. > > FWIW, same here. I just went down thru the whole thread, and jeepers, what a convoluted thing it turned into. That's not a cut, just an observation. I understand the want for keeping this group alive and well, so that's good as far as I'm concerned. I do think perhaps some people might be stretching themselves a little thin, so maybe the repetitive nature of things with those who are unfamiliar with SC is a result of that. I know there was a lot of work went on for the FAQs here, but I myself still don't find them very easy to navigate if/when I'm looking for something specific, although I have to admit that what IS there is excellent. It's not that anything is missing, but it's often hard to decide where to look and how far to read before deciding it's not going to have what I'm looking for. I can imagine how a new comer might feel, especially if they're upset to start with. Just my two cents, and I know, I've said all this before Pop From nobody at devnull.spamcop.net Sat Jun 4 09:39:09 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Jun 4 08:40:19 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: <0lwFLCUBIwf4@eisner.encompasserve.org> Message-ID: ... > > > >> Not sure why nobody's mentioned this? It's very >> useful. > > IIRC: The first mention of that technique that I saw > was in the spamcop.help > forum about a year or so ago. The poster was Larry > Kilgallen. > > -John > wb8tyw@qsl.network > Personal Opinion Only Sorry; I meant in this thread. I wasn't making any "explorer discovery" statement. Pop From nttp.sc.s at bigsleep.org Sat Jun 4 14:46:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 09:50:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 04 Jun 2005 Ellen entered spamcop and left news:d7s50v$mqd$1@news.spamcop.net: > Companies -- non-ISPs -- are way, way harder to convince that bounces > are a problem. > I think you are in a position that ISPs at least will recognize that you are someone that probably knows what you are talking about. I don't have much patience going back and forth with some support guy that probably doesn't even understand the problem, even when I give detailed instructions on how to fix the problem. With some, I get no reply at all, which leads me to believe I'm simply ignored. Example Recipient: abuse@dishnetwork.com "EchoStar's server has intercepted an email from your mail account which caused a content filter to be triggered. Your message was not delivered to our EchoStar, DishNetwork or Eldon associate because it contains http graphics that are sourced from an Internet web site. Please remove the graphics and resend the message. Thank you." A message to abuse@dishnetwork.com, postmaster@echostar.com explaining they bounced my abuse report gets no reply at all. They aren't exactly an ISP (yes companies can be dense), but I've been ignored by ISPs as well. I know, the admins are probably over-worked (so am I). I'm sure grateful you have the tenacity to pursue these matters. -- | Ric | From MikeE at ster.invalid Sat Jun 4 08:06:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 10:10:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> The bad news about google is that you do have to open it to access >> the headers and/or original unrendered format. The good news about >> google is that its spamfilters are good in my experience. The bad >> news about google is that it is 'awkward' to report google spam. > > Have they fixed that stupidity whereby they *always* insert a > Reply-To: header whether you want it or not (and which fscks up > mailing list traffic)? I'm not crystal clear on your qx -- if I substitute 'gmail' for they, I see 'Has gmail fixed that stupidity whereby gmail always inserts a reply-to header?' I can configure so that I can use gmail's smtp server from my mua OE to send an email to myself. My test message to me has a From and a Return-Path, but it doesn't have a Reply-To. I recently invited a friend to have a gmail account [slightly interesting story about why he needs one] and the autoack which gmail sends about that came From gmail team, return-path gmail team, reply-to my friend. That makes sense. I haven't test emailed myself anything from gmail's webmail. What exactly are the circumstances under which the reply-to is added and unwanted and what kind of trouble does it cause? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 4 08:10:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 10:10:12 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Mike Easter wrote: > I can configure so that I can use gmail's smtp server from my mua OE > to send an email to myself. To clarify, I can configure so that I can use gmail's smtp server from my mua OE to send an email to my EL account which I pop in my mua OE. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Jun 4 12:34:45 2005 From: nobody at spamcop.net (Ellen) Date: Sat Jun 4 11:50:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "Blammo" wrote in message news:Xns966B44F7C14FEblammo@216.154.195.61... > On 04 Jun 2005 Ellen entered spamcop and left > news:d7s50v$mqd$1@news.spamcop.net: > > > I think you are in a position that ISPs at least will recognize that you > are someone that probably knows what you are talking about. Some do and some don't ... >I don't have > much patience going back and forth with some support guy that probably > doesn't even understand the problem, even when I give detailed instructions > on how to fix the problem. > > With some, I get no reply at all, which leads me to believe I'm simply > ignored. It's easier when they write to you first :-) Ellen SpamCop From nobody at nowhere.invalid Sat Jun 4 21:14:57 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 14:15:04 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On Sat, 4 Jun 2005 07:06:04 -0700, Mike Easter coughed into spamcop and left this in : > I haven't test emailed myself anything from gmail's webmail. > > What exactly are the circumstances under which the reply-to is added and > unwanted and what kind of trouble does it cause? The webmail interface is precisely the problem. Send an e-mail using it and you will see a Reply-To: header in the message, whether you requested it or not (unless they've unb0rked themselves). Now, there are 3 basic kinds of list management software: 1) Those that insert List-* headers and expect the MUA to reply either to the list or to the OP depending on what the user wants, with this behaviour being overridden by a Reply-To: header in the incoming mail forcing any and all replies to the address specified. 2) Those that do as above and also insert a Reply-To: the list, but only if there isn't already a Reply-To: header in the incoming mail. If there is, it leaves it as-is. 3) Those that do as 1) and *always* insert a Reply-To: the list, even if there was already a Reply-To: header in the incoming mail, in which case it clobbers it and puts its own. GMail, in their infinite wisdom, have broken both 1) and 2) above. TTBOMK, Yahpoo! groups are the only type 3) lists - or at least they're the only ones I've seen. -- Steve Sign spotted on a repair shop door: WE CAN REPAIR ANYTHING. (PLEASE KNOCK HARD ON THE DOOR - THE BELL DOESN'T WORK) From steve at prolynx.com Sat Jun 4 14:13:18 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 4 15:15:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Since I have 'quick' reporting enabled, all I would need to be able to do with such a macro would be to highlight all my spam, right click and choose the new "Forward As..." selection and be done with it. Just as easy as deleting it. Once this can be made as easy as deleting it, I think I can turn some people onto signing up with SpamCop and reporting their spam in this way, since it would be virtually no hassle whatsoever. "John Richards" wrote in message news:d7qdn2$rbv$1@news.spamcop.net... > "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > This sounds like something that the guy who developed OE-QuoteFix could > easily do, but I'm not holding my breath. > Meantime, I have spam reporting down to a minimum number of keystrokes: > Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. > > -- > John Richards From MikeE at ster.invalid Sat Jun 4 13:29:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 15:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Since I have 'quick' reporting enabled, all I would need to be able > to do with such a macro would be > to highlight all my spam, right click and choose the new "Forward > As..." selection and be done with it. There is a 'problem' with quick reporting, and that problem can be hazardous to your email account. > Just as easy as deleting it. > > Once this can be made as easy as deleting it, I think I can turn some > people onto signing up with SpamCop > and reporting their spam in this way, since it would be virtually no > hassle whatsoever. The problem with 'turning people on' to quick reporting is that some or many or a few of them will be unwittingly reporting their own provider's servers, whose mailservers will/may become spamcop blocklisted, which will/may interfere with the provider's client's mailings being successful, which /will/ be very upsetting to the provider, who may discipline the 'bad' spamcop quick reporters, possibly terminating their account. If I were a provider, I wouldn't be very comfortable having newbie spamcop quickreporters as clients. A lot of new spamcop reporters don't know the first thing about headers, spamsources, IP addresses, or which one is their provider's. The parser reporter is a tool which shouldn't be used carelessly or it will damage innocent people. You are suggesting using the tool on blind highspeed setting. The business of parsing and reporting with spamcop carries some responsibility with it. Do you know anything about the mailhosts configuring? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 4 14:17:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 16:20:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I forgot to add that I have 'quick' reporting enabled. At one time, the quick reporting function for the submit address was considered to be a 'beta' trial -- and supposedly it is somewhat restricted by the fact that just any reporter who has signed up can't quick report without receiving some kind of 'clearance' or permission to be a quick reporter by emailing a deputy. Quick reporting is also temporarily put on hold while a person is configuring their mailhosts. Mailhosts is a condition which would like to reduce the chances of the reporter reporting hir own provider, but even mailhosts doesn't completely eliminate that possibility. So, altho' mailhosts configuration decreases errant parses when correctly configured, it may increase errant parses during configuration, and may also contribute to errant parses anyway when the provider's servers are changed or added. You may want to get a broader overview of quick reporting which isn't described in the faq, but which has some commentary in the forum at a few places: http://forum.spamcop.net/forums/index.php?showtopic=163&st=0&p=736&#entry736 FAQ Entry: What is Quick Reporting? http://forum.spamcop.net/forums/index.php?showtopic=1672&st=30&p=11991&#entry11991 Is quick reporting still considered "BETA"? http://forum.spamcop.net/forums/index.php?showtopic=793&st=0&p=4839&#entry4839 Julian on Mailhosts and Quick Reporting -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Sat Jun 4 14:54:30 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sat Jun 4 16:55:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Blammo wrote: > Good, I won't have to look at those Juno ads. Nothing against you, I just > hate those ads, I even bitch to my friends about them. Especially so when one can get free Gmail accounts, which don't send out any ads or promotional slogans. -- John Richards From nobody at devnull.spamcop.net Sat Jun 4 18:04:21 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Jun 4 18:00:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7oqsn$v96$1@news.spamcop.net... > WazoO wrote: > > > > > for sure the experiences of others should help fill in some gaps .. > > http://forum.spamcop.net/forums/ > > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Did I miss it? Where are the answers in the ng? Miss Betsy From kenbrody at spamcop.net Fri Jun 3 18:44:41 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:05:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A0CF49.5A9DA09@spamcop.net> Ellen wrote: > > "Blammo" wrote in message > news:Xns966A5F7EF460Dblammo@216.154.195.61... > > On 03 Jun 2005 Kenneth Brody entered spamcop and left > > news:42A061AF.90DA7289@spamcop.net: > > > > > So, viruses virtually always forge the "from", and tracking down the > > > original sender would require skills beyond most Internet users, yet > > > Road Runner puts the burden on the recipient rather than blocking it > > > at its source, when Road Runner knows exactly who it is that is trying > > > to send it. > > > > > > > I donno, I think Road Runner don't know what the hell they're doing. > > Perhaps if you explain this to them they will attempt to convince you that > > you don't know what you are talking about ;-) > > > > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. And a public "thank you" to Ellen for contacting me offlist (via e-mail) to help figure things out and get things rolling at Road Runner. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From ob1db at spamcop.net Sat Jun 4 19:12:06 2005 From: ob1db at spamcop.net (David Butler) Date: Sat Jun 4 18:15:06 2005 Subject: [SpamCop-List] gkmahijd.healingsphere.info Message-ID: SC Sez gkmahijd.healingsphere.infowon't resolve, BUT openrbl.org resolves it !(So happy to see openrbl.org back! I Will have to make a donation sometime soon) Address: 213.135.64.93 resolved to gkmahijd.healingsphere.info AS: 213.135.64.0/19 AS8641 TeleCore network Autonomous Syst Moscow/Moskva Net 213.135.64-95 RU-TSR-20000406 Abuse-Whois telecore.net.ru: (64.135.213.in-addr.arpa; 64.135.213.in-addr.arpa)[Cached] [whois.abuse.net] abuse@telecore.net.ru (for telecore.net.ru) postmaster@telecore.net.ru (for telecore.net.ru) From ob1db at spamcop.net Sat Jun 4 19:20:09 2005 From: ob1db at spamcop.net (David Butler) Date: Sat Jun 4 18:25:03 2005 Subject: [SpamCop-List] savvis and webunited: black holes of spam or what ? Message-ID: I get 2 or 3 of these a day http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z where both the spam source and the hosting are savvis and webunited. They will not accept munging, so I manually LART every one of them. Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. Anyone had any luck with these putzes? Some upstream to start venting on ?? From MikeE at ster.invalid Sat Jun 4 16:32:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 18:35:02 2005 Subject: [SpamCop-List] Re: gkmahijd.healingsphere.info References: Message-ID: David Butler wrote: > SC Sez > gkmahijd.healingsphere.infowon't resolve, BUT openrbl.org resolves it > !(So happy to see openrbl.org back! I Will have to make a donation > sometime soon) Address: 213.135.64.93 resolved to > gkmahijd.healingsphere.info AS: 213.135.64.0/19 AS8641 TeleCore > network Autonomous Syst Moscow/Moskva Net 213.135.64-95 > RU-TSR-20000406 Abuse-Whois telecore.net.ru: > (64.135.213.in-addr.arpa; 64.135.213.in-addr.arpa)[Cached] > [whois.abuse.net] > abuse@telecore.net.ru (for telecore.net.ru) > postmaster@telecore.net.ru (for telecore.net.ru) Yabbut, spews S3054 shows 1, 213.135.64.0/24, Alexandr Anikin / telecore.net.ru 1, 213.135.64.0/22, Alexandr Anikin / telecore.net.ru 2, 213.135.64.0/19, Alexandr Anikin / telecore.net.ru 2, 195.208.67.2, Alexandr Anikin / spop3.telecore.net.ru showing a progression from the /24 to the /22 and threatening the /19 because of unresponsiveness and spamhaus SBL27216 lists the IP as the /32 for a ROKSO spammer and shows a string of spammer domainnames and nameservers hosted there. Telecore also has 4 other blocks of various sizes /20 /32 /23 & /24 spamhaused, indicating their unresponsiveness. So, SpamCop isn't 'missing anything' by failing to resolve that name to that IP and notify telecore. as8641 upstream is AS28809 NAUKANET-AS Naukanet Autonomous System whose contacts are vadim@online.ru vladimirds@mail.ru noc@naukanet.ru There's no reg'd abuse.net contact for naukanet.ru -- I suppose you could consider naukanet's upstreams. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Sat Jun 4 19:39:51 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:45:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A22DB7.D2160584@spamcop.net> "John E. Malmberg" wrote: > > Ellen wrote: > > I was in contact with road runner abuse/security this AM. They are aware of > > the issue and working on it. No promises for an instant solution but the > > right people are in the loop. > > Are they also the ones that understand bouncing spam/viruses to forged > addresses is a bad thing? > > I was getting over 20 bounces/second from each of two of their mail > servers during the last sober outbreak because of an infected system > that appeared to be on the other side of the world. In this case, they're _not_ bouncing the virus/worm back to the forged sender. Rather, they're stipping the actual virus/worm, and sending it on to the indended victim. In fact, they explicitly state that they are not notifying the sender (which they could do, since it's coming from a RoadRunner client into a RoadRunner SMTP server). They could reject it at the SMTP level. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Sat Jun 4 19:42:34 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:45:11 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> <42A0FD1E.19A1@xyzzy.claranet.de> Message-ID: <42A22E5A.4A8A9308@spamcop.net> Frank Ellermann wrote: > > Kenneth Brody wrote: [...] > > Now, in an attempt to "help", they purposely allow viruses > > sent from their clients to continue on their way, after > > stripping the virus. > > Maybe they've upgraded the Symantec crapware, and that caused > again its "let's spam the world" mode. Spamcop it, > post it in nanas, _hurt_ them as hard as you can. Bye, Frank Per Ellen's request, I am not reporting these... yet. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at devnull.spamcop.net Sat Jun 4 18:51:53 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Jun 4 18:55:02 2005 Subject: [SpamCop-List] Re: problems with gmail reporting spam References: Message-ID: "Vernon Hardapple" wrote in message news:d7fmqm$qr9$1@news.spamcop.net... > Gmail, it seems, does not properly forward my spam to spamcop. Anyone > has have a fix for this? There is no fix ... however, after spending an inordinate amount of time trying to figure something else out, I've updated the entry in the "How to Use .... Reporting" section of the Forum to address this the only way I could come up with .... Submitting from Google's GMail, Web-page paste and e-mail http://forum.spamcop.net/forums/index.php?showtopic=3581 From MikeE at ster.invalid Sat Jun 4 17:49:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 19:50:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: David Butler wrote: > I get 2 or 3 of these a day > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > where both the spam source and the hosting are savvis and webunited. > They will not accept munging, so I manually LART every one of them. > Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. > > Anyone had any luck with these putzes? Some upstream to start venting > on ?? That spam is straightup, From = source = spamvertiser. No header bogosity at all. The IP is spamhaused as the /24 SBL20414 - spamhaus considers it part of ciberlynx for some reason, what radb sez is whois -h whois.radb.net 66.115.52.115 ... route: 66.115.0.0/18 descr: Webunited superblock origin: AS13488 remarks: this is non-portable space, no exceptions notify: noc@webunited.net mnt-by: ASN-CIBERLYNX-DB-FL changed: ivaldes@webunited.net 20050425 source: SAVVIS so, I see the ciberlynx in there. The upstream for AS13488 is Sprint. -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Sat Jun 4 20:57:01 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Jun 4 20:00:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , "Mike Easter" wrote: > I don't object to some kind of 'system' for examining the body for a > $string -- you can do that by searching the raw html. It isn't > necessary to render-read a spam as the spammer intended. The standard > opening and rendering is what the spammer wants. Well, I have Eudora configured _not_ to automatically download HTML graphics. If an e-mail turns out to be wanted mail in HTML format, I can always fetch the graphics. All I see when I open spam is plain text with a lot of HTML tags. The only reason I even look at the body is when it's not clear from the Subject header what type it is, for example, to verify that it's pharmacy spam so I can LART the FDA. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From cquinc at hotmail.com Sat Jun 4 20:11:02 2005 From: cquinc at hotmail.com (Quin) Date: Sat Jun 4 22:15:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WOW! Look at what I started!!! I was pleased with all the answers to my post and I now have some information to work with. Several people mentioned that my questions should have included more information and I am sorry that I did not anticipate what was needed or phrase the questions with better detail as to what I was looking for. I also admit that more detailed reading on my part may have helped. To help settle one part of the discussion I should say that I was happy to receive the http://forum.spamcop.net/forums/ link from WazoO. I like having other sources of information. Maybe everyone who asks a question does not want a referral but I for one do. Having said that, I have to say that Vanguard posted a message that was very helpful. I found some of the things I was doing wrong by reading his post. His comment to forward as an attachment and not inline was especially helpful and was probably part of the problem. (In Outlook if you hit the forward button on only one message it will place it inline). Also I was using Outlook to forward the spam messages but expected replies to Hotmail. (One Outlook account is set up with a return address to Hotmail). I post to newsgroups using Outlook Express. Three email systems! Apparently I need to use the spamcop email address that I signed up with to do everything. right? I may have more questions in the future after I get a chance to experiment and read some more but for now I thank you all.It is clear that people who do not like spam are a passionate group. I look forward to reading more comments from all of you. Quin "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have registered with the site > spamcop.net and logged in and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - or - single address > (one line only): > > I do not seem to get the type of response I expect. The email I signed up > with was a hotmail account and it does not get any response. I thought I > was suppost to get some sort of a letter to forward to the spammer ISP. > Once I did get an addressed letter with no body information. > > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get some > sort of response as to who to contact with the complaint? Does spamcop > just send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not what > to expect from this site! > > Thanks! > > > From krazikat at krazi.kat Fri Jun 3 17:29:39 2005 From: krazikat at krazi.kat (krazikat) Date: Sat Jun 4 23:10:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Blammo wrote: > On 03 Jun 2005 cattysha@juno.com entered spamcop and left > news:mailman.21.1117812471.169.spamcop-list@news.spamcop.net: > > >>Get Juno Platinum for as low as $4.97/month! >>Unlimited Internet Access with 250MB of Email Storage. >>Visit http://www.juno.com/half to sign up today! >> > > > That's spam in my book, and shows no respect for the people you communicate > with. You can afford to run a website, but can't even afford to pay for an > ISP. STFU you goddam troll. From nobody at devnull.spamcop.net Sat Jun 4 23:13:30 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 23:15:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: Mike Easter wrote: > Cat wrote: >>Why push the original poster to go to the web >>forum > > > Yes. Those generic forum links which aren't actually pointed at an > answer to a question which is residing in the forum are much more > irritating. > > The message I see is that rather than the reply being an 'answer', it is > an advertisement, like spam. > > "If you will go to the forum and post your question over there instead > of in here, we will answer your question there." and "I'm not going to > answer your question here, but someone may answer it over there." > > It is not at all the same as when a forum link is posted in which the > site in the forum represents a specific answer to a specific question. Yeah, I can see if it was mentioned sort of like "there's similar discussion going on over here where this particular question has come up and been answered. You might look over there at *insert forum link to answer to specific question here* in addition to any discussion that goes on