From jeffg at spamcop.net Tue Nov 1 00:11:48 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 00:15:03 2005 Subject: [SpamCop-List] Re: SPF record + domain literal format References: Message-ID: "wayne" wrote in message news:x4zmoty436.fsf@footbone.schlitt.net... > In "HOLLO Peter Mr. \(ICM Rt.\)" writes: > > Besides I would like to ask what is your opinion about x.y@ipaddress type > > receiving. > > > > Do you usually configure it ? If yes then did it cause any problem ? > > I do not accept IP literals in email addresses, and I haven't had any > problems. Even the rfc-ignorant.org folks aren't anal enough to > consider rejecting IP literals to be a problem. IIRC an ippostmaster zone was proposed, but there was little support for it. And BTW, the syntax is "postmaster@[127.0.0.1]". -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum. From jeffg at spamcop.net Tue Nov 1 00:21:57 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 00:30:04 2005 Subject: [SpamCop-List] Re: EBAY spoofed message forgery or really from ebay??? References: Message-ID: "Patto" wrote in message news:djskoq$ktq$1@news.spamcop.net... > One way to identify forgeries is when the address you as 'Dear EBay > member'. If it's from EBay, PayPal, your bank, or whatever, they most > likely address you with your name. PayPal pledged to do this for email they send me. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Tue Nov 1 00:25:40 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 00:30:06 2005 Subject: [SpamCop-List] Re: EBAY spoofed message forgery or really from ebay??? References: Message-ID: "Ken Knull" wrote in message news:pan.2005.10.28.16.53.49.132666@suespammers.org... > spoof@ebay.com (or spoof@paypal.com) ... > You likely won't be the only one sending them, but they actually do > something with / about them, if nothing more than learn of the phishers > amd tell you whether it is or isn't from them. They likely forward the most egregious ones to their land sharks. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From nobody at xyzzy.claranet.de Tue Nov 1 07:23:33 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Nov 1 01:30:03 2005 Subject: [SpamCop-List] Re: Dubious FAQ entry 166.html References: <435FB6B0.4B76@xyzzy.claranet.de> <43606545.1E96@xyzzy.claranet.de> <436293F7.24FA@xyzzy.claranet.de> <43643119.7458@xyzzy.claranet.de> <436449D9.3358@xyzzy.claranet.de> <43652DAC.30B7@xyzzy.claranet.de> <43654580.5429@xyzzy.claranet.de> <43662C7E.6A67@xyzzy.claranet.de> Message-ID: <436709E5.6097@xyzzy.claranet.de> Mike Easter wrote: > the original html always has the plaintext version of the > html in accompaniment and before the html. Does that mean OE "cannot" send HTML only and uses always a multipart/alternative text/html + text/plain for HTML ? > Unless the original picture was /attached/, in which case > its number would be 1.1 or so instead of 2.3 Your example was "attached" (= separate part), you said "not embedded" (UUE). I took it that you were talking about a picture in the original mail (=> 2.x parts in the forwarded mail). Did I miss something here, e.g. OE cannot "simple-forward" mail incl. attachments, the forwarder has to re-attach the detached original attachment manually ? For "simple forward" read "OE's unusual forwarding with an ersatz-header" (instead of a complete message/rfc822) Bye, Frank From MikeE at ster.invalid Tue Nov 1 01:13:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Nov 1 04:15:07 2005 Subject: [SpamCop-List] Re: Dubious FAQ entry 166.html References: <435FB6B0.4B76@xyzzy.claranet.de> <43606545.1E96@xyzzy.claranet.de> <436293F7.24FA@xyzzy.claranet.de> <43643119.7458@xyzzy.claranet.de> <436449D9.3358@xyzzy.claranet.de> <43652DAC.30B7@xyzzy.claranet.de> <43654580.5429@xyzzy.claranet.de> <43662C7E.6A67@xyzzy.claranet.de> <436709E5.6097@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> the original html always has the plaintext version of the >> html in accompaniment and before the html. > > Does that mean OE "cannot" send HTML only and uses always > a multipart/alternative text/html + text/plain for HTML ? Correct. Plaintext first. >> Unless the original picture was /attached/, in which case >> its number would be 1.1 or so instead of 2.3 > > Your example was "attached" (= separate part), you said > "not embedded" (UUE). I took it that you were talking > about a picture in the original mail (=> 2.x parts in the > forwarded mail). This named example was one in which the original sender sent as html, which has 2 parts, the plaintext part and the html part, and attached a graphic as an attachment, making a 3rd part, a b64 encoded graphic. The recipient forwarder forwarded that item, consisting of the original sender's two parts and another forwarded part, the b64 encoded graphic. The graphic was attached to the forwarder's mail, matching its header delimitor. The original sender's plaintext + html version was above that and delimited with its own 'internal' nested delimitors. > Did I miss something here, e.g. OE cannot "simple-forward" > mail incl. attachments, the forwarder has to re-attach the > detached original attachment manually ? OE's forwarding of items with attachments forwards 'simply'. No need to reattach. I'm just 'remarking' of my surprise that the structure is consistent with the attachment 'moving' from the first sender's delimitors to the second sender's delimitors. I guess it makes sense. That's the way it would be with plaintext with a graphic attachment, so it might as well be that way with an html [plaintext + html] with a graphic. So, in a sense, in the case of the forwarder of an html item with a graphic attached, the forwarder's OE 'automatically' detaches the graphic from the sender's mail and reattaches it to the forwarded mail. Because the delimitor on the attachment is the delimitor named in the headers of the forwarder's mail. > For "simple forward" read "OE's unusual forwarding with > an ersatz-header" (instead of a complete message/rfc822) I'm beginning to think about posting a couple of examples as trackers. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Nov 1 01:28:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Nov 1 04:30:05 2005 Subject: [SpamCop-List] Re: What Happened Here? References: <43668D01.6AD546B7@SpamCop.net.dev.null> Message-ID: Jeff G. wrote: > "Mike Easter" >> If you are doing a domainname registration information attack, you do >> that with yesnic, and I think the best way to do it is with the form >> process at internic.http://wdprs.internic.net/ Whois Data Problem >> Report System > > Already done. Also, please see > http://www.rfc-ignorant.org/tools/lookup.php?domain=mort60sec.net&full=1 Of course the processes which unfold as a result of the internic submission are altogether different than the ref-ignorant entries. Also, I'm not clear on the rfc-i entry for that domainname which sez 'bogusmx removed'. The domainname itself doesn't have an MX or a routable A record, and the nameservice has changed since yesterday so that all 5 of the nameservers are at the same IP and they all time out. It is effectively currently dead, since it doesn't have nameservice. Since the nameserver domainnames are reg'd to the same person and same address, it might be worthwhile to similarly 'attack' the nameservice USAELENDER.COM of whois.opensrs.net ie Tucows. -- Mike Easter kibitzer, not SC admin From mikeyhsd at sport.rr.com Tue Nov 1 09:17:10 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Tue Nov 1 10:20:03 2005 Subject: [SpamCop-List] black list reporting Message-ID: where do you send ddresses to for black list reporting. am getting 20-30 emails a day from this idiot. all in unreadable hen scratching. I will not install a language pack just to red this garbage. Re: 125.57.106.93 (Administrator of network where email originates) To: ip@cjdream.com (Notes) To: ip@dreamline.co.kr (Notes) Re: http://www.gyakuten5.net/?dog (Administrator of network hosting website referenced in spam) To: abuse@elim.net (Notes) it ws using a yahoo mail account from australia, got it cancelled. every mail has been reported to spam cop reporting. mikeyhsd@sport.rr.com From spambait at whodat.net Tue Nov 1 10:36:33 2005 From: spambait at whodat.net (Darrel Toepfer) Date: Tue Nov 1 11:40:03 2005 Subject: [SpamCop-List] Server Authentication is busted Message-ID: Looks to be down again since after 10am Central time... Have reports I need to complete... From nobody at spamcop.net Tue Nov 1 11:40:24 2005 From: nobody at spamcop.net (Anti-Spam) Date: Tue Nov 1 11:45:03 2005 Subject: [SpamCop-List] Reporting user database down? Message-ID: Cookies invalidated and unable to log in. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: info9@duetddcpj.net (generated by Webpoison) From spambait at whodat.net Tue Nov 1 10:41:29 2005 From: spambait at whodat.net (Darrel Toepfer) Date: Tue Nov 1 11:45:08 2005 Subject: [SpamCop-List] Re: Reporting user database down? In-Reply-To: References: Message-ID: Anti-Spam wrote: > Cookies invalidated and unable to log in. Preceded by "gateway timeout"... Appears to be working again though... From nobody at spamcop.net Tue Nov 1 15:25:03 2005 From: nobody at spamcop.net (Ellen) Date: Tue Nov 1 15:30:06 2005 Subject: [SpamCop-List] 11/1/2005 Maint Window Message-ID: Maintenance Window Nov 1, 2005 During the period 14:00-18:00 -0800 we will have an outage of about 45 minutes for the installation of new hardware for the reporting system. Thank you for your patience. The email system will not affected by this maintenance window. Ellen SpamCop follow/ups to SpamCop Please propagate to the forums From nospam at nospam.nl Tue Nov 1 22:25:57 2005 From: nospam at nospam.nl (geo_splash_12) Date: Tue Nov 1 16:30:02 2005 Subject: [SpamCop-List] Re: black list reporting In-Reply-To: References: Message-ID: mikeyhsd wrote: > where do you send ddresses to for black list reporting. > > am getting 20-30 emails a day from this idiot. all in unreadable hen > scratching. I will not install a language pack just to red this garbage. > > > Re: 125.57.106.93 (Administrator of network where email originates) > To: ip@cjdream.com (Notes) > To: ip@dreamline.co.kr (Notes) > > Re: http://www.gyakuten5.net/?dog (Administrator of network hosting > website referenced in spam) > To: abuse@elim.net (Notes) > > it ws using a yahoo mail account from australia, got it cancelled. > > every mail has been reported to spam cop reporting. > > mikeyhsd@sport.rr.com Please show us spamcop tracking url so that we understand what you're talking about. From nobody at spamcop.net Tue Nov 1 17:56:25 2005 From: nobody at spamcop.net (Ellen) Date: Tue Nov 1 18:00:07 2005 Subject: [SpamCop-List] Maint Window completed Message-ID: The maintenance window scheduled for 11/1/2005 has been completed. Thanks! Ellen SpamCop follow/ups to SpamCop Please propagate to the forums From mikeyhsd at sport.rr.com Tue Nov 1 18:24:06 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Tue Nov 1 19:25:03 2005 Subject: [SpamCop-List] Re: black list reporting References: Message-ID: will post the reporting link tomorrow. when i get more mails. mikeyhsd@sport.rr.com "geo_splash_12" wrote in message news:dk8mh7$u9o$1@news.spamcop.net... > mikeyhsd wrote: >> where do you send ddresses to for black list reporting. >> >> am getting 20-30 emails a day from this idiot. all in unreadable hen >> scratching. I will not install a language pack just to red this garbage. >> >> >> Re: 125.57.106.93 (Administrator of network where email originates) >> To: ip@cjdream.com (Notes) >> To: ip@dreamline.co.kr (Notes) >> >> Re: http://www.gyakuten5.net/?dog (Administrator of network hosting >> website referenced in spam) >> To: abuse@elim.net (Notes) >> >> it ws using a yahoo mail account from australia, got it cancelled. >> >> every mail has been reported to spam cop reporting. >> >> mikeyhsd@sport.rr.com > > Please show us spamcop tracking url so that we understand what you're > talking about. From borgholio at storymind.com Tue Nov 1 17:00:44 2005 From: borgholio at storymind.com (Borgholio) Date: Tue Nov 1 20:05:03 2005 Subject: [SpamCop-List] No more 3rd party reporting for me Message-ID: Specifically, forwarding spam to the FTC or FDA or whatever. I'm only going to forward phishing, Nigerian, and other similar scams. I'm getting so much spam now, that although Spamcop's paid service is working VERY well, forwarding it to many 3rd parties results in bounce messages due to the sheer volume of SPAM I'm trying to forward. It's too much hassle breaking it up into various categories, then each category into chunks small enough to forward. I'll settle for Spamcop reporting. From jeffg at spamcop.net Tue Nov 1 22:27:17 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 22:45:04 2005 Subject: [SpamCop-List] Re: Maint Window completed References: Message-ID: "Ellen" wrote in message news:dk8rvg$17l$1@news.spamcop.net... > The maintenance window scheduled for 11/1/2005 has been completed. Thanks! ... > Please propagate to the forums Done. The actual maintenance-induced downtime appears to have been between about 14:10 and 14:55 PST -0800, between about 17:10 and 17:55 EST -0500, and between about 22:10 and 22:55 UTC -0000. Thanks to the engineers and support staff who kept the downtime within the announced window and duration! -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Tue Nov 1 23:06:29 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 23:10:03 2005 Subject: [SpamCop-List] Re: Reporting user database down? References: Message-ID: "Darrel Toepfer" wrote in message news:dk85vf$lp2$2@news.spamcop.net... > Anti-Spam wrote: > > Cookies invalidated and unable to log in. > Preceded by "gateway timeout"... Appears to be working again though... Right. This is one of the many instances of unannounced downtime (outages) in the past five days that I have been documenting in the "Graphic & Link added" Topic at http://forum.spamcop.net/forums/index.php?showtopic=5235 , beginning at http://forum.spamcop.net/forums/index.php?showtopic=5235&view=findpost&p=35077 . I take my info from the SpamCop Statistics graph at http://alpha.cesmail.net/graphics/spamstats.gif on my off-site page "SpamCop.net - Total spam report volume mock-up" at http://forum.spamcop.net/forums/index.php?showtopic=5247 . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Tue Nov 1 23:25:54 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Nov 1 23:40:03 2005 Subject: [SpamCop-List] Re: What Happened Here? References: <43668D01.6AD546B7@SpamCop.net.dev.null> Message-ID: "Mike Easter" wrote: > Jeff G. wrote: > > Also, please see > > > http://www.rfc-ignorant.org/tools/lookup.php?domain=mort60sec.net&full=1 > Also, I'm not clear on the rfc-i entry for that domainname which sez > 'bogusmx removed'. > > The domainname itself doesn't have an MX or a routable A record, and the > nameservice has changed since yesterday so that all 5 of the nameservers > are at the same IP and they all time out. > > It is effectively currently dead, since it doesn't have nameservice. I am deeply saddened by the loss of effective nameservice for the mort60sec.net domain. NOT!!! Seriously, mort60sec.net had an A record yesterday pointing into the 192.168.x.y type of RFC1918-prohibited IP Address space, which is why the submission worked at the time. Then bad stuff started happening to that domain's nameservice. > Since the nameserver domainnames are reg'd to the same person and same > address, it might be worthwhile to similarly 'attack' the nameservice > USAELENDER.COM of whois.opensrs.net ie Tucows. If I could just get Tucows' whois.opensrs.net to respond more than ~20% of the time, that would be helpful. :) Ok, fine, Paul Shupak appears to have beat me to an RFCI whois listing of usaelender.com, but looking at http://www.rfc-ignorant.org/tools/detail.php?domain=usaelender.com&submitted=1130552149&table=whois , why would mta213.mail.dcn.yahoo.com (in its role as mx2.mail.yahoo.com) wait until after the DATA was complete before replying "554 delivery error: dd This user doesn't have a yahoo.ca account (ronaldhentington@yahoo.ca) [-5] - mta213.mail.dcn.yahoo.com"? Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From nospam at nospam.nl Wed Nov 2 06:38:28 2005 From: nospam at nospam.nl (geo_splash_12) Date: Wed Nov 2 00:40:02 2005 Subject: [SpamCop-List] Re: No more 3rd party reporting for me In-Reply-To: References: Message-ID: Borgholio wrote: > Specifically, forwarding spam to the FTC or FDA or whatever. I'm only > going to forward phishing, Nigerian, and other similar scams. I'm > getting so much spam now, that although Spamcop's paid service is > working VERY well, forwarding it to many 3rd parties results in bounce > messages due to the sheer volume of SPAM I'm trying to forward. It's > too much hassle breaking it up into various categories, then each > category into chunks small enough to forward. I'll settle for Spamcop > reporting. Facing a similar problem, my approach is to report only that spam that isn't already listed in other major blocklists like spamhaus xbl+sbl, sorbs, spews, ahbl and dsbl and when it doesn't originate from china or korea. This cuts down my spamcop usage. It is all done by scripts that look in the header of e-mails, it would be a nightmare to manually sort it out. Ejo From borgholio at storymind.com Tue Nov 1 21:52:19 2005 From: borgholio at storymind.com (Borgholio) Date: Wed Nov 2 00:55:03 2005 Subject: [SpamCop-List] Re: No more 3rd party reporting for me In-Reply-To: References: Message-ID: geo_splash_12 wrote: > Borgholio wrote: > >> Specifically, forwarding spam to the FTC or FDA or whatever. I'm only >> going to forward phishing, Nigerian, and other similar scams. I'm >> getting so much spam now, that although Spamcop's paid service is >> working VERY well, forwarding it to many 3rd parties results in bounce >> messages due to the sheer volume of SPAM I'm trying to forward. It's >> too much hassle breaking it up into various categories, then each >> category into chunks small enough to forward. I'll settle for Spamcop >> reporting. > > > Facing a similar problem, my approach is to report only that spam that > isn't already listed in other major blocklists like spamhaus xbl+sbl, > sorbs, spews, ahbl and dsbl and when it doesn't originate from china or > korea. This cuts down my spamcop usage. > > It is all done by scripts that look in the header of e-mails, it would > be a nightmare to manually sort it out. > > Ejo Since I use all the blacklists in my Spamcop filter system, I could simply manually report spam that slips through. That'd be a pretty good indicator that it's not already on major blacklists. :) From nobody at example.com Wed Nov 2 09:55:10 2005 From: nobody at example.com (John Smith) Date: Wed Nov 2 05:01:07 2005 Subject: [SpamCop-List] Spammer? Poplist.fr Message-ID: I've received an invitation "to confirm [my] subscription" to Poplist.fr, which (according to their web site) is an e-mail marketing company. Naturally, I never subscribed. But surprisingly, they say that if I don't confirm my subscription, they won't mail me again. If you received such an e-mail and want to report it as spam, you are within your rights to do so. But I'm not going to report it because I'd rather receive spam like this (which will go away if I ignore it) than the kind of junk I currently receive. (By the way, this company does everything is in French. I translated the quote.) From bar_n0ne at hotmail.com Wed Nov 2 14:06:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Nov 2 05:11:15 2005 Subject: [SpamCop-List] Re: Spammer? Poplist.fr References: Message-ID: "John Smith" wrote in message news:dka2du$ko6$1@news.spamcop.net... > I've received an invitation "to confirm [my] subscription" to > Poplist.fr, which (according to their web site) is an e-mail marketing > company. Naturally, I never subscribed. But surprisingly, they say that > if I don't confirm my subscription, they won't mail me again. > > If you received such an e-mail and want to report it as spam, you are > within your rights to do so. But I'm not going to report it because I'd > rather receive spam like this (which will go away if I ignore it) than > the kind of junk I currently receive. > > (By the way, this company does everything is in French. I translated the > quote.) All over NANAE today too, I'm beginning to think it's a cheap-ass way to advertise their newsletter. I also received this. http://groups.google.ca/group/news.admin.net-abuse.email/browse_thread/thread/953d33e9449837ad/1098cfee6fc411ba?hl=en#1098cfee6fc411ba sorry, but I'm sure OE and other newsreaders will break up the link. From nobody at nowhere.invalid Wed Nov 2 11:14:50 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Nov 2 05:15:08 2005 Subject: [SpamCop-List] Re: Spammer? Poplist.fr References: Message-ID: On Wed, 02 Nov 2005 09:55:10 +0000, John Smith coughed into spamcop and left this in : > But surprisingly, they say that if I don't confirm my subscription, > they won't mail me again. In that case, they're doing the Right Thing(tm). > If you received such an e-mail and want to report it as spam, you are > within your rights to do so. It makes a refreshing change to see an e-mail marketer doing the Right Thing(tm) for once. Reporting requests for confirmation as spam is not exactly going to encourage this correct MO. -- Steve Let's call it an accidental feature. -- Larry Wall From nobody at xyzzy.claranet.de Wed Nov 2 11:04:15 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Nov 2 05:20:13 2005 Subject: [SpamCop-List] Website down (?) Message-ID: <43688F1F.FEA@xyzzy.claranet.de> Hi, apparently the Web site is down (10:00 GMT, and it was already down from my POV at 6:00 GMT). Ping okay, and quick reports work. Bye, Frank From nobody at xyzzy.claranet.de Wed Nov 2 12:58:59 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Nov 2 07:05:03 2005 Subject: [SpamCop-List] Re: Website down (?) References: <43688F1F.FEA@xyzzy.claranet.de> Message-ID: <4368AA03.4B93@xyzzy.claranet.de> > apparently the Web site is down No, it's not, it was only _very_ slow to show up. It forced me to learn the art of reporting with two windows: First window to report the "next" pending submission, oldest to newer, secondary windows opened with links in the SC confirmation mails, newest to older. Bye, Frank From mikeyhsd at sport.rr.com Wed Nov 2 07:21:44 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Wed Nov 2 08:25:05 2005 Subject: [SpamCop-List] Re: black list reporting References: Message-ID: here is a link http://www.spamcop.net/sc?id=z822386771z92c697c6b7c3ad934c08cab7c6e46adez mikeyhsd@sport.rr.com "mikeyhsd" wrote in message news:dk90v5$42h$1@news.spamcop.net... > will post the reporting link tomorrow. when i get more mails. > > mikeyhsd@sport.rr.com > "geo_splash_12" wrote in message > news:dk8mh7$u9o$1@news.spamcop.net... >> mikeyhsd wrote: >>> where do you send ddresses to for black list reporting. >>> >>> am getting 20-30 emails a day from this idiot. all in unreadable hen >>> scratching. I will not install a language pack just to red this garbage. >>> >>> >>> Re: 125.57.106.93 (Administrator of network where email originates) >>> To: ip@cjdream.com (Notes) >>> To: ip@dreamline.co.kr (Notes) >>> >>> Re: http://www.gyakuten5.net/?dog (Administrator of network hosting >>> website referenced in spam) >>> To: abuse@elim.net (Notes) >>> >>> it ws using a yahoo mail account from australia, got it cancelled. >>> >>> every mail has been reported to spam cop reporting. >>> >>> mikeyhsd@sport.rr.com >> >> Please show us spamcop tracking url so that we understand what you're >> talking about. > From nobody at spamcop.net Wed Nov 2 09:22:39 2005 From: nobody at spamcop.net (Ellen) Date: Wed Nov 2 09:25:06 2005 Subject: [SpamCop-List] System outages/instability Message-ID: Morning folks -- yes we are having system problems and operations/engineering is working the issues. You may see failures trying to log-in or other error messages. Please do not try to change your password as this will not solve the problem. The problems will probably continue sporadically. There is no ETA right now for complete resolution but this is being treated by everyone as a priority 1 situation. Thank you for your patience! The email system is not affected. I suppose the good news is that there will still be shiney new spams to report after the problems are resolved -- and that is also the bad news .... Ellen SpamCop follow-ups to SpamCop Please propagate to the forums From nospam at nospam.org Wed Nov 2 15:42:37 2005 From: nospam at nospam.org (geo_splash_12) Date: Wed Nov 2 09:45:03 2005 Subject: [SpamCop-List] Re: black list reporting In-Reply-To: References: Message-ID: mikeyhsd wrote: > here is a link > http://www.spamcop.net/sc?id=z822386771z92c697c6b7c3ad934c08cab7c6e46adez I do not understand the first few header lines where the spamcop parser complains about IP 10.93.46.16. Where does this come from, is this correct? Furthermore the link shows that abuse reports were sent to the administrators of 125.57.108.71 (in the .kr domain), but apparently this IP is not listed within spamcop. (Korean / Chinese spam is almost impossible to get rid off, maybe consider to install your own specific filters for this problem. Finally abuse reports are sent because of a link within the spam, 211.112.18.18 which is within the elim.com domain. Ejo From jeffg at spamcop.net Wed Nov 2 10:31:17 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Nov 2 10:35:03 2005 Subject: [SpamCop-List] Re: System outages/instability References: Message-ID: "Ellen" wrote in message news:dkai7l$sj1$1@news.spamcop.net... > Morning folks -- yes we are having system problems and > operations/engineering is working the issues. ... > Please propagate to the forums Done. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From bill6 at wanadoo.fr Wed Nov 2 17:31:07 2005 From: bill6 at wanadoo.fr (cd) Date: Wed Nov 2 11:25:04 2005 Subject: [SpamCop-List] help u ? Message-ID: error I obtain : No userid found, sorry. Copyright (C) 1998-2005, IronPort Systems, Inc. All rights reserved. HTML4 / CSS2 Firefox recommended - Policies and Disclaimers putRow Table 'prefs' was not locked with LOCK TABLES (1100)/sc? putRow Table 'prefs' was not locked with LOCK TABLES (1100)/sc? cd From bill6 at wanadoo.fr Wed Nov 2 18:01:13 2005 From: bill6 at wanadoo.fr (cd) Date: Wed Nov 2 11:55:02 2005 Subject: [SpamCop-List] error message when "unsend report" Message-ID: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.93ec0f50.1130950178.977ea92 From bill6 at wanadoo.fr Wed Nov 2 18:06:55 2005 From: bill6 at wanadoo.fr (cd) Date: Wed Nov 2 12:05:03 2005 Subject: [SpamCop-List] Unreported Spam Saved: Report Now = message report : Message-ID: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.93ec0f50.1130950735.980cbb9 From nospam at dev.null Wed Nov 2 19:02:06 2005 From: nospam at dev.null (No Spam) Date: Wed Nov 2 12:05:07 2005 Subject: [SpamCop-List] Re: What Happened Here? In-Reply-To: References: <43668D01.6AD546B7@SpamCop.net.dev.null> Message-ID: Mike Easter wrote: > Michael Brennan" <"Michael Brennan Nobody wrote: > >>Regarding a Report Here: >> > > www.spamcop.net/sc?id=z821657304z827f981d88b239c3f1866b40f5ae8639z > >>I got the original parse back in the SpamCop Autoreply and saw that >>the SpamCop parser hadn't been able to resolve a spampage in the >>advertisement, > snip... > >>http://ream2gn.mort60sec.net/3/index/omega/i6eetdt > snip... > > > If you are doing a domainname registration information attack, you do > that with yesnic, and I think the best way to do it is with the form > process at internic.http://wdprs.internic.net/ Whois Data Problem > Report System > > > Same party (all whois details as at time of reporting from WDPRS report) saving-your-money.net - Reported 16/07/2005 via WDPRS (still active) Domain Name: SAVING-YOUR-MONEY.NET Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS1.XZMAK.COM Name Server: NS2.XZMAK.COM Name Server: NS3.XZMAK.COM Name Server: NS4.XZMAK.COM Name Server: NS6.XZMAK.COM Status: REGISTRAR-LOCK Updated Date: 06-jul-2005 Creation Date: 06-jul-2005 Expiration Date: 06-jul-2006 REGISTRAR WHOIS: Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Visit: http://www.namecheap.com/ Domain name: saving-your-money.net Registrant Contact: American Financial Ronald Hentington (americanfinancial2005@yahoo.co.uk) +1.2063384168 Fax: +1.2063384168 759 Mount Pleasant Road Toronto, ON M4S 2N4 CA .... EASYRATE-LOANS.COM Reported 03/07/2005 via WDPRS (still active!!) Domain Name: EASYRATE-LOANS.COM Registrar: TUCOWS INC. Whois Server: whois.opensrs.net Referral URL: http://domainhelp.tucows.com Name Server: NS1.XZMAK.COM Name Server: NS2.XZMAK.COM Name Server: NS3.XZMAK.COM Name Server: NS4.XZMAK.COM Name Server: NS5.XZMAK.COM Name Server: NS6.XZMAK.COM Status: ACTIVE Updated Date: 15-jun-2005 Creation Date: 14-jun-2005 Expiration Date: 14-jun-2006 WHOIS INFORMATION AS OF 2005/07/03 13:45:20 REGISTRAR WHOIS: Registrant: America Financial 759 Mount Pleasant Road Toronto, Ontario M4S 2N4 CA Domain name: EASYRATE-LOANS.COM Administrative Contact: Hentington, Ronald americanfinancial2005@yahoo.co.uk 759 Mount Pleasant Road Toronto, Ontario M4S 2N4 CA +1.2063384168 Fax: +1.2063384168 EASYRATE-LOANS.COM Reported 03/07/2005 via WDPRS (Now on hold) Domain Name: XZMAK.COM Registrar: TUCOWS INC. Whois Server: whois.opensrs.net Referral URL: http://domainhelp.tucows.com Name Server: NS1.XZMAK.COM Name Server: NS2.XZMAK.COM Name Server: NS3.XZMAK.COM Name Server: NS4.XZMAK.COM Name Server: NS5.XZMAK.COM Name Server: NS6.XZMAK.COM Status: ACTIVE Updated Date: 15-jun-2005 Creation Date: 14-jun-2005 Expiration Date: 14-jun-2006 WHOIS INFORMATION AS OF 2005/07/03 13:45:23 REGISTRAR WHOIS: Registrant: America Financial 759 Mount Pleasant Road Toronto, Ontario M4S 2N4 CA Domain name: XZMAK.COM Administrative Contact: Hentington, Ronald americanfinancial2005@yahoo.co.uk 759 Mount Pleasant Road Toronto, Ontario M4S 2N4 CA +1.2063384168 Fax: +1.2063384168 Now the interesting thing: Address is that of a bookshop!! Bookstore is well publisized on the internet and most likely source of stolen details: http://www.google.com/search?hl=en&lr=&q=%22759+Mount+Pleasant%22++Toronto&btnG=Search Interesting caveat: Since reports were filed, Contact Editions (the bookshop has moved). However, party has a record of fraulent "borrowing" of addresses http://www.obliquity.com/computer/spambait/theft11.html Re tel nr +1.2063384168: http://www.numberingplans.com/?page=analysis&sub=phonenr says: Information on phone number range +1 206 338XXXX Number billable as geographic number Country or destination United States City or exchange location Seattle, WA Original network provider* International Telcom, Ltd. - Wa So, yes, Jegg G's comment is extremely appropriate and I agree: "If I could just get Tucows' whois.opensrs.net to respond more than ~20% of the time, that would be helpful. :) " Cheers E From nospam at nospam.org Wed Nov 2 18:21:23 2005 From: nospam at nospam.org (geo_splash_12) Date: Wed Nov 2 12:25:03 2005 Subject: [SpamCop-List] Re: black list reporting In-Reply-To: <07nhm1d3q8qh12669tsqr75urcal0junfq@4ax.com> References: <07nhm1d3q8qh12669tsqr75urcal0junfq@4ax.com> Message-ID: Kenneth Loafman wrote: > On Wed, 02 Nov 2005 15:42:37 +0100, geo_splash_12 > wrote: > > >>mikeyhsd wrote: >> >>>here is a link >>>http://www.spamcop.net/sc?id=z822386771z92c697c6b7c3ad934c08cab7c6e46adez >> >>I do not understand the first few header lines where the spamcop parser >>complains about IP 10.93.46.16. Where does this come from, is this correct? >> >>Furthermore the link shows that abuse reports were sent to the >>administrators of 125.57.108.71 (in the .kr domain), but apparently this >>IP is not listed within spamcop. >> >>(Korean / Chinese spam is almost impossible to get rid off, maybe >>consider to install your own specific filters for this problem. >> >>Finally abuse reports are sent because of a link within the spam, >>211.112.18.18 which is within the elim.com domain. > > > 10.93.46.16 is thrown away because its part of a private network, not > routable. Possibly part of the rr.com internal net. In that case there might be something like a router configuration problem in the network, something like a linux mail handler returning a local network IP in the mail header rather than the IP number assigned to the subnet handled by the router. > > 0.0.0.0/8 - broadcast network > 10.0.0.0/8 - RFC 1918 private network > 127.0.0.0/8 - loopback network > 169.254.0.0/16 - link local network > 172.16.0.0/12 - RFC 1918 private network > 192.0.2.0/24 - TEST-NET network > 192.168.0/16 - RFC 1918 private network > 224.0.0.0/4 - class D multicast network > 240.0.0.0/5 - class E reserved network > 248.0.0.0/5 - reserved network > > Another SC poster put this together. Thanks. > > ...Ken From nobody at spamcop.net Wed Nov 2 10:30:22 2005 From: nobody at spamcop.net (N. Miller) Date: Wed Nov 2 13:35:05 2005 Subject: [SpamCop-List] Re: Spammer? Poplist.fr References: Message-ID: On Wed, 02 Nov 2005 09:55:10 +0000, John Smith wrote: > I've received an invitation "to confirm [my] subscription" to > Poplist.fr, which (according to their web site) is an e-mail marketing > company. Naturally, I never subscribed. But surprisingly, they say that > if I don't confirm my subscription, they won't mail me again. > > If you received such an e-mail and want to report it as spam, you are > within your rights to do so. But I'm not going to report it because I'd > rather receive spam like this (which will go away if I ignore it) than > the kind of junk I currently receive. > > (By the way, this company does everything is in French. I translated the > quote.) You have no way to know whether they bought a list, and are trying to clean it up (bad thing), or somebody attempted to "forge subscribe" you to the list, and they were just verifying the subscription request (good thing). Given the fact that you can't distinguish the one from the other, you should just treat it as the result of a "forge subscription" attempt, and that the list manager is trying to do the "right thing". -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From jeffg at spamcop.net Wed Nov 2 14:44:03 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Nov 2 14:55:09 2005 Subject: [SpamCop-List] Re: black list reporting References: <07nhm1d3q8qh12669tsqr75urcal0junfq@4ax.com> Message-ID: "geo_splash_12" wrote in message news:dkasik$2uu$1@news.spamcop.net... > Kenneth Loafman wrote: > > On Wed, 02 Nov 2005 15:42:37 +0100, geo_splash_12 > > wrote: > > > > > >>mikeyhsd wrote: > >> > >>>here is a link > >>>http://www.spamcop.net/sc?id=z822386771z92c697c6b7c3ad934c08cab7c6e46 adez > >> > >>I do not understand the first few header lines where the spamcop parser > >>complains about IP 10.93.46.16. Where does this come from, is this correct? > >> > >>Furthermore the link shows that abuse reports were sent to the > >>administrators of 125.57.108.71 (in the .kr domain), but apparently this > >>IP is not listed within spamcop. > >> > >>(Korean / Chinese spam is almost impossible to get rid off, maybe > >>consider to install your own specific filters for this problem. > >> > >>Finally abuse reports are sent because of a link within the spam, > >>211.112.18.18 which is within the elim.com domain. > > > > > > 10.93.46.16 is thrown away because its part of a private network, not > > routable. Possibly part of the rr.com internal net. > > In that case there might be something like a router configuration > problem in the network, something like a linux mail handler returning a > local network IP in the mail header rather than the IP number assigned > to the subnet handled by the router. It is part of the rr.com internal net. rr.com generally has several mailservers process an incoming email message before it is delivered to the intended recipient, and some of those are on its internal network. This is nothing to be concerned about. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From tnathan at idyllicsys.com Wed Nov 2 20:32:24 2005 From: tnathan at idyllicsys.com (Ted Nathan) Date: Wed Nov 2 20:35:03 2005 Subject: [SpamCop-List] Spoofed Message Causing ISP shutdowns Message-ID: I am new to this group, but I have a problem and this seemed to be the first logical place to look for an answer. I have a client who had a marketing company create a news piece from distribution via e-mail. Unfortunately, it was sent out prematurely and to people who did not ask for it, thus it was spam. They understand the mistake that was made, especially when Google and Microsoft start screaming at you. So this was strike one. A few days later, some kid out of France sent the exact same announcement out as spam again. Microsoft and Google and others called the ISP and had them shutdown. And it happened again today. What can i do to protect my client from this happening again? I know how to stop spam from coming in and going out of my clients' networks, but how do you every kid in the world from shutting down your business? TIA Ted From tnathan at idyllicsys.com Wed Nov 2 20:32:24 2005 From: tnathan at idyllicsys.com (Ted Nathan) Date: Wed Nov 2 20:40:02 2005 Subject: [SpamCop-List] Spoofed Message Causing ISP shutdowns Message-ID: I am new to this group, but I have a problem and this seemed to be the first logical place to look for an answer. I have a client who had a marketing company create a news piece from distribution via e-mail. Unfortunately, it was sent out prematurely and to people who did not ask for it, thus it was spam. They understand the mistake that was made, especially when Google and Microsoft start screaming at you. So this was strike one. A few days later, some kid out of France sent the exact same announcement out as spam again. Microsoft and Google and others called the ISP and had them shutdown. And it happened again today. What can i do to protect my client from this happening again? I know how to stop spam from coming in and going out of my clients' networks, but how do you every kid in the world from shutting down your business? TIA Ted From mwnospam at comcast.net Wed Nov 2 21:31:56 2005 From: mwnospam at comcast.net (spamacyde) Date: Wed Nov 2 21:35:03 2005 Subject: [SpamCop-List] Messages with No Subject Header and No Message Body (Again) Message-ID: Over the past three days, 95% of the spam I've been getting contains no message subject and no body. This supports my contention that spammy's motivations are political rather than financial. Or perhaps spammy is pissed off at my reporting efforts. Anybody else experiencing a rash of blank emails? From MikeE at ster.invalid Wed Nov 2 18:58:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 2 22:00:02 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: Ted Nathan wrote: > I am new to this group, but I have a problem and this seemed to be the > first logical place to look for an answer. Bear in mind that there are skeptics in here. Including me. > I have a client who had a marketing company create a news piece from > distribution via e-mail. Unfortunately, it was sent out prematurely > and to people who did not ask for it, thus it was spam. Some people say, 'Once a spammer always a spammer; the spammer just tries to figure out ways to cover hir tracks.' > They > understand the mistake that was made, especially when Google and > Microsoft start screaming at you. So this was strike one. It doesn't matter whether it was google or MS or spamcop or whoever. Unsolicited mail is going to get reported various ways. There are blocklists for spamsources and their are also blocklists such as spews which target the spamvertiser. > A few days later, some kid out of France sent the exact same > announcement out as spam again. Now you are alleging what? That your spamvertiser client commissioned a spammer to use a .fr spamsource? That all of a sudden the once spammer is now a victim of a joe-job pretending to be spamvertising your client? Of the two, it is more likely that your client is the spamvertiser and the spamsource is somehow the .fr 'kid'. > Microsoft and Google and others called > the ISP and had them shutdown. And it happened again today. That's what happens when you are spamvertised and your website provider doesn't believe the hokey spamvertiser story. Antispammers have heard spammer lies before. The first 2 rules about spammers is that spammers lie. > What can i do to protect my client from this happening again? I think your client's reputation is shot. I think your client should get out of the spamvertising business. Maybe they should consider sinking some big bucks into a snail mail campaign. That is 'legitimate' unsolicited bulk marketing mailing. > I know > how to stop spam from coming in and going out of my clients' networks, You haven't proven that to anyone involved yet. > but how do you every kid in the world from shutting down your > business? How to you keep every spammer in the world from screaming, "I've been joe-jobbed! I didn't send out the spam spamvertising my product." The answer is, I guess you don't. No one is interested in hearing the spamvertiser joejob story unless you can prove it, which you can't. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Nov 2 19:00:52 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 2 22:05:04 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: spamacyde wrote: > Over the past three days, 95% of the spam I've been getting contains > no message subject and no body. This supports my contention that > spammy's motivations are political rather than financial. Or perhaps > spammy is pissed off at my reporting efforts. Anybody else > experiencing a rash of blank emails? Not I. Anytime you think there is some kind of extra special unique situation going on, you should consider the more likely possibities. It isn't likely that someone is intentionally spewing out payload-less spams. It is more likely that something is broken. Some zombies are very fragile. If the zombie is b0rken, its performance is whacky. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Thu Nov 3 13:45:26 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed Nov 2 22:50:06 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: "Mike Easter" wrote in message news:dkbubq$lbe$1@news.spamcop.net... > Ted Nathan wrote: > >> I am new to this group, but I have a problem and this seemed to be the >> first logical place to look for an answer. > > Bear in mind that there are skeptics in here. Including me. I'm pretty skeptical, too. Especially after checking his posting host and the from address listed on the news message. They both resolve to apparently unrelated hosts. >> I have a client who had a marketing company create a news piece from >> distribution via e-mail. Unfortunately, it was sent out prematurely >> and to people who did not ask for it, thus it was spam. > > Some people say, 'Once a spammer always a spammer; the spammer just > tries to figure out ways to cover hir tracks.' Either that or someone needs another award. >> They >> understand the mistake that was made, especially when Google and >> Microsoft start screaming at you. So this was strike one. > > It doesn't matter whether it was google or MS or spamcop or whoever. > Unsolicited mail is going to get reported various ways. There are > blocklists for spamsources and their are also blocklists such as spews > which target the spamvertiser. Fact is they probably encountered someone new to spamming, as it seems such people are commonplace. Then this person comes here and tries to get himself off. I rather doubt it'll be happy days for him anytime soon. >> A few days later, some kid out of France sent the exact same >> announcement out as spam again. > > Now you are alleging what? That your spamvertiser client commissioned a > spammer to use a .fr spamsource? That all of a sudden the once spammer > is now a victim of a joe-job pretending to be spamvertising your client? > Of the two, it is more likely that your client is the spamvertiser and > the spamsource is somehow the .fr 'kid'. Either that or they are their partner in spamming. It sounds just as likely as a legitimate corporation accidentally hiring a spammer to do their marketing work, and promptly getting landed in the SCBL et al like a fish hooked by a worm on a fishing line. >> Microsoft and Google and others called >> the ISP and had them shutdown. And it happened again today. > > That's what happens when you are spamvertised and your website provider > doesn't believe the hokey spamvertiser story. Antispammers have heard > spammer lies before. The first 2 rules about spammers is that spammers > lie. Rule #3, if spammer complains that they're not lying refer them to rules #1 and #2. >> What can i do to protect my client from this happening again? > > I think your client's reputation is shot. I think your client should > get out of the spamvertising business. Maybe they should consider > sinking some big bucks into a snail mail campaign. That is 'legitimate' > unsolicited bulk marketing mailing. They should announce a "going out of buisness" sale, or advertise their real estate that they own for sale or rent. Or if they're renting, see if they can avoid getting entangled in their renter's penalty clause. Other than that probably quit being a target. >> I know >> how to stop spam from coming in and going out of my clients' networks, > > You haven't proven that to anyone involved yet. It probably means they filter their incoming mail for junk like most spammers probably would, so this spamcop report is just another spam item to them. If they want to prove they're legitimate and have some kind of legitimate reason to be mailing people who do want their news letter, let them prove it. >> but how do you every kid in the world from shutting down your >> business? > > How to you keep every spammer in the world from screaming, "I've been > joe-jobbed! I didn't send out the spam spamvertising my product." > > The answer is, I guess you don't. > > No one is interested in hearing the spamvertiser joejob story unless you > can prove it, which you can't. It would be interesting indeed, if he tries to prove it. I really was wondering if this guy was a spammer trying to get off the SCBL et al. -- Cheers ... Geoffrey Hyde From MikeE at ster.invalid Wed Nov 2 19:45:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 2 22:50:11 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: Just so we can talk about some real stuff instead of some kind of imaginary hypothesis. Ted Nathan wrote: > I have a client who had a marketing company create a news piece from > distribution via e-mail. What was the website being spamvertised? that is, provide a link. > So this was strike one. Does that mean that a website provider shut them down? Which one? > A few days later, some kid out of France sent the exact same > announcement out as spam again. Does that mean that you can actually name the 'kid'? Or are you just making something up? If you can't name the kid, name the IP address that you are alleging sent out spam against the wishes of your client. > Microsoft and Google and others called > the ISP and had them shutdown. Does that mean that another different website provider shut down the spamvertised site again, or the same website provider shut down the same spamvertising website again? > And it happened again today. Does that mean that your spamvertising client has been shut down for spamvertising 3 times? By the same website provider or by different ones? Is your client listed in spamhaus in the Registry of Known Spam Operations database of professional spam operations that have been terminated by a minimum of 3 Internet Service Providers for spam offenses? Is your role in all of this to be lied to by your spamvertising client who is claiming to be innocent of spamvertising, or what? > What can i do to protect my client from this happening again? What exactly are you claiming is 'happening'? Explain in exact detail what you mean 'happening again'. Presumably this http://www.idyllicsys.com/default.htm is 'you' which domainname is registered to Ted Nathan -- ie the company who has the as yet unnamed spamvertiser client. Who/what is the client? