From nobody at nowhere.invalid Wed Feb 1 00:06:14 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jan 31 18:10:03 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: <1iavuhd45fed7$.dlg@news.spamcop.net> Message-ID: On Tue, 31 Jan 2006 14:53:46 -0800, N. Miller coughed into spamcop and left this in <1iavuhd45fed7$.dlg@news.spamcop.net>: > Comcast supposedly monitors their customers; but they are not doing a > very good job of it. At some point, they will have to implement a > system wide block on outbound port 25 to non-local (to Comcast) SMTP > servers. I have heard that it is under consideration by management; > but they are moving very slowly on the matter. Last I heard of it, marketing told management that it would cost too much to field the customer support calls, so they shelved the idea of blanket port 25 blocking. -- Steve QUARK: The sound made by a well-bred duck: From nobody at devnull.spamcop.net Wed Feb 1 11:40:39 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue Jan 31 21:45:02 2006 Subject: [SpamCop-List] Re: Comcast, etc. In-Reply-To: References: Message-ID: Steven Maesslein wrote: > ... they do cater specifically for spammers. Just like the > rest of APNIC "controlled" space. I *am* in APNIC space. And thank you - I am not a spammer, nor to I cater for spammers! From / at /.cn Wed Feb 1 16:15:52 2006 From: / at /.cn (Petzl) Date: Wed Feb 1 00:20:03 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: "Stephen Bye" wrote in message news:dronbd$8nn$1@news.spamcop.net... > Forgive my naivety, but what's the deal with companies like Comcast and > Kornet? Do they deliberately sign up spammers, or do they kick themselves > 20 times a day, saying "Damn! We fell for it again!"? > Does any "real" e-mail ever come from them, or is it practical to just > block the whole domain? > > -- > Stephen Bye > stephenbye@byedesign.freeserve.co.uk > Problems with both Comcast and Kornet is not their legitimate mail servers it is all the Trojans zombies that infect their customers Blocking port 25 is the solution for this his page is informative http://pages.infinit.net/filmore/educateYourISP.htm This signature has some good protection for windows users Petzl -- SECURE YOUR WINDOWS COMPUTER NOW!! Keep Windows UPDATED AVG 7.0 Free Edition" Anti-Virus Check your computer for "SpyWare" (free MS Product) a good firewall for windows(free version available) Use a Password Saver on USB removable drive to store passwords From nobody at xyzzy.claranet.de Wed Feb 1 06:50:53 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Feb 1 00:55:01 2006 Subject: [SpamCop-List] Re: FDA Quits: Filtering Reports, Rejecting Spam References: <43DF5A26.88F1498F@SpamCop.devnull.diespammerdie.net> <43DF9C61.3B720F26@SpamCop.devnull.diespammerdie.net> Message-ID: <43E04C3D.3E47@xyzzy.claranet.de> Michael Brennan wrote: > Just in case it's the unwrapped -line issue instead of a new > no-spam policy, I'll try them with a few more submissions. Please tell us what you find, I'd delete the "viagra" nick in my address book (= FDA + SC) if they finally dropped the ball. Didn't use it for some months, but it used to work in 2005 (?) Bye, Frank From kram at kramselkub.moc Wed Feb 1 00:41:09 2006 From: kram at kramselkub.moc (Mark Buckles) Date: Wed Feb 1 03:45:08 2006 Subject: [SpamCop-List] Blacklist by Subject? Message-ID: I am a new subscriber to SpamCop's e-mail filtering service - already I love it! Question: I see that I can set up a blacklist to block e-mail by listing a sender's adress; is there a way to refuse the acceptance of e-mail according to the content of the subject line? The reason I ask is because I get a lot of e-mail with strange characters in the subject. Example: http://www.markbuckles.com/misc/spam.jpg (note: I have all the DNS Blacklist options selected, and SpamAssassin level set to 5) It would be nice to be able to configure filters that would disallow delivery of such e-mail. eg: if subject contains ?, do not receive. If there is a way to do this, please tell me how. Also, is there a way to deny acceptance of e-mail according to country of origin? Thanks! Best Regards, Mark Buckles San Diego From jzeitlin at spamcop.net Wed Feb 1 03:53:45 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Wed Feb 1 03:55:02 2006 Subject: [SpamCop-List] Re: average reporting time References: Message-ID: On Wed, 25 Jan 2006 15:54:58 +0100, Steven Maesslein wrote: >On Wed, 25 Jan 2006 16:16:48 +0200, gezgin coughed into spamcop and left >this in : > >> Are you on a dial-up connection or do you have full-time (ADSL/cable etc) >> access? > >Even that wouldn't make much difference, I think. > >I have a permanent connection to the 'Net and most of my spam is >reported to SC the *second* it arrives here (in spam traps) by an >automated process, and yet my average is still stuck fast at 2h. > >Personally, I don't pay much attention to it anyway. I haven't ever since I was at 8 hours, after many thousands of spam items processed - and over the course of TWO items, I went first to thirteen hours and then to twenty-seven. In the intervening ... three? ,,, years, I've worked it down to 17. It's unsual for a spam to sit more than about ten hours. -- E?nw? (SpamCop subscriber, not staff/admin) From nobody at nowhere.invalid Wed Feb 1 11:29:08 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 1 05:30:15 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: <1iavuhd45fed7$.dlg@news.spamcop.net> <1tnjvo0t6db6m.dlg@news.spamcop.net> Message-ID: On Tue, 31 Jan 2006 17:34:06 -0800, N. Miller coughed into spamcop and left this in <1tnjvo0t6db6m.dlg@news.spamcop.net>: > That was a year ago. Comcast management may be warming to the idea, now. > They already, reportedly, block their own customers from connecting to > their MX servers. Comcast customers can only connect to Comcast message > submission servers from Comcast connections. *sigh* I suppose that's to be expected from a cable company. They never will learn that some customers need to be able to send mail while on the road and that the way to do that is by SMTP AUTH. So, instead of cutting off the abusive behaviour, they're punishing their own customers who are trying to do the Right Thing(tm). Morons. -- Steve Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. From nobody at nowhere.invalid Wed Feb 1 11:32:32 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 1 05:35:02 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: On Wed, 01 Feb 2006 11:40:39 +0900, Patto coughed into spamcop and left this in : > I *am* in APNIC space. You have my condolences. > And thank you - I am not a spammer, nor to I cater for spammers! You are definitely in the minority! -- Steve Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. From MikeE at ster.invalid Wed Feb 1 05:25:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 1 08:25:04 2006 Subject: [SpamCop-List] Re: Blacklist by Subject? References: Message-ID: Mark Buckles wrote: > I am a new subscriber to SpamCop's e-mail filtering > service - already I love it! > > Question: I see that I can set up a blacklist to > block e-mail by listing a sender's adress; is > there a way to refuse the acceptance of e-mail > according to the content of the subject line? What you have displayed in the link below is subjects which contain 8 bit ascii chars > The reason I ask is because I get a lot of e-mail > with strange characters in the subject. Example: > http://www.markbuckles.com/misc/spam.jpg I use SpamPal which has a user configurable regex plugin which contains a line: SUBJECT: 220.0 {([\x80-\xff].*){6,}} [SUBJ_FULL_OF_8BITS Subject is full of 8-bit characters] which means that regex would assign a value of 220.0 [of 500 for spam] for the appearance of 8 bit chars and I could tune that value up or down -- or I could tune up or down the 'breaking point' for spam value. I'm not experienced with SC mail's filter system, but my understanding is that you can't 'reconfigure' the SA SpamAssassin filter rules, you can only adjust what level of value you want to recognize as spam. SA has a lot of different kinds of rules to cover issues like these, but I don't think you can independently configure them. The SA rules which SC uses and their values are the same for all SC mail users. I think. > (note: I have all the DNS Blacklist options selected, > and SpamAssassin level set to 5) > > It would be nice to be able to configure filters > that would disallow delivery of such e-mail. > eg: if subject contains ?, do not receive. > > If there is a way to do this, please tell me how. > > Also, is there a way to deny acceptance of e-mail > according to country of origin? Yes, but I think there was a problem with that filter or list recently. Maybe it is fixed now. This discussion group is about general questions about spamcop; there is another ng about questions about the SC mail service, and some of the people who support mail questions prefer to support those questions in the webforum. I'll post this reply to both groups and make followups to spamcop.mail. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Feb 1 10:13:25 2006 From: nobody at spamcop.net (indigo) Date: Wed Feb 1 10:15:03 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: <1iavuhd45fed7$.dlg@news.spamcop.net> <1tnjvo0t6db6m.dlg@news.spamcop.net> Message-ID: Steven Maesslein wrote: > I suppose that's to be expected from a cable company. They never will > learn that some customers need to be able to send mail while on the > road and that the way to do that is by SMTP AUTH. So, instead of > cutting off the abusive behaviour, they're punishing their own > customers who are trying to do the Right Thing(tm). > > Morons. You can't send email on the road using the Comcast Webmail site? I'll admit I've only ever used the online mail for checking/reading mail, don't really know for sure if you can send, but I can't imagine one not being able to.....but I assume your complaint is not being able to use a proper email client to send mail thru the Comcast servers, correct? From newspost at deletethispart.hypercreations.com Wed Feb 1 15:46:14 2006 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Wed Feb 1 10:50:02 2006 Subject: [SpamCop-List] SC email server down again Message-ID: Can't POP the SC email server, nor can I reach the webmail system. It's not an issue with my connection, because I tried reaching the webmail page from other connections also. DT From news at REMOVECAPSalanharper.com Wed Feb 1 07:54:11 2006 From: news at REMOVECAPSalanharper.com (Alan Harper) Date: Wed Feb 1 10:55:02 2006 Subject: [SpamCop-List] Re: SC email server down again References: Message-ID: <010220060754116640%news@REMOVECAPSalanharper.com> > Can't POP the SC email server, nor can I reach the webmail system. It's not > an issue with my connection, because I tried reaching the webmail page from > other connections also. > me too 7:53AM PST From dont_spam at thecow.me.uk Wed Feb 1 16:07:33 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Wed Feb 1 11:15:03 2006 Subject: [SpamCop-List] Re: SC email server down again References: <010220060754116640%news@REMOVECAPSalanharper.com> Message-ID: Alan Harper wrote >> Can't POP the SC email server, nor can I reach the webmail system. It's not >> an issue with my connection, because I tried reaching the webmail page from >> other connections also. >> > >me too 7:53AM PST My name is Steve and I have a confession to make. It is all my fault. I know it is me and I know when I do it as well. It is when I get one of those spams that generate 20 or 30 places to complain to. I like those, they give me a sort of warm fuzzy feeling inside they do but every time I click on the justdoit button the whole system falls over for half an hour. From newspost at deletethispart.hypercreations.com Wed Feb 1 16:13:51 2006 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Wed Feb 1 11:15:04 2006 Subject: [SpamCop-List] Re: SC email server down again References: <010220060754116640%news@REMOVECAPSalanharper.com> Message-ID: steve auvache wrote in news:YkAETNDFzN4DFwHy@thecow.me.uk: > It is when I get one of those spams that generate 20 or 30 places to > complain to. I like those, they give me a sort of warm fuzzy feeling > inside they do but every time I click on the justdoit button the whole > system falls over for half an hour. Funny, but unlikely. What you're referring to would have nothing to do with the mail server, which is entirely separate from the reporting system. DT From newspost at deletethispart.hypercreations.com Wed Feb 1 16:15:26 2006 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Wed Feb 1 11:20:02 2006 Subject: [SpamCop-List] Re: SC email server down again References: Message-ID: It's back up. There was clearly something wrong with the mail server, as POP, IMAP, and webmail were all broken. Maybe someone will "confess" about it on the "SpamCop Email System News" page, here: http://mail.spamcop.net/news.php but probably not... DT From click1510 at earthlink.net Wed Feb 1 08:22:14 2006 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Wed Feb 1 11:25:03 2006 Subject: [SpamCop-List] Re: SC email server down again References: Message-ID: Not quite back up yet as of 8:22 PST. POP3 loginstill fails. C_O "D. T." wrote in message news:Xns975D5E2ADD13Anewsaddresshypercrea@216.154.195.61... > It's back up. There was clearly something wrong with the mail server, as > POP, IMAP, and webmail were all broken. Maybe someone will "confess" about > it on the "SpamCop Email System News" page, here: > > http://mail.spamcop.net/news.php > > but probably not... > > DT From click1510 at earthlink.net Wed Feb 1 08:24:33 2006 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Wed Feb 1 11:25:05 2006 Subject: [SpamCop-List] Re: SC email server down again References: Message-ID: AhAh! Now it works 8:23 PST! Thanks all. C_O "D. T." wrote in message news:Xns975D5E2ADD13Anewsaddresshypercrea@216.154.195.61... > It's back up. There was clearly something wrong with the mail server, as > POP, IMAP, and webmail were all broken. Maybe someone will "confess" about > it on the "SpamCop Email System News" page, here: > > http://mail.spamcop.net/news.php > > but probably not... > > DT From pxpearson at spamxcop.net Wed Feb 1 08:33:03 2006 From: pxpearson at spamxcop.net (Peter Pearson) Date: Wed Feb 1 11:35:02 2006 Subject: [SpamCop-List] Re: Blacklist by Subject? References: Message-ID: Mark Buckles wrote: > . . . is > there a way to refuse the acceptance of e-mail > according to the content of the subject line? I have a Python script that establishes an IMAP connection to Spamcop's mail server, downloads subject lines from mail in my Held folder, and issues instructions to move into my "Spam for Sure" folder all messages whose subject lines have certain properties. (I wanted to treat as spam all messages whose subject lines mixed digits among letters.) In practice, I don't use it much, because it provided only a small improvement over Spamcop's filtering. But I'd be happy to share it with anybody interested. You presumably know that Spamcop's filters allow you to sort messages according to things appearing in the subject lines, and to blacklist certain countries (SpamCop Tools / Select your email filtering blacklists). -- Remove the two x's to get a good email address. From usenet at okean.invalid Wed Feb 1 08:57:42 2006 From: usenet at okean.invalid (Michael Wise) Date: Wed Feb 1 12:00:07 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: In article , Steven Maesslein wrote: > > I *am* in APNIC space. > > You have my condolences. > > > And thank you - I am not a spammer, nor to I cater for spammers! > > You are definitely in the minority! Are you suggesting NZ an AU are spammer hotbeds? I get far more spam on my and my clients' servers from your provider's (Proxad) IP space in any given month than I do from AU or NZ in an entire year. --Mike From nobody at spamcop.net Wed Feb 1 09:09:43 2006 From: nobody at spamcop.net (maulaf) Date: Wed Feb 1 12:10:03 2006 Subject: [SpamCop-List] Clever spam ploy Message-ID: It is spam, however legit it looks. Sent to a single person (me, not Lea Reeder, to whom it is addressed in the body), with no apparent header obfuscations, with a very curt and official looking message to Lea about her "Account Summary", suggesting an error on the sender's part -- a clear tempation to the recipient to click. http://www.spamcop.net/mcgi?action=gettrack&reportid=1643341057 maulaf From MikeE at ster.invalid Wed Feb 1 09:17:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 1 12:20:04 2006 Subject: [SpamCop-List] Re: Clever spam ploy References: Message-ID: maulaf wrote: > It is spam, however legit it looks. > http://www.spamcop.net/mcgi?action=gettrack&reportid=1643341057 If you want to show us a spam, you should provide the tracking url, not a link to the reportid as above. If you are logged in as the reporting account and click that link you gave above, it will take you to the spam in question. At the top of that spam parse is a tracking url which has the environment and configuration of Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z867666044z803573ec5fce6fffc843edbbeb8a31cez That is a tracking url and if you display the one for your link above, we can all see the item. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Feb 1 09:45:41 2006 From: nobody at spamcop.net (maulaf) Date: Wed Feb 1 12:50:02 2006 Subject: [SpamCop-List] Re: Clever spam ploy In-Reply-To: References: Message-ID: Mike Easter wrote: > If you want to show us a spam, you should provide the tracking url, not > a link to the reportid as above. Sorry, new at this. Better next time. From nobody at devnull.spamcop.net Wed Feb 1 12:47:10 2006 From: nobody at devnull.spamcop.net (Pop) Date: Wed Feb 1 12:50:05 2006 Subject: [SpamCop-List] OT? Wuest + Some FYI on Claria, Gator & SiteAdvisor Message-ID: Hi, Post involves spam detection, but much more, so wasn't sure whether to post it here or over in Geeks. Feel free to set f-u's to my post if you think it's necessary. For those who may be interested in GAIN/Gator/Claria et al, whose infestation I recently suffered thru, I can leave a couple of references. One came from the MS Secuirity ng: http://www.benedelman.org/ I mention this one simply because of the amassed information he has and the apparent relibaility of his data - definitely good! But, from that site I got to: http://www.siteadvisor.com/preview/ Which is a gem in istelf! 1. Is anyone familiar with SiteAdvisor? What do you think of it? In its Site Map, you can look up any web site they've crawled (and add your own if the one you want isn't listed) and they will give you information on the amount of spam they've received, popups situation, annoyances and download pushes. I tested it with a few sites I'm aware of and for the most part it looks pretty accurate. The only listing I disagreed with (but a serious problem IMO) was Yahoo: They, and the anonyumous comments, called the site basically clean but that's where the GAIN crapola infestation came from. Might be a problem of age though; the comments weren't recent. I signed up just to correct that situation !! Anyway, they're offering OE and I think it was FFox plug-ins and I was wondering if anyone here had tried them out? I don't want to download something that does exactly what it purports to prevent, if I can help it! I think it looks OK; what say you folk? I've so far found that Yahoo is in bed with GAIN and MSN WAS but apparently is not NOW, considering doing the same thing. There apparenlty was some interest in Vista haveing defaults to "Ignore" GAIN, but still be capable of removing it, but that thankfully seems to have fallen by the wayside. I simply can NOT believe the headway GAIN Is making in its advertising success, even in the courts. It's pathetic and shows the true abilities of our gvt to do anything about crapola. IMO, anyway, and my experience has been pretty consistane where gvt is involved. Regards, Pop From nobody at spamcop.net Wed Feb 1 12:10:35 2006 From: nobody at spamcop.net (John Anderson) Date: Wed Feb 1 13:15:02 2006 Subject: [SpamCop-List] Is Spamcop down? Message-ID: Is Spamcop down, or is part of the internet down? I cannot reach Spamcop. From nobody at spamcop.net Wed Feb 1 12:15:03 2006 From: nobody at spamcop.net (John Anderson) Date: Wed Feb 1 13:20:02 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: NZ and AU should get on a different ip block, so that we can remove the rest of that area from the internet! China, especially, should be totally banned from the internet! From nobody at nowhere.invalid Wed Feb 1 19:33:06 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 1 13:35:03 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: On Wed, 01 Feb 2006 08:57:42 -0800, Michael Wise coughed into spamcop and left this in : > Are you suggesting NZ an AU are spammer hotbeds? AU and NZ are the only reasonably clean parts of APNIC. While there have been issues with AU ISPs, I have to admit that I've received virtually nothing spammy from NZ. AU and NZ should try to set up their own RIR and get the hell out of APNIC. Think AfriNIC - when that RIR was created and started taking control of the netblocks that were controlled by ARIN and RIPE before, it became that much easier to identify African IP space to block. > I get far more spam on my and my clients' servers from your provider's > (Proxad) IP space in any given month than I do from AU or NZ in an > entire year. Alas, I can't argue with that. Then again, have you ever seen me actually praising their abuse desk? I'm one of the first to say that they suck donkey balls. I set myself up as an "Interested 3rd party" for reports about the netblock I'm in, and I sometimes see the same IP address (static, so the same user) spewing crud for weeks on end. It sucks but there isn't much choice in this neck of the woods. -- Steve Don't some of these fortunes just drive you nuts?! Wouldn't you like to see some of them deleted from the system? You can! Just mail to "fortune" with the fortune you hate most, and we MIGHT make sure it gets expunged. From newspost at deletethispart.hypercreations.com Wed Feb 1 18:39:18 2006 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Wed Feb 1 13:40:02 2006 Subject: [SpamCop-List] Re: Is Spamcop down? References: Message-ID: Michael Vilain wrote in news:vilain- 2C20E3.10214801022006@news.cesmail.net: > It's slow and the reporting gate isn't responding for me either. I > attempted to manually report three emails and they timed out. Not > notice on the site or on the email system or the Forum. Although there wasn't a specific announcement of the latest reporting server "hiccup" in the Forums, the "SpamCop Statistics" graphic displayed in the Forums here: http://forum.spamcop.net/forums/index.php? act=module&automodule=custom&page=stats shows a definite gap. Those have been happing for quite some time. DT From usenet at okean.invalid Wed Feb 1 10:55:41 2006 From: usenet at okean.invalid (Michael Wise) Date: Wed Feb 1 14:00:03 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: In article , "John Anderson" wrote: > NZ and AU should get on a different ip block, so that > we can remove the rest of that area from the internet! They are on different blocks...or are you saying they should move their countries away from the Pacific ocean so as not to be in APNIC...thereby saving lazy admins the work or avoiding blocking them. > China, especially, should be totally banned from the internet! Yes, and ample sources with which to do that surgically and precisely already exist. --Mike From usenet at okean.invalid Wed Feb 1 10:58:29 2006 From: usenet at okean.invalid (Michael Wise) Date: Wed Feb 1 14:00:06 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: In article , Steven Maesslein wrote: > > Are you suggesting NZ an AU are spammer hotbeds? > > AU and NZ are the only reasonably clean parts of APNIC. While there have > been issues with AU ISPs, I have to admit that I've received virtually > nothing spammy from NZ. I don't see much in the way of spam from JP either...other than the occasional infected box I see with most ISPs. > > AU and NZ should try to set up their own RIR and get the hell out of > APNIC. Why? The last I looked, both countries are still located in the Pacific region. --Mike From nobody at spamcop.net Wed Feb 1 13:07:36 2006 From: nobody at spamcop.net (John Anderson) Date: Wed Feb 1 14:10:03 2006 Subject: [SpamCop-List] Re: Is Spamcop down? References: Message-ID: Finally got a response from an e-mail spam posting. Spamcop reporting is back up. From nobody at nowhere.invalid Wed Feb 1 21:34:59 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 1 15:35:06 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: On Wed, 01 Feb 2006 10:58:29 -0800, Michael Wise coughed into spamcop and left this in : > Why? The last I looked, both countries are still located in the Pacific > region. And? RIPE stands for "R?seaux IP Europ?ens" (European IP networks) and yet that RIR managed Africa's IP space for ages. Africa is not in Europe as far as I remember. RIPE still manages IP space in the Middle-East to this day, yet the Middle-East isn't in Europe. IP space in sub-saharan Africa used to be handled by ARIN (American Registry of Internet Numbers), yet Zimbabwe for example wasn't in America last time I looked. My point is that the world changes and that nothing prevents an RIR's effective reach including more than or not including parts of what its name would suggest. Therefore, there's nothing to stop APNIC dropping the "Pacific" part, and AU and NZ setting up their own RIR, OceaNIC for example. How's that for a good name? :) APNIC has been permanently tainted because of .in, .id, .cn, .hk, .tw, .my and .kr. -- Steve Why is it that when you transport something by car it's called shipment, but when you transport it by ship it's called cargo? From usenet at okean.invalid Wed Feb 1 13:19:19 2006 From: usenet at okean.invalid (Michael Wise) Date: Wed Feb 1 16:20:06 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: In article , Steven Maesslein wrote: > > Why? The last I looked, both countries are still located in the Pacific > > region. > > And? > > RIPE stands for "Réseaux IP Européens" (European IP networks) and yet > that RIR managed Africa's IP space for ages. Do they now? No? Then why bring it up? > Africa is not in Europe as > far as I remember. RIPE still manages IP space in the Middle-East to > this day, yet the Middle-East isn't in Europe. > > IP space in sub-saharan Africa used to be handled by ARIN (American > Registry of Internet Numbers), yet Zimbabwe for example wasn't in > America last time I looked. Yes, and both CN and KR have ARIN-assigned net blocks as well. I'm not sure In understand your logic. Are you saying it makes sense to take people OUT of RIR's which fit them geographically because either historically or presently there are countries whose IPs are controlled by RIRs not in the same geogrphic area? > > My point is that the world changes and that nothing prevents an RIR's > effective reach including more than or not including parts of what its > name would suggest. Therefore, there's nothing to stop APNIC dropping > the "Pacific" part, and AU and NZ setting up their own RIR, OceaNIC for > example. How's that for a good name? :) True, but there's nothing to stop some mail admins from stop being lazy when the info they need to surgically block the "bad guys" in APNIC space exists. > APNIC has been permanently tainted because of .in, .id, .cn, .hk, .tw, > .my and .kr. Then block those countries. The info with which to do that is readily available and has been for years. --Mike From nobody at devnull.spamcop.net Thu Feb 2 12:15:22 2006 From: nobody at devnull.spamcop.net (Patto) Date: Wed Feb 1 22:15:03 2006 Subject: [SpamCop-List] Re: Clever spam ploy In-Reply-To: References: Message-ID: Mike Easter wrote: > maulaf wrote: >> It is spam, however legit it looks. > >> http://www.spamcop.net/mcgi?action=gettrack&reportid=1643341057 > > If you want to show us a spam, you should provide the tracking url, not > a link to the reportid as above. > > If you are logged in as the reporting account and click that link you > gave above, it will take you to the spam in question. At the top of > that spam parse is a tracking url which has the environment and > configuration of > > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z867666044z803573ec5fce6fffc843edbbeb8a31cez > > That is a tracking url and if you display the one for your link above, > we can all see the item. Thanks, Mike, for extracting the tracker. To the original poster: where do you see anything legitimate-looking in that spam? Just the deliberate spelling "mistakes" is a dead giveaway. From MikeE at ster.invalid Wed Feb 1 20:59:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 2 00:00:03 2006 Subject: [SpamCop-List] Re: Clever spam ploy References: Message-ID: Patto wrote: > Mike Easter wrote: >> maulaf wrote: >>> It is spam, however legit it looks. >> >>> http://www.spamcop.net/mcgi?action=gettrack&reportid=1643341057 >> If you want to show us a spam, you should provide the tracking url, >> not a link to the reportid as above. >> That is a tracking url and if you display the one for your link >> above, we can all see the item. > > Thanks, Mike, for extracting the tracker. I didn't successfully extract the tracker -- that can't be done by anyone but the one who owns the reportid; I used one of my own - not the same. > To the original poster: where do you see anything legitimate-looking > in that spam? Just the deliberate spelling "mistakes" is a dead > giveaway. Disregard anything you are seeing in 'my' spam -- I used my tracker as an example tracker -- it isn't the spam in question. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Thu Feb 2 07:16:48 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Feb 2 02:20:02 2006 Subject: [SpamCop-List] abuse-noverbose@uu.net refuses spamcop reports (Ping Ellen) Message-ID: http://www.spamcop.net/sc? id=z867996338z4df3aab925454335efb71c1f184eeabfz abuse-noverbose@uu.net redirects to abuse@uu.net abuse-noverbose@uu.net refuses spamcop reports Spam report id 1644010398 sent to: spamcop@imaphost.com Spam report id 1644010415 sent to: spam@uce.gov Spam report id 1644010425 sent to: abuse@uu.net Got the above response after reporting a spam in my wife's email account. Is this correct? uu.net/mci.com does not want SC reports anymore or is this a case of MCI-sends-spamcop-report-to-spammer and the spammer responds by screwing with the abuse handling settings? (More interesting is that the other uu.net abuse address is unaffected.) From nobody at devnull.spamcop.net Thu Feb 2 01:31:35 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 2 02:35:04 2006 Subject: [SpamCop-List] Re: abuse-noverbose@uu.net refuses spamcop reports (Ping Ellen) References: Message-ID: "Redstone" wrote in message news:Xns975DECD66578Etinlc@216.154.195.61... > > http://www.spamcop.net/sc? > id=z867996338z4df3aab925454335efb71c1f184eeabfz > > abuse-noverbose@uu.net redirects to abuse@uu.net > abuse-noverbose@uu.net refuses spamcop reports > Spam report id 1644010398 sent to: spamcop@imaphost.com > Spam report id 1644010415 sent to: spam@uce.gov > Spam report id 1644010425 sent to: abuse@uu.net > > Got the above response after reporting a spam in my wife's email > account. Is this correct? uu.net/mci.com does not want SC reports > anymore or is this a case of MCI-sends-spamcop-report-to-spammer and the > spammer responds by screwing with the abuse handling settings? > > (More interesting is that the other uu.net abuse address is unaffected.) Actually, the "other" uu.net address is the key, meaning that you have in fact sent your notify. The 'no-verbose' is basically the 'same' address, just no big auto-ack returned. Allowing both reports to go out would simply be double-reporting to the same folks. From nobody at xyzzy.claranet.de Thu Feb 2 09:12:30 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Feb 2 03:15:03 2006 Subject: [SpamCop-List] Re: OT? Wuest + Some FYI on Claria, Gator & SiteAdvisor References: Message-ID: <43E1BEEE.72E0@xyzzy.claranet.de> Pop wrote: > I simply can NOT believe the headway GAIN Is making in its > advertising success, even in the courts. It's pathetic and > shows the true abilities of our gvt to do anything about > crapola. IMO, anyway, and my experience has been pretty > consistane where gvt is involved. As soon as industry sponsored "anti" alliances are founded you can be absolutely certain that they are controlled by the worst "pro" offenders. "Anti-spyware" is the latest gimmick, I don't even check who it is this time. An "anti-abuse" initiative had spamcast as proud member. Something wannabe "anti-spam" was doubleclick. As soon as you see doubleclick / spamcast / gator / verisign etc. all you can do is run, shields up, all phasers fire - hm, maybe don't fire with "shields up".., Bye, Frank From nobody at xyzzy.claranet.de Thu Feb 2 09:33:56 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Feb 2 03:40:02 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: Message-ID: <43E1C3F4.5355@xyzzy.claranet.de> Steven Maesslein wrote: > APNIC has been permanently tainted because of .in, .id, .cn, > .hk, .tw, .my and .kr. .in is rather harmless from my POV, for a huge country they're doing well wrt net abuse. Arguing with TLDs or even RIRs is dubious, RIPE "contains" .fr, and wannaspew is mostly .fr. It also "contains" .ru, there are a few bad guys in .ru (hi Leo). ARIN "contains" Florida, and that's really bad news, worse than all ccTLDs you've enumerated put together. Well, maybe .cn is an exception, OTOH .cn is a tiny bit larger than Florida. Most zombies "belong to" ARIN just because most Win PCs are .us and .ca, when that changes we'll see a more "natural" distribution. Bye, Frank From nobody at devnull.spamcop.net Thu Feb 2 18:30:55 2006 From: nobody at devnull.spamcop.net (Patto) Date: Thu Feb 2 04:35:03 2006 Subject: [SpamCop-List] Re: Clever spam ploy In-Reply-To: References: Message-ID: Mike Easter wrote: > Patto wrote: >> Mike Easter wrote: >>> maulaf wrote: >>>> It is spam, however legit it looks. >>>> http://www.spamcop.net/mcgi?action=gettrack&reportid=1643341057 > >>> If you want to show us a spam, you should provide the tracking url, >>> not a link to the reportid as above. > >>> That is a tracking url and if you display the one for your link >>> above, we can all see the item. >> Thanks, Mike, for extracting the tracker. > > I didn't successfully extract the tracker -- that can't be done by > anyone but the one who owns the reportid; I used one of my own - not > the same. > >> To the original poster: where do you see anything legitimate-looking >> in that spam? Just the deliberate spelling "mistakes" is a dead >> giveaway. > > Disregard anything you are seeing in 'my' spam -- I used my tracker as > an example tracker -- it isn't the spam in question. I see - should have read your post more carefully. From nobody at nowhere.invalid Thu Feb 2 11:37:17 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Feb 2 05:40:13 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: <43E1C3F4.5355@xyzzy.claranet.de> Message-ID: On Thu, 02 Feb 2006 09:33:56 +0100, Frank Ellermann coughed into spamcop and left this in <43E1C3F4.5355@xyzzy.claranet.de>: > .in is rather harmless from my POV, for a huge country they're > doing well wrt net abuse. Different people have different sources of spam. I get a steady stream from Bharti, VSNL, Dishnet, Sancharnet and Sify. /me checks logs... Yep. A VSNL IP address tried to spam me 241 times in the space of 90 minutes on Tuesday, and.... one on Bharti broadspam 308 times over the course of the day. > Arguing with TLDs or even RIRs is dubious, RIPE "contains" .fr, and > wannaspew is mostly .fr. It also "contains" .ru, there are a few bad > guys in .ru (hi Leo). Each unto his own. I block APNIC and LACNIC outright. I also block parts of AfriNIC and .ru as and when I find them, .es, .it, .il, all of wanadoodoo and a few other networks, and it gives me satisfactory results. This isn't going to change unless a user of mine asks for it. -- Steve Duct tape is like the Force. It has a light side and a dark side, and it holds the universe together. -- Carl Zwanzig From redford_stone at INVERSE_OF_COLDmail.com Thu Feb 2 10:44:57 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Feb 2 05:45:04 2006 Subject: [SpamCop-List] Re: abuse-noverbose@uu.net refuses spamcop reports (Ping Ellen) References: Message-ID: "WazoO" wrote in news:drscgn$ctt$1 @news.spamcop.net: > > Actually, the "other" uu.net address is the key, meaning that you > have in fact sent your notify. The 'no-verbose' is basically the > 'same' address, just no big auto-ack returned. Allowing both > reports to go out would simply be double-reporting to the > same folks. > That other one was for reporting the link in the reported spam. The first (non-verbose) address was for the IP address from which the spam originated. (Both on MCI/UU obviously.) Good point about the problem with double-reporting. But what if there is a situation where it is only originating IP address rather than both? (i.e. only reporting address is the non-verbose address.) From redford_stone at INVERSE_OF_COLDmail.com Thu Feb 2 10:47:45 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Feb 2 05:50:03 2006 Subject: [SpamCop-List] Re: blackholes.us status? References: Message-ID: "Petzl" wrote in news:driget$hmv$1@news.spamcop.net: > > Yes SpamCop's email has a number of spam filters that one choose to > use (I use them all) > If you choose to use SpamAssasin I would advise you also create an > effective whitelist as I find many of SpamAssassin blocks are false > positives I'm in Sydney Australia I believe this gives me an advantage > for accuracy in blocking spam as I whitelist a number of domains > That said ALL spam detected is easily and quickly reported via SpamCop > VER folder which means if not already blocked by SamCop it is about to > be (while it is being sent by spammer not after) > Good advice for those seriously considering using SC's email service. (Which I may just get for my wife.) From nobody at spamcop.net Thu Feb 2 02:50:06 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Feb 2 05:55:04 2006 Subject: [SpamCop-List] Re: Comcast, etc. References: <1iavuhd45fed7$.dlg@news.spamcop.net> <1tnjvo0t6db6m.dlg@news.spamcop.net> Message-ID: On Wed, 1 Feb 2006 11:29:08 +0100, Steven Maesslein wrote: > On Tue, 31 Jan 2006 17:34:06 -0800, N. Miller coughed into spamcop and > left this in <1tnjvo0t6db6m.dlg@news.spamcop.net>: >> That was a year ago. Comcast management may be warming to the idea, now. >> They already, reportedly, block their own customers from connecting to >> their MX servers. Comcast customers can only connect to Comcast message >> submission servers from Comcast connections. > *sigh* > > I suppose that's to be expected from a cable company. They never will > learn that some customers need to be able to send mail while on the road > and that the way to do that is by SMTP AUTH. So, instead of cutting off > the abusive behaviour, they're punishing their own customers who are > trying to do the Right Thing(tm). > > Morons. Why would a Comcast customer need to connect to a Comcast MX server to send email off-Comcast network? That is what messge submission servers are for. Last I checked, Comcast customers _can_ connect to Comcast message submission servers for relay off nework; using port 465 with SSL, just in case they are trying to send from their relative's dynamic IP address space in SBC land, where SBC blocks outbound port 25 to off-SBC network servers. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Thu Feb 2 08:32:28 2006 From: nobody at spamcop.net (Ellen) Date: Thu Feb 2 08:35:02 2006 Subject: [SpamCop-List] Re: abuse-noverbose@uu.net refuses spamcop reports (Ping Ellen) References: Message-ID: "Redstone" wrote in message news:Xns975DECD66578Etinlc@216.154.195.61... > > http://www.spamcop.net/sc? > id=z867996338z4df3aab925454335efb71c1f184eeabfz > > abuse-noverbose@uu.net redirects to abuse@uu.net > abuse-noverbose@uu.net refuses spamcop reports > Spam report id 1644010398 sent to: spamcop@imaphost.com > Spam report id 1644010415 sent to: spam@uce.gov > Spam report id 1644010425 sent to: abuse@uu.net the abuse-noverbose address is dead -- everything should be remapped to abuse@uu.net. The "I know..." is a an artifact, I will see about getting it removed. Ellen SpamCo From nospam at nospam.org Thu Feb 2 20:52:35 2006 From: nospam at nospam.org (Ejo) Date: Thu Feb 2 14:55:04 2006 Subject: [SpamCop-List] Re: Spam to old Email address. In-Reply-To: References: Message-ID: John Karr wrote: > I have an old mailbox on my personal domain which I haven't used for > anything in about 5 years. I've been noticing a fair amount of my incoming > spam is being addressed to that account. I have my email client set to > delete anything for that account but I would like to go further and donate > the address to spamcop as a honeypot address, or if that isn't practical to > configure things so that anything sent to that address automatically gets > reported as spam. This is an address I used for joining a mailing list that > no longer exists and was never used in correspondence, making it highly > unlikely that any legitimate mail would ever be sent to this address. > > I prefer to keep these old addresses because they may appear in address books of customers that I don't want to scare off. Fairly recently I received an Invitation To Tender on a really old e-mail address. It survived all junk filters and the message was real. A similar discussion is that our university decided in its infinite wisdom to reformat addresses like john.dow@code.tudelft.nl into something like john.dow@tudelft.nl. Only the managers are in favor of this idea because they think you should show a corporate identity. I bitterly protested against this, at least I want to have the possibility to tell them what I think should go in the alias tables exactly for the reason I gave. Still I have to talk with folks that believe that you can send bounce notification messages to senders that have used your old address. That would certainly cause your new address to be known within no time to all spammers in the world. Ejo From Nobody at SpamCop.devnull.diespammerdie.net Thu Feb 2 14:00:17 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Feb 2 15:05:03 2006 Subject: [SpamCop-List] Re: FDA Quits: Filtering Reports, Rejecting Spam References: <43DF5A26.88F1498F@SpamCop.devnull.diespammerdie.net> <43DF9C61.3B720F26@SpamCop.devnull.diespammerdie.net> <43E04C3D.3E47@xyzzy.claranet.de> Message-ID: <43E264D1.E23C1993@SpamCop.devnull.diespammerdie.net> Frank Ellermann wrote: > > Michael Brennan wrote: > > > Just in case it's the unwrapped -line issue instead of a new > > no-spam policy, I'll try them with a few more submissions. > > Please tell us what you find, I'd delete the "viagra" nick in > my address book (= FDA + SC) if they finally dropped the ball. > > Didn't use it for some months, but it used to work in 2005 (?) Frank, I sent several more submissions in since those posts, and haven't had FDA upchuck on me again. I think you might have been right about the line wrap. Tho' I'm not at all sure, and the FDA website pages had been recently updated, suggesting they might be changing their acceptance policy on complaints. Stay tuned, but so far I've not received any more rejections like the one cited and quoted above. Michael From nobody at devnull.spamcop.net Thu Feb 2 14:50:39 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 2 15:55:03 2006 Subject: [SpamCop-List] Re: Is Spamcop down? References: Message-ID: "Michael Vilain" wrote in message news:vilain-2C20E3.10214801022006@news.cesmail.net... > > Why do we have to check multiple places for status instead of looking in > just one. The "difference of opinion" between the owner of the email > system (that uses a web forum) and the spam reporting system (that uses > this news group) should be resolved. Why should a customer have to > figure out this mess? There is no "difference of opinion" involved. The newsgroups, the Forum, SpamCop e-mail accounts are all hosted on JT's systems in Georgia. The Reporting system is hosted on IronPort owned and maintained hardware in California. This dates back to business decisions made by Julian eons ago, prior to the IronPort deal. There have been many conversations about data, status, access over the years, some of them even done in these newsgroups. End result is all the attempts I've made with the access and tools allowed me, all on JT's side of the house, to try to do up some kind of one-place for data spot, but .... back to the great divide ... as soon as some folks see the word "forum" in the URL, that's enough to raise the flag. Others have stated that some of these things are used (so I keep maintaining them) but as the IronPort side of the house doesn't own the current support venues, here you are. http://forum.spamcop.net/forums/index.php?act=home was whipped up to offer a quick spot for all kinds of 'new' folks to find answers. http://forum.spamcop.net/forums/index.php?showtopic=2238 was a hack to do a single-page access point to the FAQ that some couldn't find, others couldn't navigate to an answer, others not finding data or finding that data was obsolete. It started with just the 'Official' FAQ, but has had additional content added as time went on. http://forum.spamcop.net/forums/index.php?act=faq was an attempt to provide yet another interface to the same FAQ. http://forum.spamcop.net/forums/index.php?showtopic=4473 Most recent version of a SpamCop.net Glossary I started way back when ... http://forum.spamcop.net/dict/ Yet another interface to the above data, installed when the size of the Glossary became an issue. As you read this, there is work on-going on yet other tools to be announced shortly for finding information about the SpamCop.net toolset and functions . just noting that all this work is being done by folks still volunteering their time and energy to do things that IronPort has apparently not seen fit to invest the time, money, personnel into doing. As the core of paid SpamCop.net staff is still less than a handful, that's where things set. From nobody at devnull.spamcop.net Thu Feb 2 15:58:07 2006 From: nobody at devnull.spamcop.net (Pop) Date: Thu Feb 2 16:00:03 2006 Subject: [SpamCop-List] Could someone glance at this tracker pls? Message-ID: Hello all, http://www.spamcop.net/sc?id=z868347901z08ca6dd73a6410ae3fabfb1f646ca7e9z I'm mildly confused (not unusual these days!) about the above tracker. It IS a spam, right? . Not feeling well today unfortunately. I do receive ads from Quill, and that's fine, but I don't think that one's got anything to do with Quill, meaning it's spam to me. Would someone take a quick look and see if you think I'm all wet? I didn't see anything in the source that looked spammy, but I'm terrrible at reading code. I did open the mail, but in plain text, expecting something from Quill but I am pretty sure there's no payload, but ... I didn't see anything wrong except that it doesn't look like Quill.com servers. TIA & Regards, Pop From nobody at devnull.spamcop.net Thu Feb 2 15:05:17 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 2 16:10:03 2006 Subject: [SpamCop-List] Re: Is Spamcop down? References: Message-ID: "D. T." wrote in message news:Xns975D768F2A0E9newsaddresshypercrea@216.154.195.61... > > Although there wasn't a specific announcement of the latest reporting > server "hiccup" in the Forums, the "SpamCop Statistics" graphic displayed > in the Forums here: > > http://forum.spamcop.net/forums/index.php? > act=module&automodule=custom&page=stats > > shows a definite gap. Those have been happing for quite some time. Jeff G. was doing a blow-blow for quite a while in documenting those dips and outages, but that got old. That there has been no feedback/input on what is actually going on there, the guesses at the background are still that. I can recall when a momentary drop would generate many newsgroup postings, not sure why that isn't so these days ... suspecting that taking credit for putting the graphic on the Forum front page isn't the reason for the change in newsgroup posting events (and of course can't ignore that the Forum server has had some issues of late also .... and that the e-mail system has been hammered on a bit in the last few days ... ) From MikeE at ster.invalid Thu Feb 2 13:24:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 2 16:25:02 2006 Subject: [SpamCop-List] Re: Could someone glance at this tracker pls? References: Message-ID: Pop wrote: > http://www.spamcop.net/sc?id=z868347901z08ca6dd73a6410ae3fabfb1f646ca7e9z > > I'm mildly confused (not unusual these days!) about the above > tracker. It IS a spam, right? . It is a straightup [From = source = spamvertiser] item promoting quill. If it is solicited, it isn't spam; if it is unsolicited, it is quill spam. Only /you/ know what you have solicited from quill. > I do receive ads from Quill, and that's fine, but I don't > think that one's got anything to do with Quill, meaning it's spam > to me. I don't understand that -- but if you don't want promotionals from quill, you can call their 800 and tell them to drop you. "If you prefer not to receive future e-mail from Quill.com, safely use this link or call 1.800.982.3400 (prompt 3)." Or, you can not call and not click on the link and continue to report their mail as spam. > I didn't see anything wrong except that it > doesn't look like Quill.com servers. From: "Quill.com" source 66.35.244.68 rDNS om-quill.rgc3.net spamvertiser links www.quill.com provider Staples,Inc " quill.rsc01.net provider Savvis I don't think you are going to be able to take the attitude that quill can spam you with some unsolicited and not other because you want some of their unsolicited promotionals but not other -- or that you can solicit promotional from quill, but report some of it as spam. So, asking someone else if something is spam or not and/or should be reported or not doesn't really work very well. 'We' can analyze it for header bogosity, but we can't analyze it for solicitedness. I would say that Quill is having some 3rd party marketing outfit do something for them. Whether the 3rd party is a spammer for quill or not is not easy to say from here. -- Mike Easter kibitzer, not SC admin From nandore at hotmail.com Thu Feb 2 17:05:16 2006 From: nandore at hotmail.com (Nan Doré) Date: Thu Feb 2 16:35:03 2006 Subject: [SpamCop-List] How to activate spamcop account? Message-ID: I am unable to login to webmail.spamcop.net with my ID and PW. Is it a premium service ? Nan From Nobody at SpamCop.devnull.diespammerdie.net Thu Feb 2 15:49:16 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Feb 2 16:50:03 2006 Subject: [SpamCop-List] Re: OT? Wuest + Some FYI on Claria, Gator & SiteAdvisor References: Message-ID: <43E27E5C.33B88393@SpamCop.devnull.diespammerdie.net> Pop wrote: > > http://www.siteadvisor.com/preview/ > Which is a gem in istelf! > 1. Is anyone familiar with SiteAdvisor? What do you think of > it? > Anyway, they're offering OE and I think it was FFox plug-ins and > I was wondering if anyone here had tried them out? > I don't want to download something that does exactly what it > purports to prevent, if I can help it! > I think it looks OK; what say you folk? > Looking at these links myself......thanks for posting them, Michael From nobody at nowhere.invalid Thu Feb 2 23:22:19 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Feb 2 17:25:03 2006 Subject: [SpamCop-List] Re: How to activate spamcop account? References: Message-ID: On Thu, 2 Feb 2006 17:05:16 -0500, Nan Dor? coughed into spamcop and left this in : > I am unable to login to webmail.spamcop.net with my ID and PW. > Is it a premium service ? If you have a spamcop filtered e-mail account then that's suficient to get into the webmail service. The filtered e-mail account is a pay service ($30/yr). The webmail part is thrown in with the deal - it doesn't cost extra. -- Steve A grammarian's life is always intense. From jeffg at spamcop.net Thu Feb 2 17:10:02 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Feb 2 17:25:06 2006 Subject: [SpamCop-List] Re: How to activate spamcop account? References: Message-ID: Nan Dor? wrote: > Date: Thu, 2 Feb 2006 17:05:16 -0500 [22:05:16 UTC -0000] > X-Trace: news.spamcop.net 1138915871 12839 134.117.137.230 (2 Feb 2006 21:31:11 GMT) > NNTP-Posting-Date: Thu, 2 Feb 2006 21:31:11 +0000 (UTC) Please fix your clock, it appears to be running fast by about 34 minutes and 5 seconds. > I am unable to login to webmail.spamcop.net with my ID and PW. > > Is it a premium service ? Yes, it is a premium service, in that you have to pay for it, and I am able to login to it just fine. Please see http://mail.spamcop.net for details. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Thu Feb 2 17:27:47 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Feb 2 17:35:02 2006 Subject: [SpamCop-List] Re: Could someone glance at this tracker pls? References: Message-ID: Pop wrote: > I do receive ads from Quill, and that's fine, but I don't > think that one's got anything to do with Quill, meaning it's spam > to me. It looks like that message was being distributed by Responsys on behalf of Quill. Exactly what did you agree to receive and ask not to receive from Quill? -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at devnull.spamcop.net Thu Feb 2 20:43:58 2006 From: nobody at devnull.spamcop.net (Pop) Date: Thu Feb 2 20:45:02 2006 Subject: [SpamCop-List] Re: Could someone glance at this tracker pls? References: Message-ID: "Pop" wrote in message news:drtros$au5$1@news.spamcop.net... : Hello all, : : http://www.spamcop.net/sc?id=z868347901z08ca6dd73a6410ae3fabfb1f646ca7e9z : : I'm mildly confused (not unusual these days!) about the above : tracker. It IS a spam, right? . Not feeling well today : unfortunately. : I do receive ads from Quill, and that's fine, but I don't : think that one's got anything to do with Quill, meaning it's spam : to me. : : Would someone take a quick look and see if you think I'm all wet? : I didn't see anything in the source that looked spammy, but : I'm terrrible at reading code. I did open the mail, but in plain : text, expecting something from Quill but I am pretty sure there's : no payload, but ... I didn't see anything wrong except that it : doesn't look like Quill.com servers. : : TIA & Regards, : : Pop : : Thanks Mike & Jeff; and my apologies for being so vague. I still don't know what I should have asked for sure, but at least I take it from the responses that there wasn't any forgery and things look on the up and up as far as following the "rules', such as they may be. Yes, I do let them send me ads, and I do order from Quill fairly frequently. Quill and vikingop both seem to have the best price/quality ratio of anywhere I've used so they're preferred mailers. Also I might have just this minute realized what happened: I sent in a change of e-mail address - I'll bet that's what triggered these particular ads. Either that or they've farmed their ads out, which I don't care for. I'll visit the site and see what I can adjust - if that's no good, I'll just unsub from everything; it's not that important. I'm suspecting a combo of the two things happened - checking my logs, that sort of spam started about a week after I changed my e-mail address on my account there. Maybe I'm too picky, but I don't like it when anyone farms out their advertising and it comes from different servers all of a sudden, especially if they don't notify me of it. Thanks again, Pop From rwcs at spamcop.net Fri Feb 3 13:01:24 2006 From: rwcs at spamcop.net (BMW) Date: Fri Feb 3 13:05:03 2006 Subject: [SpamCop-List] How does one get their privileges back? Message-ID: What a fool, I turned on SpamAssassin at my email host. Used results to route SPAM to SC. Confused the snot out of SC. So SC admin removes my reporting privileges (without warning). I have: ** Apologized to SC admin. ** Apologized to my Hosting Company. ** Turned off SpamAssassin at my host. ** Notified SC admin of the changes. ** Refreshed my Mail Hosts List So what else do I have to do to get back the service I'm paying for? Who's butt did I forget to kiss? How was I supposed to know SC barfs if there are existing SpamAssassin Headers in the mail? Beat me, Beat me! Bob From MikeE at ster.invalid Fri Feb 3 10:15:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 3 13:20:03 2006 Subject: [SpamCop-List] Re: How does one get their privileges back? References: Message-ID: BMW wrote: > What a fool, I turned on SpamAssassin at my email host. Used results > to route SPAM to SC. Confused the snot out of SC. I presume that confusion might have resulted in your reporting your mailhost as source. > So SC admin > removes my reporting privileges (without warning). Naturally you can understand that. When you signed up you agreed to be responsible here http://www.spamcop.net/anonsignup.shtml If I break these rules, SpamCop will immediately and permanently revoke my access to SpamCop. That page is the same for both free and paid reporters - I assumed because the only 'severe' punishment [something besides warning] that can occur to free reporters is revocation of reporting privileges. Somewhere else in the faq it sez that paid reporters might be fined, but I don't see that right now. That is, there are more disciplines available for paid reporters if you include the fining. Generally disciplining isn't discussed here in the ng/s, so there isn't any way for any of us who are outside the inner processes to know about what kinds of things get disciplined how, except to understand what can happen. Naturally the 'threat' of a discipline to prevent problems is better than there being problems and discipline. Ideally no one would make mistakes and no one would be disciplined. > I have: > ** Apologized to SC admin. > ** Apologized to my Hosting Company. > ** Turned off SpamAssassin at my host. > ** Notified SC admin of the changes. > ** Refreshed my Mail Hosts List That sounds pretty good so far. > So what else do I have to do to get back the service I'm paying for? I would imagine the question is, "How do we know this person can properly oversee their reporting?" If the SC admin can't 'imagine' the answer to that question, then there's a problem. If you are overseeing your reports and you also know how to tell if your own provider is being reported, that's one thing. If you are quick reporting, then there isn't any oversight and that's another. > Who's butt did I forget to kiss? How was I supposed to know SC barfs > if there are existing SpamAssassin Headers in the mail? Beat me, > Beat me! The nature of your error vis whatever you didn't oversee in the reporting process isn't completely and transparently apparent to me from your description, but a reporter can't blame a parsing algorithm for the mistakes for which the reporter 'should' be overseeing. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Feb 3 10:49:47 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Feb 3 13:50:02 2006 Subject: [SpamCop-List] Re: How does one get their privileges back? References: Message-ID: <1nopcvs59a2z7.dlg@news.spamcop.net> On Fri, 03 Feb 2006 13:01:24 -0500, BMW wrote: > How was I supposed to know SC barfs if > there are existing SpamAssassin Headers in the mail? I have no trouble with SpamCop parsing email that has SpamAssassin headers in it: http://www.spamcop.net/sc?id=z868252250zc66333089ef7ba7c120c08c736f5f751z However, I did have trouble with the SpamCop parser wanting to report my mail provider when I first started reporting spam to that account. That was before SC implemented "Mailhosts"; and I had to bird dog the parser, unchecking the incorrect reports before sending the complaints on to the destinations. Since SC has implemented "Mailhosts", the parser no longer wants to report my mail provider. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From dirigo at spamcop.net Fri Feb 3 18:25:27 2006 From: dirigo at spamcop.net (Phil) Date: Fri Feb 3 18:25:03 2006 Subject: [SpamCop-List] Can't POP email... Anybody else have this problem? Message-ID: I can't POP my SpamCop email account for some time. I get this error: SpamCop, Logging into POP Server, CAPA [06:13:23 PM] SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Try adding this certificate to your certificate database for SSL to succeed Certificate Error: Unknown and unprovided root certificate. Certificate bad: Destination Host name does not match host name in certificate Cause (-6995) Anybody got a clue where to look to fix this error? Thanks, Phil Davis From nobody at xyzzy.claranet.de Sat Feb 4 01:21:13 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Feb 3 19:25:02 2006 Subject: [SpamCop-List] Re: FDA Quits: Filtering Reports, Rejecting Spam References: <43DF5A26.88F1498F@SpamCop.devnull.diespammerdie.net> <43DF9C61.3B720F26@SpamCop.devnull.diespammerdie.net> <43E04C3D.3E47@xyzzy.claranet.de> <43E264D1.E23C1993@SpamCop.devnull.diespammerdie.net> Message-ID: <43E3F379.6C55@xyzzy.claranet.de> Michael Brennan wrote: > Stay tuned, but so far I've not received any more rejections > like the one cited and quoted above. Will do, thanks for info, Frank From nobody at spamcop.net Fri Feb 3 19:37:37 2006 From: nobody at spamcop.net (Ellen) Date: Fri Feb 3 19:50:03 2006 Subject: [SpamCop-List] Re: How does one get their privileges back? References: Message-ID: "BMW" wrote in message news:ds05pj$23i$1@news.spamcop.net... > What a fool, I turned on SpamAssassin at my email host. Used results to > route SPAM to SC. Confused the snot out of SC. So SC admin removes my > reporting privileges (without warning). I have: > ** Apologized to SC admin. > ** Apologized to my Hosting Company. > ** Turned off SpamAssassin at my host. > ** Notified SC admin of the changes. > ** Refreshed my Mail Hosts List > So what else do I have to do to get back the service I'm paying for? > Who's butt did I forget to kiss? How was I supposed to know SC barfs if > there are existing SpamAssassin Headers in the mail? Beat me, Beat me! > The problem occured because you had Spamassassin set to attach the original message rather than leave the original received headers inline. The parser has no problem with spamassassin headers adding X-headers as long as the original received headers are there. You can set your spamassassin prefs to add X-headers and turn it back on -- I believe the paramater is report-safe 0 but you should check out the docs and make sure of that. Of course, you should -- as every reporter should -- always look at the results of the parse to ensure that the reporting addresses are correct. Your account was suspended because you were reporting your own ISP. We always suspend in cases like that to limit the damage from that point forward until we can get in touch with the user and get the problem resolved. I notice your account was re-activated. It probably hasn't occured to you but we *do* have to sleep and have real lives every so often and we also receive large amounts of mail so while we try mightily to respond instantaneously it just doesn't always happen. I notice you resumed reporting spam at about 2PM EST, not long after you posted. Ellen SpamCop From jeffg at spamcop.net Fri Feb 3 22:44:56 2006 From: jeffg at spamcop.net (Jeff G.) Date: Fri Feb 3 23:00:03 2006 Subject: [SpamCop-List] Re: Can't POP email... Anybody else have this problem? References: Message-ID: Phil wrote: > I can't POP my SpamCop email account for some time. I get this error: > > SpamCop, Logging into POP Server, CAPA [06:13:23 PM] > > SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Try > adding this certificate to your certificate database for SSL to > succeed Certificate Error: Unknown and unprovided root certificate. > > Certificate bad: Destination Host name does not match host name in > certificate Cause (-6995) > > Anybody got a clue where to look to fix this error? It's working for me in OE, using SSL on Port 995 with servername pop.spamcop.net - please try using that as your "Destination Host name". -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From tc at tc.com Sat Feb 4 10:01:08 2006 From: tc at tc.com (TC) Date: Sat Feb 4 05:05:34 2006 Subject: [SpamCop-List] Spamcop's totally stopped working - Firefox problem? Message-ID: Hey everyone, Spamcop has completely stopped working for me. All I get is a page headed "error", and this message: "An error occurred while processing your request. Reference #97.83514350.1139046504.441e5a0 " The number changes each time. I get this no matter what I do - if I type www.spamcop.net into my Firefox address bar, I get the error message. If I follow a reporting link from my mail client, I get the error message. Now, I'm not a tech expert, but I've done some basic stuff: I tried doing everything using IE instead of FF, and everything works fine. No error messages or anything. So, clearly, something's up with Firefox and Spamcop. Can anyone shed any light on it? The error message, I assume, is being generated by Spamcop's web server and not Firefox (unless this is a weird, never-before-seen type of error message - certainly, within Firefox I usually get more help than that in my error messages). Just to make sure, I cleared my history, removed and reinstated my cache, removed the Spamcop cookies, rebooted etc. I've saved this til last: The *only* thing that's changed is that Firefox released a "stability and security" upgrade, which I auto-updated to. I'd appreciate some help - I don't like IE, and in all honesty I'd rather stop using SC than have to use 2 browsers. I'll provide any other info you folks need. Clearly, the problem is either a personal one to do with the way FF interacts with SC on *my* computer, or there's a wider problem. Thanks for your time... From nobody at devnull.spamcop.net Sat Feb 4 04:24:19 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Feb 4 05:30:10 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: "TC" wrote in message news:ds1u1a$qe$1@news.spamcop.net... > > Spamcop has completely stopped working for me. All I get is a page headed > "error", and this message: > > "An error occurred while processing your request. > Reference #97.83514350.1139046504.441e5a0 " > > The number changes each time. I get this no matter what I do - if I type > www.spamcop.net into my Firefox address bar, I get the error message. If I > follow a reporting link from my mail client, I get the error message. > > Now, I'm not a tech expert, but I've done some basic stuff: I tried doing > everything using IE instead of FF, and everything works fine. No error > messages or anything. http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats shows no sign of a major (or minor) dropout that would suggest that all users would be having/seeing the same issue. So the next guess would be that the Akamai server serving your locale is having issues. You've not provided enough data to try to trace that possibility down from this side of the screen. Nothing to do with IE or FF ..... From nobody at nowhere.invalid Sat Feb 4 11:29:10 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Feb 4 05:30:15 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: On Sat, 4 Feb 2006 10:01:08 -0000, TC coughed into spamcop and left this in : > I'll provide any other info you folks need. Clearly, the problem is either a > personal one to do with the way FF interacts with SC on *my* computer, or > there's a wider problem. I don't think there's a wider problem. SC works fine with Firefox here. I wouldn't even be able to use IE on this machine even if I was mad enough to want to. -- Steve Shin, n. : a device for finding furniture in the dark. From / at /.cn Sat Feb 4 22:09:53 2006 From: / at /.cn (Petzl) Date: Sat Feb 4 06:10:03 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: "WazoO" wrote in message news:ds1vei$1r3$1@news.spamcop.net... > "TC" wrote in message news:ds1u1a$qe$1@news.spamcop.net... >> >> Spamcop has completely stopped working for me. All I get is a page headed >> "error", and this message: >> >> "An error occurred while processing your request. >> Reference #97.83514350.1139046504.441e5a0 " >> >> The number changes each time. I get this no matter what I do - if I type >> www.spamcop.net into my Firefox address bar, I get the error message. If >> I >> follow a reporting link from my mail client, I get the error message. >> >> Now, I'm not a tech expert, but I've done some basic stuff: I tried doing >> everything using IE instead of FF, and everything works fine. No error >> messages or anything. > > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats > shows no sign of a major (or minor) dropout that would suggest that all > users would be having/seeing the same issue. So the next guess would > be that the Akamai server serving your locale is having issues. You've > not provided enough data to try to trace that possibility down from > this side of the screen. > > Nothing to do with IE or FF ..... > I'm a SpamCop Email abuser and I'm getting ******* Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.ec2686cb.1139051231.39d8d1 ******** From tc at tc.com Sat Feb 4 12:30:30 2006 From: tc at tc.com (TC) Date: Sat Feb 4 07:35:04 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: Hi. Yeah, it does make me think that it's entirely on my machine - but the thing is, Spamcop is the only site I'm having any issues with at all. And to get such an odd error message... WazoO - you said I didn't provide enough info. To be honest, I'm not sure *what* info I should provide - if this is a problem with my PC, I guess I should take it away from a Spamcop newsgroup. What sort of stuff would I need to post in order to ascertain that this is, or isn't, a problem with me and Spamcop, as opposed to just me? :) Again, thanks for any help. It pains me to have to just delete spam rather than report it... "Steven Maesslein" wrote in message news:slrndu90fm.4hp.nobody@127.0.0.1... > On Sat, 4 Feb 2006 10:01:08 -0000, TC coughed into spamcop and left this > in : > >> I'll provide any other info you folks need. Clearly, the problem is >> either a >> personal one to do with the way FF interacts with SC on *my* computer, or >> there's a wider problem. > > I don't think there's a wider problem. SC works fine with Firefox here. > I wouldn't even be able to use IE on this machine even if I was mad > enough to want to. > > -- > Steve > > Shin, n. : a device for finding furniture in the dark. From nospam at domain.invalid Sat Feb 4 13:37:46 2006 From: nospam at domain.invalid (Paul White) Date: Sat Feb 4 08:40:08 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: On Sat, 4 Feb 2006 10:01:08 -0000, "TC" wrote: >Spamcop has completely stopped working for me. All I get is a page headed >"error", and this message: > >"An error occurred while processing your request. >Reference #97.83514350.1139046504.441e5a0 " I also saw this problem here a few days ago but experienced this with both IE and Firefox. The only site affected was www.spamcop.net. I can connect to the Internet using more than one ISP and naturally did so. With the other ISP there was no problem at all. I was totally baffled for several hours and raised the problem with my ISP, who still have not replied. The problem cleared the following day and all is well now. One thing I did try was doing a 'tracert' to www.spamcop.net from each ISP. This produced totally different routings which didn't surprise me but to two totally different IP addresses which did surprise me. What IP address is your PC trying to connect to? I have 213.253.9.72 for www.spamcop.net here. I got the error when my PC was trying to connect something completely different. Any help? -- Paul White From tc at tc.com Sat Feb 4 15:40:07 2006 From: tc at tc.com (TC) Date: Sat Feb 4 10:45:14 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: "Paul White" wrote in message news:c0b9u1992s6275khfv2nfv03gl0as4mk26@4ax.com... > On Sat, 4 Feb 2006 10:01:08 -0000, "TC" wrote: > >>Spamcop has completely stopped working for me. All I get is a page headed >>"error", and this message: >> >>"An error occurred while processing your request. >>Reference #97.83514350.1139046504.441e5a0 " > > I also saw this problem here a few days ago but experienced this with > both IE and Firefox. The only site affected was www.spamcop.net. I can > connect to the Internet using more than one ISP and naturally did so. > With the other ISP there was no problem at all. I was totally baffled > for several hours and raised the problem with my ISP, who still have > not replied. The problem cleared the following day and all is well > now. > > One thing I did try was doing a 'tracert' to www.spamcop.net from each > ISP. This produced totally different routings which didn't surprise me > but to two totally different IP addresses which did surprise me. What > IP address is your PC trying to connect to? I have 213.253.9.72 for > www.spamcop.net here. I got the error when my PC was trying to connect > something completely different. > > Any help? > -- > Paul White Hi Paul, Yeah, that's quite a lot of help (cos it means I'm not alone!) - and also, it ties in with WazoO's suggestion about particular servers. Only trouble is, it seems that if it *is* outside of "me" and my machine, there's not much I can do about it. The IP address that I get from a traceroute of www.spamcop.net is 84.53.143.144 - for spamcop.net I get 80.67.86.39, and I can see it routed through akamai; the 84.53.... address routes out of my ISP, onto 195.66.224.202 and that's it. Does that mean anything to anyone? Actually, I have to say that while typing this message, I tried several times to go to spamcop.net and failed.... but just now, I succeeded, and now everything seems to be working fine. I won't consider the issue "closed" just yet, but at least I can get some reporting done :) From jeffg at spamcop.net Sat Feb 4 12:37:11 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Feb 4 12:40:03 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working - Firefox problem? References: Message-ID: SpamCop uses Akamai's EdgePlatform reverse proxy servers (regional web caches) to provide better responsiveness and protection for the users of www.spamcop.net, members.spamcop.net, and mailsc.spamcop.net, which are said to be "akamaized" sites. Those reverse proxy servers are systems (currently numbering over 15,000) which are housed at lots of ISPs' facilities (currently numbering over 1,100) around the world (generally in pairs, currently in 69 countries), and the hosting ISPs' nameservers direct queries to akamaized sites to those reverse proxy servers in their locations. Things get interesting when one of those reverse proxy servers has an issue with contacting a backend server, and the other of the pair doesn't, as most user systems don't have a very easy way to specify which server to query (I don't consider manipulating the HOSTS file very easy). Restarting the browser, dns resolver, OS, and computer are some of the ways to convince the user's computer to try the other reverse proxy server. You can check if a particular reverse proxy server is alive for web browsiby browsing to its IP Address. For more info about Akamai technology, please see http://www.akamai.com/en/html/technology/overview.html . The info above is from my new FAQ Entry "How does SpamCop interact with Akamai?" at http://forum.spamcop.net/forums/index.php?showtopic=5901 . -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From eddie at eddie.web Sat Feb 4 14:02:30 2006 From: eddie at eddie.web (eddie) Date: Sat Feb 4 14:05:03 2006 Subject: [SpamCop-List] The New Illiterates Message-ID: Some spam is simply poorly translated into English, and some is purposely misspelled to try to outsmart filters, but this recent deluge of Valentine drugs goes beyond that to complete illiteracy. I picture a 12-year old slacker who learned his English phonetically or picked it up from bathroom walls :) Here is a short sample of a recent spew. I trust I am not violating any SC rules by doing this. "Do You have enough pwoer to provide your patrner high quality S-EX on St.Valentine day? Get a MOONSTER pwoer, nothing can bring your ererction down! Show your partner the PWOER of your LOEV and she will always remember You. Loev will ALWAYS be associated with YOU! " My question is who would even think of answering this? Another 12-year old spamkiddy? Maybe it's time for God to drown us all again. We seem to be going the wrong way :) From dirigo at spamcop.net Sat Feb 4 14:46:12 2006 From: dirigo at spamcop.net (Phil) Date: Sat Feb 4 14:45:02 2006 Subject: [SpamCop-List] Re: Can't POP email... Anybody else have this problem? References: Message-ID: "Jeff G." wrote in message news:ds18rt$mkv$1@news.spamcop.net... > Phil wrote: > > I can't POP my SpamCop email account for some time. I get this error: > > > > SpamCop, Logging into POP Server, CAPA [06:13:23 PM] > > > > SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Try > > adding this certificate to your certificate database for SSL to > > succeed Certificate Error: Unknown and unprovided root certificate. > > > > Certificate bad: Destination Host name does not match host name in > > certificate Cause (-6995) > > > > Anybody got a clue where to look to fix this error? > > It's working for me in OE, using SSL on Port 995 with servername > pop.spamcop.net - please try using that as your "Destination Host name". > > -- > Thanks and Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > Jeff, I looked the settings over and found that I was using mail.spamcop.net so I changed it to pop.spamcop.net and set the root certificate to trusted and all is working now, thanks for the suggestion. I still get an error on the root certificate: "Certificate Error: Unknown and unprovided root certificate. But ignoring this error because Certificate is trusted". So I suspect there is still something amiss but for now its working. Thanks for suggestion. Phil From spam_hjp at yahoo.com Sat Feb 4 15:32:50 2006 From: spam_hjp at yahoo.com (Jim) Date: Sat Feb 4 15:35:02 2006 Subject: [SpamCop-List] Re: Can't POP email... Anybody else have this problem? In-Reply-To: References: Message-ID: Yes I am having problems to. I amusing TB. My setting was pop.spamcop.net and then I tried pop. My AVG Pro Scanner just hangs. From wb8tyw at qsl.network Sat Feb 4 18:16:14 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Feb 4 18:20:12 2006 Subject: [SpamCop-List] Re: The New Illiterates In-Reply-To: References: Message-ID: eddie wrote: > > My question is who would even think of answering this? Another 12-year > old spamkiddy? Maybe it's time for God to drown us all again. We seem to > be going the wrong way :) The sender probably answered a classified advertisement on how to get rich on the internet by buying this no-risk affiliate kit and probably has no idea what the thing is actually doing on their computer. They may not even have owned a computer until they answered that advertisement. They probably spent their last $350 to $2000 on the spamware, and are sitting back waiting forever for the commissions promised by the spamware seller to come in. They may also have purchased some product to distribute in advance of getting orders from real customers, and some may even use it. Of course the likely hood of any of that being something other than dust from the floor or outside packed in a pill form is very low. And in the mean time they are only earning paltry commissions if they can sucker another person to be an affiliate, and the only way to do that is to spend hard cash on newspaper advertisements or mailing. It will probably take them about a year to realize that they have lost their money with no hope of making it back, and are running the risk of being arrested for their part in the scam, so that they do not want to tell the police. Think pyramid scam, or envelope stuffing scam. No one actually buys the stuff being advertised through spam. And the scam-artist at the top, the only one making any money blames the anti-spammers for causing the advertisements to be blocked and for running up the hit counters on the web sites, so the referral counts can not be trusted. So of the spammers that it is easy to find proof on, none of them have any money for the ISP to recover the cost of finding them, and most of the spammers only have the slightest idea of how to really contact the next step in the pyramid. And every time the main-stream media runs a story about how much money the "Spam Kings" are claiming to have made from spamming, a new bunch of suckers answers the advertisements in the newspapers and the "free offers" catalogs. -John wb8tyw@qsl.network Personal Opinion Only From info at adult-music-greece.com Sun Feb 5 01:38:16 2006 From: info at adult-music-greece.com (kiriakos kappa) Date: Sat Feb 4 18:40:02 2006 Subject: [SpamCop-List] I'm no damn spamer! Message-ID: hey! I'm trying to send an e-mail to a friend (djsets.gr) and this damn program tells me that I'm $%^*$ spamer!!! what is this? can't I communicate with people anymore because my web domain has the term 'adult' in it?? I want to be removed from this thing NOW! after all we have work to do From johnl at in.newsgroup.only Sat Feb 4 23:47:02 2006 From: johnl at in.newsgroup.only (JohnL) Date: Sat Feb 4 18:50:03 2006 Subject: [SpamCop-List] Re: I'm no damn spamer! References: Message-ID: "kiriakos kappa" wrote in news:ds3dtb$rrn$1@news.spamcop.net: > hey! I'm trying to send an e-mail to a friend (djsets.gr) and this > damn program tells me that I'm $%^*$ spamer!!! what is this? can't I > communicate with people anymore because my web domain has the term > 'adult' in it?? > > I want to be removed from this thing NOW! after all we have work to do > > Uh, you better check more carefully. you're not listed at SC. see... http://www.spamcop.net/w3m?action=checkblock&ip=70.86.143.146 From nobody at devnull.spamcop.net Sat Feb 4 19:20:17 2006 From: nobody at devnull.spamcop.net (Pop) Date: Sat Feb 4 19:25:03 2006 Subject: [SpamCop-List] Re: The New Illiterates References: Message-ID: "eddie" wrote in message news:ds2to8$ius$1@news.spamcop.net... : Some spam is simply poorly translated into English, and some is : purposely misspelled to try to outsmart filters, but this recent deluge : of Valentine drugs goes beyond that to complete illiteracy. I picture a : 12-year old slacker who learned his English phonetically or picked it up : from bathroom walls :) : : Here is a short sample of a recent spew. I trust I am not violating any : SC rules by doing this. : : "Do You have enough pwoer to provide your patrner high quality S-EX on : St.Valentine day? Get a MOONSTER pwoer, nothing can bring your ererction : down! Show your partner the PWOER of your LOEV and she will always : remember You. Loev will ALWAYS be associated with YOU! " : : : My question is who would even think of answering this? Another 12-year : old spamkiddy? Maybe it's time for God to drown us all again. We seem to : be going the wrong way :) Just spam filter evasion, nothing more. Sos as usaul from thme. From jeffg at spamcop.net Sat Feb 4 21:54:05 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Feb 4 22:00:03 2006 Subject: [SpamCop-List] Re: Can't POP email... Anybody else have this problem? References: Message-ID: Jim wrote: > Yes I am having problems to. I amusing TB. My setting was > pop.spamcop.net and then I tried pop. My AVG Pro Scanner just hangs. IIUC AVG Free can't accept local connections using SSL and can't intercept connections using SSL, but it can connect to your POP3 Server using SSL if you connect to it locally without encryption. I assume that AVG Pro has at least some of the same restrictions. Please see "Grisoft Freeweb: FAQ 6.12: How to create servers for scanning e-mails - SSL communication" at http://free.grisoft.com/doc/5616/lng/us/tpl/v5 for details. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From eddie at eddie.web Sat Feb 4 22:06:42 2006 From: eddie at eddie.web (eddie) Date: Sat Feb 4 22:10:02 2006 Subject: [SpamCop-List] Re: The New Illiterates In-Reply-To: References: Message-ID: Pop wrote: > "eddie" wrote in message > news:ds2to8$ius$1@news.spamcop.net... > : Some spam is simply poorly translated into English, and some is > : purposely misspelled to try to outsmart filters, but this > recent deluge > : of Valentine drugs goes beyond that to complete illiteracy. I > picture a > : 12-year old slacker who learned his English phonetically or > picked it up > : from bathroom walls :) > : > : Here is a short sample of a recent spew. I trust I am not > violating any > : SC rules by doing this. > : > : "Do You have enough pwoer to provide your patrner high quality > S-EX on > : St.Valentine day? Get a MOONSTER pwoer, nothing can bring your > ererction > : down! Show your partner the PWOER of your LOEV and she will > always > : remember You. Loev will ALWAYS be associated with YOU! " > : > : > : My question is who would even think of answering this? Another > 12-year > : old spamkiddy? Maybe it's time for God to drown us all again. > We seem to > : be going the wrong way :) > > Just spam filter evasion, nothing more. Sos as usaul from > thme. > > I disagree. Reason?: The word partner occurs twice but is misspelled only once. The grammar is also horrible. The word You is always capitalized, for no reason. There is no space between St. and Valentine. I still think it's an illiterate kiddy who doesn't even know what an erection is. :) If you are correct and the misspellings are on purpose, then nobody would ever read beyond the first sentence, which, of course they don't anyway, unless, like me, they are making fun of it. From g.hyde at bigpond.net.au Sun Feb 5 13:12:49 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Feb 4 22:20:02 2006 Subject: [SpamCop-List] Re: I'm no damn spamer! References: Message-ID: I checked with spamcop on the addresses used in your news post here, and what I get is that one is aliased to 'reverse.theplanet.com' - which is your "adult" site which I guess you must be referring to. However, it's not listed in SpamCop or any blocklist that SpamCop knows about. The other one, the nntp posting-host, is also the same as the first one. What you need to do is sign up for a free SpamCop account (or use a paid account if you have one at SpamCop already) using the address with which you are receiving the message that you're a spammer. (It has to be an address that you own, and not an address that someone else owns.) Remembering to CANCEL it, process the message with SpamCop in question and get it's tracking URL as described below: Copy the message source from your email client, and paste the entire message into the "report spam" box, then press submit. On the Address bar of that page you should find a URL - this will be the TRACKING URL that people will want to look at when trying to figure out what is going wrong. Please do not post the spam email into this newsgroup, if you absolutely must do that, post it in spamcop.spam newsgroup, and refer to it from a post here. "kiriakos kappa" wrote in message news:ds3dtb$rrn$1@news.spamcop.net... > hey! I'm trying to send an e-mail to a friend (djsets.gr) and this damn > program tells me that I'm $%^*$ spamer!!! what is this? can't I > communicate with people anymore because my web domain has the term 'adult' > in it?? > > I want to be removed from this thing NOW! after all we have work to do > From nobody at nowhere.not Sun Feb 5 04:30:20 2006 From: nobody at nowhere.not (Robert Blair) Date: Sat Feb 4 23:35:03 2006 Subject: [SpamCop-List] Re: The New Illiterates References: Message-ID: On Sun, 5 Feb 2006 03:06:42 UTC, eddie wrote: > I disagree. I disagree with you and agree with Pop. Just misspelling to avoid filters. -- Robert Blair From nobody at spamcop.net Sun Feb 5 08:44:10 2006 From: nobody at spamcop.net (Dar) Date: Sun Feb 5 11:45:03 2006 Subject: [SpamCop-List] Re: The New Illiterates References: Message-ID: I don't agree or disagree with anyone. I just look at it as a bonus. These are words/phrases to block with spam filters that are the least risky for blocking legitimate email. Dar From bill_beyer at excite.cXoYmZ Sun Feb 5 12:09:53 2006 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Sun Feb 5 15:05:13 2006 Subject: [SpamCop-List] New Paypal phish... Message-ID: at least to me. http://www.spamcop.net/sc?id=z870000962z18de9ebdbad01bdb27e114f917b33105z I had to cut n paste and "gently" massage this spam before submitting it. I left one of the obfuscated links intact which evidently utilizes a redirect using google search. All of the links to the phishing site looked like the original until I removed the redirect URL prior to submitting. From eddie at eddie.web Sun Feb 5 15:28:10 2006 From: eddie at eddie.web (eddie) Date: Sun Feb 5 15:30:02 2006 Subject: [SpamCop-List] Re: The New Illiterates In-Reply-To: References: Message-ID: Robert Blair wrote: > On Sun, 5 Feb 2006 03:06:42 UTC, eddie wrote: > > >>I disagree. > > > I disagree with you and agree with Pop. Just misspelling to avoid > filters. > > And spelling "You" with a capital "Y" does the trick? Howzat work? And the bad grammar - how does that help? Are filters now grammar-sensitive? And what about misspelling "partner" only once out of two times? I look at it the other way, if the email doesn't pass my spellchecker, it's spam. When I see "alot" I know it's an illiterate spamkiddy. That's they way illiterates spell today. I have a list of the most common misspellings. They use "loose" when they mean "lose," as another example. I manage a few messageboards and I know how today's kids spell - or rather don't. All they know about spelling they learned online. As I recall, the original "Frea Speach" was not misspelled on purpose. No matter, between my spellchecker and the SC filters, they cannot get through my system. I still claim illiteracy. Just look at US test scores. From nobody at xyzzy.claranet.de Sun Feb 5 21:41:26 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Feb 5 15:45:02 2006 Subject: [SpamCop-List] Re: The New Illiterates References: Message-ID: <43E662F6.6F3B@xyzzy.claranet.de> eddie wrote: > Maybe it's time for God to drown us all again. We seem to > be going the wrong way :) Be careful with your prayers. That loeving pwoer, you know. From nobody at xyzzy.claranet.de Sun Feb 5 21:49:39 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Feb 5 15:55:03 2006 Subject: [SpamCop-List] Re: The New Illiterates References: Message-ID: <43E664E2.17D2@xyzzy.claranet.de> eddie wrote: > And spelling "You" with a capital "Y" does the trick? DEnglish, I also tried it for some time... :-( Maybe there are more languages where that's polite (?) > Are filters now grammar-sensitive? Scoring POWER and LOVE probably won't hit PWOER and LOEV. > I have a list of the most common misspellings. URL ? From nobody at nowhere.invalid Sun Feb 5 22:08:20 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Feb 5 16:10:03 2006 Subject: [SpamCop-List] Re: The New Illiterates References: <43E664E2.17D2@xyzzy.claranet.de> Message-ID: On Sun, 05 Feb 2006 21:49:39 +0100, Frank Ellermann coughed into spamcop and left this in <43E664E2.17D2@xyzzy.claranet.de>: > DEnglish, I also tried it for some time... :-( > Maybe there are more languages where that's polite (?) Oft auf Niederl?ndisch / vaak in het Nederlands. Wie geht's heute mit Ihnen? Hoe gaat het vandaag met U? -- Steve Spotted in a toilet of a London office: TOILET OUT OF ORDER. PLEASE USE FLOOR BELOW. From nobody at spamcop.net Sun Feb 5 17:40:03 2006 From: nobody at spamcop.net (Ellen) Date: Sun Feb 5 17:45:11 2006 Subject: [SpamCop-List] Re: New Paypal phish... References: Message-ID: "Bill Beyer" wrote in message news:ds5lpc$bn$1@news.spamcop.net... > at least to me. > > http://www.spamcop.net/sc?id=z870000962z18de9ebdbad01bdb27e114f917b33105z > > I had to cut n paste and "gently" massage this spam before submitting it. I > left one of the obfuscated links intact which evidently utilizes a redirect > using google search. All of the links to the phishing site looked like the > original until I removed the redirect URL prior to submitting. > > It is against the SC TOS/AUP to massage, change, alter or otherwise modify spam to cause the parser to find a url and reporting address that it would not have found based on the analysis of the original unaltered spam. Altering spam can lead to an account cancellation. Please do not continue to do this. Ellen SpamCop From bill_beyer at excite.cXoYmZ Sun Feb 5 20:46:49 2006 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Sun Feb 5 23:45:17 2006 Subject: [SpamCop-List] Re: New Paypal phish... References: Message-ID: "Ellen" wrote in message news:ds5usm$5jk$1@news.spamcop.net... > > > "Bill Beyer" wrote in message > news:ds5lpc$bn$1@news.spamcop.net... > > at least to me. > > > > http://www.spamcop.net/sc?id=z870000962z18de9ebdbad01bdb27e114f917b33105z > > > > I had to cut n paste and "gently" massage this spam before submitting it. > I > > left one of the obfuscated links intact which evidently utilizes a > redirect > > using google search. All of the links to the phishing site looked like the > > original until I removed the redirect URL prior to submitting. > > > > > > It is against the SC TOS/AUP to massage, change, alter or otherwise modify > spam to cause the parser to find a url and reporting address that it would > not have found based on the analysis of the original unaltered spam. > Altering spam can lead to an account cancellation. Please do not continue to > do this. > > Ellen > SpamCop Mea culpa. From now on I'll just submit the spam as is and report the obfuscated link directly to the hosting ISP. AFAIC phishers have a special place in hell reserved just for their slimy butts and I'll go above and beyond to get them shut down. From vogt at spamcop.net Mon Feb 6 17:02:01 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Mon Feb 6 03:05:15 2006 Subject: [SpamCop-List] White-listing does not work... Message-ID: The white listing function for held email does not work - or at least not the way I would expect it. When I whitelist a sender address I want email from this address not be blocked. Spamcop however blocks any email from this sender because the IP address 204.174.223.204 is in the bl.spamcop.net. A mailing list with quite some volume goes through this IP address with the same sender address appearing in the held mail view. Since the IP address has been listed I have to "forward and whitelist" all those mailing list mails. As there a quite a few going through it is very easy to miss one just as it happened a few minutes ago. So now it will take even longer until they are delisted again. If I whitelist a sender address I want any email from this sender address to be forwarded regardless whether or not a host in between is listed in the blocking list. What else would be the purpose of the whitelist?? Can someone please remove my last report of the above IP?? Gerald From ddotrdotnewman at qub.ac.uk Mon Feb 6 09:38:44 2006 From: ddotrdotnewman at qub.ac.uk (David R. Newman) Date: Mon Feb 6 04:40:07 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working In-Reply-To: References: Message-ID: TC wrote: > Hey everyone, > > Spamcop has completely stopped working for me. All I get is a page headed > "error", and this message: > > "An error occurred while processing your request. > Reference #97.83514350.1139046504.441e5a0 " I get exactly the same type of message today (with a different reference), every time I try to connect to Spamcop. Even a plain http://www.spamcop.net/ gets me: An error occurred while processing your request. Reference #97.85514350.1139218537.140580e4 I am in Queen's University Belfast, in the United Kingdom. My connectivity is via the JANET proxy servers (for all the universities in the UK). From / at /.cn Tue Feb 7 00:05:35 2006 From: / at /.cn (Petzl) Date: Mon Feb 6 08:10:04 2006 Subject: [SpamCop-List] Re: White-listing does not work... References: Message-ID: "Gerald Vogt" wrote in message news:ds6vpm$mcv$1@news.spamcop.net... > The white listing function for held email does not work - or at least not > the way I would expect it. The whitelist function only looks at reply email addresses voht@spamcep.nat if entered oly accepts that specific address spamcep.nat will accept all emails ending in that domain nat will accept all email ending in "nat" Petzl From vogt at spamcop.net Mon Feb 6 22:22:45 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Mon Feb 6 08:25:03 2006 Subject: [SpamCop-List] Re: White-listing does not work... In-Reply-To: References: Message-ID: Petzl wrote: > The whitelist function only looks at reply email addresses What are "reply email addresses". Do you mean Reply-To, From, Sender or Return-Path Headers? Either way, all mailing list mails have the same Reply-To, Return-Path and From addresses. Reply-To and From are identical. Return-Path is something else but always the same address, too. I expect the "Forward and whitelist sender" function from the "Held Email" page to whitelist the correct address that is relevant for spamcop. I think, that should be the purpose of this function else it would be next to useless. Once whitelisted I expect those email with the same email address in the relevant header to be forwarded regardless if there's an IP address listed in the blacklist or not. Gerald From lslapiko at lslapiko.com Mon Feb 6 09:48:28 2006 From: lslapiko at lslapiko.com (lslapiko) Date: Mon Feb 6 09:50:03 2006 Subject: [SpamCop-List] Spamcop blocks my e-mail... Message-ID: Hey, My e-mail to the domain thenoise-boston.com is getting blocked by Spamcop although I'm sending a single e-mail to a single person. The IP address it doesn't like is 63.115.7.109. I don't know why this is happening...is there anything I can do about it? Thanks! From jeffg at spamcop.net Mon Feb 6 10:23:41 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 6 10:30:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: Message-ID: lslapiko wrote: > My e-mail to the domain thenoise-boston.com is getting blocked by > Spamcop although I'm sending a single e-mail to a single person. The > IP address it doesn't like is 63.115.7.109. I don't know why this is > happening...is there anything I can do about it? That IP Address is not currently listed by the SCBL, and doesn't have Report History. Can you please post the actual error message in the actual bounce message (munging user names but keeping domain names and IP Addresses)? -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Feb 6 10:45:07 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 6 10:50:02 2006 Subject: [SpamCop-List] Re: White-listing does not work... References: Message-ID: Gerald Vogt wrote: > Return-Path is something else but always the same address, too. Please try whitelisting that email address, and see "Yahoo Groups Mail Blocked?" at http://forum.spamcop.net/forums/index.php?showtopic=2472&view=findpost&p=15986 . -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From pxpearson at spamxcop.net Mon Feb 6 08:05:29 2006 From: pxpearson at spamxcop.net (Peter Pearson) Date: Mon Feb 6 11:05:04 2006 Subject: [SpamCop-List] Re: White-listing does not work... References: Message-ID: Gerald Vogt wrote: > . . . I expect the "Forward > and whitelist sender" function from the "Held Email" page to whitelist > the correct address that is relevant for spamcop. I think, that should > be the purpose of this function else it would be next to useless. Once > whitelisted I expect those email with the same email address in the > relevant header to be forwarded regardless if there's an IP address > listed in the blacklist or not. That's what I'd expect, too, and I think that's the way it works for me. However, one discrepancy: the button I use is "Release and whitelist", not "Forward and whitelist" (e.g., dodin.org/mediawiki/index.php/Examplaire_de_gestion_de_held_mail). When a friend shows up in my Held Mail folder, I click this button and he never shows up there again. -- Remove the two x's to get a good email address. From nobody at xyzzy.claranet.de Mon Feb 6 17:22:14 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Feb 6 11:25:03 2006 Subject: [SpamCop-List] Re: Spamcop's totally stopped working References: Message-ID: <43E777B6.3514@xyzzy.claranet.de> David R. Newman wrote: > Even a plain http://www.spamcop.net/ gets me: > An error occurred while processing your request. > Reference #97.85514350.1139218537.140580e4 > I am in Queen's University Belfast, in the United Kingdom. > My connectivity is via the JANET proxy servers (for all the > universities in the UK). As soon as you've reached connectivity between you (or JANET) and SC is working. Something behind SC's Web server is in trouble, e.g. a problem between SC and its user database on another server. From my POV (two hours later) this works again at the moment, also now (seven hours later). Bye, Frank From kenbrody at spamcop.net Mon Feb 6 11:34:36 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Feb 6 11:40:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: Message-ID: <43E77A9C.73D97F1E@spamcop.net> "Jeff G." wrote: > > lslapiko wrote: > > My e-mail to the domain thenoise-boston.com is getting blocked by > > Spamcop although I'm sending a single e-mail to a single person. The > > IP address it doesn't like is 63.115.7.109. I don't know why this is > > happening...is there anything I can do about it? > > That IP Address is not currently listed by the SCBL, and doesn't have > Report History. Can you please post the actual error message in the > actual bounce message (munging user names but keeping domain names and > IP Addresses)? And don't forget that, unless it's a SpamCop mailbox that you're sending to, SpamCop can't "block" anything. It may be that the recipient's ISP is blocking e-mail based on SpamCop's blacklist, but that's the ISP's decision. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From PossumTrot at dont.spam.me Mon Feb 6 10:10:17 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Feb 6 13:15:02 2006 Subject: [SpamCop-List] Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ Message-ID: http://tinyurl.com/d3ht9 1/4 to 1 cent? How about making that in dollars or Euros. From nobody at nowhere.not Mon Feb 6 18:44:19 2006 From: nobody at nowhere.not (Robert Blair) Date: Mon Feb 6 13:45:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: On Mon, 6 Feb 2006 18:10:17 UTC, "Possum Trot" wrote: > http://tinyurl.com/d3ht9 That is great for their bottom line, charge for something that they should be doing all the time. Another reason NOT to use YAHOO and AOL. > 1/4 to 1 cent? How about making that in dollars or Euros. 1 cent = USD 0.01 1/4 cent = USD 0.0025 -- Robert Blair From nobody at spamcop.net Mon Feb 6 11:10:36 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Feb 6 14:15:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: On Mon, 6 Feb 2006 18:44:19 +0000 (UTC), Robert Blair wrote: > On Mon, 6 Feb 2006 18:10:17 UTC, "Possum Trot" > wrote: > >> http://tinyurl.com/d3ht9 > > That is great for their bottom line, charge for something that they > should be doing all the time. > > Another reason NOT to use YAHOO and AOL. > > >> 1/4 to 1 cent? How about making that in dollars or Euros. > > 1 cent = USD 0.01 > 1/4 cent = USD 0.0025 My impression is that the charges will only apply to bulk email being sent into their domains. Essentially, paying AOL and Yahoo! to be whitelisted by AOL and Yahoo! for email to aol.com and yahoo.com destinations. I could be wrong... -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Mon Feb 6 11:13:51 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Feb 6 14:15:08 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: Message-ID: <18m97alp3xwe8$.dlg@news.spamcop.net> On Mon, 6 Feb 2006 09:48:28 -0500, lslapiko wrote: > Hey, > > My e-mail to the domain thenoise-boston.com is getting blocked by Spamcop > although I'm sending a single e-mail to a single person. Not even possible. SpamCop _could_ block email to such domains as SC runs MX servers for. SpamCop has no control over email to other domains. > The IP address it doesn't like is 63.115.7.109. I don't know why this is > happening...is there anything I can do about it? Could be backscatter to spam traps. I will let others with more inside knowledge than I have address that. Unless you are the administrator for the server being listed by SC, there is not a lot that you can do, other than find alternate service. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From user at domain.invalid Mon Feb 6 13:02:37 2006 From: user at domain.invalid (user@domain.invalid) Date: Mon Feb 6 16:05:13 2006 Subject: [SpamCop-List] Why Blacklisted? Message-ID: Some of our outbound e-mail has been getting kicked back with info in the header saying that we have been blacklisted by SpamCop. I do not understand what is going on; we don't engage in spamming. Example e-mail header: ----------------------------------------------------------- Remote host said: 550 This system is configured to reject mail from 216.173.237.166 [216.173.237.166] (Host blacklisted - Found on Realtime Black List server '166.237.173.216.bl.spamcop.net') ----------------------------------------------------------- 216.173.237.166 is not our IP address; our address is 67.116.196.138 Why the IP address discrepancy? Info from SpamCop website: http://www.spamcop.net/w3m?action=checkblock&ip=216.173.237.166 Thanks. Best Regards, Mark Buckles Harlan Labs San Diego http://www.harlanlabs.com From PossumTrot at dont.spam.me Mon Feb 6 13:16:20 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Feb 6 16:20:04 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-RCpzfwid4csY@dsl-206-55-144-107.tstonramp.com... > On Mon, 6 Feb 2006 18:10:17 UTC, "Possum Trot" > wrote: > >> http://tinyurl.com/d3ht9 > > That is great for their bottom line, charge for something that they > should be doing all the time. > > Another reason NOT to use YAHOO and AOL. > > >> 1/4 to 1 cent? How about making that in dollars or Euros. > > 1 cent = USD 0.01 > 1/4 cent = USD 0.0025 > > > -- > Robert Blair What I meant was that they should charge 1/4 to 1 dollar, not 1/4 to 1 cent cent per spam. They'll argue the trash is not spam, but it's spam if I say it is and it will all get reported. From jeffg at spamcop.net Mon Feb 6 16:37:17 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 6 16:40:03 2006 Subject: [SpamCop-List] Re: Why Blacklisted? References: Message-ID: user@domain.invalid wrote: > Some of our outbound e-mail has been getting kicked back > with info in the header saying that we have been blacklisted > by SpamCop. I do not understand what is going on; we don't > engage in spamming. > > Example e-mail header: > ----------------------------------------------------------- > Remote host said: 550 This system is configured to reject mail > from 216.173.237.166 [216.173.237.166] (Host blacklisted - > Found on Realtime Black List server '166.237.173.216.bl.spamcop.net') > ----------------------------------------------------------- > > 216.173.237.166 is not our IP address; our address is 67.116.196.138 > Why the IP address discrepancy? > > Info from SpamCop website: > http://www.spamcop.net/w3m?action=checkblock&ip=216.173.237.166 Yes, your IP Address is 67.116.196.138, which corresponds to adsl-67-116-196-138.dsl.sndg02.pacbell.net, is apparently an Asynchronous Digital Subscriber Line connected to Pacific Bell in San Diego, CA, USA, part of SBC and now AT&T. However, in this case you are sending out your email through SBC Webhosting mailserver mail26c.sbc-webhosting.com [216.173.237.166], which is currently listed by the SCBL and will continute to be listed for at least 20 hours. "Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) System administrator has already delisted this system once Because of the above problems, express-delisting is not available Listing History In the past 269.0 days, it has been listed 35 times for a total of 27.3 days Other hosts in this "neighborhood" with spam reports 216.173.237.5 216.173.237.6 216.173.237.9 216.173.237.67 216.173.237.69 216.173.237.70 216.173.237.74 216.173.237.103 216.173.237.130 216.173.237.152 216.173.237.164 216.173.237.165 216.173.237.167 216.173.237.180" Report History for mail26c.sbc-webhosting.com [216.173.237.166] follows: Submitted: Wednesday 2006/02/01 07:16:36 -0500: [Zumbrunlaw.com Inquiry] 1643052612 ( 64.143.33.244 ) To: spamcop@imaphost.com 1643052592 ( 64.143.33.244 ) To: abuse@sbcglobal.net 1643052588 ( 216.173.237.166 ) To: abuse@sbcglobal.net 1643052578 ( 204.202.242.68 ) To: abuse#verio.net@devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2006/01/04 01:04:52 -0500: Mail Delivery Failure 1608729753 ( 216.173.237.166 ) To: spamcop@imaphost.com 1608729748 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Friday 2005/12/30 16:34:31 -0500: Mail Delivery Failure 1603922885 ( 216.173.237.166 ) To: spamcop@imaphost.com 1603922873 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Monday 2005/12/26 06:01:48 -0500: failure notice 1598728605 ( 216.173.237.166 ) To: [concealed user-defined recipient] 1598728601 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Monday 2005/12/12 03:01:19 -0500: Selser Schaefer Contact Form 1583429095 ( 64.143.67.171 ) To: spamcop@imaphost.com 1583429074 ( 64.143.67.171 ) To: abuse@sbcglobal.net 1583429069 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Thursday 2005/12/08 04:25:47 -0500: [J-K Web Contact] PickOfTheWeek5897@jkpolysource.com 1579113860 ( 64.143.147.75 ) To: spamcop@imaphost.com 1579113845 ( 64.143.147.75 ) To: abuse@sbcglobal.net 1579113843 ( 216.173.237.166 ) To: abuse@sbcglobal.net 1579113840 ( 204.202.242.37 ) To: abuse#verio.net@devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Thursday 2005/12/08 00:33:03 -0500: [Zumbrunlaw.com Inquiry] 1578913315 ( 64.143.33.244 ) To: spamcop@imaphost.com 1578913312 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 18:52:42 -0500: Newsletter subscription 1578838082 ( 64.143.40.118 ) To: spamcop@imaphost.com 1578838076 ( 64.143.40.118 ) To: abuse@sbcglobal.net 1578838074 ( 216.173.237.166 ) To: abuse@sbcglobal.net 1578838073 ( 204.202.242.36 ) To: abuse#verio.net@devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 18:51:01 -0500: Newsletter subscription 1578663944 ( 64.143.40.118 ) To: spamcop@imaphost.com 1578663935 ( 64.143.40.118 ) To: abuse@sbcglobal.net 1578663933 ( 216.173.237.166 ) To: abuse@sbcglobal.net 1578663931 ( 204.202.242.72 ) To: abuse#verio.net@devnull.spamcop.