here" that would be ok. I think what bothered me about it was that WazoO's forum promoting could make a new person feel like he/she did the wrong thing by posting to the newsgroups first. I think it's good to make people feel that either place is equally fine for posting questions and that the poster should do whatever feels most comfortable. From nobody at devnull.spamcop.net Sat Jun 4 23:32:49 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 23:35:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > "Cat" wrote in message > news:d7oqsn$v96$1@news.spamcop.net... > >>WazoO wrote: > Let's pick "this case" ... All the original poster provided was; > 1. user 'registered at site" - one 'could' assume a free-reporting account > 2. user talked about some form to fill in with some instructions > (turns out 'we believe' he/she is talking about the logged-in > www.spamcop.net web page ... > 3.user's post headers indicate OE6 is use, but actually makes > no mention of the e-mail application(s) involved ... again, > on could 'assume' that the query is on use of OE6, but ...??? > 4. user admitted that he/she had some kind of 'expectations' > that were not seemingly met ...so there is still not a clue as > to how / why SpamCop was located and registration process > started > 5. user manufactures a single paragraph out of nothing but questions, > starting with e-mail submittals, which again brings up that the > specific e-mail apps involved haven't been stated . > 6. user states that "the FAQ" didn't answer the questions. > > Referral to the Forum seems to me to make perfect sense > for this user ... and pointing to the "top" of the Forum to > allow him/her to make his/her own decision on just what > to go for first. Those are all good points which explain your reasoning much better. Someone else mentioned though that Quin obviously chose to ask a question here after seeing the choice between forum and newsgroup. Like I said in my reply to Mike Easter, it also has a lot to do with how you present the web forum option. Sometimes your posts come across as "You should have asked over there instead" and a general attitude that the web forum is better than the newsgroup. See below for more of my comments on this. > Bottom line, the Forum is another resource, many things are > already documented there as either a Pinned entry in the > specific /appropriate section or in the FAQ/Glossary ... > entries into both of those items are always happening > (flip the complaints about the www.spamcop.net FAQ > not having enough data to the general complaint that the > Forum FAQ contains too much data) There's even a > link or two to pages that define "how to ask a question" > that could have led to a better query from this original > poster. Mike Easter does the hand-feeding thing, I > point to research tools where the user may find other > questions that hasn't come to his/her mind yet in addition > to providing an already existing response to a particular > query. I personally don't understand the animosity about > another support point, actually still wondering why more > folks wouldn't simply chip in and make it a better resource. It's not so much animosity toward the newsgroup is it is more like you tend to unintentionally put out the idea that the forum is better than the newsgroup, and sometimes it seems like you're trying to turn people away from the idea of using the newsgroups as a source of help. Some of us also prefer the newsgroup option. Some of us have also been around long enough to remember when SpamCop originally went from web forum to newsgroup and aren't particularly eager to go back to a web forum format. As I mentioned before in the case of someone who is new to SpamCop or not as knowledgeable about computers, your posts may make them feel like they did the wrong thing by posting to the newsgroup instead of the web forum. From steve at prolynx.com Sun Jun 5 00:21:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 5 01:25:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I looked at the OE-QuoteFix website. What I need isn't related to that. What I need is essentially a macro. I don't know how to create macros, and don't know if they can be used with OE. I need some way to save keystrokes by a hot key or something that will allow to combine several functions into one key. Steve "John Richards" wrote in message news:d7qdn2$rbv$1@news.spamcop.net... > "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > This sounds like something that the guy who developed OE-QuoteFix could > easily do, but I'm not holding my breath. > Meantime, I have spam reporting down to a minimum number of keystrokes: > Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. > > -- > John Richards From nttp.sc.s at bigsleep.org Sun Jun 5 06:47:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 01:50:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 04 Jun 2005 D.F. Manno entered spamcop and left news:dfm2a3l0t2- AF074B.19570104062005@news.cesmail.net: > The only reason I even look at the body is when it's not clear from the > Subject header what type it is, for example, to verify that it's > pharmacy spam so I can LART the FDA. > I usually do that from the Spamcop parser, if necessary. -- | Ric From nobody at devnull.spamcop.net Sun Jun 5 01:51:30 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 01:55:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7tqkq$j0d$1@news.spamcop.net... > > Yeah, I can see if it was mentioned sort of like "there's similar > discussion going on over here where this particular question has come up > and been answered. You might look over there at *insert forum link to > answer to specific question here* in addition to any discussion that > goes on here" that would be ok Something like that found at d7tba9$bia$1@news.spamcop.net Subject: Re: problems with gmail reporting spam Thread started at 5/30/05 1342 ...????? >. I think what bothered me about it was > that WazoO's forum promoting could make a new person feel like he/she > did the wrong thing by posting to the newsgroups first. I think it's > good to make people feel that either place is equally fine for posting > questions and that the poster should do whatever feels most comfortable. What I see here is a matter of perspective. I generally don't say anything about "posting" ... it's usually that the answers already exist in the Forum (FAQ) .... hinting that just a bit of research would have found those answers before posting. The same comments have been applied to newsgroup postings themselves .. that "pick your subject" (say a system outage) that brings in the hundreds of "thought someone should know that the system is down" lunacy by those that didn't take those few precious seconds to note that 99+ people had posted the same thing within the last hour .... Please also be advised that volunteering time to support SpamCop is not the only thing I do. I also deal with the Microsoft peer-to-peer newsgroups (yet another example of the same 300 questions a day, every day, day after day ...) I went to the IPB (Forum app) support forum looking for help and ended up answering other people's queries over there, once again, the questions I ask aren't in the standard set of most posters there ..... but believe it or not, no one there had any clue on how to handle spam, how to work issues involved in e-mail, how to read headers, on and on ... (and even there, I'll point back to the SpamCop Forum rather than sit there and re-type the same answer over and over ...) The specific "posting" comments deal with the MailHost configuration .. that request to keep that in the Forum came from Julian http://forum.spamcop.net/forums/index.php?showtopic=1091 Take a look at the fallout caused within the week when someone brought this tidbit to the newsgroups .... one starting point is seen at http://news.spamcop.net/pipermail/spamcop-list/2004-March/077205.html The only other "posting" comments are towards those queries that are about a SpamCop Filtered e-mail account which should have been posted into the spamcop.mail newsgroup (that is basically dead) or the Forum where JT wanted that support to happen .. again noting that the newsgroups and e-mail accounts are all hosted on his servers .... Again, my perspective is that there is a support vehicle in place that was built to hold "answers" ... these answers are "there" for anyone to access and the thought is to make it easier to find both the answer needed and the hints to other issues that may exist, discovered while perusing the 'Table of Contents' if you will .... From nttp.sc.s at bigsleep.org Sun Jun 5 07:09:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 02:10:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 04 Jun 2005 Quin entered spamcop and left news:d7tmva$h50$1@news.spamcop.net: > Apparently I need > to use the spamcop email address that I signed up with to do everything. > right? No, it doesn't matter what address you send from, the Spamcop replies go to the address you registered with. I forward spam (usually) from the same address that I received the spam at, and I have many addresses and several ISP accounts. I have a paid account and a free account, each has a different submit. address and each reply to a different eMail address. I don't often use the free account, so then all Spamcop replies go to the same address. But, I don't really look at the replies, they just notify me that the spam is ready to report on. I may forward several batches, and when I get the first reply I know I can log into Spamcop and start sending reports. Or I could just sit on the Spamcop login page and refresh it occasionally until the Report Spam link shows up. -- | Ric From nobody at devnull.spamcop.net Sun Jun 5 02:21:23 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 02:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7trp1$jjr$1@news.spamcop.net... > > Those are all good points which explain your reasoning much better. > Someone else mentioned though that Quin obviously chose to ask a > question here after seeing the choice between forum and newsgroup. Like > I said in my reply to Mike Easter, it also has a lot to do with how you > present the web forum option. Sometimes your posts come across as "You > should have asked over there instead" and a general attitude that the > web forum is better than the newsgroup. See below for more of my > comments on this. And as in another post, that maybe your perception, but I don't agree with that take at all. The "asking" thing only deals with the MailHost configuration (that came from Julian) and the the suggested (almost dead) spamcop.mail newsgroup and/or the Forum for SpamCop Filtered -Mail accounts (which was a request by JT) .... any other comments / pointers to the Forum is based on the fact that the "answers" are already "over there" > It's not so much animosity toward the newsgroup is it is more like you > tend to unintentionally put out the idea that the forum is better than > the newsgroup, and sometimes it seems like you're trying to turn people > away from the idea of using the newsgroups as a source of help. Some of > us also prefer the newsgroup option Again, pointing out that the answer has already been developed and posted so that it could have been researched prior to posting is my main point. One can also point to the newsgroup archives and pretty much state that dang near everything that can be asked has already been asked in one form or another, but .... we all know that researching the previous posts isn't done by most folks. I'm not saying the Forum is "better" (I've even admitted that they suck) ... but I am saying that it is a resource with known good data, and that data is continuously being added to. > Some of us have also been around long enough to remember > when SpamCop originally went from web forum to newsgroup > and aren't particularly eager to go back to a web forum format. ??? not sure if you're preaching to me or not there. Can you say AnyBoard? Can you say "SpamCop yellow pages?" Can you remember when Julian posted "a lot?" > As I mentioned before in the case of someone who is new to > SpamCop or not as knowledgeable about computers, your posts > may make them feel like they did the wrong thing by posting to > the newsgroup instead of the web forum And again, I say perspective .... other than the above mentioned two situations, I've not "pushed for posting the query in the Forum". I've only pointed out that the answer is already typed up and available for perusal. For the umpteenth time, the FAQ has been a complaint item since those 'yellow page' days (and even at that time any user could insert their data items into the FAQ-o-Matic, but most chose to bitch and complain about the lack of content) The Forum FAQ was a Saturday morning hack that has taken on a life of its own. And I'll admit that it's even a failure for some folks. Just a few days ago, a user registered "there" so he/she could post a complaint that "the web pages don't have any way to contact someone at SpamCop" Let's note that the Forum FAQ has two entries, the first titled "How can I contact a SpamCop representative?" which in fact points back to http://www.spamcop.net/fom-serve/cache/401.html an entry in the "original" FAQ and is found via the Help link on the www.spamcop.net web-page. Now just where do you see me saying "the Forum is better" in any of this? From nobody at devnull.spamcop.net Sun Jun 5 02:35:21 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Jun 5 02:40:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > "Cat" wrote in message > news:d7trp1$jjr$1@news.spamcop.net... >>Some of us have also been around long enough to remember >>when SpamCop originally went from web forum to newsgroup >>and aren't particularly eager to go back to a web forum format. > > > ??? not sure if you're preaching to me or not there. Can you say > AnyBoard? Can you say "SpamCop yellow pages?" Can you > remember when Julian posted "a lot?" No, I'm not preaching there. I'm sorry if it came across that way. Printed words don't always get across the meaning or expression that you're attempting. I'm one of the long time SpamCop regulars who has been around since Anyboard, the yellow web site, and when Julian posted more often. I'm just pointing out that some of us do remember the old days of web forum only and still prefer to stick with the newsgroup...although Anyboard was definitely not nearly as good as the current web forum. From nobody at nowhere.invalid Sun Jun 5 12:27:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Jun 5 05:30:11 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: On Sat, 4 Jun 2005 23:21:31 -0600, Steve Sybesma coughed into spamcop and left this in : > I don't know how to create macros, and don't know if they can be used > with OE. They can't. Simply because OE is not OLE-Automatable. -- Steve Profanity is the one language all programmers know best. From prilok.the.criminal-tripper at you.forsaken-damaged-fucker.org Sun Jun 5 12:53:06 2005 From: prilok.the.criminal-tripper at you.forsaken-damaged-fucker.org (Prilok the criminal-tripper) Date: Sun Jun 5 05:55:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: <6ae4571aae824fb1a82e9c9d08f8aaf8@you.befouled-stepwise-gossiper.net> Steven Maesslein, wrote: > On Sat, 4 Jun 2005 23:21:31 -0600, Steve Sybesma coughed into spamcop > and left this in : > >> I don't know how to create macros, and don't know if they can be used >> with OE. > > They can't. Simply because OE is not OLE-Automatable. Want to make a bet, monkeyfucker? From MikeE at ster.invalid Sun Jun 5 04:40:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 06:45:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I looked at the OE-QuoteFix website. You are topposting which means that you are making a remark about something which isn't there where you are remarking. I gave a little lecture about that in the .spam newsgroup where there's a conversation going on which doesn't really belong there either. When this housekeeping problem starts getting out of control, we have to temporarily talk about housekeeping more than we want. Here's a reference to how to place your remarks into trimmed context of what you are talking about http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings Quote-Fix is not a solution to keypress macros for automating your OE sending. Perhaps the reason that John mentioned QF was because he tho't maybe it would fix the problem about your line lengths, which are another housekeeping problem, but I don't like to attack too many problems all at one time. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 5 04:49:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 06:50:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I need some way to save keystrokes by a hot key or something that > will allow to > combine several functions into one key. Here's another housekeeping problem created by 'crazy' line lengths. If you 'back up' and look at your posts from the perspective of reading them rather than writing them, you will see that they typically have some kind of linelength problem. My cite above has changed the original condition, but the original condition is full of 'shortlines' It isn't always possible to guess at how someone's lines 'degenerated' into what I call shortlines, but it is usually caused by lines too long. That is, if you type longlines, and then the longlines get reformatted into a not-so-long line, the not-so-long line will be followed by a shortline and then another not-so-long line. That is, in the beginning you type longline longline longline and it becomes normal short normal short normal short. Now, the question is, how come you are typing longlines. I suspect you may be either typing and putting in your own returns, or you are typing in some other editor and pasting the result into your OE newsreader. If you type paragraphs into your newsreader without returns except between paragraphs, and if your newsreader is configured to wrap its lines at 72-74, none of that will happen. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 5 07:05:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 09:10:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Quin wrote: > WOW! Look at what I started!!! Heh. > (In Outlook if you hit the forward button on > only one message it will place it inline). Also I was using Outlook > to forward the spam messages but expected replies to Hotmail. (One > Outlook account is set up with a return address to Hotmail). I post > to newsgroups using Outlook Express. Three email systems! Outlook OL doesn't really make a good spam reporting tool compared to OE Outlook Express. Altho' their names are similar, they are very very different about how they handle mail. OE saves mail in its original condition and it is very easy to retrieve the original item and submit it to the spamcop parser by webform or emailed attachment. OL 'destroys' the original mail first, before/during storing it as a MAPI derivative of the original, because its true purpose is to function as a MAPI client for MS Office. If you want to submit a mail to spamcop, spamcop wants its original condition, which has been lost, so OL tries to make one up out of the mapi store, and then SC tries to adapt what OL has made up into a semblance of an original. Too many derivatives of derivatives. The faqs describe some of the adjustments OL users have to make to use SC and the adjustments SC has to make to accommodate OL mail derivatives. > Apparently I need to use the spamcop email address that I signed up > with to do everything. right? Your SC identity and codes are attached to the email of your authorization and that is where SC will send you parser links. We also have to get you to stop top posting. The best way to communicate in a newsgroup is to trim and contextualize. -- Mike Easter kibitzer, not SC admin From not at home.today Sun Jun 5 15:48:28 2005 From: not at home.today (Ant) Date: Sun Jun 5 09:50:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > Here's another housekeeping problem created by 'crazy' line lengths. [snip] I realise you're talking about line-breaks in original text, but while we're on the subject of housekeeping, here's some info for those who have XP SP2 and are considering OE-Quotefix (which hasn't been updated since Aug 2003). "Outlook Express fixes in WinXP SP2": http://support.microsoft.com/?id=886340 "Word-wrapping of text is incorrect when you read messages in a newsgroup." "When you read messages in a newsgroup, the text that follows angle brackets (">") are not correctly word-wrapped to the next line." I wonder if this means they've fixed the broken quotes for *posting* (they mention *reading*)? I don't have XP here. Perhaps Quotefix is now not so useful for OE users. In fact SP2 breaks it somewhat: http://www.insideoe.com/resources/tools.htm#oequotefix "Warning for WinXP Service Pack 2 users!" [...] "Furthermore, SP2 makes changes in OE's Read all messages in plain text feature. Instead of using an IE control, it now uses the RichEdit control. OE-QuoteFix will not function at all if you enable the plain text feature in OE under Tools| Options| Read." From MikeE at ster.invalid Sun Jun 5 08:28:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 10:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Ant wrote: > I realise you're talking about line-breaks in original text, but while > we're on the subject of housekeeping, here's some info for those who > have XP SP2 and are considering OE-Quotefix (which hasn't been updated > since Aug 2003). OEQF was designed and built because of important problems with OE's editor. Since then, the editor has been changed - which is a big deal - and also incidentally the sig delimitor has been fixed since OE6. I'm not using XP SP2, so presently I don't have to worry about those problems you're describing.. I don't think I ever plan to use XP. I expect that I will 'gravitate' toward some non-Win OS from Win98se, most likely Linux, but perhaps also OS X, while keeping some Win98 or possibly even a Win2K OS around, if I had one. I also think that OEQF has some problems. Since its whole purpose is to fix OE, when I eventually migrate away from Win, I'll also be migrating away from OE. So, then I'll be rid of the problems with OE, the problems with OEQF, and the problems with Win OSes. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sun Jun 5 11:04:53 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sun Jun 5 13:05:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? In-Reply-To: References: Message-ID: David Butler wrote: > I get 2 or 3 of these a day > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > where both the spam source and the hosting are savvis and webunited. They > will not accept munging, so I manually LART every one of them. Does not seem > to have ANY effect. Somtimes it is even 4 or 5 per day. > > Anyone had any luck with these putzes? Some upstream to start venting on ?? They're hired by Adteractive/Adprofile From the State Licenses link on the landing page: STATE DISCLOSURES "ADT Interactive, LLC and ADT Mortgage, Inc. (collectively, ADT) operate this website. This Site is not a lender and does not originate loans as a broker. ADT has obtained the licenses listed below to enable it to offer consumer the lender marketing services provided on this Site. ADT does not endorse, warrant or guarantee service or products of any lender or broker and does not guarantee and makes no representations of any rates, points and loan programs posted by advertising lenders and brokers. All information is subject to change without notice. ADT shall not be responsible or liable for any products, services, information or other materials displayed, purchased, or obtained as a result of any information or offer in or results of any kind obtained in connection with this site, including, without limitation, any agent referrals, loan recommendations, application, approval, pre-qualification, loan or interest rate analysis. Nothing on this web site contains an offer, promise or otherwise, either to make a specific loan or that any participating lender or broker will make any loan for any purpose or on any specific terms." ADT INTERACTIVE, LLC 490 SECOND STREET, SUITE 103 SAN FRANCISCO, CA 94107 From jr70 at blackhole.invalid Sun Jun 5 12:14:14 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 14:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steve Sybesma" wrote in message news:d7u24s$mjj$1@news.spamcop.net... >I looked at the OE-QuoteFix website. > > What I need isn't related to that. > > What I need is essentially a macro. I mentioned OE-QuoteFix, not as a solution to your exact issue, but as an example of a successful third party add-on for OE. Obviously, OE's code is not so closed that one couldn't write add-ons for it, whether that be a macro add-on or a quote-fix add-on. -- John Richards From jr70 at blackhole.invalid Sun Jun 5 12:26:17 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 14:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote in message news:d7ukqn$vfe$1@news.spamcop.net... > You are topposting which means that you are making a remark about > something which isn't there where you are remarking. > > I gave a little lecture about that in the .spam newsgroup where there's > a conversation going on which doesn't really belong there either. I seem to recall a fairly recent post from deputy Ellen, saying in effect that we should not be hassling posters about the bottom-posting versus top-posting issue. I have no difficulty with either convention. We all know what the original Usenet convention was, but times and circumstances change. I say live and let live. -- John Richards From MikeE at ster.invalid Sun Jun 5 12:48:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 14:50:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: John Richards wrote: > I seem to recall a fairly recent post from deputy Ellen, saying in > effect If there is a post from Ellen saying something, it is important that what she said is what she said, not something else as you might have perceived it. A message ID would be very helpful. I don't think we should be 'hasseling each other' -- there's been a long standing 'policy' about being nice, especially to newbies. -- Mike Easter kibitzer, not SC admin From ob1db at spamcop.net Sun Jun 5 16:27:09 2005 From: ob1db at spamcop.net (David Butler) Date: Sun Jun 5 15:30:04 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: "Mike Easter" wrote in message news:d7temg$da5$1@news.spamcop.net... > David Butler wrote: > > I get 2 or 3 of these a day > > > > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > > > where both the spam source and the hosting are savvis and webunited. > > They will not accept munging, so I manually LART every one of them. > > Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. > > > > Anyone had any luck with these putzes? Some upstream to start venting > > on ?? > > That spam is straightup, From = source = spamvertiser. No header > bogosity at all. > > The IP is spamhaused as the /24 SBL20414 - spamhaus considers it part of > ciberlynx for some reason, what radb sez is > > whois -h whois.radb.net 66.115.52.115 ... > route: 66.115.0.0/18 > descr: Webunited superblock > origin: AS13488 > remarks: this is non-portable space, no exceptions > notify: noc@webunited.net > mnt-by: ASN-CIBERLYNX-DB-FL > changed: ivaldes@webunited.net 20050425 > source: SAVVIS > > so, I see the ciberlynx in there. > Cyberlynx also shows up on openrbl.org for this particular IP range. Address: 66.115.52.115 resolved to mx4.plutomailer.com AS: 66.115.0.0/18 AS13488 CiberLynx, Inc. Deerfield Beach/Florida Net 66.115.0-63 CIBERLYNX-NET2 Abuse-Whois ciberlynx.net: (ARIN/CIBERLYNX-NET2) [Cached] [whois.abuse.net] abuse@webunited.net (for ciberlynx.net) postmaster@ciberlynx.net (for ciberlynx.net) netadm#ciberlynx.net (for ciberlynx.net) What tool do you use for upstrems these days ? Netlantis is still down. Never have found anything else as intuitive as their tools... Thanks David From MikeE at ster.invalid Sun Jun 5 14:32:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 16:35:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: David Butler wrote: > What tool do you use for upstrems these days ? Netlantis is still > down. Never have found anything else as intuitive as their tools... Potaroo. I don't like it as much as netatlantis. http://bgp.potaroo.net/cidr/ or http://bgp.potaroo.net/cidr/indext.html the latter might load a little faster Down at the bottom is a slot for the AS Enter an AS here to generate an aggregation report for the AS. Enter AS (e.g. "AS1221") The result comes in 4 parts, one of which is: AS Adjancency Report -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Sun Jun 5 15:27:41 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 17:30:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote in message news:d7vhek$f5p$1@news.spamcop.net... > John Richards wrote: >> I seem to recall a fairly recent post from deputy Ellen, saying in effect [pertinent snipped part reinserted]: >> that we should not be hassling posters about the bottom-posting versus >>top-posting issue. > > If there is a post from Ellen saying something, it is important that > what she said is what she said, not something else as you might have > perceived it. A message ID would be very helpful. Sorry, my news provider has no retention prior to 3/15/05. The Ellen post I was referring to may have been in early March. Does anyone else recollect it? -- John Richards From MikeE at ster.invalid Sun Jun 5 15:55:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 18:00:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: John Richards wrote: > Sorry, my news provider has no retention prior to 3/15/05. > The Ellen post I was referring to may have been in early March. > Does anyone else recollect it? You can search the pipermail archives with google advanced web The archives all start with news.spamcop.net/pipermail/spamcop-list unless it was in a different list than spamcop. So, there would be Ellen and there would be one of the forms of toppost, such as top-post or top post or toppost. I did some looking but I couldn't find it. The pipermail archives are current including June and go back to 2000 by months. If you needed to search the ng spamcop.help, it is http://news.spamcop.net/pipermail/spamcop-help/ -- Mike Easter kibitzer, not SC admin From none at none.none Sun Jun 5 20:00:13 2005 From: none at none.none (no1) Date: Sun Jun 5 19:05:02 2005 Subject: [SpamCop-List] No data / Too much data Message-ID: It started just 1-2 days ago, tying to report a spam (attached), getting the following error msg: ***************************** No data / Too much data You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from this posting and try again. SpamCop will no longer accept email larger than 50.0K bytes. Other possibilities: You may have a firewall which prevents HTTP POST commands, you may have linked to the wrong URL or your browser does not handle binary submissions correctly (try a different browser) ***************************** As you can see the size is only 1.35 kb. Have no problem reporting most of the other spam, so I'm out of suggested possibilities... Any idea what's wrong? Thanks in advance From none at none.none Sun Jun 5 20:03:00 2005 From: none at none.none (no1) Date: Sun Jun 5 19:05:08 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: sorry forgot to attach the spam "no1" wrote in message news:d8005i$ncl$1@news.spamcop.net... > It started just 1-2 days ago, tying to report a spam (attached), getting the following error msg: > > ***************************** > No data / Too much data > You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from > this posting and try again. SpamCop will no longer accept email larger than 50.0K bytes. > Other possibilities: You may have a firewall which prevents HTTP POST commands, you may have linked to the wrong URL or your > browser > does not handle binary submissions correctly (try a different browser) > ***************************** > > As you can see the size is only 1.35 kb. > Have no problem reporting most of the other spam, so I'm out of suggested possibilities... > > Any idea what's wrong? > > Thanks in advance > > > > begin 666 No data Too much data .txt M4F5C96EV960Z(&9R;VT@6S@R+C,R+C$P-2XS.5T@8GD@;7@W,2YM>7-I=&4T M;F]W+F-O;2!;-C8N,3@V+C@N-S%=('=I=&@@4VUA"!F M;W(@>#L@4W5N+" P-2!*=6X@,C P-2 P-CHS-3HR-B M,#"U!=71H57-E M71E0&-O+G5K/@T*5&\Z('@-"E@M4V5N9&5R.B!B6]P:'ET94!C;RYU:PT*6"U&:6(M06PM35A)9#H@.39C M-F(W865F-S1A-S$R-C6]U(&-U2!P87EI;F<@ M;W9E6]U6]U(&QO=V5R('1H870@=&]D87DA#0I!;G-W97(@;VYL>2!A(&9E=R!Q=65S M=&EO;G,@86YD('=E(&-A;B!G:79E('EO=2!A;B!A<'!R;W9A;"!I;B!U;F1E M6]U('-A=FEN9R!Y;W5R(&UO;F5Y(&EN(&YO('1I;64A#0I! M6]U(')E861Y('1O('-A=F4@>6]U3\@:'1T<#HO+U!F0BYB M Message-ID: "Mike Easter" wrote in message news:d7vsbu$lfp$1@news.spamcop.net... > > You can search the pipermail archives with google advanced web > > The archives all start with > news.spamcop.net/pipermail/spamcop-list I'll go with news.spamcop.net/pipermail/spamcop(something) > If you needed to search the ng spamcop.help, it is > http://news.spamcop.net/pipermail/spamcop-help/ And here we go again .... the search function is already built in at two spots .... naturally, I'll point out that I added this to the top of the Forum pages http://forum.spamcop.net/forums/ and way back when Courtney (IronPort staffer) was doing some www.spamcop.net FAQ changes/updates/etc. I and another Forum user or two convinced/coerced her into adding the Forum to the search input 'form' found via the "Help" link http://www.spamcop.net/help.shtml#search (The "Old Discussion" is a bit of a misnomer, as posts are 'archived' immediately it would appear) Historically, the spamcop.help was supposed to be the place to wear the soft gloves, but due to those changes in "where to get help" almost all newsgroup traffic has ended up in 'this' newsgroup .. again historically, the more "technical" side of the house for SpamCop and related issues .. going with the philosophy of professional to professional as compared with newbie stuff .... Though a post like that may exist, I don't recall it, definitely not as a significant event. I read everything, used to remember almost everything, but admitting that old age is showing at times. From MikeE at ster.invalid Sun Jun 5 17:15:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 19:20:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: no1 wrote: > sorry forgot to attach the spam Errm. That's actually not the ideal way to share/show the problem. Here's what I get when I parse that item: http://www.spamcop.net/sc?id=z771710584z487368b1360f818b9efd7c6be8a17816z That link is a tracker to SC's storage of the spam and it will freshly reparse the item whenever it is accessed. Before cancelling, the parse declined to resolve the spamvertised urls and offered to report the source: Resolving link obfuscation http://pfb.bra1ns.com/p2.asp http://whrl.vo1ces.net/p2.asp http://pcxb.vo1ces.net/p2.asp Report Spam to: Re: 82.32.105.39 (Administrator of network where email originates) To: abuse@blueyonder.co.uk (Notes) >> Any idea what's wrong? A hiccup? The tracker is the most efficient way to post a spam; posting spam pasted into the body of the discussion groups or attached has traditionally been a no-no. That tradition has partly been based on the fact that some people access the discussion groups by email -- but that probably doesn't happen very much at all anymore. The tracker is best, but if you can't get enough parse to get a tracker, you have to put the item somewhere somehow. Personally I don't care whether it goes into .spam or not. Personally I don't care if it is an attachment or not, in fact I would rather see there be an attachment than a bent spam pasted into a message body. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Mon Jun 6 00:39:21 2005 From: nobody at nowhere.not (Robert Blair) Date: Sun Jun 5 19:40:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Sun, 5 Jun 2005 23:00:13 UTC, "no1" wrote: > No data / Too much data >From my experience it is spamcop running out of some resource. I just wait a few minutes and retry. -- Robert Blair From dfm2a3l0t2 at spymac.com Sun Jun 5 21:12:59 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sun Jun 5 20:15:03 2005 Subject: [SpamCop-List] Network administrator AND interested third party? Message-ID: Here's the tracker: http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z This is the latest in a series of spams where the SpamCop reports are listed as going to spam@anet.net.tw as both the administrator of the network where the email originates _and_ as a third party interested in the email source. How can they be both? -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Sun Jun 5 19:47:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 21:50:03 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: D.F. Manno wrote: > Here's the tracker: > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z The tracker provides two different Routing details for 219.81.238.229 One of them goes to http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=17 and the other http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=12,15 The first provides contacts based on apnic ting_tseng@twfn.com.tw & spam@anet.net.tw The 2nd provides contacts based on corrupt data and 'tuned up' to reflect part of the apnic data and part apparently left over from the corruption. That's not a very good explanation, but I'm just out here with you looking at what I can get. > This is the latest in a series of spams where the SpamCop reports are > listed as going to spam@anet.net.tw as both the administrator of the > network where the email originates _and_ as a third party interested > in the email source. > > How can they be both? Some old bad stuff which should probably be jettisoned rather than persistent. It isn't useful. It's about a proxy/trojanized spamsource of a .tw provider whose diligence in policing trojans might not be so good. Neither is EL's. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Jun 5 21:56:58 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 22:00:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: "no1" wrote in message news:d800b4$nfi$1@news.spamcop.net... > sorry forgot to attach the spam > Recently went round and round with a Forum user that offered sample that looked like your attached post .. bottom line, a third-party tool was being used in conjunction with some version of Outlook (final resolution appears to be setting up Outlook encoding to MIME, but ,,,) as the attached sample was not the "actual" spam, I'm going to take the stab that the 'real' spam had some alternate character set stuff, probably in the Subject: line .... at least this is the historical reason for that error on a 'small' spam. From nobody at spamcop.net Sun Jun 5 22:56:12 2005 From: nobody at spamcop.net (Ellen) Date: Sun Jun 5 22:05:05 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: "D.F. Manno" wrote in message news:dfm2a3l0t2-F3A258.20125905062005@news.cesmail.net... > Here's the tracker: > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z > > This is the latest in a series of spams where the SpamCop reports are > listed as going to spam@anet.net.tw as both the administrator of the > network where the email originates _and_ as a third party interested in > the email source. > > How can they be both? > -- At some point in the past apparently over a year ago, I had a manual override in there to send 3rd party reports. Manual overrides just stay in the system until they are manually removed. The problem apparently solved itself. It doesn't break anything to have it there nor will the system send 2 reports for each spam but I removed it ... Thanks for noticing. Ellen From nobody at spamcop.net Sun Jun 5 22:58:27 2005 From: nobody at spamcop.net (Ellen) Date: Sun Jun 5 22:05:11 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: "Mike Easter" wrote in message news:d809vr$u0j$1@news.spamcop.net... > > The 2nd provides contacts based on corrupt data and 'tuned up' to > reflect part of the apnic data and part apparently left over from the > corruption. > Actually the "corruption" was a crash of the notes database where the system managed to keep the notes but lose the date that a note was entered into the database. Ellen From nttp.sc.s at bigsleep.org Mon Jun 6 03:30:03 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 22:35:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 WazoO entered spamcop and left news:d80ah9$ub1$1@news.spamcop.net: > "no1" wrote in message > news:d800b4$nfi$1@news.spamcop.net... >> sorry forgot to attach the spam >> > Recently went round and round with a Forum user that offered > sample that looked like your attached post .. bottom line, a > third-party tool was being used in conjunction with some > version of Outlook (final resolution appears to be setting up > Outlook encoding to MIME, but ,,,) as the attached sample > was not the "actual" spam, I'm going to take the stab that > the 'real' spam had some alternate character set stuff, > probably in the Subject: line .... at least this is the > historical reason for that error on a 'small' spam. > > Does Spamcop even work with eMail attachments sent as base64? -- | Ric From MikeE at ster.invalid Sun Jun 5 21:00:38 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 23:05:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Does Spamcop even work with eMail attachments sent as base64? Yes. But that particular spam example wasn't b64 encoded. The original spam was plaintext. The b64 encoding occurred when the OP attached it to a newsgroup message. I'm not sure exactly how s/he was configured in order to get that result. The newsreader was OE6. It is possible that s/he was configured in news sending format plaintext settings MIME encode text using b64 -- but I haven't experimented to get that same result of plaintext body with b64 attachment. -- Mike Easter kibitzer, not SC admin From steve at prolynx.com Sun Jun 5 23:40:08 2005 From: steve at prolynx.com (Steve Sybesma) Date: Mon Jun 6 00:45:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Getting back to the subject, I guess: If anyone knows of a macro or keyboard utility or some other kind of utility that can be used to combine operations, including operations dealing with selections the context menu (right-click menu) - I'd be very grateful. Thanks, Steve "Steve Sybesma" wrote in message news:d7po5d$eb2$1@news.spamcop.net... > I forgot to add that I have 'quick' reporting enabled. > > I'm trying to get this boiled down to absolutely the least amount of fuss > possible. > > "Steve Sybesma" wrote in message > news:d7olga$sog$1@news.spamcop.net... > > Hello, > > > > I'm new to this group. > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have > one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so > that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I > don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > > > Thanks, > > > > Steve Sybesma > > Thornton, CO > > > > > > From none at none.none Mon Jun 6 01:48:27 2005 From: none at none.none (no1) Date: Mon Jun 6 00:50:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: just tried again - went through just fine. sorry for posting the spam on the discussion group, but as you sad, there was no way for me to get a tracker... Thanks again "Mike Easter" wrote in message news:d8012s$o55$1@news.spamcop.net... > no1 wrote: >> sorry forgot to attach the spam > > Errm. That's actually not the ideal way to share/show the problem. > > Here's what I get when I parse that item: > > http://www.spamcop.net/sc?id=z771710584z487368b1360f818b9efd7c6be8a17816z > > That link is a tracker to SC's storage of the spam and it will freshly > reparse the item whenever it is accessed. > > Before cancelling, the parse declined to resolve the spamvertised urls > and offered to report the source: > > Resolving link obfuscation > http://pfb.bra1ns.com/p2.asp > http://whrl.vo1ces.net/p2.asp > http://pcxb.vo1ces.net/p2.asp > > Report Spam to: > Re: 82.32.105.39 (Administrator of network where email originates) > To: abuse@blueyonder.co.uk (Notes) > > >>> Any idea what's wrong? > > A hiccup? > > The tracker is the most efficient way to post a spam; posting spam > pasted into the body of the discussion groups or attached has > traditionally been a no-no. That tradition has partly been based on the > fact that some people access the discussion groups by email -- but that > probably doesn't happen very much at all anymore. The tracker is best, > but if you can't get enough parse to get a tracker, you have to put the > item somewhere somehow. > > Personally I don't care whether it goes into .spam or not. Personally I > don't care if it is an attachment or not, in fact I would rather see > there be an attachment than a bent spam pasted into a message body. > > > > -- > Mike Easter > kibitzer, not SC admin > From nttp.sc.s at bigsleep.org Mon Jun 6 07:07:07 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 02:10:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 Mike Easter entered spamcop and left news:d80e8j$mn$1@news.spamcop.net: > The b64 encoding occurred when the OP attached it to a > newsgroup message. THAT'S WHAT I'M TALKING ABOUT! Oh, sorry, was I shouting? I'm sure there's a setting in OE for Mime or Base64. Maybe it's set that way for mail and Spamcop has a hard time with that. Though I've seen that error myself once or twice for no particular reason. But still wondering. -- | Ric | From MikeE at ster.invalid Mon Jun 6 00:42:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 02:45:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Mike Easter >> The b64 encoding occurred when the OP attached it to a >> newsgroup message. > > THAT'S WHAT I'M TALKING ABOUT! You're going to have to holler louder or something, I'm not getting your point. Or, we have different theories. > I'm sure there's a setting in OE for Mime or Base64. Maybe it's set > that way for mail and Spamcop has a hard time with that. What I'm saying is that the OP posted here and attached a .txt file that represented hir copy of the spam in its 'original' format, which wasn't b64. It appeared to me that the OP had copied the original spam from someplace like OE's message source, which message source was all plaintext, no b64. That is the condition of the spam that the OP submitted to the online parser or perhaps emailed as an attachment. S/he didn't submit any b64 [IMO]. In order to demonstrate hir point, the OP took that same plaintext and saved it as a file named 'No data Too much data .txt' whereupon s/he started talking about the problem in the ng and posted a msg and attached the file which resided on hir disk as a plaintext file to the newsgroup message. When s/he did that, OE 'converted' the plaintext file into a b64 attachment [is my theory]. SC was never confronted with b64 to parse, IMO. If SC gets a spam submitted to it 'composed' of b64, it has no problem with that either, but that wasn't the case here, IMO. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 01:04:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 03:05:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: I don't know if saying more will add to or reduce confusion, but I'll do it. Whatever else someone may like or dislike about attachments in newsgroups, including .txt attachments in b64, the 2nd message of the OP with the attachment was a properly constructed MIME message, which consisted of what looks to me like the 'modern' or newfangled OE editor version and headers indicating its MIME, followed by a plaintext body followed by a standard MIME b64 attachment configuration 'begin 666' That configuration can be handled without causing any kind of noncompliance problems. OE has been guilty of compliance problems in various or many areas in the past, but there isn't anything in that message to cause any noncompliance problems. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Mon Jun 6 10:16:09 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 05:20:12 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 Mike Easter entered spamcop and left news:d80r8j$7ff$1@news.spamcop.net: > If SC gets a spam submitted to it 'composed' of b64, it has no problem > with that either, but that wasn't the case here, IMO. > I suppose that answers my question, short of trying it myself. I was contemplating that if the OP posted it here as base64, then it may have been sent to Spamcop that way as well. -- | Ric | From nobody at nowhere.invalid Mon Jun 6 12:44:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 05:45:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Sun, 5 Jun 2005 20:00:38 -0700, Mike Easter coughed into spamcop and left this in : > But that particular spam example wasn't b64 encoded. The original spam > was plaintext. The b64 encoding occurred when the OP attached it to a > newsgroup message. Actually, that was an inline uuencoded attachment. Nothing to do with base64... -- Steve There are only 10 kinds of people in the world: Those who understand binary, and those who don't. From nobody at nowhere.invalid Mon Jun 6 12:45:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 05:50:02 2005 Subject: [SpamCop-List] Truth in spamvertising Message-ID: This subject line just struck me as funny - and telling of the quality of spammy's dick pills. Subject: Get Hard In 15 Min collapse -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From HHAnderson at hotmail.com Mon Jun 6 05:10:04 2005 From: HHAnderson at hotmail.com (HHAnderson) Date: Mon Jun 6 06:15:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d7oe6v$ok1$1@news.spamcop.net... ---clip --- If you name an example of | a spamvertised URL, and how SC would notify for it, I'll describe to you | what I mean, ie what is the problem with that notify | -- | Mike Easter | kibitzer, not SC admin | Mike, I've also noticed the condition Eddie's speaking of a lot lately, and I'd like to know the reason for not reporting. A recent example: http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and isn't reported. ---- Start of stand-alone parse ---------- Parsing input: http://pbqa.she7d9s3pkazpta.sophbisoph8.com host pbqa.she7d9s3pkazpta.sophbisoph8.com (checking ip) = 221.11.133.42 host 221.11.133.42 (getting name) no name Routing details for 221.11.133.42 [refresh/show] Cached whois for 221.11.133.42 : abuse@cnc-noc.net Using abuse net on abuse@cnc-noc.net abuse net cnc-noc.net = postmaster@cnc-noc.net, abuse@cnc-noc.net, antispam@public.zz.ha.cn Using best contacts postmaster@cnc-noc.net abuse@cnc-noc.net antispam@public.zz.ha.cn postmaster@cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. antispam@public.zz.ha.cn redirects to abuse@chinanet.cn.net Statistics: 221.11.133.42 not listed in bl.spamcop.net More Information.. 