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Nov 2 20:09:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 2 23:10:03 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: Geoffrey Hyde wrote: > Especially after checking his posting > host and the from address listed on the news message. They both > resolve to apparently unrelated hosts. His posting host is just an EarthLink cable modem running on TW/RR infrastructure in Michigan, while his posted address is that of his company's domainname and mailserver, which company is also based in MI. Nothing odd about all that. -- Mike Easter kibitzer, not SC admin From nospam at nospam.nl Thu Nov 3 05:25:00 2005 From: nospam at nospam.nl (geo_splash_12) Date: Wed Nov 2 23:30:02 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns In-Reply-To: References: Message-ID: Ted Nathan wrote: > I am new to this group, but I have a problem and this seemed to be the > first logical place to look for an answer. > > I have a client who had a marketing company create a news piece from > distribution via e-mail. Unfortunately, it was sent out prematurely > and to people who did not ask for it, thus it was spam. They > understand the mistake that was made, especially when Google and > Microsoft start screaming at you. So this was strike one. > > A few days later, some kid out of France sent the exact same > announcement out as spam again. Microsoft and Google and others called > the ISP and had them shutdown. And it happened again today. > > What can i do to protect my client from this happening again? I know > how to stop spam from coming in and going out of my clients' networks, > but how do you every kid in the world from shutting down your > business? If you want to start a discussion in this newsgroup, then we certainly would like to see a tracking URL of the e-mail examples that you discuss. > > TIA > > Ted From Nobody at SpamCop.net.dev.null Wed Nov 2 22:31:22 2005 From: Nobody at SpamCop.net.dev.null (Michael Brennan) Date: Wed Nov 2 23:35:03 2005 Subject: [SpamCop-List] "Doctor" Slides Past Postini Message-ID: <4369929A.9545752E@SpamCop.net.dev.null> Posters to another newsgroup on an ISP that uses Postini filtering services are expressing frustration that they can't keep Leo Kuvayev's "Doctor"/"Online Pharmaceuticals" drug spams out of their mailboxes. Postini is apparently ineffectual at keeping them out. Leo's ring has a username list courtesy of a dictionary attack Michael Lindsay executed about 18 months ago. Recent example that I received: http://www.spamcop.net/sc?id=z821549247z6e7fe470733e39184cc65980fec5587cz Is there anything special about these spams, that would enable them to evade Postini's filtering? Michael B. From Nobody at SpamCop.net.dev.null Wed Nov 2 22:37:33 2005 From: Nobody at SpamCop.net.dev.null (Michael Brennan) Date: Wed Nov 2 23:40:02 2005 Subject: [SpamCop-List] Telenor Rogers Up Message-ID: <4369940D.7F40987C@SpamCop.net.dev.null> I manually LARTed Telenor.net after a SpamCop note indicated they don't accept SpamCop reports "unmunged", or don't accept them at all. After about three days, I did get the right response from their abuse desk. ____________________________________________________________ >From : Telenor Abuse Response Team Sent : Wednesday, November 2, 2005 4:40 AM To : x CC : abuse@telenor.net Subject : Your Open Proxy Hosts Spamrun | | | Inbox At 23:44 CEST 2005-10-28 wrote: > Gentlemen: > > > Attached is a SpamCop notice I just sent up. Your server is being used for > spamruns. Please secure your server, thanks. > > > Best regards, > Michael Brennan > > _________________________________________________ > > > Help | Site Map We have added a block to this account, which we believe will stop further problems of this kind. The customer will also be notified. Please excuse the inconvenience. -- Abuse Response Team abuse@telenor.net Telenor _________________________________________________________________ Their response would seem to entitle Telenor to a white hat. Michael From spamcop-list-at-news.spamcop.net at musaic.net Thu Nov 3 07:26:14 2005 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Thu Nov 3 01:26:38 2005 Subject: [SpamCop-List] Telenor Rogers Up In-Reply-To: <4369940D.7F40987C@SpamCop.net.dev.null> References: <4369940D.7F40987C@SpamCop.net.dev.null> Message-ID: <253246689.20051103072614@musaic.net> > Their response would seem to entitle Telenor to a white hat. I am not sure - they are certainly slow taking down spamvertised sites unless the offender also sent spam from their network. This is a known trick amongst Scandinavian spammers: Spam from one network, make sure it is not affiliated with Telenor, spamvertised site is not taken down (except when illegal). We have seen sites alive for months this way - even a notorious slimming "remedy" spammer Rune Olav Halvorsrud got away with it spamvertising a bunch of illegal sites, illegal because the "companies" he spamvertised didn't exist *etc* *etc* Telenor did not act on any spam complaint unless the _mail_ was sent thru their servers. It didn't count that it the _websites_ had Telenor IPs assigned... Whitehat? Slow? Clueless? -- St PS! Michael, you added your comment below Telenor's signature limiter - which means that when replying to you message, everything except your comment was quoted (and I had to manually add it to the reply). May I recommend you to please edit your quotations a bit... ;) From Nobody at SpamCop.net.dev.null Thu Nov 3 00:44:44 2005 From: Nobody at SpamCop.net.dev.null (Michael Brennan) Date: Thu Nov 3 01:45:03 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> Message-ID: <4369B1DC.216FBDCA@SpamCop.net.dev.null> Mike Easter wrote: > > Michael Brennan" > > Mike Easter wrote: > > > In order to keep the agencies in usably fresh > > product, I'd still have to sort and forward the items manually by > > content. > > I have no idea what that sentence means. I mean that sorting is content-based. Pharmacy spams go to one list (FDA, for their anti-diversion project, SpamCop parser, etc.), "phony Rolex" spams go to another (FBI CyberCrime, for the FBI's counterfeit-merchandise project, plus SpamCop and others), "mortgage" phishes to yet another (Secret Service FCD, Netcraft, BankSafeOnline U.K., SpamCop, etc.); and of course all the lists include Postini, which filters for my ISP (I don't use their service, but I don't mind feeding it), and the UCE group at FTC. That sorting has to be done manually. Then I send all the like-kind spams together as one "send" to each list, which is kept separately as an OE addressbook group. Michael From jg at coks.net Wed Nov 2 23:00:32 2005 From: jg at coks.net (jg) Date: Thu Nov 3 02:00:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) In-Reply-To: References: Message-ID: On 11/2/2005 7:00 PM Mike Easter scribbled: > spamacyde wrote: > >>Over the past three days, 95% of the spam I've been getting contains >>no message subject and no body. This supports my contention that >>spammy's motivations are political rather than financial. Or perhaps >>spammy is pissed off at my reporting efforts. Anybody else >>experiencing a rash of blank emails? > > > Not I. > > Anytime you think there is some kind of extra special unique situation > going on, you should consider the more likely possibities. > > It isn't likely that someone is intentionally spewing out payload-less > spams. It is more likely that something is broken. > > Some zombies are very fragile. If the zombie is b0rken, its performance > is whacky. > Having read that, I need to chime in that I have been getting an inordinate (for me) number of said blank crap in the past week - so something must indeed be borken - maybe a BIG zombie... From Nobody at SpamCop.net.dev.null Thu Nov 3 01:00:51 2005 From: Nobody at SpamCop.net.dev.null (Michael Brennan) Date: Thu Nov 3 02:05:03 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> Message-ID: <4369B5A3.80C72E28@SpamCop.net.dev.null> "Jeff G." wrote: > > "Mike Easter" wrote in message > news:dk67su$kf7$1@news.spamcop.net... > > Michael Brennan" > > > In order to keep the agencies in usably fresh > > > product, I'd still have to sort and forward the items manually by > > > content. > > > > I have no idea what that sentence means. > > I think Michael is talking about doing manual sorting so that he can > keep sending the appropriate fresh spam (product) to the appropriate > Federal Agencies (FTC, FDA, FBI, etc.) Yes, exactly. Thanks. Sometimes time isn't necessarily of the essence, but I began to think in terms of timeliness when dealing with "pump & dump" spams that came in a few hours before the scheduled start of trading in New York. I wanted to make sure the SEC got those timely. On second thought, I might have forwarded them to the NASD or the NYSE as well. Talk about spoiling someone's play -- the exchanges can make that happen. Michael From g.hyde at bigpond.net.au Thu Nov 3 17:00:45 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Nov 3 02:10:02 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> Message-ID: I'm not an expert by any means, it sounds like you're filtering at a client-side level, unless you have access to some server-side filtering software (which is what most mailhost software for ISP applications lacks) really the only other thing I know of is to find the injecting IP and follow up with a formal complaint to the owner of that address. Which SpamCop has already done for you. The other thing that worries me is one spam is not much to worry about and it also is not much to go on either. Perhaps if you had multiple spams for people to examine they could give you a better idea of what to block. If the mail filtering software for the clients has some kind of filtering setup, you can set it up to reject these mails based on keywords in the message body of the spam. Pharmecuticals would be a good one, but if you don't have filtering software try googling for something, there are plenty of programs designed to filter out spam on the internet. A trainable filter can usually weed out spams like this with bogus keywords in the message body, or at least can be trained to recognize them. Cheers ... Geoffrey Hyde "Michael Brennan" wrote in message news:4369929A.9545752E@SpamCop.net.dev.null... > Posters to another newsgroup on an ISP that uses Postini filtering > services are expressing frustration that they can't keep Leo Kuvayev's > "Doctor"/"Online Pharmaceuticals" drug spams out of their mailboxes. > Postini is apparently ineffectual at keeping them out. Leo's ring has > a username list courtesy of a dictionary attack Michael Lindsay executed > about 18 months ago. > > Recent example that I received: > > http://www.spamcop.net/sc?id=z821549247z6e7fe470733e39184cc65980fec5587cz > > Is there anything special about these spams, that would enable them to > evade Postini's filtering? > > Michael B. From Nobody at SpamCop.net.dev.null Thu Nov 3 03:05:41 2005 From: Nobody at SpamCop.net.dev.null (Michael Brennan) Date: Thu Nov 3 04:10:23 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> Message-ID: <4369D2E5.248C5F34@SpamCop.net.dev.null> Geoffrey Hyde wrote: > > I'm not an expert by any means, it sounds like you're filtering at a > client-side level, unless you have access to some server-side filtering > software (which is what most mailhost software for ISP applications lacks) > really the only other thing I know of is to find the injecting IP and follow > up with a formal complaint to the owner of that address. Which SpamCop has > already done for you. Postini supposedly filters on the server side. ISP reroutes to Postini, who filters and sends it back. > The other thing that worries me is one spam is not much to worry about and > it also is not much to go on either. Perhaps if you had multiple spams for > people to examine they could give you a better idea of what to block. Well, as it happens, I just got another one since I posted that, and I reported it here: http://www.spamcop.net/sc?id=z822669466z253d826558df28c70266e653934148daz > A trainable filter > can usually weed out spams like this with bogus keywords in the message > body, or at least can be trained to recognize them. I made the same suggestion to the people on the other newsgroup who were complaining about these spams from this particular spammer, which appear to be unique in their ability consistently to defeat whatever Postini is doing. Regards, Michael From nobody at xyzzy.claranet.de Thu Nov 3 14:22:40 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Nov 3 08:25:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> Message-ID: <436A0F20.4804@xyzzy.claranet.de> > the geocities link problem is (again ?) as bad as always, Today's statistics: 27 + 41 + 13 + 24 + 50 = 155 reloads for 5 geospam reports, that's 31 reloads per report. Bye From MikeE at ster.invalid Thu Nov 3 07:29:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 10:30:04 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B1DC.216FBDCA@SpamCop.net.dev.null> Message-ID: Michael Brennan wrote: > Mike Easter wrote: >> >> Michael Brennan" >>> Mike Easter wrote: > > >> >>> In order to keep the agencies in usably fresh >>> product, I'd still have to sort and forward the items manually by >>> content. >> >> I have no idea what that sentence means. > > I mean that sorting is content-based. Pharmacy spams go to one list > (FDA, for their anti-diversion project, SpamCop parser, etc.), "phony > Rolex" spams go to another (FBI CyberCrime, for the FBI's > counterfeit-merchandise project, plus SpamCop and others), "mortgage" > phishes to yet another (Secret Service FCD, Netcraft, BankSafeOnline > U.K., SpamCop, etc.); and of course all the lists include Postini, > which filters for my ISP (I don't use their service, but I don't mind > feeding it), and the UCE group at FTC. > > That sorting has to be done manually. Then I send all the like-kind > spams together as one "send" to each list, which is kept separately as > an OE addressbook group. Now I understand, but.... Well, call me a 'grizzled old doubting Thomas' -- who has also learned on which battlefields or skirmishes to sacrifice my troops and where to not waste my efforts. I don't honestly believe that the FDA, FBI, FCD, et al actually open the spams which they are sent, but instead I think it is more likely that they are 'processed' by some kind of automated gizmo looking for something that they are currently 'working on'. And everything which isn't pertinent to what they are working on is just put into the big fat pile of stuff they aren't working on. Given that hypothetical scenario, that means that all of the effort you are going to to characterize and sort your spam into referral piles is 'wasted' -- depending upon your or my definition of wasted. It isn't wasted if you just like to be very very orderly, but it is probably wasted in terms of how well you have used your time sorting your spam for someone else who isn't looking at the results of the sorting. And that someone else probably has much more efficient methods for finding what they are looking for that your own sorting and characterizing methods. That being sed.... It would probably work just as well for you to create a little text which explains that you haven't sorted your spam and that you are sending it all to the various agencies -- and let them sort it out for themselves. That is, the FDA wouldn't be just getting pharm spam, the FDA would be getting all your spam. The financial crimes FCD wouldn't be getting just the mortgage spam, they would be getting all your spam. Color me skeptical, but it doesn't make much sense to me to have a human bean 'manually' handling all his spam, so as to have his human touch on what he sends to some big bad machine which is able to comb thru' millions of items an hour looking for just what it wants. That is, I don't think your activities represent one human spam recipient sending a copy of something to one human FDA agent. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Nov 3 07:48:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 10:50:02 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> Message-ID: Michael Brennan wrote: www.spamcop.net/sc?id=z821549247z6e7fe470733e39184cc65980fec5587cz > > Is there anything special about these spams, that would enable them to > evade Postini's filtering? Michael Brennan wrote: > Well, as it happens, I just got another one since I posted that, and I > reported it here: > www.spamcop.net/sc?id=z822669466z253d826558df28c70266e653934148daz I can't answer the question the way you posed it as a postini issue, but I can address the specifics of those two spams with a generality. For me, the most important characteristic of a spam is its headers; and my spamfilter 'likes' [and uses] blocklists. Those two spams were both sourced from IPs which are listed 'all over the place' -- that is, each had an IP in the headers and which the server received the item from, which was multilisted as an abused proxy/trojan spamsource. The IP of the 2nd was listed in CBL [spamtrap hits as a proxy/trojan] which puts it into SBL-XBL, another popular blocklist, NJABL-proxies [spamtrap hits as proxy/trojan] and SCbl [spamtrap and reporter as spamsource]. It was also listed in other blocklists, but those are the majors which a good filter could be paying attention to. The IP of the first was listed in CBL, DNSBL, SBL-XBL, and others. I didn't look at the spambody to see if it had body characteristics which might've been found by my filter's body plugin, because I don't like to look at spambodies unnecessarily. It wouldn't be necessary for my filter to even look at the body to tag it as a spam because of the blocklisted condition found in the headers. -- Mike Easter kibitzer, not SC admin From jg at coks.net Thu Nov 3 08:11:23 2005 From: jg at coks.net (jg) Date: Thu Nov 3 11:10:02 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? In-Reply-To: <4369B5A3.80C72E28@SpamCop.net.dev.null> References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: On 11/2/2005 11:00 PM Michael Brennan scribbled: forwarded them to the NASD or the NYSE as well. Talk about spoiling > someone's play -- the exchanges can make that happen. > > Michael I've not seen anywhere that the NYSE gets actively involved. Have you? I do know that the NASD doesn't want to hear /anything/ unless the spam is proven to be from a NASD member - so says their site, or so /said/ their site - I haven't revisited it in a while. It makes sense - they have their own fish to fry with lame brokers, telemarketers, and so=called advisors... From nobody at xyzzy.claranet.de Thu Nov 3 18:03:44 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Nov 3 12:05:03 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> Message-ID: <436A42F0.38B2@xyzzy.claranet.de> Mike Easter wrote: > my spamfilter 'likes' [and uses] blocklists. Those two > spams were both sourced from IPs which are listed 'all > over the place' You checked this about 11 hours after Michael reported it, so maybe it was different when this stuff hit "postini" - just a random thought. Bye, Frank From MikeE at ster.invalid Thu Nov 3 09:37:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 12:40:03 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> <436A42F0.38B2@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> my spamfilter 'likes' [and uses] blocklists. Those two >> spams were both sourced from IPs which are listed 'all >> over the place' > > You checked this about 11 hours after Michael reported it, > so maybe it was different when this stuff hit "postini" - > just a random thought. Yeah, I tho't about that, but there wasn't any perfect way to address that issue. 218.238.26.80 got listed in cbl 2005-10-31 05:00 GMT -- but 220.84.164.47 didn't get listed there until 2005-11-03 07:00 GMT However, 220.84.164.47 got listed in DSBL last 2004 Oct, and it got listed in NJABL-proxies Sun Oct 24 06:22:23 2004 EST Since my filter uses both cbl & njabl [indirectly] as well as a number of others, it would have tagged both of those. Or, said another way, just using spamhaus sbl-xbl, which embraces cbl & njabl as well as blitzed, would have solved the problem. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 18:35:31 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 13:40:03 2005 Subject: [SpamCop-List] Re: Dave/Null not such a popular reporting address any longer References: <435FD71A.D1D5FCA0@SpamCop.net.dev.null> Message-ID: Steven Maesslein wrote in news:slrndm3ut5.3ra.nobody@127.0.0.1: > > They can pull "kr." out of the root DNS servers... > They can.. but they wont yank a complete country out. > Before: > > $ dig @a.root-servers.net kr in soa > > ; <<>> DiG 9.3.1 <<>> @a.root-servers.net kr in soa > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49051 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 9 > > ;; QUESTION SECTION: > ;kr. IN SOA > > ;; AUTHORITY SECTION: > kr. 172800 IN NS A.DNS.kr. > kr. 172800 IN NS C.DNS.kr. > kr. 172800 IN NS B.DNS.kr. > kr. 172800 IN NS D.DNS.kr. > kr. 172800 IN NS E.DNS.kr. > kr. 172800 IN NS F.DNS.kr. > kr. 172800 IN NS G.DNS.kr. > > ;; ADDITIONAL SECTION: > A.DNS.kr. 172800 IN A 202.30.50.50 > C.DNS.kr. 172800 IN A 203.248.240.141 > B.DNS.kr. 172800 IN A 211.216.50.130 > D.DNS.kr. 172800 IN A 203.255.234.103 > E.DNS.kr. 172800 IN AAAA 2001:dcc:5::100 > E.DNS.kr. 172800 IN A 202.30.124.100 > F.DNS.kr. 172800 IN A 210.94.0.15 > G.DNS.kr. 172800 IN AAAA 2001:dc5:a::1 > G.DNS.kr. 172800 IN A 202.31.190.1 > > ;; Query time: 135 msec > ;; SERVER: 198.41.0.4#53(198.41.0.4) > ;; WHEN: Fri Oct 28 12:19:16 2005 > ;; MSG SIZE rcvd: 304 > > > Afterwards: > > $ dig @a.root-servers.net kr in soa > > ; <<>> DiG 9.3.1 <<>> @a.root-servers.net kr in soa > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16462 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;kr. IN SOA > > ;; AUTHORITY SECTION: > . 86400 IN SOA A.ROOT-SERVERS.NET. > NSTLD.VERISIGN-GRS.COM. 2005102701 1800 900 604800 86400 > > ;; Query time: 135 msec > ;; SERVER: 198.41.0.4#53(198.41.0.4) > ;; WHEN: Fri Oct 28 12:19:49 2005 > ;; MSG SIZE rcvd: 95 > > >:o) > Show off. :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 18:35:33 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 13:40:07 2005 Subject: [SpamCop-List] Re: Dave/Null not such a popular reporting address any longer References: <435FD71A.D1D5FCA0@SpamCop.net.dev.null> Message-ID: "Geoffrey Hyde" wrote in news:djst5q$pp5$2@news.spamcop.net: > > And yet, they appear to have quite successfully setup a network that > allows spammers to easily target people outside of kornet/shinbiro ... > Probably because their routers probably still have the default password for admin access? > > Wow, I wonder what they'd say if somene handed them a trace utility > and a frequency tracer for the physical lines, and told them where to > go to find and fix the problem servers??? Or did they just happen to > be so bad at server installation that they accidentally forgot to > write down where these servers were installed. I smell a Korean rat > here, quite possibly the main nest. > I do too. It just goes beyond logic that they would be THAT clueless about this. > > Either they are very bad at managing their internet systems, or they > don't really care what our problems with their systems are. > My feeling has shifted between these two.. but usually average in between. On the one hand why care if they are making money, and why bother learning how to manage if there is nothing to care about. Simply plug and play, and that is it. > > From what you're telling me here, that could take a while. Do > you want to snail mail them some really big hints? ;) > I'm going to save my stamps. They've already received enough hints from enough people. :-) From porpoise1954 at yahoo.co.uk Thu Nov 3 18:24:42 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 3 13:45:02 2005 Subject: [SpamCop-List] Ping Mike E Message-ID: Mike, Can you make any sense out of this? I can't quite figga what I'm looking at........ http://www.spamcop.net/sc?id=z822825219zde4c34f6e5134c1955396a200fe3351ez From MikeE at ster.invalid Thu Nov 3 10:56:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 14:00:03 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> <4369D2E5.248C5F34@SpamCop.net.dev.null> Message-ID: Michael Brennan wrote: > Postini supposedly filters on the server side. ISP reroutes to > Postini, who filters and sends it back. The problem with that arrangement is that the healthiest and most efficient way to filter something at the server level would be to reject something very early in the transaction; namely in this case the sending IP could be the basis for the rejection at the gitgo. But that would depend upon the recipient server being able to reject the mail from the sending spamsource dynamic IP. But, if you have some kind of arrangement by which an ISP has accepted a mail for delivery, rejecting doesn't work any more, so then the only thing you can do with *everything* is to 'process it' and tag it as spam or not. That is, server level filtering is 'worthless' in that scenario you described. The recipient would want their server to do *zero* filtering, and the client should take care of all of their own filter-tagging with a client side filter. You can configure your own client side filter much better than most servers offer you; with the exception of a service such as spamcop's mail service. The server level filter in your described configuration wouldn't be able to reject mail correctly, so there is nothing healthy the server can do. Else it would belatedly bounce to bogus From or possibly lose goodmail. > I made the same suggestion to the people on the other newsgroup who > were complaining about these spams from this particular spammer, > which appear to be unique in their ability consistently to defeat > whatever Postini is doing. I don't know what postini is doing for the people who are complaining, but if I'm understanding the configuration correctly, the only thing you would want the server-side filter to do would be to tag the item for sorting. You wouldn't want it to do anything else. If I were going to be receiving all of my spam tagged for 'sorting' - I would rather be using my own client filter which would be much more configurable to my tastes than someone else's server. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 19:09:42 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 14:10:03 2005 Subject: [SpamCop-List] Re: chinese spam References: Message-ID: "mikeyhsd" wrote in news:djt8jd$9i$1 @news.spamcop.net: > seeing as how it is in chinese, I hve no REAL idea what it is. > but it has been reported to phishing.org to be safe. Can't be faulted for erring on the side of caution. :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 19:14:41 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 14:15:04 2005 Subject: [SpamCop-List] Telenor Rogers Up References: <4369940D.7F40987C@SpamCop.net.dev.null> Message-ID: "St - Musaic.Net" wrote in news:mailman.115.1130999192.169.spamcop-list@news.spamcop.net: > > Whitehat? Slow? Clueless? > Probably greyhat. I'm not sure, but it would depend on what their TOS states. It may be out of date. ISPs used to kick out spammers if they sent spam using the ISP's own network. However, it became a grey area when it was only a hosted site. (As that the TOS made no mention about spamvertised hosted sites.) From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 19:26:30 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 14:30:02 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: "Mike Easter" wrote in news:dkbubq$lbe$1@news.spamcop.net: > Ted Nathan wrote: > >> I am new to this group, but I have a problem and this seemed to be >> the first logical place to look for an answer. > > Bear in mind that there are skeptics in here. Including me. > Am too. But am willing to give the benefit of the doubt sometimes. > >> They >> understand the mistake that was made, especially when Google and >> Microsoft start screaming at you. So this was strike one. > > It doesn't matter whether it was google or MS or spamcop or whoever. > Unsolicited mail is going to get reported various ways. There are > blocklists for spamsources and their are also blocklists such as spews > which target the spamvertiser. > MS and Google doesn't say anything unless they received a signficant amount of spam implicating a particular source. There must of been thousands if it got their attention and over a significant period of time too. From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 19:35:05 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 14:40:04 2005 Subject: [SpamCop-List] Re: Unreported Spam Saved: Report Now = message report : References: Message-ID: "cd" wrote in news:dkaran$20k$1@news.spamcop.net: > Gateway Timeout > The proxy server did not receive a timely response from the upstream > server. Reference #1.93ec0f50.1130950735.980cbb9 > > > These errors happen to me occasionally. I just wait about 5-15 minutes and it is fine after that. From nospam at nospam.nl Thu Nov 3 20:42:05 2005 From: nospam at nospam.nl (geo_splash_12) Date: Thu Nov 3 14:45:02 2005 Subject: [SpamCop-List] Re: Ping Mike E In-Reply-To: References: Message-ID: Porpoise wrote: > Mike, > > Can you make any sense out of this? I can't quite figga what I'm looking > at........ > > http://www.spamcop.net/sc?id=z822825219zde4c34f6e5134c1955396a200fe3351ez > > > Perhaps an incomplete mail header, or something that hasn't left a local domain. From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 19:57:04 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 15:00:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: jg wrote in news:dkccf2$sdk$1@news.spamcop.net: > On 11/2/2005 7:00 PM Mike Easter scribbled: > >> spamacyde wrote: >> >>>Over the past three days, 95% of the spam I've been getting contains >>>no message subject and no body. This supports my contention that >>>spammy's motivations are political rather than financial. Or perhaps >>>spammy is pissed off at my reporting efforts. Anybody else >>>experiencing a rash of blank emails? >> >> >> Not I. >> >> Anytime you think there is some kind of extra special unique >> situation going on, you should consider the more likely possibities. >> >> It isn't likely that someone is intentionally spewing out >> payload-less spams. It is more likely that something is broken. >> >> Some zombies are very fragile. If the zombie is b0rken, its >> performance is whacky. >> > Having read that, I need to chime in that I have been getting an > inordinate (for me) number of said blank crap in the past week - so > something must indeed be borken - maybe a BIG zombie... > About 10% of the spam I receive is like that. (It is even more broken than that since it sometimes chews up the spammer's fake headers too.) Either way, it is a disappointment to the spammer since all those zombies will be on the SCBL for spams without a payload. :-) From MikeE at ster.invalid Thu Nov 3 11:57:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 15:00:08 2005 Subject: [SpamCop-List] Re: Ping Mike E References: Message-ID: Porpoise wrote: > Mike, > > Can you make any sense out of this? I can't quite figga what I'm > looking at........ > www.spamcop.net/sc?id=z822825219zde4c34f6e5134c1955396a200fe3351ez It would be useful to know what mailbox you found that in. The structure of the topheader is from a server directly into a mailbox. [or alternatively a faulty server which didn't get its line stamped]. This would make the most sense if it were found in the mailbox of someone whose server were mx.kundenserver.de That mailbox would be being advised by the kundenserver.de server that the kundenserver server had received an item from 200.88.87.1 [which rDNS 1samana87.codetel.net.do] and calling itself srenterprises.co.uk in its helo. That item which kundenserver received allegedly contained a virus which the server stripped. The secondary or inline headers represent the headers of the mail which contained the virm. So, then, the kundenserver notified the 'mailbox' of the receipt of an item which was/ had been/ viral. If you didn't get that from a kundenserver mailbox or from someone who has a kundenserver mailbox, then I need to have some more information. -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Thu Nov 3 15:21:36 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Nov 3 15:25:03 2005 Subject: [SpamCop-List] [C&C] Responsible Spam Message-ID: A sample: > From: Maybelline Kane > Subject: What time is it? > > Hey, you, I'm blond, gorgeous, and I just turned 18! I set up a webcam in my > bedroom so people could watch me 24/7! However, the more I thought about it, > the more the whole thing seemed kind of creepy and demeaning. So I scrapped > that idea. -- D.F. Manno | dfm2a3l0t2@spymac.com But I'd rather be a free man in my grave Than living as a puppet or a slave. -Jimmy Cliff From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 20:22:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 15:25:09 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:436A0F20.4804 @xyzzy.claranet.de: >> the geocities link problem is (again ?) as bad as always, > > Today's statistics: 27 + 41 + 13 + 24 + 50 = 155 reloads > for 5 geospam reports, that's 31 reloads per report. Bye > It was okay, up until today. I give up after 5 reloads. I don't get it as to why it is only the Geocities sites it is having a problem with. Is there a null character somewhere or what? From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 3 20:26:58 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 3 15:30:03 2005 Subject: [SpamCop-List] [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit Message-ID: http://news.bbc.co.uk/2/hi/technology/4400148.stm http://tinyurl.com/8hkzz http://www.informationweek.com/story/showArticle.jhtml?articleID=173402523 http://tinyurl.com/dnyzq It is enough that we are fighting zombies already. Now Sony is trying to turn people's PCs into semi-zombies with these rootkits. Punishing those people who BUY their CDs rather than download the pirated ones is not a way to conduct business. From nobody at spamcop.net Thu Nov 3 12:48:51 2005 From: nobody at spamcop.net (N. Miller) Date: Thu Nov 3 15:50:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: On Wed, 2 Nov 2005 21:31:56 -0500, spamacyde wrote: > Over the past three days, 95% of the spam I've been getting contains no > message subject and no body. This supports my contention that spammy's > motivations are political rather than financial. Or perhaps spammy is > pissed off at my reporting efforts. Anybody else experiencing a rash of > blank emails? You should never read more into spam then the spammer put into it. I got my blanks, though not as many, commencing about March 13, 2005. To an SBC Yahoo! DSL Service sub account. SpamGuar marked it as spam from the beginning, and never missed once. A lot of Comcast users have been pelted by that kind of spam. http://www.broadbandreports.com/forum/remark,14679759 My mother just got two, yesterday; also an SBC Yahoo! DSL Service account. Like mine, SpamGuard tagged these as spam, and moved them to the Bulk folder. I have forwarded them to SC, and will process them RSN. http://www.spamcop.net/sc?id=z822895002zf5bbf95208c038868bd26f20feac1262z http://www.spamcop.net/sc?id=z822896184z1423657b5e0367960d3580a56eb87d73z -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From porpoise1954 at yahoo.co.uk Thu Nov 3 22:30:06 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 3 17:35:03 2005 Subject: [SpamCop-List] Re: Ping Mike E References: Message-ID: "Mike Easter" wrote in message news:dkdq2l$mi8$1@news.spamcop.net... > Porpoise wrote: >> Mike, >> >> Can you make any sense out of this? I can't quite figga what I'm >> looking at........ >> > > www.spamcop.net/sc?id=z822825219zde4c34f6e5134c1955396a200fe3351ez > > It would be useful to know what mailbox you found that in. It was received in an address at the srenterprises.co.uk domain served by the kundenserver mailservers (mailhosted). > > The structure of the topheader is from a server directly into a mailbox. > [or alternatively a faulty server which didn't get its line stamped]. That's the first strange bit I noticed > > This would make the most sense if it were found in the mailbox of > someone whose server were mx.kundenserver.de That's the case here > > That mailbox would be being advised by the kundenserver.de server that > the kundenserver server had received an item from 200.88.87.1 [which > rDNS 1samana87.codetel.net.do] and calling itself srenterprises.co.uk in > its helo. That's the first bit known to be fake, as that domain is where the mail was received and is nowhere near that IP (it's hosted at 1and1 [which is the kundenserver connection]) > > That item which kundenserver received allegedly contained a virus which > the server stripped Which is the next odd bit as I don't have the server anti-virus set - I usually get them in all their glory. > The secondary or inline headers represent the > headers of the mail which contained the virm. > > So, then, the kundenserver notified the 'mailbox' of the receipt of an > item which was/ had been/ viral. Which is odd - as I don't have the AV set on the server for any of the mailboxes at any of the domains I administer. > > > If you didn't get that from a kundenserver mailbox or from someone who > has a kundenserver mailbox, then I need to have some more information. Well, yes it was from a mailbox served by the kundenserver MXes - but I've never seen this type of occurrence before; it's decidedly odd, that's why I thought I'd put it up here for investigation. The only thing I could think of is that maybe they've got some sort of override for some certain type of virus or something, that does the AV bit on that particular virus even if the user has the server AV disabled!?! From MikeE at ster.invalid Thu Nov 3 14:53:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 17:55:02 2005 Subject: [SpamCop-List] Re: Ping Mike E References: Message-ID: Porpoise wrote: > "Mike Easter" > It was received in an address at the srenterprises.co.uk domain > served by the kundenserver mailservers (mailhosted). Ah, so. That makes sense. That explains the 'choice' of bogus helo by the source. >> That mailbox would be being advised by the kundenserver.de server >> that the kundenserver server had received an item from 200.88.87.1 >> [which rDNS 1samana87.codetel.net.do] and calling itself >> srenterprises.co.uk in its helo. > > That's the first bit known to be fake, as that domain is where the > mail was received and is nowhere near that IP > (it's hosted at 1and1 [which is the kundenserver connection]) Well, yes. Genuine fakiness in a helo is a dead giveaway. However, sometimes some things helo however they feel like -- not as a 'forgery' or intense bogosity, but rather as a 'moniker' or handle. In this case the 200.88.87.1 is of Santo Domingo in lacnic turf, so calling itself anything .uk is genuine fakiness bogosity not a 'moniker'. >> That item which kundenserver received allegedly contained a virus >> which the server stripped > > Which is the next odd bit as I don't have the server anti-virus set - > I usually get them in all their glory. I can't address your relationship with your server, but I can give you another example. EL has a 'policy' about handling virms that anytime they want, they can choose to turn on the virus blocker, whether I want it on or not. They call that an 'emergency' condition - but clearly an ISP considers it their perogative to handle incoming viral propagations however they feel like. >> The secondary or inline headers represent the >> headers of the mail which contained the virm. >> >> So, then, the kundenserver notified the 'mailbox' of the receipt of >> an item which was/ had been/ viral. > > Which is odd - as I don't have the AV set on the server for any of the > mailboxes at any of the domains I administer. I'm sticking to my theory. The other thing is that servers make mistakes about viruses based on non-viral structures. >> If you didn't get that from a kundenserver mailbox or from someone >> who has a kundenserver mailbox, then I need to have some more >> information. > > Well, yes it was from a mailbox served by the kundenserver MXes - but > I've never seen this type of occurrence before; it's decidedly odd, > that's why I thought I'd put it up here for investigation. The only > thing I could think of is that maybe they've got some sort of > override for some certain type of virus or something, that does the > AV bit on that particular virus even if the user has the server AV > disabled!?! Sure, for any of several reasons. It is possible you might get some information from them about it -- or maybe they don't want to talk about it -- or the people who know don't talk and the people who talk don't know. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Fri Nov 4 00:09:33 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Thu Nov 3 19:10:04 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) In-Reply-To: References: Message-ID: spamacyde wrote: > Anybody else experiencing a rash of blank emails? A spammer firing blanks? Perhaps they should try their own W|@GRA ;) From not at home.today Fri Nov 4 01:01:11 2005 From: not at home.today (Ant) Date: Thu Nov 3 20:05:04 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> Message-ID: "Redstone" wrote: > Frank Ellermann wrote: >>> the geocities link problem is (again ?) as bad as always, >> >> Today's statistics: 27 + 41 + 13 + 24 + 50 = 155 reloads >> for 5 geospam reports, that's 31 reloads per report. Bye > > It was okay, up until today. I give up after 5 reloads. I no longer bother to refresh. It's a waste of my time. > I don't get it as to why it is only the Geocities sites it is > having a problem with. It also has trouble with others - notably the nick-nock-net. Previously it was chinatietong, but mostly those go through ok now. > Is there a null character somewhere No. Just plain-text URLs with no strange characters. > or what? That's what I'd like to know. No one from Spamcop has said a dicky-bird about it here. From g.hyde at bigpond.net.au Fri Nov 4 12:01:40 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Nov 3 21:15:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit References: Message-ID: I wonder if Sony is deliberately trying to help viruses and hackers get onto our computers? There are a whole bunch of phrases I can't use here but they're uncommonly apt phrases which would otherwise describe exactly how I feel. -- Cheers ... Geoffrey Hyde "Redstone" wrote in message news:Xns97037EA6B301Ftinlc@216.154.195.61... > http://news.bbc.co.uk/2/hi/technology/4400148.stm > http://tinyurl.com/8hkzz > > > http://www.informationweek.com/story/showArticle.jhtml?articleID=173402523 > http://tinyurl.com/dnyzq > > > It is enough that we are fighting zombies already. Now Sony is trying to > turn people's PCs into semi-zombies with these rootkits. Punishing those > people who BUY their CDs rather than download the pirated ones is not a > way > to conduct business. > From nobody at devnull.spamcop.net Fri Nov 4 11:29:30 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Nov 3 21:30:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) In-Reply-To: References: Message-ID: spamacyde wrote: > Over the past three days, 95% of the spam I've been getting contains no > message subject and no body. This supports my contention that spammy's > motivations are political rather than financial. Or perhaps spammy is > pissed off at my reporting efforts. Anybody else experiencing a rash of > blank emails? Over at the Microsoft Outlook newsgroups there are literally hundreds of users complaining about blank spam. Most of them have never seen any before, so I think there really *is* more blank spam than before. Why? - Who cares! These messages are so easily filtered; either by BLs or other means. I haven't seen any for over a half year. From MikeE at ster.invalid Thu Nov 3 19:35:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 3 22:40:03 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: Ted Nathan wrote: > I have a client who had a marketing company create a news piece from > distribution via e-mail. I guess a little skepticism about his innocent spammer client caused that person to run away. Hopefully in the future he will be a little more circumspect of spammish clients. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Fri Nov 4 04:12:46 2005 From: nobody at nowhere.not (Robert Blair) Date: Thu Nov 3 23:15:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit References: Message-ID: On Fri, 4 Nov 2005 02:01:40 UTC, "Geoffrey Hyde" wrote: > I wonder if Sony is deliberately trying to help viruses and hackers get onto > our computers? My understanding is that they have removed the "stealth" feature so other no-goodniks can not use that feature to hide their trojans. But the damage has been done and I would imagine that the virus/trojans writers have already started to look at the code to see what they can do. Still I think it is a very bad idea and Sony should not be doing this. There is at least one other company doing the same thing so I would expect more companies doing it but have not been found out yet. -- Robert Blair From jeffg at spamcop.net Thu Nov 3 23:41:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Nov 3 23:55:02 2005 Subject: [SpamCop-List] Re: Spoofed Message Causing ISP shutdowns References: Message-ID: "Ted Nathan" wrote in message news:jcpim1lb4id2va4cge82o3orqfjhp5mnvu@4ax.com... > I am new to this group, but I have a problem and this seemed to be the > first logical place to look for an answer. > > I have a client who had a marketing company create a news piece from > distribution via e-mail. Unfortunately, it was sent out prematurely > and to people who did not ask for it, thus it was spam. They > understand the mistake that was made, especially when Google and > Microsoft start screaming at you. So this was strike one. > > A few days later, some kid out of France sent the exact same > announcement out as spam again. Microsoft and Google and others called > the ISP and had them shutdown. And it happened again today. > > What can i do to protect my client from this happening again? I know > how to stop spam from coming in and going out of my clients' networks, > but how do you every kid in the world from shutting down your > business? IF your client is truly innocent (a big IF given the skepticism of the crowd that has already replied to you), the best way to prove that is to put up a notice in large type at every webpage and image advertised in the email messages sent by the "kid out of France" that your client is the victim of a Joe Job (see http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916&#Joe for details), and what actions you and/or your client are taking or have taken to stop the Joe Job. Of course, posting details (hard facts) would help to convince us. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Thu Nov 3 23:49:51 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Nov 4 00:00:02 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: "jg" wrote in message news:dkdcnt$eji$1@news.spamcop.net... > On 11/2/2005 11:00 PM Michael Brennan scribbled: > > On second thought, I might have > > forwarded them to the NASD or the NYSE as well. Talk about spoiling > > someone's play -- the exchanges can make that happen. > I've not seen anywhere that the NYSE gets actively involved. Have you? > I do know that the NASD doesn't want to hear /anything/ unless the spam > is proven to be from a NASD member - so says their site, or so /said/ > their site - I haven't revisited it in a while. It makes sense - they > have their own fish to fry with lame brokers, telemarketers, and > so=called advisors... Perhaps I am way off base here, but it seems to me that the only stocks that pump&dumpers can really make money with are penny stocks, which by and large are traded OTC or on NASDAQ. When I have time, I report suspected pump&dumpers to Enforcement@SEC.GOV and ombuds@nasd.com. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Thu Nov 3 23:55:10 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Nov 4 00:00:07 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B1DC.216FBDCA@SpamCop.net.dev.null> Message-ID: "Mike Easter" wrote in message news:dkdac3$cvk$1@news.spamcop.net... > It would probably work just as well for you to create a little text > which explains that you haven't sorted your spam and that you are > sending it all to the various agencies -- and let them sort it out for > themselves. Of course, if any reader does that and gets a reply from a human along the lines of "Please stop sending us all your spam, we only want ____", please comply and tell the rest of us so that we can also comply. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From nobody at spamcop.net Fri Nov 4 09:44:06 2005 From: nobody at spamcop.net (nospam) Date: Fri Nov 4 00:45:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: in article dke8rr$v76$1@news.spamcop.net, Tim at crappy.trappy@ntlworld.com wrote on 11/4/05 4:09 AM: > spamacyde wrote: >> Anybody else experiencing a rash of blank emails? > > A spammer firing blanks? Perhaps they should try their own W|@GRA ;) Umm, no, I think it's the Spur-M that they would want in this case. V1@6r@ could still leave shooting blanks. ;-) From nobody at spamcop.net Fri Nov 4 09:46:16 2005 From: nobody at spamcop.net (nospam) Date: Fri Nov 4 00:50:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit References: Message-ID: in article TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com, Robert Blair at nobody@nowhere.not wrote on 11/4/05 8:12 AM: SNIP > There is at least one other company doing the same thing Who ? (please) >so I would > expect more companies doing it but have not been found out yet. > From nobody at nowhere.not Fri Nov 4 06:11:35 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Nov 4 01:15:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: Message-ID: On Fri, 4 Nov 2005 05:46:16 UTC, nospam wrote: > SNIP > > > There is at least one other company doing the same thing > > Who ? (please) Universal Music This information is from the DShield mailing list. There has been a discussion on the list since the first of the month. It seems that some people have known about this for some time but it is just now being made public. > >so I would > > expect more companies doing it but have not been found out yet. -- Robert Blair From nobody at devnull.spamcop.net Fri Nov 4 02:27:34 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Nov 4 02:30:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: "nospam" wrote in message news:BF90DDE5.1635D%nobody@spamcop.net... > in article dke8rr$v76$1@news.spamcop.net, Tim at crappy.trappy@ntlworld.com > wrote on 11/4/05 4:09 AM: > > > spamacyde wrote: > >> Anybody else experiencing a rash of blank emails? > > > > A spammer firing blanks? Perhaps they should try their own W|@GRA ;) > > Umm, no, I think it's the Spur-M that they would want in this case. V1@6r@ > could still leave shooting blanks. ;-) > Still OT, but in this context: This rather Freudian forgery was archived here on 10/13/2005: "Received: from spermatorrhoea (192.168.229.37)" as the "source" of the spew... Oh my fur and whiskers! Oh! From kjz at despammed.com Fri Nov 4 08:43:44 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Fri Nov 4 02:45:02 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved In-Reply-To: <43663619.A9@xyzzy.claranet.de> References: <43663619.A9@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > *1: minus the time to whois-RFCI and WDPRS alishaanddanny.info, > mystery-suspense.info, and kinesisman.info [[ Re:ally Leo, > it's fine that you now understand German postal codes, but > the +49 phone numbers are still stupid, I can check this ]] And Leos spamvertized websites are another problem. Leo seems to have a 'shield or block' installed so Spamcop's DNS lookups also failed for these sites. - kjz From nobody at xyzzy.claranet.de Fri Nov 4 09:27:43 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 03:30:04 2005 Subject: [SpamCop-List] LK (was: Geocities problem still unsolved) References: <43663619.A9@xyzzy.claranet.de> Message-ID: <436B1B7F.7FB5@xyzzy.claranet.de> Karl-Josef Ziegler wrote: [alishaanddanny.info, mystery-suspense.info, kinesisman.info] > Leo seems to have a 'shield or block' installed so Spamcop's > DNS lookups also failed for these sites. Does it ? IIRC reports about these sites were sent, but I didn't note the tracker URLs anywhere (Oct 30). A fresher set (unfortunately I found no obvious whois data problems): angelobovis.info Registrant Name:Fernando Teles netprocom.info Registrant Organization:quakeclub nigerianmasses.info Registrant Street1:Rua Lameiros, 12 zvia.info Registrant City:Sande-GMR Registrant State/Province:NA The names he picks Registrant Postal Code:4805-619 are often really Registrant Country:PT funny. Registrant Phone:+351.968582807 Bye, Frank Registrant Email:fernando@quakeclub.net From nobody at xyzzy.claranet.de Fri Nov 4 09:37:25 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 03:40:02 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> Message-ID: <436B1DC5.75D3@xyzzy.claranet.de> Ant wrote: >> or what? > That's what I'd like to know. No one from Spamcop has said a > dicky-bird about it here. Yes, it makes no sense as a "geocities-conspiracy" - if Yahoo! doesn't like SC reports they could disable it. So if it's no conspiracy it must be excessive technical incompetence on the side of Ironport. Did they fire Julian or what ? Bye, Frank From nobody at xyzzy.claranet.de Fri Nov 4 10:05:07 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 04:10:03 2005 Subject: [SpamCop-List] Re: "Doctor" Slides Past Postini References: <4369929A.9545752E@SpamCop.net.dev.null> <436A42F0.38B2@xyzzy.claranet.de> Message-ID: <436B2443.2087@xyzzy.claranet.de> Mike Easter wrote: > 218.238.26.80 got listed in cbl 2005-10-31 05:00 GMT [...] Oops, I didn't know that it's possible to get a timestamp for these entries: http://www.spamhaus.org/query/bl?ip=218.238.26.80 links to http://cbl.abuseat.org/lookup.cgi?ip=218.238.26.80 Today it says 2005-11-04 01:00 GMT (+/- 30 minutes). Apparently a rather volatile list. > using spamhaus sbl-xbl, which embraces cbl & njabl > as well as blitzed, would have solved the problem. Explained on http://www.spamhaus.org/xbl/index.lasso - I still have to add these links on my rxwhois page, so far I've done that only for the RHSBLs (RFCI and SURBL) Bye, Frank From kjz at despammed.com Fri Nov 4 10:25:38 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Fri Nov 4 04:30:02 2005 Subject: [SpamCop-List] Re: LK In-Reply-To: <436B1B7F.7FB5@xyzzy.claranet.de> References: <43663619.A9@xyzzy.claranet.de> <436B1B7F.7FB5@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Karl-Josef Ziegler wrote: > > [alishaanddanny.info, mystery-suspense.info, kinesisman.info] > >> Leo seems to have a 'shield or block' installed so Spamcop's >> DNS lookups also failed for these sites. > > Does it ? IIRC reports about these sites were sent, but I > didn't note the tracker URLs anywhere (Oct 30). Sometimes the DNS is working but most times e.g. http://www.spamcop.net/sc?id=z823040147z10d10619bddaa277728aa4520c8bd719z the resolving is blocked. - kjz From nobody at xyzzy.claranet.de Fri Nov 4 11:13:53 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 05:15:58 2005 Subject: [SpamCop-List] Re: LK References: <43663619.A9@xyzzy.claranet.de> <436B1B7F.7FB5@xyzzy.claranet.de> Message-ID: <436B3461.2273@xyzzy.claranet.de> Karl-Josef Ziegler wrote: > Sometimes the DNS is working but most times e.g. > http://www.spamcop.net/sc?id=z823040147z10d10619bddaa277728aa4520c8bd719z > the resolving is blocked. Hm, that bdfilmachjk.nobleblues.com is different from the geocities problem, for the former SC explicitly says "IP not found", and you get the same result if you put only the FQDN into the Web report form. With "geocities" the Web form immediately finds the IP, and SC doesn't claim "IP not found" in a spam report, it just doesn't resolve it without displaying any reason :-( Interesting, with ns1-90.akam.net I get also no answer: http://vweb.nass.com.au/cgi-bin/dnslookup?data=bdfilmachjk.nobleblues.com&server=ns1-90.akam.net Dito ns1-93.akam.net and 1-73.akam.net (three random name servers found in the whois entry for spamcop.net) But with a plain host bdfilmachjk.nobleblues.com or a http://vweb.nass.com.au/cgi-bin/dnslookup?data=bdfilmachjk.nobleblues.com I get an IP 222.122.63.88. What's a good strategy to fix this, users configuring their own favourite NS to be used by SC maybe ? Bye From kjz at despammed.com Fri Nov 4 11:41:58 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Fri Nov 4 05:45:04 2005 Subject: [SpamCop-List] Re: LK In-Reply-To: <436B3461.2273@xyzzy.claranet.de> References: <43663619.A9@xyzzy.claranet.de> <436B1B7F.7FB5@xyzzy.claranet.de> <436B3461.2273@xyzzy.claranet.de> Message-ID: Frank Ellermann schrieb: > Interesting, with ns1-90.akam.net I get also no answer: > > http://vweb.nass.com.au/cgi-bin/dnslookup?data=bdfilmachjk.nobleblues.com&server=ns1-90.akam.net > > Dito ns1-93.akam.net and 1-73.akam.net (three random > name servers found in the whois entry for spamcop.net) Maybe, Leo is blocking resolves from the whole Akamai net range? - kjz From MikeE at ster.invalid Fri Nov 4 02:58:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 06:00:02 2005 Subject: [SpamCop-List] Re: LK References: <43663619.A9@xyzzy.claranet.de> <436B1B7F.7FB5@xyzzy.claranet.de> <436B3461.2273@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Karl-Josef Ziegler wrote: > >> Sometimes the DNS is working but most times e.g. >> http://www.spamcop.net/sc?id=z823040147z10d10619bddaa277728aa4520c8bd719z >> the resolving is blocked. I don't think you can analyze very easily when SC's resolving is blocked. SC sometimes chooses to not try to resolve something, sometimes SC tries to resolve but fails. When SC tries to resolve and fails, the condition of 'resolvability' may vary. Of course, it could not resolve for anyone beause of lost nameservice, it could also just have very very funky nameservice which times out, which is typically the case for the ones which SC tries to resolve but fails. That is the case for this particular url. > Hm, that bdfilmachjk.nobleblues.com is different from > the geocities problem, for the former SC explicitly says > "IP not found", and you get the same result if you put > only the FQDN into the Web report form. This is what SC was saying at the time it parsed the tracker above for me Resolving link obfuscation http://bdfilmachjk.nobleblues.com/?egachjkxssrybdzgvfilm Host bdfilmachjk.nobleblues.com (checking ip) IP not found ; bdfilmachjk.nobleblues.com discarded as fake. Tracking link: http://bdfilmachjk.nobleblues.com/?egachjkxssrybdzgvfilm No recent reports, no history available Cannot resolve http://bdfilmachjk.nobleblues.com/?egachjkxssrybdzgvfilm > With "geocities" the Web form immediately finds the IP, > and SC doesn't claim "IP not found" in a spam report, it > just doesn't resolve it without displaying any reason :-( > > Interesting, with ns1-90.akam.net I get also no answer: I'm not entirely sure that using the nameservers for spamcop.net is the same as what nameservers spamcop uses for its resolving. In the case of my provider EL, the nameservice which EL 'provides' for me by DHCP is not at all the same nameservers as the ones for earthlink.net. EL's nameservers are itchy and scratchy --whereas the nameservers it gives me are ns1 & ns2 & ns3. > http://vweb.nass.com.au/cgi-bin/dnslookup?data=bdfilmachjk.nobleblues.com&server=ns1-90.akam.net > > Dito ns1-93.akam.net and 1-73.akam.net (three random > name servers found in the whois entry for spamcop.net) > > But with a plain host bdfilmachjk.nobleblues.com or a > http://vweb.nass.com.au/cgi-bin/dnslookup?data=bdfilmachjk.nobleblues.com > I get an IP 222.122.63.88. When I want to 'analyze' what is SC's problem with resolving when I can resolve it myself, I go to dnsstuff which can perform an analysis of the dns timing and what is wrong with it. There's a lot wrong with that url's nameservice http://www.dnsstuff.com/tools/dnstime.ch?name=bdfilmachjk.nobleblues.com&type=A timeouts, Average of all 4 nameservers: 915ms (plus 6062ms overhead). Score: F > What's a good strategy to fix this, users configuring > their own favourite NS to be used by SC maybe ? Bye I think the SC philosophy is that it shouldn't spend very much time trying to resolve a url which has very flakey nameservice. I agree. This is all about the business of notifying spamvertisers. SC's notification of spamvertisers is very unsatisfactory to me -- that is, it isn't the way I would be notifying. SC doesn't do anything about determining the blackhattedness of the derived notify. I would rather do my own determining of how to notify about a spamvertiser. I can notify much much better than SC. I can resolve urls better, I can determine the blackhattedness better, I can determine the notifies better, because I can determine upstreams and such as that based on the unresponsive character of the spamvertiser based on listings in spamhaus and spews. -- Mike Easter kibitzer, not SC admin From elg at none.com Fri Nov 4 08:23:50 2005 From: elg at none.com (El Guapo) Date: Fri Nov 4 09:25:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com... > On Fri, 4 Nov 2005 02:01:40 UTC, "Geoffrey Hyde" > wrote: > My understanding is that they have removed the "stealth" feature so > other no-goodniks can not use that feature to hide their trojans. But > the damage has been done and I would imagine that the virus/trojans > writers have already started to look at the code to see what they can > do. Here is an article saying exactly what you are describing... http://informationweek.com/story/showArticle.jhtml?articleID=173402819 From jg at coks.net Fri Nov 4 07:31:49 2005 From: jg at coks.net (jg) Date: Fri Nov 4 10:30:03 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? In-Reply-To: References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: On 11/3/2005 8:49 PM Jeff G. scribbled: > "jg" wrote in message > news:dkdcnt$eji$1@news.spamcop.net... > >>On 11/2/2005 11:00 PM Michael Brennan scribbled: >> >>>On second thought, I might have >>>forwarded them to the NASD or the NYSE as well. Talk about spoiling >>>someone's play -- the exchanges can make that happen. >> >>I've not seen anywhere that the NYSE gets actively involved. Have > > you? > >> I do know that the NASD doesn't want to hear /anything/ unless the > > spam > >>is proven to be from a NASD member - so says their site, or so /said/ >>their site - I haven't revisited it in a while. It makes sense - they >>have their own