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2005/11/15 09:06:49 -0500: failure notice 1556697447 ( 216.173.237.166 ) To: spamcop@imaphost.com 1556697441 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2005/11/15 03:57:35 -0500: failure notice 1556456726 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Monday 2005/11/14 16:42:07 -0500: failure notice 1556043418 ( 216.173.237.166 ) To: abuse@sbcglobal.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/11/09 18:08:27 -0500: Re: Is can as someone 1551686581 ( 64.143.58.28 ) To: spamcop@imaphost.com 1551686580 ( 64.143.58.28 ) To: abuse@sbcglobal.net 1551686579 ( 216.173.237.166 ) To: abuse@sbcglobal.net 1551686578 ( 204.202.242.40 ) To: abuse#verio.net@devnull.spamcop.net The vast majority of the 90+ email messages which contributed to the SCBL listings of mail26c.sbc-webhosting.com [216.173.237.166] went to SpamCop Spamtraps, not to the mailboxes of SpamCop Reporters. SBC has an abysmal enforcement record regarding network abuse reports concerning IP Addresses under their care, custody, and control, and their failures are causing you not to get the service you are paying for. Please feel free to discuss these issues with your attorneys and your contacts at SBC. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From pxpearson at spamxcop.net Mon Feb 6 13:41:51 2006 From: pxpearson at spamxcop.net (Peter Pearson) Date: Mon Feb 6 16:45:03 2006 Subject: [SpamCop-List] Re: Why Blacklisted? References: Message-ID: user@domain.invalid wrote: > Some of our outbound e-mail has been getting kicked back > with info in the header saying that we have been blacklisted > by SpamCop. I do not understand what is going on; we don't > engage in spamming. > > Example e-mail header: > ----------------------------------------------------------- > Remote host said: 550 This system is configured to reject mail > from 216.173.237.166 [216.173.237.166] (Host blacklisted - > Found on Realtime Black List server '166.237.173.216.bl.spamcop.net') > ----------------------------------------------------------- > > 216.173.237.166 is not our IP address; our address is 67.116.196.138 > Why the IP address discrepancy? I believe 216.173.237.166 is the IP address of an SBC mailserver, and 67.116.196.138 is the IP address that SBC has assigned to your DSL connection. Your outbound mail is probably processed by SBC through their mailservers, and so, apparently, is some spam. Spamcop maintains a database telling who is currently sending lots of spam. Some sysadmins configure their mail-receiving software to consult Spamcop's database and reject messages from IP addresses flagged as spamful. The header you quoted must come from an intended destination that is configured that way. It appears that you're an innocent victim caught between a very spam-hostile sysadmin and an ISP (SBC) that hasn't managed to keep spammers from using its mailservers. Bummer. If you send the email again, it might go out through a mailserver that isn't on Spamcop's baddies list; but that's not a comfortable long-term solution. Slightly longer-term than that is the observation that in 20 hours, 216.173.237.166 will fall off the baddies list, assuming it behaves itself in the meantime. Solutions still more comfortable for the long term involve (1) getting this intended recipient to whitelist you, so that the baddies list is not consulted (and he may or may not have such a whitelisting capability), or (2) buying email service through somebody who takes better care of his reputation than. A pain, I agree. -- Remove the two x's to get a good email address. From elg at none.com Mon Feb 6 16:15:36 2006 From: elg at none.com (El Guapo) Date: Mon Feb 6 17:20:03 2006 Subject: [SpamCop-List] GMail Account Compromised Message-ID: I have a GMail account that is about 3 months old. I have never used it. No one even knows I have it except the person that extended an invitation to me and someone that I extended an invitation to. I just logon once a month or so to keep the e-mail account open. I've been debating making it my primary account since my yahoo one is flooded with Spam. In January, I started getting spam. Is GMail security compromised or is it more likely one of the two people who know the address have a virus? It's an unusual account that spammers wouldn't just guess. From nobody at spamcop.net Mon Feb 6 17:45:50 2006 From: nobody at spamcop.net (indigo) Date: Mon Feb 6 17:50:04 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: N. Miller wrote: > My impression is that the charges will only apply to bulk email being > sent into their domains. Essentially, paying AOL and Yahoo! to be > whitelisted by AOL and Yahoo! for email to aol.com and yahoo.com > destinations. I could be wrong... Yeah, that's what it is, they won't pass your bulk mail thru their spam filters if you pay up. Expect this to go down in flames, IMO. From nomail at devnull.spamcop.net Mon Feb 6 15:03:55 2006 From: nomail at devnull.spamcop.net (schmide) Date: Mon Feb 6 18:05:03 2006 Subject: [SpamCop-List] My spam is gone. Message-ID: I used to get about 200 spams a day. As of Saturday I get like 20. Its freaking odd to check the held mail and see no new messages. I wonder how I got whitelisted. Schmide From nyesqNOSPEM at hotNOSPEMmail.com Mon Feb 6 18:10:18 2006 From: nyesqNOSPEM at hotNOSPEMmail.com (LawAdmin) Date: Mon Feb 6 18:05:08 2006 Subject: [SpamCop-List] Major Problem Blacklisting All Domains Message-ID: I have a server where one script from one user's domain was apparently exploited. We discovered this on our own and took care of it within a day. AOL was the target the target and we received a small "report card" but the problem is long resolved. Unfortunately spamcop decided to ban the entire server and all other domains on that server. As a result, critically important documents never made it to their targets and people are furious -- not with me anymore but at spamcop and the service they have that uses it. None of the other domains were exploited and everything is at a complete stopping point. I'm not sure what to do here but at this point I have alerted these people that spamcop's banning is the problem. The problems were taken care of several hours ago but I anticipate it days until this problem is cleared up. I sent in a request earlier but at this point you've gone way, way overboard. This can happen anywhere and if you had sent a notice to postmaster this issue could have been resolved. From bar_n0ne at hotmail.com Mon Feb 6 17:07:35 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Feb 6 18:10:02 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: "LawAdmin" wrote in message news:ds8kls$m73$1@news.spamcop.net... > I have a server where one script from one user's domain was apparently > exploited. We discovered this on our own and took care of it within a day. > AOL was the target the target and we received a small "report card" but the > problem is long resolved. Unfortunately spamcop decided to ban the entire > server and all other domains on that server. As a result, critically > important documents never made it to their targets and people are furious -- > not with me anymore but at spamcop and the service they have that uses it. > None of the other domains were exploited and everything is at a complete > stopping point. > > I'm not sure what to do here but at this point I have alerted these people > that spamcop's banning is the problem. The problems were taken care of > several hours ago but I anticipate it days until this problem is cleared up. > I sent in a request earlier but at this point you've gone way, way > overboard. This can happen anywhere and if you had sent a notice to > postmaster this issue could have been resolved. > > Everything worked exactly as it was supposed to. You should charge your client clean up. Sorry but with several hundred spams a day from exploits like yours I have zero sympathy. From nomail at devnull.spamcop.net Mon Feb 6 15:13:28 2006 From: nomail at devnull.spamcop.net (schmide) Date: Mon Feb 6 18:15:03 2006 Subject: [SpamCop-List] Re: My spam is gone. In-Reply-To: References: Message-ID: Sorry I meant listwashed. From Merlyn at Spamcop.net Mon Feb 6 18:13:41 2006 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Feb 6 18:15:09 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: "LawAdmin" wrote in message news:ds8kls$m73$1@news.spamcop.net... >I have a server where one script from one user's domain was apparently > exploited. We discovered this on our own and took care of it within a day. > AOL was the target the target and we received a small "report card" but > the > problem is long resolved. Unfortunately spamcop decided to ban the entire > server and all other domains on that server. As a result, critically > important documents never made it to their targets and people are > furious -- > not with me anymore but at spamcop and the service they have that uses it. > None of the other domains were exploited and everything is at a complete > stopping point. > > I'm not sure what to do here but at this point I have alerted these people > that spamcop's banning is the problem. The problems were taken care of > several hours ago but I anticipate it days until this problem is cleared > up. > I sent in a request earlier but at this point you've gone way, way > overboard. This can happen anywhere and if you had sent a notice to > postmaster this issue could have been resolved. > You post from a roadrunner IP and use a hotmail address. If you want assistance then you will have to post the IP in question. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at devnull.spamcop.net Mon Feb 6 18:34:24 2006 From: nobody at devnull.spamcop.net (Pop) Date: Mon Feb 6 18:35:03 2006 Subject: [SpamCop-List] Re: Why Blacklisted? References: Message-ID: I can't help you out, but I think Jeff and Peter gave you good responses. Basically, the net result is, SBC isn't controlling spammers and you're caught in the middle as an innocent bystander, sort of. Time to register your complaints with them, because the downside of all this is that they could shortly end up on other, much tougher blocklists in other places, and those places do NOT automatically delist, like spamcop does. If that happens, you end up possibly screwed, especially if they're the only game in town for DSL access. With DSL becoming more affordable and more available, this is beginning to show up as problems in other areas, too, so you aren't alone. Be polite, factual and firm: Fire off a complaint to them and ask them what they plan to do about it; include the info you gave here. Your particular complaint probably won't do a lot of good, but ... enough complaints, and they might just begin to listen. Or, you could get a pleasant surprise and be told t hey're on top of it and it'll go away real soon. Or not :-(. Yours is/was one of the very few inquiries I've seen here which included an honest and vaible attempt at including the proper information to allow people to take a look at your situation. Keep that attitude; it goes a long ways. Just my 2 cents, Pop wrote in message news:ds8dhd$gr7$1@news.spamcop.net... : Some of our outbound e-mail has been getting kicked back : with info in the header saying that we have been blacklisted : by SpamCop. I do not understand what is going on; we don't : engage in spamming. : : Example e-mail header: : ----------------------------------------------------------- : Remote host said: 550 This system is configured to reject mail : from 216.173.237.166 [216.173.237.166] (Host blacklisted - : Found on Realtime Black List server '166.237.173.216.bl.spamcop.net') : ----------------------------------------------------------- : : 216.173.237.166 is not our IP address; our address is 67.116.196.138 : Why the IP address discrepancy? : : Info from SpamCop website: : http://www.spamcop.net/w3m?action=checkblock&ip=216.173.237.166 : : Thanks. : : Best Regards, : Mark Buckles : Harlan Labs : San Diego : http://www.harlanlabs.com From nyesqNOSPEM at hotNOSPEMmail.com Mon Feb 6 18:52:06 2006 From: nyesqNOSPEM at hotNOSPEMmail.com (LawAdmin) Date: Mon Feb 6 18:50:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: Spamcop has blocked all mail coming from my server, regardless of domains, to another server that apparently uses spamcop: 550-[OUR IP ADDRESS]:43555 is blacklisted at bl.spamcop.net see Blocked - see 550 http://www.spamcop.net/bl.shtml?64.62.134.202 This is a significant problem. One domain has a script exploited and we take care of it, without warning, and every BUT the people using spamcop have no problems receiving emails from any domain on the server. The blacklisting is done strictly by IP address and this can wreak havoc on innocent domains. The word "overzealous" is appropriate. We have loads of problems with spam and this creates even more problems, especially without warnings. "N. Miller" wrote in message news:18m97alp3xwe8$.dlg@news.spamcop.net... > On Mon, 6 Feb 2006 09:48:28 -0500, lslapiko wrote: > > > Hey, > > > > My e-mail to the domain thenoise-boston.com is getting blocked by Spamcop > > although I'm sending a single e-mail to a single person. > > Not even possible. SpamCop _could_ block email to such domains as SC runs > MX servers for. SpamCop has no control over email to other domains. > > > > The IP address it doesn't like is 63.115.7.109. I don't know why this is > > happening...is there anything I can do about it? > > Could be backscatter to spam traps. I will let others with more inside > knowledge than I have address that. Unless you are the administrator for > the server being listed by SC, there is not a lot that you can do, other > than find alternate service. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Mon Feb 6 19:01:06 2006 From: nobody at devnull.spamcop.net (Pop) Date: Mon Feb 6 19:05:02 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: ===> Comments inline: "LawAdmin" wrote in message news:ds8kls$m73$1@news.spamcop.net... ... Unfortunately spamcop decided to ban the entire : server and all other domains on that server. ===> Wrong. Spamcop does not "ban" "entire server"s and "all other domains on that server". It not only can not do so, it never even lists anything that way in its bolcklist. Spamcop lists single IP, not ranges. Therefore, you must be listed in other, much harder to get off of, blocklists and blasklists. Spamcop is the least of your worries, IFF it's even involved, which is entirely possible from your description. ...As a result, critically : important documents never made it to their targets ===> Only a fool would use e-mail for "critically important documents". Or, you are lying. Either way, it's bogus. and people are furious -- : not with me anymore but at spamcop and the service they have that uses it. ===> What you describe is not anything that came from spamcop. There has to be other, much more formidable lists being used in order to have the magnitude of effect you are claiming. Also, those lists are being misused, which has to be a concious decision made by the ISP/s using the blocklists. Spamcop very clearly states to not use its list for blocking; simply for tagging and/or triggering mail to go to a bulk bin or whatever. Are you the one misusing it? Not that it matters, because as I said, that's not spamcop doing what you described. : None of the other domains were exploited and everything is at a complete : stopping point. ===> Then, if you bothered to read, you know the IP will fall off of spamcop's lists very shortly. IFF it's on the spamcop lists, and I suspect it's not. I think you have misidentified the actual source of the problem/s. : : I'm not sure what to do here but at this point I have alerted these people : that spamcop's banning is the problem. ===> You should be careful of that, because a LOT of people know what spamcop is, and how it functions. You're going to have a lot of egg on your face when the final details all come out, if they come out, that is. The problems were taken care of : several hours ago ===> I consider "hours ago" to be in stark contrast with your earlier comments that it was taken care of "within a day.", and "the problem is long resolved". Either you are BSing or too emotional to get the problem properly stated, making most everything you've said suspect at this point. but I anticipate it days until this problem is cleared up. ===> Probably: It depends on whose block/black lists you are in. If it's spamcop and this is the first time, you're already off the list based on some of your comments, or about to be off it, based on others. If it's any of the myriad others, you could be listed there for a very long time, including the full IP range/s. : ... at this point you've gone way, way : overboard. ===> No, not spamcop, but you have gone overboard by not having taken the time to research or even read the references spamcop would have provided to you about your listing. If there were no references, then it wasn't spamcop, or spamcop was only one of many where you're listed. Not many listers will give you the courtesy of being able to figure out what went wrong like spamcop will - they just figure it's your problem, figure it out. And it looks like you're going to have to. This can happen anywhere and if you had sent a notice to : postmaster this issue could have been resolved. ===> Spamcop is a list, nothing more, unless you happen to have a spamcop mail account. IT's the owner of the servers that decides to use a list or not, and whether they'll use it per the recommended methods, or to go off halfcocked and misuse it. But your worries aren't with spamcop; you need to do a little research to seejust where you are listed and why. As bad as you're trying to make it sound, you are very likely on many lists, and that makes it seem doubtful that this was a single occurrence, and/or you have not stopped the abuse from happening as you claim to have done. A satisfied spamcop user, nothing more Pop : : From jeffg at spamcop.net Mon Feb 6 19:10:50 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 6 19:15:02 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: LawAdmin wrote: > 550-[OUR IP ADDRESS]:43555 is blacklisted at bl.spamcop.net see > Blocked - see > 550 http://www.spamcop.net/bl.shtml?64.62.134.202 Per http://www.spamcop.net/w3m?action=blcheck&ip=64.62.134.202 : 64.62.134.202 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) ... Listing History In the past 61.7 days, it has been listed 2 times for a total of 43 hours Other hosts in this "neighborhood" with spam reports 64.62.134.18 64.62.134.201 Report History for cardozo.thelaw.com [64.62.134.202] follows: Submitted: Wednesday 2005/12/07 00:45:31 -0500: x 1577843758 ( 64.62.134.202 ) To: abuse[at]he.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 00:45:31 -0500: x 1577843759 ( 64.62.134.202 ) To: abuse[at]he.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 00:44:25 -0500: x 1577843933 ( 64.62.134.202 ) To: abuse[at]he.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 00:44:20 -0500: x 1577844009 ( 64.62.134.202 ) To: abuse[at]he.net ------------------------------------------------------------------------ -------- Submitted: Wednesday 2005/12/07 00:44:18 -0500: x 1577844010 ( 64.62.134.202 ) To: abuse[at]he.net ------------------------------------------------------------------------ -------- Submitted: Tuesday 2005/11/29 20:38:32 -0500: [meiwaku] x 1570066957 ( http:// www.jsoul.com ) To: abuse#he.net[at]devnull.spamcop.net 1570066950 ( 64.62.134.202 ) To: spamcop[at]imaphost.com 1570066942 ( 64.62.134.202 ) To: abuse[at]he.net -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at devnull.spamcop.net Mon Feb 6 19:13:29 2006 From: nobody at devnull.spamcop.net (Pop) Date: Mon Feb 6 19:15:07 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: Message-ID: "El Guapo" wrote in message news:ds8hq7$k4r$1@news.spamcop.net... :I have a GMail account that is about 3 months old. I have never used it. No : one even knows I have it except the person that extended an invitation to me : and someone that I extended an invitation to. : : I just logon once a month or so to keep the e-mail account open. I've been : debating making it my primary account since my yahoo one is flooded with : Spam. In January, I started getting spam. : : Is GMail security compromised or is it more likely one of the two people who : know the address have a virus? It's an unusual account that spammers : wouldn't just guess. : : AFAIK, Gmail's decent, not great, and probably isn't compromised. Have you asked them? I know some folk who are pretty happy with their Gmail accounts, and a coupe others who see them as a status symbol for some strange reason. There are so many sources and ways for your address to have been scraped/picked up by spammers that it's impossible to say, based on the info you haven't given especially, why you're getting the spam. It could even have been scraped from your own machine, so it's impossible to say or guess. Yahoo: Do you use their spam filters? They do a pretty excellent job. I don't care for Yahoo, but their filters do work pretty well. I use Yahoo for throw-away and non-critical signups, things like that, and of three current accounts I have there, two of them, both with unusual account names that "spammers wouldn't guess", began to receive spams within three days of their creation. Think about it for awhile and you may be able to figure out some ways that you're letting your real email addresses be seen by the general audience. If anyone can see your email address anywhere, then so can spammers. It's just the way it works, unfortunately. Can you create subaccounts at Gmail? Maybe that would work. Or, get another address. FYI, if any PART of an email account is dictionariable, the spammers will likely eventually find it, especially if it's only followed by a bunch of numbers at the end. HTH, Pop's opinion, Pop From usenet at okean.invalid Mon Feb 6 16:39:14 2006 From: usenet at okean.invalid (Michael Wise) Date: Mon Feb 6 19:40:02 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: In article , "LawAdmin" wrote: > Spamcop has blocked all mail coming from my server, regardless of domains, > to another server that apparently uses spamcop: > > 550-[OUR IP ADDRESS]:43555 is blacklisted at bl.spamcop.net see Blocked - > see > 550 http://www.spamcop.net/bl.shtml?64.62.134.202 > > This is a significant problem. One domain has a script exploited and we take > care of it, without warning, and every BUT the people using spamcop have no > problems receiving emails from any domain on the server. The blacklisting is > done strictly by IP address and this can wreak havoc on innocent domains. > > The word "overzealous" is appropriate. We have loads of problems with spam > and this creates even more problems, especially without warnings. "Competent" is appropriate...as in you need to hire a competent sysadmin who knows how to keep your servers clean from known exploits. Failing to do so and then yiping at SC when you get dinged for it is a bit crazy. --Mike From jeffg at spamcop.net Mon Feb 6 20:01:32 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 6 20:05:04 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: LawAdmin wrote: > This is a significant problem. One domain has a script exploited and > we take care of it, without warning, and every BUT the people using > spamcop have no problems receiving emails from any domain on the > server. The blacklisting is done strictly by IP address and this can > wreak havoc on innocent domains. This is a significant problem. Your one server had a script exploited, we SpamCop Reporters got loads of spam, we SpamCop Reporters Reported it through SpamCop to abuse[at]he.net, we got it blocked by the SCBL for 24 hours, and everyone using the SCBL got no more spam from your server for 24 hours. The script exploited just one IP Address, and this can wreak havoc on our innocent mailboxes. > The word "overzealous" is appropriate. We have loads of problems with > spam and this creates even more problems The phrase "attractive nuisance" is appropriate. We have loads of problems with spam and your maintenance of an "attractive nuisance" created even more problems. > , especially without warnings. abuse[at]he.net got SpamCop Reports, didn't they forward those Reports to you? Please see "How can I get SpamCop reports about my network?" at http://www.spamcop.net/fom-serve/cache/94.html . http://www.spamcop.net/sc?track=64.62.134.202 showed: Cached whois for 64.62.134.202 : abuse[at]he.net Using abuse net on abuse[at]he.net abuse net he.net = abuse[at]he.net Using best contacts abuse[at]he.net Refreshing, I got the following: Removing old cache entries. Tracking details Display data: "whois 64.62.134.202[at]whois.arin.net" (Getting contact from whois.arin.net ) checking NET-64-62-134-192-1 Display data: "whois NET-64-62-134-192-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]he.net Ignoring small (31 IP) network checking NET-64-62-128-0-1 Display data: "whois NET-64-62-128-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]he.net 64.62.128.0 - 64.62.255.255:abuse[at]he.net Routing details for 64.62.134.202 Using abuse net on abuse[at]he.net abuse net he.net = abuse[at]he.net Using best contacts abuse[at]he.net -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From eddie at eddie.web Mon Feb 6 20:44:20 2006 From: eddie at eddie.web (eddie) Date: Mon Feb 6 20:45:02 2006 Subject: [SpamCop-List] Re: The New Illiterates In-Reply-To: <43E664E2.17D2@xyzzy.claranet.de> References: <43E664E2.17D2@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > eddie wrote: > > >>And spelling "You" with a capital "Y" does the trick? > > > DEnglish, I also tried it for some time... :-( > Maybe there are more languages where that's polite (?) > > >>Are filters now grammar-sensitive? > > > Scoring POWER and LOVE probably won't hit PWOER and LOEV. > > >>I have a list of the most common misspellings. > > > URL ? > > It's a private list. I use it to associate posters on messageboards with userIDs. You can change your userID but your grammar and spelling and other characteristics follow you around, making it easy to track people, even to other messageboards. It's separate from "hack-speak" which is reasonably consistent and nearly useless and has even made it into TV, ala CBS' Numb3rs, a trivial example. When argot becomes popular, it becomes useless. Just ask a lawyer or doctor :) From vogt at spamcop.net Tue Feb 7 10:45:10 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Mon Feb 6 20:50:02 2006 Subject: [SpamCop-List] Re: White-listing does not work... In-Reply-To: References: Message-ID: Peter Pearson wrote: > That's what I'd expect, too, and I think that's the way it > works for me. However, one discrepancy: the button I use > is "Release and whitelist", not "Forward and whitelist" (e.g., I am not using the Webmail interface. I only use the reporting interface http://www.spamcop.net/reportheld?action=heldlog and use the options there. And it definitively does not work for the From/Reply-To address. The Return-Path address is not listed in the whitelist though... Gerald From vogt at spamcop.net Tue Feb 7 10:47:15 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Mon Feb 6 20:50:05 2006 Subject: [SpamCop-List] Re: White-listing does not work... In-Reply-To: References: Message-ID: Jeff G. wrote: > Gerald Vogt wrote: >> Return-Path is something else but always the same address, too. > > Please try whitelisting that email address, and see "Yahoo Groups Mail > Blocked?" at > http://forum.spamcop.net/forums/index.php?showtopic=2472&view=findpost&p=15986 . O.K. added the return-path address to the whitelist. Have to wait for the next list e-mail... Gerald From eddie at eddie.web Mon Feb 6 20:50:05 2006 From: eddie at eddie.web (eddie) Date: Mon Feb 6 20:55:02 2006 Subject: [SpamCop-List] Gateway Timeout Bug? Message-ID: I just made a submission and received the dreaded Gateway Timeout message. Hitting the backbutton on the browser, I get a page that seems to indicate that I can no longer submit the spam. I resubmitted it by pasting the message into the window and got another gateway timeout. However, I looked at my Recent Reports and find both submissions logged in. So what do I believe? Did the report really get sent? Or did it just get logged as if it were sent but really wasn't? This has happened before when I got the gateway timout error but I never realized that it might be a bug and that the report was never really sent. From vogt at spamcop.net Tue Feb 7 10:56:49 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Mon Feb 6 21:00:03 2006 Subject: [SpamCop-List] Re: GMail Account Compromised In-Reply-To: References: Message-ID: El Guapo wrote: > I have a GMail account that is about 3 months old. I have never used it. No > one even knows I have it except the person that extended an invitation to me > and someone that I extended an invitation to. > > I just logon once a month or so to keep the e-mail account open. I've been > debating making it my primary account since my yahoo one is flooded with > Spam. In January, I started getting spam. It may just depend on the username you have chosen. I have some spam on addresses that I have never actually used. But I guess spammers just put together known usernames and try to deliver this to common popular webmailer. So if you are using the same username on yahoo and on gmail I would expect spam mails in your mailbox. I have vogt@spamcop.net. I would expect spam mails on addresses like vogt at yahoo.