221.11.133.42 not listed in dnsbl.njabl.org 221.11.133.42 not listed in dnsbl.njabl.org 221.11.133.42 not listed in cbl.abuseat.org 221.11.133.42 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 221.11.133.42 not listed in relays.ordb.org. Reporting addresses: abuse@cnc-noc.net abuse@chinanet.cn.net --- End parse of url ----- Just a few hours ago I had one with url: http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also resolved to 221.11.133.42 and it was reported to both of the abuse reporting addresses. What is the difference between the two, and why isn't the more recent one being reported? Thanks for your explanation, From nttp.sc.s at bigsleep.org Mon Jun 6 11:12:01 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:15:15 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d80shf$8ga$1@news.spamcop.net: > Whatever else someone may like or dislike about attachments in > newsgroups, including .txt attachments in b64, the 2nd message of the OP > with the attachment was a properly constructed MIME message, which > consisted of what looks to me like the 'modern' or newfangled OE editor > version and headers indicating its MIME, followed by a plaintext body > followed by a standard MIME b64 attachment configuration 'begin 666' > Uhm, I don't see any mime headers, could you point them out? The lack of any mime headers makes me wonder if Spamcop can handle that, as in a forwarded message not the spam itself. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 11:18:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:20:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Steven Maesslein entered spamcop and left news:slrnda86nb.3c1.nobody@127.0.0.1: > Actually, that was an inline uuencoded attachment. Nothing to do with > base64... > Oh, right. Man, I always get them mixed up. There are no Mime headers for that, is there? -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 11:21:58 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:25:04 2005 Subject: [SpamCop-List] Re: Truth in spamvertising References: Message-ID: It helps to mentally insert the comma. Still, for some guys it's an improvement ;-) -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:01:39 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:05:02 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: "Berny" wrote in news:d7rdhl$bmj$1@news.spamcop.net: > > Ummm.... what town where you in 15 years ago? > > There were semoe very internet competent OS "things" in my town; > > Mac, Amiga, Atari, OS/2, not to mention SunOS (BSD), VAX/VMS and > others for those with heavier requirements and budgets. > > Been to VAX/VMS land when I went to college.. learned Fortran there too. :-) From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:08:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:10:04 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Ilgaz Ocal wrote in news:d7p71l$57s$2@news.spamcop.net: > Go to some printshop and let them make it a good print with frame > since you are one of rare persons in World got some sort of reply :) > I used to get flat out bounces. :-) > As I said couple of times, Kornet, hananet should be taken to > parliament or something and their system should be taken to custody > and every machine should be disconnected if they have simplest virus > even. > With this new Mytob virus running around, it is a sure bet that the number of unpatched machines on Kornet will end up as full blown spamachines. > I am amazed as LG, Samsung type giants aren't taking action as they > are korean companies. At some point, I bet their business is effected > too. > Only if their email ends up bouncing.. otherwise they definitely won't take any pro-active action. From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:08:59 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:10:10 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Dave Lerner wrote in news:d7okjn$s2j$1@news.spamcop.net: > > I think it means "All our spam are belong to you." Been finding that out for a while. :-) From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:14:16 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:15:02 2005 Subject: [SpamCop-List] Re: Truth in spamvertising References: Message-ID: Blammo wrote in news:Xns966D22500B36Bblammo@ 216.154.195.61: > It helps to mentally insert the comma. Still, for some guys it's an > improvement ;-) > > Namely those who should never reproduce. (We don't need a new generation of kids who buy from dirty spammers.) From nobody at nowhere.invalid Mon Jun 6 14:26:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 07:30:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Mon, 6 Jun 2005 10:18:18 +0000 (UTC), Blammo coughed into spamcop and left this in : >> Actually, that was an inline uuencoded attachment. Nothing to do with >> base64... > > Oh, right. Man, I always get them mixed up. There are no Mime headers for > that, is there? Correct. It's embedded in the text, inline between begin and end tags. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From nobody at nowhere.invalid Mon Jun 6 14:28:02 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 07:30:08 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On Mon, 6 Jun 2005 11:08:57 +0000 (UTC), Redstone coughed into spamcop and left this in : > With this new Mytob virus running around, it is a sure bet that the > number of unpatched machines on Kornet will end up as full blown > spamachines. Isn't that what they already are? They'll just end up being exploited by even more proxy hijackers. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From bar_n0ne at hotmail.com Mon Jun 6 17:23:39 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 6 08:25:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: "Steven Maesslein" wrote in message news:slrnda86nb.3c1.nobody@127.0.0.1... > On Sun, 5 Jun 2005 20:00:38 -0700, Mike Easter coughed into spamcop and > left this in : > > SNIP, I've seen a lot of "No/Too much" with C&P of spams into the webform, I find if I strip off trailing "blanks" to the last ASCII character it prevents this problem, I think there are often a lot of "tab" C/R, and LF and possibly a few other non renderable characters (limited by the ASCII that mail may transmit) at the end of these bodies and these somehow screw up SC's input buffer. Oddly, mail submissions rarely have a problem like that, but my mua, (OE) may be cleaning that up itself when generating or sending the message. From MikeE at ster.invalid Mon Jun 6 09:07:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:10:04 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Steven Maesslein wrote: > Mike Easter >> But that particular spam example wasn't b64 encoded. The original >> spam was plaintext. The b64 encoding occurred when the OP attached >> it to a newsgroup message. > > Actually, that was an inline uuencoded attachment. Nothing to do with > base64... You're correct, that was uue not b64. I said a lot of things wrong in this thread, I guess I'll fix them all over the place. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:11:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:15:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > Blammo wrote: >> Does Spamcop even work with eMail attachments sent as base64? > > Yes. > > But that particular spam example wasn't b64 encoded. The original > spam was plaintext. The b64 encoding occurred when the OP attached > it to a newsgroup message. That particular spam example wasn't b64 encoded. The original spam was plaintext. The OP used uue encoding and attached the plaintext to a newsgroup message. > I'm not sure exactly how s/he was configured in order to get that > result. The newsreader was OE6. It is possible that s/he was > configured in news sending format plaintext settings MIME encode text > using b64 -- but I haven't experimented to get that same result of > plaintext body with b64 attachment. Now I know how s/he was configured because I've recreated the effect in a test newsgroup posting. OE was configured to use plaintext with UUE encoding and not MIME. That results in plaintext in the body, and then when a plaintext file is attached, it is UUE encoded. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:13:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:15:10 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > Blammo wrote: >> Mike Easter > >>> The b64 encoding occurred when the OP attached it to a >>> newsgroup message. >> >> THAT'S WHAT I'M TALKING ABOUT! > > You're going to have to holler louder or something, I'm not getting > your point. Or, we have different theories. > >> I'm sure there's a setting in OE for Mime or Base64. Maybe it's set >> that way for mail and Spamcop has a hard time with that. > > What I'm saying is that the OP posted here and attached a .txt file > that represented hir copy of the spam in its 'original' format, which > wasn't b64. It appeared to me that the OP had copied the original > spam from someplace like OE's message source, which message source > was all plaintext, no b64. That is the condition of the spam that > the OP submitted to the online parser or perhaps emailed as an > attachment. S/he didn't submit any b64 [IMO]. This is still correct. > In order to demonstrate hir point, the OP took that same plaintext and > saved it as a file named 'No data Too much data .txt' whereupon s/he > started talking about the problem in the ng and posted a msg and > attached the file which resided on hir disk as a plaintext file to the > newsgroup message. When s/he did that, OE 'converted' the plaintext > file into a b64 attachment [is my theory]. That is still correct right down to the last line which should say 'OE converted the plaintext file into a uue attachment.' > SC was never confronted with b64 to parse, IMO. > > If SC gets a spam submitted to it 'composed' of b64, it has no problem > with that either, but that wasn't the case here, IMO. That is still correct. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Jun 6 12:21:40 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 11:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Mon, 06 Jun 2005 04:10:04 -0600, HHAnderson scratched out the following: snip > > Just a few hours ago I had one with url: > http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also > resolved to 221.11.133.42 and it was reported to both of the abuse > reporting addresses. What is the difference between the two, and why > isn't the more recent one being reported? > > Thanks for your explanation, If Mike has an account such as ours (I don't think he does) he would better understand what I call a "bug" Either SC has changed their software recently or spammers have found a trick to avoid getting caught most of the time. Since SC, we were told, considers a report to the wrong IP the worst error, I now completely cancel any report which does not parse properly, perhaps giving the spammers a break but eventually making SC look into the bug, assuming more people take this action. I assume that if any part of the parse has an error, the entire parse is worthless since I have been offered no explanation for this problem. SC is still working in the pre-zombie world, where nailing the spammer was of more importance than nailing the URL's ISP. That is no longer the case, and we can see that sending zillions of reports to zombie hosts has little effect on the spam volume. The trick is to go after the URL these days, but SC has the policy that this is not important, which is why, in my opinion, this "bug" is not addressed. It's not important to report the URL ISP, in SC's 20th century world. Lately I have been canceling over 60% of my spam reports because of this bug, but it does have the benefit of saving me lots of time. What used to take perhaps a half-hour of reporting now takes a few minutes. If SC does not parse properly the first time, I cancel the report. And if I get a sigalarm timeout, I cancel the entire bunch. Lately, SC has essentially become simply a good spam filter, and the reporting side has slipped markedly. The other bug of hitting "source" and occasionally finding yourself back in the inbox is still with us because nobody can either find it or nobody cares. I suspect the latter, so I don't care either, anymore. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Mon Jun 6 09:22:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:25:15 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > I don't know if saying more will add to or reduce confusion, but I'll > do it. > > Whatever else someone may like or dislike about attachments in > newsgroups, including .txt attachments in b64, the 2nd message of the > OP with the attachment was a properly constructed MIME message, which > consisted of what looks to me like the 'modern' or newfangled OE > editor version and headers indicating its MIME, followed by a > plaintext body followed by a standard MIME b64 attachment > configuration 'begin 666' This is totally incorrect. What it should say is, the 2nd message of the OP was an attachment using uue encoding. The OP's OE editor is an 'advanced' version 6.00.3790.1830 but the structure isn't MIME, it is uue. There is a plaintext body followed by a standard UUE attachment whose structure is 'begin 666'. > That configuration can be handled without causing any kind of > noncompliance problems. Unfortunately, there can be noncompliant inconsistencies in OE's rendition of uue, I don't know if they occurred here. UUE is unix to unix encoding. Apparently OE may handle that differently than other non-unix newsagents. I haven't researched this problem very far. > OE has been guilty of compliance problems in various or many areas in > the past, but there isn't anything in that message to cause any > noncompliance problems. OE's uue may be incompatible with some other newsagent's uue. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:32:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: HHAnderson wrote: > Mike, I've also noticed the condition Eddie's speaking of a lot > lately, and I'd like to know the reason for not reporting. I don't know the answer. I have a theory. > A recent example: > http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, > which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and > isn't reported. Correct, and when I parsed it, there wasn't any 'effort' to resolve the link. > Just a few hours ago I had one with url: > http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which > also resolved to 221.11.133.42 and it was reported to both of the > abuse reporting addresses. What is the difference between the two, > and why isn't the more recent one being reported? I don't know. When I copied the spam from your tracker item up there and resubmitted it, SC didn't offer to try to resolve the url, but simply offered to report the source. When I refreshed [which I'm not recommending that one do on a routine basis when the parser fails to offer to report a url] -- then the parser offered to report the spamvertiser: Report Spam to: Re: 80.82.50.220 (Administrator of network where email originates) To: alexf@vsi.ru (Notes) To: alexs@vsi.ru (Notes) Re: 80.82.50.220 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of network hosting website referenced in spam) To: postmaster@chinatietong.com (Notes) To: crnet_mgr@chinatietong.com (Notes) To: crnet_tec@chinatietong.com (Notes) which I cancelled. My theory is that it is a matter of assigning resources. Depending upon how short the supply of resources, the parser will abort any effort to try to resolve a url -- if it 'feels like it'. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Jun 6 13:15:23 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 12:20:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Mon, 06 Jun 2005 08:32:53 -0700, Mike Easter scratched out the following: > HHAnderson wrote: > >> Mike, I've also noticed the condition Eddie's speaking of a lot lately, >> and I'd like to know the reason for not reporting. > > I don't know the answer. I have a theory. > >> A recent example: >> > http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, >> which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and >> isn't reported. > > Correct, and when I parsed it, there wasn't any 'effort' to resolve the > link. > >> Just a few hours ago I had one with url: >> http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also >> resolved to 221.11.133.42 and it was reported to both of the abuse >> reporting addresses. What is the difference between the two, and why >> isn't the more recent one being reported? > > I don't know. When I copied the spam from your tracker item up there and > resubmitted it, SC didn't offer to try to resolve the url, but simply > offered to report the source. When I refreshed [which I'm not > recommending that one do on a routine basis when the parser fails to offer > to report a url] -- then the parser offered to report the spamvertiser: > > Report Spam to: > Re: 80.82.50.220 (Administrator of network where email originates) > To: alexf@vsi.ru (Notes) > To: alexs@vsi.ru (Notes) > > Re: 80.82.50.220 (Third party interested in email source) > To: Cyveillance spam collection (Notes) > > Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of network > hosting website referenced in spam) > To: postmaster@chinatietong.com (Notes) To: crnet_mgr@chinatietong.com > (Notes) To: crnet_tec@chinatietong.com (Notes) > > which I cancelled. > > My theory is that it is a matter of assigning resources. Depending upon > how short the supply of resources, the parser will abort any effort to try > to resolve a url -- if it 'feels like it'. I agree, Mike, but I call it a "bug." The parser should at least say "I give up" or something instead of simply feeding a blank line. As I noted, when this happens, I cancel the entire report rather than have a possible erroneous report going out to the wrong ISP. -- Once movie theaters gave out steak knives Today they confiscate them From none at none.none Mon Jun 6 14:50:33 2005 From: none at none.none (no1) Date: Mon Jun 6 13:55:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: guys, sorry I cased so much confusion, let me try to clarify: The original spam message source was copied from OE and saved as .txt with Notepad, that's the source (just plain ASCII text) I always use to report spam through SC website. Later that .txt was attached to my newsgroup message. My OE is set to send newsgroup messages in plain text with Uuencode Message Format. Thank again "Mike Easter" wrote in message news:d81pns$oua$1@news.spamcop.net... > Mike Easter wrote: >> I don't know if saying more will add to or reduce confusion, but I'll >> do it. >> >> Whatever else someone may like or dislike about attachments in >> newsgroups, including .txt attachments in b64, the 2nd message of the >> OP with the attachment was a properly constructed MIME message, which >> consisted of what looks to me like the 'modern' or newfangled OE >> editor version and headers indicating its MIME, followed by a >> plaintext body followed by a standard MIME b64 attachment >> configuration 'begin 666' > > This is totally incorrect. > > What it should say is, the 2nd message of the OP was an attachment using > uue encoding. The OP's OE editor is an 'advanced' version > 6.00.3790.1830 but the structure isn't MIME, it is uue. There is a > plaintext body followed by a standard UUE attachment whose structure is > 'begin 666'. > >> That configuration can be handled without causing any kind of >> noncompliance problems. > > Unfortunately, there can be noncompliant inconsistencies in OE's > rendition of uue, I don't know if they occurred here. UUE is unix to > unix encoding. Apparently OE may handle that differently than other > non-unix newsagents. I haven't researched this problem very far. > >> OE has been guilty of compliance problems in various or many areas in >> the past, but there isn't anything in that message to cause any >> noncompliance problems. > > OE's uue may be incompatible with some other newsagent's uue. > > -- > Mike Easter > kibitzer, not SC admin > > From rob at southernfrance.com Mon Jun 6 21:23:26 2005 From: rob at southernfrance.com (Rob) Date: Mon Jun 6 14:25:02 2005 Subject: [SpamCop-List] SPEWS listing a virgin DNS Message-ID: I'm sorry if I'm mailing into the wrong thread, I do not really know how these news groups work. I do not undertand why my dns is blocked by Spews. I have just switched server, there are no spamming sites on my server and yet the DNS 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do with me or my server http://spews.org/html/S2983.html Is there a way of getting off this list and how on earth did I get onto it? Rob From HHAnderson at hotmail.com Mon Jun 6 13:34:13 2005 From: HHAnderson at hotmail.com (HHAnderson) Date: Mon Jun 6 14:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d81qb4$pe5$1@news.spamcop.net... ... clip ...| | Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of | network hosting website referenced in spam) | To: postmaster@chinatietong.com (Notes) | To: crnet_mgr@chinatietong.com (Notes) | To: crnet_tec@chinatietong.com (Notes) | | which I cancelled. | | My theory is that it is a matter of assigning resources. Depending upon | how short the supply of resources, the parser will abort any effort to | try to resolve a url -- if it 'feels like it'. | | ... clip ... Mike, maybe it has something to do with the name server, as when I did it at 3am this morning the IP resolved for the url was 221.11.133.42 and not 222.51.98.245 as it was resolved when you (& I) did it 6 hours later. I had also pinged the url earlier and now, and the pinged IP was 221.11.133.42 earlier and 222.51.98.245 now. Also the reporting addresses earlier were: abuse@cnc-noc.net and abuse@chinanet.cn.net, and not the chinatietong.com ones they are now. Do you know if it's possible that Spamcop might use more than one namesever and if the results from both are not the same IP it may revert to the no report condition? Just a theory, but as there are many namesevers there has to be a window of time when some have been dynamically updated and others haven't yet been. But, as Eddie said, whatever the case, the parser should be enhanced/(bug fixed) to indicate the reason for the none resolution. IMHO :) You seem to be on top of this board, so do you know if my out of sync namesevers theory has been expounded in prior discussions of this condition? Harvey From MikeE at ster.invalid Mon Jun 6 12:59:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:00:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: HHAnderson wrote: > "Mike Easter" >> My theory is that it is a matter of assigning resources. Depending >> upon how short the supply of resources, the parser will abort any >> effort to try to resolve a url -- if it 'feels like it'. >> >> ... clip ... > > Mike, maybe it has something to do with the name server, as when I > did it at 3am this morning the IP resolved for the url was > 221.11.133.42 and not 222.51.98.245 as it was resolved when you (& I) > did it 6 hours later. I had also pinged the url earlier and now, and > the pinged IP was 221.11.133.42 earlier and 222.51.98.245 now. Also > the reporting addresses earlier were: abuse@cnc-noc.net and > abuse@chinanet.cn.net, and not the chinatietong.com ones they are > now. What I can 'see' re this spamvertiser issue is: - sometimes SC will not attempt to resolve - sometimes on those, refreshing results in resolution - sometimes SC will attempt to resolve but fail - sometimes on those, refreshing will resolve It has always been true that if something changes from one time to the next, like DNS, that that can result in a different result than observed previously. The parser reparses an item whenever it is accessed, and results can change. That is even discussed in the faq http://www.spamcop.net/fom-serve/cache/32.html Why does SpamCop show different results from one day to the next? > Do you know if it's possible that Spamcop might use more than > one namesever and if the results from both are not the same IP it may > revert to the no report condition? I don't know what nameserver/s SC uses or even 'how' it uses its nameserver/s [the way the nameservers at dnsstuff work is different than the way my own nameserver querying console works] -- But, part of my theory is that SC doesn't even 'bother' querying for resolution. > Just a theory, but as there are > many namesevers there has to be a window of time when some have been > dynamically updated and others haven't yet been. But, as Eddie > said, whatever the case, the parser should be enhanced/(bug fixed) to > indicate the reason for the none resolution. IMHO :) I certainly wouldn't want to pass my time trying to imagine myself reading Julian's mind as he configures the algorithm, but it is commonly observed around here that sometimes the philosophy appears to be "The less the spammers are able to learn about how some parts of the spamcop system work, the better." It is possible that the failure to give information about why the url isn't attempted to resolve is intentional. >You seem to > be on top of this board, so do you know if my out of sync namesevers > theory has been expounded in prior discussions of this condition? I don't recall seeing it in the ng, but it could have been discussed in the forum and I wouldn't know. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 13:15:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:20:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Rob wrote: > I'm sorry if I'm mailing into the wrong thread, I do not really know > how these news groups work. This is spamcop, the spews faq is over thataway => http://www.spews.org/faq.html > I do not undertand why my dns is blocked by Spews. I have just > switched server, there are no spamming sites on my server and yet the > DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to > do with me or my server http://spews.org/html/S2983.html 63.247.78.250 rDNS sky.securenet-server.net of gnax is spews listed as a part of a /25, a block of 128 individual IP addresses The evidence page shows this: 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) which means that 63.247.78.218 rDNS mail.cs-server30.com got itself listed for those websites in the top line, and perhaps something else. When gnax failed to do anything about the reports, the single IP was expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. That /25 in CIDR notation includes your 63.247.78.250 The spews faq covers the subject of your IP being an 'innocent bystander' caught up in a spews block of your provider. If it feels any better, think of it as your provider being blocked, not you. > Is there a way of getting off this list and how on earth did I get > onto it? You could motivate your provider to get rid of its spammers and to report that riddance into the newsgroups news.admin.net-abuse.blocklisting or news.admin.net-abuse.email You can also discuss your plight in one of those newsgroups. Besides reading the spews faq I posted above, you might also like to read Bill Cole's faq on dealing with being blocklisted http://www.scconsult.com/bill/dnsblhelp.html Blacklists, Blocklists, DNSBL's, and survival: -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Jun 6 22:31:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 15:35:05 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left this in : > I'm sorry if I'm mailing into the wrong thread, I do not really know how > these news groups work. To start with, they have nothing to do with e-mail so I don't understand the comment about "mailing" to the wrong thread, especially as yo just started a new thread. <*shrug*> > I do not undertand why my dns is blocked by Spews. I have just switched > server, there are no spamming sites on my server and yet the DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do with > me or my server http://spews.org/html/S2983.html Three points. 1) SpamCop has nothing to do with SPEWS. 2) The evidence file contains these lines: 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) ^^^^^^^^^^^^^^^^ How can you claim that this has nothing to do with you? 3) YOU are not listed. Your ISP, Global Net Access (gnax.net) is. If I read the evidence file correctly, they were listed for hosting the spammer mentioned at IP address 63.247.78.218 and ignoring complaints. The listing was escalated to the /25 you're in because of the lack of complaints. Since then, arizonagoldprospectors.org has moved elsewhere (also to space listed by SPEWS). virilitypillsvp-rx.com and dietandverilitypills.com have not been termed by gnax.net, rather they have been moved to "clean" space on the same provider, which will probably result in an EXPANSION of the SPEWS listing. Note that you also have a ROKSO spammer (one of the worst spammers) Eric Reinersten hosted very close to you, although admittedly only since yesterday: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27762 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27761 > Is there a way of getting off this list There are 2 ways of doing that: a) Get gnax.net to boot all of their spammers and thus prove that their IP space is trustworthy (good luck in attempting that), or b) Move to a clean provider, not a cesspit. > and how on earth did I get onto it? By signing up with an ISP that willingly does business with spammers. -- Steve Some days you are the bug; some days you are the windshield. From nobody at spamcop.net Mon Jun 6 16:32:07 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 6 15:35:13 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Mike Easter wrote: > > I don't think we should be 'hasseling each other' -- there's been a > long standing 'policy' about being nice, especially to newbies. Erm, IIRC (and I'm pretty sure I do) that "be nice to newbies" policy was for the defunct NNTP NG spamcop.help, but _this_ NG was acknowledged to be for folks who already knew to put on their asbestos undies prior to posting...... From dfm2a3l0t2 at spymac.com Mon Jun 6 16:35:27 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Jun 6 15:35:20 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: In article , "Ellen" wrote: > "D.F. Manno" wrote in message > > > Here's the tracker: > > > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z > > > > This is the latest in a series of spams where the SpamCop reports are > > listed as going to spam@anet.net.tw as both the administrator of the > > network where the email originates _and_ as a third party interested in > > the email source. > > > > How can they be both? > > At some point in the past apparently over a year ago, I had a manual > override in there to send 3rd party reports. Manual overrides just stay in > the system until they are manually removed. The problem apparently solved > itself. It doesn't break anything to have it there nor will the system send > 2 reports for each spam but I removed it ... Thanks for noticing. You're welcome. Thanks for satisfying my curiousity. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Mon Jun 6 13:35:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:40:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Mike Easter wrote: > The evidence page shows this: > > 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / > arizonagoldprospectors.org (cs.cs-server30.com) > 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) > > which means that 63.247.78.218 rDNS mail.cs-server30.com got itself > listed for those websites in the top line, and perhaps something else. > > When gnax failed to do anything about the reports, the single IP was > expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. > That /25 in CIDR notation includes your 63.247.78.250 Since we're just puttering around here, we can mess with some other CIDR blocks in this neighborhood. gnax is Global Net Access and it owns a /19 here, which is 8192 IPs or 32 class Cs. OrgName: Global Net Access, LLC NetRange: 63.247.64.0 - 63.247.95.255 CIDR: 63.247.64.0/19 NetName: GNAXNET So that little spews 'potshot' at blocking 128 of them is 'nothing' - but it is spews warning gnax. Sometimes spews will 'emphasize' that warning by listing a bigger chunk as a spews2. Another little chunk you would be interested in is a little /29 of 8 IPs network:Network-Name:AceNet572-1 network:IP-Network:63.247.78.248/29 Those 8 IPs are assigned by gnax to AceNet, and your IP in question is in those 8, and those 8 are 'caught up' in the block of 128 that spews chose for its expansion to try to communicate with gnax more effectively. It appears that your domainname southernfrance.com rDNS 63.247.78.250 and that is its MX, which is also sky.securenet-server.net There's also a webserver and a number of sites there, 423 different domains, including yours http://www.southernfrance.com -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Mon Jun 6 21:01:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:05:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 no1 entered spamcop and left news:d822d2$til$1@news.spamcop.net: > Later that .txt was attached to my newsgroup message. > My OE is set to send newsgroup messages in plain text with Uuencode > Message Format. > That's what I figured, I was just "supposing" maybe that was the problem. You posted that the problem cleared up, so I figured that wasn't it. I think we're just having fun confusing ourselves now. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:04:06 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:05:14 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d81pns$oua$1@news.spamcop.net: > OE's uue may be incompatible with some other newsagent's uue. > I don't notice any problems with it. There are sometimes errors in UUE transmissions (or corruption on the news server) that can make it hard or impossible to decode. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:20:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:25:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d826f1$hf$1@news.spamcop.net: > It is possible that the failure to give information about why the url > isn't attempted to resolve is intentional. > I see a lot of good theories here, I'll add another. If we looked in the parser code we might see a comment like "do this later", where it mentions that other parts of the parser need to be modified so that we can return a meaningful response. I do this myself all the time, where I try to "look ahead" to what I might want to do and make a comment in the right place, so I remember it later. And the inverse as well, where I want to add a feature but the old code isn't friendly to that idea, and I make a comment that that part needs to be rewritten to allow it. I believe the cause of this "bug" is known, likely caused by some external event, like (maybe) what Harvey mentioned or server load like Mike mentions (see no evidence of that though). Fixing it may take quite some rewriting. It never seems to fail on anything that's really worth larting. -- | Ric | From MikeE at ster.invalid Mon Jun 6 14:33:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 16:35:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Mike Easter >> OE's uue may be incompatible with some other newsagent's uue. > I don't notice any problems with it. There are sometimes errors in UUE > transmissions (or corruption on the news server) that can make it > hard or impossible to decode. I was reading this article by Michael Santovec about OE's 'old' editor and the old, I guess, Netscape not handling uue the same way. Particularly a section of this section http://pages.prodigy.net/michael_santovec/decode.htm#uuencode "Problems can occur due to inconsistent encoding/decoding in different mail and news programs. For example, Microsoft Outlook Express will use a blank (x'20') as an encoding character. (Some other encoders will use the ` character (x'60') instead of a blank.) If the blank ends up as the last character in a line, Outlook Express will then drop the blank resulting in a short line. If Netscape decodes this attachment, it will assume that the short line is padded with nulls (x'00) rather than blanks. This can result with what was orginally a x'40', x'80' or x'C0' byte becoming a 'x00'. This problem only occurs when a x'40', x'80' or x'C0' byte was orinally at the 45th byte of the file, or a multiple there of (e.g. 90th, 135th, etc.)." I didn't research any further into that. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Mon Jun 6 21:44:35 2005 From: nobody at nowhere.not (Robert Blair) Date: Mon Jun 6 16:45:02 2005 Subject: [SpamCop-List] is go.com really that clueless? Message-ID: This is their response to "Subject: RESULT: AWARD NOTIFICATION !!!" spam I received. **** go.com response Thank you for informing us of this situation. Spammers "spoof" e-mail addresses in the header to hide their true sources. You might be informed of this when you receive a message such as a non-deliverable notification. This type of messages are sent back to the original e-mailer (which is you since your address was spoofed in the header). Unfortunately there is no way for us to stop these e-mails from being sent. Should you have additional questions or comments, please feel free to let us know. **** end of go.com response Here are the receive headers Received: from wmailmta04of.seamail.go.com (wmailmta04of.seamail.go.com [199.181.134.41]) by mx4.pacifier.net (Postfix) with SMTP id 1A94480DAF for ; Mon, 6 Jun 2005 09:25:42 -0700 (PDT) Received: (qmail 9878 invoked from network); 6 Jun 2005 16:23:59 -0000 Received: from wmailweba04.seamail.go.com (HELO WMAILWEBA04) (10.192.72.78) by wmailmta04o.seamail.go.com with SMTP; 6 Jun 2005 16:23:59 -0000 This is not a bounce looks like spam sent through there web mail interface. -- Robert Blair From m at remove.this.part.rtij.nl Mon Jun 6 23:44:44 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Mon Jun 6 16:50:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: On Mon, 06 Jun 2005 20:23:26 +0200, Rob wrote: > I'm sorry if I'm mailing into the wrong thread, I do not really know how > these news groups work. It's not the wrong thread, it's the wrong newsgroup. You want news.admin.net-abuse.blocklisting. However, you'll find the same answers as I'll give you, although more detail. This group is only about the spamcop system, which has zero, nada, nop to do with spews, except that they both publish blocklists. Spamcop is a system that lists IPs that have generated a lot of complaints. "A lot of" is defined somewhere in the FAQ. Spews is the Spam Early Warning System. It lists IPs that have spammed or have given spam support. If nothing is done, the listing is widened to the netblock. If still nothing is done, the listing is widenend until at last it compasses the entire ISP. You'll notice this may list a lot of other customers of that same ISP. This is intentional. This is probably what happened to you. The problem is that some ISPs done give a fart about spamming customers and 1) Either don't do anything, or 2) Even worse, move the spammers around to avoid private blocklists To put pressure on those ISPs to remove their spamming customers some block the complete ISP. SPEWS is just an automated system that does about the same, it lists netblocks that are likely to emit spam. > I do not undertand why my dns is blocked by Spews. I have just switched > server, there are no spamming sites on my server and yet the DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do > with me or my server http://spews.org/html/S2983.html > > Is there a way of getting off this list and how on earth did I get onto > it? Lets see. 0, 65.61.216.13, making-online-money.com (dead) 1, 65.61.216.92, teensoncam.net 1, 65.61.216.83, penis-pills-review.com 2, 65.61.216.0/24, doteasy.com (making-online-money.com) 0, 66.79.174.150, virilitypillsvp-rx.com 0, 69.72.142.42, virilitypillsvp-rx.com / dietandverilitypills.com (pwebtech.com) 0, 69.72.142.0/26, pwebtech.com (virilitypillsvp-rx.com / dietandverilitypills.com) 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) 0, 162.42.209.64, desertjewels.com (cybertrails.com) 0, 69.56.158.170, making-online-money.com (theplanet.com) 0, 69.56.158.128/26, theplanet.com (making-online-money.com) 1, 72.34.32.200, desertjewels.com (ihnetworks.net) 1, 209.51.152.43, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 2, 209.51.152.0/26, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) 1, 69.50.201.75, arizonagoldprospectors.org (atjeu.com) You didn't give your IP, so I cannot say which of those lines applies to you. However the first number is the level. Level 0 means de-listed and is documentary. Level 1 means block. Level 2 means, whatch out, this may go level 1. See http://www.spews.org/faq.html for more info. The second number is the IP range in question. After that is why this IP range is listed. Ask in nanabl (news.admin.net-abuse.blocklisting) people there are very good at explaining spews listings and giving details. Let me just say that I recognize two names there, gnax and the planet. Both harbor spammers and don't give a shit. The rest seems to be about their pet pill spammers, which has not escalated yet to the ISP level. Let me put it this way. You seem to have chosen connectivity through a bad neighborhood. Gnax and the planet are block on sight for many, spews may just be the least of your problems, just the first you got aware of. Your options mainly are: 1) Live with it. 2) Smarthost your email, which means you send your outgoing email to some server in untainted IP space. Can be had for a couple of bucks a month. 3) Ask your provider why they are listed an get them to do something about it. 4) Terminate your contract because the provider does not deliver as promised and get connectivity elsewhere. Let me repeat, spews is just an indication of the problems if you are on gnax or the planet. HTH, M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From nttp.sc.s at bigsleep.org Mon Jun 6 21:47:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:50:11 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d82buq$529$1@news.spamcop.net: > I was reading this article by Michael Santovec about OE's 'old' editor > and the old, I guess, Netscape not handling uue the same way. > Good find. Yes, I think that was Communicator and some old Outlook version. The problems I see now seem to involve the last few bytes of the file. I have a program that's supposed to fix that, but often destroys the file. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:57:54 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 17:00:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On 06 Jun 2005 Robert Blair entered spamcop and left news:TECQXhvKj0FX-pn2- T4b3dViC6P7G@dsl-206-55-144-107.tstonramp.com: > **** go.com response > Thank you for informing us of this situation. Spammers "spoof" e-mail > I might reply to them if I can think of something good to say... When I do I change my address to that which they sent to. Maybe Ellen can offer some good advise, she can be helpful with this type of thing. I got one like that from Cox, who apparently want's my eMail address since the rest of the message isn't enough for them. BTW: Welcome to Mr. Palin's Hell -- | Ric | From MikeE at ster.invalid Mon Jun 6 14:58:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 17:00:10 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Robert Blair wrote: > Spammers "spoof" e-mail > addresses in the header to hide their true sources. > Unfortunately there is no way for us to stop these e-mails from being > sent. > This is not a bounce looks like spam sent through there web mail > interface. You haven't proven your point yet by posting partial headers. If we are going to talk about a disagreement between you and some provider about what was the source of a spam, it is necessary to talk about the entire headers, not just your selected part of them. The way to post access to the entire headers would be to put the headers into the tracker for a parse, copy the tracking url, and paste the url here. So, you didn't post 'enough'. You posted 'too much'. Tracker. -- Mike Easter kibitzer, not SC admin From not at home.today Tue Jun 7 03:01:23 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > I don't think I ever plan to use XP. I expect that I will 'gravitate' > toward some non-Win OS from Win98se, most likely Linux, but perhaps also > OS X, while keeping some Win98 or possibly even a Win2K OS around, if I > had one. I might go 'nix at some point. I haven't upgraded my W2k past SP2 because I don't like MS' supplemental EULAs. I get the feeling they're moving to the point of saying "All your data are belong to us". I like the control you get with unix style OS's, but I think their GUIs are primitive. I'm quite happy at the command line, but I also like fast functional graphics. Perhaps things are improving in this area; my experience is based on an old version of Red Hat and various flavours of Solaris (I have an old Sun SPARCstation 20 which I play with occasionally). From not at home.today Tue Jun 7 03:13:03 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:15 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > I don't think I ever plan to use XP. I expect that I will 'gravitate' > toward some non-Win OS from Win98se, most likely Linux, but perhaps also > OS X, while keeping some Win98 or possibly even a Win2K OS around, if I > had one. I might go 'nix at some point. I haven't upgraded my W2k past SP2 because I don't like MS' supplemental EULAs. I get the feeling they're moving to the point of saying "All your data are belong to us". I like the control you get with unix style OS's, but I think their GUIs are primitive. I'm quite happy at the command line, but I also like fast functional graphics. Perhaps things are improving in this area; my experience is based on an old version of Red Hat and various flavours of Solaris (I have an old Sun SPARCstation 20 which I play with occasionally). From not at home.today Tue Jun 7 03:13:35 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:19 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote: > I believe the cause of this "bug" is known, likely caused by some external > event, like (maybe) what Harvey mentioned or server load like Mike > mentions (see no evidence of that though). Fixing it may take quite some > rewriting. It never seems to fail on anything that's really worth larting. I've been resolving some of these URLs separately. All my recent ones are hosted by China Railway Telecoms (chinatietong). This provider appears to be *the* major bullet proof host at present. Apparently they've contacted Steve Linford of Spamhaus to discuss removing their blocks, so they know they have a problem and they know what to do! Perhaps the software can't cope with such a huge number of look-ups to one domain at peak times. From eddie at eddie.web Mon Jun 6 23:23:40 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 22:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Tue, 07 Jun 2005 02:13:35 +0100, Ant scratched out the following: > "Blammo" wrote: > >> I believe the cause of this "bug" is known, likely caused by some >> external event, like (maybe) what Harvey mentioned or server load like >> Mike mentions (see no evidence of that though). Fixing it may take quite >> some rewriting. It never seems to fail on anything that's really worth >> larting. > > I've been resolving some of these URLs separately. All my recent ones are > hosted by China Railway Telecoms (chinatietong). This provider appears to > be *the* major bullet proof host at present. Apparently they've contacted > Steve Linford of Spamhaus to discuss removing their blocks, so they know > they have a problem and they know what to do! > > Perhaps the software can't cope with such a huge number of look-ups to one > domain at peak times. I have pasted the URL into the report box and it resolves immediately. Then, when I paste the spam back into the box I get the same blank line error. If I paste the URL again, it resolves. It's the software that the parser uses, not the lookup software, as far as I can tell. And I am sure the spammers know what they are doing. -- Once movie theaters gave out steak knives Today they confiscate them From RobertTaylor at SpamCop.net Mon Jun 6 23:55:05 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:00:03 2005 Subject: [SpamCop-List] Phony SC-Message? Message-ID: Hello Group, This evening, this landed in my inbox: (quote)
Dear Valued Member,

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

http: //www dot spamcop dot net/confirm dot php?email=roberttaylor at spamcop dot net
[ (The above href is all on one line in the original message, as you see from the
s. RT) ]
Thank you for your attention to this question. We apologize for any inconvenience.

Sincerely,Spamcop Security Department Assistant.
(/quote). Return-Path: From: webmaster at spamcop dot net [ shows as a valid eMail address. ] All I could find on <209 dot 67 dot 220 dot 164> is that it's registered to . If this is legit, I have no idea what it's all about. I'm close to a "charter" member of SC, and have never had a problem. Anyone? Regards, Robert -- eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm NOTARY SOJAC (Dizzy Gillespie, Prop.) From RobertTaylor at SpamCop.net Tue Jun 7 00:06:16 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:15:03 2005 Subject: [SpamCop-List] Correction Message-ID: Sorry, the reference to reverse dot layered dot com in my previous post should have read: < reverse dot layeredtech dot com > Robert -- eMail: RobertTaylor@SpamCop.net From nobody at devnull.spamcop.net Mon Jun 6 23:24:45 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 6 23:25:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Robert Taylor" wrote in message news:d832a8$j5n$1@news.spamcop.net... > This evening, this landed in my inbox: > >
Dear Valued Member,
>
According to our site policy you will have to confirm your account by > the following link or else your account will be suspended within 24 hours > for security reasons.