fish to fry with lame brokers, telemarketers, and >>so=called advisors... > > > Perhaps I am way off base here, but it seems to me that the only stocks > that pump&dumpers can really make money with are penny stocks, which by > and large are traded OTC or on NASDAQ. When I have time, I report > suspected pump&dumpers to Enforcement@SEC.GOV and ombuds@nasd.com. > You made it to 1st, Jeff, and are quite correct - one does not pump and dump a listed stock. But from the NASD site: "Remember, though, that NASD can only regulate the actions of its member brokerage firms and their employees. While all U.S. brokerage firms have to be members of NASD to do business with the public, most problem spams are likely sent to you by non-regulated businesses or individuals. You can check out if the firm or individual spamming you is registered with NASD on our Web site. If you think that the problem spammers may be registered with NASD, you can forward spam or junk e-mail recommending that you invest in a stock or other investment to spam@nasd.com. If the spammers are not registered with NASD, you can forward spam (junk e-mail) or copies of message board postings to enforcement@sec.gov." At the end of the day, I tend to agree with Mike E. that this is largely a waste of time - I can't see how the government can handle the sheer volume. That said, I do send spam to the SEC and FDA anyway... From jg at coks.net Fri Nov 4 07:37:01 2005 From: jg at coks.net (jg) Date: Fri Nov 4 10:40:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) In-Reply-To: References: Message-ID: On 11/3/2005 9:44 PM nospam scribbled: > in article dke8rr$v76$1@news.spamcop.net, Tim at crappy.trappy@ntlworld.com > wrote on 11/4/05 4:09 AM: > > >>spamacyde wrote: >> >>>Anybody else experiencing a rash of blank emails? >> >>A spammer firing blanks? Perhaps they should try their own W|@GRA ;) > > > Umm, no, I think it's the Spur-M that they would want in this case. V1@6r@ > could still leave shooting blanks. ;-) > Back onto topic here, what with the rise of volume in these blanks, maybe its time for SC to revisit the topic of reporting spam with no body, which it still doesn't accept. AFAIK, adding [no body} or somesuch to the original item is still against the rules, isn't it? From jeffg at spamcop.net Fri Nov 4 11:00:06 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Nov 4 11:05:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> <436B1DC5.75D3@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:436B1DC5.75D3@xyzzy.claranet.de... > Did they fire Julian or what ? Not as far as I know. Julian's "Credits and thanks" page at http://www.spamcop.net/fom-serve/cache/138.html has never mentioned him to my knowledge (one would assume that he would get some credit if that page left his control), he is still listed on http://forum.spamcop.net/forums/index.php?showtopic=4351&st=0&p=29132&#entry29132 , http://www.julianhaight.com/ still says "I work mainly on my popular web site, SpamCop.net", and his resume still says "I still act as the main force behind SpamCop". -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Fri Nov 4 11:06:28 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Nov 4 11:10:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: "jg" wrote in message news:dkfv3e$tnk$1@news.spamcop.net... > AFAIK, adding [no body} or > somesuch to the original item is still against the rules, isn't it? Technically, it is. However, with all the posts recommending it here and elsewhere, no one in an official capacity has posted anything like "don't do that." -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From MikeE at ster.invalid Fri Nov 4 08:19:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 11:20:04 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > http://www.spamcop.net/sc?id=z821661459z909b906c2a68f7e8504bfa42ec4e7eedz > http://www.spamcop.net/sc?id=z821661226z4c62448db45738855b335d11cbb85c67z > http://www.spamcop.net/sc?id=z821661225z5870e9b9821bed134f51c36f59719e9ez > http://www.spamcop.net/sc?id=z821661226z4c62448db45738855b335d11cbb85c67z I don't have anything helpful to add here just now except a data point or observation. When I ran each of those 4 trackers one time each, SC resolved the 2nd one's url 'right away'. When I put each of the spamvertised links into the parser naked http://in.geocities.com/phoebe_rega/?in=lobo.ixqb http://it.geocities.com/ned_fellows/?lyr=runj http://de.geocities.com/oren_maxey/?nm=dxlklsb http://in.geocities.com/phoebe_rega/?in=lobo.ixqb SC promptly resolved all 4 of them and provided a reporting address, so it is not a matter of SC resolver being blocked. Why SC is deobfuscating but not resolving them except occasionally is unknown to me, but perhaps it is by design. That is, I am of the theory that SC 'chooses' to not resolve spamvertised links sometimes for some reason of resource priorities or something. -- Mike Easter kibitzer, not SC admin From jg at coks.net Fri Nov 4 08:34:07 2005 From: jg at coks.net (jg) Date: Fri Nov 4 11:35:02 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved In-Reply-To: References: <43663619.A9@xyzzy.claranet.de> Message-ID: On 11/4/2005 8:19 AM Mike Easter scribbled:> it is not a matter of SC resolver being blocked. > > Why SC is deobfuscating but not resolving them except occasionally is > unknown to me, but perhaps it is by design. > > That is, I am of the theory that SC 'chooses' to not resolve > spamvertised links sometimes for some reason of resource priorities or > something. > > I can report the same behavior with spam other than geocities. I tripped upon a trick - SC doesn't resolve in a report. Visit any odd bookmark (in same tab if applicable) and go back to SC report screen via the back arrow and often, the screen repaints /with/ a resolution of links. Probable resource husbanding... From nobody at nowhere.invalid Fri Nov 4 17:38:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Nov 4 11:40:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: On Fri, 04 Nov 2005 07:37:01 -0800, jg coughed into spamcop and left this in : > Back onto topic here, what with the rise of volume in these blanks, > maybe its time for SC to revisit the topic of reporting spam with no > body, which it still doesn't accept. AFAIK, adding [no body} or > somesuch to the original item is still against the rules, isn't it? Quick-submitting them works fine. -- Steve guru, n: A computer owner who can read the manual. From jg at coks.net Fri Nov 4 08:42:30 2005 From: jg at coks.net (jg) Date: Fri Nov 4 11:45:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) In-Reply-To: References: Message-ID: On 11/4/2005 8:38 AM Steven Maesslein scribbled: > On Fri, 04 Nov 2005 07:37:01 -0800, jg coughed into spamcop and left > this in : > > >>Back onto topic here, what with the rise of volume in these blanks, >>maybe its time for SC to revisit the topic of reporting spam with no >>body, which it still doesn't accept. AFAIK, adding [no body} or >>somesuch to the original item is still against the rules, isn't it? > > > Quick-submitting them works fine. > Could be - I don't quick report. Isn't that for paid members? From zypher at spamcop.net Fri Nov 4 10:43:58 2005 From: zypher at spamcop.net (Ron B.) Date: Fri Nov 4 11:45:09 2005 Subject: [SpamCop-List] [Media] FBI Says Man Created Zombie PC Networks, Sold Access Message-ID: FBI Says Man Created Zombie PC Networks, Sold Access POSTED: 10:00 am CST November 4, 2005 LOS ANGELES -- The FBI has arrested a Los Angeles-area man accused of creating and selling "armies of computers" designed to launch electronic attacks and send tons of spam. The government said it's the first prosecution of its kind in the nation. A 17-count indictment contends Jeanson James Ancheta wrote and spread malicious computer code in order to gain control of legions of infected computers, then sold access to hackers and spammers. Ancheta also allegedly made money by installing adware on the computers, known as "botnets." The indictment charges conspiracy, money laundering, transmission of code to a government computer and accessing a protected computer to commit fraud. The government said Ancheta's programs infected computers at a Navy weapons center and some Defense Department computers. Conviction on all counts could mean a 50-year prison term. Copyright 2005 by The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From MikeE at ster.invalid Fri Nov 4 09:03:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 12:05:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: jg wrote: > Steven Maesslein scribbled: >> Quick-submitting them works fine. >> > Could be - I don't quick report. Isn't that for paid members? It is for approved submitters who also much be mailhosted. I didn't know that quick worked for unmodified empty spams, but it makes a lot of sense. The empty and quick submitted spam doesn't need its body analyzed anyway or in any way. So maybe the parser just 'stops' before it even determines if it is empty or not. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Nov 4 09:09:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 12:10:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> Message-ID: jg wrote: > Mike Easter >> Why SC is deobfuscating but not resolving them except occasionally is >> unknown to me, but perhaps it is by design. >> >> That is, I am of the theory that SC 'chooses' to not resolve >> spamvertised links sometimes for some reason of resource priorities >> or something. >> >> > I can report the same behavior with spam other than geocities. I > tripped upon a trick - SC doesn't resolve in a report. Visit any odd > bookmark (in same tab if applicable) and go back to SC report screen > via the back arrow and often, the screen repaints /with/ a resolution > of links. > Probable resource husbanding... Every time this topic comes up gives me a chance to 'vote for' my opinion of how the reporting parser could/should be optionally configured. It could be configured to optionally statistic all deobfuscated links without resolving them by providing a 'do not resolve spamvertised links' to the reporter and let those deob/ed but unresolved links be reported to a devnull address. That way a lot of resources would be conserved, a lot more spamvertisers would be statistic-paged, sc-surbl would scrape a lot more spamvertisers aiding more spamvertiser tag/blocking by more people using the sc-surbl, and a lot less blackhatted providers would be provided copies of spams in spamreports. The business of spamcop reporters handing over their spam to blackhat spamvertiser providers is not actually a very healthy configuration, munged or not. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Fri Nov 4 18:30:48 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Nov 4 12:35:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: On Fri, 04 Nov 2005 08:42:30 -0800, jg coughed into spamcop and left this in : >> Quick-submitting them works fine. >> > Could be - I don't quick report. Isn't that for paid members? It's possible, yes. I *am* a paid member. -- Steve Television -- a medium. So called because it is neither rare nor well done. -- Ernie Kovacs From nobody at spamcop.net Fri Nov 4 12:35:01 2005 From: nobody at spamcop.net (indigo) Date: Fri Nov 4 12:40:02 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: N. Miller wrote: > > A lot of Comcast users have been pelted by that kind of spam. I've been getting those for almost a year. Barely any headers either. I always assumed they were coming from within the comcast network via a zombied machine since there are no headers to indicate it ever left the comcast servers. From nobody at spamcop.net Fri Nov 4 12:37:05 2005 From: nobody at spamcop.net (indigo) Date: Fri Nov 4 12:40:12 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: Patto wrote: > Over at the Microsoft Outlook newsgroups there are literally hundreds > of users complaining about blank spam. Most of them have never seen > any before, so I think there really *is* more blank spam than before. > Why? - Who cares! These messages are so easily filtered; either by > BLs or other means. I haven't seen any for over a half year. Spampal doesn't catch them.......at least on my home machine. From borgholio at storymind.com Fri Nov 4 09:41:21 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Nov 4 12:45:03 2005 Subject: [SpamCop-List] Wow...that was FAST! Message-ID: Sent a manual report yesterday to a Russian ISP regarding a Nigerian scammer using a .ru address. Woke up this morning to find this: ????????????. The spamer's account has been disabled. ? ?????????, ?????. ?????? ????????? ????????????? ???????? ??????? Mail.Ru ??? ???????, ??????????, ????????? ????????? ?????????. ??? ???????? ???????? ? ?????? ????????? ??????????? ??????????? ?????: http://www.mail.ru/cgi-bin/support ??? ????????? ???????? ?????? ?????? ????????? ????????????? ???????? ??????? Mail.Ru ?????????? ??? ??????? ??????? ? ?????? http://win.mail.ru/cgi-bin/supportmark?Time=04.11.2005-12:28&Email=borgholio@hotmail.com borgholio@hotmail.com, Friday, November 4, 2005, 2:18:57 AM, ?? ???????? ?????? ? ?????: [Fwd: I Seek For Your Consent] >> Nigerian scammer with a mail.ru email address. --------------------------- I must say, that was FAST! From jg at coks.net Fri Nov 4 09:44:25 2005 From: jg at coks.net (jg) Date: Fri Nov 4 12:45:10 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved In-Reply-To: References: <43663619.A9@xyzzy.claranet.de> Message-ID: On 11/4/2005 9:09 AM Mike Easter scribbled:> > > Every time this topic comes up gives me a chance to 'vote for' my > opinion of how the reporting parser could/should be optionally > configured. > Happy to have given you an opportunity... From MikeE at ster.invalid Fri Nov 4 09:47:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 12:50:03 2005 Subject: [SpamCop-List] Parser configuration option proposal Message-ID: There are several problems which could have a common, easily implemented solution. The problems are: o SC's body parsing frequently encounters difficulties in resolving deobfuscated spamvertiser links o Unresolved spamvertisers are currently not statistic-paged, and thus are not sc-surbl scraped o Spamvertiser providers are very very frequently blackhat, and SC makes very little blackhat provider notification management or avoidance in the routing database process o Giving blackhat providers copies of spam, munged or not, is not in the best interest of spammees in general or reporters in specific The 'easily'* implemented solution to all of these would be to provide a reporter with an optional configuration to 'do not resolve/notify spamvertisers' - the normal or standard configuration would remain as an option - in the don't resolve configuration, the parsers resources would be greatly conserved - in don't resolve, the parser would only deobfuscate the spamvertiser link - in don't resolve, the parser would report the spamvertiser to a devnull address and post the spamvertiser on the statistics page - in don't resolve the reporter can always uncheck the devnull notify for an IB This new configuration would provide the following benefits o SC's resources would be conserved, which is apparently needed sometimes o SC reporter spam would not be 'handled' or seen by blackhat spamvertiser providers and their cohorts o Many many more spamvertisers would be provided to the statistic page for sc-surbl scraping o Many more sc-surbl blocklist users would benefit from the SC reports * 'easily implemented' is always in the mind of the beholder who isn't the one who is having to do the 'easy' implementing -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Nov 4 13:02:58 2005 From: nobody at spamcop.net (indigo) Date: Fri Nov 4 13:05:04 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! References: Message-ID: Borgholio wrote: > Sent a manual report yesterday to a Russian ISP regarding a Nigerian > scammer using a .ru address. Good boy! You're learning to keep your 419 crap out of .social! Keep up the good work and you may get a lollipop ;-) From nobody at devnull.spamcop.net Fri Nov 4 14:26:00 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Nov 4 14:30:10 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: "indigo" wrote in message news > > Spampal doesn't catch them.......at least on my home machine. > Responding to a request for a filter "rule" for these for OE users several days ago in alt.spam, I blathered: Lessee... You navigate Tools > Message Rules > Mail. Click on "New...". In the "Conditions" pane, check the boxes for "Where the From line contains people" and "Where the message body contains specific words". In the "Actions" pane select "Delete" (or action of your choosing as flag or mark ignored). In the "Description" pane, click on the link "contains people". In the popup window, "Add" the person "@". After adding "@", click on "Options" and select "Does not contain". Click "OK". In the "Description" pane, click on the link "contains specific words". In the popup window, "Add" the word "." Click on "Options" and select "Does not contain". Click "OK". In the "Description" pane, click on the link "and". Select "or" as in "messages meet any of these criteria". Click on "OK". You now have a filter rule that triggers if there is no "From:", or if there is no "@" in the "From:" header, or if there is no spam body, as in there is no "." in the spam body. No rule is perfect, so you might want to check the items this filter snags for a time to ensure you don't trash legit mails in error. Maybe this is what you were asking for, maybe not. Maybe this rule does not work: I don't happen to have any emails handy that meet the criteria to test the rule. The rule is useless for anything that contains an "@" in the "From:" header or a "." in the message body. ... As yet no one has commented or said this does not pick these boogers, but I have not been seeing any so I have no testable specimens to work with... hth and hand, Glenn From nobody at devnull.spamcop.net Fri Nov 4 14:29:00 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Nov 4 14:30:24 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved In-Reply-To: References: <43663619.A9@xyzzy.claranet.de> Message-ID: Mike Easter wrote: [snip] > When I put each of the spamvertised links into the parser naked > > http://in.geocities.com/phoebe_rega/?in=lobo.ixqb > http://it.geocities.com/ned_fellows/?lyr=runj > http://de.geocities.com/oren_maxey/?nm=dxlklsb > http://in.geocities.com/phoebe_rega/?in=lobo.ixqb > > SC promptly resolved all 4 of them and provided a reporting address, so > it is not a matter of SC resolver being blocked. > > Why SC is deobfuscating but not resolving them except occasionally is > unknown to me, but perhaps it is by design. I'd volunteer a theory that it's a bug that is a result of the complexity of the parsing software. Perhaps the bug is understood by Julian and just not worth the effort to fix. As much as people have complained, I can't imagine that it's being ignored for any other reason. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at spamcop.net Fri Nov 4 16:03:17 2005 From: nobody at spamcop.net (indigo) Date: Fri Nov 4 16:05:04 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: Glenn Daniels wrote: > "indigo" wrote in message news > > > > Spampal doesn't catch them.......at least on my home machine. > > > > Responding to a request for a filter "rule" for these for OE users > several days ago in alt.spam, I blathered: Thanks for the help, but a sufficient number of spams somehow slips thru spampal that I just keep the preview pane off and "mark read" and "delete" those emails that don't come from anyone I recognize. From MikeE at ster.invalid Fri Nov 4 13:43:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 16:45:07 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: indigo wrote: > Patto wrote: >> Why? - Who cares! These messages are so easily filtered; either by >> BLs or other means. I haven't seen any for over a half year. > > Spampal doesn't catch them.......at least on my home machine. Naturally we all get different spam, but spampal misses very very few of my spams, and most of them are caught by the blocklists. What blocklists are you using? I use spamhaus sbl+xbl [which includes sbl, cbl, njabl, & blitzed] + ordb, scbl, & sorbs or do you use a preconfigured strategy - [safe, med, aggressive]? do you use country blocks? do you use any extra ie unlisted dsnbl/s? For my own mail, I can whitelist any mail which comes from 'strange' places, like one of my mailing lists. That allows me to keep the filter tight enough without catching any goodmail. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Nov 4 17:01:50 2005 From: nobody at spamcop.net (indigo) Date: Fri Nov 4 17:05:03 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: Mike Easter wrote: > indigo wrote: > > Patto wrote: > > >> Why? - Who cares! These messages are so easily filtered; either by > >> BLs or other means. I haven't seen any for over a half year. > > > > Spampal doesn't catch them.......at least on my home machine. > > Naturally we all get different spam, but spampal misses very very few > of my spams, and most of them are caught by the blocklists. > > What blocklists are you using? > > I use spamhaus sbl+xbl [which includes sbl, cbl, njabl, & blitzed] + > ordb, scbl, & sorbs > I believe I am using the exact same set of lists. But I'm on Spamcast, not Earthlink or whatever ISP you use, if that makes a difference.........if I had to guess I think about 20% of my spam slips thru Spampal. From nobody at xyzzy.claranet.de Sat Nov 5 00:10:33 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 18:15:05 2005 Subject: [SpamCop-List] Re: Messages with No Subject Header and No Message Body (Again) References: Message-ID: <436BEA69.4F7A@xyzzy.claranet.de> Mike Easter wrote: > It is for approved submitters who also much be mailhosted. It was the opposite for me, I configured mailhosts immediately after an "accident" (40 quick reports to my own ISP when SC had an obscure DNS problem confusing the ordinary chain test). Maybe it's a MUST (RfC upper case) now, minimally a SHOULD. > maybe the parser just 'stops' before it even determines > if it is empty or not. Yes, from my POV that's a feature. Bye, Frank From nobody at xyzzy.claranet.de Sat Nov 5 00:23:21 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 18:25:04 2005 Subject: [SpamCop-List] Re: Parser configuration option proposal References: Message-ID: <436BED69.6FE6@xyzzy.claranet.de> Mike Easter wrote: > o Unresolved spamvertisers are currently not > statistic-paged, and thus are not sc-surbl scraped SURBL doesn't use scraping anymore, it now has a more direct access on SC: Bye, Frank From nobody at xyzzy.claranet.de Sat Nov 5 00:28:34 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 18:30:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> Message-ID: <436BEEA2.844@xyzzy.claranet.de> Mike Easter wrote: > That is, I am of the theory that SC 'chooses' to not resolve > spamvertised links sometimes for some reason of resource > priorities or something. Yes, it's very different from "no IP found, discarded a fake". And it always works for ??.geocities.com as single line query. Bye, Frank From nospam at dev.null Sat Nov 5 01:42:42 2005 From: nospam at dev.null (No Spam) Date: Fri Nov 4 18:45:02 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! In-Reply-To: References: Message-ID: indigo wrote: > Borgholio wrote: > >>Sent a manual report yesterday to a Russian ISP regarding a Nigerian >>scammer using a .ru address. > > > Good boy! You're learning to keep your 419 crap out of .social! Keep up the > good work and you may get a lollipop ;-) > > Social so quiet, I might just head off to aa419.org for a few laughs :-0 From nobody at xyzzy.claranet.de Sat Nov 5 00:49:16 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 18:50:02 2005 Subject: [SpamCop-List] Re: LK References: <43663619.A9@xyzzy.claranet.de> <436B1B7F.7FB5@xyzzy.claranet.de> <436B3461.2273@xyzzy.claranet.de> Message-ID: <436BF37C.45C0@xyzzy.claranet.de> Mike Easter wrote: > I'm not entirely sure that using the nameservers for > spamcop.net is the same as what nameservers spamcop uses > for its resolving. Probably not, and I misinterpreted the dig-style of output: It was the usual "I don't talk with unknown strangers about other unknown strangers" answer. Some name servers (try to) answer everything from anybody. Most don't and only tell you where to find the root servers (for queries about stuff that's not in their zone) - I missed that in the dig-style, because I normally see nslookup-style. > I go to dnsstuff which can perform an analysis of the dns > timing and what is wrong with it. There's a lot wrong with > that url's nameservice ACK, that's a much better plan. Bye, Frank From nobody at xyzzy.claranet.de Sat Nov 5 01:12:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Nov 4 19:15:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> <436B1DC5.75D3@xyzzy.claranet.de> Message-ID: <436BF8F0.5E5C@xyzzy.claranet.de> Jeff G. wrote: >> Did they fire Julian or what ? > Not as far as I know. Then he should really do something about the geocitie issue. It's no special personal vendetta when I try to report them, it's a very simple strategy: With a catch-all it's easy to filter spam to bogus addresses. Either my ISP already "knew" that it's spam and inserted a tag, or it's "unidentified" spam. And the latter might be generally interesting, therefore I submit it for "manual" reporting, less than 10 per day. Of course I don't look _into_ this "unidentified" spam before submitting it - the subject is enough to catch typos. Unfortunately the geocities spam is often "unidentified", so it shows up again and again in my rare manual reports. > "I still act as the main force behind SpamCop". He could forcefully add ??.geocities.com to SC's /etc/hosts as far as I'm concerned. Or offer a reason for this odd geocities-behaviour in the output of the technical details. Or decree that geocities is an IB. But ignoring hundreds of questions and complaints here for months is IMO wrong. Bye, Frank From MikeE at ster.invalid Fri Nov 4 16:18:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 4 19:20:02 2005 Subject: [SpamCop-List] Re: Parser configuration option proposal References: <436BED69.6FE6@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> o Unresolved spamvertisers are currently not >> statistic-paged, and thus are not sc-surbl scraped > > SURBL doesn't use scraping anymore, it now has a more > direct access on SC: I've read everything about sc and sc2 surbl available since Feb at gmane.mail.spam.rbl.surbl by using the gmane newsserver-- and I can't find a description of any different method of data collection for sc2 than sc-surbl -- and the description at the surbl website remains unchanged. How exactly is it getting 'more direct' access? Even if it were being channeled directly somewhere that sc2-surbl could access, what is being channeled 'has to be' what is being channeled to the stats page. In any case, it is my 'conviction' or impression that any spamvertised links which are not resolved and are thus not reported are not made accessible to sc or sc2-surbl -- so any improvement on SC's end of making them available [statistics page or otherwise] to sc or sc2-surbl would be the same improvement I was describing. Or even better. That is, the better sc2 is doing, the better better an improvement in SC's providing spamvertiser links would be. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Nov 5 07:30:09 2005 From: nobody at spamcop.net (nospam) Date: Fri Nov 4 22:35:19 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: in article dkfupn$ti1$1@news.spamcop.net, jg at jg@coks.net wrote on 11/4/05 7:31 PM: > On 11/3/2005 8:49 PM Jeff G. scribbled: SNIP > That said, I do send spam to the SEC and FDA anyway... Well, I used to, but with the new default ticked "on" for user supplied 3d Party reporting addresses, I had to turn that off. I was forgetting to untick too mony non-securities spams. It becomes too much work to add manual LARTS for all the Pimp and Dump stuff. From jg at coks.net Fri Nov 4 21:17:34 2005 From: jg at coks.net (jg) Date: Sat Nov 5 00:20:17 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? In-Reply-To: References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: On 11/4/2005 7:30 PM nospam scribbled: > in article dkfupn$ti1$1@news.spamcop.net, jg at jg@coks.net wrote on 11/4/05 > 7:31 PM: > > >>On 11/3/2005 8:49 PM Jeff G. scribbled: > > SNIP > >>That said, I do send spam to the SEC and FDA anyway... > > > Well, I used to, but with the new default ticked "on" for user supplied 3d > Party reporting addresses, I had to turn that off. I was forgetting to > untick too mony non-securities spams. It becomes too much work to add manual > LARTS for all the Pimp and Dump stuff. > Well, tnx for the heads up on 'user supplied' use - last I looked, and as a free reporter, I was allowed only 2 user supplied addys - but then it could well have been a brain fart. BTW, to me, manual LARTed means going outside the SC environment. Do you mean that you regard checking a 'user supplied' addy as a LART? Since I munge via SC, I don't view it as LARTing, but I'm just a lurker... From nobody at xyzzy.claranet.de Sat Nov 5 08:13:31 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Nov 5 02:15:02 2005 Subject: [SpamCop-List] Re: Parser configuration option proposal References: <436BED69.6FE6@xyzzy.claranet.de> Message-ID: <436C5B9B.2039@xyzzy.claranet.de> Mike Easter wrote: > How exactly is it getting 'more direct' access? No idea, magic organized by Jeff and Julian. Polling the stats page with http once per minute (?) only to determine new entries was a hack. Whatever they do now should be something more direct, and I hope it's not limited to the new http://www.spamcop.net/w3m?action=inprogress;type=www reports, but also covers URLs found in older spam. Something like a "ping" (as for updated blogs) could make sense, if SC is the active part. Or a named pipe from SC to SURBL (= permanent connection). More or less any protocol can transport "URL + timestamp". They could do it with UDP, but they won't without some heavy crypto ;-) > In any case, it is my 'conviction' or impression that > any spamvertised links which are not resolved and are > thus not reported are not made accessible to sc or sc2 Probably. If it really has no IP SURBL wouldn't want it. Bye, Frank From redford_stone at INVERSE_OF_COLDmail.com Sat Nov 5 10:50:41 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Nov 5 05:55:23 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> <436B1DC5.75D3@xyzzy.claranet.de> <436BF8F0.5E5C@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:436BF8F0.5E5C@xyzzy.claranet.de: > [snip] > > He could forcefully add ??.geocities.com to SC's /etc/hosts > as far as I'm concerned. Or offer a reason for this odd > geocities-behaviour in the output of the technical details. > > Or decree that geocities is an IB. But ignoring hundreds > of questions and complaints here for months is IMO wrong. > > Bye, Frank > > He could. But he may not do it for various reasons. Namely Geocities' lackluster response. From redford_stone at INVERSE_OF_COLDmail.com Sat Nov 5 10:52:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Nov 5 05:55:40 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: Message-ID: "Robert Blair" wrote in news:TECQXhvKj0FX-pn2- mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com: > > Universal Music > > This information is from the DShield mailing list. There has been a > discussion on the list since the first of the month. It seems that > some people have known about this for some time but it is just now > being made public. > Guess enough people began to notice these hidden files being installed without proper permission. From redford_stone at INVERSE_OF_COLDmail.com Sat Nov 5 10:53:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Nov 5 05:55:43 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! References: Message-ID: Borgholio wrote in news:dkg6fr$1md$1@news.spamcop.net: > Sent a manual report yesterday to a Russian ISP regarding a Nigerian > scammer using a .ru address. Woke up this morning to find this: > Knocking out a drop box.. easy as pie for any sysadmin. From borgholio at storymind.com Sat Nov 5 04:36:42 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 5 07:40:02 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! In-Reply-To: References: Message-ID: Redstone wrote: > Borgholio wrote in > news:dkg6fr$1md$1@news.spamcop.net: > > >>Sent a manual report yesterday to a Russian ISP regarding a Nigerian >>scammer using a .ru address. Woke up this morning to find this: >> > > > Knocking out a drop box.. easy as pie for any sysadmin. > Yeah but the fact that it's a Russian sysadmin is what amazes me. :) From nobody at spamcop.net Sat Nov 5 06:44:28 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 5 07:45:03 2005 Subject: [SpamCop-List] Please make sure this email IS spam: Message-ID: Please make sure this email IS spam: Now, what does that mean when asked this by Spamcop? If I didn't want it, did not ask for it, is it not SPAM? I have wondered this for a long time! John Anderson Registered Spamcop User From nobody at spamcop.net Sat Nov 5 06:49:30 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 5 07:50:03 2005 Subject: [SpamCop-List] Re: black list reporting References: Message-ID: "geo_splash_12" wrote in message news:dkaj9g$t7a$1@news.spamcop.net... > mikeyhsd wrote: >> here is a link >> http://www.spamcop.net/sc?id=z822386771z92c697c6b7c3ad934c08cab7c6e46adez > > I do not understand the first few header lines where the spamcop parser > complains about IP 10.93.46.16. Where does this come from, is this > correct? > > Furthermore the link shows that abuse reports were sent to the > administrators of 125.57.108.71 (in the .kr domain), but apparently this > IP is not listed within spamcop. > > (Korean / Chinese spam is almost impossible to get rid off, maybe consider > to install your own specific filters for this problem. > > Finally abuse reports are sent because of a link within the spam, > 211.112.18.18 which is within the elim.com domain. > > Ejo I used to get a lot of Chinese/Korean spam, even sometimes Russian. My cure was to change providers, dumping the old e-mail altogether, but was going to dump the address anyway, but wanted a better high speed account. My old isp had no other idea, other than to change my e-mail id. My new isp uses Spam Assassian. I bet there is still mail being sent to my old account today, and it has been several years since I changed! John Anderson From nobody at spamcop.net Sat Nov 5 06:58:41 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 5 08:00:04 2005 Subject: [SpamCop-List] Re: Bounce messages References: Message-ID: "Mike Easter" wrote in message news:djtc38$2ge$1@news.spamcop.net... > We are usurping a thread started by someone about an entirely different > topic, but that's OK. It is still about bouncing, but you didn't > include a bounce message. > > Mike Nel wrote: >> WazoO, I am presuming that you are somehow involved with SpamCop. My >> apologies if you are not. > > I'm not WazoO, but the way newsgroups and other community forums work is > that you post a message and whoever wants to can comment on it. > >> I have NEVER subscribed to SpamCop, and I am definitely not involved >> in any "Spam" activities. However, today I try and send a pricing >> request to one of my suppliers - one I use on a regular basis - and I >> get a bounce-back claiming that my email address has been blacklisted >> by SpamCop. > > It is very important that you understand what is going on when a mail > 'bounces' - a vague term requiring some guess work absent the delivery > status notification information. > > When you try to email something, it is trying to go out from some server > to which you are subscribed and you haven't named. When it tries to go > from that unnamed server to someone else's server, that of your > recipient, you recipient's server may employ some kind of spam filter or > spamblocking system to defend against spamsources. > > If your mail is blocked, it is blocked by your recipient's server. Not > spamcop. > I had a problem with IP blocking of one of my sites, but solved it with my host. I don't use the site's e-mail very often, but sometimes I do. When one is hosted on a "shared server" that can happen. My former ISP had a problem at one time with IP blocking and put a message about it on their home page, that anyone sending spam would lose their account. Again, the host can solve the problem and get the blocking removed, or even, if neccessary, change the IP number. My old ISP did change IP numbers now and then for their e-mail, maybe to solve such a problem! John Anderson From MikeE at ster.invalid Sat Nov 5 05:12:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Nov 5 08:15:04 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: John Anderson wrote: > Please make sure this email IS spam: > > Now, what does that mean when asked this by Spamcop? That is a last chance to prevent making a mistake. SpamCop reporters make mistakes all the time. They report their own providers, they report items which are not spam, they fail to read the rules. They fail to reread the rules when the rules change. When you are looking at the result of the parse of a spam, you are looking at information about the item from a different perspective which allows you to re-evaluate what you have fed the parser. "Free users who break one of the rules will be immediately banned from SpamCop" Paying members can be fined or banned.. http://www.spamcop.net/fom-serve/cache/143.html What if I break the rule(s)? > If I didn't want it, did not ask for it, is it not SPAM? Discussing what is a good definition of spam can have many nuances. I prefer this definition http://www.mail-abuse.com/spam_def.html MAPS' Definition of "spam" even tho' maps is unpopular with some people. Spamhaus is more popular and has a similar one http://www.spamhaus.org/definition.html What is 'spamcop reportable' has its own definitions http://www.spamcop.net/fom-serve/cache/14.html On what type of email should I (not) use SpamCop? You should be familiar with all of the contents of the faq/s and how to navigate them from the site map http://www.spamcop.net/sitemap.shtml -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sat Nov 5 08:15:11 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Nov 5 09:20:07 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: In article , "John Anderson" writes: > Please make sure this email IS spam: > > Now, what does that mean when asked this by Spamcop? > If I didn't want it, did not ask for it, is it not SPAM? > > I have wondered this for a long time! Some humans type faster than they think. From noemail at here.org Sat Nov 5 09:45:50 2005 From: noemail at here.org (travis) Date: Sat Nov 5 10:50:29 2005 Subject: [SpamCop-List] Feature Request: Unreported Spam Saved Message-ID: On the main page, where it says "Unreported Spam Saved: Report Now", it REALLY needs to have a feature that shows HOW MANY unreported spam are actually saved. PLEASE add that :( From gezgin at spamcop.net Sat Nov 5 19:00:48 2005 From: gezgin at spamcop.net (Gezgin) Date: Sat Nov 5 12:05:20 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: Message-ID: "travis" wrote in message news:dkik3e$hit$1@news.spamcop.net... > On the main page, where it says "Unreported Spam Saved: > Report Now", it > REALLY needs to have a feature that shows HOW MANY > unreported spam are > actually saved. > PLEASE add that :( Seconded. -- Bob Kanyak's Doghouse http://www.kanyak.com From nobody at nowhere.not Sat Nov 5 17:53:00 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Nov 5 12:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: Message-ID: On Sat, 5 Nov 2005 10:52:34 UTC, Redstone wrote: > > This information is from the DShield mailing list. There has been a > > discussion on the list since the first of the month. It seems that > > some people have known about this for some time but it is just now > > being made public. > > > > Guess enough people began to notice these hidden files being installed > without proper permission. I don't know who found it first or why but I doubt it was a "normal" user. This copy protection scheme had a rootkit that hid all of its files from any of the standard anti-virus/trojan/ads programs. There are now people telling others to go buy the Sony CDs and use the rootkit, I would imagine that the virus/trojan/ads writers have also started to do the same thing. -- Robert Blair From nobody at nowhere.not Sat Nov 5 17:59:46 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Nov 5 13:00:03 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: Message-ID: On Sat, 5 Nov 2005 15:45:50 UTC, "travis" wrote: > On the main page, where it says "Unreported Spam Saved: Report Now", it > REALLY needs to have a feature that shows HOW MANY unreported spam are > actually saved. I have requested a way to delete the top most item of "Unreported Spam" (currently you can only delete all "Unreported Spam") but nothing has changed. So while we are one the subject of "Unreported Spam" again I will make the request again. Please. -- Robert Blair From jeffg at spamcop.net Sat Nov 5 13:31:31 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 5 13:35:03 2005 Subject: [SpamCop-List] Re: Reporting user database down? References: Message-ID: I wrote Tuesday 2005/11/01 23:06 EST -0500: > I take my info from the SpamCop Statistics graph at > http://alpha.cesmail.net/graphics/spamstats.gif on my off-site page > "SpamCop.net - Total spam report volume mock-up" at > http://forum.spamcop.net/forums/index.php?showtopic=5247 . As I wrote in http://forum.spamcop.net/forums/index.php?showtopic=5235&view=findpost&p=35524 , "At present, apha.cesmail.net is responding to ping, but not HTTP. That's why the graph isn't showing up. I've sent notifications to JT." All of the graphs referred to by the four links in the bottom "Total spam report volume" section of the Statistics page http://www.spamcop.net/spamstats.shtml are of course having the same problem. Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From devnull at spamcop.net Sat Nov 5 15:02:16 2005 From: devnull at spamcop.net (Frog Prince) Date: Sat Nov 5 15:05:12 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: Message-ID: "Robert Blair" | | > On the main page, where it says "Unreported Spam Saved: Report Now", it | > REALLY needs to have a feature that shows HOW MANY unreported spam are | > actually saved. | | I have requested a way to delete the top most item of "Unreported | Spam" (currently you can only delete all "Unreported Spam") but | nothing has changed. | | So while we are one the subject of "Unreported Spam" again I will make | the request again. Please. Yea the number left to report and the option to delet those that are too old to report would save me time and effort. From jeffg at spamcop.net Sat Nov 5 16:40:00 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 5 16:45:15 2005 Subject: [SpamCop-List] Re: Reporting user database down? Message-ID: I wrote Saturday 2005/11/05 13:31 EST -0500: > I wrote Tuesday 2005/11/01 23:06 EST -0500: > > I take my info from the SpamCop Statistics graph at > > http://alpha.cesmail.net/graphics/spamstats.gif on my off-site page > > "SpamCop.net - Total spam report volume mock-up" at > > http://forum.spamcop.net/forums/index.php?showtopic=5247 . > > As I wrote in > http://forum.spamcop.net/forums/index.php?showtopic=5235&view=findpost&p=35524 , > "At present, apha.cesmail.net is responding to ping, but not HTTP. > That's why the graph isn't showing up. I've sent notifications to JT." > All of the graphs referred to by the four links in the bottom "Total > spam report volume" section of the Statistics page > http://www.spamcop.net/spamstats.shtml are of course having the same > problem. I'm sorry, in my haste to notify you I misspelled "alpha" as "apha". -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only, as PMs and Emails may be posted, reported, and/or ridiculed. From nospam at nospam.nl Sat Nov 5 23:35:37 2005 From: nospam at nospam.nl (geo_splash_12) Date: Sat Nov 5 17:40:10 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: In-Reply-To: References: Message-ID: Mike Easter wrote: > What is 'spamcop reportable' has its own definitions > http://www.spamcop.net/fom-serve/cache/14.html On what type of email > should I (not) use SpamCop? On this web site you will read: > We define spam as Unsolicited Bulk Email (UBE). To be considered spam, a message must be: > > 1. Unsolicited (I didn't request it explicitly or implicitly); and, > 2. Bulk (the same message was sent to many people at once). I don't want to change the definition of spam, but just want to remark that in reality the one who submits spam to spamcop must have had a reasonable suspicion that a received e-mail is unsolicited and must have had a reasonable suspicion that it is bulk. Oftentimes reasonable suspicion is a gray area because the recipient couldn't tell whether a particular spam was addressed only to him (so that it isn't bulk) or he may have forgotten he asked the e-mail to be sent. On basis of counting input from different user reports and information retrieved by mail traps and possibly other information sources the spamcop system finally decides whether IP addresses used by the spammer should be listed. What about the unlisted cases, were they no spam? Also, as we all know, errors are made during the reporting process varying from silly mistakes to more severe cases of harassment because of an e-mail war the recipient may have been involved in. And apparently in some of these cases fines need issued or spamcop user accounts need to be revoked. The longer you think about it, the more gray any definition of spam becomes, and this is one of the reasons why in general spam is so hard to fight, and why sometimes it is easy to fight. Section 1343 in Laws: Cases and Codes, U.S. Code, Title 18 is perhaps equally effective for cases as a result of fraudulent e-mails sent by a spammers, see also: http://caselaw.lp.findlaw.com/scripts/ts_search.pl?title=18&sec=1343 Ejo From porpoise1954 at yahoo.co.uk Sat Nov 5 22:52:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Nov 5 17:55:07 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: Message-ID: "Gezgin" wrote in message news:dkiokg$jmi$1@news.spamcop.net... > "travis" wrote in message > news:dkik3e$hit$1@news.spamcop.net... >> On the main page, where it says "Unreported Spam Saved: Report Now", it >> REALLY needs to have a feature that shows HOW MANY unreported spam are >> actually saved. >> PLEASE add that :( > > Seconded. Thirded. From Kilgallen at SpamCop.net Sat Nov 5 16:55:18 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Nov 5 18:00:03 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: In article , geo_splash_12 writes: > Oftentimes reasonable suspicion is a gray area because the recipient > couldn't tell whether a particular spam was addressed only to him (so > that it isn't bulk) Don't worry about that part - SpamCop amalgamates reports from many sources to determine that. > or he may have forgotten he asked the e-mail to be sent. Anybody in that position should _not_ be reporting spam, since it diminishes the reputation of spamfighters everywhere. From joseph_k at invalid.com Sat Nov 5 15:32:44 2005 From: joseph_k at invalid.com (Joseph_K) Date: Sat Nov 5 18:35:02 2005 Subject: [SpamCop-List] webforum down? Message-ID: <16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com> Getting this error message from the web forum: mySQL query error: DELETE FROM ipb_sessions WHERE member_id=152 mySQL error: Can't open file: 'ipb_sessions.MYI'. (errno: 145) mySQL error code: Date: Saturday 05th of November 2005 06:30:31 PM From nobody at devnull.spamcop.net Sat Nov 5 18:35:24 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Nov 5 18:35:07 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: "geo_splash_12" wrote in message news:dkjc3t$svn$1@news.spamcop.net... > Mike Easter wrote: > > > What is 'spamcop reportable' has its own definitions > > http://www.spamcop.net/fom-serve/cache/14.html On what type of email > > should I (not) use SpamCop? The basic definition of spam is unsolicited and unwanted. The unwanted is defined by the reporter. However, various blocklists narrow that definition. It depends on the blocklist criteria whether a particular email is 'spam'. Most blocklists say that it is unsolicited bulk email. That excludes unsolicited commercial email that is an individual email. Whether it is reported or not depends on where it is sent. A resume sent to the wrong address (sales for instance) can be considered spam while the same resume sent to jobs company is not considered spam. Those who use blocklists know what the criteria are and whether or not they want to use a particular blocklist (or how they want to use it). Miss Betsy an almost new internet user From MikeE at ster.invalid Sat Nov 5 15:47:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Nov 5 18:50:03 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: The maps definition doesn't use the word bulk. The recipient typically can't verify bulkiness. The very carefully structured definition at maps deals with 'bulkiness' from a different angle. // An electronic message is "spam" IF: (1) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (2) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent; AND (3) the transmission and reception of the message appears to the recipient to give a disproportionate benefit to the sender. // The discussion that follows those words is critical to their interpretation. An example is the last sentence in the discussion "Content is irrelevant except to the extent necessary to determine personal applicability, consent, and benefit." http://www.mail-abuse.com/spam_def.html -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Nov 5 18:50:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Nov 5 18:50:11 2005 Subject: [SpamCop-List] Re: webforum down? References: <16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com> Message-ID: "Joseph_K" wrote in message news:16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com... > Getting this error message from the web forum: Ditto. Miss Betsy From nobody at spamcop.net Sun Nov 6 00:08:54 2005 From: nobody at spamcop.net (StampOutSpam) Date: Sat Nov 5 19:10:02 2005 Subject: [SpamCop-List] E-mail from Don (Re: mailhosts configured) and missing data Message-ID: Don e-mailed me about needing to configure mailhosts, and disabled my account. The test message that was supposed to come in an hour took about half a day, but that's not the weird part. Don's e-mail is gone! I searched all the folders in Mozilla and it's not there. Now I'm worried about other e-mails that may be missing. I've done the mailhosts configuration, so my reporting account (StampOutSpam) can be restored. From MikeE at ster.invalid Sat Nov 5 16:35:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Nov 5 19:40:03 2005 Subject: [SpamCop-List] Re: E-mail from Don (Re: mailhosts configured) and missing data References: Message-ID: StampOutSpam wrote: > Don e-mailed me about needing to configure mailhosts, and disabled my > account. That would cause me to presume you might've been reporting your own provider as a spamsource. Long before there was any such thing as mailhosts, SC reporters have needed to have cognizance of what mailheaders look like, and what part of those headers belong to your own provider or 'mailhost'. Then, when you are reporting spam, that the reporter be sufficiently responsible to look at what/who you are reporting as a spamsource, and don't report your recognized provider. I don't think the SC reporter should plead 'ignorance' to the appearance or 'foreign-ness' of mailheaders or who/what part of those headers belong to their provider. Maybe someone 'off the street' who isn't a spam reporter can say they don't need knowledge of mailheaders or their providers header stamp, but not a responsible SC reporter. > The test message that was supposed to come in an hour took > about half a day, but that's not the weird part. OK. > Don's e-mail is > gone! I'm going to interpret that as meaning that you can't see it when you look for it. > I searched all the folders in Mozilla and it's not there. Now > I'm worried about other e-mails that may be missing. I've done the > mailhosts configuration, so my reporting account (StampOutSpam) can > be restored. OK I hear what you are saying.... Are you successfully communicating in the mailhost configuration process? So that the conclusion of the configuration steps are mutually understood to be completed? -- Mike Easter kibitzer, not SC admin From SC.10.myspamgobbler at spamcowboy.net Sat Nov 5 16:44:35 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Sat Nov 5 19:50:03 2005 Subject: [SpamCop-List] Re: E-mail from Don (Re: mailhosts configured) and missing data In-Reply-To: References: Message-ID: StampOutSpam wrote: > Don e-mailed me about needing to configure mailhosts, and disabled my > account. The test message that was supposed to come in an hour took > about half a day, but that's not the weird part. Don's e-mail is gone! > I searched all the folders in Mozilla and it's not there. Now I'm > worried about other e-mails that may be missing. In Mozilla's View menu\Messages, make sure All is checked, not Unread. I'm assuming this is the same menu setup as Mozilla Thunderbird. -- Brian SC.10.myspamgobbler@spamcowboy.net From nobody at spamcop.net Sun Nov 6 01:23:17 2005 From: nobody at spamcop.net (StampOutSpam) Date: Sat Nov 5 20:25:02 2005 Subject: [SpamCop-List] Re: E-mail from Don (Re: mailhosts configured) and missing data References: Message-ID: > Are you successfully communicating in the mailhost configuration > process? So that the conclusion of the configuration steps are mutually > understood to be completed? The mailhost configuration is done. >> Don's e-mail is gone! > > I'm going to interpret that as meaning that you can't see it when you > look for it. It was in my inbox before I gave up waiting for the test message, and when I checked later, the e-mail he sent wasn't in any of the mail folders. I didn't delete it, and if it was deleted by accident, I didn't delete it individually from the trash. If this is data corruption, it's unusually specific. I've had mail folders go bad, but then they won't open or there are big chunks of data missing. From nobody at spamcop.net Sun Nov 6 01:31:23 2005 From: nobody at spamcop.net (StampOutSpam) Date: Sat Nov 5 20:35:02 2005 Subject: [SpamCop-List] Re: E-mail from Don (Re: mailhosts configured) and missing data References: Message-ID: >> Don's e-mail is gone! >> I searched all the folders in Mozilla and it's not there. > In Mozilla's View menu\Messages, make sure All is checked, not Unread. It's configured to show all messages as usual, and any messages not shown in the regular window should be in the search window. I checked SpamCop Webmail, but the message wasn't there either. From nobody at devnull.spamcop.net Sat Nov 5 20:14:14 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Nov 5 21:15:03 2005 Subject: [SpamCop-List] Re: webforum down? References: <16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com> Message-ID: "Miss Betsy" wrote in message news:dkjgep$vge$1@news.spamcop.net... > > Ditto. > > Miss Betsy Check the Announcements .... per my usual 'learn by doing' ..... it's back up .... From nobody at spamcop.net Sun Nov 6 08:19:07 2005 From: nobody at spamcop.net (nospam) Date: Sat Nov 5 23:20:25 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: in article dkhf61$vnj$1@news.spamcop.net, jg at jg@coks.net wrote on 11/5/05 9:17 AM: > On 11/4/2005 7:30 PM nospam scribbled: > >> in article dkfupn$ti1$1@news.spamcop.net, jg at jg@coks.net wrote on 11/4/05 >> 7:31 PM: >> >> >>> On 11/3/2005 8:49 PM Jeff G. scribbled: >> >> SNIP >> >>> That said, I do send spam to the SEC and FDA anyway... >> >> >> Well, I used to, but with the new default ticked "on" for user supplied 3d >> Party reporting addresses, I had to turn that off. I was forgetting to >> untick too mony non-securities spams. It becomes too much work to add manual >> LARTS for all the Pimp and Dump stuff. >> > Well, tnx for the heads up on 'user supplied' use - last I looked, and > as a free reporter, I was allowed only 2 user supplied addys - but then > it could well have been a brain fart. > BTW, to me, manual LARTed means going outside the SC environment. Do > you mean that you regard checking a 'user supplied' addy as a LART? > Since I munge via SC, I don't view it as LARTing, but I'm just a lurker... You're right, they're not LARTS, just fodder, although when Mike Lindsey? was spamming the sh*t out of me from Calpop, then MCI and then SBC and ... I forget, I was adding LARTS to the higher ups, and customer/investor relations etc. in these outfits. Usually I just have the special addresses for my pet peeve of the month, PHISHes, or PumP&Dump, or Drugs. BTW you can have up to 4 addresses as a free reporter. From nobody at xyzzy.claranet.de Sun Nov 6 05:56:50 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Nov 6 00:10:05 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: <436D8D12.7DCA@xyzzy.claranet.de> Mike Easter wrote: > That is a last chance to prevent making a mistake. > SpamCop reporters make mistakes all the time. Yes, my two mistakes this year (so far) were both results of the same script filtering "huge" mails incl. potential mail worms (MZ and PK parts). This filter "assumes" that I manually check what it found to be "too big" or otherwise suspicious. For months it was 100% spam, therefore I got used to "select all" + "forward" + "JHD" without really checking it. At the same time the number of spams violating my personal "too big" rule increased from a handful per day to about 50% of all spam I get (in other words the average spam size this year is apparently _much_ bigger than in 2004). So far no problem, big spam is still spam. But then somebody posted a mail with an attached ZIP on the only mailing list where I can't disable to get mail copies... :-( Yes, I've white listed this list, but only in a whitelist filter _behind_ the popstop.cmd script. Script saw "UE" (i.e. PK) => added to the folder with truncated "big mails". About 30 other "big spams" made it to this folder. Stupid user (me) sees what he always sees, "all" subjects tagged as spam... "all" = the first eight visible in the window, not "all" = 30. Stupid user (me) clicks "select all" + "forward" + JHD + "send". Oops. In another episode with the same script it was a JPG I sent to me from another account. In that case I forgot to white list an X-Envelope-To for intentionally "big mails". Oops, I dit it again. Apologies sent, script fixed, etc., but it's always possible to screw up somehow. With (I'm not sure) about 500 reports per day that's a false positive rate of more than 0.01% this year, IMO rather poor. Bye, Frank From nobody at nowhere.invalid Sun Nov 6 11:03:33 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Nov 6 05:06:11 2005 Subject: [SpamCop-List] Re: Please make sure this email IS spam: References: Message-ID: On Sat, 5 Nov 2005 18:35:24 -0500, Miss Betsy coughed into spamcop and left this in : > Most blocklists say that it is unsolicited bulk email. That > excludes unsolicited commercial email that is an individual email. Exactly. I tend to define spam as unsolicited and either bulk or promotional. So if someone sends just lil' old me a mail touting some product or other, I still consider it as unwanted advertising and will report it as the spam that it is. -- Steve Hurewitz's Memory Principle: The chance of forgetting something is directly proportional to ..... to ........ uh .............. From spambait at whodat.net Sun Nov 6 04:28:20 2005 From: spambait at whodat.net (Darrel Toepfer) Date: Sun Nov 6 05:30:23 2005 Subject: [SpamCop-List] Re: webforum down? In-Reply-To: References: <16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com> Message-ID: WazoO wrote: > "Miss Betsy" wrote in message > news:dkjgep$vge$1@news.spamcop.net... > >>Ditto. >> >>Miss Betsy > > > Check the Announcements .... per my usual 'learn by > doing' ..... it's back up .... Looks like the entire thing is down now... --- An error occurred while processing your request. Reference #97.206a1cd.1131272864.2cced67 From nobody at devnull.spamcop.net Sun Nov 6 08:14:19 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Nov 6 09:15:20 2005 Subject: [SpamCop-List] Re: webforum down? References: <16gqm1pofm4ukjrr1enlukns85v4r6dmv6@4ax.com> Message-ID: "Darrel Toepfer" wrote in message news:dkkls0$hr1$1@news.spamcop.net... > WazoO wrote: > > > Check the Announcements .... per my usual 'learn by > > doing' ..... it's back up .... > > Looks like the entire thing is down now... > > An error occurred while processing your request. > Reference #97.206a1cd.1131272864.2cced67 Your downtime reference relates to www.spamcop.net .. This thread is about http://forum.spamcop.net/forums/ The second now includes a graphic in its banner line to show the (lack of) activity of the first in an attempt to answer the "is it down" question before it gets asked. From nobody at spamcop.net Sun Nov 6 16:34:32 2005 From: nobody at spamcop.net (me-no-no) Date: Sun Nov 6 11:35:20 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: Message-ID: "Frog Prince" wrote in message news:dkj35e$ok2$1@news.spamcop.net... > "Robert Blair" > | > | > On the main page, where it says "Unreported Spam Saved: Report Now", > it > | > REALLY needs to have a feature that shows HOW MANY unreported spam are > | > actually saved.> | I have requested a way to delete the top most item of "Unreported > | Spam" (currently you can only delete all "Unreported Spam") but > | nothing has changed. > | > | So while we are one the subject of "Unreported Spam" again I will make > | the request again. Please. > Yea the number left to report and the option to delet those that are too > old > to report would save me time and effort. and.... Another "pretty please" for this feature to be added or amended - Thanx I A. Ciao Meno From nospam at nospam.nl Sun Nov 6 18:47:00 2005 From: nospam at nospam.nl (geo_splash_12) Date: Sun Nov 6 12:50:10 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved In-Reply-To: References: Message-ID: travis wrote: > On the main page, where it says "Unreported Spam Saved: Report Now", it > REALLY needs to have a feature that shows HOW MANY unreported spam are > actually saved. > > PLEASE add that :( You don't need this option, because, if you would check past reports you get to see the ones that are not yet reported. Ejo From jg at coks.net Sun Nov 6 10:00:09 2005 From: jg at coks.net (jg) Date: Sun Nov 6 13:00:03 2005 Subject: [SpamCop-List] Re: Neat Package -- Nobody to Report To? In-Reply-To: References: <4362AD03.E5E72107@SpamCop.net.dev.null> <43665BA4.4E08B61F@SpamCop.net.dev.null> <4369B5A3.80C72E28@SpamCop.net.dev.null> Message-ID: On 11/5/2005 8:19 PM nospam scribbled: BTW you can have up to 4 addresses as a free reporter. > Good to know, tnx jg From jg at coks.net Sun Nov 6 10:44:14 2005 From: jg at coks.net (jg) Date: Sun Nov 6 13:45:02 2005 Subject: [SpamCop-List] One for dave null... Message-ID: http://www.spamcop.net/sc?id=z823833942z36f6fb52cd52ac148cbd0ae894bab641z Is there anything odd about this spam ? Aside the SC lack of obfuscation issue, is this a case of spammy dummy (redundant) or spammy trickery? I speaking of the multi notifies... tnx From jg at coks.net Sun Nov 6 10:48:40 2005 From: jg at coks.net (jg) Date: Sun Nov 6 13:50:02 2005 Subject: [SpamCop-List] comcor.ru Message-ID: http://www.spamcop.net/sc?id=z823836091zd9dac5602941e4096cc1913ba9d1496cz The above addy has just popped up in recent (past 2 weeks) spam. Are they new to the block or just reaching my ISP? spam is regular Leo stuff... From 79ytka802 at sneakemail.com Sun Nov 6 21:17:12 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Nov 6 16:20:22 2005 Subject: [SpamCop-List] "You are very good, thank you!" Message-ID: You are probably all going to tick me off for opening spam, but... here we go: In the last few days I have been getting some VERY strange messages. Always in plain text with no attachments, always with one of two subject lines - "Unsubscribe" or "Help Pakistan Children", always with the same content: "Hello (or sometime "good afternoon"), you are very good, thank you." Sources have varied from British Telecom to some server in China. What is the point? From zypher at spamcop.net Sun Nov 6 15:54:21 2005 From: zypher at spamcop.net (Ron B.) Date: Sun Nov 6 16:55:02 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" In-Reply-To: References: Message-ID: Aviatrix wrote: > You are probably all going to tick me off for opening spam, but... here > we go: > > In the last few days I have been getting some VERY strange messages. > Always in plain text with no attachments, always with one of two subject > lines - "Unsubscribe" or "Help Pakistan Children", always with the same > content: "Hello (or sometime "good afternoon"), you are very good, thank > you." Sources have varied from British Telecom to some server in China. > > What is the point? > Any URL's to click? From 79ytka802 at sneakemail.com Sun Nov 6 22:00:22 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Nov 6 17:05:03 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" In-Reply-To: References: Message-ID: Ron B. wrote: > Any URL's to click? Nope. Nothing at all. Just a plain text message. A. From zypher at spamcop.net Sun Nov 6 16:02:20 2005 From: zypher at spamcop.net (Ron B.) Date: Sun Nov 6 17:05:14 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" In-Reply-To: References: Message-ID: Aviatrix wrote: > > > Ron B. wrote: > >> Any URL's to click? > > > Nope. Nothing at all. Just a plain text message. > > A. Bizzare! From MikeE at ster.invalid Sun Nov 6 14:09:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 6 17:10:03 2005 Subject: [SpamCop-List] Re: One for dave null... References: Message-ID: jg wrote: > http://www.spamcop.net/sc?id=z823833942z36f6fb52cd52ac148cbd0ae894bab641z > > Is there anything odd about this spam ? Did you examine the spambody? > Aside the SC lack of > obfuscation issue, is this a case of spammy dummy (redundant) or > spammy trickery? How do you mean? And there isn't a lack of deobfuscation in what I saw. SC deobfuscated. Resolving link obfuscation http://rvoked.strongbeauty.net/?kltcshxwpwpykgunbpzpoldhciw Host rvoked.strongbeauty.net (checking ip) IP not found ; rvoked.strongbeauty.net discarded as fake. http://rvoked.strongbeauty.net/?kltcshxwykgunbpzpoldhciw Host rvoked.strongbeauty.net (checking ip) IP not found ; rvoked.strongbeauty.net discarded as fake. <html part> http://gornsg.nestleimages.com/?eudvbnxwpwpybvduulzpofdihqc Host gornsg.nestleimages.com (checking ip) IP not found ; gornsg.nestleimages.com discarded as fake. http://acjjwu.nnedbestforyou.info/?aeqoboxwyrighnhzpoufovqt Host acjjwu.nnedbestforyou.info (checking ip) IP not found ; acjjwu.nnedbestforyou.info discarded as fake. > I speaking of the multi notifies... There are no multinotifies. SC notifies kornet about the proxysource. Nothing else. Neither in your SC recommended reports nor what the parser showed me. The only multinotify was what you added to your provider and uce.gov There are 'multi-spamvertiser' links, none notified. There are two versions, the text/plain version part of the multipart, and the text/html part of the multipart. So, if your mua/OE is configured to render the html, it ignores the plaintext version and you see one set of links, andb/but if your mua/OE is configured to read plaintext only, you see a different set of links. SC deobfuscates both versions, 2 links per version, but fails to resolve any of them. My resolver resolves the html version links to the .kr 61.111.255.134 which is spamhaused and thus is unresponsive and not worth notifying. The plaintext version links don't resolve. There is nothing worth notifying lost by SC not resolving the html links -- except that nothing in the spam makes it to sc-surbl. If the parser were reconfigured with my 'do not resolve' recommendation, the links would have been provided to sc-surbl. SC's notifies for spamvertisers aren't valuable and largely disregarded by SC, but if the parser were reconfigured, the surbl databasing of the spamvertiser links would have been worthwhile. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Nov 6 14:13:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 6 17:15:04 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> Message-ID: <dklv6l$9bf$1@news.spamcop.net> Aviatrix wrote: > You are probably all going to tick me off for opening spam, but... > here we go: If you are going to talk about a spam you decided to read, you should post its tracker, not 'describe' it. > In the last few days I have been getting some VERY strange messages. > Always in plain text with no attachments, always with one of two > subject lines - "Unsubscribe" or "Help Pakistan Children", always > with the same content: "Hello (or sometime "good afternoon"), you are > very good, thank you." Sources have varied from British Telecom to > some server in China. > > What is the point? The whole spam is infinitely more valuable than a vague description of one. In the first place, a description isn't the actual item, but an 'imaginary' or hypothetical fuzzy allusion of something. In the second place, 'interpreting' an item doesn't start with the body, it starts with the headers. I never even look at any unsolicited item by starting with its body -- so when you start by 'describing' a body, you start from 'nowhere'. If you post the tracker, the first thing which will be examined is its headers. Only after the header examination is it worthwhile to even 'bother with' examining the body, and then the only body which is worth talking about is the *real* body, not a described imaginary hypothetical body. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Nov 6 17:15:03 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Nov 6 17:15:10 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> Message-ID: <dklv86$9bm$1@news.spamcop.net> "Aviatrix" wrote in message > You are probably all going to tick me off for opening spam, but... here > we go: > > In the last few days I have been getting some VERY strange messages. > Always in plain text with no attachments, always with one of two subject > lines - "Unsubscribe" or "Help Pakistan Children", always with the same > content: "Hello (or sometime "good afternoon"), you are very good, thank > you." Sources have varied from British Telecom to some server in China. > > What is the point? > 1). Look closely: They are proof of the feasibility of time travel? 2). Think spanked spammer: think it is a personal blessing for you to receive such kind words from one as may trespass against the privacy of your Inbox? 3). You have a grateful, but secretive, admirer? 4). Spamsender has OCD, working through a ritual handwashing with serious thought to some aggressive listwashing before getting another website nuked for spamvending? 5). Other, not mentionable? When was there ever a "point" to spamsending? Smile, <G> From nobody at devnull.spamcop.net Sun Nov 6 17:57:44 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Nov 6 18:00:11 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> Message-ID: <dkm1o7$b42$1@news.spamcop.net> "Mike Easter" wrote > Aviatrix wrote: > > You are probably all going to tick me off for opening spam, but... > > here we go: > > If you are going to talk about a spam you decided to read, you should > post its tracker, not 'describe' it. > > > In the last few days I have been getting some VERY strange messages. > > Always in plain text with no attachments, always with one of two > > subject lines - "Unsubscribe" or "Help Pakistan Children", always > > with the same content: "Hello (or sometime "good afternoon"), you are > > very good, thank you." Sources have varied from British Telecom to > > some server in China. > > > > What is the point? > > The whole spam is infinitely more valuable than a vague description of > one. In the first place, a description isn't the actual item, but an > 'imaginary' or hypothetical fuzzy allusion of something. In the second > place, 'interpreting' an item doesn't start with the body, it starts > with the headers. I never even look at any unsolicited item by starting > with its body -- so when you start by 'describing' a body, you start > from 'nowhere'. > > If you post the tracker, the first thing which will be examined is its > headers. Only after the header examination is it worthwhile to even > 'bother with' examining the body, and then the only body which is worth > talking about is the *real* body, not a described imaginary hypothetical > body. > Think in terms of "this does not feel spammy". The impersonal element weighs heavily toward spammishness. Although these "items" come with the usual fare of forged headers and abused open proxies, not one as yet has tripped into a spamtrap and is available in NANAS for discussion. They are not clearly abusive in any way. These come across as personal. Childish, like writing on the blackboard as a penance, but they all source from the same computer, apparently in Korea, and they don't appear to be the work of either bot or zombie. I am not calling them spam. They are /not/ UCE. And as best I can tell, /not/ UBE. And I am /not/ sure they are even SpamCop reportable. So, there may be no tracker to relate to, as even though they are abuse, I am not calling spam. If and when one pops up in a spamtrap, that could change. But these are more simply targeted and individually handcrafted and gift wrapped "gems". Not all are so blessed as to recieve such things. As it is rather less than clear that they qualify as "spam", I empathize with Aviatrix' hesitancy about discussing these here, but would entertain taking it up by email. <G> From devnull at spamcop.net Sun Nov 6 18:10:01 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Nov 6 18:15:06 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: <dkik3e$hit$1@news.spamcop.net> <dklfin$ttn$1@news.spamcop.net> Message-ID: <dkm2jk$cpc$1@news.spamcop.net> "geo_splash_12" | > On the main page, where it says "Unreported Spam Saved: Report Now", it | > REALLY needs to have a feature that shows HOW MANY unreported spam are | > actually saved. | > | > PLEASE add that :( | | You don't need this option, because, if you would check past reports you | get to see the ones that are not yet reported. Requires additional and unnecessary steps on the part of the reporter and more bandwidth to no advantage to either spam cop or the reporter. The requested features would improve the report's ability to report spam faster and reduce the amount of processing time and bandwidth required of the server. From not at home.today Sun Nov 6 23:35:25 2005 From: not at home.today (Ant) Date: Sun Nov 6 18:40:07 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> Message-ID: <dkm403$ef7$1@news.spamcop.net> "Mike Easter" wrote: > Aviatrix wrote: >> You are probably all going to tick me off for opening spam, but... >> here we go: > > If you are going to talk about a spam you decided to read, you should > post its tracker, not 'describe' it. Here's one of mine: http://www.spamcop.net/sc?id=z823813026zae1d3ace9430c2b5c9ed6983657097a6z >> What is the point? Looks like the doofus is testing his spamware. There's no payload. I've received several, but reported only two. One was from a comcast box listed in sorbs, and this was from xs4all (unlisted in any BL). "ISP has indicated spam will cease; ISP resolved this issue sometime after Sun, 6 Nov 2005 16:49:07 UTC" "Message is 0 hours old" <--[at the time I parsed it] ... "If reported today, reports would be sent to:" "Re: 213.84.50.88 (Administrator of IP block - statistics only)" I presume that although the parser gave a reporting address, but did not offer to send reports, the IP still counted towards the SCBL? From MikeE at ster.invalid Sun Nov 6 15:53:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 6 18:55:03 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm1o7$b42$1@news.spamcop.net> Message-ID: <dkm512$f6a$1@news.spamcop.net> Glenn Daniels wrote: > "Mike Easter" >> If you post the tracker, > And I am /not/ sure they are even SpamCop reportable. > > So, there may be no tracker to relate to, It isn't necessary to report an item to create a tracker for it. You parse the item, copy the tracker, cancel the report, and paste the tracker here. If mungeing prior to parsing is necessary, it should be described in accompaniment with the tracker or blatantly obvious in the viewing. -- Mike Easter kibitzer, not SC admin From spamcop-list-at-news.spamcop.net at musaic.net Mon Nov 7 00:57:54 2005 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Sun Nov 6 18:58:17 2005 Subject: [SpamCop-List] "You are very good, thank you!" In-Reply-To: <dklrsj$776$1@news.spamcop.net> References: <dklrsj$776$1@news.spamcop.net> Message-ID: <991652319.20051107005754@musaic.net> > In the last few days I have been getting some VERY strange messages. > Always in plain text with no attachments, always with one of two subject > lines - "Unsubscribe" or "Help Pakistan Children", always with the same > content: "Hello (or sometime "good afternoon"), you are very good, thank > you." Sources have varied from British Telecom to some server in China. > > What is the point? It could be a 419 variety - is someone mayne trying to place a bait? What happens if you reply (using a safe and unknown address)? Try hit'em with "Thank you very much for these encouraging words! Please enlighten me, what is this is all about?"? You might receive further attention from the scammer(s), like "Oh Thank God, by God's Grace I finally reached you!" and so-on-blah-blah-blah... -- St From not at home.today Mon Nov 7 00:16:15 2005 From: not at home.today (Ant) Date: Sun Nov 6 19:20:14 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm1o7$b42$1@news.spamcop.net> Message-ID: <dkm6cl$g6l$1@news.spamcop.net> "Glenn Daniels" wrote: > Think in terms of "this does not feel spammy". The impersonal > element weighs heavily toward spammishness. Although these > "items" come with the usual fare of forged headers and abused > open proxies, not one as yet has tripped into a spamtrap and > is available in NANAS for discussion. They are not clearly > abusive in any way. They most certainly are abusive; they are spam. > These come across as personal. Childish, like writing on the > blackboard as a penance, but they all source from the same > computer, apparently in Korea, and they don't appear to > be the work of either bot or zombie. I am not calling them > spam. They are /not/ UCE. And as best I can tell, /not/ UBE. > And I am /not/ sure they are even SpamCop reportable. I've received six since 2 Nov. I consider them UBE, and will report them if they fall within my reporting time window. From nobody at devnull.spamcop.net Sun Nov 6 19:28:21 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Nov 6 19:30:03 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm403$ef7$1@news.spamcop.net> Message-ID: <dkm725$ggb$1@news.spamcop.net> "Ant" wrote in message > "Mike Easter" wrote: ... > > Aviatrix wrote: ... > Here's one of mine: > http://www.spamcop.net/sc?id=z823813026zae1d3ace9430c2b5c9ed6983657097a6z > > >> What is the point? > My point is, unless time travel is possible, you can't be receiving such messages. -g From MikeE at ster.invalid Sun Nov 6 16:30:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 6 19:35:02 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm403$ef7$1@news.spamcop.net> Message-ID: <dkm76u$gno$1@news.spamcop.net> Ant wrote: > Here's one of mine: www.spamcop.net/sc?id=z823813026zae1d3ace9430c2b5c9ed6983657097a6z There are several in sightings like that. All they have in common is a very similar body,.a future early Dec Date line, and the fact that they arrive without a msgid, so the recipient server stamps it with a recipient-type mid. They come from user IPs, not servers, and about half the time the user IP is cbl listed for hitting spamtraps. One of the ones examined is spamcop listed and they tend to come from IPs in the ripe or Euro RIR. > I presume that although the parser gave a reporting address, but did > not offer to send reports, the IP still counted towards the SCBL? Something seems funky about that parser handling - it is one thing to not send a report for something which the provider doesn't want to hear about, but it would seem that the parser should provide you with a chance to report or cancel to determine whether or not the source 'non-report' should count toward the SCbl. If you don't approve a report, even tho' a report might not be sent because of the preference of the provider, an unapproved parsing result won't count toward the SCbl. That is, the appearance of the verbose on your tracker would imply that since the provider is claiming spam will cease, the report doesn't count. That isn't the way it is supposed to work. I think something is wrong. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Nov 6 19:30:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Nov 6 19:35:09 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: <dkik3e$hit$1@news.spamcop.net> <dklfin$ttn$1@news.spamcop.net> <dkm2jk$cpc$1@news.spamcop.net> Message-ID: <dkm77o$gns$1@news.spamcop.net> "Frog Prince" <devnull@spamcop.net> wrote in message news:dkm2jk$cpc$1@news.spamcop.net... : "geo_splash_12" : : | > On the main page, where it says "Unreported Spam Saved: Report Now", it : | > REALLY needs to have a feature that shows HOW MANY unreported spam are : | > actually saved. : | > : | > PLEASE add that :( : | : | You don't need this option, because, if you would check past reports you : | get to see the ones that are not yet reported. : : Requires additional and unnecessary steps on the part of the reporter and : more bandwidth to no advantage to either spam cop or the reporter. : : The requested features would improve the report's ability to report spam : faster and reduce the amount of processing time and bandwidth required of : the server. : : : Yeah, I'd vote for something similar too, OR to at least throw away the ones that have gotten too old to report anyway. Whenever I find I have unerported spam, it's always an oversight on my part somehow, and it's unreportable anyway because it's too old. I DO find the unreported spam handy sometimes because if I mailed a bunch of spam in and haven't gotten the notices back yet, if I happen to be on the site and they're processed, I can just take care of it all while I'm there. Then the notices don't go out, spam got reported, and bandwidth's saved. But if I hve to wade thru a bunch of "tool old", well, it defeats the use of it all. For me, anyway. Pop From 79ytka802 at sneakemail.com Mon Nov 7 00:35:59 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Nov 6 19:40:02 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" In-Reply-To: <dklv6l$9bf$1@news.spamcop.net> References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> Message-ID: <dkm7h9$gur$1@news.spamcop.net> Mike Easter wrote: > If you post the tracker, the first thing which will be examined is its > headers. Only after the header examination is it worthwhile to even > 'bother with' examining the body, and then the only body which is worth > talking about is the *real* body, not a described imaginary hypothetical > body. What do you mean by "imaginary hypothetical body"? As I already said it's plain ASCII, and I don't think there is any way you can "imagine" something that is there right in front of your eyes in plain ASCII! Seeing you asked...: http://www.spamcop.net/sc?id=z823917051z0761189a0a42cdb1943c93854b5c42e3z http://www.spamcop.net/sc?id=z823917054z14c0a78c37a8df909c95ff22b24ad03fz http://www.spamcop.net/sc?id=z823917491zbb14ad414a34f98adea0954c6986f6d8z From g.hyde at bigpond.net.au Mon Nov 7 10:34:29 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Nov 6 19:40:09 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv86$9bm$1@news.spamcop.net> Message-ID: <dkm7j9$gv4$1@news.spamcop.net> "Glenn Daniels" <nobody@devnull.spamcop.net> wrote in message news:dklv86$9bm$1@news.spamcop.net... You forgot: 0.1) Spammer is a clueless git! 0.2) Spammer is a clueless redneck git! (for those spammers who feel they don't fit into the above category) 0.3) Spammer is harvesting new email addresses to spam. 0.4) Spammer is trolling, and this UBE will continue. 0.5) Other, please [FITB] ... I could go on, but I'm sure there's lots of reasons we haven't come up with yet! :-P > 1). Look closely: They are proof of the feasibility of time travel? > 2). Think spanked spammer: think it is a personal blessing for > you to receive such kind words from one as may trespass > against the privacy of your Inbox? > 3). You have a grateful, but secretive, admirer? > 4). Spamsender has OCD, working through a ritual handwashing > with serious thought to some aggressive listwashing before getting > another website nuked for spamvending? > 5). Other, not mentionable? > > When was there ever a "point" to spamsending? When some [censored] spammer invented the idea. Unfortunately, like most ideas fuelled by the internet it gathered momentum and is still snowballing out of control to this day. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Sun Nov 6 17:04:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 6 20:05:03 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm7h9$gur$1@news.spamcop.net> Message-ID: <dkm97n$hsl$1@news.spamcop.net> Aviatrix wrote: > Mike Easter wrote: >> the only body which >> is worth talking about is the *real* body, not a described imaginary >> hypothetical body. > What do you mean by "imaginary hypothetical body"? I 'like to' [tend to] use those imaginary hypothetical words to exaggerate the 'non-existence' of some described 'alleged' item which hasn't been held forth 'in reality' yet with something like a tracker. As long as it has only been described instead of actually exhibited, it isn't actually 'real' yet - except in /your/ mind or cognizance. I hope to motivate the 'imaginer' who hasn't proven the existence yet, to post the tracker. www.spamcop.net/sc?id=z823917051z0761189a0a42cdb1943c93854b5c42e3z www.spamcop.net/sc?id=z823917054z14c0a78c37a8df909c95ff22b24ad03fz www.spamcop.net/sc?id=z823917491zbb14ad414a34f98adea0954c6986f6d8z Now, there're some real ones. All 3 of them fit the prototype described earlier. None of those sources are cbl, one is scbl. I would say that someone is 'exercising' their spamware and injection method. By using a small body, the trial run would go faster. My theory is that the actual body content is irrelevent. It just needs to be something, but not much. They are hitting spamtraps and are sufficiently numerous that about 5 have appeared in sightings already and recently, in addition to the ones being talked about here. -- Mike Easter kibitzer, not SC admin From not at home.today Mon Nov 7 02:50:15 2005 From: not at home.today (Ant) Date: Sun Nov 6 21:55:20 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklv6l$9bf$1@news.spamcop.net> <dkm403$ef7$1@news.spamcop.net> <dkm76u$gno$1@news.spamcop.net> Message-ID: <dkmfdc$mp0$1@news.spamcop.net> "Mike Easter" wrote: > There are several in sightings like that. All they have in common is a > very similar body,.a future early Dec Date line, I didn't notice the early date. > and the fact that they > arrive without a msgid, so the recipient server stamps it with a > recipient-type mid. They come from user IPs, not servers, and about > half the time the user IP is cbl listed for hitting spamtraps. One of > the ones examined is spamcop listed and they tend to come from IPs in > the ripe or Euro RIR. I have at least a couple of comcast (arin) ones. >> I presume that although the parser gave a reporting address, but did >> not offer to send reports, the IP still counted towards the SCBL? > > Something seems funky about that parser handling - it is one thing to > not send a report for something which the provider doesn't want to hear > about, but it would seem that the parser should provide you with a > chance to report or cancel to determine whether or not the source > 'non-report' should count toward the SCbl. Yes, the parser gave me no options to do anything (no checkboxes or buttons). My earlier comcast spam (also with a future date) did not have this problem. > If you don't approve a > report, even tho' a report might not be sent because of the preference > of the provider, an unapproved parsing result won't count toward the > SCbl. > > That is, the appearance of the verbose on your tracker would imply that > since the provider is claiming spam will cease, the report doesn't > count. > > That isn't the way it is supposed to work. I think something is wrong. Looks that way. I wondered if "statistics only" counted for a block, as stated here: "Re: 213.84.50.88 (Administrator of IP block - statistics only)" Presumably not, unless something has changed. From jg at coks.net Sun Nov 6 22:19:31 2005 From: jg at coks.net (jg) Date: Mon Nov 7 01:20:03 2005 Subject: [SpamCop-List] Re: One for dave null... In-Reply-To: <dkluts$92m$1@news.spamcop.net> References: <dkliqf$2mq$1@news.spamcop.net> <dkluts$92m$1@news.spamcop.net> Message-ID: <dkmri3$skt$1@news.spamcop.net> On 11/6/2005 2:09 PM Mike Easter scribbled: > jg wrote: > > http://www.spamcop.net/sc?id=z823833942z36f6fb52cd52ac148cbd0ae894bab641z > >>Is there anything odd about this spam ? > > > Did you examine the spambody? No, not beyond the source - I don't like to read spam... > >Aside the SC lack of >>obfuscation issue, is this a case of spammy dummy (redundant) or >>spammy trickery? > > > How do you mean? And there isn't a lack of deobfuscation in what I saw. > SC deobfuscated. My orig. link above will not resolve for me - don't know why, so I can't revisit this report at the moment But seems like I was trying to say, whats the point of multi fake spamverts (I misspoke the notify word)? > >>I speaking of the multi notifies... misspeaking... > > > There are 'multi-spamvertiser' links, none notified. > > There are two versions, the text/plain version part of the multipart, > and the text/html part of the multipart. So, if your mua/OE is > configured to render the html, it ignores the plaintext version and you > see one set of links, andb/but if your mua/OE is configured to read > plaintext only, you see a different set of links. er, hmmm..their point? > > SC deobfuscates both versions, 2 links per version, but fails to resolve > any of them. I take deobfuscate to mean derive a URL that is resolvable - how do you know you deobfuscated without a resolution? I will now put on my helmet in case my ignorance is showing... > > My resolver resolves the html version links to the .kr 61.111.255.134 > which is spamhaused and thus is unresponsive and not worth notifying. > The plaintext version links don't resolve. so 2 weren't fake - whatever > > There is nothing worth notifying lost by SC not resolving the html > links -- except that nothing in the spam makes it to sc-surbl. > Well, I knew /something/ was odd - SC goes to dev null and I go to the FTC - similiar piles? I've been getting virtually the same spam daily for about 2 weeks now, with the same spamverts from sources bouncing all around the far east with an occasional stop in so. america and dada (?). Kornet is a pretty common thread, and I suddenly got 5-6 Paypals in 2 days (normal Paypal flow is 1 a month or so}... > If the parser were reconfigured with my 'do not resolve' recommendation, > the links would have been provided to sc-surbl. SC's notifies for > spamvertisers aren't valuable and largely disregarded by SC, but if the > parser were reconfigured, the surbl databasing of the spamvertiser links > would have been worthwhile. > Any reason SC wouldn't do this? From MikeE at ster.invalid Mon Nov 7 05:07:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 08:10:23 2005 Subject: [SpamCop-List] Re: One for dave null... References: <dkliqf$2mq$1@news.spamcop.net> <dkluts$92m$1@news.spamcop.net> <dkmri3$skt$1@news.spamcop.net> Message-ID: <dknjhq$ctk$1@news.spamcop.net> jg wrote: > Mike Easter scribbled: >> Did you examine the spambody? > > No, not beyond the source - I don't like to read spam... Yabbut, if you are going to 'discuss it' here -- you will need to prepare for the discussion somehow. The source examination would be adequate if you can interpret that exam 'as if' you had opened the spam in more than one configuration, ie render vs not render the html. > But seems like I was trying to say, whats the point of multi fake > spamverts (I misspoke the notify word)? I don't like to spend /too/ much time imagining why spammers do or 'think' what they do. Perhaps to mislead the antispammer with the revoked domain links in the plaintext. The links were named rvoked.strongbeauty.net. The domainname was reg'd Oct 29, changed Nov 5 and is currently revoked. >> There are two versions, the text/plain version part of the multipart, >> and the text/html part of the multipart. So, if your mua/OE is >> configured to render the html, it ignores the plaintext version and >> you see one set of links, andb/but if your mua/OE is configured to >> read plaintext only, you see a different set of links. > > er, hmmm..their point? See above. >> SC deobfuscates both versions, 2 links per version, but fails to >> resolve any of them. > > I take deobfuscate to mean derive a URL that is resolvable - how do > you know you deobfuscated without a resolution? The steps to resolving-notifying are: - find the links - deobfuscate the links - resolve the links - derive the notify for the IP resolved Typically SC finds & deobfuscates. What happens after that varies. >> If the parser were reconfigured with my 'do not resolve' >> recommendation, the links would have been provided to sc-surbl. >> SC's notifies for spamvertisers aren't valuable and largely >> disregarded by SC, but if the parser were reconfigured, the surbl >> databasing of the spamvertiser links would have been worthwhile. >> > > Any reason SC wouldn't do this? I can't think of any beyond the first step of the trouble of code writing, which trouble could possibly be insurmountable. However, it seems to me that the advantages are so large, that it would be worth the trouble to consider. To reiterate from my post news:dkluts$92m$1@news.spamcop.net Parser configuration option proposal Mike Easter wrote: > o SC's resources would be conserved, which is apparently needed > sometimes > o SC reporter spam would not be 'handled' or seen by blackhat > spamvertiser providers and their cohorts > o Many many more spamvertisers would be provided to the statistic > page for sc-surbl scraping > o Many more sc-surbl blocklist users would benefit from the SC > reports The spamvertised links on the stats page show the notified and the link, they don't show the resolved IP. It is my presumption that the sc-surbl processing handles the resolving or nonresolving issue, which most assuredly must be very dynamic in the case of spam. The surbl blocklist users would include SC mail clients if SC's implementation of SA includes the surbl plugin. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Nov 7 09:52:47 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Nov 7 10:20:02 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <dklrsj$776$1@news.spamcop.net> <dklu2d$89n$1@news.spamcop.net> <dkludg$8f4$1@news.spamcop.net> <dkluhc$8pp$1@news.spamcop.net> Message-ID: <436F6A3F.462FCB83@spamcop.net> "Ron B." wrote: > > Aviatrix wrote: > > > > > > Ron B. wrote: > > > >> Any URL's to click? > > > > > > Nope. Nothing at all. Just a plain text message. > > > > A. > > Bizzare! Without complete source, including full headers, we can only guess. It could be an attempt to verify addresses via return-receipt. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: <mailto:ThisIsASpamTrap@gmail.com> From kenbrody at spamcop.net Mon Nov 7 09:56:46 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Nov 7 10:20:09 2005 Subject: [SpamCop-List] Which comes first: SpamAssassin or Blacklist? Message-ID: <436F6B2E.B4B4F020@spamcop.net> Which filter comes first: SpamAssassin or Blacklist? I didn't have a chance to report any spam from my held mail folder this weekend, and this morning I see that almost all of the (1700+) spams there are marked as blocked due to SpamAssassin, rather than blocked by a blacklist. Is this because SpamAssassin's filters come before blacklists, or is it because hundreds of spams made it past all of my active blacklists? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: <mailto:ThisIsASpamTrap@gmail.com> From jg at coks.net Mon Nov 7 07:58:41 2005 From: jg at coks.net (jg) Date: Mon Nov 7 11:00:02 2005 Subject: [SpamCop-List] Re: One for dave null... In-Reply-To: <dknjhq$ctk$1@news.spamcop.net> References: <dkliqf$2mq$1@news.spamcop.net> <dkluts$92m$1@news.spamcop.net> <dkmri3$skt$1@news.spamcop.net> <dknjhq$ctk$1@news.spamcop.net> Message-ID: <dkntg1$idc$1@news.spamcop.net> On 11/7/2005 5:07 AM Mike Easter scribbled: > > Typically SC finds & deobfuscates. What happens after that varies. > > One more time, if you would - how does one know one has deobfuscated if there is no resolve? Doesn't every link have to be somewhere? From spam_hjp at yahoo.com Mon Nov 7 12:10:46 2005 From: spam_hjp at yahoo.com (Jim) Date: Mon Nov 7 12:15:03 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? In-Reply-To: <436F6B2E.B4B4F020@spamcop.net> References: <436F6B2E.B4B4F020@spamcop.net> Message-ID: <dko1qs$l6r$1@news.spamcop.net> Kenneth Brody wrote: > Which filter comes first: SpamAssassin or Blacklist? > > A good question. I have also noticed almost all my spam is caught by SpamAssassin whereas before it was SCBL. Has there been a changed or has SC changed rules again before listing. From pxpearson at spamxcop.net Mon Nov 7 09:18:56 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Mon Nov 7 12:20:03 2005 Subject: [SpamCop-List] News: Australian government fights zombies Message-ID: <dko29s$lc8$1@news.spamcop.net> The Australian Communications and Media Authority has launched a program to track down and clean up zombies: http://www.acma.gov.au/ACMAINTER.65674:STANDARD:686928489:pc=PC_100266 I wonder whether they'll let Spamcop help. -- Remove the two x's to get a good email address. From MikeE at ster.invalid Mon Nov 7 09:52:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 12:55:03 2005 Subject: [SpamCop-List] Re: One for dave null... References: <dkliqf$2mq$1@news.spamcop.net> <dkluts$92m$1@news.spamcop.net> <dkmri3$skt$1@news.spamcop.net> <dknjhq$ctk$1@news.spamcop.net> <dkntg1$idc$1@news.spamcop.net> Message-ID: <dko48d$mqp$1@news.spamcop.net> jg wrote: > Mike Easter scribbled: > >> >> Typically SC finds & deobfuscates. What happens after that varies. >> >> > One more time, if you would - how does one know one has deobfuscated > if there is no resolve? Deobfuscation consists of unescaping or performing other 'decodings' of an obfuscated url so that it becomes satisfactory to be submitted to a resolver. > Doesn't every link have to be somewhere? I don't know how you mean. If a link doesn't resolve to an IP, it is 'nowhere' ie doesn't exist accessibly. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Nov 7 19:01:13 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Nov 7 13:05:02 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> Message-ID: <slrndmv5j9.7m9.nobody@127.0.0.1> On Mon, 07 Nov 2005 09:56:46 -0500, Kenneth Brody coughed into spamcop and left this in <436F6B2E.B4B4F020@spamcop.net>: > Which filter comes first: SpamAssassin or Blacklist? That depends on your server's setup, but most of the time it's blocklists that are hit first. If the inbound mail isn't rejected because it's coming from a blocklisted IP address, the MTA allows the remote server to send the DATA. That DATA can be passed through the SA milter and possibly rejected before the exchange is terminated, or it can be stuffed through SA by the local delivery agent. -- Steve Television -- a medium. So called because it is neither rare nor well done. -- Ernie Kovacs From remaker at cisco.com Mon Nov 7 10:04:53 2005 From: remaker at cisco.com (Phillip Remaker) Date: Mon Nov 7 13:05:10 2005 Subject: [SpamCop-List] Third Party Message-ID: <dko505$nan$1@news.spamcop.net> On my account ("remaker") spam reports have recently set " Forwarded Spam (User defined recipient) " to be checked by default. Nothing I do in preferences changes this fact. I've erased and re-added Public standard report recipients I've set and unset the 3rd party report default radio buttons By they still remian checked for every spam. I either have to manually uncheack them for each spam or remove 3rd part reporting. If it matters, my 3rd party report recipients are 419.fcd@usss.treas.gov, reportphishing@antiphishing.org, webcomplaints@ora.fda.gov,uce@ftc.gov And yes, I know uce@ftc.gov does not read spamcop reports. From MikeE at ster.invalid Mon Nov 7 12:44:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 15:45:02 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> Message-ID: <dkoeau$s16$1@news.spamcop.net> Kenneth Brody wrote: > Which filter comes first: SpamAssassin or Blacklist? I was reading in the forums the other day and the word was that SA comes first and someone thinks that is more efficient, but I don't get it. It would seem that blocklists on the header would be much more efficient than anything which required digestion of the body or DATA part of the mail. It also seems that if you did blocklists first and the spam was tagged, that you wouldn't even have to do the SA scoring. But, if you configure your server so that you are going to 'do it all' - blocklists and SA - before you are 'done', then I guess the order wouldn't help the efficiency one way or the other. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Nov 7 16:46:10 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Nov 7 17:50:03 2005 Subject: [SpamCop-List] Re: Third Party References: <dko505$nan$1@news.spamcop.net> Message-ID: <dkolfi$fr$1@news.spamcop.net> "Phillip Remaker" <remaker@cisco.com> wrote in message news:dko505$nan$1@news.spamcop.net... > On my account ("remaker") spam reports have recently set " Forwarded Spam > (User defined recipient) " to be checked by default. > > Nothing I do in preferences changes this fact. > > I've erased and re-added Public standard report recipients > > I've set and unset the 3rd party report default radio buttons > > By they still remian checked for every spam. I either have to manually > uncheack them for each spam or remove 3rd part reporting. Pinned: Reporting defaults have changed http://forum.spamcop.net/forums/index.php?showtopic=5277 Problem with user reports, programmed user-reports default to "ON" http://forum.spamcop.net/forums/index.php?showtopic=5280 From MikeE at ster.invalid Mon Nov 7 15:47:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 18:50:04 2005 Subject: [SpamCop-List] Re: Third Party References: <dko505$nan$1@news.spamcop.net> <dkolfi$fr$1@news.spamcop.net> Message-ID: <dkop29$2cn$1@news.spamcop.net> WazoO wrote: > "Phillip Remaker" >> Nothing I do in preferences changes this fact. >> >> I've erased and re-added Public standard report recipients >> >> I've set and unset the 3rd party report default radio buttons >> >> By they still remian checked for every spam. I either have to >> manually uncheack them for each spam or remove 3rd part reporting. > > Pinned: Reporting defaults have changed > http://forum.spamcop.net/forums/index.php?showtopic=5277 > Problem with user reports, programmed user-reports default to "ON" > http://forum.spamcop.net/forums/index.php?showtopic=5280 The 2nd link points to the first and the first link has several different issues in it which lead to confusion. I think it would be better to not muddle this topic's confusion with the forum topic's confusion, altho' they are related. Temporarily disregarding what is being discussed in 5277 above, Phillip's problem described here is an inability to configure the checks for additional notifies, not 3rd party as the subject sez and his Preferences efforts say. For free users, the preference is limited to 3rd party notifies, which are different from additonal or user defined notifies. That is, altho' Phillip chose to name this Subject Third Party, he is actually talking about pay subscriber additional notifies or rather 'User Defined Recipient' . To isolate a Jeff G item about that, we can look at http://forum.spamcop.net/forums/index.php?showtopic=5152 -- because Jeff is perfectly clear on the difference between Third Party Reports and User Defined Recipients. <JG> I hereby suggest a User Defined Recipient Report Default section near the 3rd party report default section of the Reporting preferences AKA Report Handling Options page. </JG> -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Nov 8 00:17:45 2005 From: nobody at devnull.spamcop.net (Gaetor) Date: Mon Nov 7 19:20:03 2005 Subject: [SpamCop-List] Spam pretending to be from my own email address Message-ID: <dkoqqv$3du$1@news.spamcop.net> I have recently started to receive this ... it takes the annoyance factor to a whole new level! I know most issues, blocking, etc work on IP addresses and email addresses are considered irrelevant, but can anyone advise on whether reporting this will in some/any way backfire as my address appears as the 'from' in the header? From MikeE at ster.invalid Mon Nov 7 16:40:28 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 19:45:04 2005 Subject: [SpamCop-List] Re: Spam pretending to be from my own email address References: <dkoqqv$3du$1@news.spamcop.net> Message-ID: <dkos5n$41a$1@news.spamcop.net> Gaetor wrote: > can > anyone advise on whether reporting this will in some/any way backfire > as my address appears as the 'from' in the header? No backfire adverse effect of reporting. Except.... But.... And.... Spams with your address in the From are annoying and have some very minor 'side effects'. Those which go to some other people who use some very foolish and ineffective antispam rules might cause those foolish frustrated spam recipients to use their 'Blocik sender' function against their spam. Then your address becomes blocked by those recipients. If there should be or become a concurrence of such foolish blocksenders and someone you would be emailing, your mail could be blocked by them. That is so unlikely a combination of events as to not be worth talking about. No one should be using the From of spam to be making any kinds of rules or lists, because spam Froms are derived from the same kinds of places as spam To/s. The 'but' is; SC reports standard munge all kinds of occurrences of addresses in the headers. However, that standard mungeing doesn't include the From address. The SC notifies are sent to providers for source and spamvertisers. Some people concern themselves about what kind of information contained within a spam is sent to those who might be 'in cahoots' with the spammer - so they don't like to see their address going that way. SC's faq rules on material changes only describe the additional mungeing of your name in the body, not the header. It doesn't work to try to get approval for breaking a faq rule in this forum, so you are left to either submit the spam as is unmunged, break the rule and munge your address on the basis of a different part of the faq rule which defines when and how the body mungeing might [and might not] be done, eg for those providers who don't accept munged spam, or not submit the spam at all if you are concerned about the address appearing in the hands of certain providers. -- Mike Easter kibitzer, not SC admin From ben.de+SCnews at spamcop.net Mon Nov 7 16:51:25 2005 From: ben.de+SCnews at spamcop.net (Ben) Date: Mon Nov 7 19:55:02 2005 Subject: [SpamCop-List] Re: [media] political candidates online In-Reply-To: <djmlga$fn4$1@news.spamcop.net> References: <djmlga$fn4$1@news.spamcop.net> Message-ID: <dkosqd$4b2$1@news.spamcop.net> caroljean52 wrote: > From an article in yesterday's Seattle Times > http://seattletimes.nwsource.com/html/businesstechnology/2002579531_paul24.html An unsolicited email from a politician shall result in a vote for the opposition, or a write-in for none. From me at privacy.net Tue Nov 8 01:21:00 2005 From: me at privacy.net (Michael R N Dolbear) Date: Mon Nov 7 20:25:04 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <dkoeau$s16$1@news.spamcop.net> Message-ID: <01c5e400$ac5c7300$LocalHost@default> Mike Easter <MikeE@ster.invalid> wrote [...] > It would seem that blocklists on the header would be much more efficient > than anything which required digestion of the body or DATA part of the > mail. It also seems that if you did blocklists first and the spam was > tagged, that you wouldn't even have to do the SA scoring. > > But, if you configure your server so that you are going to 'do it all' - > blocklists and SA - before you are 'done', then I guess the order > wouldn't help the efficiency one way or the other. "It all depends what you mean by efficiency" eg a blocklist lookup can be quite slow. Spamcop mail was set up to (a) always calculate the SA score and (b) set up SA so SA didn't use any blocklists itself. Thus SA uses only cpu and that can be improved by installing a faster server whereas little can be done about how fast a BL lookup responds (though local copies of some BLs have been suggested). If Spamcop mail now checks SA then checks the specified BLs until it gets a hit then this speeds up things compared with the previous "check SA last" setup. -- Mike D From MikeE at ster.invalid Mon Nov 7 17:38:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 20:40:03 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <dkoeau$s16$1@news.spamcop.net> <01c5e400$ac5c7300$LocalHost@default> Message-ID: <dkovhl$62e$1@news.spamcop.net> Michael R N Dolbear wrote: > Mike Easter >> But, if you configure your server so that you are going to 'do it >> all' - blocklists and SA - before you are 'done', then I guess the >> order wouldn't help the efficiency one way or the other. > > "It all depends what you mean by efficiency" eg a blocklist lookup can > be quite slow. Yes, I can imagine that, but actually, it shouldn't be. In terms of what is happening, a dnsbl lookup should be extremely efficient; that is the reason that dnsbl/s became so popular. Of course, what is in theory and what is in reality are two different things. > Spamcop mail was set up to (a) always calculate the SA score and (b) > set up SA so SA didn't use any blocklists itself. Once could debate the 'purpose' or gain or 'meaning' of (a). One could also have a big debate about the 'purpose' of the SC spamfilter/tagger. One side of the debate might choose to argue that the purpose should 'simply' be the tagging of an item as meeting the definition of 'to be tagged' by the configuration of the user. If an item 'only' needed to be tagged if it met the definition and the definition was saying 'if an item is listed in the SCbl it shall be tagged' - then there would be no purpose in doing a SA score and there would be no purpose in performing some pokey slow accessing other dnsbl. The item is tagged on the basis of the scbl and the job is over. > Thus SA uses only > cpu and that can be improved by installing a faster server whereas > little can be done about how fast a BL lookup responds (though local > copies of some BLs have been suggested). That was a mighty 'quick' consideration of local caching of some bl/s. It would be my assumption that the entire dnsbl business would be hugely variable, with some results instantaneous and some results waiting for the dnsbl server to get around to answering, much less giving a result. > If Spamcop mail now checks SA then checks the specified BLs until it > gets a hit then this speeds up things compared with the previous > "check SA last" setup. I understand what you are saying about 'multitasking' efficiencies -- but if you really want efficiency, one could structure the sequence and the 'requirements' accordingly. Why does everything need a SA score? OK. Let's say that an SA score comes 'cheap' in terms of resources, altho' I rather doubt that is very true. I would imagine that a SA score is demanding of resources. It might not take very long, but it is using resources like mad while it is being processed. The fast dnsbl/s should come first. The slow dnsbl/s should be cached. The SA score can run concurrently and maybe aborted if something else is positive before it is started or completed. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Nov 7 20:38:35 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Nov 7 20:45:02 2005 Subject: [SpamCop-List] Re: Third Party References: <dko505$nan$1@news.spamcop.net> Message-ID: <dkovop$6bf$1@news.spamcop.net> "Phillip Remaker" <remaker@cisco.com> wrote in message news:dko505$nan$1@news.spamcop.net... > And yes, I know uce@ftc.gov does not read spamcop reports. Please make that spam@uce.gov. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Mon Nov 7 20:41:43 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Nov 7 20:45:10 2005 Subject: [SpamCop-List] Re: Third Party References: <dko505$nan$1@news.spamcop.net> <dkolfi$fr$1@news.spamcop.net> <dkop29$2cn$1@news.spamcop.net> Message-ID: <dkovop$6bf$2@news.spamcop.net> "Mike Easter" <MikeE@ster.invalid> wrote in message news:dkop29$2cn$1@news.spamcop.net... > To isolate a Jeff G item about that, we can look at > http://forum.spamcop.net/forums/index.php?showtopic=5152 -- because > Jeff is perfectly clear on the difference between Third Party Reports > and User Defined Recipients. > > <JG> I hereby suggest a User Defined Recipient Report Default section > near the 3rd party report default section of the Reporting preferences > AKA Report Handling Options page. </JG> Thanks, Mike. It is worth mentioning that the global User Defined Recipient Report Default changed from "Unchecked" to "Checked" with the last code implementation, that a bug fix has been submitted for it, and that lots of us are anxiously awaiting the implementation of that bug fix. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From mwnospam at comcast.net Mon Nov 7 20:52:53 2005 From: mwnospam at comcast.net (spamacyde) Date: Mon Nov 7 20:55:03 2005 Subject: [SpamCop-List] Could Spamcop Provide Phone Numbers in the Techinical Details? Message-ID: <dkp0dk$6po$1@news.spamcop.net> It would be nice if Spamcop provided phone number of the offending ISP's abuse departments in the technical details. They should first try to provide toll free numbers. Then non-toll free numbers. Then general numbers not necessarily associated with the abuse department. I know how to get these from Arin, when they are available. Spamcop would just be saving me some extra work. Thanks in advance, Spamcop. From MikeE at ster.invalid Mon Nov 7 18:08:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Nov 7 21:10:03 2005 Subject: [SpamCop-List] Re: Could Spamcop Provide Phone Numbers in the Techinical Details? References: <dkp0dk$6po$1@news.spamcop.net> Message-ID: <dkp1bn$77u$1@news.spamcop.net> spamacyde wrote: > It would be nice if Spamcop provided phone number of the offending > ISP's abuse departments in the technical details. Why do you say that? SC id/s the source provider's IP. That IP is examined in the regional registrar's db for a contact email address. In that sequence, there are 2 target functions. To contribute the source IP to the SCbl and to notify by email some appropriate contact that there has been a SC reporter report. The business of creating an appropriate telno contact db corresponding to IPs doesn't even seem to me like a good idea. My own connectivity, email, and newsgroup provider doesn't even provide me with a useful telno to correspond. Telephone correspondence is hugely resource intensive, even if human contact isn't part of the configuration. > They should first > try to provide toll free numbers. Then non-toll free numbers. Then > general numbers not necessarily associated with the abuse department. I disagree. > I know how to get these from Arin, when they are available. Spamcop > would just be saving me some extra work. I would hope that you would use good judgment about calling telno/s that are found in the admin and tech contact listings in the RIR whois. Spamsources are most often proxified users. Spamvertisers are most often somewhere not accessible by tel. Name a specific spam example with a tracker and what telno you would call and what would be the purpose of your conversation. That way we can have a discussion about something specific, not something fuzzy. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Nov 7 21:50:08 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Nov 7 22:05:09 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <slrndmv5j9.7m9.nobody@127.0.0.1> Message-ID: <43701260.7CC83DE@spamcop.net> Steven Maesslein wrote: > > On Mon, 07 Nov 2005 09:56:46 -0500, Kenneth Brody coughed into spamcop > and left this in <436F6B2E.B4B4F020@spamcop.net>: > > > Which filter comes first: SpamAssassin or Blacklist? > > That depends on your server's setup, Well, "my server" is SpamCop in this case. > but most of the time it's > blocklists that are hit first. If the inbound mail isn't rejected > because it's coming from a blocklisted IP address, the MTA allows the > remote server to send the DATA. That DATA can be passed through the SA > milter and possibly rejected before the exchange is terminated, or it > can be stuffed through SA by the local delivery agent. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: <mailto:ThisIsASpamTrap@gmail.com> From remaker at suespammers.org Tue Nov 8 00:05:37 2005 From: remaker at suespammers.org (Phillip Remaker) Date: Tue Nov 8 03:10:31 2005 Subject: [SpamCop-List] Re: Third Party References: <dko505$nan$1@news.spamcop.net> <dkolfi$fr$1@news.spamcop.net> <dkop29$2cn$1@news.spamcop.net> <dkovop$6bf$2@news.spamcop.net> Message-ID: <dkpm8b$l5j$1@news.spamcop.net> > Thanks, Mike. It is worth mentioning that the global User Defined > Recipient Report Default changed from "Unchecked" to "Checked" with the > last code implementation, Ahhhh!! THAT is the problem. > that a bug fix has been submitted for it, and > that lots of us are anxiously awaiting the implementation of that bug > fix. OK, good news. Another option I would like if any development is continuing: Instead of taking me to a page that shows a "report now" link as the default, always take me to the next report in queue. AS it is my process is Log in start Click report now <wait> Click Sumbit <wait> repeat. I would like it if each time I clicked SUBMIT, to showed me a confirmation FOLLOWED BY my next report to be submitted. This would cut out one wait in my cycle. AS it is, I bracth forward 10-12 spams at a time and then step through them. I never use the paste-in method.... From nobody at nowhere.invalid Tue Nov 8 11:00:46 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Nov 8 05:06:00 2005 Subject: [SpamCop-List] Re: Spam pretending to be from my own email address References: <dkoqqv$3du$1@news.spamcop.net> Message-ID: <slrndn0tqe.42s.nobody@127.0.0.1> On Tue, 08 Nov 2005 00:17:45 +0000, Gaetor coughed into spamcop and left this in <dkoqqv$3du$1@news.spamcop.net>: > I have recently started to receive this ... it takes the annoyance > factor to a whole new level! I know most issues, blocking, etc work on > IP addresses and email addresses are considered irrelevant, but can > anyone advise on whether reporting this will in some/any way backfire as > my address appears as the 'from' in the header? It's been going on for years. In fact I'm surprised there's someone out there who has only just seen it. No sane admin takes a blind bit of notice of the "From:" address of spam. Just think that other people out there have been receiving spam with your address in the "From:" header for as long as you've been receiving spam at that address (if spammers have the address they'll use it anywhere in their spam), and nothing untoward has happened to you because of it. LART away, don't worry about it. -- Steve Don't be irreplaceable. If you can't be replaced, you can't be promoted. From nobody at nowhere.invalid Tue Nov 8 11:05:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Nov 8 05:10:19 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <slrndmv5j9.7m9.nobody@127.0.0.1> <43701260.7CC83DE@spamcop.net> Message-ID: <slrndn0u2n.42s.nobody@127.0.0.1> On Mon, 07 Nov 2005 21:50:08 -0500, Kenneth Brody coughed into spamcop and left this in <43701260.7CC83DE@spamcop.net>: >> > Which filter comes first: SpamAssassin or Blacklist? >> >> That depends on your server's setup, > > Well, "my server" is SpamCop in this case. I think you'll find that it's still IP-based filtering that occurs before content filtering. I say that because I sometimes see identical spams in my "Held Mail" folder, one of which was diverted because it came from a spammy IP, and the other because of a high SA score. If SA was invoked first then both spams would be blocked because of a high SA score and the IP-based tests wouldn't occur. It also makes sense to do the IP-based parsing first because it's bound to be less resource-hungry than SA. -- Steve "Politics is supposed to be the second oldest profession. I have come to realize that it bears a very close resemblance to the first." From spam_hjp at yahoo.com Tue Nov 8 05:36:24 2005 From: spam_hjp at yahoo.com (Jim) Date: Tue Nov 8 05:40:13 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? In-Reply-To: <43701260.7CC83DE@spamcop.net> References: <436F6B2E.B4B4F020@spamcop.net> <slrndmv5j9.7m9.nobody@127.0.0.1> <43701260.7CC83DE@spamcop.net> Message-ID: <dkpv3e$pfj$1@news.spamcop.net> > >> >>> Which filter comes first: SpamAssassin or Blacklist? >> That depends on your server's setup, > > Well, "my server" is SpamCop in this case. > Same here for server. I am a paid subscriber and I fetch my held Spam and it appears to be a switch between SA and SC on how the Spam is tagged. > From bar_n0ne at hotmail.com Tue Nov 8 14:46:48 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Nov 8 05:50:02 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <slrndmv5j9.7m9.nobody@127.0.0.1> <43701260.7CC83DE@spamcop.net> <dkpv3e$pfj$1@news.spamcop.net> Message-ID: <dkpvms$prf$1@news.spamcop.net> "Jim" <spam_hjp@yahoo.com> wrote in message news:dkpv3e$pfj$1@news.spamcop.net... > > > > >> > >>> Which filter comes first: SpamAssassin or Blacklist? > >> That depends on your server's setup, > > > > Well, "my server" is SpamCop in this case. > > > Same here for server. I am a paid subscriber and I fetch my held Spam and it appears to be a > switch between SA and SC on how the Spam is tagged. > > Shouldn't this be asked in .mail? or the appropriate forum for mail users? Mostly what you will find here is speculation by non SC mail-account holders. This is also off topic here. f'ups to .mail From anthony.edwards at uk.easynet.net Tue Nov 8 13:27:41 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Tue Nov 8 08:30:10 2005 Subject: [SpamCop-List] Re: Could Spamcop Provide Phone Numbers in the Techinical Details? References: <dkp0dk$6po$1@news.spamcop.net> Message-ID: <dkq94c$dn$1@news.spamcop.net> On Mon, 7 Nov 2005 20:52:53 -0500, spamacyde <mwnospam@comcast.net> wrote: > It would be nice if Spamcop provided phone number of the offending ISP's > abuse departments in the technical details. They should first try to > provide toll free numbers. Then non-toll free numbers. Then general > numbers not necessarily associated with the abuse department. You would generally find that even white hat ISPs would simply request, in the event that you did make contact by telephone with a member of the abuse team in respect of an Unsolicited Bulk Email related issue, that you put your complaint in writing by email to the abuse mailbox. That would certainly be the response in the event that you called here. -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From mwnospam at comcast.net Tue Nov 8 09:48:13 2005 From: mwnospam at comcast.net (spamacyde) Date: Tue Nov 8 09:50:10 2005 Subject: [SpamCop-List] Spam from Spamcop? Message-ID: <dkqdrb$2vr$1@news.spamcop.net> The ISP that this spam was reported to seems to be Spamcop. Please explain: http://www.spamcop.net/sc?id=z824494507zd419170266e274df02dcf91a34d68c57z From nobody at devnull.spamcop.net Tue Nov 8 09:55:08 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Nov 8 09:55:02 2005 Subject: [SpamCop-List] Re: Spam from Spamcop? References: <dkqdrb$2vr$1@news.spamcop.net> Message-ID: <dkqe7r$39m$1@news.spamcop.net> "spamacyde" wrote in message > The ISP that this spam was reported to seems to be Spamcop. Please explain: > > http://www.spamcop.net/sc?id=z824494507zd419170266e274df02dcf91a34d68c57z > > The addy spamcop/at/adelphia.net happens to be the working name for their abuse desk. Notifies to abuse/at/adelphia.net are redirected there anyway, so it saves a step to notify the "working" abuse desk directly. -glenn From nobody at spamcop.net Tue Nov 8 11:27:52 2005 From: nobody at spamcop.net (Ellen) Date: Tue Nov 8 12:15:03 2005 Subject: [SpamCop-List] Re: Spam from Spamcop? References: <dkqdrb$2vr$1@news.spamcop.net> Message-ID: <dkqm62$9bl$1@news.spamcop.net> "spamacyde" <mwnospam@comcast.net> wrote in message news:dkqdrb$2vr$1@news.spamcop.net... > The ISP that this spam was reported to seems to be Spamcop. Please explain: > > http://www.spamcop.net/sc?id=z824494507zd419170266e274df02dcf91a34d68c57z > > They asked that the reports we send them be sent to the special address: spamcop@adelphia.net so we made a change in the system to do that. There are other ISPs who have made similar requests. Ellen SpamCop From nicholasjhiggins at btinternet.com Tue Nov 8 18:42:12 2005 From: nicholasjhiggins at btinternet.com (Nicholas Higgins) Date: Tue Nov 8 13:40:03 2005 Subject: [SpamCop-List] Spoofed email address Message-ID: <dkqran$em8$1@news.spamcop.net> Hi I might sound really 'thick' but I have no idea how the spam reporting works so please excuse my ignorance! My domain host has advised me that it looks as though my domain name has been spoofed as I am receiving emails from 'me' to 'me' - i.e. someone is using an email address that doesn't actually exist in my business, but email is appearing in my inbox that is marketing spam from another company although it looks like it's from me sent to me. (Hope that makes sense!). Anyhow, I have received mail twice with two different email addresses, both of which I've reported to spamcop, but I'm wondering what happens next? I'm also really concerned that my domain is being abused in this way and wonder whether this person or organisation is able to send others email that look like they're coming from me? What if, in future, I want to create an email address that does actually contain the addresses they're using e.g. a support@ or admin@ address - will their abuse affect me being able to do this. Sorry if I seem a bit 'green' - it's because I am - I'm a business owner with a website, not an internet specialist! Any help much appreciated Heidi Sinclair From baloo at ursine.ca Tue Nov 8 11:35:28 2005 From: baloo at ursine.ca (baloo@ursine.ca) Date: Tue Nov 8 15:10:03 2005 Subject: [SpamCop-List] Re: Spoofed email address References: <dkqran$em8$1@news.spamcop.net> Message-ID: <09b743-plh.ln1@ursine.ca> Nicholas Higgins <nicholasjhiggins@btinternet.com> wrote: > My domain host has advised me that it looks as though my domain name has > been spoofed as I am receiving emails from 'me' to 'me' - i.e. someone is > using an email address that doesn't actually exist in my business, but email > is appearing in my inbox that is marketing spam from another company > although it looks like it's from me sent to me. (Hope that makes sense!). Yup, email has minimal protection against From: header forgery. About the only thing on the block for this right now is SPF. More information about how to implement this for your domain is at http://spf.pobox.com/ > Anyhow, I have received mail twice with two different email addresses, both > of which I've reported to spamcop, but I'm wondering what happens next? I'm > also really concerned that my domain is being abused in this way and wonder > whether this person or organisation is able to send others email that look > like they're coming from me? Yes. Legal and ethical considerations aside, anybody can claim to be anybody else in email fairly trivially. > What if, in future, I want to create an email address that does > actually contain the addresses they're using e.g. a support@ or > admin@ address - will their abuse affect me being able to do > this. No. From MikeE at ster.invalid Tue Nov 8 12:10:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Nov 8 15:15:03 2005 Subject: [SpamCop-List] Re: Spoofed email address References: <dkqran$em8$1@news.spamcop.net> Message-ID: <dkr0o6$jsh$1@news.spamcop.net> Putting a near bottomline up at the top. Nicholas Higgins [or Heidi Sinclair] wrote: > What if, in future, I want to create an email address > that does actually contain the addresses they're using e.g. a > support@ or admin@ address - will their abuse affect me being able to > do this. No. Nicholas Higgins wrote: > I might sound really 'thick' but I have no idea how the spam > reporting works so please excuse my ignorance! How spam works is also how email works. > My domain host has advised me that it looks as though my domain name > has been spoofed as I am receiving emails from 'me' to 'me' - i.e. > someone is using an email address that doesn't actually exist in my > business, but email is appearing in my inbox that is marketing spam > from another company although it looks like it's from me sent to me. When 'we' look at spam, we don't pay [much or any] attention to the From line. There are many elements which are typically forged in spam, the >From is #1. > (Hope that makes sense!). Anyhow, I have received mail twice with two > different email addresses, both of which I've reported to spamcop, > but I'm wondering what happens next? SpamCop SC is a parsing and reporting service. It is designed to determine the source of a mail [not the From] and count that source toward the SCbl SC blocklist and notify the provider for that spamsource -- where the 'provider' is the regional internet registrar listed contact for the netblock of the IP address of the source.. In addition, SC also sometimes notifies the provider for the IP address of a spamvertised website. IP address vs email address vs persona or handle Your posting IP address: 86.141.148.131 Your posting From address: nicholasjhiggins@btinternet.com Your posting 'sig' at the bottom: Heidi Sinclair What happens next is greatly influenced by what those providers choose to do. Whatever the providers may choose to do, spamsources as IP addresses get listed in the SCbl and people and servers use the scbl to tag, 'block', or even reject spam as part of a spam defense strategy. > I'm also really concerned that > my domain is being abused in this way and wonder whether this person > or organisation is able to send others email that look like they're > coming from me? Anyone can send a mail with whatever they like in the From. > What if, in future, I want to create an email address > that does actually contain the addresses they're using e.g. a > support@ or admin@ address - will their abuse affect me being able to > do this. No. > Sorry if I seem a bit 'green' - it's because I am - I'm a > business owner with a website, not an internet specialist! > > Any help much appreciated > Heidi Sinclair -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Nov 8 20:05:03 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Nov 8 20:05:29 2005 Subject: [SpamCop-List] Re: Spoofed email address References: <dkqran$em8$1@news.spamcop.net> Message-ID: <dkrhum$tmv$1@news.spamcop.net> "Nicholas Higgins" <nicholasjhiggins@btinternet.com> wrote in message news:dkqran$em8$1@news.spamcop.net... > Hi > > I might sound really 'thick' but I have no idea how the spam reporting works > so please excuse my ignorance! Don't worry about sounding thick - just don't feel insulted if others agree with you. These people will help you to understand. spam reporting has to do with IP addresses, not email addresses. Spammers use forged email addresses in the 'from' and the return path all the time. Nobody pays any attention to the from or return path who deals with spam on a professional basis. It happens all the time. Usually, it quits after a couple of days when the spammer starts using some other forgery. Miss Betsy An almost new internet user From nobody at devnull.spamcop.net Tue Nov 8 20:06:21 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Nov 8 20:10:02 2005 Subject: [SpamCop-List] Re: Spam pretending to be from my own email address References: <dkoqqv$3du$1@news.spamcop.net> Message-ID: <dkri14$tq2$1@news.spamcop.net> "Gaetor" <nobody@devnull.spamcop.net> wrote in message news:dkoqqv$3du$1@news.spamcop.net... > I have recently started to receive this ... it takes the annoyance > factor to a whole new level! I know most issues, blocking, etc work on > IP addresses and email addresses are considered irrelevant, but can > anyone advise on whether reporting this will in some/any way backfire as > my address appears as the 'from' in the header? Nobody pays any attention to the 'from'. Miss Betsy an almost new internet user From noemail at here.org Tue Nov 8 21:07:36 2005 From: noemail at here.org (travis) Date: Tue Nov 8 22:10:03 2005 Subject: [SpamCop-List] Re: Feature Request: Unreported Spam Saved References: <dkik3e$hit$1@news.spamcop.net> <dklfin$ttn$1@news.spamcop.net> Message-ID: <dkrp5t$1ld$1@news.spamcop.net> "geo_splash_12" <nospam@nospam.nl> wrote in message news:dklfin$ttn$1@news.spamcop.net... > travis wrote: >> On the main page, where it says "Unreported Spam Saved: Report Now", it >> REALLY needs to have a feature that shows HOW MANY unreported spam are >> actually saved. >> >> PLEASE add that :( > > You don't need this option, because, if you would check past reports you > get to see the ones that are not yet reported. > > Ejo that does help, i wasn't aware that was there... thanks! From nobody at devnull.spamcop.net Wed Nov 9 14:56:35 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Nov 9 01:00:19 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? In-Reply-To: <div9dl$rcs$1@news.spamcop.net> References: <div9dl$rcs$1@news.spamcop.net> Message-ID: <dks32i$6hi$2@news.spamcop.net> Patto wrote: > I have been reporting all phishes to the address specified at > http://www.reportphish.org/ for a few weeks now. But I have started > wondering if this is really worth the effort. They do not say anything > on their website _what_ they are actually doing with these reports. > > Does anybody here know something more about ReportPhish.org than the > little information that can be found on their website? An update: the report email address at ReportPhish.org now bounces. From MikeE at ster.invalid Tue Nov 8 22:46:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 9 01:50:04 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? References: <div9dl$rcs$1@news.spamcop.net> <dks32i$6hi$2@news.spamcop.net> Message-ID: <dks60m$8f1$1@news.spamcop.net> Patto wrote: > An update: the report email address at ReportPhish.org now bounces. Marjolein's [remember Marjolein?] pick http://banspam.javawoman.com/index.html was antiphishing http://www.antiphishing.org/ Look it over and see what you think. They have a database at the site, an email reporting addy reportphishing@antiphishing.org and quite a bit of resources. I've never heard of reportphish. I've heard of antiphishing. -- Mike Easter kibitzer, not SC admin From philip at pch.home.cs.vu.nl Wed Nov 9 10:40:42 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Nov 9 05:01:06 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <dkoeau$s16$1@news.spamcop.net> <01c5e400$ac5c7300$LocalHost@default> <dkovhl$62e$1@news.spamcop.net> Message-ID: <25knfkplj32c54tkek4kacu143@inews_id.stereo.hq.phicoh.net> In article <dkovhl$62e$1@news.spamcop.net>, Mike Easter <MikeE@ster.invalid> wrote: >> If Spamcop mail now checks SA then checks the specified BLs until it >> gets a hit then this speeds up things compared with the previous >> "check SA last" setup. > >I understand what you are saying about 'multitasking' efficiencies -- >but if you really want efficiency, one could structure the sequence and >the 'requirements' accordingly. Why does everything need a SA score? >OK. Let's say that an SA score comes 'cheap' in terms of resources, >altho' I rather doubt that is very true. I would imagine that a SA >score is demanding of resources. It might not take very long, but it is >using resources like mad while it is being processed. An important aspect is the percentage of spam that is blocked only by SA. If that percentage grows above 50, you don't gain all that much by moving SA to the end. To get predictable performance, a large site needs local copies of all DNSBLs that are used. For SA the performance is always predictable. I don't know how effective the CBL is compared to SA, but after filtering using the CBL, all other commonly used DNSBLs seem quite ineffective compared to SA (as tuned by my ISP). -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From MikeE at ster.invalid Wed Nov 9 05:39:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 9 08:40:05 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <dkoeau$s16$1@news.spamcop.net> <01c5e400$ac5c7300$LocalHost@default> <dkovhl$62e$1@news.spamcop.net> <25knfkplj32c54tkek4kacu143@inews_id.stereo.hq.phicoh.net> Message-ID: <dksu5q$ksm$1@news.spamcop.net> Philip Homburg wrote: > An important aspect is the percentage of spam that is blocked only by > SA. > If that percentage grows above 50, you don't gain all that much by > moving > SA to the end. To get predictable performance, a large site needs > local copies of all DNSBLs that are used. For SA the performance is > always predictable. When I watch dnsstuff's dnsbl lookup gizmo 'zoom' thru' 263 dnsbl/s and display tiny numbers of ms to get the result from each of them, it causes me to think that the dnsbl/s are generally instantaneous. Also, whenever I use a dnsbl directly I always get instantaneous results. Also, dnsstuff doesn't usually cache the dnsbl/s. When it does, it just records '0' beside the time spot, so you can tell what is fast and what is cached. Of course, if you ask it again right after you've asked it for the same IP, everything is cached. > I don't know how effective the CBL is compared to SA, but after > filtering using the CBL, all other commonly used DNSBLs seem quite > ineffective compared to SA (as tuned by my ISP). CBL lists a lot of my spams' IPs, but I use spamhaus sbl-xbl, which embraces cbl + blitzed + njabl + sbl, so I take care of cbl with that and thus it doesn't show up in my spamfilter logs anymore. I'm just arguing that for my own spam, quite a lot of it is caught by the dnsbl/s, and I certainly don't use 263 of them. And that the dnsbl/s are very very fast. My own spamfilter's 'equivalency' to SA is a regex body filter plugin, and that filter seems so 'complex' in comparison to the simplicity of using the IPs in the header. That is, to me it seems simpler to use the IP/s in the header against a dnsbl db than to use a 'morass' of regex 'stuff' on a big pile of spambody data. I would say that significantly more than 50% of my spam is caught by other than the regex body filter, but then I'm using a lot of country filtration which someone else might not be able to do. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Wed Nov 9 13:48:43 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Nov 9 08:50:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> Message-ID: <Xns97093B2348704tinlc@216.154.195.61> "Robert Blair" <nobody@nowhere.not> wrote in news:TECQXhvKj0FX-pn2- 41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com: > > I don't know who found it first or why but I doubt it was a "normal" > user. This copy protection scheme had a rootkit that hid all of its > files from any of the standard anti-virus/trojan/ads programs. There > are now people telling others to go buy the Sony CDs and use the > rootkit, I would imagine that the virus/trojan/ads writers have also > started to do the same thing. > > I wouldn't doubt that the virus writers are out there now looking into this with interest. Sony did them a favor by installing the very files they need to do their damage. Meaning all they need to do is to make a virus with a smaller payload. From redford_stone at INVERSE_OF_COLDmail.com Wed Nov 9 13:50:38 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Nov 9 08:55:02 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! References: <dkg6fr$1md$1@news.spamcop.net> <Xns97051D6D81B53tinlc@216.154.195.61> <dki90m$rb7$2@news.spamcop.net> Message-ID: <Xns97093B76B9D21tinlc@216.154.195.61> Borgholio <borgholio@storymind.com> wrote in news:dki90m$rb7$2 @news.spamcop.net: > > > Yeah but the fact that it's a Russian sysadmin is what amazes me. :) Good point. It is already impossible trying to get their attention regarding zombies on their networks. From bar_n0ne at hotmail.com Wed Nov 9 18:53:10 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Nov 9 09:55:07 2005 Subject: [SpamCop-List] sheesh, Tripod is even more parse resistant than geocities Message-ID: <dkt2gn$na9$1@news.spamcop.net> Arghh, I really wanna inconvenience Lycos exploiting spammers, and get them on the SURBL. From kenbrody at spamcop.net Wed Nov 9 10:26:01 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Nov 9 10:30:03 2005 Subject: [SpamCop-List] Highest SpamAssassin scores Message-ID: <43721509.34638D2B@spamcop.net> I just posted to .spam a spam with a SpamAssassin score of 53.4 (though "held mail" shows the score as "50"). X-Spam-Status: hits=53.4 tests=DATE_IN_FUTURE_96_XX,DATE_SPAMWARE_Y2K, ... X-SpamCop-Disposition: Blocked SpamAssassin=50 See subject "SpamAssassin score of 53.4" for full text. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: <mailto:ThisIsASpamTrap@gmail.com> From MikeE at ster.invalid Wed Nov 9 08:03:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 9 11:05:03 2005 Subject: [SpamCop-List] Re: Highest SpamAssassin scores References: <43721509.34638D2B@spamcop.net> Message-ID: <dkt6ku$u2a$1@news.spamcop.net> Kenneth Brody wrote: > I just posted to .spam a spam with a SpamAssassin score of 53.4 > (though "held mail" shows the score as "50"). I'm not clear on how that works. What you posted in .spam is b64 encoded and the encoding contains links. Something is b64 decoding so that SA can see what is inside. I didn't know it worked like that. -- Mike Easter kibitzer, not SC admin From philip at pch.home.cs.vu.nl Wed Nov 9 17:55:51 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Nov 9 12:00:03 2005 Subject: [SpamCop-List] Re: Which comes first: SpamAssassin or Blacklist? References: <436F6B2E.B4B4F020@spamcop.net> <dkovhl$62e$1@news.spamcop.net> <25knfkplj32c54tkek4kacu143@inews_id.stereo.hq.phicoh.net> <dksu5q$ksm$1@news.spamcop.net> Message-ID: <pem62cc1q2t6u33b6uspfpca57@inews_id.stereo.hq.phicoh.net> In article <dksu5q$ksm$1@news.spamcop.net>, Mike Easter <MikeE@ster.invalid> wrote: >When I watch dnsstuff's dnsbl lookup gizmo 'zoom' thru' 263 dnsbl/s and >display tiny numbers of ms to get the result from each of them, it >causes me to think that the dnsbl/s are generally instantaneous. Also, >whenever I use a dnsbl directly I always get instantaneous results. Strange. When I use a script the queries about a dozen RBLs, it does not finish in under 1 second. >CBL lists a lot of my spams' IPs, but I use spamhaus sbl-xbl, which >embraces cbl + blitzed + njabl + sbl, so I take care of cbl with that >and thus it doesn't show up in my spamfilter logs anymore. I think that CBL is the most effective part of SBL-XBL, so I call it CBL. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From nobody at devnull.spamcop.net Wed Nov 9 12:32:32 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Wed Nov 9 12:35:03 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? References: <div9dl$rcs$1@news.spamcop.net> <dks32i$6hi$2@news.spamcop.net> Message-ID: <dktbrg$26i$1@news.spamcop.net> "Patto" wrote in message > > I have been reporting all phishes to the address specified at > > http://www.reportphish.org/ for a few weeks now. But I have started > > wondering if this is really worth the effort. They do not say anything > > on their website _what_ they are actually doing with these reports. > > > > Does anybody here know something more about ReportPhish.org than the > > little information that can be found on their website? > > An update: the report email address at ReportPhish.org now bounces. Fantastic! Pursuing your allegation that Report/at/ReportPhish.org was bouncing, I sent them a link to a "secure" phishing site that I was previously unable to impact using numerous other phish reporting resources. Within hours they have had the site rendered "404 compliant". I have, thanks to your post, a valued "new" resource in my phish reporting stable. Excellent! Thanks much for the tip, -glenn From nobody at nowhere.not Wed Nov 9 23:09:58 2005 From: nobody at nowhere.not (Robert Blair) Date: Wed Nov 9 18:10:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> Message-ID: <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> On Wed, 9 Nov 2005 13:48:43 UTC, Redstone <redford_stone@INVERSE_OF_COLDmail.com> wrote: > > I don't know who found it first or why but I doubt it was a "normal" > > user. This copy protection scheme had a rootkit that hid all of its > > files from any of the standard anti-virus/trojan/ads programs. There > > are now people telling others to go buy the Sony CDs and use the > > rootkit, I would imagine that the virus/trojan/ads writers have also > > started to do the same thing. > > I wouldn't doubt that the virus writers are out there now looking into > this with interest. Sony did them a favor by installing the very files > they need to do their damage. Meaning all they need to do is to make a > virus with a smaller payload. If you want to see what Sony is putting people through to uninstall this rootkit see. http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-wa nt-to_09.html -- Robert Blair From nobody at devnull.spamcop.net Wed Nov 9 17:23:19 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Nov 9 18:25:06 2005 Subject: [SpamCop-List] SpamCop Forum is down Message-ID: <dku0d7$d4g$1@news.spamcop.net> It actually went down for a bit early this morning with some SQL errors showing ... then I couldn't even talk to the server. JT was notified, but said that it'd be a couple of hours before he could get anything done. Strangely, something happened and it was back on-line about 15 minutes later ...??? I got caught up, did some grocery shopping .. came back, caught up again, got around to making some coffee, poured a cup, and promptly fell asleep ... Jeff G. called to advise that there were some sever issues with the Forum .. killed off that 'exciting' game I'd fallen asleep playing, logged onto the Forum and found that the 'user' experience wasn't near as bad as the Admin issues. Anyway, I had stated that I had been becoming suspicious of a drive problem, looking at some system message log files, I'm convinced of that now ... kicked an e-mail to JT ... last thing seen on the forum server was; Broadcast message from root (console) (Wed Nov 9 17:26:10 2005): The system is going down for reboot NOW! and it has yet to come back up .. I still can't login in directly either ... so have to make an assumption that either an fsck is in operation at present or even that a hard drive replacement is under way (no response from JT yet) Just posting what I know, guessing at some other things, best I can do for now from here .... From nobody at devnull.spamcop.net Wed Nov 9 17:53:42 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Nov 9 18:55:08 2005 Subject: [SpamCop-List] Re: SpamCop Forum is down References: <dku0d7$d4g$1@news.spamcop.net> Message-ID: <dku266$e4d$1@news.spamcop.net> "WazoO" <nobody@devnull.spamcop.net> wrote in message news:dku0d7$d4g$1@news.spamcop.net... > > suspicious of a drive problem, looking at some system > message log files, I'm convinced of that now ... kicked > an e-mail to JT ... last thing seen on the forum server was; > > Broadcast message from root (console) (Wed Nov 9 17:26:10 2005): > The system is going down for reboot NOW! > > and it has yet to come back up .. I still can't login in directly > either ... so have to make an assumption that either an > fsck is in operation at present or even that a hard drive > replacement is under way (no response from JT yet) > Just posting what I know, guessing at some other things, > best I can do for now from here .... JT is on-site ... gave me a guess, I'll stretch it a bit and say that estimated time of repair/return is suggested around 1830 -6 GMT .... From anthony.edwards at uk.easynet.net Thu Nov 10 00:40:31 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Wed Nov 9 19:45:05 2005 Subject: [SpamCop-List] Re: Highest SpamAssassin scores References: <43721509.34638D2B@spamcop.net> <dkt6ku$u2a$1@news.spamcop.net> Message-ID: <dku4tv$fcn$1@news.spamcop.net> On Wed, 9 Nov 2005 08:03:47 -0800, Mike Easter <MikeE@ster.invalid> wrote: > I'm not clear on how that works. What you posted in .spam is b64 > encoded and the encoding contains links. > > Something is b64 decoding so that SA can see what is inside. I didn't > know it worked like that. SpamAssasin has been able to decode Base64 encoded messages/mail parts since at least 2002, and possibly before that. In recent versions, Perl module MIME::Base64 is used. -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From nobody at devnull.spamcop.net Wed Nov 9 19:35:15 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Nov 9 20:40:20 2005 Subject: [SpamCop-List] Forum is up Was: Re: SpamCop Forum is down References: <dku0d7$d4g$1@news.spamcop.net> Message-ID: <dku84j$heg$1@news.spamcop.net> "WazoO" <nobody@devnull.spamcop.net> wrote in message news:dku0d7$d4g$1@news.spamcop.net... > > Broadcast message from root (console) (Wed Nov 9 17:26:10 2005): > The system is going down for reboot NOW! > > and it has yet to come back up .. I still can't login in directly > either ... so have to make an assumption that either an > fsck is in operation at present or even that a hard drive > replacement is under way (no response from JT yet) > Just posting what I know, guessing at some other things, > best I can do for now from here .... Other than a bit of cryptic "working on it" message ... problem has been resolved. From MikeE at ster.invalid Wed Nov 9 18:19:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Nov 9 21:20:02 2005 Subject: [SpamCop-List] Re: Highest SpamAssassin scores References: <43721509.34638D2B@spamcop.net> <dkt6ku$u2a$1@news.spamcop.net> <dku4tv$fcn$1@news.spamcop.net> Message-ID: <dkuamt$ite$1@news.spamcop.net> Anthony Edwards wrote: > Mike Easter >> Something is b64 decoding so that SA can see what is inside. I >> didn't know it worked like that. > > SpamAssasin has been able to decode Base64 encoded messages/mail parts > since at least 2002, and possibly before that. In recent versions, > Perl module MIME::Base64 is used. I couldn't find it introduced in the history of the versions at the apache site [which covers versions pre-apache, even providing links to filter.plx] -- but from reading newsgroup messages where someone was crafting their own SA b64 decoder in Feb 2002 and the module being in place in May 2002, it must have been introduced between those - somewhere in the versions from 2.1 to 2.3. The apache site calls those 'ancient' releases. Pre-apache is 2.4 - 2.64 and apache starts with 3. There's some quaint info in those history pages, ie the prehistory http://spamassassin.apache.org/prehistory/ SpamAssassin Prehistory: filter.plx -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Thu Nov 10 02:29:51 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Nov 9 21:35:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> Message-ID: <dkubbp$j70$1@news.spamcop.net> "Robert Blair" <nobody@nowhere.not> wrote in message news:TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com... > > > If you want to see what Sony is putting people through to uninstall > this rootkit see. > > http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-wa > nt-to_09.html Yeah right! If they think I'm going to throw away my CD collection just because I move to another country, they're F*^%ING STUPID!! From jg at coks.net Wed Nov 9 20:09:27 2005 From: jg at coks.net (jg) Date: Wed Nov 9 23:10:05 2005 Subject: [SpamCop-List] Re: Highest SpamAssassin scores In-Reply-To: <dkuamt$ite$1@news.spamcop.net> References: <43721509.34638D2B@spamcop.net> <dkt6ku$u2a$1@news.spamcop.net> <dku4tv$fcn$1@news.spamcop.net> <dkuamt$ite$1@news.spamcop.net> Message-ID: <dkuh26$m36$1@news.spamcop.net> On 11/9/2005 6:19 PM Mike Easter scribbled: > Anthony Edwards wrote: > >>Mike Easter > > >>>Something is b64 decoding so that SA can see what is inside. I >>>didn't know it worked like that. >> >>SpamAssasin has been able to decode Base64 encoded messages/mail parts >>since at least 2002, and possibly before that. In recent versions, >>Perl module MIME::Base64 is used. > > > I couldn't find it introduced in the history of the versions at the > apache site [which covers versions pre-apache, even providing links to > filter.plx] -- but from reading newsgroup messages where someone was > crafting their own SA b64 decoder in Feb 2002 and the module being in > place in May 2002, it must have been introduced between those - > somewhere in the versions from 2.1 to 2.3. The apache site calls those > 'ancient' releases. Pre-apache is 2.4 - 2.64 and apache starts with 3. > > There's some quaint info in those history pages, ie the prehistory > http://spamassassin.apache.org/prehistory/ SpamAssassin Prehistory: > filter.plx > Thanks, Mike, for leading me to this quote from: http://web.archive.org/web/19981212012604/antispam.shmooze.net/: "Mandate: To make our lives easier, to rid our respective subnets of abusive idiots, and to form a cohesive, albeit ad-hoc response to net.spam. To discuss methods/options, whether far-flung, excessive, or pragmatic of dealing with noise. Policies: The list is open to public posting, but all members have carte-blanche to react with extreme prejudice to anyone else attempting to post kife to it. Any member can subscribe others to this list. The idea is to have this movement propegate via the grapevine. Rules: &ltheh, heh> We make `em up as we go along. The only stipulation is whatever you/we do, try not to wing any bystanders. So far the members of this list have kept their actions on an even keel, and the response from subnets/domains/hosts with we've been in contact has been favourable. We've had some innovative ideas come through here so far. Everyone is invited to contribute in any way they can. We're all busy people, let's just hope for a future where we waste less time on dealing with other people's junk." The good old days... From jg at coks.net Wed Nov 9 20:11:46 2005 From: jg at coks.net (jg) Date: Wed Nov 9 23:10:17 2005 Subject: [SpamCop-List] Re: Highest SpamAssassin scores In-Reply-To: <dkuh26$m36$1@news.spamcop.net> References: <43721509.34638D2B@spamcop.net> <dkt6ku$u2a$1@news.spamcop.net> <dku4tv$fcn$1@news.spamcop.net> <dkuamt$ite$1@news.spamcop.net> <dkuh26$m36$1@news.spamcop.net> Message-ID: <dkuh6h$m49$1@news.spamcop.net> On 11/9/2005 8:09 PM jg scribbled:>> > > Thanks, Mike, for leading me to this quote from: > http://web.archive.org/web/19981212012604/antispam.shmooze.net/: > and this one - http://web.archive.org/web/19981202203121/antispam.shmooze.net/spamdrive/ From jg at coks.net Wed Nov 9 21:37:46 2005 From: jg at coks.net (jg) Date: Thu Nov 10 00:40:02 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? In-Reply-To: <dktbrg$26i$1@news.spamcop.net> References: <div9dl$rcs$1@news.spamcop.net> <dks32i$6hi$2@news.spamcop.net> <dktbrg$26i$1@news.spamcop.net> Message-ID: <dkum7p$on6$1@news.spamcop.net> On 11/9/2005 9:32 AM Glenn Daniels scribbled: > "Patto" wrote in message > >>An update: the report email address at ReportPhish.org now bounces. > > > Fantastic! Pursuing your allegation that Report/at/ReportPhish.org > was bouncing, I sent them a link to a "secure" phishing site that > I was previously unable to impact using numerous other > phish reporting resources. Within hours they have had the site > rendered "404 compliant". > > I have, thanks to your post, a valued "new" resource in my > phish reporting stable. Excellent! > > Thanks much for the tip, > -glenn > > Errr...Pursuing the allegations of bouncing, you sent them a link? Could/would you elaborate on the methodology here? From jg at coks.net Wed Nov 9 22:01:58 2005 From: jg at coks.net (jg) Date: Thu Nov 10 01:05:02 2005 Subject: [SpamCop-List] In stereo... Message-ID: <dkunl5$pc3$1@news.spamcop.net> Same payloads, same time: http://www.spamcop.net/sc?id=z825126722zc1460f4b313ecc60bf406c796c1f8e06z http://www.spamcop.net/sc?id=z825127031z171c51084e50857b83455514e2f65469z This more or less the norm, or is there some thing/where else to report? From jg at coks.net Wed Nov 9 22:04:52 2005 From: jg at coks.net (jg) Date: Thu Nov 10 01:05:12 2005 Subject: [SpamCop-List] Re: In stereo... In-Reply-To: <dkunl5$pc3$1@news.spamcop.net> References: <dkunl5$pc3$1@news.spamcop.net> Message-ID: <dkunqj$pc3$2@news.spamcop.net> On 11/9/2005 10:01 PM jg scribbled: > Same payloads, same time: > > http://www.spamcop.net/sc?id=z825126722zc1460f4b313ecc60bf406c796c1f8e06z > http://www.spamcop.net/sc?id=z825127031z171c51084e50857b83455514e2f65469z > > This more or less the norm, or is there some thing/where else to report? BTW, bulanov, trud, and fedoruk must be busy guys lately... From bar_n0ne at hotmail.com Thu Nov 10 14:01:27 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Nov 10 05:06:10 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> Message-ID: <dkv5pr$pq$1@news.spamcop.net> "David Dean" <ozchzhq02@sneakemail.com> wrote in message news:ozchzhq02-A8BF38.18491509112005@frylock.local... > In article <dkubbp$j70$1@news.spamcop.net>, > "Porpoise" <porpoise1954@yahoo.co.uk> wrote: > > > Yeah right! If they think I'm going to throw away my CD collection just > > because I move to another country, they're F*^%ING STUPID!! > > You mean like DVD region codes? > > -- > -David > > Nihil curo de ista tua stulta superstitione. It's because of crap like that region code (burns me, because I move between the americas, europe and asia a lot) that I fully support piracy these days these assholes want you to be renting when you thought you bought. They'd really prefer (and have tried) that libraries pay and charge royalties. and that you not lend books or other media, and if they could they'd charge you if you have guests over to watch tv. From nobody at nowhere.invalid Thu Nov 10 11:03:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Nov 10 05:07:15 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> Message-ID: <slrndn66mk.3o5.nobody@127.0.0.1> On Wed, 09 Nov 2005 18:49:15 -0800, David Dean coughed into spamcop and left this in <ozchzhq02-A8BF38.18491509112005@frylock.local>: > You mean like DVD region codes? Who cares about those with a region-free DVD player? -- Steve Cat, n: Lapwarmer with built-in buzzer. From bar_n0ne at hotmail.com Thu Nov 10 14:22:56 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Nov 10 05:25:31 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> Message-ID: <dkv728$1np$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndn66mk.3o5.nobody@127.0.0.1... > On Wed, 09 Nov 2005 18:49:15 -0800, David Dean coughed into spamcop and > left this in <ozchzhq02-A8BF38.18491509112005@frylock.local>: > > > You mean like DVD region codes? > > Who cares about those with a region-free DVD player? > > -- > Steve > > Cat, n: > Lapwarmer with built-in buzzer. > Because now many DVD's check for that and a number of them fail in that case. I have several (yes we bought the fsckers from a large reputable dealer in North America) that will not play on my region free player. This started a year or so ago. It's become a crap shoot. It seems nowadays you need a player that can be set to pretend to be in the desired region. Now we are constrained to watching on the PC (there is no sofa, and an 17" screen is not the same) Luckily we could download the movie with shareaza, I think this will become our preferred methof of obtaining movies, if I have to watch it on the PC anyway. and I guess I will only download sony artists from now, and avoid their rootkit (my daughter bought an Ipod), If we ever get a DVD burner, we can make our own region free playable copies. So RIAA, you are shooting yourselves in the foot by being too greedy. From nobody at nowhere.invalid Thu Nov 10 11:49:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Nov 10 05:50:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> Message-ID: <slrndn69cv.4a0.nobody@127.0.0.1> On Thu, 10 Nov 2005 14:22:56 +0400, Berny coughed into spamcop and left this in <dkv728$1np$1@news.spamcop.net>: >> > You mean like DVD region codes? >> >> Who cares about those with a region-free DVD player? > > Because now many DVD's check for that and a number of them fail in that > case. Actually, the DVD - being a passive object - can't check for anything. My guess is that these DVDs set a further "this disc can't be played in a region-free player" attribute in a VMGM pre-command on players that support it in their virtual machine. > If we ever get a DVD burner, we can make our own region free playable > copies. DVD burners are cheap nowadays ($50 ballpark) and blank media is also cheap ($0.30 a pop). The software I use for reworking DVDs (such as shrinking the video stream so a movie fits on a single-layer DVD?R) is totally free. I'd go for it ASAP. > So RIAA, you are shooting yourselves in the foot by being too greedy. Indeed. -- Steve Notice spotted in a field: THE FARMER ALLOWS WALKERS TO CROSS THE FIELD FOR FREE, BUT THE BULL CHARGES From nobody at devnull.spamcop.net Thu Nov 10 07:49:29 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Thu Nov 10 07:50:05 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? References: <div9dl$rcs$1@news.spamcop.net> <dks32i$6hi$2@news.spamcop.net> <dktbrg$26i$1@news.spamcop.net> <dkum7p$on6$1@news.spamcop.net> Message-ID: <dkvfko$68r$1@news.spamcop.net> "jg" wrote in message > On 11/9/2005 9:32 AM Glenn Daniels scribbled: > > > "Patto" wrote in message > > > > >>An update: the report email address at ReportPhish.org now bounces. > > > > > > Fantastic! Pursuing your allegation that Report/at/ReportPhish.org > > was bouncing, I sent them a link > > ... > Errr...Pursuing the allegations of bouncing, you sent them a link? > Could/would you elaborate on the methodology here? It was simple really, I created a new mail, pasted the link in it, and sent it! How complicated is that? Had it bounced, I lost nothing and confirmed the belief that the addy was no longer working. It did not "bounce", so the addy /might/ be working. I can't /know/ that it works, as my ISP silently and apparently arbitrarily "drops" some outgoing mail. Anyway, fwiw, that site was nuked. Pleased with the outcome of my "test", I sent them (by email?) links to several other problematic phishing sites as have resisted all other efforts, and they also now are showing "404 compliant" pages. So by reason of magical thinking, at least for my purposes, the addy does not "bounce". For you, who knows, maybe it "bounces". Sorry about that: "spam" happens! Cheers, glenn From nobody at spamcop.net Thu Nov 10 06:56:03 2005 From: nobody at spamcop.net (John Anderson) Date: Thu Nov 10 08:00:05 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> Message-ID: <dkvg10$6hn$1@news.spamcop.net> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in message news:dkubbp$j70$1@news.spamcop.net... > > "Robert Blair" <nobody@nowhere.not> wrote in message > news:TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com... > >> >> >> If you want to see what Sony is putting people through to uninstall >> this rootkit see. >> >> http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-wa >> nt-to_09.html > > Yeah right! If they think I'm going to throw away my CD collection just > because I move to another country, they're F*^%ING STUPID!! > I had to copy and paste the url, here is a tiny url: http://tinyurl.com/bpr64 From porpoise1954 at yahoo.co.uk Thu Nov 10 13:20:10 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 08:25:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> Message-ID: <dkvhf6$7c1$1@news.spamcop.net> "David Dean" <ozchzhq02@sneakemail.com> wrote in message news:ozchzhq02-A8BF38.18491509112005@frylock.local... > In article <dkubbp$j70$1@news.spamcop.net>, > "Porpoise" <porpoise1954@yahoo.co.uk> wrote: > >> Yeah right! If they think I'm going to throw away my CD collection just >> because I move to another country, they're F*^%ING STUPID!! > > You mean like DVD region codes? Yes!! I DO!!! EXACTLY!!!! They take absolutely NO account of multi-national/lingual families or the fact that it's SUPPOSED to be a free-market economy - which means I should be able to buy a DVD wherever I happen to be travelling, and be able to play it wherever I happen to be travelling. I shouldn't have to have seperate players for every region!!!!! $#$^$%&^%#&&^^^*&&^**&&U(*&* I feel really strongly about being dictated to in this fashion. Yes, prosecute the piraters by all means, but don't try and confuse the issue by making people pay through the nose via regionalisation and calling it anti-piracy measures. From porpoise1954 at yahoo.co.uk Thu Nov 10 13:24:12 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 08:25:17 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> Message-ID: <dkvhmn$7ee$1@news.spamcop.net> "Berny" <bar_n0ne@hotmail.com> wrote in message news:dkv5pr$pq$1@news.spamcop.net... > > "David Dean" <ozchzhq02@sneakemail.com> wrote in message > news:ozchzhq02-A8BF38.18491509112005@frylock.local... >> In article <dkubbp$j70$1@news.spamcop.net>, >> "Porpoise" <porpoise1954@yahoo.co.uk> wrote: >> >> > Yeah right! If they think I'm going to throw away my CD collection just >> > because I move to another country, they're F*^%ING STUPID!! >> >> You mean like DVD region codes? >> >> -- >> -David >> >> Nihil curo de ista tua stulta superstitione. > > It's because of crap like that region code (burns me, because I move > between > the americas, europe and asia a lot) that I fully support piracy these > days SNAP!! They have absolutely NO consideration for people who are not single-location/single-language families. I quite often buy DVDs while working/holidaying in Thailand for example..... generally, they don't tend to have region 2 discs.... > > > these assholes want you to be renting when you thought you bought. They'd > really prefer (and have tried) that libraries pay and charge royalties. > and > that you not lend books or other media, and if they could they'd charge > you > if you have guests over to watch tv. Yes quite! The sooner these robbing bastard companies get their cum-uppance the better. I'm right behind the EU and their attempts to stop all this anti-consumer crap. From porpoise1954 at yahoo.co.uk Thu Nov 10 13:25:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 08:30:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> Message-ID: <dkvhp9$7o7$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndn66mk.3o5.nobody@127.0.0.1... > On Wed, 09 Nov 2005 18:49:15 -0800, David Dean coughed into spamcop and > left this in <ozchzhq02-A8BF38.18491509112005@frylock.local>: > >> You mean like DVD region codes? > > Who cares about those with a region-free DVD player? What? Like the one you can't get for your laptop because it isn't available???? Kind of defeats the whole object of a laptop being portable, doesn't it? From porpoise1954 at yahoo.co.uk Thu Nov 10 13:37:48 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 08:40:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkvhp9$7o7$1@news.spamcop.net> Message-ID: <dkvig8$84i$1@news.spamcop.net> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in message news:dkvhp9$7o7$1@news.spamcop.net... > > "Steven Maesslein" <nobody@nowhere.invalid> wrote in message > news:slrndn66mk.3o5.nobody@127.0.0.1... >> On Wed, 09 Nov 2005 18:49:15 -0800, David Dean coughed into spamcop and >> left this in <ozchzhq02-A8BF38.18491509112005@frylock.local>: >> >>> You mean like DVD region codes? >> >> Who cares about those with a region-free DVD player? > > What? Like the one you can't get for your laptop because it isn't > available???? Kind of defeats the whole object of a laptop being portable, > doesn't it? Another scenario: I have movie A which I've watched so many times, I'm now sick of it. I know, I'll swap it for a different one with my friend in France. Oh, crap! we can't because he's region 3 and I'm region 2 (at the moment). Still, there is one consolation being region 2, at least I can get Japanese ones......... From porpoise1954 at yahoo.co.uk Thu Nov 10 13:43:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 08:45:04 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkvhp9$7o7$1@news.spamcop.net> <dkvig8$84i$1@news.spamcop.net> Message-ID: <dkvir1$885$1@news.spamcop.net> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in message news:dkvig8$84i$1@news.spamcop.net... > > > Another scenario: > > I have movie A which I've watched so many times, I'm now sick of it. I > know, I'll swap it for a different one with my friend in France. Oh, crap! > we can't because he's region 3 and I'm region 2 (at the moment). Still, > there is one consolation being region 2, at least I can get Japanese > ones......... Of course, one way of enabling "people-power" would be for everyone to boycott all Sony products until they desist. From nobody at nowhere.invalid Thu Nov 10 14:53:01 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Nov 10 08:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkvhp9$7o7$1@news.spamcop.net> Message-ID: <slrndn6k5t.7n9.nobody@127.0.0.1> On Thu, 10 Nov 2005 13:25:33 -0000, Porpoise coughed into spamcop and left this in <dkvhp9$7o7$1@news.spamcop.net>: > What? Like the one you can't get for your laptop because it isn't > available???? Kind of defeats the whole object of a laptop being portable, > doesn't it? Huh? Use an open-source player (like xine, ogle or mplayer) with libdvdcss (also open source) and it couldn't care less what zone the DVD is supposedly for. -- Steve Just remember: when you go to court, you are trusting your fate to twelve people that weren't smart enough to get out of jury duty! From porpoise1954 at yahoo.co.uk Thu Nov 10 14:06:48 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 09:10:05 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkvhp9$7o7$1@news.spamcop.net> <slrndn6k5t.7n9.nobody@127.0.0.1> Message-ID: <dkvk6k$9bs$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndn6k5t.7n9.nobody@127.0.0.1... > On Thu, 10 Nov 2005 13:25:33 -0000, Porpoise coughed into spamcop and > left this in <dkvhp9$7o7$1@news.spamcop.net>: > >> What? Like the one you can't get for your laptop because it isn't >> available???? Kind of defeats the whole object of a laptop being >> portable, >> doesn't it? > > Huh? > > Use an open-source player (like xine, ogle or mplayer) with libdvdcss > (also open source) and it couldn't care less what zone the DVD is > supposedly for. > How does that operate with the firmware regioncoding of the DVD player itself? From MikeE at ster.invalid Thu Nov 10 06:16:52 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Nov 10 09:20:03 2005 Subject: [SpamCop-List] Re: In stereo... References: <dkunl5$pc3$1@news.spamcop.net> Message-ID: <dkvkof$9nr$1@news.spamcop.net> jg wrote: > Same payloads, same time: www.spamcop.net/sc?id=z825126722zc1460f4b313ecc60bf406c796c1f8e06z www.spamcop.net/sc?id=z825127031z171c51084e50857b83455514e2f65469z spams sourced from 2 different proxies pharm spamvertising at kukqwy.info > is there some thing/where else to > report? Not really. kukqwy.info DNS 82.138.63.64 of .ru Comcor abuse.net reg'd abuse@teliacarrier.com abuse@comcor.ru postmaster@comcor.ru (for comcor.ru) 82.138.63.64 is spamhaused as the /30 and spewed as the /18 comcor.ru has 8 SBL listings and lots in spews http://www.spamhaus.org/SBL/sbl.lasso?query=SBL28550 http://spews.org/html/S2188.html comcor is AS8732 whose upstream adjacency is AS3216 SOVAM-AS Golden Telecom, Moscow, Russia abuse@sovam.com which sovam is also teleross and whose upstreams are cw & level3 As a general rule, you can consider such providers with extensive spews and spamhaus listings to be unresponsive, and I wouldn't imagine sovam would be interested in hearing about the spamvertisers of comcor or its unresponsiveness and I certainly wouldn't imagine that cw or level3 would be interested in hearing about their downstream Sovam's downstream comcor being unresponsive. This is an example of how a SC notify of the spamvertiser, if it had been resolved, would be expected to be meaningless and would be simply handing over a copy of the spam evidence to a blackhat. However, it would have been useful for the spamvertised site to go to the surbl db. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Thu Nov 10 15:25:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Nov 10 09:30:06 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkvhp9$7o7$1@news.spamcop.net> <slrndn6k5t.7n9.nobody@127.0.0.1> <dkvk6k$9bs$1@news.spamcop.net> Message-ID: <slrndn6m21.8ai.nobody@127.0.0.1> On Thu, 10 Nov 2005 14:06:48 -0000, Porpoise coughed into spamcop and left this in <dkvk6k$9bs$1@news.spamcop.net>: >> Use an open-source player (like xine, ogle or mplayer) with libdvdcss >> (also open source) and it couldn't care less what zone the DVD is >> supposedly for. > > How does that operate with the firmware regioncoding of the DVD player > itself? It doesn't interact with the region coding of the DVD drive at all. The software asks the DVD drive for data that's on the DVD and the DVD gives that data out. libdvdcss descrambles it if need be. Only commercial software - often supplied with DVD drives - interrogates the drive to find out its region and compare it with the region of the DVD. -- Steve A lot of money is tainted. 'Taint yours and 'taint mine. From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 10 20:12:24 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 10 15:15:09 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> Message-ID: <Xns970A7C317B9C2tinlc@216.154.195.61> "Robert Blair" <nobody@nowhere.not> wrote in news:TECQXhvKj0FX-pn2- jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com: > > > If you want to see what Sony is putting people through to uninstall > this rootkit see. > > http://www.sysinternals.com/blog/2005/11/sony-you-dont-reeeeaaaally-wa > nt-to_09.html > > Just saw. And what is worse is that the uninstall solution is not completely stable either. With this in mind, most people will not go through the process to get it off their machines which is what the execs at Sony hope. Datafellows has their own analysis on this: http://www.f-secure.com/v-descs/xcp_drm.shtml From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 10 20:17:50 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 10 15:20:04 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> Message-ID: <Xns970A7D1D5F8BEtinlc@216.154.195.61> "Berny" <bar_n0ne@hotmail.com> wrote in news:dkv5pr$pq$1@news.spamcop.net: > > It's because of crap like that region code (burns me, because I move > between the americas, europe and asia a lot) that I fully support > piracy these days > > There are multiregion players out there. (Or you could just get a cheap player and do some reverse engineering to disable the region restriction.) However, I can't support piracy.. particularly with the bombardment of "cheep s0ftwar3" spams I receive daily. :-p > these assholes want you to be renting when you thought you bought. > They'd really prefer (and have tried) that libraries pay and charge > royalties. and that you not lend books or other media, and if they > could they'd charge you if you have guests over to watch tv. > Which is why they need to change their business model. Again, selling CDs for $18 for just 1 good musical number and their other 10 being junk is just bad business. I think paying a fair price per downloadable song is the best way to go. That way you get what you want. From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 10 20:20:51 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 10 15:25:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> Message-ID: <Xns970A7DA0520D9tinlc@216.154.195.61> Steven Maesslein <nobody@nowhere.invalid> wrote in news:slrndn69cv.4a0.nobody@127.0.0.1: > > Actually, the DVD - being a passive object - can't check for anything. > My guess is that these DVDs set a further "this disc can't be played in > a region-free player" attribute in a VMGM pre-command on players that > support it in their virtual machine. > I could of sworn there were players that had switchable regions. From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 10 20:24:33 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 10 15:25:14 2005 Subject: [SpamCop-List] Re: [Media] FBI Says Man Created Zombie PC Networks, Sold Access References: <dkg34e$es$1@news.spamcop.net> Message-ID: <Xns970A7E40CE51Ftinlc@216.154.195.61> "Ron B." <zypher@spamcop.net> wrote in news:dkg34e$es$1@news.spamcop.net: > > The indictment charges conspiracy, money laundering, transmission of > code to a government computer and accessing a protected computer to > commit fraud. > Just goes to show that these guys (spammers, virus writers, etc.) appear to already be troublemakers with the law before doing this botnet crap. From borgholio at storymind.com Thu Nov 10 12:29:38 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Nov 10 15:30:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit In-Reply-To: <Xns970A7DA0520D9tinlc@216.154.195.61> References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> Message-ID: <dl0ajf$khq$1@news.spamcop.net> Redstone wrote: > Steven Maesslein <nobody@nowhere.invalid> wrote in > news:slrndn69cv.4a0.nobody@127.0.0.1: > > > >>Actually, the DVD - being a passive object - can't check for anything. >>My guess is that these DVDs set a further "this disc can't be played in >>a region-free player" attribute in a VMGM pre-command on players that >>support it in their virtual machine. >> > > > I could of sworn there were players that had switchable regions. > My DVD drive on my computer does. However, you can only switch it 5 times before it permanently freezes it at whatever region you selected. :-/ From redford_stone at INVERSE_OF_COLDmail.com Thu Nov 10 21:15:42 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Nov 10 16:20:04 2005 Subject: [SpamCop-List] [MEDIA] Hackers use Sony BMG to hide on PCs Message-ID: <Xns970A86ECD8110tinlc@216.154.195.61> http://news.yahoo.com/s/nm/20051110/wr_nm/sony_hack_dc http://tinyurl.com/8fpz7 "AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc." Certainly came out in record time. Sony/BMG along with scumware maker First4Internet can safely be placed in the same category we place spammers, spyware companies, and the other dregs in. Keep it up Sony, this couldn't have happened at a better moment where you're beginning to lose market share to your competitors. What's next on the agenda? Offer Ralsky a position as an IT manager? How about Rizler as CFO? From g.hyde at bigpond.net.au Fri Nov 11 09:59:28 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Nov 10 19:10:23 2005 Subject: [SpamCop-List] Re: [MEDIA] Hackers use Sony BMG to hide on PCs References: <Xns970A86ECD8110tinlc@216.154.195.61> Message-ID: <dl0n93$u76$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970A86ECD8110tinlc@216.154.195.61... > http://news.yahoo.com/s/nm/20051110/wr_nm/sony_hack_dc > http://tinyurl.com/8fpz7 > > > "AMSTERDAM (Reuters) - A computer security firm said on Thursday it had > discovered the first virus that uses music publisher Sony BMG's > controversial CD copy-protection software to hide on PCs and wreak > havoc." [snip] Does anyone know if it can self-install without the presence of the Sony rootkit? Or does it have to have the rootkit present? -- Cheers ... Geoffrey Hyde From porpoise1954 at yahoo.co.uk Fri Nov 11 01:35:13 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 20:40:23 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> Message-ID: <dl0shv$2af$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970A7D1D5F8BEtinlc@216.154.195.61... > "Berny" <bar_n0ne@hotmail.com> wrote in > news:dkv5pr$pq$1@news.spamcop.net: > > >> >> It's because of crap like that region code (burns me, because I move >> between the americas, europe and asia a lot) that I fully support >> piracy these days >> >> > > There are multiregion players out there. (Or you could just get a cheap > player and do some reverse engineering to disable the region > restriction.) However, I can't support piracy.. particularly with the > bombardment of "cheep s0ftwar3" spams I receive daily. :-p I don't support piracy either, but region encoding has nothing to do with preventing piracy. >> these assholes want you to be renting when you thought you bought. >> They'd really prefer (and have tried) that libraries pay and charge >> royalties. and that you not lend books or other media, and if they >> could they'd charge you if you have guests over to watch tv. >> > > > Which is why they need to change their business model. Again, selling > CDs for $18 for just 1 good musical number and their other 10 being junk > is just bad business. I think paying a fair price per downloadable song > is the best way to go. That way you get what you want. Just so long as you can play it whenever and wherever you want......... From porpoise1954 at yahoo.co.uk Fri Nov 11 01:36:16 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Nov 10 20:40:46 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> Message-ID: <dl0sju$2at$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970A7DA0520D9tinlc@216.154.195.61... > Steven Maesslein <nobody@nowhere.invalid> wrote in > news:slrndn69cv.4a0.nobody@127.0.0.1: > > >> >> Actually, the DVD - being a passive object - can't check for anything. >> My guess is that these DVDs set a further "this disc can't be played in >> a region-free player" attribute in a VMGM pre-command on players that >> support it in their virtual machine. >> > > I could of sworn there were players that had switchable regions. Yes. You can change regions up to 5 times. On the 5th change, it is then locked in to that region. From sorcerer2 at hotmail.com Thu Nov 10 20:48:09 2005 From: sorcerer2 at hotmail.com (Sir Sorcerer) Date: Thu Nov 10 20:50:03 2005 Subject: [SpamCop-List] Rumor: Spamcop spamvertised websites future Message-ID: <BF996289.3FC%sorcerer2@hotmail.com> Folks, Rumor has it, that in time, the Spamcop spamvertised websites will only list domain names, NOT the full domain + URI. If this is true, could Spamcop representatives contact spamcop at oitc.com so we can discuss workarounds. Thanks, Tom From nobody at devnull.spamcop.net Fri Nov 11 11:46:32 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Nov 10 21:50:08 2005 Subject: [SpamCop-List] Feature request - IP address Message-ID: <dl10m8$4ls$1@news.spamcop.net> I know there is not much hope that any feature requests will be met these days; I do not even know if any development is taking place at spamcop.net I'll try it anyway. Here is an example of what I am going to talk about http://www.spamcop.net/sc?id=z824747132z508622cde503b4f377e3a30f05a0269ez The spam website is http://lavieen-r.cx/j/ and the report for it is going to kitamura@hitmail.cc I am very suspicious of this reporting address, and I would like to do some investigation on my own. It would be VERY convenient if SpamCop would give me the IP address here, instead of only the URL. Without the IP address I have to open an extra tool, such as Sam Spade, to find the IP address. Could SpamCop - please - print the IP address of spamvertized web sites on the confirmation page? I am actually pretty sure that in the olden days that was the case; why was it removed? From Kilgallen at SpamCop.net Thu Nov 10 21:16:47 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Nov 10 22:20:03 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> Message-ID: <0giEaaGhrugj@eisner.encompasserve.org> In article <BF996289.3FC%sorcerer2@hotmail.com>, Sir Sorcerer <sorcerer2@hotmail.com> writes: > Rumor has it, that in time, the Spamcop spamvertised websites will only list > domain names, NOT the full domain + URI. > > If this is true, could Spamcop representatives contact spamcop at oitc.com > so we can discuss workarounds. So if that rumor were true, you are unwilling to discuss in public why such obfuscation in reports would be a bad idea ? That gives the impression of spammer support. From jeffg at spamcop.net Thu Nov 10 23:00:04 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Nov 10 23:05:08 2005 Subject: [SpamCop-List] Re: Feature request - IP address References: <dl10m8$4ls$1@news.spamcop.net> Message-ID: <dl1515$6ph$1@news.spamcop.net> "Patto" <nobody@devnull.spamcop.net> wrote in message news:dl10m8$4ls$1@news.spamcop.net... > It would be VERY convenient if SpamCop > would give me the IP address here, instead of only the URL. Have you tried showing technical details? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From gezgin at spamcop.net Fri Nov 11 06:50:39 2005 From: gezgin at spamcop.net (Gezgin) Date: Thu Nov 10 23:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0ajf$khq$1@news.spamcop.net> Message-ID: <dl17v0$8ag$1@news.spamcop.net> "Borgholio" <borgholio@storymind.com> wrote >> I could of sworn there were players that had switchable >> regions. > My DVD drive on my computer does. However, you can only > switch it 5 times before it permanently freezes it at > whatever region you selected. :-/ I think they all do that. My solution is to have two drives. I keep the burner in region two ('cause that's where I am) and the other in region 1 ('cause I buy a lot of DVDs from Amazon in the US). -- Bob Kanyak's Doghouse http://www.kanyak.com From Ilgaz at spamcop.net Fri Nov 11 08:35:11 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Nov 11 01:40:03 2005 Subject: [SpamCop-List] Re: ReportPhish.org ? References: <dks60m$8f1$1@news.spamcop.net> Message-ID: <dl1e2v$b48$1@news.spamcop.net> On 2005-11-09 08:46:53 +0200, "Mike Easter" <MikeE@ster.invalid> said: > Patto wrote: > >> An update: the report email address at ReportPhish.org now bounces. > > Marjolein's [remember Marjolein?] pick > http://banspam.javawoman.com/index.html was antiphishing > http://www.antiphishing.org/ > > Look it over and see what you think. They have a database at the site, > an email reporting addy reportphishing@antiphishing.org and quite a bit > of resources. > > I've never heard of reportphish. I've heard of antiphishing. I liked the antiphishing.org evil, huge corparate logos as supporters :) You know, hit the evil with more evil. I get a lot of phishing mail and keep reporting them. Maybe they will do something? Also as I see Ebay insists rejecting spamcop reports and I don't think Cyvelliance reporting to them, I plan to revoke my paypal account. It gives me a "not caring" image you know. Ilgaz From borgholio at storymind.com Thu Nov 10 22:36:34 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Nov 11 01:40:14 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit In-Reply-To: <dl17v0$8ag$1@news.spamcop.net> References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0ajf$khq$1@news.spamcop.net> <dl17v0$8ag$1@news.spamcop.net> Message-ID: <dl1e5n$b60$1@news.spamcop.net> Gezgin wrote: > "Borgholio" <borgholio@storymind.com> wrote > >>> I could of sworn there were players that had switchable regions. >> >> My DVD drive on my computer does. However, you can only switch it 5 >> times before it permanently freezes it at whatever region you >> selected. :-/ > > > I think they all do that. My solution is to have two drives. I keep the > burner in region two ('cause that's where I am) and the other in region > 1 ('cause I buy a lot of DVDs from Amazon in the US). > It bugs the hell out of me, honestly. While I never need to actually switch regions, the fact that they think they can only let me do it a set number of times is insulting. From Ilgaz at spamcop.net Fri Nov 11 08:40:13 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Nov 11 01:45:03 2005 Subject: [SpamCop-List] Re: "You are very good, thank you!" References: <436F6A3F.462FCB83@spamcop.net> Message-ID: <dl1ecd$b48$2@news.spamcop.net> On 2005-11-07 16:52:47 +0200, Kenneth Brody <kenbrody@spamcop.net> said: > "Ron B." wrote: >> >> Aviatrix wrote: >>> >>> >>> Ron B. wrote: >>> >>>> Any URL's to click? >>> >>> >>> Nope. Nothing at all. Just a plain text message. >>> >>> A. >> >> Bizzare! > > Without complete source, including full headers, we can only guess. It > could be an attempt to verify addresses via return-receipt. I have seen couple of real weird messages to my yahoo mail with subjects like (20) (19) etc. Weirdness? Truely empty messages. No body. 90% chance some spammer testing their new software , if server bounces them IMHO. Ilgaz From nobody at spamcop.net Fri Nov 11 11:18:05 2005 From: nobody at spamcop.net (nospam) Date: Fri Nov 11 02:20:04 2005 Subject: [SpamCop-List] Re: Wow...that was FAST! References: <dkg6fr$1md$1@news.spamcop.net> <Xns97051D6D81B53tinlc@216.154.195.61> <dki90m$rb7$2@news.spamcop.net> <Xns97093B76B9D21tinlc@216.154.195.61> Message-ID: <BF9A2E6D.16426%nobody@spamcop.net> in article Xns97093B76B9D21tinlc@216.154.195.61, Redstone at redford_stone@INVERSE_OF_COLDmail.com wrote on 11/9/05 5:50 PM: > Borgholio <borgholio@storymind.com> wrote in news:dki90m$rb7$2 > @news.spamcop.net: > >> >> >> Yeah but the fact that it's a Russian sysadmin is what amazes me. :) > > > Good point. It is already impossible trying to get their attention > regarding zombies on their networks. > >From conversations with several correspondents in Russia, few private (basically home users) copies of Win/(anything) are sourced from M$, generally they are pirated and "improved" by the vendors. Improvement here in most cases means it runs generally faster on slower hardware. Now, that could mean users are running a Win95 with some XP graphics for all I know. Anyway, It does amaze me how little zombie spam comes from Russia compared to SpamCast and other USA broadband networks, since (As I understand it) most home PC OS's are compromised out of the box so to speak. I have the feeling that the Bot writers and herders and OS piraters are basically the same bunch, and perhaps they try to avoid shitting in their own front yard. From nobody at devnull.spamcop.net Fri Nov 11 16:31:43 2005 From: nobody at devnull.spamcop.net (Patto) Date: Fri Nov 11 02:35:03 2005 Subject: [SpamCop-List] Re: Feature request - IP address In-Reply-To: <dl1515$6ph$1@news.spamcop.net> References: <dl10m8$4ls$1@news.spamcop.net> <dl1515$6ph$1@news.spamcop.net> Message-ID: <dl1hcv$d12$1@news.spamcop.net> Jeff G. wrote: > "Patto" <nobody@devnull.spamcop.net> wrote in message > news:dl10m8$4ls$1@news.spamcop.net... >> It would be VERY convenient if SpamCop >> would give me the IP address here, instead of only the URL. > > Have you tried showing technical details? Wow - in the many years I have been using spamcop I have never noticed this checkbox. It lists a little more than what I need, but it serves my purpose. Thanks! From nobody at spamcop.net Fri Nov 11 11:41:08 2005 From: nobody at spamcop.net (nospam) Date: Fri Nov 11 02:45:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On Hacker Rootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> Message-ID: <BF9A33D4.16427%nobody@spamcop.net> in article Xns970A7D1D5F8BEtinlc@216.154.195.61, Redstone at redford_stone@INVERSE_OF_COLDmail.com wrote on 11/11/05 12:17 AM: > "Berny" <bar_n0ne@hotmail.com> wrote in > news:dkv5pr$pq$1@news.spamcop.net: > > >> >> It's because of crap like that region code (burns me, because I move >> between the americas, europe and asia a lot) that I fully support >> piracy these days >> >> > > There are multiregion players out there. (Or you could just get a cheap > player and do some reverse engineering to disable the region > restriction.) However, I can't support piracy.. particularly with the > bombardment of "cheep s0ftwar3" spams I receive daily. :-p OK, I should explain. I don't support commercial piracy, ie piracy and sale for profit. Sharing on the other hand... > Which is why they need to change their business model. Again, selling > CDs for $18 for just 1 good musical number and their other 10 being junk > is just bad business. I think paying a fair price per downloadable song > is the best way to go. That way you get what you want. Maybe for you, but some albums are just good all over. It's also a pisser to see legal tapes sold for a fraction of the cost of a CD or DVD, when the production and manufacturing costs are an order of magnitude higher. I personally don't lke downloading music, I generally like and prefer to buy an album, except in those cases where I am forced to buy 14 crap works for one good one. Also, realistically the vast majority of consumers worldwide do not have access to PC's and Broadband. The Business model now is to try to get revenue wherever possible without regard to long standing business practices. (you bought something, it's yours) It's still a profitable business, but perhaps not if the stars and producers need to make sooo much money. And how Metallica and plenty of others sell anything has always been a mystery to me. I wouldn't bring it home even if it was free. Hasn't anyone noticed that the ones who seem the most worried by "piracy" and sharing, are not the artists whose livelyhoods are precarious? From redford_stone at INVERSE_OF_COLDmail.com Fri Nov 11 08:26:30 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Nov 11 03:30:29 2005 Subject: [SpamCop-List] Re: [MEDIA] Hackers use Sony BMG to hide on PCs References: <Xns970A86ECD8110tinlc@216.154.195.61> <dl0n93$u76$1@news.spamcop.net> Message-ID: <Xns970B483AA154tinlc@216.154.195.61> "Geoffrey Hyde" <g.hyde@bigpond.net.au> wrote in news:dl0n93$u76$1 @news.spamcop.net: > > Does anyone know if it can self-install without the presence of the Sony > rootkit? Or does it have to have the rootkit present? > > You mean the viruses? I would think it would install regardless. If it was there, it would take advantage of the rootkit, otherwise it will do it like other viruses. From redford_stone at INVERSE_OF_COLDmail.com Fri Nov 11 08:30:16 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Nov 11 03:35:05 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> <dl0shv$2af$1@news.spamcop.net> Message-ID: <Xns970B52711D08tinlc@216.154.195.61> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in news:dl0shv$2af$1@news.spamcop.net: > > I don't support piracy either, but region encoding has nothing to do > with preventing piracy. > True, it doesn't.. Pirates would make copies regardless of region. > > Just so long as you can play it whenever and wherever you > want......... > Portability is/was the selling point for CDs to begin with. Kill off that feature and we might as well go back to LPs. From redford_stone at INVERSE_OF_COLDmail.com Fri Nov 11 08:38:22 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Nov 11 03:40:04 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> <BF9A33D4.16427%nobody@spamcop.net> Message-ID: <Xns970B68736B68tinlc@216.154.195.61> nospam <nobody@spamcop.net> wrote in news:BF9A33D4.16427%nobody@spamcop.net: > > Maybe for you, but some albums are just good all over. It's also a > pisser to see legal tapes sold for a fraction of the cost of a CD or > DVD, when the production and manufacturing costs are an order of > magnitude higher. > Gee, are those old tapes still being produced? I don't see electronic stores selling much in terms of tape players nowadays. :-) > I personally don't lke downloading music, I generally like and prefer > to buy an album, except in those cases where I am forced to buy 14 > crap works for one good one. Also, realistically the vast majority of > consumers worldwide do not have access to PC's and Broadband. > There used to music stores that had a service where you could choose specific music and they would burn in custom CDs at the cashier. > The Business model now is to try to get revenue wherever possible > without regard to long standing business practices. (you bought > something, it's yours) It's still a profitable business, but perhaps > not if the stars and producers need to make sooo much money. And how > Metallica and plenty of others sell anything has always been a mystery > to me. I wouldn't bring it home even if it was free. > It all goes up their noses anyways. Worried that they won't be able to toke a hit in their limos with rolled up $100 bills. :-p > > Hasn't anyone noticed that the ones who seem the most worried by > "piracy" and sharing, are not the artists whose livelyhoods are > precarious? > > See above. :-) From redford_stone at INVERSE_OF_COLDmail.com Fri Nov 11 08:39:36 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Nov 11 03:40:18 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0sju$2at$1@news.spamcop.net> Message-ID: <Xns970B6BCA7433tinlc@216.154.195.61> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in news:dl0sju$2at$1 @news.spamcop.net: > > Yes. You can change regions up to 5 times. On the 5th change, it is then > locked in to that region. > > Locked permanently, or can it be modified upon reboot? From porpoise1954 at yahoo.co.uk Fri Nov 11 09:22:44 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Nov 11 04:25:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> <dl0shv$2af$1@news.spamcop.net> <Xns970B52711D08tinlc@216.154.195.61> Message-ID: <dl1nut$kme$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970B52711D08tinlc@216.154.195.61... > "Porpoise" <porpoise1954@yahoo.co.uk> wrote in > news:dl0shv$2af$1@news.spamcop.net: > >> Just so long as you can play it whenever and wherever you >> want......... >> > > Portability is/was the selling point for CDs to begin with. Kill off > that feature and we might as well go back to LPs. And cassette tapes for the car.......... From nobody at nowhere.invalid Fri Nov 11 10:50:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Nov 11 04:56:05 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0sju$2at$1@news.spamcop.net> <Xns970B6BCA7433tinlc@216.154.195.61> Message-ID: <slrndn8qag.hkc.nobody@127.0.0.1> On Fri, 11 Nov 2005 08:39:36 +0000 (UTC), Redstone coughed into spamcop and left this in <Xns970B6BCA7433tinlc@216.154.195.61>: >> Yes. You can change regions up to 5 times. On the 5th change, it is then >> locked in to that region. > > Locked permanently, or can it be modified upon reboot? Locked permanently unless it's sent to the manufacturer who has the gizmo to reset the counter in an NVRAM somewhere. -- Steve guru, n: A computer owner who can read the manual. From Nobody at Spamcop.net.dev.null Fri Nov 11 04:35:26 2005 From: Nobody at Spamcop.net.dev.null (Michael Brennan) Date: Fri Nov 11 05:40:23 2005 Subject: [SpamCop-List] Odd Source Line Message-ID: <437473EE.1475A8D3@Spamcop.net.dev.null> In a lot of "mortgage" phishes that use Base 64, I've noticed a certain line being used in the source that reads, <td height="8">Xmong. Npos alter. almonsted nocks </td> Example: http://www.spamcop.net/sc?id=z825523999z304c0beebeb0f40087ef1cc29e3058aaz Does anyone know what this is? I've seen it numerous times when looking for IMG SRC lines in spams having .GIF files. TIA, Michael From porpoise1954 at yahoo.co.uk Fri Nov 11 12:03:36 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Nov 11 07:05:04 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0sju$2at$1@news.spamcop.net> <Xns970B6BCA7433tinlc@216.154.195.61> Message-ID: <dl21ck$pdk$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970B6BCA7433tinlc@216.154.195.61... > "Porpoise" <porpoise1954@yahoo.co.uk> wrote in news:dl0sju$2at$1 > @news.spamcop.net: > > >> >> Yes. You can change regions up to 5 times. On the 5th change, it is then >> locked in to that region. >> >> > > > Locked permanently, or can it be modified upon reboot? > Locked permanently (or until you get an unlock code from the manufacturer - after you've explained how you came to change region so many times). From porpoise1954 at yahoo.co.uk Fri Nov 11 12:04:25 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Nov 11 07:10:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <slrndn66mk.3o5.nobody@127.0.0.1> <dkv728$1np$1@news.spamcop.net> <slrndn69cv.4a0.nobody@127.0.0.1> <Xns970A7DA0520D9tinlc@216.154.195.61> <dl0sju$2at$1@news.spamcop.net> <Xns970B6BCA7433tinlc@216.154.195.61> <slrndn8qag.hkc.nobody@127.0.0.1> Message-ID: <dl21e5$pgm$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndn8qag.hkc.nobody@127.0.0.1... > On Fri, 11 Nov 2005 08:39:36 +0000 (UTC), Redstone coughed into spamcop > > guru, n: > A computer owner who can read the manual. No, no. A guru is someone who doesn't need the manual........ ;-) From kenbrody at spamcop.net Fri Nov 11 10:18:23 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Nov 11 10:35:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Hackers use Sony BMG to hide on PCs References: <Xns970A86ECD8110tinlc@216.154.195.61> <dl0n93$u76$1@news.spamcop.net> <Xns970B483AA154tinlc@216.154.195.61> Message-ID: <4374B63F.E262FBF6@spamcop.net> Redstone wrote: > > "Geoffrey Hyde" <g.hyde@bigpond.net.au> wrote in news:dl0n93$u76$1 > @news.spamcop.net: > > > > > Does anyone know if it can self-install without the presence of the Sony > > rootkit? Or does it have to have the rootkit present? > > > > > > You mean the viruses? I would think it would install regardless. If it was > there, it would take advantage of the rootkit, otherwise it will do it like > other viruses. s/it will do it like other viruses/it will install the rootkit/ -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: <mailto:ThisIsASpamTrap@gmail.com> From MikeE at ster.invalid Fri Nov 11 07:58:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 11 11:00:03 2005 Subject: [SpamCop-List] Re: Odd Source Line References: <437473EE.1475A8D3@Spamcop.net.dev.null> Message-ID: <dl2f30$13k$1@news.spamcop.net> Michael Brennan wrote: > In a lot of "mortgage" phishes that use Base 64, I've noticed a > certain line being used in the source that reads, > > <td height="8">Xmong. Npos alter. almonsted nocks </td> > > Example: > www.spamcop.net/sc?id=z825523999z304c0beebeb0f40087ef1cc29e3058aaz > > Does anyone know what this is? I've seen it numerous times when > looking for IMG SRC lines in spams having .GIF files. Your selected squeamish ossifrage message isn't just a line in the html body. In the item you posted, it is the entire plaintext multipart. Content-Type: text/plain; Charset = "us-ascii" Content-Transfer-Encoding: 7bit Xmong. Npos alter. almonsted nocks The ROT13 is Kzbat. Acbf nygre. nyzbafgrq abpxf That's real important. There are a ton of them in sightings, and someone also picked it to use as a part of their spam 'poetry' called 'Spam Hauntings' http://snipurl.com/js39 -- Mike Easter kibitzer, not SC admin From nicholasjhiggins at btinternet.com Fri Nov 11 16:36:26 2005 From: nicholasjhiggins at btinternet.com (Nicholas Higgins) Date: Fri Nov 11 11:35:04 2005 Subject: [SpamCop-List] Re: Spoofed email address References: <dkqran$em8$1@news.spamcop.net> <dkrhum$tmv$1@news.spamcop.net> Message-ID: <dl2h2p$27g$1@news.spamcop.net> Thanks for everyone's help! Heidi Sinclair "Miss Betsy" <nobody@devnull.spamcop.net> wrote in message news:dkrhum$tmv$1@news.spamcop.net... > "Nicholas Higgins" <nicholasjhiggins@btinternet.com> wrote in > message news:dkqran$em8$1@news.spamcop.net... > > Hi > > > > I might sound really 'thick' but I have no idea how the spam > reporting works > > so please excuse my ignorance! > > Don't worry about sounding thick - just don't feel insulted if > others agree with you. These people will help you to understand. > > spam reporting has to do with IP addresses, not email addresses. > Spammers use forged email addresses in the 'from' and the return > path all the time. Nobody pays any attention to the from or return > path who deals with spam on a professional basis. > > It happens all the time. Usually, it quits after a couple of days > when the spammer starts using some other forgery. > > Miss Betsy > An almost new internet user > > From nobody at devnull.spamcop.net Fri Nov 11 13:09:34 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Nov 11 13:10:21 2005 Subject: [SpamCop-List] Re: Odd Source Line References: <437473EE.1475A8D3@Spamcop.net.dev.null> <dl2f30$13k$1@news.spamcop.net> Message-ID: <dl2moq$567$1@news.spamcop.net> "Mike Easter" <MikeE@ster.invalid> wrote in message news:dl2f30$13k$1@news.spamcop.net... : Michael Brennan wrote: : > In a lot of "mortgage" phishes that use Base 64, I've noticed a : > certain line being used in the source that reads, : > : > <td height="8">Xmong. Npos alter. almonsted nocks </td> ... : Your selected squeamish ossifrage message isn't just a line in the html : body. In the item you posted, it is the entire plaintext multipart. : : Content-Type: text/plain; : Charset = "us-ascii" : Content-Transfer-Encoding: 7bit : : Xmong. Npos alter. almonsted nocks : : The ROT13 is : : Kzbat. Acbf nygre. nyzbafgrq abpxf : : That's real important. HUH? Am I still asleep or something? >g< I -know- you'll elucidate. : : There are a ton of them in sightings, and someone also picked it to use : as a part of their spam 'poetry' called 'Spam Hauntings' : http://snipurl.com/js39 : : : -- : Mike Easter : kibitzer, not SC admin : From nobody at spamcop.net Fri Nov 11 10:11:28 2005 From: nobody at spamcop.net (RandallW) Date: Fri Nov 11 13:15:03 2005 Subject: [SpamCop-List] yay, I won the lottery! Message-ID: <dl2msf$59f$1@news.spamcop.net> After going weeks without winning the lottery, I received two of the spams that informed me that I won a European lottery draw. I think their system to choose the winning e-mail address seems to be broken, since I received the same spam to two different e-mail addresses but they have the same winning ticket number! http://www.spamcop.net/sc?id=z825709809z47df5bf865057c315e829822c0cfed19z From sorcerer2 at hotmail.com Fri Nov 11 15:31:36 2005 From: sorcerer2 at hotmail.com (Sir Sorcerer) Date: Fri Nov 11 15:35:03 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> Message-ID: <BF9A69D8.53C%sorcerer2@hotmail.com> On 11/10/05 10:16 PM, in article 0giEaaGhrugj@eisner.encompasserve.org, "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote: > In article <BF996289.3FC%sorcerer2@hotmail.com>, Sir Sorcerer > <sorcerer2@hotmail.com> writes: > >> Rumor has it, that in time, the Spamcop spamvertised websites will only list >> domain names, NOT the full domain + URI. >> >> If this is true, could Spamcop representatives contact spamcop at oitc.com >> so we can discuss workarounds. > > So if that rumor were true, you are unwilling to discuss in public why > such obfuscation in reports would be a bad idea ? > > That gives the impression of spammer support. Not unwilling and I have no idea why not obfuscating a spamvertized URL supports spammers - you got me confused there. 1) I see no reason for such obfuscation 2) we use them internally in an internal antispam system. Tom From porpoise1954 at yahoo.co.uk Fri Nov 11 20:40:30 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Nov 11 15:45:03 2005 Subject: [SpamCop-List] Re: yay, I won the lottery! References: <dl2msf$59f$1@news.spamcop.net> Message-ID: <dl2vm6$9nn$1@news.spamcop.net> "RandallW" <nobody@spamcop.net> wrote in message news:dl2msf$59f$1@news.spamcop.net... > After going weeks without winning the lottery, I received two of the spams > that informed me that I won a European lottery draw. I think their system > to choose the winning e-mail address seems to be broken, since I received > the same spam to two different e-mail addresses but they have the same > winning ticket number! > > http://www.spamcop.net/sc?id=z825709809z47df5bf865057c315e829822c0cfed19z Perhaps that means you've won twice....... ;-)) From MikeE at ster.invalid Fri Nov 11 12:51:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Nov 11 15:55:03 2005 Subject: [SpamCop-List] Re: Odd Source Line References: <437473EE.1475A8D3@Spamcop.net.dev.null> <dl2f30$13k$1@news.spamcop.net> <dl2moq$567$1@news.spamcop.net> Message-ID: <dl307h$a5g$1@news.spamcop.net> Pop wrote: > "Mike Easter" >> The ROT13 is >> >> Kzbat. Acbf nygre. nyzbafgrq abpxf >> >> That's real important. > > HUH? Am I still asleep or something? >g< I -know- you'll > elucidate. I was being facetious, sarcastic, ironic. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Fri Nov 11 21:12:04 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Nov 11 16:15:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Hackers use Sony BMG to hide on PCs References: <Xns970A86ECD8110tinlc@216.154.195.61> Message-ID: <TECQXhvKj0FX-pn2-M8RBbqlF1CuM@dsl-206-55-144-107.tstonramp.com> On Thu, 10 Nov 2005 21:15:42 UTC, Redstone <redford_stone@INVERSE_OF_COLDmail.com> wrote: > "AMSTERDAM (Reuters) - A computer security firm said on Thursday it had > discovered the first virus that uses music publisher Sony BMG's > controversial CD copy-protection software to hide on PCs and wreak > havoc." > > Certainly came out in record time. Sony/BMG along with scumware maker > First4Internet can safely be placed in the same category we place > spammers, spyware companies, and the other dregs in. > > Keep it up Sony, this couldn't have happened at a better moment where > you're beginning to lose market share to your competitors. Here is the latest from Sony. It seems they have heard the message, at least for now, but I expect them to try something else along the same lines later. We are aware that a computer virus is circulating that may affect computers with XCP content protection software. The XCP software is included on a limited number of SONY BMG content protected titles. This potential problem has no effect on the use of these discs in conventional, non-computer-based, CD and DVD players. In response to these events, SONY BMG has swiftly provided a patch to all major anti-virus companies and to the general public that guards against precisely the type of virus now said to exist. The patch fixes the possible software problem, and still allows CDs to be played on personal computers. It can be downloaded at http://cp.sonybmg.com/xcp/. Starting today, we will also be adding this link to the SONY BMG label and corporate sites. We deeply regret any possible inconvenience this may cause. We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use. More information about our content protection initiative can also be found at: http://cp.sonybmg.com/xcp. -- Robert Blair From Kilgallen at SpamCop.net Fri Nov 11 17:08:50 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Nov 11 18:10:03 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> <BF9A69D8.53C%sorcerer2@hotmail.com> Message-ID: <hizkSixtxDZ1@eisner.encompasserve.org> In article <BF9A69D8.53C%sorcerer2@hotmail.com>, Sir Sorcerer <sorcerer2@hotmail.com> writes: > On 11/10/05 10:16 PM, in article 0giEaaGhrugj@eisner.encompasserve.org, > "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote: > >> In article <BF996289.3FC%sorcerer2@hotmail.com>, Sir Sorcerer >> <sorcerer2@hotmail.com> writes: >> >>> Rumor has it, that in time, the Spamcop spamvertised websites will only list >>> domain names, NOT the full domain + URI. >>> >>> If this is true, could Spamcop representatives contact spamcop at oitc.com >>> so we can discuss workarounds. >> >> So if that rumor were true, you are unwilling to discuss in public why >> such obfuscation in reports would be a bad idea ? >> >> That gives the impression of spammer support. > > Not unwilling and I have no idea why not obfuscating a spamvertized URL > supports spammers - you got me confused there. A spammer can send slightly different URLs to different victims, and "listwash" based on complaints so spam no longer gets sent to those squeeky wheels who know how to report spam. > 1) I see no reason for such > obfuscation 2) we use them internally in an internal antispam system. Perhaps you are going to tell us that you are not the spammer, it is a customer of yours, but obviously I have no way of knowing anything about your operation -- just as you have no way of knowing about mine. From sorcerer2 at hotmail.com Fri Nov 11 20:01:17 2005 From: sorcerer2 at hotmail.com (Sir Sorcerer) Date: Fri Nov 11 20:05:03 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> <BF9A69D8.53C%sorcerer2@hotmail.com> <hizkSixtxDZ1@eisner.encompasserve.org> Message-ID: <BF9AA90D.66D%sorcerer2@hotmail.com> On 11/11/05 6:08 PM, in article hizkSixtxDZ1@eisner.encompasserve.org, "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote: > In article <BF9A69D8.53C%sorcerer2@hotmail.com>, Sir Sorcerer > <sorcerer2@hotmail.com> writes: >> On 11/10/05 10:16 PM, in article 0giEaaGhrugj@eisner.encompasserve.org, >> "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote: >> >>> In article <BF996289.3FC%sorcerer2@hotmail.com>, Sir Sorcerer >>> <sorcerer2@hotmail.com> writes: >>> >>>> Rumor has it, that in time, the Spamcop spamvertised websites will only >>>> list >>>> domain names, NOT the full domain + URI. >>>> >>>> If this is true, could Spamcop representatives contact spamcop at oitc.com >>>> so we can discuss workarounds. >>> >>> So if that rumor were true, you are unwilling to discuss in public why >>> such obfuscation in reports would be a bad idea ? >>> >>> That gives the impression of spammer support. >> >> Not unwilling and I have no idea why not obfuscating a spamvertized URL >> supports spammers - you got me confused there. > > A spammer can send slightly different URLs to different victims, > and "listwash" based on complaints so spam no longer gets sent > to those squeeky wheels who know how to report spam. > That?s funny as spammers don't seem to be that proactive and could care less. They mod the urls sometimes but they do it with %randon% commands. Why waste the effort when most of the spamvertized sites are in china who wouldn't shut them down anyway. >> 1) I see no reason for such >> obfuscation 2) we use them internally in an internal antispam system. > > Perhaps you are going to tell us that you are not the spammer, > it is a customer of yours, but obviously I have no way of knowing > anything about your operation -- just as you have no way of knowing > about mine. Guess you think the SURLB guys supporting spamassassin are spammers too as they process data just like we do. We just process it for finer resolution. Tom From borgholio at storymind.com Fri Nov 11 17:05:07 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Nov 11 20:10:02 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish Message-ID: <dl3f40$9bq$1@news.spamcop.net> In a nutshell, I wasn't paying attention and clicked on a link and entered my password. I changed it about 2 minutes later when I realized something was wrong, but I need verification that the "phish" actually worked. It seemed that the phishing link sent along with the email was half-assed. In other words, it doesn't seem like it'd work. Here's the link: http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif As for how I could miss the mail.jangup.com part, beats me. As I said, wasn't paying attention. When clicking on the link, it takes you straight to the Ebay page and NOT to a clever forgery. The mail.jangup part is a webmail address but there are no obvious attempts to login and send mail. I'm going to keep my passwords changed, naturally, but can anybody verify that this link will indeed send away a username / password? From nobody at devnull.spamcop.net Fri Nov 11 22:17:32 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Nov 11 22:20:04 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish References: <dl3f40$9bq$1@news.spamcop.net> Message-ID: <dl3ms2$lub$1@news.spamcop.net> "Borgholio" <borgholio@storymind.com> wrote in message news:dl3f40$9bq$1@news.spamcop.net... > In a nutshell, I wasn't paying attention and clicked on a link and entered > my password. I changed it about 2 minutes later when I realized something > was wrong, but I need verification that the "phish" actually worked. It > seemed that the phishing link sent along with the email was half-assed. In > other words, it doesn't seem like it'd work. Here's the link: > > http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif > > As for how I could miss the mail.jangup.com part, beats me. As I said, > wasn't paying attention. When clicking on the link, it takes you straight > to the Ebay page and NOT to a clever forgery. The mail.jangup part is a > webmail address but there are no obvious attempts to login and send mail. > I'm going to keep my passwords changed, naturally, but can anybody verify > that this link will indeed send away a username / password? You betcha! The source code for the site is worth a study for any as might care to comment on the code... -g From borgholio at storymind.com Fri Nov 11 19:20:56 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Nov 11 22:25:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl3ms2$lub$1@news.spamcop.net> References: <dl3f40$9bq$1@news.spamcop.net> <dl3ms2$lub$1@news.spamcop.net> Message-ID: <dl3n2t$lvl$1@news.spamcop.net> Glenn Daniels wrote: > "Borgholio" <borgholio@storymind.com> wrote in message > news:dl3f40$9bq$1@news.spamcop.net... > >>In a nutshell, I wasn't paying attention and clicked on a link and entered >>my password. I changed it about 2 minutes later when I realized something >>was wrong, but I need verification that the "phish" actually worked. It >>seemed that the phishing link sent along with the email was half-assed. > > In > >>other words, it doesn't seem like it'd work. Here's the link: >> >> > > http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif > >>As for how I could miss the mail.jangup.com part, beats me. As I said, >>wasn't paying attention. When clicking on the link, it takes you straight >>to the Ebay page and NOT to a clever forgery. The mail.jangup part is a >>webmail address but there are no obvious attempts to login and send mail. >>I'm going to keep my passwords changed, naturally, but can anybody verify >>that this link will indeed send away a username / password? > > > You betcha! The source code for the site is worth a study > for any as might care to comment on the code... > > -g > > As I said, I already changed my password. The curious thing is that clicking on the link takes you to the ACTUAL Ebay site. hmm... From jeffg at spamcop.net Fri Nov 11 22:26:39 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Nov 11 22:35:04 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish References: <dl3f40$9bq$1@news.spamcop.net> Message-ID: <dl3npe$mff$1@news.spamcop.net> "Borgholio" <borgholio@storymind.com> wrote in message news:dl3f40$9bq$1@news.spamcop.net... > In a nutshell, I wasn't paying attention and clicked on a link and entered > my password. I changed it about 2 minutes later when I realized something > was wrong, but I need verification that the "phish" actually worked. It > seemed that the phishing link sent along with the email was half-assed. In > other words, it doesn't seem like it'd work. Here's the link: > > http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif > > As for how I could miss the mail.jangup.com part, beats me. As I said, > wasn't paying attention. When clicking on the link, it takes you straight > to the Ebay page and NOT to a clever forgery. The mail.jangup part is a > webmail address but there are no obvious attempts to login and send mail. > I'm going to keep my passwords changed, naturally, but can anybody verify > that this link will indeed send away a username / password? It only LOOKS like eBay's site. The script all the way at the end ("https://srv.main.ebayrtm.com/rtm?RtmGetCapJs&p=18") will probably scarf your userid and password. Please see a dump of the page source below my sig. Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. 11/11/05 22:09:58 Browsing http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif Fetching http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif ... GET /https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPIComma nd=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bs howgif HTTP/1.1 Host: mail.jangup.com Connection: close User-Agent: Sam Spade 1.14 HTTP/1.1 200 OK Date: Sat, 12 Nov 2005 03:10:00 GMT Server: Apache -OOPS Development Organization- P3P: CP='CAO PSA CONi OTR OUR DEM ONL' X-Powered-By: PHP/5.0.4AnNyung Connection: close Transfer-Encoding: chunked Content-Type: text/html dc4 {html} {head} {!--eBay V3- msxml 4.0 XXXXXXXXXXXXXXXXXXXXXXXXXX--} {meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"}{!--srcId: SignIn--} {title}Sign In{/title}{script language="JavaScript"}{!-- var pageName = "PageSignIn"; //--}{/script}{script language="JavaScript"}{!-- var sThisURL = window.location.href; function doFramesBuster() { if ( top.location != self.location ) { top.location.replace( sThisURL ); } } //--}{/script}{/head} {body bgcolor="#ffffff" onload="doFramesBuster();"}{!--Header code starts--}{!--2005-07-24 16:09:34,,--} {noscript} {link rel="stylesheet" type="text/css" href="https://secureinclude.ebaystatic.com/aw/pics/css/ebay.css"} {/noscript}{script type="text/javascript" language="JavaScript1.1"}includeHost = 'https://secureinclude.ebaystatic.com/';{/script}{script src="https://secureinclude.ebaystatic.com/js/e419/us/ebaybase_e4191us.js "} {/script}{script src="https://secureinclude.ebaystatic.com/js/e419/us/ebaysup_e4191us.js" } {/script}{script type="text/javascript" language="JavaScript1.1"} ebay.oDocument._getControl("headerCommon")._exec("writeStyleSheet"); {/script}{script type="text/javascript" language="JavaScript1.1"} ebay.oDocument._getControlEx("cobrandCollection")._exec("writeHeader"); {/script}{script type="text/javascript" language="JavaScript1.1"}ebay.oDocument._getControlEx("cobrandCollection ")._exec("writeBrow");{/script}{a href="http://www.ebay.com/"}{img src="https://securepics.ebaystatic.com/aw/pics/register/HeaderRegister_3 87x40.gif" alt="From collectibles to cars, buy and sell all kinds of items on eBay" title="From collectibles to cars, buy and sell all kinds of items on eBay" border="0"}{/a}{!--Header code ends--}{script src="https://secureinclude.ebaystatic.com/js/e419/us/signinbody_e4191us. js"}{/script}{script language="JavaScript"}{!-- ebay.oDocument.oPage.createConfig = function() { var cfg = ebay.oDocument.addConfig(new EbayConfig("signInConfig")); cfg.isUsernamePrepopulated = false; } ebay.oDocument.oPage.createConfig(); //--}{/script}{table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td colspan="2"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="600" height="10" alt=" " title=""}{/td} {/tr} {tr} {td colspan="2" bgcolor="#9999cc"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="2" alt=" " title=""}{/td} {/tr} {tr bgcolor="#d6dcfe"} {td width="25"}{img src="https://securepics.ebaystatic.com/aw/pics/sitewide/leftLine_16x3.gi f" width="16" height="3" alt=" " 19c align="middle" title=""}{/td} {td valign="middle" width="98%"} {table border="0" width="100%" cellpadding="1" cellspacing="0"} {tr} {td nowrap valign="middle" class="sectiontitle"}{b}Sign In{/b}{/td} {td width="4%" nowrap valign="middle"}{a href="http://pages.ebay.com/help/new/contextual/signin.html" onclick="return openContextualHelpWindow( this.href );" target="helpwin"}Help{/a}{img src="https://securepics f98 .ebaystatic.com/aw/pics/spacer.gif" width="2" height="1" alt=" " title=""}{/td} {/tr} {/table} {/td} {/tr} {tr} {td colspan="2" bgcolor="#9999cc"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="2" alt=" " title=""}{/td} {/tr} {/table} {table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr bgcolor="#eeeef8"} {td width="15" height="23"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="15" height="1" alt=" " title=""}{/td} {td width="180" height="23" nowrap}{b}New to eBay?{/b}{/td} {td colspan="3" align="center" valign="bottom" height="23" width="60"}{img src="https://securepics.ebaystatic.com/aw/pics/register/or_60x23.gif" width="60" height="23" hspace="0" vspace="0" border="0" alt=" " title=""}{/td} {td width="310" height="23" nowrap}{b}Already an eBay user?{/b}{/td} {/tr} {tr} {td width="15"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="15" height="1" alt=" " title=""}{/td} {td valign="top" width="180"} {form method="post" name="RegisterEnterInfo" action="https://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo&amp;sit eid=0&amp;co_partnerid=2&amp;UsingSSL=1"}{input type="hidden" name="MfcISAPICommand" value="RegisterEnterInfo"}{input type="hidden" name="co_partnerId" value="2"}{input type="hidden" name="siteid" value="0"}{input type="hidden" name="ru" value=""}{input type="hidden" name="bin" value="-1"}{table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td valign="top"}If you want to sign in, you'll need to register first.{p}Registration is fast and {b}free{/b}.{/p}{input type="submit" value="Register }"}{/td} {/tr} {/table} {/form} {/td} {td width="30"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="30" height="1" border="0" alt=" " title=""}{/td} {td valign="top" align="center" bgcolor="#cccccc" width="1"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="1" border="0" alt=" " title=""}{/td} {td width="29"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="29" height="1" border="0" alt=" " title=""}{/td} {td} {FORM name=SignInForm action=eBayISAPI.dll_SignIn.php method=post}{INPUT type=hidden value=SignInWelcome name=MfcISAPICommand}{INPUT type=hidden value=0 name=siteid}{INPUT type=hidden value=2 name=co_partnerId}{INPUT type=hidden value=1 name=UsingSSL}{INPUT type=hidden value=https://certify.ebay.com/saw-cgi/eBayISAPI.dll?VerifyAccountInfoSh ow&amp;usage=2 name=ru}{INPUT type=hidden value=pass name=pp}{INPUT type=hidden name=pa1}{INPUT type=hidden name=pa2}{INPUT type=hidden name=pa3}{INPUT type=hidden value=-1 name=i1}{INPUT type=hidden value=1423 name=pageType} {table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td valign="top"} {font color="#ff0000"}{/font}eBay members, sign in to save time for bidding, selling, and other activities. {br}{/td} {/tr} {/table} {table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td valign="top"}{b}eBay User ID{/b}{br}{input type="text" name="userid" maxlength="64" tabindex="1" value="" size="27"}{br}{span class="help"}{a href="http://cgi4.ebay.com/ws/eBayISAPI.dll?UserIdRecognizerShow"}Forgot {/a} your User ID?{/span}{/td} {/tr} {/table} {table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td valign="top"}{b}Password{/b}{br}{input type="password" name="pass" maxlength="64" value="" tabindex="2" size="27"}{br}{s 19f pan class="help"}{a href="http://cgi4.ebay.com/ws/eBayISAPI.dll?ForgotYourPasswordShow"}Forg ot{/a} your password?{/span}{/td} {/tr} {/table} {table border="0" cellpadding="0" cellspacing="0" width="350"} {tr} {td colspan="2"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td width="35%"}{input type="submit" tabindex="3" value="Sign In Secu e84 rely }"}{/td} {/tr} {/table} {table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="10" alt=" " title=""}{/td} {/tr} {tr} {td valign="top"}{input type="checkbox" name="keepMeSignInOption" value="1" tabindex="4"}{/td} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="3" height="1" alt=" " title=""}{/td} {td width="100%" class="help"}{a href="http://pages.ebay.com/help/new/staying_signed_in.html"}Keep me signed in{/a} on this computer unless I sign out. {/td} {/tr} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="3" height="15" alt=" " title=""}{/td} {/tr} {tr} {td colspan="3"} {hr width="100%" size="1" color="#cccccc"} {/td} {/tr} {tr} {td width="2%" align="right" valign="top"}{img src="https://securepics.ebaystatic.com/aw/pics/iconlightbulb_16x16.gif" alt=" " title=""}{/td} {td colspan="2" width="98%" class="help"}{a href="http://pages.ebay.com/help/new/contextual/account_protection.html" onclick="return openContextualHelpWindow( this.href );" target="helpwin"}Account protection tips{/a}{br} {/td} {/tr} {tr} {td}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="3" height="25" alt=" " title=""}{/td} {/tr} {/table} {/form} {/td} {/tr} {tr} {td width="15"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="15" height="1" alt=" " title=""}{/td} {td colspan="5"} {hr color="#cccccc" noshade size="1"} {/td} {/tr} {tr} {td width="15"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="15" height="1" alt=" " title=""}{/td} {td colspan="5"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="1" height="15" alt=" " title=""} Microsoft Passport users {a href="http://pages.ebay.com/messages/passport_alerts.html"} click here{/a}. {/td} {/tr} {/table}{br}{table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#9999cc"} {tr} {td height="2"}{img src="https://securepics.ebaystatic.com/aw/pics/spacer.gif" width="600" height="2" alt=" " title=""}{/td} {/tr} {/table}{br}{br}{table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr} {td class="pipe"}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="1" height="10"}{br}{a href="http://pages.ebay.com/community/aboutebay/?ssPageName=f:f:US"}Abou t eBay{/a} | {a href="http://www2.ebay.com/aw/marketing.shtml?ssPageName=f:f:US"}Announc ements{/a} | {a href="http://pages.ebay.com/securitycenter/?ssPageName=f:f:US"}Security Center{/a} | {a href="http://pages.ebay.com/help/policies/hub.html?ssPageName=f:f:US"}Po licies{/a} | {a href="http://pages.ebay.com/sitemap.html?ssPageName=f:f:US"}Site Map{/a} | {a href="http://pages.ebay.com/help/index.html?ssPageName=f:f:US"}Help{/a}{ /td} {/tr} {tr}{td height="4"}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="1" height="1"}{/td}{/tr} {tr}{td bgcolor="#CCCCCC" height="1"}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="760" height="1"}{/td}{/tr} {tr}{td height="4"}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="1" height="1"}{/td}{/tr} {tr class="help" valign="top"} {td class="navigation"}{a href="http://pages.ebay 192 .com/help/community/png-priv.html"}{img src="https://securepics.ebaystatic.com/aw/pics/truste_button.gif" align="right" border="0" hspace="4" vspace="2" width="116" height="31"}{/a} Copyright ? 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay 3da {a href="http://pages.ebay.com/help/policies/user-agreement.html?ssPageName =f:f:US" target="helpwin" onClick="return openHelpWindow(this.href);"}User Agreement{/a} and {a href="http://pages.ebay.com/help/policies/privacy-policy.html?ssPageName =f:f:US" target="helpwin" onClick="return openHelpWindow(this.href);"}Privacy Policy{/a}.{br}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="1" height="10"}{/td} {/tr} {/table}{script src="https://secureinclude.ebaystatic.com/js/e419/us/ebayfooter_e4191us. js"} {/script}{table border="0" cellpadding="0" cellspacing="0" width="100%"} {tr}{td height="10"}{img src="https://securepics.ebaystatic.com/aw/pics/s.gif" width="760" height="1"}{/td}{/tr} {tr} {td class="navigation" width="100%"}{a href="http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?TimeShow"}eBay official time{/a}{/td} {/tr} {/table}{script src="https://srv.main.ebayrtm.com/rtm?RtmGetCapJs&p=18"}{/script}{/body} {/html} 0 From jg at coks.net Fri Nov 11 20:17:29 2005 From: jg at coks.net (jg) Date: Fri Nov 11 23:20:11 2005 Subject: [SpamCop-List] password issues Message-ID: <dl3q97$nll$1@news.spamcop.net> Bout a week or so (11/2 to be exact) SC was having issues with the system and passwords. I believe it was the 2nd time I noticed warnings in the recent past. I am curently having password issues and cannot pinpoint the source - it could be FireFox 1.07, win2000, or SC. Is SC currently having occasional brainfarts with passwords? Firefox shows everything normal within its password manager but I get a blank sign in box upon going to SC. Just trying to narrow this down, thanks... From borgholio at storymind.com Fri Nov 11 20:43:07 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Nov 11 23:45:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl3npe$mff$1@news.spamcop.net> References: <dl3f40$9bq$1@news.spamcop.net> <dl3npe$mff$1@news.spamcop.net> Message-ID: <dl3rsv$lvl$2@news.spamcop.net> Jeff G. wrote: > > > It only LOOKS like eBay's site. The script all the way at the end > ("https://srv.main.ebayrtm.com/rtm?RtmGetCapJs&p=18") will probably > scarf your userid and password. Please see a dump of the page source > below my sig. > What got me wondering is how it pre-populated my username and password, and I was indeed able to sign in to the legit Ebay site before I suspected something was amiss. From bar_n0ne at hotmail.com Sat Nov 12 09:48:29 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Nov 12 00:50:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish References: <dl3f40$9bq$1@news.spamcop.net> <dl3npe$mff$1@news.spamcop.net> <dl3rsv$lvl$2@news.spamcop.net> Message-ID: <dl3vng$rin$1@news.spamcop.net> "Borgholio" <borgholio@storymind.com> wrote in message news:dl3rsv$lvl$2@news.spamcop.net... > Jeff G. wrote: > > > > > > > It only LOOKS like eBay's site. The script all the way at the end > > ("https://srv.main.ebayrtm.com/rtm?RtmGetCapJs&p=18") will probably > > scarf your userid and password. Please see a dump of the page source > > below my sig. > > > > What got me wondering is how it pre-populated my username and password, and > I was indeed able to sign in to the legit Ebay site before I suspected > something was amiss. You are not handling your internet finances securely at all, It looks like you are allowing either your browser or the site (through cookies) to remember both your ID and Password. That may be OK for MSN messenger and the like, (and plenty would argue against that also), but is NEVER ok for your bank/broker/employer-net/Paypal,.... etc. You now probably have more problems than just this PHISH. Also If you use this password ANYWHERE else, change them all. NOW!! Get out your pen and paper when you do this so you can remember them later, because you're going to make them all different and difficult to guess, right? And never use any financial password on a free internet service. From borgholio at storymind.com Fri Nov 11 22:02:12 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 01:05:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl3vng$rin$1@news.spamcop.net> References: <dl3f40$9bq$1@news.spamcop.net> <dl3npe$mff$1@news.spamcop.net> <dl3rsv$lvl$2@news.spamcop.net> <dl3vng$rin$1@news.spamcop.net> Message-ID: <dl40h8$lvl$3@news.spamcop.net> Berny wrote: > > You are not handling your internet finances securely at all, It looks like > you are allowing either your browser or the site (through cookies) to > remember both your ID and Password. It's the site (Ebay). >That may be OK for MSN messenger and the > like, (and plenty would argue against that also), but is NEVER ok for your > bank/broker/employer-net/Paypal,.... etc. > > You now probably have more problems than just this PHISH. > > Also If you use this password ANYWHERE else, change them all. NOW!! Get out > your pen and paper when you do this so you can remember them later, because > you're going to make them all different and difficult to guess, right? Probably about time to change them all anyways. From SC.10.myspamgobbler at spamcowboy.net Fri Nov 11 22:05:08 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Sat Nov 12 01:10:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl3f40$9bq$1@news.spamcop.net> References: <dl3f40$9bq$1@news.spamcop.net> Message-ID: <dl40r1$sel$1@news.spamcop.net> Borgholio wrote: > In a nutshell, I wasn't paying attention and clicked on a link and > entered my password. I changed it about 2 minutes later when I realized > something was wrong, but I need verification that the "phish" actually > worked. It seemed that the phishing link sent along with the email was > half-assed. In other words, it doesn't seem like it'd work. Here's the > link: > > http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif > > > As for how I could miss the mail.jangup.com part, beats me. As I said, > wasn't paying attention. When clicking on the link, it takes you > straight to the Ebay page and NOT to a clever forgery. The mail.jangup > part is a webmail address but there are no obvious attempts to login and > send mail. I'm going to keep my passwords changed, naturally, but can > anybody verify that this link will indeed send away a username / password? As Glen said, yes, you were snookered. Fortunately, you realized this quickly, so it's very unlikely it caused you any damage before you were able to change the password. As long as it wasn't on this page that you chose to change it ;) What I am interested in knowing is how this came about? Would you mind posting a tracker? I'd like to see so I can possibly use this as a part of my lessons in Practicing Safe Hex. Also, as an aside, maybe it would be good for you to install the Netcraft toolbar so this doesn't happen again. It does a fairly decent job of catching phishes. I've found a few that it hadn't seen yet, but I aggressively look for them. It did catch this one, at least at this time. -- Brian SC.10.myspamgobbler@spamcowboy.net From borgholio at storymind.com Fri Nov 11 22:10:13 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 01:15:03 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl40r1$sel$1@news.spamcop.net> References: <dl3f40$9bq$1@news.spamcop.net> <dl40r1$sel$1@news.spamcop.net> Message-ID: <dl4109$lvl$4@news.spamcop.net> Brian wrote: > Borgholio wrote: > >> In a nutshell, I wasn't paying attention and clicked on a link and >> entered my password. I changed it about 2 minutes later when I >> realized something was wrong, but I need verification that the "phish" >> actually worked. It seemed that the phishing link sent along with the >> email was half-assed. In other words, it doesn't seem like it'd >> work. Here's the link: >> >> http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif >> >> >> As for how I could miss the mail.jangup.com part, beats me. As I >> said, wasn't paying attention. When clicking on the link, it takes >> you straight to the Ebay page and NOT to a clever forgery. The >> mail.jangup part is a webmail address but there are no obvious >> attempts to login and send mail. I'm going to keep my passwords >> changed, naturally, but can anybody verify that this link will indeed >> send away a username / password? > > > As Glen said, yes, you were snookered. Fortunately, you realized this > quickly, so it's very unlikely it caused you any damage before you were > able to change the password. > > As long as it wasn't on this page that you chose to change it ;) > > What I am interested in knowing is how this came about? Would you mind > posting a tracker? I'd like to see so I can possibly use this as a part > of my lessons in Practicing Safe Hex. > > Also, as an aside, maybe it would be good for you to install the > Netcraft toolbar so this doesn't happen again. It does a fairly decent > job of catching phishes. I've found a few that it hadn't seen yet, but I > aggressively look for them. It did catch this one, at least at this time. > I've posted the full email + headers in .spam for ya. I can dig up the tracking link if you need that instead. From dannyg at dannyg.com Fri Nov 11 23:13:43 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Sat Nov 12 02:13:59 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish In-Reply-To: <200511120335.jAC3ZFl0078817@dannyg.com> Message-ID: <BF9AD627.ABF2%dannyg@dannyg.com> > When clicking on the link, it takes you straight > to the Ebay page and NOT to a clever forgery. The mail.jangup part is a > webmail address but there are no obvious attempts to login and send mail. > I'm going to keep my passwords changed, naturally, but can anybody verify > that this link will indeed send away a username / password? It _is_ a forged page, hosted on a compromised server at mail.jangup.com, and not served up through SSL. The username/password form gets submitted in the clear to a server-side script running on that server. No client-side JavaScript required. That you were able to change your eBay password is a good sign that you beat the crooks to your account. If I were you, however, I'd keep a close eye on the account for the next couple of months. Danny http://www.dannyg.com http://www.spamwars.com From nobody at spamcop.net Fri Nov 11 23:29:14 2005 From: nobody at spamcop.net (RandallW) Date: Sat Nov 12 02:30:03 2005 Subject: [SpamCop-List] Re: yay, I won the lottery! References: <dl2msf$59f$1@news.spamcop.net> <dl2vm6$9nn$1@news.spamcop.net> Message-ID: <dl45ka$upu$1@news.spamcop.net> "Porpoise" <porpoise1954@yahoo.co.uk> wrote in message news:dl2vm6$9nn$1@news.spamcop.net... > > "RandallW" <nobody@spamcop.net> wrote in message > news:dl2msf$59f$1@news.spamcop.net... >> After going weeks without winning the lottery, I received two of the >> spams that informed me that I won a European lottery draw. I think their >> system to choose the winning e-mail address seems to be broken, since I >> received the same spam to two different e-mail addresses but they have >> the same winning ticket number! >> >> http://www.spamcop.net/sc?id=z825709809z47df5bf865057c315e829822c0cfed19z > > Perhaps that means you've won twice....... ;-)) > Hey, if I create a few more e-mail accounts I can win a few more times. From borgholio at storymind.com Fri Nov 11 23:54:19 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 02:55:03 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish In-Reply-To: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> References: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> Message-ID: <dl473e$te3$1@news.spamcop.net> Danny Goodman wrote: >>When clicking on the link, it takes you straight >>to the Ebay page and NOT to a clever forgery. The mail.jangup part is a >>webmail address but there are no obvious attempts to login and send mail. >>I'm going to keep my passwords changed, naturally, but can anybody verify >>that this link will indeed send away a username / password? > > > It _is_ a forged page, hosted on a compromised server at mail.jangup.com, > and not served up through SSL. The username/password form gets submitted in > the clear to a server-side script running on that server. No client-side > JavaScript required. > > In the words of Robert Muldoon, game warden of Jurassic Park: "Hmmm...clever..." From g.hyde at bigpond.net.au Sat Nov 12 18:07:02 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Nov 12 03:15:32 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish References: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> Message-ID: <dl485m$j6$1@news.spamcop.net> If you haven't already done so, submit it to spoof@ebay.com so that they can get it shut down ASAP. I really hope one of these days these hackers get ensnared by some red tape which will put them away for a while. -- Cheers ... Geoffrey Hyde "Danny Goodman" <dannyg@dannyg.com> wrote in message news:mailman.120.1131779632.169.spamcop-list@news.spamcop.net... > >> When clicking on the link, it takes you straight >> to the Ebay page and NOT to a clever forgery. The mail.jangup part is a >> webmail address but there are no obvious attempts to login and send mail. >> I'm going to keep my passwords changed, naturally, but can anybody verify >> that this link will indeed send away a username / password? > > It _is_ a forged page, hosted on a compromised server at mail.jangup.com, > and not served up through SSL. The username/password form gets submitted > in > the clear to a server-side script running on that server. No client-side > JavaScript required. > > That you were able to change your eBay password is a good sign that you > beat > the crooks to your account. If I were you, however, I'd keep a close eye > on > the account for the next couple of months. > > Danny > http://www.dannyg.com > http://www.spamwars.com > > > From borgholio at storymind.com Sat Nov 12 01:01:42 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 04:05:04 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl485m$j6$1@news.spamcop.net> References: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> <dl485m$j6$1@news.spamcop.net> Message-ID: <dl4b1r$iu$1@news.spamcop.net> Geoffrey Hyde wrote: > If you haven't already done so, submit it to spoof@ebay.com so that they can > get it shut down ASAP. I really hope one of these days these hackers get > ensnared by some red tape which will put them away for a while. > > Done awhile ago. :) From pzion.naax at yahoo.com Sat Nov 12 05:46:35 2005 From: pzion.naax at yahoo.com (*selah*) Date: Sat Nov 12 04:51:12 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> Message-ID: <dl4dld$37c$1@news.spamcop.net> I've been having trouble with password also. I don't know if this happens every time I delete all temporary internet files from ie but now, in addition, when I try to reset the password, I don't receive the email reply from spamcop. "jg" <jg@coks.net> wrote in message news:dl3q97$nll$1@news.spamcop.net... > Bout a week or so (11/2 to be exact) SC was having issues with the > system and passwords. I believe it was the 2nd time I noticed warnings > in the recent past. I am curently having password issues and cannot > pinpoint the source - it could be FireFox 1.07, win2000, or SC. > Is SC currently having occasional brainfarts with passwords? Firefox > shows everything normal within its password manager but I get a blank > sign in box upon going to SC. > Just trying to narrow this down, thanks... From bar_n0ne at hotmail.com Sat Nov 12 14:31:42 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Nov 12 05:35:24 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> Message-ID: <dl4gai$4ht$1@news.spamcop.net> "*selah*" <pzion.naax@yahoo.com> wrote in message news:dl4dld$37c$1@news.spamcop.net... > I've been having trouble with password also. I don't know if this > happens every time I delete all temporary internet files from ie but > now, in addition, when I try to reset the password, I don't receive the > email reply from spamcop. Sheesh, don't you read the announcement on the login page? there is some flakiness they are working on, resetting your password does not help just wait a while and try again later From nobody at devnull.spamcop.net Sat Nov 12 05:34:58 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Nov 12 05:35:42 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> <BF9A69D8.53C%sorcerer2@hotmail.com> <hizkSixtxDZ1@eisner.encompasserve.org> <BF9AA90D.66D%sorcerer2@hotmail.com> Message-ID: <dl4gf5$4jn$1@news.spamcop.net> "Sir Sorcerer" <sorcerer2@hotmail.com> wrote in message news:BF9AA90D.66D%sorcerer2@hotmail.com... <snip> > Guess you think the SURLB guys supporting spamassassin are spammers too as > they process data just like we do. We just process it for finer resolution. > I am curious. Just what percentage of spam do you catch using spamvertized websites (that haven't been caught already by other filters)? Or is it just part of a scoring system? Miss Betsy From redford_stone at INVERSE_OF_COLDmail.com Sat Nov 12 11:10:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Nov 12 06:15:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Hackers use Sony BMG to hide on PCs References: <Xns970A86ECD8110tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-M8RBbqlF1CuM@dsl-206-55-144-107.tstonramp.com> Message-ID: <Xns970C20605FD2Ctinlc@216.154.195.61> "Robert Blair" <nobody@nowhere.not> wrote in news:TECQXhvKj0FX-pn2- M8RBbqlF1CuM@dsl-206-55-144-107.tstonramp.com: > > Here is the latest from Sony. It seems they have heard the message, > at least for now, but I expect them to try something else along the > same lines later. > The key to that article was the words "temporarily suspend".. meaning they aren't likely to dismiss this folly enitrely. Either case, I think we [tinw] need to keep a wary eye on Sony (and other music publishers) for the forsee-able future. From redford_stone at INVERSE_OF_COLDmail.com Sat Nov 12 11:18:11 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Nov 12 06:20:02 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish References: <dl3f40$9bq$1@news.spamcop.net> Message-ID: <Xns970C219A649B1tinlc@216.154.195.61> Borgholio <borgholio@storymind.com> wrote in news:dl3f40$9bq$1@news.spamcop.net: > In a nutshell, I wasn't paying attention and clicked on a link and > entered my password. I changed it about 2 minutes later when I > realized something was wrong, but I need verification that the "phish" > actually worked. It seemed that the phishing link sent along with the > email was half-assed. In other words, it doesn't seem like it'd work. > Here's the link: May I recommend an extra dose of Yuban coffee before surfing the net? :-D From nobody at nowhere.invalid Sat Nov 12 12:24:55 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 06:25:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> <dl0shv$2af$1@news.spamcop.net> <Xns970B52711D08tinlc@216.154.195.61> <dl1nut$kme$1@news.spamcop.net> <Xns970C1D6C39AB4tinlc@216.154.195.61> Message-ID: <slrndnbk87.v9e.nobody@127.0.0.1> On Sat, 12 Nov 2005 10:53:32 +0000 (UTC), Redstone coughed into spamcop and left this in <Xns970C1D6C39AB4tinlc@216.154.195.61>: >> And cassette tapes for the car.......... > > Only problem, they don't sit well in the sun. :-) Nor do CDs for that matter :) -- Steve Sign spotted in an office: AFTER TEA BREAK STAFF SHOULD EMPTY THE TEAPOT AND STAND UPSIDE DOWN ON THE DRAINING BOARD From nobody at nowhere.invalid Sat Nov 12 12:37:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 06:40:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> Message-ID: <slrndnbkus.vf5.nobody@127.0.0.1> On Sat, 5 Nov 2005 10:52:34 +0000 (UTC), Redstone coughed into spamcop and left this in <Xns97051D4241CC4tinlc@216.154.195.61>: > Guess enough people began to notice these hidden files being installed > without proper permission. Userfriendly.org have just put out their take on the issue: http://ars.userfriendly.org/cartoons/?id=20051112&mode=classic -- Steve The average nutritional value of promises is roughly zero. From borgholio at storymind.com Sat Nov 12 03:41:17 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 06:45:04 2005 Subject: [SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish In-Reply-To: <Xns970C219A649B1tinlc@216.154.195.61> References: <dl3f40$9bq$1@news.spamcop.net> <Xns970C219A649B1tinlc@216.154.195.61> Message-ID: <dl4kd1$iu$2@news.spamcop.net> Redstone wrote: > Borgholio <borgholio@storymind.com> wrote in > news:dl3f40$9bq$1@news.spamcop.net: > > >>In a nutshell, I wasn't paying attention and clicked on a link and >>entered my password. I changed it about 2 minutes later when I >>realized something was wrong, but I need verification that the "phish" >>actually worked. It seemed that the phishing link sent along with the >>email was half-assed. In other words, it doesn't seem like it'd work. >> Here's the link: > > > > May I recommend an extra dose of Yuban coffee before surfing the net? :-D > Already on my 3rd coke today. Need to get SOME sleep before sunrise. :) From Kilgallen at SpamCop.net Sat Nov 12 06:22:25 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Nov 12 07:25:03 2005 Subject: [SpamCop-List] I cannot get http://mailsc.spamcop.net/ to work Message-ID: <VQPHbsh+g2UF@eisner.encompasserve.org> From Netscape: An error occurred while processing your request. Reference #97.6b247b3f.1131797393.5078bf From Internet Explorer: An error occurred while processing your request. Reference #97.6a247b3f.1131797434.4d7a0a From nobody at spamcop.net Sat Nov 12 07:00:13 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 12 08:05:08 2005 Subject: [SpamCop-List] Spamcop down? Message-ID: <dl4p0k$9jo$1@news.spamcop.net> Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.5b247b3f.1131800347.a8c08b From nobody at spamcop.net Sat Nov 12 07:04:41 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 12 08:05:20 2005 Subject: [SpamCop-List] Error Message-ID: <dl4p90$9pf$1@news.spamcop.net> An error occurred while processing your request. Reference #97.5b247b3f.1131800640.aadb6d From bar_n0ne at hotmail.com Sat Nov 12 17:08:10 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Nov 12 08:10:03 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> Message-ID: <dl4pfs$a47$1@news.spamcop.net> Too many people re-parsing those tripod and geocities links maybe? From spam_hjp at yahoo.com Sat Nov 12 08:08:35 2005 From: spam_hjp at yahoo.com (Jim) Date: Sat Nov 12 08:10:13 2005 Subject: [SpamCop-List] SC been down for 2 hours Message-ID: <dl4pgm$9t4$2@news.spamcop.net> SpamCop been down for 2 hours From spam_hjp at yahoo.com Sat Nov 12 08:12:34 2005 From: spam_hjp at yahoo.com (Jim) Date: Sat Nov 12 08:15:03 2005 Subject: [SpamCop-List] Re: Spamcop down? In-Reply-To: <dl4pfs$a47$1@news.spamcop.net> References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> Message-ID: <dl4po5$9t4$3@news.spamcop.net> Berny wrote: > Too many people re-parsing those tripod and geocities links maybe? > > > That must be it as I am getting a lot of them also. I have not been able to get on for over 2 hours. I tried to get some info on the forum but I can't find a thing over there. From nobody at devnull.spamcop.net Sat Nov 12 08:22:21 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sat Nov 12 08:25:03 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish References: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> <dl485m$j6$1@news.spamcop.net> <dl4b1r$iu$1@news.spamcop.net> Message-ID: <dl4qa1$all$1@news.spamcop.net> "Borgholio" wrote in message > Geoffrey Hyde wrote: > > If you haven't already done so, submit it to spoof/at/ebay.com so that they can > > get it shut down ASAP. I really hope one of these days these hackers get > > ensnared by some red tape which will put them away for a while. > > > > > > Done awhile ago. :) As of 8:00 AM EST, the site was already "404 compliant". At 11:18 PM I sent out a note about the site to these possibly interested "third parties": To: eBay Customer Support <spam/at/ebay.com>, admin/at/fraudwatchinternational.com, "ReportPhish.org" <Report/at/ReportPhish.org>, "antiphishing.org" <reportphishing/at/antiphishing.org>, Better Business Bureau nophishing/at/cbbb.bbb.org, spoof/at/millersmiles.co.uk, submit/at/phishcop.net, FTC spam/at/uce.gov Apparently the elves came during the night and stole away with the site. I did not cite the elves... -<g> From nobody at spamcop.net Sat Nov 12 07:28:06 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Nov 12 08:30:05 2005 Subject: [SpamCop-List] Re: SpamCop is Down References: <c9rbn1t5jfdifnid4tn1k4j7uco0kj8ubi@4ax.com> Message-ID: <dl4qkt$b1h$1@news.spamcop.net> "SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message news:c9rbn1t5jfdifnid4tn1k4j7uco0kj8ubi@4ax.com... > At 06:20 Mountain Standard Time, SpamCop is completely down. I don't > know what the problem is, but the pagers have been set off. Now we > wait. > > - Don D'Minion - SpamCop Admin - Spammers attacked the building, shut the servers down? From bar_n0ne at hotmail.com Sat Nov 12 17:37:40 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Nov 12 08:40:03 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> <dl4po5$9t4$3@news.spamcop.net> Message-ID: <dl4r77$bc9$1@news.spamcop.net> "Jim" <spam_hjp@yahoo.com> wrote in message news:dl4po5$9t4$3@news.spamcop.net... > Berny wrote: > > Too many people re-parsing those tripod and geocities links maybe? > > > > > > > > That must be it as I am getting a lot of them also. I have not been able to get on for over 2 > hours. I tried to get some info on the forum but I can't find a thing over there. I can't even get there, the only link I have is the www.spamcop.net link, the cookies take care of the rest and I use the help Item to get to the fora. I have no direct link to the fora From nobody at nowhere.invalid Sat Nov 12 14:39:51 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 08:40:13 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> Message-ID: <slrndnbs57.1vt.nobody@127.0.0.1> On Sat, 12 Nov 2005 17:08:10 +0400, Berny coughed into spamcop and left this in <dl4pfs$a47$1@news.spamcop.net>: ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> ><HTML><HEAD> ><META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> ><META content=3D"MSHTML 6.00.2800.1522" name=3DGENERATOR> ><STYLE></STYLE> ></HEAD> ><BODY bgColor=3D#ffffff> ><DIV><FONT face=3DArial size=3D2> >{snip} Very interesting. -- Steve "POLICE STATION TOILET STOLEN...Cops have nothing to go on." From bar_n0ne at hotmail.com Sat Nov 12 17:45:50 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Nov 12 08:50:02 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> <slrndnbs57.1vt.nobody@127.0.0.1> Message-ID: <dl4rmi$bnd$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndnbs57.1vt.nobody@127.0.0.1... > On Sat, 12 Nov 2005 17:08:10 +0400, Berny coughed into spamcop and left > this in <dl4pfs$a47$1@news.spamcop.net>: > > ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > ><HTML> >{snip} > > Very interesting. > > -- > Steve > > "POLICE STATION TOILET STOLEN...Cops have nothing to go on." Shit! I have OE set to plain text only. (Although I don' see how the above is interesting.) one of the posts I replied to was all HTML as I discovered when replying, maybe that's when it snuck in. But I thought I had deleted all of it. Do let me know if this isn't plaintext From jeffg at spamcop.net Sat Nov 12 08:48:27 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 09:20:50 2005 Subject: [SpamCop-List] Re: SC been down for 2 hours References: <dl4pgm$9t4$2@news.spamcop.net> Message-ID: <dl4tei$cle$1@news.spamcop.net> "Jim" <spam_hjp@yahoo.com> wrote in message news:dl4pgm$9t4$2@news.spamcop.net... > SpamCop been down for 2 hours Make that 3 hours now. You can track it with http://forum.spamcop.net/forums/index.php?showtopic=5247 QUOTE(SpamCopAdmin in http://forum.spamcop.net/forums/index.php?showtopic=5247 @ Nov 12 2005, 08:23 AM EST -0500) "At 06:20 Mountain Standard Time, SpamCop is completely down. I don't know what the problem is, but the pagers have been set off. Now we wait. - Don D'Minion - SpamCop Admin -" Please note that only the SpamCop Parsing and Reporting Service is affected. The outage appears to have started around 05:55 EST -0500 (10:55 UTC -0000, 02:55 PST -0800). -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sat Nov 12 09:18:45 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 09:21:04 2005 Subject: [SpamCop-List] Re: SC been down for 2 hours References: <dl4pgm$9t4$2@news.spamcop.net> <dl4tei$cle$1@news.spamcop.net> Message-ID: <dl4tk6$crp$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl4tei$cle$1@news.spamcop.net... > "Jim" <spam_hjp@yahoo.com> wrote in message > news:dl4pgm$9t4$2@news.spamcop.net... > > SpamCop been down for 2 hours > > Make that 3 hours now. Sorry about the time on that post (gremlins took about 27min). -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From porpoise1954 at yahoo.co.uk Sat Nov 12 14:36:49 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Nov 12 09:40:07 2005 Subject: [SpamCop-List] Re: [MEDIA] Sony CD Copy Protection Seems To Rely On HackerRootkit References: <Xns97037EA6B301Ftinlc@216.154.195.61> <dkeg1g$35f$1@news.spamcop.net> <TECQXhvKj0FX-pn2-OvYNxTLrdXxL@dsl-206-55-144-107.tstonramp.com> <BF90DE68.1635E%nobody@spamcop.net> <TECQXhvKj0FX-pn2-mJM7JdfPnr4E@dsl-206-55-144-107.tstonramp.com> <Xns97051D4241CC4tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-41gGcOWKuyNn@dsl-206-55-144-107.tstonramp.com> <Xns97093B2348704tinlc@216.154.195.61> <TECQXhvKj0FX-pn2-jrh3dKUd5WdX@dsl-206-55-144-107.tstonramp.com> <dkubbp$j70$1@news.spamcop.net> <ozchzhq02-A8BF38.18491509112005@frylock.local> <dkv5pr$pq$1@news.spamcop.net> <Xns970A7D1D5F8BEtinlc@216.154.195.61> <dl0shv$2af$1@news.spamcop.net> <Xns970B52711D08tinlc@216.154.195.61> <dl1nut$kme$1@news.spamcop.net> <Xns970C1D6C39AB4tinlc@216.154.195.61> Message-ID: <dl4uoq$drl$1@news.spamcop.net> "Redstone" <redford_stone@INVERSE_OF_COLDmail.com> wrote in message news:Xns970C1D6C39AB4tinlc@216.154.195.61... > "Porpoise" <porpoise1954@yahoo.co.uk> wrote in news:dl1nut$kme$1 > @news.spamcop.net: > >> >> And cassette tapes for the car.......... >> >> > > > Only problem, they don't sit well in the sun. :-) Errrmmmm... Neither do CDs.......!!?? From jeffg at spamcop.net Sat Nov 12 10:10:42 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 10:15:18 2005 Subject: [SpamCop-List] Re: SC been down for 2 hours References: <dl4pgm$9t4$2@news.spamcop.net> <dl4tei$cle$1@news.spamcop.net> Message-ID: <dl50nj$fh5$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl4tei$cle$1@news.spamcop.net... > "Jim" <spam_hjp@yahoo.com> wrote in message > news:dl4pgm$9t4$2@news.spamcop.net... > > SpamCop been down for 2 hours > > Make that 3 hours now. You can track it with > http://forum.spamcop.net/forums/index.php?showtopic=5247 It appears to have been back up since 09:40 EST -0500 (14:40 UTC -0000, 06:40 PST -0800, half an hour ago). -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sat Nov 12 10:11:46 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 10:15:37 2005 Subject: [SpamCop-List] Re: SC been down for 2 hours References: <dl4pgm$9t4$2@news.spamcop.net> <dl4tei$cle$1@news.spamcop.net> Message-ID: <dl50nj$fh5$2@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl4tei$cle$1@news.spamcop.net... > "Jim" <spam_hjp@yahoo.com> wrote in message > news:dl4pgm$9t4$2@news.spamcop.net... > > SpamCop been down for 2 hours > > Make that 3 hours now. You can track it with > http://forum.spamcop.net/forums/index.php?showtopic=5247 It appears to have been back up since 09:40 EST -0500 (14:40 UTC -0000, 06:40 PST -0800, half an hour ago). -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jg at coks.net Sat Nov 12 07:46:16 2005 From: jg at coks.net (jg) Date: Sat Nov 12 10:45:03 2005 Subject: [SpamCop-List] Re: password issues In-Reply-To: <dl4gai$4ht$1@news.spamcop.net> References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> Message-ID: <dl52kl$gsl$1@news.spamcop.net> On 11/12/2005 2:31 AM Berny scribbled: > "*selah*" <pzion.naax@yahoo.com> wrote in message > news:dl4dld$37c$1@news.spamcop.net... > >>I've been having trouble with password also. I don't know if this >>happens every time I delete all temporary internet files from ie but >>now, in addition, when I try to reset the password, I don't receive the >>email reply from spamcop. > > > Sheesh, don't you read the announcement on the login page? there is some > flakiness they are working on, resetting your password does not help > > just wait a while and try again later > > Which is why I didn't reset mine, having made a mental note of that back around 11/2, but you say wait /awhile/ - still not working this A.M. I see a bunch of posts about problems - guess I'll take a look at them... From jg at coks.net Sat Nov 12 07:56:14 2005 From: jg at coks.net (jg) Date: Sat Nov 12 10:55:03 2005 Subject: [SpamCop-List] Re: password issues In-Reply-To: <dl52kl$gsl$1@news.spamcop.net> References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl52kl$gsl$1@news.spamcop.net> Message-ID: <dl537b$h8g$1@news.spamcop.net> On 11/12/2005 7:46 AM jg scribbled: >>Sheesh, don't you read the announcement on the login page? there is some >>flakiness they are working on, resetting your password does not help >> >>just wait a while and try again later >> >> > > Which is why I didn't reset mine, having made a mental note of that back > around 11/2, but you say wait /awhile/ - still not working this A.M. I > see a bunch of posts about problems - guess I'll take a look at them... Well, all I see is 'system down' posts, so I guess /awhile/ will be a longer while... But my problem started last evening, not 'a couple-3 hours ago'... From jeffg at spamcop.net Sat Nov 12 11:08:13 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 11:10:08 2005 Subject: [SpamCop-List] Re: SC been down for 2 hours References: <dl4pgm$9t4$2@news.spamcop.net> <dl4tei$cle$1@news.spamcop.net> <dl50nj$fh5$2@news.spamcop.net> Message-ID: <dl5423$i01$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl50nj$fh5$2@news.spamcop.net... > "Jeff G." <jeffg@spamcop.net> wrote in message > news:dl4tei$cle$1@news.spamcop.net... > > "Jim" <spam_hjp@yahoo.com> wrote in message > > news:dl4pgm$9t4$2@news.spamcop.net... > > > SpamCop been down for 2 hours > > > > Make that 3 hours now. You can track it with > > http://forum.spamcop.net/forums/index.php?showtopic=5247 > > It appears to have been back up since 09:40 EST -0500 (14:40 UTC -0000, > 06:40 PST -0800, half an hour ago). [quote=SpamCopAdmin,Nov 12 2005, 10:55 AM EST -0500] "The system is back up now. There may be some email delays while the system works through the backlog of spam, but everything is working normally again. - Don D'Minion - SpamCop Admin -" -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sat Nov 12 11:12:25 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 11:15:04 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl52kl$gsl$1@news.spamcop.net> <dl537b$h8g$1@news.spamcop.net> Message-ID: <dl5499$ikd$1@news.spamcop.net> "jg" <jg@coks.net> wrote in message news:dl537b$h8g$1@news.spamcop.net... > Well, all I see is 'system down' posts, so I guess /awhile/ will be a > longer while... > But my problem started last evening, not 'a couple-3 hours ago'... Your problem appears to be specific to your account. Please email a SpamCop Admin via service[at]admin.spamcop.net . -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jg at coks.net Sat Nov 12 08:45:14 2005 From: jg at coks.net (jg) Date: Sat Nov 12 11:45:03 2005 Subject: [SpamCop-List] Re: password issues In-Reply-To: <dl5499$ikd$1@news.spamcop.net> References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl52kl$gsl$1@news.spamcop.net> <dl537b$h8g$1@news.spamcop.net> <dl5499$ikd$1@news.spamcop.net> Message-ID: <dl5638$jti$1@news.spamcop.net> On 11/12/2005 8:12 AM Jeff G. scribbled: > "jg" <jg@coks.net> wrote in message > news:dl537b$h8g$1@news.spamcop.net... > >>Well, all I see is 'system down' posts, so I guess /awhile/ will be a >>longer while... >>But my problem started last evening, not 'a couple-3 hours ago'... > > > Your problem appears to be specific to your account. Please email a > SpamCop Admin via service[at]admin.spamcop.net . > Thanks, Jeff, I'll do that... From nobody at spamcop.net Sat Nov 12 21:09:07 2005 From: nobody at spamcop.net (nospam) Date: Sat Nov 12 12:10:04 2005 Subject: [SpamCop-List] Now PHISHES are also for Internet and Email passwords Message-ID: <BF9C0A73.16471%nobody@spamcop.net> I don't have the tracker, but no matter. Different from sms.ac and hi5 methods, I received a PHISH spam today, in the style of the usual bank/ebay/Paypal PHISHES, but it was purportedly to verify my ISP account. It was very primitive, so I'm not sure exactly what they were after. The PHISH site was linked through a google redirect (How do I LART that?) the "visible" link was my.isp.com/something (No, that's not the name of my ISP) It was so badly done that almost no one would be fooled, but then so were bank PHISHes not so long ago, and they still got their victims. From nobody at spamcop.net Sat Nov 12 21:16:50 2005 From: nobody at spamcop.net (nospam) Date: Sat Nov 12 12:20:02 2005 Subject: [SpamCop-List] Anyone getting "hosting acknowledgement" Message-ID: <BF9C0C42.16472%nobody@spamcop.net> Purportedly acknowledging reciept of paymen of some $250.00 for some bogus registration and hosting purpotedly with: Century21RmRealty (almost nothing in Google), and no A record for the supposedly registered name. The From is Bogus enough (ie obviously bogus name and domain), but while the first of these had a link to review my transaction at Century21gmRealty.com the second had a link to leakingbrainfluid.com Hardly going to inspire me to believe such a transaction took place, or motivate me to look it up. From SC.10.myspamgobbler at spamcowboy.net Sat Nov 12 09:18:28 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Sat Nov 12 12:25:02 2005 Subject: [SpamCop-List] Re: Now PHISHES are also for Internet and Email passwords In-Reply-To: <BF9C0A73.16471%nobody@spamcop.net> References: <BF9C0A73.16471%nobody@spamcop.net> Message-ID: <dl589h$l6e$1@news.spamcop.net> nospam wrote: > I don't have the tracker, but no matter. > > Different from sms.ac and hi5 methods, > > I received a PHISH spam today, in the style of the usual bank/ebay/Paypal > PHISHES, but it was purportedly to verify my ISP account. > > It was very primitive, so I'm not sure exactly what they were after. > > The PHISH site was linked through a google redirect (How do I LART that?) > > the "visible" link was my.isp.com/something (No, that's not the name of my > ISP) > > It was so badly done that almost no one would be fooled, but then so were > bank PHISHes not so long ago, and they still got their victims. > Passwords to an ISP account are valuable for sending out spam among other things. There are lots of passwords stored in emails. What was the URL of the redirect. Parse that and manually LART. And it would be a lot easier to see the tracker so more of us can work on it. There are a few of us that focus on phishing. -- Brian SC.10.myspamgobbler@spamcowboy.net From usenet2 at DE.LETE.THISljvideo.com Sat Nov 12 18:23:53 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Nov 12 13:25:04 2005 Subject: [SpamCop-List] Re: yay, I won the lottery! References: <dl2msf$59f$1@news.spamcop.net> Message-ID: <Xns970C73EAE6C5Athefrogprince@216.154.195.61> Waiving the right to remain silent, "RandallW" <nobody@spamcop.net> said: > After going weeks without winning the lottery, I received two of > the spams that informed me that I won a European lottery draw. I > think their system to choose the winning e-mail address seems to > be broken, since I received the same spam to two different > e-mail addresses but they have the same winning ticket number! There was one recently claiming "WINNER" in the Washington State Lottery, but administered by a URL in Australia, and prize claim from a URL in Romania - or something like that... One would have to be brick-stoopid to click any of those links... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "I've come here to enjoy nature. Don't talk to me about the environment!" - 'Denny Crane' From nobody at nowhere.invalid Sat Nov 12 20:00:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 14:05:08 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> <slrndnbs57.1vt.nobody@127.0.0.1> <dl4rmi$bnd$1@news.spamcop.net> Message-ID: <slrndncetm.2bo.nobody@127.0.0.1> On Sat, 12 Nov 2005 17:45:50 +0400, Berny coughed into spamcop and left this in <dl4rmi$bnd$1@news.spamcop.net>: > one of the posts I replied to was all HTML as I discovered when replying, > maybe that's when it snuck in. But I thought I had deleted all of it. > > Do let me know if this isn't plaintext It was. Advance warning - my memory of OE may be flaky since it's probably about 6 years since I got anywhere near that abomination. Go to Tools / Options... / Send tab. UNCHECK the option that says "Reply to messages in the format in which they were sent" or words to that effect. If it is left checked, even if new messages are sent out in plain text, replies to HTML crud will go out as HTML crud. -- Steve The only person to get all of his work done by Friday was Robinson Crusoe From nobody at nowhere.invalid Sat Nov 12 20:02:29 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 14:05:21 2005 Subject: [SpamCop-List] Anyone here speak Magyar / Hungarian? Message-ID: <slrndncf25.2bo.nobody@127.0.0.1> Got this back from t-online.hu but have no friggin' idea what it says: Tisztelt Lev?l?r?! Level?t k?retlen lev?lnek kategoriz?lta rendszer?nk. K?rj?k, k?ldje el azt ism?telten r?sz?nkre ?gy, hogy a t?rgy mez?be ?rja be az al?bbiakat: "Megism?telt lev?l T-online-nak". Meg?rt?s?t k?sz?nj?k. -- Steve And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on it, you know they are just evil lies. -- Linus Torvalds From nobody at nowhere.invalid Sat Nov 12 20:11:47 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Nov 12 14:15:02 2005 Subject: [SpamCop-List] Re: SpamCop is Down References: <c9rbn1t5jfdifnid4tn1k4j7uco0kj8ubi@4ax.com> <n54cn1965f28itfomhlctpbjusrb8ri9qu@4ax.com> Message-ID: <slrndncfjj.2bo.nobody@127.0.0.1> On Sat, 12 Nov 2005 08:56:46 -0700, SpamCop Admin coughed into spamcop and left this in <n54cn1965f28itfomhlctpbjusrb8ri9qu@4ax.com>: > The system is back up now. > > There may be some email delays while the system works through the > backlog of spam, but everything is working normally again. Can you share any information on what brought it down in the first place? -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From DougThegarden at invalid.com Sat Nov 12 19:34:56 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Nov 12 14:40:03 2005 Subject: [SpamCop-List] Re: Anyone here speak Magyar / Hungarian? In-Reply-To: <slrndncf25.2bo.nobody@127.0.0.1> References: <slrndncf25.2bo.nobody@127.0.0.1> Message-ID: <dl5g6q$pb4$1@news.spamcop.net> Steven Maesslein wrote: > Got this back from t-online.hu but have no friggin' idea what it > says: > > Tisztelt Lev?l?r?! > > Level?t k?retlen lev?lnek kategoriz?lta rendszer?nk. K?rj?k, k?ldje > el azt ism?telten r?sz?nkre ?gy, hogy a t?rgy mez?be ?rja be az > al?bbiakat: "Megism?telt lev?l T-online-nak". > > Meg?rt?s?t k?sz?nj?k. > Foreignword.com translates it as: Dear Epistle! Level?t unsolicited epistle categorizes system. Please , send off that repeatedly our part so , that the topic glebe writes be the mentioned below " reduplicated epistle T online nak ". Knowing thank you. I'm afraid I don't know anyone that can translate the result. Doug From borgholio at storymind.com Sat Nov 12 11:46:18 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Nov 12 14:50:03 2005 Subject: [SpamCop-List] Erm...um...I may have just fallen victim to a Phish In-Reply-To: <dl4qa1$all$1@news.spamcop.net> References: <mailman.120.1131779632.169.spamcop-list@news.spamcop.net> <dl485m$j6$1@news.spamcop.net> <dl4b1r$iu$1@news.spamcop.net> <dl4qa1$all$1@news.spamcop.net> Message-ID: <dl5gqb$pkl$1@news.spamcop.net> Glenn Daniels wrote: > "Borgholio" wrote in message > >>Geoffrey Hyde wrote: >> >>>If you haven't already done so, submit it to spoof/at/ebay.com so that > > they can > >>>get it shut down ASAP. I really hope one of these days these hackers > > get > >>>ensnared by some red tape which will put them away for a while. >>> >>> >> >>Done awhile ago. :) > > > As of 8:00 AM EST, the site was already "404 compliant". > > At 11:18 PM I sent out a note about the site to these > possibly interested "third parties": > To: > eBay Customer Support <spam/at/ebay.com>, > admin/at/fraudwatchinternational.com, > "ReportPhish.org" <Report/at/ReportPhish.org>, > "antiphishing.org" <reportphishing/at/antiphishing.org>, > Better Business Bureau nophishing/at/cbbb.bbb.org, > spoof/at/millersmiles.co.uk, > submit/at/phishcop.net, > FTC spam/at/uce.gov > > Apparently the elves came during the night and stole away > with the site. I did not cite the elves... > > -<g> > > Well it seems that Ebay is quite aggressive when it comes to spoofing. I like. From nobody at devnull.spamcop.net Sat Nov 12 14:32:37 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Nov 12 15:35:07 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> <dl4po5$9t4$3@news.spamcop.net> <dl4r77$bc9$1@news.spamcop.net> Message-ID: <dl5jh7$r6h$1@news.spamcop.net> "Berny" <bar_n0ne@hotmail.com> wrote in message news:dl4r77$bc9$1@news.spamcop.net... > > I can't even get there, the only link I have is the www.spamcop.net link, > the cookies take care of the rest and I use the help Item to get to the > fora. > > I have no direct link to the fora Forum itself, which now includes a small graphic uptop showing the Parsing & Reporting system status .. an attempt at stopping all the "is it down" questions before they start ... http://forum.spamcop.net/forums/ Portal page found at http://forum.spamcop.net/forums/index.php?act=home Single-page access point to the SpamCop FAQ found at http://forum.spamcop.net/forums/index.php?showtopic=2238 KnowledgeBase view of the SpamCop FAQ being built at http://forum.spamcop.net/forums/index.php?act=faq From zorrofox at Safe-mail.net Sat Nov 12 15:41:13 2005 From: zorrofox at Safe-mail.net (zorrofox@Safe-mail.net) Date: Sat Nov 12 15:41:17 2005 Subject: [SpamCop-List] Dead Organization Message-ID: <N1-i3cg97h7Z3@Safe-mail.net> http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html The above URL is a dead organization. Spamcop is successful, this organization is dead. Its links go nowhere. Keeping this page up is speaking ill of the dead. Consider removing this page, your objective was successful. From MikeE at ster.invalid Sat Nov 12 13:18:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Nov 12 16:20:04 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.121.1131828078.169.spamcop-list@news.spamcop.net> Message-ID: <dl5m7p$spj$1@news.spamcop.net> zorrofox@Safe-mail.net wrote: > news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html That is a link to an archived message posted to spamcop.help claiming to have been posted from a website [which is a curious statement even in 2000 Dec] and containing an alleged spam sourced from excite.com promoting reclaimyourpower.com website. > The above URL is a dead organization. I presume you are referring to the spamvertised link inside the body of the posted mail/spam; not the actual link you posted, which is quite alive and part of the spamcop pipermail mailing list archive. > Spamcop is successful, this > organization is dead. Spamcop is a parsing and reporting service, a maintainer of the SCbl, and a mail service providing spamfiltering and reporting. > Its links go nowhere. reclaimyourpower.com currently resolves and has current domainname registration. There is a webserver at the IP which refers tolb1.youbettersearch.com. Perhaps you mean that you once controlled the domainname and the contents of the site in 2000 Dec but you don't anymore. > Keeping this page up is > speaking ill of the dead. Archives are archives. They archive old information. There is nothing about what was posted on that page which affected reclaimyourpower.com one way or another. If the poster reported the spam to a provider and a provider took action against the site, it must have been on the basis of the result of the provider's investigation of acceptable use or terms of service. SC only reports spamvertisers. > Consider removing this page, your objective > was successful. Don't be silly. It is an archive of a message which appeared in a newsgroup's mailing list. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Nov 12 16:35:14 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Nov 12 16:40:03 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.121.1131828078.169.spamcop-list@news.spamcop.net> Message-ID: <dl5n6l$t8n$1@news.spamcop.net> <zorrofox@Safe-mail.net> wrote in message news:mailman.121.1131828078.169.spamcop-list@news.spamcop.net... > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > The above URL is a dead organization. Spamcop is successful, this organization is dead. Its links go nowhere. Keeping this page up is speaking ill of the dead. Consider removing this page, your objective was successful. Which organization is dead? Which URL do you object to? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From h9vzc2i02 at sneakemail.com Sat Nov 12 13:56:24 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Sat Nov 12 17:00:03 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.121.1131828078.169.spamcop-list@news.spamcop.net> <dl5n6l$t8n$1@news.spamcop.net> Message-ID: <dl5ocn$trk$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl5n6l$t8n$1@news.spamcop.net... > <zorrofox@Safe-mail.net> wrote in message > news:mailman.121.1131828078.169.spamcop-list@news.spamcop.net... > > > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > > > The above URL is a dead organization. Spamcop is successful, this > organization is dead. Its links go nowhere. Keeping this page up is > speaking ill of the dead. Consider removing this page, your objective > was successful. > ** Clicking on the link above DOES work. There have been current posts about SC itself being down for several hours - is that what the OP was crying about? I submitted spam to the parser at 10:40 AM PST today and got a response at 10:45 AM so it seems that SC is now working. -- A SpamCop user and forum reader, Not Admin *** > Which organization is dead? Which URL do you object to? > > -- > Thanks and Best Regards, Jeff G. > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. > From MikeE at ster.invalid Sat Nov 12 15:08:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Nov 12 18:10:07 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.121.1131828078.169.spamcop-list@news.spamcop.net> <dl5n6l$t8n$1@news.spamcop.net> Message-ID: <dl5slo$eu$1@news.spamcop.net> Jeff G. wrote: > Which organization is dead? Which URL do you object to? I think he's sad because http://www.reclaimyourpower.com/ is defunct as a spamvertiser. -- Mike Easter kibitzer, not SC admin From jg at coks.net Sat Nov 12 20:40:08 2005 From: jg at coks.net (jg) Date: Sat Nov 12 23:40:20 2005 Subject: [SpamCop-List] Re: Anyone here speak Magyar / Hungarian? In-Reply-To: <dl5g6q$pb4$1@news.spamcop.net> References: <slrndncf25.2bo.nobody@127.0.0.1> <dl5g6q$pb4$1@news.spamcop.net> Message-ID: <dl6fvk$ato$1@news.spamcop.net> On 11/12/2005 11:34 AM Doug Thegarden scribbled: > Steven Maesslein wrote: > >>Got this back from t-online.hu but have no friggin' idea what it >>says: >> >>Tisztelt Lev?l?r?! >> >>Level?t k?retlen lev?lnek kategoriz?lta rendszer?nk. K?rj?k, k?ldje >>el azt ism?telten r?sz?nkre ?gy, hogy a t?rgy mez?be ?rja be az >>al?bbiakat: "Megism?telt lev?l T-online-nak". >> >>Meg?rt?s?t k?sz?nj?k. >> > > > Foreignword.com translates it as: > > Dear Epistle! Level?t unsolicited epistle categorizes system. Please , > send off that repeatedly our part so , that the topic glebe writes be > the mentioned below " reduplicated epistle T online nak ". Knowing thank > you. > > I'm afraid I don't know anyone that can translate the result. > > Doug try bablefish?? From bar_n0ne at hotmail.com Sun Nov 13 09:05:37 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Nov 13 00:10:05 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <dl4p0k$9jo$1@news.spamcop.net> <dl4pfs$a47$1@news.spamcop.net> <slrndnbs57.1vt.nobody@127.0.0.1> <dl4rmi$bnd$1@news.spamcop.net> <slrndncetm.2bo.nobody@127.0.0.1> Message-ID: <dl6hj4$bqo$1@news.spamcop.net> "Steven Maesslein" <nobody@nowhere.invalid> wrote in message news:slrndncetm.2bo.nobody@127.0.0.1... SNIP > UNCHECK the option that says "Reply to messages in the format in which > they were sent" or words to that effect. If it is left checked, even if > new messages are sent out in plain text, replies to HTML crud will go > out as HTML crud. Done. Thanks Steven! From egyr05 at prodigy.net.mx Sun Nov 13 00:21:24 2005 From: egyr05 at prodigy.net.mx (enrique gonzalez) Date: Sun Nov 13 01:25:05 2005 Subject: [SpamCop-List] Invite me Message-ID: <dl6m19$e30$1@news.spamcop.net> Please invite me From borgholio at storymind.com Sat Nov 12 23:19:57 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Nov 13 02:20:05 2005 Subject: [SpamCop-List] Re: Invite me In-Reply-To: <dl6m19$e30$1@news.spamcop.net> References: <dl6m19$e30$1@news.spamcop.net> Message-ID: <dl6pes$fn5$1@news.spamcop.net> enrique gonzalez wrote: > Please invite me > > I'm sorry, this event is for family and close friends only. If you seek quality entertainment, I can recommend many a fine place in Las Vegas, Nevada. From nobody at spamcop.net Sat Nov 12 23:21:41 2005 From: nobody at spamcop.net (Dar) Date: Sun Nov 13 02:25:03 2005 Subject: [SpamCop-List] Re: Invite me References: <dl6m19$e30$1@news.spamcop.net> <dl6pes$fn5$1@news.spamcop.net> Message-ID: <dl6pia$fqo$1@news.spamcop.net> "Borgholio" <borgholio@storymind.com> wrote in message news:dl6pes$fn5$1@news.spamcop.net... > enrique gonzalez wrote: > > Please invite me > > > > > > I'm sorry, this event is for family and close friends only. If you seek > quality entertainment, I can recommend many a fine place in Las Vegas, Nevada. Personally, I prefer Key West. During non-hurricane season, of course. Dar From nobody at spamcop.net Sat Nov 12 23:44:29 2005 From: nobody at spamcop.net (RandallW) Date: Sun Nov 13 02:45:03 2005 Subject: [SpamCop-List] Re: yay, I won the lottery! References: <dl2msf$59f$1@news.spamcop.net> <Xns970C73EAE6C5Athefrogprince@216.154.195.61> Message-ID: <dl6qss$gbr$1@news.spamcop.net> "Larry J." <usenet2@DE.LETE.THISljvideo.com> wrote in message news:Xns970C73EAE6C5Athefrogprince@216.154.195.61... > Waiving the right to remain silent, "RandallW" > <nobody@spamcop.net> said: > >> After going weeks without winning the lottery, I received two of >> the spams that informed me that I won a European lottery draw. I >> think their system to choose the winning e-mail address seems to >> be broken, since I received the same spam to two different >> e-mail addresses but they have the same winning ticket number! > > There was one recently claiming "WINNER" in the Washington State > Lottery, but administered by a URL in Australia, and prize claim from > a URL in Romania - or something like that... > > One would have to be brick-stoopid to click any of those links... > > -- I'll betcha they pay in Canadian $. From borgholio at storymind.com Sun Nov 13 00:17:50 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Nov 13 03:20:27 2005 Subject: [SpamCop-List] Re: Invite me In-Reply-To: <dl6pia$fqo$1@news.spamcop.net> References: <dl6m19$e30$1@news.spamcop.net> <dl6pes$fn5$1@news.spamcop.net> <dl6pia$fqo$1@news.spamcop.net> Message-ID: <dl6srd$hlj$1@news.spamcop.net> Dar wrote: > "Borgholio" <borgholio@storymind.com> wrote in message > news:dl6pes$fn5$1@news.spamcop.net... > >>enrique gonzalez wrote: >> >>>Please invite me >>> >>> >> >>I'm sorry, this event is for family and close friends only. If you seek >>quality entertainment, I can recommend many a fine place in Las Vegas, > > Nevada. > > Personally, I prefer Key West. During non-hurricane season, of course. > > Dar > > After the recent hurricane season I think it should be renamed to Key East. :) From pzion.naax at yahoo.com Sun Nov 13 04:28:09 2005 From: pzion.naax at yahoo.com (*selah*) Date: Sun Nov 13 03:30:03 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> Message-ID: <dl6teb$hvk$1@news.spamcop.net> Excuuuuuse me - but there is nothing about password trouble on the 1st page I go to www.spamcop.net nor the 2nd (after trying to login) http://www.spamcop.net/mcgi. Nor on the 3rd http://forum.spamcop.net/forums/index.php? (looking to the help forum to see if there have been system problems.) I've been trying to reset the password for over a week. (Our old password didn't function.) "Berny" <bar_n0ne@hotmail.com> wrote in message news:dl4gai$4ht$1@news.spamcop.net... > > "*selah*" <pzion.naax@yahoo.com> wrote in message > news:dl4dld$37c$1@news.spamcop.net... > > I've been having trouble with password also. I don't know if this > > happens every time I delete all temporary internet files from ie but > > now, in addition, when I try to reset the password, I don't receive the > > email reply from spamcop. > > Sheesh, don't you read the announcement on the login page? there is some > flakiness they are working on, resetting your password does not help > > just wait a while and try again later > > From bar_n0ne at hotmail.com Sun Nov 13 12:49:34 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Nov 13 03:50:03 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> Message-ID: <dl6un1$in1$1@news.spamcop.net> "*selah*" <pzion.naax@yahoo.com> wrote in message news:dl6teb$hvk$1@news.spamcop.net... > Excuuuuuse me - but there is nothing about password trouble on the 1st > page I go to www.spamcop.net nor the 2nd (after trying to login) > http://www.spamcop.net/mcgi. Nor on the 3rd > http://forum.spamcop.net/forums/index.php? (looking to the help forum to > see if there have been system problems.) I've been trying to reset the > password for over a week. (Our old password didn't function.) > From the www.spamcop.net front page: News: (Last Modified: Wed Nov 2 14:30:04 2005 GMT Wednesday, November 02, 2005 6:30:04 PM +0400) (Email-account news) 11/2/2005 Sporadic System Problems We are having sporadic system problems which you may see as failure to be able to log-in or other error messages. Please do not change your password as this will not resolve the problem. Operations and engineering are working on the issues. We thank you for your patience while we track this down. The spamcop email system is not affected and continues to operate. Postmasters, please limit forgery blow-back: From DougThegarden at invalid.com Sun Nov 13 09:16:36 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Nov 13 04:20:03 2005 Subject: [SpamCop-List] Re: Invite me In-Reply-To: <dl6m19$e30$1@news.spamcop.net> References: <dl6m19$e30$1@news.spamcop.net> Message-ID: <dl70bb$jed$1@news.spamcop.net> enrique gonzalez wrote: > Please invite me > > You're welcome Doug From DougThegarden at invalid.com Sun Nov 13 09:20:01 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Nov 13 04:25:03 2005 Subject: [SpamCop-List] Re: Anyone here speak Magyar / Hungarian? In-Reply-To: <dl6fvk$ato$1@news.spamcop.net> References: <slrndncf25.2bo.nobody@127.0.0.1> <dl5g6q$pb4$1@news.spamcop.net> <dl6fvk$ato$1@news.spamcop.net> Message-ID: <dl70hp$jmm$1@news.spamcop.net> jg wrote: > On 11/12/2005 11:34 AM Doug Thegarden scribbled: > >> Steven Maesslein wrote: >> >>> Got this back from t-online.hu but have no friggin' idea what it >>> says: >>> >>> Tisztelt Lev?l?r?! >>> >>> Level?t k?retlen lev?lnek kategoriz?lta rendszer?nk. K?rj?k, k?ldje >>> el azt ism?telten r?sz?nkre ?gy, hogy a t?rgy mez?be ?rja be az >>> al?bbiakat: "Megism?telt lev?l T-online-nak". >>> >>> Meg?rt?s?t k?sz?nj?k. >>> >> >> Foreignword.com translates it as: >> >> Dear Epistle! Level?t unsolicited epistle categorizes system. Please , >> send off that repeatedly our part so , that the topic glebe writes be >> the mentioned below " reduplicated epistle T online nak ". Knowing thank >> you. >> >> I'm afraid I don't know anyone that can translate the result. > > try bablefish?? Babblefish doesn't do Hungarian or Foreignword English AFAIK Doug From nobody at nowhere.invalid Sun Nov 13 10:41:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Nov 13 04:46:18 2005 Subject: [SpamCop-List] Re: Anyone here speak Magyar / Hungarian? References: <slrndncf25.2bo.nobody@127.0.0.1> <dl5g6q$pb4$1@news.spamcop.net> <dl6fvk$ato$1@news.spamcop.net> Message-ID: <slrndne2il.3oh.nobody@127.0.0.1> On Sat, 12 Nov 2005 20:40:08 -0800, jg coughed into spamcop and left this in <dl6fvk$ato$1@news.spamcop.net>: > try bablefish?? babelfish doesn't "do" Hungarian. -- Steve If at first you don't succeed, redefine success. From DougThegarden at invalid.com Sun Nov 13 09:47:11 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Nov 13 04:50:37 2005 Subject: [SpamCop-List] Re: yay, I won the lottery! In-Reply-To: <dl6qss$gbr$1@news.spamcop.net> References: <dl2msf$59f$1@news.spamcop.net> <Xns970C73EAE6C5Athefrogprince@216.154.195.61> <dl6qss$gbr$1@news.spamcop.net> Message-ID: <dl724m$kde$1@news.spamcop.net> RandallW wrote: > "Larry J." <usenet2@DE.LETE.THISljvideo.com> wrote in message > news:Xns970C73EAE6C5Athefrogprince@216.154.195.61... >> Waiving the right to remain silent, "RandallW" >> <nobody@spamcop.net> said: >> >>> After going weeks without winning the lottery, I received two of >>> the spams that informed me that I won a European lottery draw. I >>> think their system to choose the winning e-mail address seems to >>> be broken, since I received the same spam to two different >>> e-mail addresses but they have the same winning ticket number! >> There was one recently claiming "WINNER" in the Washington State >> Lottery, but administered by a URL in Australia, and prize claim from >> a URL in Romania - or something like that... >> >> One would have to be brick-stoopid to click any of those links... >> >> -- > > I'll betcha they pay in Canadian $. > Probably Turkish ? at 1.3million to the US $ DOug From jhb at vbe.com Sun Nov 13 05:30:01 2005 From: jhb at vbe.com (Jim) Date: Sun Nov 13 06:35:21 2005 Subject: [SpamCop-List] MailWasher Pro 5.0 Limit? Message-ID: <dl783q$o70$1@news.spamcop.net> Is there a limit to the number of spam msgs that can be submitted to SpamCop via MailWasher Pro at any given time? When I try transmitting more than 3 or 4 msgs the transmission is terminated by the server and none of my msgs make it to SpamCop. When transmitting just a couple of msgs everything is fine. Thanks! Jim From nobody at nowhere.invalid Sun Nov 13 13:13:36 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Nov 13 07:15:05 2005 Subject: [SpamCop-List] Truth in advertising :o) Message-ID: <slrndnebfg.6eb.nobody@127.0.0.1> Pirate software spam. From: Mishap T. Hibachi Some major mishap.... -- Steve A clear conscience is usually the sign of a bad memory. From AHaumer_gmxnet at nopspam.invalid Sun Nov 13 15:08:22 2005 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Sun Nov 13 09:10:02 2005 Subject: [SpamCop-List] Re: MailWasher Pro 5.0 Limit? References: <dl783q$o70$1@news.spamcop.net> Message-ID: <437748D6.D6636054@nopspam.invalid> Jim schrieb: > > Is there a limit to the number of spam msgs that can be submitted to SpamCop > via MailWasher Pro at any given time? When I try transmitting more than 3 > or 4 msgs the transmission is terminated by the server and none of my msgs > make it to SpamCop. When transmitting just a couple of msgs everything is > fine. > > Thanks! > > Jim Definitely not, I'm also using MailWasher to submit as many messages as necessary and it wokrs fine. Problems with your mailserver? Toni From jg at coks.net Sun Nov 13 07:56:35 2005 From: jg at coks.net (jg) Date: Sun Nov 13 10:55:27 2005 Subject: [SpamCop-List] Re: password issues In-Reply-To: <dl6un1$in1$1@news.spamcop.net> References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl6un1$in1$1@news.spamcop.net> Message-ID: <dl7nk1$v66$1@news.spamcop.net> On 11/13/2005 12:49 AM Berny scribbled: > From the www.spamcop.net front page: > > News: (Last Modified: Wed Nov 2 14:30:04 2005 GMT Wednesday, November 02, > 2005 6:30:04 PM +0400) (Email-account news) > > 11/2/2005 Sporadic System Problems > We are having sporadic system problems which you may see as failure to be > able to log-in or other error messages. Please do not change your password > as this will not resolve the problem. Easy, Berny, IIRC that is/was on the 1st reporting input page, not the home page of SC. selah has a point in that you can'/couldn't see that without signing in, which you can't do if p/w is borken. I /don't/ see that message there this A.M. at all... From responseguard at hotmail.com Sun Nov 13 09:33:20 2005 From: responseguard at hotmail.com (Bob W.) Date: Sun Nov 13 12:35:09 2005 Subject: [SpamCop-List] spamhaus pwebtech.com and MLM scammers mentorswin.com Message-ID: <responseguard-CD01D6.09331913112005@news.cesmail.net> Pegasus Web Tehchnologies, pwebtech.com, is home of the MLM scammers at mentorswin.com, a perpetual spamhaus. Countless abuse reports to pwebtech were autoacked with no follow-up, and the spam continued. After hurling insults at the abuse address, a human finally replied requesting the spammed address for "removal". (This, of course, why pwebtech.com refuses munged reports.) No response to my reply condemning listwashing. They obviously know what they're doing. SC-cc'd reports to nlayer.net and above.net are being ignored. I've had more than enough. SC sez: 69.72.218.250 not listed in dnsbl.njabl.org 69.72.218.250 not listed in dnsbl.njabl.org 69.72.218.250 not listed in cbl.abuseat.org 69.72.218.250 not listed in dnsbl.sorbs.net 69.72.218.250 not listed in relays.ordb.org. 69.72.218.250 not listed in accredit.habeas.com 69.72.218.250 not listed in plus.bondedsender.org 69.72.218.250 not listed in iadb.isipp.com How is this possible? I get 1 or 2 spams from mentorswin.com every day, sent to an address that's on the most ancient of spamming lists. Anyone else getting spewed on by these morons? From zorrofox at Safe-mail.net Sun Nov 13 12:47:57 2005 From: zorrofox at Safe-mail.net (zorrofox@Safe-mail.net) Date: Sun Nov 13 12:48:01 2005 Subject: [SpamCop-List] Re: Dead Organization Message-ID: <N1-2SnMiehlo-@Safe-mail.net> Secret to Reclaim Your Power is the dead organization and their URL is http://www.reclaimyourpower.com/. Spamcop URL is http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html The above is the answer to > Which organization is dead? Which URL do you object to? -------- Original Message -------- From: "Jeff G." <jeffg@spamcop.net> Apparently from: spamcop-list-bounces-+zorrofox=safe-mail.net@news.spamcop.net To: zorrofox@safe-mail.net Subject: [SpamCop-List] Re: Dead Organization Date: Sat, 12 Nov 2005 16:35:14 -0500 > <zorrofox@Safe-mail.net> wrote in message > news:mailman.121.1131828078.169.spamcop-list@news.spamcop.net... > > > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > > > The above URL is a dead organization. Spamcop is successful, this > organization is dead. Its links go nowhere. Keeping this page up is > speaking ill of the dead. Consider removing this page, your objective > was successful. > > Which organization is dead? Which URL do you object to? > > -- > Thanks and Best Regards, Jeff G. > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. > > _______________________________________________ > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list From big_mart_98 at yahoo.com Sun Nov 13 18:04:26 2005 From: big_mart_98 at yahoo.com (Martin Edwards) Date: Sun Nov 13 13:05:03 2005 Subject: [SpamCop-List] Re: Anyone here speak Magyar / Hungarian? In-Reply-To: <slrndne2il.3oh.nobody@127.0.0.1> References: <slrndncf25.2bo.nobody@127.0.0.1> <dl5g6q$pb4$1@news.spamcop.net> <dl6fvk$ato$1@news.spamcop.net> <slrndne2il.3oh.nobody@127.0.0.1> Message-ID: <dl7v51$37k$1@news.spamcop.net> Steven Maesslein wrote: > On Sat, 12 Nov 2005 20:40:08 -0800, jg coughed into spamcop and left > this in <dl6fvk$ato$1@news.spamcop.net>: > > >>try bablefish?? > > > babelfish doesn't "do" Hungarian. > The Devil was in the harbour. He was killing lots of people. From jg at coks.net Sun Nov 13 10:28:23 2005 From: jg at coks.net (jg) Date: Sun Nov 13 13:30:04 2005 Subject: [SpamCop-List] Re: password issues In-Reply-To: <dl7nk1$v66$1@news.spamcop.net> References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl6un1$in1$1@news.spamcop.net> <dl7nk1$v66$1@news.spamcop.net> Message-ID: <dl80gk$3tc$1@news.spamcop.net> On 11/13/2005 7:56 AM jg scribbled: > On 11/13/2005 12:49 AM Berny scribbled: > > >> From the www.spamcop.net front page: >> >>News: (Last Modified: Wed Nov 2 14:30:04 2005 GMT Wednesday, November 02, >>2005 6:30:04 PM +0400) (Email-account news) >> >>11/2/2005 Sporadic System Problems >>We are having sporadic system problems which you may see as failure to be >>able to log-in or other error messages. Please do not change your password >>as this will not resolve the problem. > > > Easy, Berny, IIRC that is/was on the 1st reporting input page, not the > home page of SC. > selah has a point in that you can'/couldn't see that without signing in, > which you can't do if p/w is borken. > I /don't/ see that message there this A.M. at all... apologies, it is on the report input page again - I'd swear it wasn't there earlier today, but I don't swear on Sunday... From usenet2 at DE.LETE.THISljvideo.com Sun Nov 13 18:52:11 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sun Nov 13 13:55:03 2005 Subject: [SpamCop-List] Re: Invite me References: <dl6m19$e30$1@news.spamcop.net> Message-ID: <Xns970D78BEC1796thefrogprince@216.154.195.61> Waiving the right to remain silent, "enrique gonzalez" <egyr05 @prodigy.net.mx> said: > Please invite me Okay. BYOB. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "I've come here to enjoy nature. Don't talk to me about the environment!" - 'Denny Crane' From sorcerer2 at hotmail.com Sun Nov 13 13:58:20 2005 From: sorcerer2 at hotmail.com (Sir Sorcerer) Date: Sun Nov 13 14:00:02 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> <BF9A69D8.53C%sorcerer2@hotmail.com> <hizkSixtxDZ1@eisner.encompasserve.org> <BF9AA90D.66D%sorcerer2@hotmail.com> <dl4gf5$4jn$1@news.spamcop.net> Message-ID: <BF9CF6FC.8E1%sorcerer2@hotmail.com> On 11/12/05 5:34 AM, in article dl4gf5$4jn$1@news.spamcop.net, "Miss Betsy" <nobody@devnull.spamcop.net> wrote: > "Sir Sorcerer" <sorcerer2@hotmail.com> wrote in message > news:BF9AA90D.66D%sorcerer2@hotmail.com... > <snip> >> Guess you think the SURLB guys supporting spamassassin are > spammers too as >> they process data just like we do. We just process it for finer > resolution. >> > > I am curious. Just what percentage of spam do you catch using > spamvertized websites (that haven't been caught already by other > filters)? Or is it just part of a scoring system? > > Miss Betsy > > After DNSbls (SC, SBL/XBL, ORDB, SORBS, NJABL, a local one and a few others) and after some other types of content. We stop an additional 29% by using content rules created from and algorithm of our which is applied to a large number of url sources. We have a 28 hour running window and have around 2100 fingerprints at any one time. We have found these require no need of scoring. Tom From nobody at nowhere.spamlovers.com Sun Nov 13 11:29:57 2005 From: nobody at nowhere.spamlovers.com (NOC Areeda.com) Date: Sun Nov 13 14:30:03 2005 Subject: [SpamCop-List] Verisgn Payment Not working? Message-ID: <dl847l$620$1@news.spamcop.net> Hi, I've been trying to add fuel. I much prefer Verisign over PayPal but haven't been able to for a week now. I just get an error like: Data Entry Error Please correct the following errors. Entry Value Description Transaction Type * Merchant Error. Please use a valid Transaction Type (A, D, or S). Login Name * Merchant Identification Error. Login is required. Anybody have any clues for me. Joe From jeffg at spamcop.net Sun Nov 13 14:52:11 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 15:05:04 2005 Subject: [SpamCop-List] Re: Verisgn Payment Not working? References: <dl847l$620$1@news.spamcop.net> Message-ID: <dl866u$70f$1@news.spamcop.net> "NOC Areeda.com" <nobody@nowhere.spamlovers.com> wrote in message news:dl847l$620$1@news.spamcop.net... > Hi, > > I've been trying to add fuel. I much prefer Verisign over PayPal but > haven't been able to for a week now. > > I just get an error like: > > Data Entry Error > Please correct the following errors. > Entry Value Description > Transaction Type * Merchant Error. Please use a valid Transaction Type > (A, D, or S). > Login Name * Merchant Identification Error. Login is required. > > > Anybody have any clues for me. To expedite response to your problem, please email a SpamCop Admin via service<at>admin.spamcop.net. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sun Nov 13 15:29:21 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 15:30:02 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.122.1131904084.169.spamcop-list@news.spamcop.net> Message-ID: <dl87n3$7oe$1@news.spamcop.net> I wrote: > > <zorrofox@Safe-mail.net> wrote in message > > news:mailman.121.1131828078.169.spamcop-list@news.spamcop.net... > > > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > > > > > The above URL is a dead organization. Spamcop is successful, this > > organization is dead. Its links go nowhere. Keeping this page up is > > speaking ill of the dead. Consider removing this page, your objective > > was successful. > > > > Which organization is dead? Which URL do you object to? <zorrofox@Safe-mail.net> wrote in message news:mailman.122.1131904084.169.spamcop-list@news.spamcop.net... > Secret to Reclaim Your Power is the dead organization and their URL is http://www.reclaimyourpower.com/. Spamcop URL is http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html OK, so "Secret to Reclaim Your Power" is dead. Their old URL http://www.reclaimyourpower.com/ appears to have been picked up by North American Internet, LLC, and appears now to refresh to to scammy-looking cookielicious search page http://lb1.youbettersearch.com/index/Site=d3d3LnJlY2xhaW15b3VycG93ZXIuY29t and have the following registration details: whois -h whois.itsyourdomain.com reclaimyourpower.com ... The Data in ItsYourDomain's WHOIS database is provided by ItsYourDomain.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. ItsYourDomain.com does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to ItsYourDomain.com, its systems, or its customers. ItsYourDomain reserves the right to modify these terms at any time.By submitting this query, you agree to abide by this policy. Domain: reclaimyourpower.com Registrant North American Internet, LLC North American Internet, LLC nai@ureach.com 5201 Kingston Pike, Suite 6323 Knoxville, TN 37919 US +1.8778936910 +1.8778936910 (FAX) Administrative North American Internet, LLC North American Internet, LLC nai@ureach.com 5201 Kingston Pike, Suite 6323 Knoxville, TN 37919 US +1.8778936910 +1.8778936910 (FAX) Billing North American Internet, LLC North American Internet, LLC nai@ureach.com 5201 Kingston Pike, Suite 6323 Knoxville, TN 37919 US +1.8778936910 +1.8778936910 (FAX) Technical North American Internet, LLC North American Internet, LLC nai@ureach.com 5201 Kingston Pike, Suite 6323 Knoxville, TN 37919 US +1.8778936910 +1.8778936910 (FAX) Record created on April 15, 2005 Record last updated on April 22, 2005 Record expires on April 15, 2006 Domain Name Servers: ns5.itsyourdomain.com ns6.itsyourdomain.com Your initial comments are also reflected in SpamCop's archive for this list/newsgroup/forum for this month http://news.spamcop.net/pipermail/spamcop-list/2005-November/ at http://news.spamcop.net/pipermail/spamcop-list/2005-November/106316.html and http://news.spamcop.net/pipermail/spamcop-list/2005-November/106339.html , and this message should also be reflected there as soon as I post it. Readers can make their own decisions about what to believe. Why do you care whether or not a post from nearly five years ago is stil visible on the Internet? If you wish an exception to the policy of not removing anything from the list archives, please email news@news.spamcop.net. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sun Nov 13 15:33:52 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 15:40:02 2005 Subject: [SpamCop-List] Re: MailWasher Pro 5.0 Limit? References: <dl783q$o70$1@news.spamcop.net> Message-ID: <dl883c$820$1@news.spamcop.net> "Jim" <jhb@vbe.com> wrote in message news:dl783q$o70$1@news.spamcop.net... > Is there a limit to the number of spam msgs that can be submitted to SpamCop > via MailWasher Pro at any given time? When I try transmitting more than 3 > or 4 msgs the transmission is terminated by the server and none of my msgs > make it to SpamCop. When transmitting just a couple of msgs everything is > fine. MailWasher Pro 5.0 should be following the normal submission limits of 50,000 bytes per attached spam message and 100,000 bytes per submission. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sun Nov 13 15:47:16 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 15:50:03 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> Message-ID: <dl88ol$8e6$1@news.spamcop.net> "*selah*" <pzion.naax@yahoo.com> wrote in message news:dl6teb$hvk$1@news.spamcop.net... > Excuuuuuse me - but there is nothing about password trouble on the 1st > page I go to www.spamcop.net nor the 2nd (after trying to login) > http://www.spamcop.net/mcgi. Nor on the 3rd > http://forum.spamcop.net/forums/index.php? (looking to the help forum to > see if there have been system problems.) I've been trying to reset the > password for over a week. (Our old password didn't function.) So I guess you missed "Unless you've actually forgotten your password, there is probably no need to reset it. Check the Help forum first to see if there is a current system problem" on the "Forgot your password?" page http://www.spamcop.net/denied.shtml , where "Help forum" is a link to http://forum.spamcop.net/forums/index.php? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From nobody at nowhere.spamlovers.com Sun Nov 13 13:05:20 2005 From: nobody at nowhere.spamlovers.com (NOC Areeda.com) Date: Sun Nov 13 16:10:02 2005 Subject: [SpamCop-List] Re: Verisgn Payment Not working? In-Reply-To: <dl866u$70f$1@news.spamcop.net> References: <dl847l$620$1@news.spamcop.net> <dl866u$70f$1@news.spamcop.net> Message-ID: <dl89qg$93l$1@news.spamcop.net> Thanks Jeff, I just did that. Joe > > To expedite response to your problem, please email a SpamCop Admin via > service<at>admin.spamcop.net. > From MikeE at ster.invalid Sun Nov 13 13:33:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 13 16:35:04 2005 Subject: [SpamCop-List] Re: spamhaus pwebtech.com and MLM scammers mentorswin.com References: <responseguard-CD01D6.09331913112005@news.cesmail.net> Message-ID: <dl8bep$a1j$1@news.spamcop.net> Bob W. wrote: > 69.72.218.250 rDNS server01.mentorswin.com of Pegasus Web arin abuse@pwebtech.com abuse.net reg'd abuse@pwebtech.com reg@pwebtech.com abuse@nlayer.net abuse@above.net jason@pwebtech.com (for pwebtech.com) - SC notifies abuse@above.net abuse@pwebtech.com abuse@nlayer.net because of reg and jason redirects 69.72.218.250 SCbl/ed for reporter reports In the past 169.7 days, it has been listed 33 times for a total of 33.4 days also listed in DNSBLNETAUT1 (127.0.0.2) & AHBL (127.0.0.4) & AMMDNSBL -- which aren't heavyweights If you wanted to notify the Pegasus AS25653 upstream adjacency for 'non-responsiveness', which isn't strictly true, as they responded with an offer to listwash, it would be AS4436 AS-NLAYER - nLayer Comm abuse@nlayer.net Having a server listed in SCbl is not an insignificant listing; and it appears to be the only output server for mentorswin -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Nov 13 13:39:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 13 16:40:01 2005 Subject: [SpamCop-List] Re: spamhaus pwebtech.com and MLM scammers mentorswin.com References: <responseguard-CD01D6.09331913112005@news.cesmail.net> <dl8bep$a1j$1@news.spamcop.net> Message-ID: <dl8bpf$a69$1@news.spamcop.net> Mike Easter wrote: > SC notifies abuse@above.net abuse@pwebtech.com > abuse@nlayer.net because of reg and jason redirects > AS4436 AS-NLAYER - nLayer Comm abuse@nlayer.net Which is being notified already by the SC abuse.net notifies. -- Mike Easter kibitzer, not SC admin From pzion.naax at yahoo.com Sun Nov 13 17:45:29 2005 From: pzion.naax at yahoo.com (*selah*) Date: Sun Nov 13 16:50:03 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl6un1$in1$1@news.spamcop.net> Message-ID: <dl8c5c$afj$1@news.spamcop.net> This is what is currently on my www.spamcop.net page: NEWS:Postmasters, please limit forgery blow-back: Delayed bounces, virus notices, vacation messages More.. Nothing about password problems. "Berny" <bar_n0ne@hotmail.com> wrote in message news:dl6un1$in1$1@news.spamcop.net... > > "*selah*" <pzion.naax@yahoo.com> wrote in message > news:dl6teb$hvk$1@news.spamcop.net... > > Excuuuuuse me - but there is nothing about password trouble on the 1st > > page I go to www.spamcop.net nor the 2nd (after trying to login) > > http://www.spamcop.net/mcgi. Nor on the 3rd > > http://forum.spamcop.net/forums/index.php? (looking to the help forum to > > see if there have been system problems.) I've been trying to reset the > > password for over a week. (Our old password didn't function.) > > > From the www.spamcop.net front page: > > News: (Last Modified: Wed Nov 2 14:30:04 2005 GMT Wednesday, November 02, > 2005 6:30:04 PM +0400) (Email-account news) > > 11/2/2005 Sporadic System Problems > We are having sporadic system problems which you may see as failure to be > able to log-in or other error messages. Please do not change your password > as this will not resolve the problem. > > Operations and engineering are working on the issues. We thank you for your > patience while we track this down. > > The spamcop email system is not affected and continues to operate. > > > > > > Postmasters, please limit forgery blow-back: > > > From pzion.naax at yahoo.com Sun Nov 13 17:48:31 2005 From: pzion.naax at yahoo.com (*selah*) Date: Sun Nov 13 16:50:16 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl88ol$8e6$1@news.spamcop.net> Message-ID: <dl8cb1$ahf$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl88ol$8e6$1@news.spamcop.net... > "*selah*" <pzion.naax@yahoo.com> wrote in message > news:dl6teb$hvk$1@news.spamcop.net... > > Excuuuuuse me - but there is nothing about password trouble on the 1st > > page I go to www.spamcop.net nor the 2nd (after trying to login) > > http://www.spamcop.net/mcgi. Nor on the 3rd > > http://forum.spamcop.net/forums/index.php? (looking to the help forum > to > > see if there have been system problems.) I've been trying to reset the > > password for over a week. (Our old password didn't function.) > > > So I guess you missed "Unless you've actually forgotten your password, > there is probably no need to reset it. Check the Help forum first to see > if there is a current system problem" on the "Forgot your password?" > page http://www.spamcop.net/denied.shtml , where "Help forum" is a link > to http://forum.spamcop.net/forums/index.php? So I guess you missed: > > Nor on the 3rd > > http://forum.spamcop.net/forums/index.php? (looking to the help forum > to > > see if there have been system problems.) in my post. From jeffg at spamcop.net Sun Nov 13 17:37:10 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 17:40:05 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl6un1$in1$1@news.spamcop.net> <dl8c5c$afj$1@news.spamcop.net> Message-ID: <dl8f7d$c5h$1@news.spamcop.net> "*selah*" <pzion.naax@yahoo.com> wrote in message news:dl8c5c$afj$1@news.spamcop.net... [top posting corrected] > "Berny" <bar_n0ne@hotmail.com> wrote in message > news:dl6un1$in1$1@news.spamcop.net... > > From the www.spamcop.net front page: > > > > News: (Last Modified: Wed Nov 2 14:30:04 2005 GMT Wednesday, November > 02, > > 2005 6:30:04 PM +0400) (Email-account news) > > > > 11/2/2005 Sporadic System Problems [top posting corrected] > This is what is currently on my www.spamcop.net page: > NEWS:Postmasters, please limit forgery blow-back: > Delayed bounces, virus notices, vacation messages More.. > > Nothing about password problems. What do you see after "News: (Last Modified:"? Please stop top posting, as it is considered bad netiquette and gets the conversation out of order. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jeffg at spamcop.net Sun Nov 13 17:54:29 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 18:05:10 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl88ol$8e6$1@news.spamcop.net> <dl8cb1$ahf$1@news.spamcop.net> Message-ID: <dl8goa$d2n$1@news.spamcop.net> "*selah*" <pzion.naax@yahoo.com> wrote in message news:dl8cb1$ahf$1@news.spamcop.net... > So I guess you missed: > > > > Nor on the 3rd > > > http://forum.spamcop.net/forums/index.php? (looking to the help > forum > > to > > > see if there have been system problems.) > > in my post. "SpamCop Discussion latest news: Parsing & Reporting System Was Down" doesn't qualify as a system problem? How about my Pinned Announcement "System outages/instability" quoting Ellen's post of Wed, 2 Nov 2005 09:22:39 -0500 in this Forum (among others) with the subject "System outages/instability"? Most of that post was as follows: "yes we are having system problems and operations/engineering is working the issues. You may see failures trying to log-in or other error messages. Please do not try to change your password as this will not solve the problem. The problems will probably continue sporadically. There is no ETA right now for complete resolution but this is being treated by everyone as a priority 1 situation. Thank you for your patience!" That post has not yet been contradicted in public by a SpamCop Admin or Deputy. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From zorrofox at Safe-mail.net Sun Nov 13 18:05:21 2005 From: zorrofox at Safe-mail.net (zorrofox@Safe-mail.net) Date: Sun Nov 13 18:05:27 2005 Subject: [SpamCop-List] Re: Dead Organization Message-ID: <N1-yQQ7gzGn2q@Safe-mail.net> Thank you for the update of the new owners of reclaimyourpower.com. -------- Original Message -------- From: "Jeff G." <jeffg@spamcop.net> Apparently from: spamcop-list-bounces-+zorrofox=safe-mail.net@news.spamcop.net To: zorrofox@safe-mail.net Subject: Re: [SpamCop-List] Re: Dead Organization Date: Sun, 13 Nov 2005 15:29:21 -0500 > I wrote: > > > <zorrofox@Safe-mail.net> wrote in message > > > news:mailman.121.1131828078.169.spamcop-list@news.spamcop.net... > > > > > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > > > > > > > The above URL is a dead organization. Spamcop is successful, this > > > organization is dead. Its links go nowhere. Keeping this page up is > > > speaking ill of the dead. Consider removing this page, your > objective > > > was successful. > > > > > > Which organization is dead? Which URL do you object to? > > <zorrofox@Safe-mail.net> wrote in message > news:mailman.122.1131904084.169.spamcop-list@news.spamcop.net... > > Secret to Reclaim Your Power is the dead organization and their URL is > http://www.reclaimyourpower.com/. Spamcop URL is > http://news.spamcop.net/pipermail/spamcop-help/2000-December/000699.html > > OK, so "Secret to Reclaim Your Power" is dead. Their old URL > http://www.reclaimyourpower.com/ appears to have been picked up by North > American Internet, LLC, and appears now to refresh to to scammy-looking > cookielicious search page > http://lb1.youbettersearch.com/index/Site=d3d3LnJlY2xhaW15b3VycG93ZXIuY29t > and have the following registration details: > > whois -h whois.itsyourdomain.com reclaimyourpower.com ... > The Data in ItsYourDomain's WHOIS database is provided by > ItsYourDomain.com > for information purposes, and to assist persons in obtaining information > about or related to a domain name registration record. > ItsYourDomain.com > does not guarantee its accuracy. By submitting a WHOIS query, you agree > that you will use this Data only for lawful purposes and that, under no > circumstances will you use this Data to: (1) allow, enable, or otherwise > support the transmission of mass unsolicited, commercial advertising or > solicitations via e-mail (spam); or (2) enable high volume, automated, > electronic processes that apply to ItsYourDomain.com, its systems, or > its > customers. ItsYourDomain reserves the right to modify these terms at any > time.By submitting this query, you agree to abide by this policy. > > > Domain: reclaimyourpower.com > > Registrant > North American Internet, LLC > North American Internet, LLC > nai@ureach.com > 5201 Kingston Pike, Suite 6323 > Knoxville, TN 37919 US > +1.8778936910 > +1.8778936910 (FAX) > > Administrative > North American Internet, LLC > North American Internet, LLC > nai@ureach.com > 5201 Kingston Pike, Suite 6323 > Knoxville, TN 37919 US > +1.8778936910 > +1.8778936910 (FAX) > > Billing > North American Internet, LLC > North American Internet, LLC > nai@ureach.com > 5201 Kingston Pike, Suite 6323 > Knoxville, TN 37919 US > +1.8778936910 > +1.8778936910 (FAX) > > Technical > North American Internet, LLC > North American Internet, LLC > nai@ureach.com > 5201 Kingston Pike, Suite 6323 > Knoxville, TN 37919 US > +1.8778936910 > +1.8778936910 (FAX) > > Record created on April 15, 2005 > Record last updated on April 22, 2005 > Record expires on April 15, 2006 > > Domain Name Servers: > ns5.itsyourdomain.com > ns6.itsyourdomain.com > > Your initial comments are also reflected in SpamCop's archive for this > list/newsgroup/forum for this month > http://news.spamcop.net/pipermail/spamcop-list/2005-November/ at > http://news.spamcop.net/pipermail/spamcop-list/2005-November/106316.html > and > http://news.spamcop.net/pipermail/spamcop-list/2005-November/106339.html > , and this message should also be reflected there as soon as I post it. > Readers can make their own decisions about what to believe. Why do you > care whether or not a post from nearly five years ago is stil visible on > the Internet? > > If you wish an exception to the policy of not removing anything from the > list archives, please email news@news.spamcop.net. > > -- > Thanks and Best Regards, Jeff G. > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. > > _______________________________________________ > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list From g.hyde at bigpond.net.au Mon Nov 14 09:11:51 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Nov 13 18:15:02 2005 Subject: [SpamCop-List] Ralsky et al still spamming ... Message-ID: <dl8h7l$di6$1@news.spamcop.net> http://www.spamcop.net/sc?id=z826533845za51d89ba13b2363bac9760e07313de26z Just received this crudload of software "offers" in the email this morning. Stuff which would more than likely be packed with the usual trojans and zombification viruses. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sun Nov 13 19:06:56 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Nov 13 19:25:29 2005 Subject: [SpamCop-List] Re: Verisgn Payment Not working? References: <dl847l$620$1@news.spamcop.net> <06ifn1h0mq5gtvo7efto760saghdotfuj9@4ax.com> Message-ID: <dl8l9b$fta$1@news.spamcop.net> "SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message news:06ifn1h0mq5gtvo7efto760saghdotfuj9@4ax.com... > Handled by email... > > NOC Areeda.com wrote: > >-I've been trying to add fuel. I much prefer Verisign over PayPal but > >-haven't been able to for a week now. > > I just used VeriSign to add fuel to my test account using both Firefox > 1.0.6 and Netscape 7.2 and everything worked fine. > > On the other hand, the error message you sent clearly indicates a > problem between them and us. > > I'm trying to figure out what might be happening. > > - Don D'Minion - SpamCop Admin - Thank you, Don! -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From egyr05 at prodigy.net.mx Sun Nov 13 19:05:53 2005 From: egyr05 at prodigy.net.mx (enrique gonzalez) Date: Sun Nov 13 20:10:06 2005 Subject: [SpamCop-List] Re: Invite me References: <dl6m19$e30$1@news.spamcop.net> <dl6pes$fn5$1@news.spamcop.net> <dl6pia$fqo$1@news.spamcop.net> <dl6srd$hlj$1@news.spamcop.net> Message-ID: <dl8ntv$h5s$1@news.spamcop.net> Oh.....!! well I guess I was in the wrong group I was tring to get invited to gmail.... but any way have fun....! "Borgholio" <borgholio@storymind.com> escribió en el mensaje news:dl6srd$hlj$1@news.spamcop.net... > Dar wrote: >> "Borgholio" <borgholio@storymind.com> wrote in message >> news:dl6pes$fn5$1@news.spamcop.net... >> >>>enrique gonzalez wrote: >>> >>>>Please invite me >>>> >>>> >>> >>>I'm sorry, this event is for family and close friends only. If you seek >>>quality entertainment, I can recommend many a fine place in Las Vegas, >> >> Nevada. >> >> Personally, I prefer Key West. During non-hurricane season, of course. >> >> Dar >> >> > > After the recent hurricane season I think it should be renamed to Key > East. :) From MikeE at ster.invalid Sun Nov 13 17:31:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Nov 13 20:35:03 2005 Subject: [SpamCop-List] Re: Invite me References: <dl6m19$e30$1@news.spamcop.net> <dl6pes$fn5$1@news.spamcop.net> <dl6pia$fqo$1@news.spamcop.net> <dl6srd$hlj$1@news.spamcop.net> <dl8ntv$h5s$1@news.spamcop.net> Message-ID: <dl8pde$i1o$1@news.spamcop.net> enrique gonzalez wrote: > Oh.....!! well I guess I was in the wrong group I was tring to get > invited to gmail.... but any way have fun....! There's a gmail-invites group here http://groups.google.com/group/Gmail-Invites -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Nov 13 20:08:04 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Nov 13 21:10:03 2005 Subject: [SpamCop-List] Re: Invite me References: <dl6m19$e30$1@news.spamcop.net> <dl6pes$fn5$1@news.spamcop.net> <dl6pia$fqo$1@news.spamcop.net> <dl6srd$hlj$1@news.spamcop.net> <dl8ntv$h5s$1@news.spamcop.net> Message-ID: <dl8ri4$j2f$1@news.spamcop.net> "enrique gonzalez" <egyr05@prodigy.net.mx> wrote in message news:dl8ntv$h5s$1@news.spamcop.net... > Oh.....!! well I guess I was in the wrong group I was tring to get invited > to gmail.... but any way have fun....! You attempted registering in the Forum with the above address. That account is still waiting for the Validation process to be completed. You then generated another account and did go through the process on that account. You then posted your "Invite me" request in the Forum at http://forum.spamcop.net/forums/index.php?showtopic=4239 20 minutes later, you jump into these newsgroups and post your "Invite me" thing which has no connection to anything going in this newsgroup. Not sure how you could confuse NNTP stuff with Forum stuff ..... and why one wouldn't return to the original spot the request was generated ...????? From nobody at devnull.spamcop.net Sun Nov 13 21:24:16 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Nov 13 21:25:03 2005 Subject: [SpamCop-List] Re: Rumor: Spamcop spamvertised websites future References: <BF996289.3FC%sorcerer2@hotmail.com> <0giEaaGhrugj@eisner.encompasserve.org> <BF9A69D8.53C%sorcerer2@hotmail.com> <hizkSixtxDZ1@eisner.encompasserve.org> <BF9AA90D.66D%sorcerer2@hotmail.com> <dl4gf5$4jn$1@news.spamcop.net> <BF9CF6FC.8E1%sorcerer2@hotmail.com> Message-ID: <dl8sf3$jjv$1@news.spamcop.net> "Sir Sorcerer" <sorcerer2@hotmail.com> wrote in message news:BF9CF6FC.8E1%sorcerer2@hotmail.com... > On 11/12/05 5:34 AM, in article dl4gf5$4jn$1@news.spamcop.net, "Miss Betsy" > <nobody@devnull.spamcop.net> wrote: > <snip> > > I am curious. Just what percentage of spam do you catch using > > spamvertized websites (that haven't been caught already by other > > filters)? Or is it just part of a scoring system? > > > > Miss Betsy > > > > > After DNSbls (SC, SBL/XBL, ORDB, SORBS, NJABL, a local one and a few others) > and after some other types of content. We stop an additional 29% by using > content rules created from and algorithm of our which is applied to a large > number of url sources. We have a 28 hour running window and have around 2100 > fingerprints at any one time. We have found these require no need of > scoring. That's interesting. Thanks! Miss Betsy From nobody at xyzzy.claranet.de Mon Nov 14 06:19:52 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Nov 14 00:25:20 2005 Subject: [SpamCop-List] Re: Dead Organization References: <mailman.121.1131828078.169.spamcop-list@news.spamcop.net> <dl5m7p$spj$1@news.spamcop.net> Message-ID: <43781E78.1415@xyzzy.claranet.de> Mike Easter wrote: > an archived message posted to spamcop.help claiming to have > been posted from a website [which is a curious statement even > in 2000 Dec] I've no idea when that feature was removed, but it was later - I used it for my first questions in help... ;-) Apparently it still existed in April 2002: http://news.spamcop.net/pipermail/spamcop-help/2002-April/001511.html I'm too lazy to check May etc. for spamcop-help@news.spamcop Bye, Frank From nobody at xyzzy.claranet.de Mon Nov 14 06:38:26 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Nov 14 00:40:03 2005 Subject: [SpamCop-List] Re: Odd Source Line References: <437473EE.1475A8D3@Spamcop.net.dev.null> <dl2f30$13k$1@news.spamcop.net> <dl2moq$567$1@news.spamcop.net> <dl307h$a5g$1@news.spamcop.net> Message-ID: <437822D2.2FF9@xyzzy.claranet.de> Mike Easter wrote: > I was being facetious, sarcastic, ironic. Something like ;-> ? Last time I saw a similar problem the author explained: "I'm English - I'm excused from using mandatory smileys" (or similar, neither Google nor GMaNe find the source ;-) Bye, Frank From nobody at xyzzy.claranet.de Mon Nov 14 07:38:26 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Nov 14 01:45:17 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> <Xns97037DF897D25tinlc@216.154.195.61> <dkebuk$15a$1@news.spamcop.net> <436B1DC5.75D3@xyzzy.claranet.de> <dkg0jp$uhf$1@news.spamcop.net> <436BF8F0.5E5C@xyzzy.claranet.de> <Xns97051CF0D642Dtinlc@216.154.195.61> Message-ID: <437830E2.1B28@xyzzy.claranet.de> Redstone wrote: [Why does Julian not fix the broken parser ?] > But he may not do it for various reasons. > Namely Geocities' lackluster response. I've found a workaroud (hundreds of reloads are boring): 1 - Finish all other pending manual reports (not geocities) 2 - Copy offending geocities URL to clipboard 3 - Open "report spam" Web form in a second window 4 - Paste geocities URL and click "process spam" 5 - Copy report address network-abuse@cc.yahoo-inc.com to clipboard (steps 2..5 unnecessary if you have saved network-abuse@cc.yahoo-inc.com elsewhere) 6 - still in the second window go to http://www.spamcop.net/mcgi?action=showadvanced 7 - paste report address into "Public standard report recipients" and save the modified preferences 8 - in the first window "reload", now the report address network-abuse@cc.yahoo-inc.com is shown 9 - send report, finish all other pending geocities reports 10 - remove network-abuse@cc.yahoo-inc.com again from "Public standard report recipients" in preferences Not precisely straight forward. Another strategy would be to keep the "Public standard report recipients", and disable it manually for non-geocities reports. But even the complete 10 steps are faster than hundreds of reloads. Bye, Frank From pzion.naax at yahoo.com Mon Nov 14 02:52:08 2005 From: pzion.naax at yahoo.com (*selah*) Date: Mon Nov 14 01:55:06 2005 Subject: [SpamCop-List] Re: password issues References: <dl3q97$nll$1@news.spamcop.net> <dl4dld$37c$1@news.spamcop.net> <dl4gai$4ht$1@news.spamcop.net> <dl6teb$hvk$1@news.spamcop.net> <dl6un1$in1$1@news.spamcop.net> <dl8c5c$afj$1@news.spamcop.net> <dl8f7d$c5h$1@news.spamcop.net> Message-ID: <dl9c6g$v3c$1@news.spamcop.net> "Jeff G." <jeffg@spamcop.net> wrote in message news:dl8f7d$c5h$1@news.spamcop.net... > What do you see after "News: (Last Modified:"? There is nothing on the page that says "news: (Last Modified:" This is the page: Help | Site Map | Text size: - + Report Spam Filtered Email Blocking List Statistics Login SpamCop is the premier service for reporting spam. SpamCop determines the origin of unwanted email and reports it to the relevant Internet service providers. By reporting spam, you have a positive impact on the problem. Reporting unsolicited email also helps feed spam filtering systems, including, but not limited to, SpamCop's own service. REPORT SPAM Report spam to help Internet providers cut spam off at the source. Register Now GET SPAM-FREE EMAIL Professional-grade SpamCop email accounts feature spam reporting, customizable spam and virus filtering and simultaneous Webmail, POP and IMAP access. Learn More USE FREE BLOCKING LIST Use the SpamCop DNS-based Blocking List with your own mailserver and get safe and effective spam filtering for free. Learn How Legal / Technical description REPORTED FOR SPAMMING? Find out about SpamCop reports and spam blocking, email deliverability problems and what you can do to ensure that your mail will get through. Learn More GET HELP Get information from SpamCop's extensive FAQ and active user community. Help Home Donate to SpamCop's Legal Defense fund. NEWS:Postmasters, please limit forgery blow-back: Delayed bounces, virus notices, vacation messages More.. Copyright (C) 1998-2005, IronPort Systems, Inc. All rights reserved. HTML4 / CSS2 Firefox recommended - Policies and Disclaimers From bar_n0ne at hotmail.com Mon Nov 14 10:55:35 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Nov 14 02:00:03 2005 Subject: [SpamCop-List] Re: Geocities problem still unsolved References: <43663619.A9@xyzzy.claranet.de> <436A0F20.4804@xyzzy.claranet.de> <Xns97037DF897D