>
http: //www dot spamcop dot > net/confirm dot php?email=roberttaylor at spamcop dot net
> > If this is legit, I have no idea what it's all about. I'm close to a > "charter" member of SC, and have never had a problem. For being a long-time SpamCop user, why are you the second person today to find this baffling? Please check recent responses over in the spamcop.help newsgroup to pretty much the same query on the same spam. Yes, it's a phish, yes it should be handled as your normal spam, no you shouldn't have posted all the garbage "here" .. the use of a Tracking URL would by much simpler and wiser ... if you need help on "Tracking URL" please see the Glossary provided as a link off of the Forum FAQ found at http://forum.spamcop.net/forums/ From nobody at devnull.spamcop.net Mon Jun 6 23:54:04 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 6 23:55:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.07.02.23.40.130000@eddie.web... > > I have pasted the URL into the report box and it resolves > immediately. Then, when I paste the spam back into the box I get the same > blank line error. If I paste the URL again, it resolves. It's the software > that the parser uses, not the lookup software, as far as I can tell. And I > am sure the spammers know what they are doing. Maybe it's the kill-file in action, but not sure how many times I've pointed that out .. the single-line entry look-up and the parser use different code. The only thing in common is that both tools are using the same form entry box for data submittal. Jeff G. started an item for another FAQ entry on this issue. Care to add some 'helpful' commentary so threads like this can be minimized? http://forum.spamcop.net/forums/index.php?showtopic=4345 From RobertTaylor at SpamCop.net Tue Jun 7 00:53:46 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:55:15 2005 Subject: [SpamCop-List] Re: Phony SC=Message? Message-ID: Disregard "Phony SC=Message?"-post: the message from the so-called "" is fake. Regards, Robert -- Robert eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm (1506 nix nix - Dizzy Gillespie, foo Mgr.) From nttp.sc.s at bigsleep.org Tue Jun 7 06:29:06 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 01:30:08 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: On 06 Jun 2005 Robert Taylor entered spamcop and left news:d832a8$j5n$1@news.spamcop.net: > Return-Path: > From: webmaster at spamcop dot net > Do Spamcop mail account members not know anything about reading headers? The only thing you posted that couldn't be forged was your eMail address. Why didn't you post the source IP so that we could confirm it didn't come from spamcop.net/ironport.com, and you wouldn't have to waste your time looking up the phishing link. Thanks for taking the time to munge all that stuff though. -- | Ric From rob at southernfrance.com Tue Jun 7 08:31:09 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 01:35:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Thank you for that. I like the way you sniff down and you are right there on the button. 63.247.78.250 is celestialhost.com which is my private hoster, hosting southernfrance.com and other southernfrance names. Celestialhost is hosted by ace etc etc. I've only just moved to ace from my old host who developed chronic downtime problems. But thanks for your time. "Mike Easter" a écrit dans le message de news: d828i0$2da$1@news.spamcop.net... > Mike Easter wrote: >> The evidence page shows this: >> >> 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / >> arizonagoldprospectors.org (cs.cs-server30.com) >> 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / >> dietandverilitypills.com) >> >> which means that 63.247.78.218 rDNS mail.cs-server30.com got itself >> listed for those websites in the top line, and perhaps something else. >> >> When gnax failed to do anything about the reports, the single IP was >> expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. >> That /25 in CIDR notation includes your 63.247.78.250 > > Since we're just puttering around here, we can mess with some other CIDR > blocks in this neighborhood. > > gnax is Global Net Access and it owns a /19 here, which is 8192 IPs or > 32 class Cs. > > OrgName: Global Net Access, LLC > NetRange: 63.247.64.0 - 63.247.95.255 > CIDR: 63.247.64.0/19 > NetName: GNAXNET > > So that little spews 'potshot' at blocking 128 of them is 'nothing' - > but it is spews warning gnax. Sometimes spews will 'emphasize' that > warning by listing a bigger chunk as a spews2. > > Another little chunk you would be interested in is a little /29 of 8 IPs > > network:Network-Name:AceNet572-1 > network:IP-Network:63.247.78.248/29 > > Those 8 IPs are assigned by gnax to AceNet, and your IP in question is > in those 8, and those 8 are 'caught up' in the block of 128 that spews > chose for its expansion to try to communicate with gnax more > effectively. > > It appears that your domainname southernfrance.com rDNS 63.247.78.250 > and that is its MX, which is also sky.securenet-server.net > > There's also a webserver and a number of sites there, 423 different > domains, including yours http://www.southernfrance.com > > > -- > Mike Easter > kibitzer, not SC admin > > From RobertTaylor at SpamCop.net Tue Jun 7 02:31:52 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Tue Jun 7 01:35:13 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: In news:Xns966DE4CDAEF0Cblammo@216.154.195.61, Blammo sent: > On 06 Jun 2005 Robert Taylor entered spamcop and left > news:d832a8$j5n$1@news.spamcop.net: > >> Return-Path: >> From: webmaster at spamcop dot net >> > > Do Spamcop mail account members not know anything about reading headers? > The only thing you posted that couldn't be forged was your eMail address. > Why didn't you post the source IP so that we could confirm it didn't come > from spamcop.net/ironport.com, and you wouldn't have to waste your time > looking up the phishing link. > Thanks for taking the time to munge all that stuff though. > >> Ric You're most welcome. :) Robert From RobertTaylor at SpamCop.net Tue Jun 7 02:32:49 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Tue Jun 7 01:35:20 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: In news:d8341u$k48$1@news.spamcop.net, WazoO sent: > "Robert Taylor" wrote in message > news:d832a8$j5n$1@news.spamcop.net... >> This evening, this landed in my inbox: >> >>
Dear Valued Member,
[...] > For being a long-time SpamCop user, why are you the second > person today to find this baffling? [...] > the use of a Tracking URL would > by much simpler and wiser ... [...] This may come as a shock to you, but I find the Theory of Groups, and Number Theory generally, infinitely more interesting (no pun intended) than Tracking URLs (and eMail headers, generally), and hence am unable to dedicate time to study of the latter. Judging by your urbane, polished, and courteous remarks, I feel sure that you will find it in your heart to forgive this vice which, in the kosmic scheme of things, is relatively minor. Regards, -- Robert eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm (1506 nix nix - Dizzy Gillespie, foo Mgr.) From rob at southernfrance.com Tue Jun 7 08:35:48 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 01:40:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Thank you for the reply, now I understand. Can you make any recommendations about <<2) Smarthost your email, which means you send your outgoing email to some server in untainted IP space. Can be had for a couple of bucks a month >> Don't want to jump out the frying pan into the the whatever it is , and having just moved and having to rejig sites to fit in withh different constraints on the hosts..... seems a good host is so mighty hard to find, why I'd give all the gold........ Best, Rob "Martijn Lievaart" a écrit dans le message de news: s6pen2-mp3.ln1@news.rtij.nl... > On Mon, 06 Jun 2005 20:23:26 +0200, Rob wrote: > >> I'm sorry if I'm mailing into the wrong thread, I do not really know how >> these news groups work. > > It's not the wrong thread, it's the wrong newsgroup. You want > news.admin.net-abuse.blocklisting. However, you'll find the same answers > as I'll give you, although more detail. > > This group is only about the spamcop system, which has zero, nada, nop to > do with spews, except that they both publish blocklists. > > Spamcop is a system that lists IPs that have generated a lot of > complaints. "A lot of" is defined somewhere in the FAQ. > > Spews is the Spam Early Warning System. It lists IPs that have spammed or > have given spam support. If nothing is done, the listing is widened to the > netblock. If still nothing is done, the listing is widenend until at last > it compasses the entire ISP. > > You'll notice this may list a lot of other customers of that same ISP. > This is intentional. This is probably what happened to you. > > The problem is that some ISPs done give a fart about spamming customers > and > 1) Either don't do anything, or > 2) Even worse, move the spammers around to avoid private blocklists > > To put pressure on those ISPs to remove their spamming customers some > block the complete ISP. SPEWS is just an automated system that does about > the same, it lists netblocks that are likely to emit spam. > >> I do not undertand why my dns is blocked by Spews. I have just switched >> server, there are no spamming sites on my server and yet the DNS >> 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do >> with me or my server http://spews.org/html/S2983.html >> >> Is there a way of getting off this list and how on earth did I get onto >> it? > > Lets see. > > 0, 65.61.216.13, making-online-money.com (dead) 1, 65.61.216.92, > teensoncam.net > 1, 65.61.216.83, penis-pills-review.com 2, 65.61.216.0/24, doteasy.com > (making-online-money.com) 0, 66.79.174.150, virilitypillsvp-rx.com 0, > 69.72.142.42, virilitypillsvp-rx.com / dietandverilitypills.com > (pwebtech.com) 0, 69.72.142.0/26, pwebtech.com (virilitypillsvp-rx.com / > dietandverilitypills.com) 1, 63.247.78.218, virilitypillsvp-rx.com / > dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) > 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) 0, 162.42.209.64, desertjewels.com > (cybertrails.com) 0, 69.56.158.170, making-online-money.com > (theplanet.com) 0, 69.56.158.128/26, theplanet.com > (making-online-money.com) 1, 72.34.32.200, desertjewels.com > (ihnetworks.net) 1, 209.51.152.43, virilitypillsvp-rx.com / > dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) > 2, 209.51.152.0/26, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) 1, 69.50.201.75, arizonagoldprospectors.org > (atjeu.com) > > You didn't give your IP, so I cannot say which of those lines applies to > you. > > However the first number is the level. Level 0 means de-listed and is > documentary. Level 1 means block. Level 2 means, whatch out, this may go > level 1. See http://www.spews.org/faq.html for more info. > > The second number is the IP range in question. > > After that is why this IP range is listed. > > Ask in nanabl (news.admin.net-abuse.blocklisting) people there are very > good at explaining spews listings and giving details. Let me just say that > I recognize two names there, gnax and the planet. Both harbor spammers and > don't give a shit. The rest seems to be about their pet pill spammers, > which has not escalated yet to the ISP level. > > Let me put it this way. You seem to have chosen connectivity through a bad > neighborhood. Gnax and the planet are block on sight for many, spews may > just be the least of your problems, just the first you got aware of. > > Your options mainly are: > 1) Live with it. > 2) Smarthost your email, which means you send your outgoing email to some > server in untainted IP space. Can be had for a couple of bucks a month. 3) > Ask your provider why they are listed an get them to do something about > it. > 4) Terminate your contract because the provider does not deliver as > promised and get connectivity elsewhere. > > Let me repeat, spews is just an indication of the problems if you are on > gnax or the planet. > > HTH, > M4 > > -- > Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering > their time inventing and implementing new, exciting ways for software > to suck. -- Toni Lassila in the Monastry > From nttp.sc.s at bigsleep.org Tue Jun 7 06:57:40 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 02:00:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 06 Jun 2005 eddie entered spamcop and left news:pan.2005.06.07.02.23.40.130000@eddie.web: > And I am sure the spammers know what they are doing. I'm not so sure. I didn't know really where to post this, but I just noticed this... X-Spam-Status: Yes, ... tests=...,URIBL_AB_SURBL, URIBL_OB_SURBL,URIBL_SC_SURBL I think URIBL_SC_SURBL is Spamcop, though I haven't checked these Spamassassin rules to know for sure. The URL with *.speedtuesday.info doesn't make it through the parser this time, but the domain is listed. And it received a generous 12.7 score from spamassassin. -- | Ric From nobody at devnull.spamcop.net Tue Jun 7 03:54:17 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Jun 7 03:55:08 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns966DE9A61C6F4blammo@216.154.195.61... > > X-Spam-Status: Yes, ... tests=...,URIBL_AB_SURBL, > URIBL_OB_SURBL,URIBL_SC_SURBL > > I think URIBL_SC_SURBL is Spamcop, though I haven't checked these > Spamassassin rules to know for sure. The URL with *.speedtuesday.info > doesn't make it through the parser this time, but the domain is listed. And > it received a generous 12.7 score from spamassassin. http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf urirhssub URIBL_SC_SURBL multi.surbl.org. A 2 body URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist tflags URIBL_SC_SURBL net http://www.surbl.org/lists.html sc.surbl.org - SpamCop message-body URI domains As described in the sc Data section, sc.surbl.org contains domains and a few web site IP addresses processed from SpamCop URI reports, also known as "spamvertised" sites. Many reports for a given domain or IP address must be received before it is included, and a whitelist is used to prevent any legitimate, non-spam domains from getting onto the list. Entries in sc.surbl.org expire automatically as described in the Data section. If you know of any legitimate domains that are on this SURBL or any others, please report them to whitelist at surbl dot org so they can be removed. When writing, please send us the original message with full headers and an explanation of why the domain should not be listed. Please see the List Removal section below. Note that this list is not the same as bl.spamcop.net, which is an RBL of spam-sending source IP addresses found in message headers. From redford_stone at INVERSE_OF_COLDmail.com Tue Jun 7 09:04:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Jun 7 04:05:02 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Steven Maesslein wrote in news:slrnda8cq2.492.nobody@127.0.0.1: > > Isn't that what they already are? They'll just end up being exploited by > even more proxy hijackers. > Unfortunately, that appears to be the case. I'm hoping something is going to "break" someplace over there and it will shake them up to actually take action. From nobody at nowhere.not Tue Jun 7 09:16:44 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 04:20:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Mon, 6 Jun 2005 20:58:39 UTC, "Mike Easter" wrote: > You haven't proven your point yet by posting partial headers. While I did not post all the headers I did post all the receive headers but here is what you want. http://www.spamcop.net/sc?id=z772255444z234e8e5c69ac56da441f2a1e9f7155 dbz -- Robert Blair From porpoise1954 at yahoo.co.uk Tue Jun 7 10:11:05 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 04:20:11 2005 Subject: [SpamCop-List] spam injecting forged anti-spam headers Message-ID: Tracker: http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z This is an interesting variation, injecting forged "X-AntiAbuse" headers and obfuscated links to your own domains in order to make it such that, if you were to report the spam, it makes the parser find your own domain as the spamvertised link - which it would then want to report. Needless to say, it was cancelled and no reports sent. (So spammy achieved that objective at least). Clever new tactic by spammy? Like I'm *really* likely to want to be on their after them spamming me and trying to make it look like it came from me, to avoid being reported. **************** Looking at the originating IP [from - ] gives us: OrgName: Everyones Internet, Inc. OrgID: EVRY Address: 2600 Southwest Freeway Address: Suite 500 City: Houston StateProv: TX PostalCode: 77098 Country: US NetRange: 67.15.0.0 - 67.15.175.255 CIDR: 67.15.0.0/17, 67.15.128.0/19, 67.15.160.0/20 NetName: EVRY-BLK-15 NetHandle: NET-67-15-0-0-1 Parent: NET-67-0-0-0-0 NetType: Direct Allocation NameServer: NS1.EV1.NET NameServer: NS2.EV1.NET Comment: RegDate: 2004-02-06 Updated: 2004-10-11 which I take to be the genuine originating IPand the being forged. ***************** Then, looking at the forged headers: X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ibiza.micfo.com X-AntiAbuse: Original Domain - srenterprises.co.uk X-AntiAbuse: Originator/Caller UID/GID - [99 504] / [47 12] X-AntiAbuse: Sender Address Domain - ibiza.micfo.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: 1st-buy-and-sell.com:/public_html/discount/mail Envelope-To: x X-Spam-Flag: No X-Spam-Level: 2/3 is obviously forged I take to be some sort of tracker for spammy to identify the spammee. ****************** Then, from the body, the following makes the parser think that Apnea is a spamvertiser from an obfuscated URL: Please specify the URL where you have placed the back link to our WEB site in the form below: http://www.discount-prices.biz/links.php?action=addlink&lcat_id=3328&link_id=99597 The following information was added into our database already: - Title: APNEA - URL: http://www.apnea.co.uk - Description: Freediving and spearfishing equipment and supplies, scuba equipment and accessories, and UK agents for Imersion. - Keywords: Freediving and spearfishing equipment and supplies, scuba equipment and accessories, and UK agents f ****************** From nobody at spamcop.net Tue Jun 7 10:30:05 2005 From: nobody at spamcop.net (TimeLord) Date: Tue Jun 7 04:35:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Brian (SnSR)" wrote in message news:d7lsi5$bcv$1@news.spamcop.net... > Vanguard wrote: > We all have started from a place where we didn't know much about spam or > the process of reporting it. Let's try to help each other out instead of > being so critical and turning noobs away. Well said. Even the most experienced make the odd stupid mistake - the difference generally being their refusal to admit it. kev From nttp.sc.s at bigsleep.org Tue Jun 7 09:51:04 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 04:55:29 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 07 Jun 2005 WazoO entered spamcop and left news:d83jrb$sor$1@news.spamcop.net: > Note that this list is not the same as bl.spamcop.net, which is an RBL of > spam-sending source IP addresses found in message headers. > Yea, that would be "RCVD_IN_BL_SPAMCOP_NET" Thanks for the info. -- | Ric From nobody at nowhere.invalid Tue Jun 7 12:12:16 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jun 7 05:15:27 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: On Tue, 7 Jun 2005 02:01:23 +0100, Ant coughed into spamcop and left this in : > I like the control you get with unix style OS's, but I think their > GUIs are primitive. May have been true a few years ago but nowadays both KDE and GNOME have plenty of features - to the point where some consider them overbloated. Of course, that's one of the advantages of a 'nix system running XFree86 or xorg: you get to choose which GUI you use. If you like a full desktop manager the go for KDE or GNOME. If you prefer something much lighter then go for a simple window manager like IceWM, BlackBox or twm. > I'm quite happy at the command line, but I also like fast functional > graphics. Perhaps things are improving in this area; They are - definitely. > my experience is based on an old version of Red Hat How old? If more than, say, 2 years (which is about when RH9 was released) then you'll hardly recognize it now. > and various flavours of Solaris (I have an old Sun SPARCstation 20 > which I play with occasionally). I suspect the GUI on that machine is a little outdated :) If you want to play around with a distro before installing it then take a look at this: http://www.knopper.net/knoppix/index-en.html (assuming you have a broadband connection and a CD burner) -- Steve Cat, n: Lapwarmer with built-in buzzer. From scamper at trisk.com Tue Jun 7 04:16:41 2005 From: scamper at trisk.com (Garen Erdoisa) Date: Tue Jun 7 05:20:05 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers In-Reply-To: References: Message-ID: Porpoise wrote: > Tracker: > http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z [snip] > X-AntiAbuse: Original Domain - srenterprises.co.uk These types of headers are not uncommon. I've seen two to three a day like that over the last year or so. Don't know if this will help in your case unless you can run procmail but what I do in this case is use a procmail filter to append a new header prior to running it through my spam filter software that would look something like this: X-srenterprises.co.uk: Forged Header Detected (X-AntiAbuse: Original Domain - srenterprises.co.uk) Then go ahead and send the report as normal. I've yet to see spamcop's parser be fooled by this. ALso looking at your tracker, It doesn't look like spamcop's parser was fooled by this one either. [snip] Garen From nttp.sc.s at bigsleep.org Tue Jun 7 10:19:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 05:20:13 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: On 07 Jun 2005 Porpoise entered spamcop and left news:d83lb0$tsf$1@news.spamcop.net: > This is an interesting variation, injecting forged "X-AntiAbuse" > headers and obfuscated links to your own domains in order to make it > such that, if you were to report the spam, it makes the parser find > your own domain as the spamvertised link - which it would then want to > report. I don't get it, I don't see any obfuscated links, just the one in the message body (other than discount-prices) that the parser picked up on. I've seen the same thing with my domain in "Original Domain", spamcop never tried to report it, and so big deal, like they can't figure that out from the headers? Or track it in their own database. I think you're being paranoid, but whatever. -- | Ric From nobody at nowhere.invalid Tue Jun 7 12:21:56 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jun 7 05:25:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On Tue, 7 Jun 2005 08:04:28 +0000 (UTC), Redstone coughed into spamcop and left this in : > Unfortunately, that appears to be the case. I'm hoping something is > going to "break" someplace over there and it will shake them up to > actually take action. The only thing that'll get .kr's attention is if someone backhoes their pipe to the 'Net. .kr is probably the country with the highest penetration of high-speed connections to the house. Given that they all use bootleg copies of Windows in Asia and that they're therefore scared to grab updates from windowsupdate.microsoft.com, .kr has a huge concentration of trojanned machines connected to the 'Net. ISPs in .kr (in particular kornet, hananet and boranet) have repeatedly shown their unwillingness (or incompetence?) to deal with the problem, so the only way that the "clean" side of the Internet can deal with it is to depeer with .kr. The problem is the same for .cn, .tw and .hk. -- Steve "Mothers all want their sons to grow up to be President, but they don't want them to become politicians in the process." -- John F. Kennedy From nobody at spamcop.net Tue Jun 7 09:07:48 2005 From: nobody at spamcop.net (Ellen) Date: Tue Jun 7 08:15:02 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Robert Taylor" wrote in message news:d832a8$j5n$1@news.spamcop.net... > Hello Group, > > This evening, this landed in my inbox: > > (quote) > > >
Dear Valued Member,
>
According to our site policy you will have to confirm your account by > the following link or else your account will be suspended within 24 hours > for security reasons Yes it is is a phish/forgery mail -- we do not have a webmaster account/email address, we do not ask you to confirm your account for security reasons. If someone would send me one of these with complete headers and body source, pasted into an email to deputies admin.spamcop.net I would appreciate it. If anyone gets one with a functioning body url and can copy/paste the webpage that would also be useful. Has anyone seen one with a functioning phish page? Legit mail will come from me, Don or Richard about your reporting account and from Jeff about your filtered email account, if there is an issue with your account. We never write in HTML. We just ask you to respond to us with more information about a report or ask you to set-up mailhosts or to explain your process in submitting spam or some such thing. We will never ask for your password. If for some reason we wanted you to log into your account, we would ask you to log in as usual to the system and do blahblahblah. Thanks Ellen SpamCop P.S. -- folks, please lets not jump on people who receive one of these and show up here concerned about what is going on. We have many many thousands members who have never posted in the newsgroups, who have been members for years and who are rightly alarmed by receiving this. Whilst it may seem remarkable, there are lots of members who have never had parse problems and who have never learned to, or needed to learn to, read headers. So let's cut them a tiny little bit of slack. Of course if they do it a second time, why then you can beat them up :-) As always, but never said said frequently enough, thanks to the regular and irregular denizens of the groups and forums who offer help day in and day out. Your knowledge and helpfulness keeps us afloat! From nospam at fuck-off-and-die.com Tue Jun 7 19:10:06 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Tue Jun 7 08:30:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Steven Maesslein, , the heavy, low-necked flap-dragon, and monastery door keeper, cooed: > On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left > this in : >> I do not really know >> how these news groups work. > > To start with, they have nothing to do with e-mail so I don't > understand > the comment about "mailing" to the wrong thread, especially as yo just > started a new thread. You total fucking arse. I hope you turn blue and die of asphyxiation. Slowly and horribly. From nttp.sc.s at bigsleep.org Tue Jun 7 14:09:31 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 09:10:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: On 07 Jun 2005 Ellen entered spamcop and left news:d8432a$66b$1@news.spamcop.net: > ... who have never learned to, or needed to learn to, read headers. I just don't understand how you can be a spam reporter and not know a little about reading headers. > So let's cut them a tiny little bit of slack. I don't know why, they should know what their server's (or spamcop's) Received headers look like, at the very least. I guess if one can use the Spamcop mail service and never send any reports (none of their spam ever gets reported), then I can give them some slack. -- | Ric From MikeE at ster.invalid Tue Jun 7 07:43:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 09:45:02 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Robert Blair wrote: > "Mike Easter" >> You haven't proven your point yet by posting partial headers. > > While I did not post all the headers I did post all the receive > headers but here is what you want. > > http://www.spamcop.net/sc?id=z772255444z234e8e5c69ac56da441f2a1e9f7155 > dbz It is definitely more 'fun' and more informative to look at the whole item. Those Received headers are 'boring' but the key to the truth.. When we look at the tracker we get to see just what a spam generated from go.com's webmailer looks like. Altho' anything of this can be forged by the spammer, when it all 'fits together' then it is likely real. headerlines X-Mailer: GoMail 3.0.1 bodytrailer Check-out GO.com GO get your free GO E-Mail account with expanded storage of 6 MB! http://mail.go.com We also get to see the go.com From and Return-Path which is surely the account at go joymoorejo and altho' the tracker only provides an obfuscated msgid, it also corresponds 6380__rejo@WMAILWEBA04 and we also get to see that go.com does *not* put in an X-line indicating the IP of the person connecting to their webmailer, also giving another clue to go.com's cluelessness. Since these kinds of things can sometimes lead to further correspondence with a provider like go, all of this information is fodder for some subjects in that correspondence. Also, if/when you re-communicate with the provider's abuse contact, you want to include some of these addresses from the arin registration: whois -h whois.arin.net 199.181.134.41 ... OrgName: Disney Worldwide Services, Inc. AbuseEmail: ms_support@help.go.com NOCEmail: servicedesk@ticket.disneyonline.com TechEmail: noc@dig.com OrgTechEmail: michael.jenkins@disney.com So, when you are writing back and including the inane response to a legitimate notify, you are also including all of those people who get to look at the stupidity of their abuse desk's response. They also get to see what other criticisms you have about the missing X-line for the IP That is a deficiency of a webmailer which should be fixed IMO. Now, see? Isn't that more fun than just looking at Received lines? -- Mike Easter kibitzer, not SC admin From rob at southernfrance.com Tue Jun 7 17:00:06 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 10:05:02 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Message-ID: Thanks for taking the time to reply. :) "Kadaitcha Man" a écrit dans le message de news: 78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org... > Steven Maesslein, , the heavy, low-necked > flap-dragon, and monastery door keeper, cooed: > >> On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left >> this in : > >>> I do not really know >>> how these news groups work. >> >> To start with, they have nothing to do with e-mail so I don't >> understand >> the comment about "mailing" to the wrong thread, especially as yo just >> started a new thread. > > You total fucking arse. I hope you turn blue and die of asphyxiation. > Slowly > and horribly. > From glnews030922 at highspot.net Tue Jun 7 16:20:33 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 10:20:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL In-Reply-To: References: Message-ID: Ant wrote: > I've been resolving some of these URLs separately. All my recent ones > are hosted by China Railway Telecoms (chinatietong). This provider > appears to be *the* major bullet proof host at present. Apparently > they've contacted Steve Linford of Spamhaus to discuss removing their > blocks, so they know they have a problem and they know what to do! http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 211.155.0.0/20 is listed on the Spamhaus Block List (SBL) ... Spamhaus is blocking all IP space belonging to China Railway Telecommunications Center (CRTC). This is because of very large world-wide spam problems caused by the managers of China Railway Telecommunications Center allowing American spammers to operate web sites hosted by CRTC selling illegal pornography, drugs and money scams. I thought he said they had contacted him a week or so ago. This escalation only took place on Sunday. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 08:20:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 10:25:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Mike Easter wrote: > whois -h whois.arin.net 199.181.134.41 ... > OrgName: Disney Worldwide Services, Inc. > AbuseEmail: ms_support@help.go.com > NOCEmail: servicedesk@ticket.disneyonline.com > TechEmail: noc@dig.com > OrgTechEmail: michael.jenkins@disney.com > > So, when you are writing back and including the inane response to a > legitimate notify, you are also including all of those people who get > to look at the stupidity of their abuse desk's response. Another way to include some more people when you correspond with go about how to go about being an abuse desk receiving and responding to notifies is to use these: whois -h whois.radb.net 199.181.132.132 ... route: 199.181.132.0/24 descr: Walt Disney Internet Group origin: AS8137 notify: bob.lemons@dig.com whois -h whois.abuse.net dig.com ... dns-ops@dig.com postmaster@dig.com (for dig.com) SC's notify is abuse@go.com which is based on the abuse.net lookup of the abuse addy in arin AbuseEmail: ms_support@help.go.com whois -h whois.abuse.net help.go.com ... abuse@go.com (for go.com) But I think that when an abuse desk drops the ball and makes some kind of really stupid unresponsive response to a notify, that 'others' need to be included in the next communication which includes that reply. Sometimes others is the parent, sometimes it can even be an upstream. The idea is to 'hold their feet to the fire' ongoing communication with them which also includes those other people who they don't want to look stupid in front of. I get very irritated when someone who has a fulltime abuse desk job with benefits, paid vacations, healthcare, unemployment insurance, a parking place, and perhaps daycare for their children -- whose job's most important primary function^1 is to receive a spam notify and determine whether or not the item was sourced from their client -- responds to that notify stupidly. That also means that they received their notify from spamcop, which parser should be better than some amateur spam recipients notifying; and also the headers of the mail aren't 'complicated' -- how dumb is that? ^1 It is possible that there may not be a 'real' fulltime job at abuse@go.com -- they may have tossed the responsibilities of that job onto someone who has a myriad of other more important things to do. All the more reason to include those other people in the next communication. -- Mike Easter kibitzer, not SC admin From notmyrealaddress at nospam.com Tue Jun 7 11:22:23 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 10:25:11 2005 Subject: [SpamCop-List] Is American Express promoting SPAM?? Message-ID: When I received my AX bill the other day I noticed that they were pushing some kind of E-Mail Marketing thing..maybe I totally misunderstand this..but can someone take a look at this scan of part of my bill and tell me if they are encouraging SPAM..if so..I will be taking my business elsewhere http://www.kineticowater.com/images/AXSpam.jpg -- Thanks, Cherie From zypher at spamcop.net Tue Jun 7 10:40:58 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Jun 7 10:45:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? In-Reply-To: References: Message-ID: Cherie wrote: > When I received my AX bill the other day I noticed that they were pushing > some kind of E-Mail Marketing thing..maybe I totally misunderstand this..but > can someone take a look at this scan of part of my bill and tell me if they > are encouraging SPAM..if so..I will be taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg > The company _claims_ not to be spammers: http://open.constantcontact.com/anti_spam.jsp From glnews030922 at highspot.net Tue Jun 7 16:44:26 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 10:45:12 2005 Subject: [SpamCop-List] Re: Phony SC-Message? In-Reply-To: References: Message-ID: Robert Taylor wrote: http: //www dot spamcop dot > net/confirm dot php?email=roberttaylor at spamcop dot net jwhois 209.67.220.164 [Querying whois.arin.net] [whois.arin.net] Savvis SAVVIS (NET-209-67-0-0-1) 209.67.0.0 - 209.67.255.255 Layered Technologies, Inc. CW-209-67-208 (NET-209-67-208-0-1) 209.67.208.0 - 209.67.223.255 Looks like Layered has closed the server down. It doesn't respond on port 80. They possibly firewalled it and are dropping the packets. Attempts to reach it via various protocols and ports all seem to get no response after 216.39.69.226 on the Layered network. Hopefully this means that they isolated the machine for a forensic investigation rather than just nuking it. If it had just been closed down, I'd expect to get some form of meaningful ICMP response packets from connection attempts. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 08:44:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 10:45:17 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: Graeme Leith wrote: > Ant wrote: >> I've been resolving some of these URLs separately. All my recent ones >> are hosted by China Railway Telecoms (chinatietong). This provider >> appears to be *the* major bullet proof host at present. Apparently >> they've contacted Steve Linford of Spamhaus to discuss removing their >> blocks, so they know they have a problem and they know what to do! > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 > > > 211.155.0.0/20 is listed on the Spamhaus Block List (SBL) > Spamhaus is blocking all IP space belonging to China Railway > Telecommunications Center (CRTC). > I thought he said they had contacted him a week or so ago. This > escalation only took place on Sunday. There's a lot more at spamhaus than that /20, including a lot of 'corporate escalations' http://www.spamhaus.org/sbl/listings.lasso?isp=crc.net.cn Found 80 SBL listings for IPs under the responsibility of crc.net.cn Just picking the 'big ones' which aren't /32s, but things like /11s down to /24s SBL27701 211.155.0.0/20 crc.net.cn SBL27372 222.36.42.0/24 crc.net.cn SBL25864 61.232.205.0/24 crc.net.cn SBL25797 221.172.0.0/14 crc.net.cn SBL25609 222.32.0.0/11 crc.net.cn SBL25319 222.47.122.0/24 crc.net.cn SBL24912 222.47.183.0/24 crc.net.cn SBL21980 222.47.0.0/16 crc.net.cn SBL21747 222.51.91.0/24 crc.net.cn SBL21240 222.47.72.0/24 crc.net.cn SBL20492 222.51.208.0/24 crc.net.cn SBL20364 222.34.5.0/24 crc.net.cn SBL20363 61.237.252.0/22 crc.net.cn SBL20236 222.47.93.0/24 crc.net.cn SBL20047 222.51.98.0/24 crc.net.cn SBL19608 222.47.62.0/24 crc.net.cn SBL16401 222.55.10.0/24 crc.net.cn SBL15138 61.233.138.0/24 crc.net.cn SBL14685 61.236.229.0/24 crc.net.cn SBL12641 61.234.218.0/24 crc.net.cn SBL5309 61.232.0.0/14 crc.net.cn SBL5191 211.98.0.0/16 crc.net.cn SBL3845 61.236.0.0/15 crc.net.cn -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Tue Jun 7 17:05:45 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 11:05:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL In-Reply-To: References: Message-ID: Mike Easter wrote: > Graeme Leith wrote: > >>Ant wrote: >> >>>I've been resolving some of these URLs separately. All my recent ones >>>are hosted by China Railway Telecoms (chinatietong). This provider >>>appears to be *the* major bullet proof host at present. Apparently >>>they've contacted Steve Linford of Spamhaus to discuss removing their >>>blocks, so they know they have a problem and they know what to do! >> >>http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 >> >> >>211.155.0.0/20 is listed on the Spamhaus Block List (SBL) > > >>Spamhaus is blocking all IP space belonging to China Railway >>Telecommunications Center (CRTC). > > >>I thought he said they had contacted him a week or so ago. This >>escalation only took place on Sunday. > > > There's a lot more at spamhaus than that /20, including a lot of > 'corporate escalations' > > http://www.spamhaus.org/sbl/listings.lasso?isp=crc.net.cn > Found 80 SBL listings for IPs under the responsibility of crc.net.cn Yeah, I picked that particular listing because it states that Spamhaus now considers the whole of AS9394 persona non grata. Corporate escalations are rare, but do happen. As far as I am aware, this is the 1st time they've listed an entire ISP that isn't owned by a ROKSO listed spammer. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 09:08:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 11:10:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Cherie wrote: > When I received my AX bill the other day I noticed that they were > pushing some kind of E-Mail Marketing thing.. Yes, they are promoting and 'in bed with' an email marketing entity. > maybe I totally > misunderstand this..but can someone take a look at this scan of part > of my bill and tell me if they are encouraging SPAM..if so..I will be > taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg Email marketing is a 'healthy' concept which has very unhealthy 'overtones'. Wanted email marketing is just fine. Spam email marketing is not just fine. Whenever there's a company in the business of marketing, you have to look upon them suspiciously. Marketers like to market. Whether or not constantcontact is a grayhat might depend on which side of them you are looking at. If you look at their antispam page you see one thing, if you look at some other marketing page, you see another thing. Here's a page about mailing list management http://open.constantcontact.com/features/email-list-management.jsp This par from a different page gives me a little bit of a positive feeling "Quick Start Service - Too busy to get started on your own? Let us help. For a small one-time fee our team will help you import your permission-based list, define interest categories and help you build your first email campaign." If their hat were a little darker, they would be offering a mailing list. The fact that constantcontact chose to advertiser their services by making a deal with amex to include promotion in their bills is a positive sign that they don't believe in spam. -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Tue Jun 7 09:22:32 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Jun 7 11:25:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? In-Reply-To: References: Message-ID: Ellen wrote: > "Robert Taylor" wrote in message > news:d832a8$j5n$1@news.spamcop.net... > >>Hello Group, >> >>This evening, this landed in my inbox: >> >>(quote) >> >> >>
Dear Valued Member,
>>
According to our site policy you will have to confirm your account by >>the following link or else your account will be suspended within 24 hours >>for security reasons > > > > Yes it is is a phish/forgery mail -- we do not have a webmaster > account/email address, we do not ask you to confirm your account for > security reasons. If someone would send me one of these with complete > headers and body source, pasted into an email to deputies > admin.spamcop.net I would appreciate it. If anyone gets one with a > functioning body url and can copy/paste the webpage that would also be > useful. Has anyone seen one with a functioning phish page? > > Legit mail will come from me, Don or Richard about your reporting account > and from Jeff about your filtered email account, if there is an issue with > your account. We never write in HTML. We just ask you to respond to us > with more information about a report or ask you to set-up mailhosts or to > explain your process in submitting spam or some such thing. We will never > ask for your password. If for some reason we wanted you to log into your > account, we would ask you to log in as usual to the system and do > blahblahblah. > > > > Thanks > > > Ellen > SpamCop > > P.S. -- folks, please lets not jump on people who receive one of these and > show up here concerned about what is going on. We have many many thousands > members who have never posted in the newsgroups, who have been members for > years and who are rightly alarmed by receiving this. Whilst it may seem > remarkable, there are lots of members who have never had parse problems and > who have never learned to, or needed to learn to, read headers. So let's > cut them a tiny little bit of slack. Of course if they do it a second time, > why then you can beat them up :-) > > As always, but never said said frequently enough, thanks to the regular and > irregular denizens of the groups and forums who offer help day in and day > out. Your knowledge and helpfulness keeps us afloat! > > Thanks Ellen http://209.67.220.164/ now redirects to http://12.120.124.56/ Notice to AT&T Internet Customers You have been directed to this AT&T Web page as a result of having clicked a link within an e-mail that you recently received which has been suspected of fraudulent activity. This e-mail message and its content is unauthorized by AT&T and should be disregarded. The e-mail likely appeared to have been sent by AT&T and requested that you either update your billing information or verify personal data associated with your current AT&T Internet account. You may have been asked to provide personal information such as: driver's license, mother's maiden name, or your credit card account information. AT&T has taken the necessary steps in order to block access to this suspected fraudulent Web site and has diverted you to this notification page to protect you against possible credit card fraud and/or identity theft. To facilitate our investigation into this incident, please forward the complete e-mail message you have received (with header information attached) to scam@abuse-att.net. To obtain important information pertinent to protecting yourself against identity theft, you may wish to visit the US Federal Trade Commission's Identity Theft Web site, which is located at http://www.consumer.gov/idtheft/. Thank you for your cooperation. From jr70 at blackhole.invalid Tue Jun 7 10:35:41 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Jun 7 12:40:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.06.15.21.39.616000@eddie.web... > Since SC, we were told, considers a report to the wrong IP the worst > error, I now completely cancel any report which does not parse properly, > perhaps giving the spammers a break but eventually making SC look into > the bug, assuming more people take this action. I assume that if any part > of the parse has an error, the entire parse is worthless since I have been > offered no explanation for this problem. There is no error in the header analysis that SC completes, it's just a failure to complete the URL search in the body of the spam. I'd go ahead and submit the report, because the source analysis is still valid. -- John Richards From nobody at spamcop.net Tue Jun 7 13:41:36 2005 From: nobody at spamcop.net (Ellen) Date: Tue Jun 7 12:50:02 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Blammo" wrote in message news:Xns966E3EB739B76blammo@216.154.195.61... > On 07 Jun 2005 Ellen entered spamcop and left > news:d8432a$66b$1@news.spamcop.net: > > > ... who have never learned to, or needed to learn to, read headers. > > I just don't understand how you can be a spam reporter and not know a > little about reading headers. There are lots of people with nice clean boring headers stamped by their ISP or company mailserver who just report spam and while I am sure they are mildly cognizant about headers they have never scrutinized them in detail. While I am not going to state the number, I do know how many SC users report spam weekly -- let me just say that if even 1/10th of them showed up here or in the forums we would never be able to wade thru the posts :-) > > > So let's cut them a tiny little bit of slack. > > I don't know why, they should know what their server's (or spamcop's) > Received headers look like, at the very least. > I guess if one can use the Spamcop mail service and never send any reports > (none of their spam ever gets reported), then I can give them some slack. And yes there are also lots of filtered email users who actually never report spam. Ellen From MikeE at ster.invalid Tue Jun 7 11:02:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 13:05:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: John Richards wrote: > "eddie" >> Since SC, we were told, considers a report to the wrong IP the worst >> error, I now completely cancel any report which does not parse >> properly, perhaps giving the spammers a break but eventually making >> SC look into the bug, assuming more people take this action. I >> assume that if any part of the parse has an error, the entire parse >> is worthless since I have been offered no explanation for this >> problem. > > There is no error in the header analysis that SC completes, it's just > a failure to complete the URL search in the body of the spam. I'd go > ahead and submit the report, because the source analysis is still valid. eddie isn't trying to be 'logical' about this issue. He's having what a friend of mine calls a little 'tanty' -- a nick for childhood tantrums. He's upset because SC isn't offering to notify the spamvertiser providers and he's going to stamp his foot and pout and 'show' SC by refusing to confirm any source reports which include failed spamvertiser provider notifies. He refuses to hear anything about the fact that the vast majority of those notifies would have been harmful rather than good, and the best which could be hoped for almost all of them would be useless. It seems as if he thinks spamvertiser provider notifies are 'disciplinary' or something. He refuses to acknowledge that his foot stamping is counterproductive to antispam rather than constructive.in any way. At the very least/best nonproductive. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Jun 7 19:03:57 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:20:05 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d83ols$i3$1@news.spamcop.net... > Porpoise wrote: > >> Tracker: >> http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z > [snip] > > I've yet to see spamcop's parser be fooled by this. ALso looking at your > tracker, It doesn't look like spamcop's parser was fooled by this one > either. Well it does to me because it would have reported it: If reported today, reports would be sent to: Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) abuse@schlund.de So it was obviously fooled by that one. From porpoise1954 at yahoo.co.uk Tue Jun 7 19:07:13 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:20:15 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Blammo" wrote in message news:Xns966E17BA43BE7blammo@216.154.195.61... > On 07 Jun 2005 Porpoise entered spamcop and left > news:d83lb0$tsf$1@news.spamcop.net: > >> This is an interesting variation, injecting forged "X-AntiAbuse" >> headers and obfuscated links to your own domains in order to make it >> such that, if you were to report the spam, it makes the parser find >> your own domain as the spamvertised link - which it would then want to >> report. > > I don't get it, I don't see any obfuscated links, just the one in the > message body (other than discount-prices) that the parser picked up on. > I've seen the same thing with my domain in "Original Domain", spamcop > never > tried to report it, and so big deal, like they can't figure that out from > the headers? Or track it in their own database. I think you're being > paranoid, but whatever. > well it does think it was obfuscated: Resolving link obfuscation http://www.apnea.co.uk host www.apnea.co.uk (checking ip) = 212.227.127.219 host 212.227.127.219 = kundenserver.de (cached) and it would have reported it: If reported today, reports would be sent to: Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) abuse@schlund.de So, yes, it is a concern and, no, I consider I'm being paranoid when it *would* have reported it. From notmyrealaddress at nospam.com Tue Jun 7 14:19:19 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 13:20:20 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Don't they ALL though? :O) -- Thanks, Cherie "Ron B." wrote in message news:d84blq$b88$1@news.spamcop.net... > Cherie wrote: >> When I received my AX bill the other day I noticed that they were pushing >> some kind of E-Mail Marketing thing..maybe I totally misunderstand >> this..but >> can someone take a look at this scan of part of my bill and tell me if >> they >> are encouraging SPAM..if so..I will be taking my business elsewhere >> >> http://www.kineticowater.com/images/AXSpam.jpg >> > > > The company _claims_ not to be spammers: > > http://open.constantcontact.com/anti_spam.jsp From usenet2 at DE.LETE.THISljvideo.com Tue Jun 7 18:23:33 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Jun 7 13:25:02 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Waiving the right to remain silent, "Cherie" said: > When I received my AX bill the other day I noticed that they > were pushing some kind of E-Mail Marketing thing..maybe I > totally misunderstand this..but can someone take a look at this > scan of part of my bill and tell me if they are encouraging > SPAM..if so..I will be taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg Not necessarily. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From porpoise1954 at yahoo.co.uk Tue Jun 7 19:15:18 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:25:09 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: "Cherie" wrote in message news:d84aie$ab0$1@news.spamcop.net... > When I received my AX bill the other day I noticed that they were pushing > some kind of E-Mail Marketing thing..maybe I totally misunderstand > this..but can someone take a look at this scan of part of my bill and tell > me if they are encouraging SPAM..if so..I will be taking my business > elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg > Hmmmm...... Looks like it...... From MikeE at ster.invalid Tue Jun 7 11:26:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 13:30:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: Porpoise wrote: > Tracker: www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z Reports regarding this spam have already been sent: Reportid: 1442154104 To: cancelled@devnull.spamcop.net You could've handled that differently, depending on what you 'think of' ev1. When I have SC parse that item, it offers to: Report Spam to: Re: 67.15.82.42 (Administrator of network where email originates) To: abuse@ev1.net (Notes) Re: 67.15.82.42 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) To: abuse@schlund.de (Notes) Re: http://www.discount-prices.biz (Administrator of network hosting website referenced in spam) To: abuse@ev1.net (Notes) Cyveillance is automatically unchecked for me; and you could also uncheck apnea, while leaving the notifies to ev1 for the source and spamvertiser intact. That contributes the source to the blocklist. If you don't want to give the copy of the spam to ev1, you 'have to' cancel the report. -- Mike Easter kibitzer, not SC admin From notmyrealaddress at nospam.com Tue Jun 7 14:40:32 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 13:45:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: "Mike Easter" wrote in message news:d84d96$cek$1@news.spamcop.net... > The fact that constantcontact chose to advertiser their services by > making a deal with amex to include promotion in their bills is a > positive sign that they don't believe in spam.> -- > Mike Easter > kibitzer, not SC admin When ya do a search for "constantcontact" spam..I pull up all kinds of stuff...like you say..it depends on which way ya look at it.... Thanks for you input C From spamcop at 1bigthink.com Tue Jun 7 14:54:27 2005 From: spamcop at 1bigthink.com (spamcop) Date: Tue Jun 7 13:54:38 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? In-Reply-To: References: Message-ID: <6.1.2.0.0.20050607135209.05f43c70@mx.1bigthink.com> At 01:15 PM 6/7/2005, you wrote: >"Cherie" wrote in message >news:d84aie$ab0$1@news.spamcop.net... > > When I received my AX bill the other day I noticed that they were pushing > > some kind of E-Mail Marketing thing..maybe I totally misunderstand > > this..but can someone take a look at this scan of part of my bill and tell > > me if they are encouraging SPAM..if so..I will be taking my business > > elsewhere > > > > http://www.kineticowater.com/images/AXSpam.jpg > > > > >Hmmmm...... Looks like it...... Yep, and most of the credit card companies do this too (partnering, junk mail packaging). If your credit card company sends you mail-order advertising along with their bill.. what's the difference? Of course this opt-in offer they've sent you could keep you on the hook forever. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From MikeE at ster.invalid Tue Jun 7 12:12:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 14:15:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Cherie wrote: > When ya do a search for "constantcontact" spam..I pull up all kinds of > stuff...like you say..it depends on which way ya look at it.... Of significance that includes spews http://spews.org/html/S1641.html for roving/constantcontact -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Jun 7 21:43:02 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 15:55:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Mike Easter" wrote in message news:d84lbu$ht6$1@news.spamcop.net... > Porpoise wrote: >> Tracker: > www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z > > Reports regarding this spam have already been sent: > Reportid: 1442154104 To: cancelled@devnull.spamcop.net > > You could've handled that differently, depending on what you 'think of' > ev1. Well, I think ev1 are a load of............ but I preferred to cancel rather than report and risk damaging the innocent URL by it appearing in the report. > > When I have SC parse that item, it offers to: > > Report Spam to: > Re: 67.15.82.42 (Administrator of network where email originates) > To: abuse@ev1.net (Notes) > Re: 67.15.82.42 (Third party interested in email source) > To: Cyveillance spam collection (Notes) > Re: http://www.apnea.co.uk (Administrator of network hosting website > referenced in spam) > To: abuse@schlund.de (Notes) > Re: http://www.discount-prices.biz (Administrator of network hosting > website referenced in spam) > To: abuse@ev1.net (Notes) > > > > Cyveillance is automatically unchecked for me; and you could also > uncheck apnea, while leaving the notifies to ev1 for the source and > spamvertiser intact. I usually have them unchecked too > > That contributes the source to the blocklist. If you don't want to give > the copy of the spam to ev1, you 'have to' cancel the report. That was one reason for cancelling the report. :-( Cheers Mike From nobody at nowhere.not Tue Jun 7 23:00:38 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 18:05:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Tue, 7 Jun 2005 14:20:33 UTC, "Mike Easter" wrote: > > AbuseEmail: ms_support@help.go.com > > NOCEmail: servicedesk@ticket.disneyonline.com > > TechEmail: noc@dig.com > > OrgTechEmail: michael.jenkins@disney.com > notify: bob.lemons@dig.com > dns-ops@dig.com > abuse@go.com Thanks for all of those email addresses, they all got my response. -- Robert Blair From nobody at nowhere.not Tue Jun 7 23:41:59 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 18:45:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Tue, 7 Jun 2005 14:20:33 UTC, "Mike Easter" wrote: So far two messages have been returned as not deliverable. ********** > > NOCEmail: servicedesk@ticket.disneyonline.com The E-mail you sent has not resulted in the registration or update of a Service Call. - The following error(s) occurred: --------------------------------------------------- No Person found for your E-mail address: "Bob" --------------------------------------------------- ERROR: "No Person found for your E-mail address:" SOLUTION: Call 1-866-DIG-HELP and request that your Person record be registered with us (required one time only) ********** What a crock! I guess they do want to hear about it either. So maybe go.com is just following along like sheep, nobody wants to know. > notify: bob.lemons@dig.com ********** : host mail.disney.com[204.128.192.15] said: 550 No such address (in reply to RCPT TO command) ********** This did not surprise me. -- Robert Blair From nttp.sc.s at bigsleep.org Wed Jun 8 01:02:47 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 20:05:04 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: On 07 Jun 2005 Porpoise entered spamcop and left news:d84knj$h4h$2@news.spamcop.net: > > well it does think it was obfuscated: > > Resolving link obfuscation Yea, I thought about that after I posted, however: ob·fus·cate - To make so confused or opaque as to be difficult to perceive or understand. So it's just another generic Spamcop message, it wasn't obfuscated, but the process is referred to by Spamcop as a "de-obfuscation" process. > > and it would have reported it: > Only if you had left the box checked. If you are worried about the spammer getting a copy of the report and seeing an unmunged link, which they had put there in the first place, then I think you are being paranoid. But that's your right. However I think the spammer wins by making you paranoid and thereby taking away if bit of your freedom. -- | Ric | From nospam at fuck-off-and-die.com Wed Jun 8 07:27:45 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Tue Jun 7 20:45:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Message-ID: <7118fb499d2146f98168321da74755e3@you.rawboned-cursed-flatfoot.com> Rob, , the tree-hugging, flakey inbreed, and claimer of charity intended for the indigent, oozed: > Thanks for taking the time to reply. > :) You made it clear that you weren't sure of either the technology or the correct terms to use, yet, to those of us who have reasonable minds, your intent was quite clear. The blithering pillock took /you/ to task for /his/ brain-dead confusion. Apart from that, good on you for checking out how to avoid being labelled a spammer. However despite your best efforts, you may still end up getting BL'd. You only have to read some of the tripe churned out by the power-crazy, frothing loons who ask odd-ball questions in the spam groups. There was one guy in one the spam groups recently who proved beyond any doubt that, as the new owners of a range of IPs after a company takeover, they had booted all spammers, at great financial cost to themselves, and proved that their network had been squeaky clean for a full year. One moron stated any staff that had transitioned from the old company to the new owner's company, and I quote, "need to be re-indoctrinated." In a fucking Chinese bootcamp, no doubt. The implication being, "We will not lift the BL unless you prove you have re-indoctrinated your staff." As it was, the gibbering oaf had no authority whatsoever to create such an implication. As for the spam avoidance, the best advice you can get is this: 1. Use confirmed opt-in and keep the confirmations. Do not refer to it as "double opt-in". The phrase is frowned upon because it implies double work on behalf of someone when no additional work took place. 2. Create a strict ant-spam TOS and police it ruthlessly. 3. Keep records of any terminations of association you've enacted. They will come in handy if you ever do get BL'd. You should also be very careful about the privacy of your spammers. Some of the retards who have replied to you have advocated that you should "out" spammers on a website. You should check your local privacy laws before taking that piece of insane tripe as a worthy morsel of advice. If you were to do that in this great land where I live, you would no sooner be estimating the worth of your liquidated assets and looking forward to a long sojourn with Bubba at the pleasure of Her Majesty or the President of France, as the case may be. The legal status of unenforceable Terms of Service conditions not withstanding. Take the 'tards with a bag of salt and you'll be right, mate. > "Kadaitcha Man" a écrit dans le message > de news: > 78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org... >> Steven Maesslein, , the heavy, low-necked >> flap-dragon, and monastery door keeper, cooed: >> >>> On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left >>> this in : >> >>>> I do not really know >>>> how these news groups work. >>> >>> To start with, they have nothing to do with e-mail so I don't >>> understand >>> the comment about "mailing" to the wrong thread, especially as yo >>> just started a new thread. >> >> You total fucking arse. I hope you turn blue and die of asphyxiation. >> Slowly and horribly. From scamper at trisk.com Tue Jun 7 20:00:01 2005 From: scamper at trisk.com (Garen Erdoisa) Date: Tue Jun 7 21:05:02 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers In-Reply-To: References: Message-ID: Porpoise wrote: > "Garen Erdoisa" wrote in message > news:d83ols$i3$1@news.spamcop.net... > >>Porpoise wrote: >> >> >>>Tracker: >>>http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z >> >>[snip] > > >>I've yet to see spamcop's parser be fooled by this. ALso looking at your >>tracker, It doesn't look like spamcop's parser was fooled by this one >>either. > > > > Well it does to me because it would have reported it: > > > If reported today, reports would be sent to: > Re: http://www.apnea.co.uk (Administrator of network hosting website > referenced in spam) > > abuse@schlund.de > > > > > > So it was obviously fooled by that one. > > The above link "http://www.apnea.co.uk" was in the body of the message, I didn't see it anywhere in the header. I didn't look at the message body before since your original post were referring to the message headers. :/ quote - from the message body - Title: APNEA - URL: http://www.apnea.co.uk unquote So, I still don't see spamcop being fooled by the X-AntiAbuse: headers. I'm pretty sure spamcop's parser ignores them since I've submitted hundreds of spam reports with those kinds of headers and I'd have seen and reported a problem by now if there were one. The parser in this case found the link in the message body as it should have, and flagged the admin of that site to recieve one of the spam reports since that web site was referenced in the spam message body. I think that the admin of that site or network can then go in and flag the site as an innocent bystander once they have the report in hand. Or as others have suggested in this thread, leave it unchecked for receiving a report. If it were me reporting it, I'd go ahead and send the report but either munge the web site to prevent the parser from flagging it, or add in a comment specific to that administrator that you think that that particular web site refrenced in the spam is an innocent bystander. Also, if I were concerned that it may be added to the SURBL, I would notifiy the spamcop deputies about the issue along with references to the spam report. My 2 cents. Garen From nobody at devnull.spamcop.net Tue Jun 7 21:32:54 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Jun 7 21:35:02 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d85ful$1f1$1@news.spamcop.net... > > So, I still don't see spamcop being fooled by the X-AntiAbuse: headers. > I'm pretty sure spamcop's parser ignores them since I've submitted > hundreds of spam reports with those kinds of headers and I'd have seen > and reported a problem by now if there were one. As X-Lines: can be added anywhere, by anyone, for any reason, the passer pays them no mind. From not at home.today Wed Jun 8 04:22:01 2005 From: not at home.today (Ant) Date: Tue Jun 7 22:25:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steven Maesslein" wrote: > On Tue, 7 Jun 2005 02:01:23 +0100, Ant coughed into spamcop and left > this in : >> my experience is based on an old version of Red Hat > > How old? If more than, say, 2 years (which is about when RH9 was > released) then you'll hardly recognize it now. Yes, it was RH9 on a Dell PII or PIII. Very clunky file manager (can't remember which one), and some of the configuration options didn't work properly. I only used it for a specialised compiler we had, and the odd game. Even some of the pre-installed games had files missing or wouldn't run. >> and various flavours of Solaris (I have an old Sun SPARCstation 20 >> which I play with occasionally). > > I suspect the GUI on that machine is a little outdated :) Solaris 8 (I think the latest is 10). The SS20 is really too slow to run the newer CDE, which I don't much like anyway, so I prefer to use the older OpemWindows. > If you want to play around with a distro before installing it then take > a look at this: > > http://www.knopper.net/knoppix/index-en.html I'm aware of the bootable CD versions of Linux, so I may try them at some point. The problem is inertia. I have so much knowledge invested in MS OS's and software that I'm reluctant to start over with 'nix. I know only the minimum to get by with that; whereas nothing in MS-DOS 3 through to NT 5 is much of a problem for me. From not at home.today Wed Jun 8 04:24:06 2005 From: not at home.today (Ant) Date: Tue Jun 7 22:25:14 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Graeme Leith" wrote: [CRTC block] > I thought he said they had contacted him a week or so ago. Middle of April according to a reply to him I can see in NANAE. > This escalation only took place on Sunday. Obviously they don't want to play, or they don't understand! From eddie at eddie.web Wed Jun 8 01:37:24 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 8 00:40:03 2005 Subject: [SpamCop-List] China Orders All Web Sites to Register Message-ID: You mean they don't have to now??? SHANGHAI, China - Authorities have ordered all China-based Web sites and blogs to register or be closed down, in the latest effort by the communist government to police the world of cyberspace. http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_hi_te/china_policing_the_net_2 -- Once movie theaters gave out steak knives Today they confiscate them From billk at no.spam Tue Jun 7 23:44:32 2005 From: billk at no.spam (Bill K.) Date: Wed Jun 8 01:45:02 2005 Subject: [SpamCop-List] Paypal Phish Message-ID: See news://news.spamcop.net/d8606d$9ma$1@news.spamcop.net Tricky one this one is. The link contained in it actually appears as an actual paypal link in the body of the message, but the address that turns up on the browser is completely different, as seen in this bit of HTML code: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Bill K. From nttp.sc.s at bigsleep.org Wed Jun 8 07:18:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 02:20:03 2005 Subject: [SpamCop-List] Re: Paypal Phish References: Message-ID: On 07 Jun 2005 Bill K. entered spamcop and left news:d860j9$9v2$1@news.spamcop.net: > Tricky one this one is. The link contained in it actually appears as an > actual paypal link in the body of the message, but the address that > turns up on the browser is completely different, as seen in this bit of > HTML code: > Yes, that's very common. It's also very common for a bit of Javascript code to change the text in the status bar, so you can't even rely on that to show the the real URL. With eMail, if you have Javascript disabled there, and the link locations show in the status bar, then it should show the real URL. With the browser though, you're not likely to have Javascript off. So to be safe, copy the URL by using the context menu (right-click - copy link location/shortcut), paste it into the location box of the browser. Before you hit Enter you can check the real URL text. -- | Ric | From bar_n0ne at hotmail.com Wed Jun 8 12:21:26 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 8 03:25:06 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: "eddie" wrote in message news:pan.2005.06.08.04.37.22.664000@eddie.web... > You mean they don't have to now??? > > SHANGHAI, China - Authorities have ordered all China-based Web sites and > blogs to register or be closed down, in the latest effort by the communist > government to police the world of cyberspace. > > http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_hi_te/china_policing_the_net_2 > > -- > Once movie theaters gave out steak knives > Today they confiscate them They must be exempting Pill, porno and webcam sites at CRC and CNC, or making sure they null route within China. AFAIC China is basically a very large criminal enterprise with 1 billion employees. From nobody at nowhere.invalid Wed Jun 8 12:14:16 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Jun 8 05:15:27 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: [ Followup set to spamcop.geeks ] On Wed, 8 Jun 2005 03:22:01 +0100, Ant coughed into spamcop and left this in : >> How old? If more than, say, 2 years (which is about when RH9 was >> released) then you'll hardly recognize it now. > > Yes, it was RH9 on a Dell PII or PIII. Very clunky file manager (can't > remember which one), and some of the configuration options didn't work > properly. IIRC the default desktop manager that installs with RH is GNOME. Personally, I don't like it and prefer KDE. KDE-3.4.0 is quite usable, I built it from source and installed it here a couple of days after it was released. Both KDE and GNOME can be used with RH, or rather with Fedore Core as the Free version of Red Hat is now called. http://fedora.redhat.com/ > I only used it for a specialised compiler we had, and the odd game. > Even some of the pre-installed games had files missing or wouldn't > run. That, unfortunately, is typical of RH. RH is about the worst distro as far as respecting the Linux File Hierarchy is concerned. There are always incidents of RH putting files in directories other than where applications not built specifically for RH would expect to find them. That's the main reason why I switched away from RH about 4 years ago and went for Slackware instead. > I'm aware of the bootable CD versions of Linux, so I may try them at > some point. The problem is inertia. I have so much knowledge invested > in MS OS's and software that I'm reluctant to start over with 'nix. I > know only the minimum to get by with that; whereas nothing in MS-DOS 3 > through to NT 5 is much of a problem for me. I used to be like that. I used to earn my living writing, among other things, software for DOS/Windows. I still shudder at the amount of time and money I poured into the O/S itself to start with, then compilers, debuggers, keeping up to date... I did that from about 1989 until 1999, 10 years of my life that I regret bitterly and consider, not to put too fine a point on it, wasted. Nowadays I have forgotten most of the techniques involved in coding for M$ operating systems and won't touch those pieces of crap with a barge pole. There's plenty of work to do "behind the scenes" where unixy systems are predominant - working for end users is the perfect illustration of the 80/20 principle, 80% of the problems for 20% of the income, and I'm just not prepared to do that any more. I'll settle for a 20% loss of income if it means removing the bulk of the problems (which are often chronic cases of PEBKAC anyway). Sometimes people call me asking how to do this that or the other on their machines, and I can *truthfully* say that I don't know how to do it on a Windows system. I have never used Windows-XP more than a few minutes at a time on clients' machines, and it just drives me round the bend. You even have to hunt down the console - not that you can do anywhere near as much with it as with a unix console anyway... Having used various unix systems (mostly Linux but also various BSD's) for the past 5 years or so, it's Windows that I find prevents me from doing what I want to do, that I find "clunky", especially the file management. There are so many operations on files that are dead easy to do on the command line in any unix system but that can only be done using the file manager in Windows unless you download specialized software. That's just my own personal opinion, though. But now that I've spent long enough using both systems, I know for sure that I'd never consider going back to Windows. And I haven't even mentioned the system security nightmare until right now... -- Steve In most countries selling harmful things like drugs is punishable. Then how come people can sell Microsoft software and go unpunished? -- Hasse Skrifvars From wb8tyw at qsl.network Wed Jun 8 09:06:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Jun 8 08:10:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > "John E. Malmberg" wrote in message > news:d7r1j3$5ks$1@news.spamcop.net... >> >>I was getting over 20 bounces/second from each of two of their mail >>servers during the last sober outbreak because of an infected system >>that appeared to be on the other side of the world. >> > In almost every case where I have spoken with an abuse person > at an ISP of > any size, the abuse person understands with crystal clarity the "bounce to > forged from address" issue. Unfortunately fixing the problem is a whole lot > harder than understanding it and involves getting all the various groups on > board including the network architects, ... The problem seemed to get worse just before spamcop.net made these bounces reportable. And it seems that it may be related to an article written by some "genius" in something that is widely read by non-technical e-mail and network managers. I have not found the orgininal article but have seen a few postings from independent sources that claim to be quoting it. What that writer is quoted as stating is that in the interest of security, mail servers should no longer ever use SMTP rejects as spammers are using them to figure out what E-mail addresses are valid. Instead all mail/spam/viruses should be accepted and then the undeliverable messages bounced to their alleged senders. Of course the genius and his loyal fans have overlooked is that the only thing that has accomplished for the spammers that were doing the harvesting now think all e-mail addresses for a domain doing it are valid, so this does not reduce the amount of spam targetted at that domain's users at all. A few mail server operators that bounce instead of reject seem to be using this anti-harvesting argument as their main excuse of not switching to SMTP rejects, or their recent change to switch to abusive bouncing. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Wed Jun 8 10:30:42 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 8 09:50:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "John E. Malmberg" wrote in message news:d86n0t$naa$1@news.spamcop.net... > > What that writer is quoted as stating is that in the interest of > security, mail servers should no longer ever use SMTP rejects as > spammers are using them to figure out what E-mail addresses are valid. I think that was the "accepted knowledge" a couple of years ago before the whole thing got totally out of hand with the advent of the spammer to virus writer merger and means little or nothing nowadays. > > A few mail server operators that bounce instead of reject seem to be > using this anti-harvesting argument as their main excuse of not > switching to SMTP rejects, or their recent change to switch to abusive > bouncing. What I hear mostly as the reason is that people have now got firewalls and AV and anti-spam servers and other appliances and hardware stacked in front of the mailservers and that the internet facing and intermediary servers just don't have access to the valid email address list so they are accepting everything. It is not trivial in most of these configurations to SMTP reject. However many admins are actually trying to severely minimize the number of these that they send or at least justify the hardware and software and network engineering $$ needed to do that. But yes there are some companies that are adamant that they are not going to do anything about it and because the RFCs say they are supposed to send bounces then they are going to send bounces :-( Ellen SpamCop > > -John > wb8tyw@qsl.network > Personal Opinion Only From porpoise1954 at yahoo.co.uk Wed Jun 8 16:20:01 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:30:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Blammo" wrote in message news:Xns966EAD7AAA699blammo@216.154.195.61... > On 07 Jun 2005 Porpoise entered spamcop and left > news:d84knj$h4h$2@news.spamcop.net: > > > Only if you had left the box checked. > If you are worried about the spammer getting a copy of the report and > seeing an unmunged link, which they had put there in the first place, then > I think you are being paranoid. But that's your right. However I think the > spammer wins by making you paranoid and thereby taking away if bit of your > freedom. > Actually, thinking about it............... other people will have received the same spam and will have reported it "as-is", so you're probably right - I was being a bit paranoid. :-() From porpoise1954 at yahoo.co.uk Wed Jun 8 16:23:25 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:35:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d85ful$1f1$1@news.spamcop.net... > > If it were me reporting it, I'd go ahead and send the report but either > munge the web site to prevent the parser from flagging it, or add in a > comment specific to that administrator that you think that that particular > web site refrenced in the spam is an innocent bystander. > Also, if I were concerned that it may be added to the SURBL, I would > notifiy the spamcop deputies about the issue along with references to the > spam report. > Thanks for your input. Too late to report that one now but if (splorf! - I mean when) I get another one, I'll go ahead and report it. From porpoise1954 at yahoo.co.uk Wed Jun 8 16:24:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:35:11 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "WazoO" wrote in message news:d85hs6$2k7$1@news.spamcop.net... > "Garen Erdoisa" wrote in message > news:d85ful$1f1$1@news.spamcop.net... > As X-Lines: can be added anywhere, by anyone, for any reason, > the passer pays them no mind. That's all very well but what does the *parser* do with them? ;-)