* or vogt at gmail.* even if this address never appears anywhere public and you have never used it. There is something similiar for domain owners: spammers occasionally send spam to addresses like info at yourdomain.* although that address does not even exists... > Is GMail security compromised or is it more likely one of the two people who > know the address have a virus? It's an unusual account that spammers > wouldn't just guess. Not guessing. Just brute force calculations. Bandwidth is there to test many combinations quickly... Gerald From nobody at devnull.spamcop.net Tue Feb 7 12:42:01 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Feb 6 22:45:03 2006 Subject: [SpamCop-List] Re: My spam is gone. In-Reply-To: References: Message-ID: schmide wrote: > I used to get about 200 spams a day. As of Saturday I get like 20. Its > freaking odd to check the held mail and see no new messages. I wonder > how I got whitelisted. > > Schmide I would say, nothing to worry about. Your spam will soon be back tenfold as it was before. From nyesqNOSPEM at hotNOSPEMmail.com Tue Feb 7 01:31:45 2006 From: nyesqNOSPEM at hotNOSPEMmail.com (LawAdmin) Date: Tue Feb 7 01:30:08 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: "Pop" wrote in message news:ds8nvn$olm$1@news.spamcop.net... > ===> Comments inline: > "LawAdmin" wrote in message > news:ds8kls$m73$1@news.spamcop.net... > ... Unfortunately spamcop decided to ban the entire > : server and all other domains on that server. > ===> Wrong. Spamcop does not "ban" "entire server"s and "all > other domains on that server". It not only can not do so, it > never even lists anything that way in its bolcklist. Spamcop > lists single IP, not ranges. It seems that in your desire to be obnoxious it never occurred to you that several domains might be sharing a single server which has one IP address. Thus if one accountholder has a script that was a problem for a few hours and you guys overreact, every domain on that server is hosed. This is what happened. > Therefore, you must be listed in other, much harder to get off > of, blocklists and blasklists. Spamcop is the least of your > worries, IFF it's even involved, which is entirely possible from > your description. It's SpamCop. > > ...As a result, critically > : important documents never made it to their targets > ===> Only a fool would use e-mail for "critically important > documents". Or, you are lying. Either way, it's bogus. Really... are you in kindergarden? People actually use email to send contracts, term sheets and many other items which they think will be delivered on a timely basis. > and people are furious -- > : not with me anymore but at spamcop and the service they have > that uses it. > ===> What you describe is not anything that came from spamcop. > There has to be other, much more formidable lists being used in > order to have the magnitude of effect you are claiming. Really. Then why did I discover one instance of a bounce where it says SPECIFICALLY that SpamCop is the culprit? SMTP error from remote mail server after RCPT TO:: host sprocket.mail.dodgeit.com [111.111.111.111]: 554 Service unavailable; Client host [222.222.222.222] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?222.222.222.222 > Also, those lists are being misused, which has to be a > concious decision made by the ISP/s using the blocklists. > Spamcop very clearly states to not use its list for blocking; > simply for tagging and/or triggering mail to go to a bulk bin or > whatever. Are you the one misusing it? Not that it matters, > because as I said, that's not spamcop doing what you described. > > : None of the other domains were exploited and everything is at a > complete > : stopping point. > ===> Then, if you bothered to read, you know the IP will fall off > of spamcop's lists very shortly. IFF it's on the spamcop lists, > and I suspect it's not. I think you have misidentified the > actual source of the problem/s. REALLY genuis? Well it's been a whole business day and the problem still persists in the evening. > : > : I'm not sure what to do here but at this point I have alerted > these people > : that spamcop's banning is the problem. > ===> You should be careful of that, because a LOT of people know > what spamcop is, and how it functions. You're going to have a > lot of egg on your face when the final details all come out, if > they come out, that is. Eggs and spamcop already served. They know the problem. > The problems were taken care of > : several hours ago > ===> I consider "hours ago" to be in stark contrast with your > earlier comments that it was taken care of "within a day.", and > "the problem is long resolved". Either you are BSing or too > emotional to get the problem properly stated, making most > everything you've said suspect at this point. The problem started earlier and was then taken care of by the following morning. > but I anticipate it days until this problem is cleared up. > ===> Probably: It depends on whose block/black lists you are in. > If it's spamcop and this is the first time, you're already off > the list based on some of your comments, or about to be off it, > based on others. If it's any of the myriad others, you could be > listed there for a very long time, including the full IP range/s. Right now it's yours. > : ... at this point you've gone way, way > : overboard. > ===> No, not spamcop, but you have gone overboard by not having > taken the time to research or even read the references spamcop > would have provided to you about your listing. If there were no > references, then it wasn't spamcop, or spamcop was only one of > many where you're listed. Not many listers will give you the > courtesy of being able to figure out what went wrong like spamcop > will - they just figure it's your problem, figure it out. And it > looks like you're going to have to. Ditto the above. > This can happen anywhere and if you had sent a notice to > : postmaster this issue could have been resolved. > ===> Spamcop is a list, nothing more, unless you happen to have a > spamcop mail account. IT's the owner of the servers that decides > to use a list or not, and whether they'll use it per the > recommended methods, or to go off halfcocked and misuse it. But > your worries aren't with spamcop; you need to do a little > research to seejust where you are listed and why. As bad as > you're trying to make it sound, you are very likely on many > lists, and that makes it seem doubtful that this was a single > occurrence, and/or you have not stopped the abuse from happening > as you claim to have done. As you said, it's just a list. And if it's a list that will cause more problems than it's worth, than that is what it is. > A satisfied spamcop user, nothing more > > Pop Well goodie for you. Evidently you don't have much more to say. The facts are all above. PS -- here's the dumb response I got from SpamCop: "Please be aware that this is a one-time offer. If you delist your server and it continues to be the target of spam reports, it will be re-listed and you will not be allowed to delist it again." What is this "one time offer" stupidity? If someone ingeniously exploits a script on a server somehow you are shut down forever as are every other domain on that server? Is this third grade? Evidently I got it right. This is a list where nobody wants to perform a whit of work to make it a useful service. We all have spam problems. I'd love to get a battering ram and use it on the hackers who exploited the script. We all make efforts to limit spam. If spamcop can't be bothered then I'm free to let my clients know that spamcop is nothing more than an unmoderated list where a quick and potentially badly called strike 2 means you'll never get your email from reasonable sources. From nyesqNOSPEM at hotNOSPEMmail.com Tue Feb 7 01:34:10 2006 From: nyesqNOSPEM at hotNOSPEMmail.com (LawAdmin) Date: Tue Feb 7 01:30:18 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: Well it didn't delist within an hour. We apparently are not the only ones who had the problem and were canned by spamcop. The receipient was wondering why he wasn't received other mail as well. "Jeff G." wrote in message news:ds8rim$r63$1@news.spamcop.net... > LawAdmin wrote: > > This is a significant problem. One domain has a script exploited and > > we take care of it, without warning, and every BUT the people using > > spamcop have no problems receiving emails from any domain on the > > server. The blacklisting is done strictly by IP address and this can > > wreak havoc on innocent domains. > This is a significant problem. Your one server had a script exploited, > we SpamCop Reporters got loads of spam, we SpamCop Reporters Reported it > through SpamCop to abuse[at]he.net, we got it blocked by the SCBL for 24 > hours, and everyone using the SCBL got no more spam from your server for > 24 hours. The script exploited just one IP Address, and this can wreak > havoc on our innocent mailboxes. > > > The word "overzealous" is appropriate. We have loads of problems with > > spam and this creates even more problems > The phrase "attractive nuisance" is appropriate. We have loads of > problems with spam and your maintenance of an "attractive nuisance" > created even more problems. > > > , especially without warnings. > abuse[at]he.net got SpamCop Reports, didn't they forward those Reports > to you? Please see "How can I get SpamCop reports about my network?" at > http://www.spamcop.net/fom-serve/cache/94.html . > > http://www.spamcop.net/sc?track=64.62.134.202 showed: > Cached whois for 64.62.134.202 : abuse[at]he.net > Using abuse net on abuse[at]he.net > abuse net he.net = abuse[at]he.net > Using best contacts abuse[at]he.net > > Refreshing, I got the following: > Removing old cache entries. > > Tracking details > Display data: > "whois 64.62.134.202[at]whois.arin.net" (Getting contact from > whois.arin.net ) > checking NET-64-62-134-192-1 > Display data: > "whois NET-64-62-134-192-1[at]whois.arin.net" (Getting contact from > whois.arin.net ) > Found AbuseEmail in whois abuse[at]he.net > Ignoring small (31 IP) network > checking NET-64-62-128-0-1 > Display data: > "whois NET-64-62-128-0-1[at]whois.arin.net" (Getting contact from > whois.arin.net ) > Found AbuseEmail in whois abuse[at]he.net > 64.62.128.0 - 64.62.255.255:abuse[at]he.net > Routing details for 64.62.134.202 > Using abuse net on abuse[at]he.net > abuse net he.net = abuse[at]he.net > Using best contacts abuse[at]he.net > > -- > Thanks and Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > From nobody at devnull.spamcop.net Tue Feb 7 16:43:17 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue Feb 7 02:45:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains In-Reply-To: References: Message-ID: LawAdmin wrote: > PS -- here's the dumb response I got from SpamCop: > > "Please be aware that this is a one-time offer. If you delist your server > and it continues to be the target of spam reports, it will be re-listed and > you will not be allowed to delist it again." > > What is this "one time offer" stupidity? If someone ingeniously exploits a > script on a server somehow you are shut down forever as are every other > domain on that server? Is this third grade? > > Evidently I got it right. This is a list where nobody wants to perform a > whit of work to make it a useful service. We all have spam problems. I'd > love to get a battering ram and use it on the hackers who exploited the > script. We all make efforts to limit spam. If spamcop can't be bothered then > I'm free to let my clients know that spamcop is nothing more than an > unmoderated list where a quick and potentially badly called strike 2 means > you'll never get your email from reasonable sources. I get the impression you have not the slightest idea what SpamCop is or what it does. Did you actually read anything on the SC website? Your questions and accusations are so ridiculous that really nobody here should even bother to reply! What happened to you and your users does happen to other people from time to time. And guess what: they post their problem or question here, and they usually get the help they need. But spewing insults and accusations does not really encourage anyone to offer help. From vogt at spamcop.net Tue Feb 7 17:18:31 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Tue Feb 7 03:20:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains In-Reply-To: References: Message-ID: LawAdmin wrote: > It seems that in your desire to be obnoxious it never occurred to you that > several domains might be sharing a single server which has one IP address. > Thus if one accountholder has a script that was a problem for a few hours > and you guys overreact, every domain on that server is hosed. This is what > happened. Well, it is impossible to know from the outside whether this is only an account sending spams or if it is a comprimised smtp server or open relay. There is no way to know. Spamcop only registers that spams have been received from that IP address. It cannot know if it is a server or user problem. The only way to prevent this would be to have your SMTP server listed as trusted "clean" server which is maintained well so that it cannot be compromised. That way spamcop would follow the Received-By chain a step further I guess and would report the sender's IP address instead of the relaying SMTP server. > It's SpamCop. No the problem is that your SMTP server has been sending or relaying spam mail. That is the original problem. You have been notified of this on the abuse address. > Really... are you in kindergarden? People actually use email to send > contracts, term sheets and many other items which they think will be > delivered on a timely basis. And? There are administrators out there who are pretty incapable of configuring an SMTP server. They configure it as open relay. It's a company server. People send contracts etc. through that server. Spammers send spam mail through that server. And? The problem is still the SMTP server and its IP address. > Really. Then why did I discover one instance of a bounce where it says > SPECIFICALLY that SpamCop is the culprit? > > SMTP error from remote mail server after RCPT TO:: > host sprocket.mail.dodgeit.com [111.111.111.111]: > 554 Service unavailable; Client host [222.222.222.222] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?222.222.222.222 Oh so secretive about your IP address? Anyway, spamcop is not the culprit. Spamcop is a blocking list. No SMTP server in the world is forced to use it. If administrators decided to use the blacklist to block e-mails it is their decision. You have to complain to the receiver's administrator and ask them not to use Spamcop if you like. Spamcop itself does not block any email. It cannot do so. It has no way to force some server at 111.111.111.111 to refuse an e-mail. It is a service listing IP addresses known to send spam mails. If it is only a few it gets listed for a short time. If it remains it stays longer. Just read the website to understand what spamcop does and what not. > REALLY genuis? Well it's been a whole business day and the problem still > persists in the evening. Check the blacklist. It tells you how long the server remains listed. If you want to dispute the listing, there is a link too. > The problem started earlier and was then taken care of by the following > morning. O.K. The problem was on your side. Your server sent spam mail. Again: give any way how a receiver of spam mail should know if this is server problem or something else... If you administer the server you should have so much computing knowlegde to understand that there is no way. > As you said, it's just a list. And if it's a list that will cause more > problems than it's worth, than that is what it is. It is causing problems to you because you caused problem to other. Wait until it cools off and everything goes back to normal. Just make sure that your users don't send any spams anymore. > "Please be aware that this is a one-time offer. If you delist your server > and it continues to be the target of spam reports, it will be re-listed and > you will not be allowed to delist it again." > > What is this "one time offer" stupidity? If someone ingeniously exploits a > script on a server somehow you are shut down forever as are every other > domain on that server? Is this third grade? Yes. You are responsible for the server and the user on the server. If you let users exploit the server for spam mail it is your problem. > Evidently I got it right. This is a list where nobody wants to perform a > whit of work to make it a useful service. We all have spam problems. I'd > love to get a battering ram and use it on the hackers who exploited the > script. We all make efforts to limit spam. If spamcop can't be bothered then > I'm free to let my clients know that spamcop is nothing more than an > unmoderated list where a quick and potentially badly called strike 2 means > you'll never get your email from reasonable sources. Oh. Just look into the list of blacklists your smtp server is using. Basically all lists work in the same way. The traffic is much too big to manually list and delist IPs all the time. Gerald From vogt at spamcop.net Tue Feb 7 17:21:15 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Tue Feb 7 03:25:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... In-Reply-To: References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: LawAdmin wrote: > Well it didn't delist within an hour. It is delisted now. > We apparently are not the only ones who had the problem and were canned by > spamcop. The receipient was wondering why he wasn't received other mail as > well. So you conclude only because one email is blocked the reason for any other email blocked must be the same? People wonder most of the time about things they have not received yet and sometimes never receive. Maybe the receivers spam filter move it into his spam folder or reported the email to spamcop... Gerald From gezgin at spamcop.net Tue Feb 7 10:34:23 2006 From: gezgin at spamcop.net (gezgin) Date: Tue Feb 7 03:35:02 2006 Subject: [SpamCop-List] Anybody else get one of these? Message-ID: An odd cc'd mail. Excerpts from the headers: Return-Path: Received: from unknown (HELO blade2.cesmail.net) ([192.168.1.212]) by c60.cesmail.net with SMTP; 07 Feb 2006 00:18:14 -0500 Received: (qmail 15141 invoked by uid 1010); 7 Feb 2006 05:18:13 -0000 Date: 7 Feb 2006 05:18:13 -0000 Message-ID: <20060207051813.15140.qmail@blade2.cesmail.net> From: spamcop-net@blade2.cesmail.net Cc: recipient list not shown: ; X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=3 X-SpamCop-Whitelisted: service@intl.paypal.com X-Spam-Level: * X-Spam-Status: No, score=1.8 required=40.0 tests=BAYES_60,MISSING_HEADERS, MISSING_SUBJECT,MSGID_FROM_MTA_HEADER,NO_REAL_NAME autolearn=disabled version=3.0.2-superonline -- Bob http://www.kanyak.com From nobody at spamcop.net Tue Feb 7 01:24:58 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Feb 7 04:30:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: On Mon, 6 Feb 2006 18:52:06 -0500, LawAdmin wrote: > "N. Miller" wrote in message > news:18m97alp3xwe8$.dlg@news.spamcop.net... >> On Mon, 6 Feb 2006 09:48:28 -0500, lslapiko wrote: >>> Hey, >>> >>> My e-mail to the domain thenoise-boston.com is getting blocked by >>> Spamcop although I'm sending a single e-mail to a single person. >> Not even possible. SpamCop _could_ block email to such domains as SC runs >> MX servers for. SpamCop has no control over email to other domains. >>> The IP address it doesn't like is 63.115.7.109. I don't know why this is >>> happening...is there anything I can do about it? >> Could be backscatter to spam traps. I will let others with more inside >> knowledge than I have address that. Unless you are the administrator for >> the server being listed by SC, there is not a lot that you can do, other >> than find alternate service. > Spamcop has blocked all mail coming from my server, regardless of domains, > to another server that apparently uses spamcop: > > 550-[OUR IP ADDRESS]:43555 is blacklisted at bl.spamcop.net see Blocked - > see > 550 http://www.spamcop.net/bl.shtml?64.62.134.202 You really have no idea, do you. Here are a couple of entries from my MX logs: | T 20060206 193500 43e71a08 Connection from 216.155.203.231 | T 20060206 193500 43e71a08 HELO n8a.bullet.dcn.yahoo.com | T 20060206 193500 43e71a08 MAIL FROM: | E 20060206 193505 43e71a08 Host 216.155.203.231 blocked by SpamCop (Tag only) - message tagged. | T 20060206 193505 43e71a08 RCPT TO:<######> | T 20060206 193505 43e71a08 DATA - 129 lines, 4305 bytes. | T 20060206 193505 43e71a08 QUIT | T 20060206 193505 43e71a08 Connection closed with 216.155.203.231, 5 sec. elapsed. | T 20060206 194030 43e71a09 Connection from 67.8.144.72 | T 20060206 194030 43e71a09 ehlo friend | T 20060206 194030 43e71a09 MAIL FROM: | E 20060206 194030 43e71a09 Host 67.8.144.72 blocked by Spamhaus - message rejected. | T 20060206 194030 43e71a09 Connection closed with 67.8.144.72, 0 sec. elapsed. Can you see the difference between the actions on the 'E' lines? Can you see that the "...blocked by SpamCop... line is followed by a "DATA" line, but the "...blocked by Spamhaus..." line is not? SpamCop did _not_, in fact, block that email. Nor did Spamhause block the following email. I tagged the first one, but accepted it; I rejected the second one. That is "I", as in me, by my own action, as administrator for the domain. Nobody else. Not SpamCop, not Spamhaus, not God. > This is a significant problem. One domain has a script exploited and we take > care of it, without warning, and every BUT the people using spamcop have no > problems receiving emails from any domain on the server. The blacklisting is > done strictly by IP address and this can wreak havoc on innocent domains. There is no "innocence" here, because their is no "guilt" implied. There are mail server administrators, such as myself, who are tired of being spammed to death from entities which appear to be slow to react to problems. We choose what to allow, and what to reject. We choose which DNSBLs we will use, and how we will use them. You have a beef with being rejected? Take it up with the administrator doing the rejection. > The word "overzealous" is appropriate. We have loads of problems with spam > and this creates even more problems, especially without warnings. If you are being exploited by spammers, you are getting warnings; the SpamCop notifies which I send out are the warnings. If you are hitting spam traps, it is harder to warn; but you should know not to bounce messages after accepting them. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Tue Feb 7 01:47:46 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Feb 7 04:50:32 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: <7th4yau4cy8m$.dlg@news.spamcop.net> On Tue, 7 Feb 2006 01:31:45 -0500, LawAdmin wrote: > ...why did I discover one instance of a bounce where it says > SPECIFICALLY that SpamCop is the culprit? Because that is what the administrator put in his server. In my response to another post that you made, I posted logs from my MX server. Two connections, one accepted, but tagged as listed by SpamCop, the other rejected. The reject notice looks like this: Your email was refused. See: http://antispam.aosake.net/ for the reason. Doesn't say, "Spamhaus", doesn't say, "SpamCop", doesn't say, "SPEWS". Because none of them block email to my server, _I_ block email to my server, rather, my server does; using lists which I configure my server to consult. What if I put, "Blocked by SpamCop" in a reject notice based on a homegrown DNSBL? It would be a lie; but how would you know it? -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Tue Feb 7 01:49:59 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Feb 7 04:55:17 2006 Subject: [SpamCop-List] Re: Anybody else get one of these? References: Message-ID: <1ecwzjn7okce6$.dlg@news.spamcop.net> On Tue, 7 Feb 2006 10:34:23 +0200, gezgin wrote: > An odd cc'd mail. Excerpts from the headers: Use a tracker URL from a parse. What you posted is totally useless in trying to figure out what happened. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at nowhere.invalid Tue Feb 7 11:49:39 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Feb 7 05:50:15 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: On Mon, 6 Feb 2006 18:52:06 -0500, LawAdmin coughed into spamcop and left this in : > Spamcop has blocked all mail coming from my server, regardless of domains, > to another server that apparently uses spamcop: Spamcop couldn't block mail coming from your server even if it wanted to. It's the admin of the server to which you're sending mail who has decided to rig his/her server to consult the Spamcop DNSBL before accepting mail, and to reject the mail if it's coming from a listed IP address. > This is a significant problem. One domain has a script exploited and > we take care of it, without warning, and every BUT the people using > spamcop have no problems receiving emails from any domain on the > server. The blacklisting is done strictly by IP address and this can > wreak havoc on innocent domains. That's what happens when you have several domains sharing the same IP address. Furthermore, blocking by domain stopped being effective about 10 years ago, which is why nobody does it now except for well-known large networks. > The word "overzealous" is appropriate. How is indicating that spam originated from your IP address "overzealous"? You admitted earlier that this was the case. I'd say it was "factual", not "overzealous". OTOH, if you feel that blocking mail based on the listing in the SCBL is "overzealous" then you ought to take it up with the entity actually doing the blocking. Hint: it's not Spamcop. -- Steve Do molecular biologists wear designer genes? From nobody at devnull.spamcop.net Tue Feb 7 09:31:59 2006 From: nobody at devnull.spamcop.net (Pop) Date: Tue Feb 7 09:35:03 2006 Subject: [SpamCop-List] Re: Spamcop blocks my e-mail... References: <18m97alp3xwe8$.dlg@news.spamcop.net> Message-ID: "LawAdmin" wrote in message news:ds8n3n$o63$1@news.spamcop.net... : Spamcop has blocked all mail coming from my server, regardless of domains, : to another server that apparently uses spamcop: It's that other server that's blocking you, not spamcop. ... From alan at protechdirect.co.uk Tue Feb 7 14:46:32 2006 From: alan at protechdirect.co.uk (Don Black) Date: Tue Feb 7 09:50:02 2006 Subject: [SpamCop-List] Spamcop has blocked my emails! Message-ID: Hi, Every email i send from our domain www.protechdirect.co.uk, gets returned! It doesnt seem to be in the list of banned IP's and we dont send out any spam. Anybody have a clue why we are banned?? thanks in advance From nobody at devnull.spamcop.net Tue Feb 7 09:50:38 2006 From: nobody at devnull.spamcop.net (Pop) Date: Tue Feb 7 09:55:04 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: "LawAdmin" wrote in message news:ds9ehc$65u$1@news.spamcop.net... : "Pop" wrote in message : news:ds8nvn$olm$1@news.spamcop.net... : > ===> Comments inline: : > "LawAdmin" wrote in message : > news:ds8kls$m73$1@news.spamcop.net... : > ... Unfortunately spamcop decided to ban the entire : > : server and all other domains on that server. : > ===> Wrong. Spamcop does not "ban" "entire server"s and "all : > other domains on that server". It not only can not do so, it : > never even lists anything that way in its bolcklist. Spamcop : > lists single IP, not ranges. : : It seems that in your desire to be obnoxious it never occurred to you that : several domains might be sharing a single server which has one IP address. : Thus if one accountholder has a script that was a problem for a few hours : and you guys overreact, every domain on that server is hosed. This is what : happened. no, it's the OTHER end that is doing the blocking; that's where you beef is. You really don't understand what you're doing, do you? : : > Therefore, you must be listed in other, much harder to get off : > of, blocklists and blasklists. Spamcop is the least of your : > worries, IFF it's even involved, which is entirely possible from : > your description. : : It's SpamCop. And very likely many other, worse ones, which is going to be hard to ride out for you. : : > : > ...As a result, critically : > : important documents never made it to their targets : > ===> Only a fool would use e-mail for "critically important : > documents". Or, you are lying. Either way, it's bogus. : : Really... are you in kindergarden? People actually use email to send : contracts, term sheets and many other items which they think will be : delivered on a timely basis. Then those people are fools if they use email for critical functions. Period. You and they will eventually falter badly if you continue to depend on backbones of the 'net for time-sensitive, critical information dispersal. Foolhardy at its best. Stupid at any rate. And very ignorant of the facts of email and the internet. : : > and people are furious -- : > : not with me anymore but at spamcop and the service they have : > that uses it. : > ===> What you describe is not anything that came from spamcop. : > There has to be other, much more formidable lists being used in : > order to have the magnitude of effect you are claiming. : : Really. Then why did I discover one instance of a bounce where it says : SPECIFICALLY that SpamCop is the culprit? In which case you have made a mountain out of a molehill if that's true, because every detail of information you need/ed is/was available to you to handle the situation and get off the list promptly. But you chose to ignore it. : : SMTP error from remote mail server after RCPT TO:: : host sprocket.mail.dodgeit.com [111.111.111.111]: : 554 Service unavailable; Client host [222.222.222.222] blocked using : bl.spamcop.net; Blocked - see : http://www.spamcop.net/bl.shtml?222.222.222.222 : > Also, those lists are being misused, which has to be a : > concious decision made by the ISP/s using the blocklists. : > Spamcop very clearly states to not use its list for blocking; : > simply for tagging and/or triggering mail to go to a bulk bin or : > whatever. Are you the one misusing it? Not that it matters, : > because as I said, that's not spamcop doing what you described. : > : > : None of the other domains were exploited and everything is at a : > complete : > : stopping point. : > ===> Then, if you bothered to read, you know the IP will fall off : > of spamcop's lists very shortly. IFF it's on the spamcop lists, : > and I suspect it's not. I think you have misidentified the : > actual source of the problem/s. : : REALLY genuis? Well it's been a whole business day and the problem still : persists in the evening. Your syntactical abilities are interesting. : > : : > : I'm not sure what to do here but at this point I have alerted : > these people : > : that spamcop's banning is the problem. : > ===> You should be careful of that, because a LOT of people know : > what spamcop is, and how it functions. You're going to have a : > lot of egg on your face when the final details all come out, if : > they come out, that is. : : Eggs and spamcop already served. They know the problem. Who is "they"? : : > The problems were taken care of : > : several hours ago : > ===> I consider "hours ago" to be in stark contrast with your : > earlier comments that it was taken care of "within a day.", and : > "the problem is long resolved". Either you are BSing or too : > emotional to get the problem properly stated, making most : > everything you've said suspect at this point. : The problem started earlier and was then taken care of by the following : morning. : : > but I anticipate it days until this problem is cleared up. : > ===> Probably: It depends on whose block/black lists you are in. : > If it's spamcop and this is the first time, you're already off : > the list based on some of your comments, or about to be off it, : > based on others. If it's any of the myriad others, you could be : > listed there for a very long time, including the full IP range/s. : : Right now it's yours. Ignorance showing; : : > : ... at this point you've gone way, way : > : overboard. : > ===> No, not spamcop, but you have gone overboard by not having : > taken the time to research or even read the references spamcop : > would have provided to you about your listing. If there were no : > references, then it wasn't spamcop, or spamcop was only one of : > many where you're listed. Not many listers will give you the : > courtesy of being able to figure out what went wrong like spamcop : > will - they just figure it's your problem, figure it out. And it : > looks like you're going to have to. : : Ditto the above. : : > This can happen anywhere and if you had sent a notice to : > : postmaster this issue could have been resolved. : > ===> Spamcop is a list, nothing more, unless you happen to have a : > spamcop mail account. IT's the owner of the servers that decides : > to use a list or not, and whether they'll use it per the : > recommended methods, or to go off halfcocked and misuse it. But : > your worries aren't with spamcop; you need to do a little : > research to seejust where you are listed and why. As bad as : > you're trying to make it sound, you are very likely on many : > lists, and that makes it seem doubtful that this was a single : > occurrence, and/or you have not stopped the abuse from happening : > as you claim to have done. : : As you said, it's just a list. And if it's a list that will cause more : problems than it's worth, than that is what it is. And you attribute no responsibility to those who chose to use and implement the list? If being a list makes it moot, I know of a lot of lists for you; but you wouldn't want to use them. Your demonstratiion of ignorance is amusing and pathetic at best, and more accurately trollish, so I'm through with you personally. Others may still try to assist you but personally when I meet a closed mind such as yours it doesn't take long to tire of it. You're really looking pretty boorish and should consider your alternatives now. : > A satisfied spamcop user, nothing more : > : > Pop : : Well goodie for you. Evidently you don't have much more to say. The facts : are all above. : PS -- here's the dumb response I got from SpamCop: : : "Please be aware that this is a one-time offer. If you delist your server : and it continues to be the target of spam reports, it will be re-listed and : you will not be allowed to delist it again." : : What is this "one time offer" stupidity? If someone ingeniously exploits a : script on a server somehow you are shut down forever as are every other : domain on that server? Is this third grade? : : Evidently I got it right. This is a list where nobody wants to perform a : whit of work to make it a useful service. We all have spam problems. I'd : love to get a battering ram and use it on the hackers who exploited the : script. We all make efforts to limit spam. If spamcop can't be bothered then : I'm free to let my clients know that spamcop is nothing more than an : unmoderated list where a quick and potentially badly called strike 2 means : you'll never get your email from reasonable sources. : : From pxpearson at spamxcop.net Tue Feb 7 08:18:32 2006 From: pxpearson at spamxcop.net (Peter Pearson) Date: Tue Feb 7 11:20:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: LawAdmin wrote: > I have a server where one script from one user's domain was apparently > exploited. We discovered this on our own and took care of it within a day. > AOL was the target the target and we received a small "report card" but > the problem is long resolved. Unfortunately spamcop decided to ban the > entire server and all other domains on that server. As a result, > critically important documents never made it to their targets and people > are furious -- not with me anymore but at spamcop and the service they > have that uses it. None of the other domains were exploited and everything > is at a complete stopping point. > > I'm not sure what to do here but at this point I have alerted these people > that spamcop's banning is the problem. The problems were taken care of > several hours ago but I anticipate it days until this problem is cleared > up. I sent in a request earlier but at this point you've gone way, way > overboard. This can happen anywhere and if you had sent a notice to > postmaster this issue could have been resolved. I'm sorry to see that your interaction with this newsgroup has gotten off to a poor start. I hope the following points have penetrated the noise: 1. Spamcop merely maintains a list of IP addresses that have recently been sending spam. Sysadmins sometimes use this list to manage the spam problem, and sometimes they use it too aggressively. Personally, I think rejecting a message is a little harsh, and would prefer that my ISP merely flag it (with a header line) as being from a spammer site. That way, I can use the Spamcop listing in conjunction with other information to decide what's spam. 2. If you use the one-time get-off-Spamcop's-list service and you subsequently get re-listed, you will not stay on the list forever: list entries have a finite lifetime. 3. Spamcop does generally attempt to alert postmasters to their spam problems. The only exception of which I'm aware is when a spammer sends to a spamtrap, in which case alerting the sending postmaster would reveal sources and methods. I hope this helps. Hey, you wouldn't happen to be LawAdmin for the law firm Cantor and Segal, would you? The inventors of spam? -- Remove the two x's to get a good email address. From usenet at okean.invalid Tue Feb 7 08:26:33 2006 From: usenet at okean.invalid (Michael Wise) Date: Tue Feb 7 11:30:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: In article , "LawAdmin" wrote: > > ... Unfortunately spamcop decided to ban the entire > > : server and all other domains on that server. > > ===> Wrong. Spamcop does not "ban" "entire server"s and "all > > other domains on that server". It not only can not do so, it > > never even lists anything that way in its bolcklist. Spamcop > > lists single IP, not ranges. > > It seems that in your desire to be obnoxious it never occurred to you that > several domains might be sharing a single server which has one IP address. Common practice...many of us admin our servers such. > Thus if one accountholder has a script that was a problem for a few hours Translation: the admin of that server was negligent in his duties to make sure that server was secure from exploits...especially since any realized exploit would be very likely to impact all domains on his server. Blame your incompetent admin. > and you guys overreact, every domain on that server is hosed. This is what > happened. Reporting spam as spam to SC and SC including the reported IP in its dnsbl because it meets the listing criteria of being the source of multiple spams is "overreacting"? What should have SC have done? Should they have put on their psychic hats and said: "Oh that's just that law business with the incompetent admin. They're not spammers; just idiots. We had better not list them, as they have important emails to exchange." > > ...As a result, critically > > : important documents never made it to their targets > > ===> Only a fool would use e-mail for "critically important > > documents". Or, you are lying. Either way, it's bogus. > > Really... are you in kindergarden? People actually use email to send > contracts, term sheets and many other items which they think will be > delivered on a timely basis. > > > and people are furious -- > > : not with me anymore but at spamcop and the service they have > > that uses it. > > ===> What you describe is not anything that came from spamcop. > > There has to be other, much more formidable lists being used in > > order to have the magnitude of effect you are claiming. > > Really. Then why did I discover one instance of a bounce where it says > SPECIFICALLY that SpamCop is the culprit? Such bounces say whatever the admin of the server doing the bouncing tells them to say. He could have configured the response to say "blocked because your a loud-mouthed incompetent moron" is he wanted. > > SMTP error from remote mail server after RCPT TO:: > host sprocket.mail.dodgeit.com [111.111.111.111]: > 554 Service unavailable; Client host [222.222.222.222] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?222.222.222.222 > > Also, those lists are being misused, which has to be a > > concious decision made by the ISP/s using the blocklists. > > Spamcop very clearly states to not use its list for blocking; > > simply for tagging and/or triggering mail to go to a bulk bin or > > whatever. Are you the one misusing it? Not that it matters, > > because as I said, that's not spamcop doing what you described. > > > > : None of the other domains were exploited and everything is at a > > complete > > : stopping point. > > ===> Then, if you bothered to read, you know the IP will fall off > > of spamcop's lists very shortly. IFF it's on the spamcop lists, > > and I suspect it's not. I think you have misidentified the > > actual source of the problem/s. > > REALLY genuis? Well it's been a whole business day and the problem still > persists in the evening. If you fail to run your servers properly, expect to stay in the SC penalty box for at least 24 hours. SC and the rest of the world doesn't give a fig about your business day and your important documents. What we do care about is not getting spam from your servers. Perhaps your SC inclusion will be a lesson to you to admin your systems properly or hire somebody who can. > > : > > : I'm not sure what to do here but at this point I have alerted > > these people > > : that spamcop's banning is the problem. > > ===> You should be careful of that, because a LOT of people know > > what spamcop is, and how it functions. You're going to have a > > lot of egg on your face when the final details all come out, if > > they come out, that is. > > Eggs and spamcop already served. They know the problem. And the problem is/was on your end. Nobody is to blame but the admin responsible for the machine which had the exploited script. > ... > PS -- here's the dumb response I got from SpamCop: > > "Please be aware that this is a one-time offer. If you delist your server > and it continues to be the target of spam reports, it will be re-listed and > you will not be allowed to delist it again." > > What is this "one time offer" stupidity? If someone ingeniously exploits a > script on a server somehow you are shut down forever as are every other > domain on that server? Is this third grade? Scripts generally aren't exploited "ingeniously." They are exploited because the the admin responsible for the server has been negligent in his duties are is unqualified for those duties in the first place. Also the "one time offer" does not mean if you get a strike two; you are listed forever. It means you cannot get express delisted a second time. > Evidently I got it right. This is a list where nobody wants to perform a > whit of work to make it a useful service. We all have spam problems. I'd > love to get a battering ram and use it on the hackers who exploited the > script. Why not take the battering ram to the head of the guy responsible for securing the exploited server in the first place? > We all make efforts to limit spam. If spamcop can't be bothered then > I'm free to let my clients know that spamcop is nothing more than an > unmoderated list where a quick and potentially badly called strike 2 means > you'll never get your email from reasonable sources. Please do. Please also tell them that SC does not make exceptions for incompetently managed servers....and then tell them their server fit that bill. --Mike From kenbrody at spamcop.net Tue Feb 7 11:24:31 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Feb 7 11:35:04 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: <43E8C9BF.77779A7E@spamcop.net> LawAdmin wrote: [...] > > ===> Wrong. Spamcop does not "ban" "entire server"s and "all > > other domains on that server". It not only can not do so, it > > never even lists anything that way in its bolcklist. Spamcop > > lists single IP, not ranges. > > It seems that in your desire to be obnoxious it never occurred to you that > several domains might be sharing a single server which has one IP address. > Thus if one accountholder has a script that was a problem for a few hours > and you guys overreact, every domain on that server is hosed. This is what > happened. First, you are confusing "domains" and "SMTP servers". I own several domain names. The server which hosts my website has nothing to do with the SMTP servers which route my outgoing e-mail. And, for some of my domains, the server hosting my website has nothing to do with the SMTP server handling my incoming e-mail, either. And none of my website servers, nor my incoming SMTP servers, have anything to do with the SMTP servers used for my outgoing e-mail. Now, to the outside world, the only thing that is known for certain about incoming e-mail is the IP address of the sending computer. If that computer has sent spam, it can/will be listed on numerous lists. This has nothing to do with domain names, websites, or anything else beyond the SMTP server. If you happen to share an outgoing SMTP server with a spammer, then you risk your outgoing e-mail being blocked by sysadmins who chose to block incoming SMTP connections from servers listed on any of the many blacklists out there. > > Therefore, you must be listed in other, much harder to get off > > of, blocklists and blasklists. Spamcop is the least of your > > worries, IFF it's even involved, which is entirely possible from > > your description. > > It's SpamCop. Just wait until your server gets listed on SPEWS, and see what it takes to get off that list. And there are thousands of personal lists in use which you'll never know about. [...] > > ===> Only a fool would use e-mail for "critically important > > documents". Or, you are lying. Either way, it's bogus. > > Really... are you in kindergarden? People actually use email to send > contracts, term sheets and many other items which they think will be > delivered on a timely basis. If it's "critical", you should follow it up with a second line of communication -- perhaps a phone call -- to see if they got it. Would you send a fax, and simply assume that the person got it? At least in this case, you were notified that their sysadmin decided to block your e-mail. There are many ISPs out there that simply delete such e-mail with no notification to the sender or the intended recipient -- it simply silently disappears. > > and people are furious -- > > : not with me anymore but at spamcop and the service they have > > that uses it. > > ===> What you describe is not anything that came from spamcop. > > There has to be other, much more formidable lists being used in > > order to have the magnitude of effect you are claiming. > > Really. Then why did I discover one instance of a bounce where it says > SPECIFICALLY that SpamCop is the culprit? Because their sysadmin configured the server to lie. > SMTP error from remote mail server after RCPT TO:: > host sprocket.mail.dodgeit.com [111.111.111.111]: > 554 Service unavailable; Client host [222.222.222.222] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?222.222.222.222 Okay, technically this message isn't lying, though the wording can be misleading if you don't actually read it closely. The e-mail was _not_ blocked _by_ SpamCop. Rather, the e-mail was blocked because their server was configured to _use_ the SpamCop list, and was also configured to refuse the connection because of that listing. [...] > > ===> You should be careful of that, because a LOT of people know > > what spamcop is, and how it functions. You're going to have a > > lot of egg on your face when the final details all come out, if > > they come out, that is. > > Eggs and spamcop already served. They know the problem. I see no problem with SpamCop here. > > The problems were taken care of > > : several hours ago > > ===> I consider "hours ago" to be in stark contrast with your > > earlier comments that it was taken care of "within a day.", and > > "the problem is long resolved". Either you are BSing or too > > emotional to get the problem properly stated, making most > > everything you've said suspect at this point. > The problem started earlier and was then taken care of by the following > morning. How long from the time that your problem was "taken care of" and the time that you complained that the server was still listed? (Note that it is currently not listed.) [...] > As you said, it's just a list. And if it's a list that will cause more > problems than it's worth, than that is what it is. The number of problems that it solves for me is orders of magnitude above the number of problems it causes. And the "problems" that it causes for me are cause by people sending e-mail to me via servers that have also sent spam. Note that SpamCop does _not_ block any of my incoming e-mail, even though I use the SpamCop servers, which are the only ones which SpamCop actually _could_ block incoming e-mail if it wanted to. On the rare occasion that I see "legitimate" e-mail being routed to my "held mail" folder, I simply tell SpamCop to whitelist that e-mail address, and it won't reroute e-mail from that person again, even if their server gets listed again for spamming. [...] > PS -- here's the dumb response I got from SpamCop: > > "Please be aware that this is a one-time offer. If you delist your server > and it continues to be the target of spam reports, it will be re-listed and > you will not be allowed to delist it again." > > What is this "one time offer" stupidity? If someone ingeniously exploits a > script on a server somehow you are shut down forever as are every other > domain on that server? Is this third grade? I assume that this is in response to your request to "express delist" the server, bypassing the normal delays in delisting? The "one time offer" here only applies to the "express delisting" ability, because it assumes that if you lied to SpamCop before by telling them that your problem has been fixed, you'll probably keep lying to them in the future. (Imagine if this option were always available to all spammers. That would make the list useless, as spammers would simply express delist themselves over and over again.) No server will be "shut down forever" by SpamCop. (No server can be "shut down" at all by SpamCop, but that fact seems to escape you.) All IP addresses will automatically fall off the list some time after spam stops coming from them. (A key component here, of course, is the "after spam stops coming from them" part.) > Evidently I got it right. This is a list where nobody wants to perform a > whit of work to make it a useful service. We all have spam problems. I'd > love to get a battering ram and use it on the hackers who exploited the > script. We all make efforts to limit spam. If spamcop can't be bothered then > I'm free to let my clients know that spamcop is nothing more than an > unmoderated list where a quick and potentially badly called strike 2 means > you'll never get your email from reasonable sources. First, there is no "never" here, as stated above, and numerous times by others. Second, falsely reporting spam can get a user banned forever from SpamCop. If you are falsely reported, and you can demonstrate that the report is false, a SpamCop deputy can un-do that report immediately, even if you have previously used the "express delist" option. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Tue Feb 7 11:26:49 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Feb 7 11:35:10 2006 Subject: [SpamCop-List] Re: Spamcop has blocked my emails! References: Message-ID: <43E8CA49.DDE19334@spamcop.net> Don Black wrote: > > Hi, > > Every email i send from our domain www.protechdirect.co.uk, gets returned! > It doesnt seem to be in the list of banned IP's and we dont send out any > spam. > > Anybody have a clue why we are banned?? What is the complete, exact, message you get telling you that your e-mail bounced? How do you know that your SMTP server's IP isn't listed by SpamCop? How do you know that the mail was bounced because of SpamCop's blacklist? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From 96q7vwa02 at sneakemail.com Tue Feb 7 08:01:17 2006 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Tue Feb 7 12:05:02 2006 Subject: [SpamCop-List] I could be wrong Message-ID: I see a number of complaints from various senders, including LawAdmin, Islapiko and kiriakos kappa, complaining about SC blocking them. Quite a few of them seem to be ignorant about the subject, including "sysops". The majority never reply to requests for trackers/more information. I think they maybe pranksters, using up peoples help resources. I believe that is their intent. Fred k. From spamcop-list-at-news.spamcop.net at musaic.net Tue Feb 7 18:14:41 2006 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Tue Feb 7 12:15:54 2006 Subject: [SpamCop-List] I could be wrong In-Reply-To: References: Message-ID: <22592678.20060207181441@musaic.net> Fred K: > I see a number of complaints from various senders, including LawAdmin, > Islapiko and kiriakos kappa, complaining about SC blocking them. Quite > a few of them seem to be ignorant about the subject, including "sysops". > The majority never reply to requests for trackers/more information. I > think they maybe pranksters, using up peoples help resources. I believe > that is their intent. Not necessarily - saccording to my own (and very private) statistics, spam is on the rise - this spam has to come from somewhere - and the spam might just as well com by way of the exploited disservices of "LawAdmin", Islapiko and Kiriakos Kappa... -- St PS! Don't mind my spam/virus/419-pestered IP...it belongs to Ghanaian telecom operator Spacefon...and they operate according to Eric Agyeman's old highlife classic "I Don't Care". From nobody at xyzzy.claranet.de Tue Feb 7 19:47:14 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Feb 7 13:50:03 2006 Subject: [SpamCop-List] Re: Anybody else get one of these? References: <1ecwzjn7okce6$.dlg@news.spamcop.net> Message-ID: <43E8EB32.3A2F@xyzzy.claranet.de> N. Miller wrote: > Use a tracker URL from a parse. Yes please... > What you posted is totally useless in trying to figure out > what happened. ...OTOH that's simple: A system styling itself as blade2.cesmail talked to a system c60.cesmail. But its IP was _not_ the IP of the real blade2 (216.x.y.z), it was 192.1.whatever. A liar. It used a bogus Return-Path service@intl.paypal.com - a nice trick if the OP has _really_ whitelisted this address. The receiver c60.cesmail didn't check the sender policy of intl.paypal.com, otherwise the result would be a SOFTFAIL: http://openspf.org/why.html?sender=service@intl.paypal.com&ip=192.168.1.212 I hope that some supporters of SPF sooner or later actually start to use it for _checking_ and not only for _publishing_ sender policies. Bye, Frank From Bert at pittmanfamily.org Tue Feb 7 13:25:11 2006 From: Bert at pittmanfamily.org (Bert Pittman) Date: Tue Feb 7 14:30:03 2006 Subject: [SpamCop-List] spamcop is cause me to bounce of rootsweb mailing lists Message-ID: Hi I think i am an indirect user of spamcop. I have a forwarding email account which goes through my brother's domain, and I think he uses spamcop on all mail his site handles. Anyway in the last week I have been bounced off two of rootsweb's mailing lists twice in the last week. One of the list admins sent me the trace and it includes the following lines: > >>> DATA ><<< 550-Message rejected because lists5.rootsweb.com [66.43.27.41]:39671 is ><<< 550-blacklisted at bl.spamcop.net see Blocked - see ><<< 550 http://www.spamcop.net/bl.shtml?66.43.27.41 >550 5.1.1 bert@pittmanfamily.org... User unknown anyone know what to do to fix the problem? From nobody at nowhere.not Tue Feb 7 19:45:36 2006 From: nobody at nowhere.not (Robert Blair) Date: Tue Feb 7 14:50:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: On Tue, 7 Feb 2006 06:31:45 UTC, "LawAdmin" wrote: > > ...As a result, critically > > : important documents never made it to their targets > > ===> Only a fool would use e-mail for "critically important > > documents". Or, you are lying. Either way, it's bogus. > > Really... are you in kindergarden? People actually use email to send > contracts, term sheets and many other items which they think will be > delivered on a timely basis. SMTP (Simple Mail Transfer Protocol) is not a reliable protocol, so email is not guaranteed to be delivered. Even without blacklists your email may never be delivered, so using it for "critically important documents" without checking to see if it was delivered using some other method of communications is stupid. -- Robert Blair From usenet at okean.invalid Tue Feb 7 12:49:43 2006 From: usenet at okean.invalid (Michael Wise) Date: Tue Feb 7 15:50:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: In article , "Bert Pittman" wrote: > Hi > I think i am an indirect user of spamcop. I have a forwarding email > account > which goes through my brother's domain, and I think he uses spamcop on all > mail > his site handles. > Anyway in the last week I have been bounced off two of rootsweb's mailing > lists > twice in the last week. One of the list admins sent me the trace and it > includes the following lines: > > > >>> DATA > ><<< 550-Message rejected because lists5.rootsweb.com [66.43.27.41]:39671 is > ><<< 550-blacklisted at bl.spamcop.net see Blocked - see > ><<< 550 http://www.spamcop.net/bl.shtml?66.43.27.41 > >550 5.1.1 bert@pittmanfamily.org... User unknown > > anyone know what to do to fix the problem? That's an easy one: get rootsweb.com servers to stop spamming (they are sending mails to spam trap addresses). --Mike From / at /.cn Wed Feb 8 07:59:25 2006 From: / at /.cn (Petzl) Date: Tue Feb 7 16:00:03 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dsajp3$um2$1@news.spamcop.net... >I see a number of complaints from various senders, including LawAdmin, >Islapiko and kiriakos kappa, complaining about SC > blocking them. Quite a few of them seem to be ignorant about the subject, > including "sysops". The majority never reply to requests for trackers/more > information. I think they maybe pranksters, using up peoples help > resources. > I believe that is their intent. > > Fred k. > If an email server is competently set-up SpamCop's SCBL will only list the *computer* sending the spam That is only after SpamCop has tried to notify the email address given for the operator of that IP Example of a properly configured computer http://www.spamcop.net/sc?id=z871249632zae6106dbbd2b364ca8a481fc16532d2az you will see that SpamCop identified NO email servers just the IP <203.134.9.119> of my computer that sent the above example to hotmail http://www.geobytes.com/IpLocator.htm you can go here and put/replace that IP in the box and see the country,city, suburb that IP belongs to If ANYONE is listed by SpamCop's SCBL it means they have a problem they should fix and need to fix. SpamCop would have made an attempt to tell them so The right to have a broken email server and expect customers to pay for this dis-service is idiotic and nothing more than a threat The fix is to get a Proper email service like SpamCop's Email service for the only email address you will ever need http://www.spamcop.net/ces/individuals.shtml Petzl From / at /.cn Wed Feb 8 08:10:01 2006 From: / at /.cn (Petzl) Date: Tue Feb 7 16:15:03 2006 Subject: [SpamCop-List] Re: Spamcop has blocked my emails! References: Message-ID: "Don Black" wrote in message news:dsabt4$p5h$1@news.spamcop.net... > Hi, > > Every email i send from our domain www.protechdirect.co.uk, gets > returned! > It doesnt seem to be in the list of banned IP's and we dont send out any > spam. > > Anybody have a clue why we are banned?? > > thanks in advance Your IP 86.142.103.255 is clean how ever if the email provider has not competently set-up their email server after a great many attempts by SpamCop to report a problem SpamCop will list that rouge email server (It would help if you gave the IP SpamCop is supposedly rejecting) If an email server is competently set-up SpamCop's SCBL will only list the *computer* sending the spam That is only after SpamCop has tried to notify the email address given for the operator of that IP Example of a properly configured computer http://www.spamcop.net/sc?id=z871249632zae6106dbbd2b364ca8a481fc16532d2az you will see that SpamCop identified NO email servers just the IP <203.134.9.119> of my computer that sent the above example to hotmail From / at /.cn Wed Feb 8 08:23:47 2006 From: / at /.cn (Petzl) Date: Tue Feb 7 16:25:03 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: Message-ID: "El Guapo" wrote in message news:ds8hq7$k4r$1@news.spamcop.net... >I have a GMail account that is about 3 months old. I have never used it. No >one even knows I have it except the person that extended an invitation to >me and someone that I extended an invitation to. > > I just logon once a month or so to keep the e-mail account open. I've been > debating making it my primary account since my yahoo one is flooded with > Spam. In January, I started getting spam. > > Is GMail security compromised or is it more likely one of the two people > who know the address have a virus? It's an unusual account that spammers > wouldn't just guess. Gmail, I think is still in beta, so anything is possible Spammers get email address from scraping them from websites newsgroups (including this one) using "spiders" supplied by "IT" staff at sending and or receiving end of email messages compromised computer where they also get passwords credit cards phone numbers and home addresses (home invasions are now common) blackmail details etc Really important to secure your computer Petzl -- SECURE YOUR WINDOWS COMPUTER NOW!! Keep Windows UPDATED AVG 7.0 Free Edition" Anti-Virus Check your computer for "SpyWare" (free MS Product) a good firewall for windows(free version available) Use a Password Saver on USB removable drive to store passwords From Bert at pittmanfamily.org Tue Feb 7 15:39:38 2006 From: Bert at pittmanfamily.org (Bert Pittman) Date: Tue Feb 7 16:40:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: Rootsweb is a total free genealogy site so I don't understand why they would be spamming anyone. Give me some details about their abuse and I will take it up with their support staff. Thanks. Bert "Michael Wise" wrote in message news:usenet-46E7CF.12494207022006@news.cesmail.net... > In article , > "Bert Pittman" wrote: > > > Hi > > I think i am an indirect user of spamcop. I have a forwarding email > > account > > which goes through my brother's domain, and I think he uses spamcop on all > > mail > > his site handles. > > Anyway in the last week I have been bounced off two of rootsweb's mailing > > lists > > twice in the last week. One of the list admins sent me the trace and it > > includes the following lines: > > > > > >>> DATA > > ><<< 550-Message rejected because lists5.rootsweb.com [66.43.27.41]:39671 is > > ><<< 550-blacklisted at bl.spamcop.net see Blocked - see > > ><<< 550 http://www.spamcop.net/bl.shtml?66.43.27.41 > > >550 5.1.1 bert@pittmanfamily.org... User unknown > > > > anyone know what to do to fix the problem? > > > That's an easy one: get rootsweb.com servers to stop spamming (they are > sending mails to spam trap addresses). > > > > --Mike From johnl at in.newsgroup.only Tue Feb 7 21:47:41 2006 From: johnl at in.newsgroup.only (JohnL) Date: Tue Feb 7 16:50:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: "Bert Pittman" wrote in news:dsb42s$8sd$1 @news.spamcop.net: > Give me some details about their abuse and I will take it up > with their support staff. All they need is... http://www.spamcop.net/w3m?action=blcheck&ip=66.43.27.41 From / at /.cn Wed Feb 8 09:27:50 2006 From: / at /.cn (Petzl) Date: Tue Feb 7 17:30:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: "Bert Pittman" wrote in message news:dsb42s$8sd$1@news.spamcop.net... > Rootsweb is a total free genealogy site so I don't understand why they > would be > spamming anyone. Give me some details about their abuse and I will take > it up > with their support staff. > Thanks. > > Bert > The last 3 there are many more all reports sent to fraud [AT] myfamilyinc com ******* Submitted: Thursday, 2 February 2006 2:05:28 PM +1100: [UpFront: NGS] UpFront with NGS - Volume 5, Number 2 - 1st February 2006 Submitted: Monday, 30 January 2006 5:23:11 AM +1100: [HESSE] Re: Latin meaning of cerevisia and vexillifri Submitted: Monday, 23 January 2006 12:58:09 AM +1100: {not a subscriber} Morgage ratesLowered ****** 66.43.27.41 is a email server (off line?) http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=66.43.27.41 If an email server is competently set-up SpamCop's SCBL will only list the *computer* sending the spam That is only after SpamCop has tried to notify the email address given for the operator of that IP Example of a properly configured computer http://www.spamcop.net/sc?id=z871249632zae6106dbbd2b364ca8a481fc16532d2az you will see that SpamCop identified NO email servers just the IP <203.134.9.119> of my computer that sent the above example to hotmail http://www.geobytes.com/IpLocator.htm you can go here and put/replace that IP in the box and see the country,city, suburb that IP belongs to If ANYONE is listed by SpamCop's SCBL it means they have a problem they should fix and need to fix. SpamCop would have made an attempt to tell them so Petzl From me at privacy.net Tue Feb 7 23:10:02 2006 From: me at privacy.net (Michael R N Dolbear) Date: Tue Feb 7 18:15:02 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: Message-ID: <01c62c02$655eb4a0$LocalHost@default> Pop wrote [...] > get another address. FYI, if any PART of an email account is > dictionariable, the spammers will likely eventually find it, > especially if it's only followed by a bunch of numbers at the > end. Have you any evidence of this ? ie, if mark.weber4095 and mark.weber314159 both exist, have you ever seen anyone trying some or all of the numbers in between ? -- Mike D From 96q7vwa02 at sneakemail.com Tue Feb 7 14:32:21 2006 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Tue Feb 7 18:35:02 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dsajp3$um2$1@news.spamcop.net... >I see a number of complaints from various senders, including LawAdmin, >From the content of the two replies I must not have made my point clear. My point is: I think that a majority of the complainers are baiting the people in the forum. They do not reply when further info is requested. Fred k. From nobody at devnull.spamcop.net Tue Feb 7 19:22:01 2006 From: nobody at devnull.spamcop.net (Pop) Date: Tue Feb 7 19:25:03 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dsbam3$dnv$1@news.spamcop.net... : : "Fred K." <96q7vwa02@sneakemail.com> wrote in message : news:dsajp3$um2$1@news.spamcop.net... : >I see a number of complaints from various senders, including LawAdmin, : : From the content of the two replies I must not have made my point clear. My : point is: : I think that a majority of the complainers are baiting the people in the : forum. They do not reply when further info is requested. : : Fred k. : : Well, strictly IMO, but it really is possible you (and I, since I agree with you) are wrong, and one of the very strong points I've noticed about this group is that it doesn't give up because of possible ignorance or a closed mind at the other end. Over the years Iv'e watched and read some very interesting threads where I thought they guyus & gals were nuts for being so paitent, and then bingo/bongo, something triggers, and a rude start turns into a thoughtful response and a thanks for the help. One of the very strong points of discussions such as these are the wealth of information and experience that they freely share with the rest of us. With all due respect to Wazoo and predecessors, I've probably learned many magnitudes more from reading this sort of thread than from wading through all the FAQs. Somehow, it has more relevance for me this way. I"ve had differences with spamcop's methodologies a time or two, but I have NEVER, EVER had a legitimate problem with any of the faithful who post here that wasn't of my own ignorance in one way or another. One learns very quickly that way, believe me . I have seen unbelievable interpersonal skills exercised here in this group which by far exceed any I've seen anywhere else. 'nuff soapboxing, I guess. Regards, Pop From usenet at okean.invalid Tue Feb 7 16:28:53 2006 From: usenet at okean.invalid (Michael Wise) Date: Tue Feb 7 19:30:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: In article , "Bert Pittman" wrote: > Rootsweb is a total free genealogy site so I don't understand why they would > be > spamming anyone. Give me some details about their abuse and I will take it > up > with their support staff. http://www.spamcop.net/w3m?action=blcheck&ip=66.43.27.41 The listing is set to expire within an hour, so they may not see the reason after that, but right now, that link has text saying: > Causes of listing > > * System has sent mail to SpamCop spam traps in the past week (spam traps > are secret, no reports or evidence are provided by SpamCop) > * SpamCop users have reported system as a source of spam less than 10 > times in the past week So, 66.43.27.41 has been relaying emails to spam trap addresses. These are non-trivial addresses (as in not dictionary words or easy to guess) addresses which have never been published. Therefor, it can be rightfully assumed that any email sent to them is spam. --Mike > "Michael Wise" wrote in message > news:usenet-46E7CF.12494207022006@news.cesmail.net... > > In article , > > "Bert Pittman" wrote: > > > > > Hi > > > I think i am an indirect user of spamcop. I have a forwarding email > > > account > > > which goes through my brother's domain, and I think he uses spamcop on > > > all > > > mail > > > his site handles. > > > Anyway in the last week I have been bounced off two of rootsweb's > > > mailing > > > lists > > > twice in the last week. One of the list admins sent me the trace and it > > > includes the following lines: > > > > > > > >>> DATA > > > ><<< 550-Message rejected because lists5.rootsweb.com [66.43.27.41]:39671 > > > >is > > > ><<< 550-blacklisted at bl.spamcop.net see Blocked - see > > > ><<< 550 http://www.spamcop.net/bl.shtml?66.43.27.41 > > > >550 5.1.1 bert@pittmanfamily.org... User unknown > > > > > > anyone know what to do to fix the problem? > > > > > > That's an easy one: get rootsweb.com servers to stop spamming (they are > > sending mails to spam trap addresses). > > > > > > > > --Mike From nobody at devnull.spamcop.net Tue Feb 7 19:36:39 2006 From: nobody at devnull.spamcop.net (Pop) Date: Tue Feb 7 19:40:03 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: <01c62c02$655eb4a0$LocalHost@default> Message-ID: "Michael R N Dolbear" wrote in message news:01c62c02$655eb4a0$LocalHost@default... : Pop wrote : [...] : > get another address. FYI, if any PART of an email account is : > dictionariable, the spammers will likely eventually find it, : > especially if it's only followed by a bunch of numbers at the : > end. : : Have you any evidence of this ? : : ie, if mark.weber4095 and mark.weber314159 both exist, have you ever : seen anyone trying some or all of the numbers in between ? : : : -- : Mike D : Not to sound like a smartass, but yes, I have seen itanecdotally in articles about the spamming industry. It's a pretty simple task for a piece of spamware to start sending mails to mark.wever000 through mark.weber 999999 and probably beyond. The spammer doesnt' care because his machine/s can sit there 24/7 spewing their tripe hoping for a hit on a sucker, and if it's got zombies working for it, it's even easier, I think. It's a practice that's several years old. I can't lead you to any URLs at the moment but it's a pretty well known, and old, method of spamming. mark.wever in particular isn't hard to dictionary, especially since it's a valid name for someone, even if if not you. That said, markDOTweber IS a slightly better and more secure way to assemble a username. Numbers, if used, shoud be internal to the name though for the hardest work to dictionary an auto-sending spam app. e.g. mark991100.web67erATsomeDOTcom is much more secure. The best protection however is to use "safe hex" as many like to call it. Just don't put your email out there. When all is said and done, I think nowadays scraping and crawling plus zombies are the preferred way to pick up email addresses. So the more you keep your non-dictionariable name off the internet, the more secure you will be. Personally, I have never used, and never will use, my actual signed-up main email address. In fact, it onlyh exists on a sheet of paper in my file cabinet, in case I should forget it when I'm working with my ISP . Otherwise I have have a few other addresses I use for various things and even a couple of Yahoo addresses for don't care signups. I use it long enough to get the confirmation email, and that's it as a general but not exclusive rule. Names that I want people to contact me at, I make as I go along. I don't think I get more than ten spams in any week over the last couple years, but prior to that I even left an ISP because of the spam. My 2 ¢, anyway Pop From nobody at nowhere.not Wed Feb 8 04:07:03 2006 From: nobody at nowhere.not (Robert Blair) Date: Tue Feb 7 23:10:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: On Tue, 7 Feb 2006 22:27:50 UTC, "Petzl" wrote: > If an email server is competently set-up SpamCop's SCBL will only list the > *computer* sending the spam Not entirely true. I use mailhosts. The parse stops at the first non-mailhost receive header for spam that I submit. This will list mail servers that are not in my mailhosts. -- Robert Blair From nobody at nowhere.not Wed Feb 8 04:16:21 2006 From: nobody at nowhere.not (Robert Blair) Date: Tue Feb 7 23:20:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: On Tue, 7 Feb 2006 21:39:38 UTC, "Bert Pittman" wrote: > Rootsweb is a total free genealogy site so I don't understand why they would be > spamming anyone. Give me some details about their abuse and I will take it up > with their support staff. They are owned by MyFamily.com which does spam. So if MyFamily.com uses the same email servers as Rootsweb they will be listed with them. Another problem that Rootsweb has is they do not verify email address that subscribe to any of their mailing lists. If a spammer subscribes and gives a fake address Rootsweb may get reported as a spammer. -- Robert Blair A Rootsweb subscriber so I know of what I speak. From MikeE at ster.invalid Tue Feb 7 22:20:20 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 8 01:25:04 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: Message-ID: El Guapo wrote: > It's an unusual account > that spammers wouldn't just guess. That 'unusual' assumption is not justified without 'mathematical' support or other practical evidence. That is, what you think is an 'unusual' or unique ['wouldn't guess'] username actually isn't t AT all. In the case of a sufficiently common username [ie NOT one which has ever ever ever been used before], the issue becomes mundane, ie, regular ol' spam to a regular ol' sufficently 'common' previously used username. [Where common means not actually derived by a username random generator] What's the big deal about that? Spam SOP. Boring case. If that mixup is confusing, that means that -- you have to 'prove' that any particular username is actually unique -- because if it isn't uniquely created, then likely it isn't actually unique. And if it isn't actually unique, then it isn't unique at all -- it is just another username, like 'fred' only different, so that blah123 isn't any more unique than 'fred' and your idea of a 'unusual' username is wrongheaded. -- Mike Easter kibitzer, not SC admin From nospam.- at _nomail_pfi.lt_bvcm Wed Feb 8 07:29:25 2006 From: nospam.- at _nomail_pfi.lt_bvcm (Mindaugas) Date: Wed Feb 8 02:30:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: Now example of Spamcop malfunction of test mail from well configured server: Headers: Return-Path: <$@#^^%&^@rambler.ru> Received: from mxb.rambler.ru (mxb.rambler.ru [81.19.66.30]) by spi.pfi.lt (8.12.10/8.12.10) with ESMTP id k18798HY032466 for ; Wed, 8 Feb 2006 09:09:08 +0200 Received: from rambler.ru (mail13.rambler.ru [81.19.71.15]) by mxb.rambler.ru (Postfix) with ESMTP id 60B8632698 for ; Wed, 8 Feb 2006 10:09:13 +0300 (MSK) Received: from [193.219.52.43] (account %$$$@&^&$$%@rambler.ru) by mail13.rambler.ru (CommuniGate Pro WebUser 4.2.10) with HTTP id 15600637 for x; Wed, 08 Feb 2006 10:08:10 +0300 From: "%&$@%$^%&$%" <^*##%^^%&@rambler.ru> Subject: tst To: x X-Mailer: CommuniGate Pro WebUser Interface v.4.2.10 Date: Wed, 08 Feb 2006 10:08:10 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251"; format="flowed" Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.54 on 193.219.52.129 X-PMFLAGS: 34078848 0 1 P1A8D0.CNM It is seen that real IP address is: 193.219.52.43 And parsing results: Parsing header: 0: Received: from mxb.rambler.ru (mxb.rambler.ru [81.19.66.30]) by spi.pfi.lt (8.12.10/8.12.10) with ESMTP id k18798HY032466 for ; Wed, 8 Feb 2006 09:09:08 +0200 Hostname verified: mxb.rambler.ru pfi.lt received mail from sending system 81.19.66.30 1: Received: from rambler.ru (mail13.rambler.ru [81.19.71.15]) by mxb.rambler.ru (Postfix) with ESMTP id 60B8632698 for ; Wed, 8 Feb 2006 10:09:13 +0300 (MSK) Hostname verified: mail13.rambler.ru Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source: 81.19.66.30: Routing details for 81.19.66.30 [refresh/show] Cached whois for 81.19.66.30 : csa@rambler-co.ru denis@rambler-co.ru Using last resort contacts csa@rambler-co.ru denis@rambler-co.ru Yum, this spam is fresh! Message is 0 hours old 81.19.66.30 not listed in dnsbl.njabl.org 81.19.66.30 not listed in dnsbl.njabl.org 81.19.66.30 not listed in cbl.abuseat.org 81.19.66.30 not listed in dnsbl.sorbs.net 81.19.66.30 not listed in relays.ordb.org. 81.19.66.30 not listed in accredit.habeas.com 81.19.66.30 not listed in plus.bondedsender.org 81.19.66.30 not listed in iadb.isipp.com Finding links in message body Parsing text part no links found Reports regarding this spam have already been sent: Reportid: 1651356366 To: cancelled@devnull.spamcop.net If reported today, reports would be sent to: Re: 81.19.66.30 (Administrator of network where email originates) denis@rambler-co.ru csa@rambler-co.ru Re: 81.19.66.30 (Third party interested in email source) Where is real IP addres message was sent from? (193.219.52.43) Sorry for not giving report url, as it has real email adresses, probably spammers harvests them from there "Petzl" wrote in news:dsb6td$b6l$1@news.spamcop.net: > > "Bert Pittman" wrote in message > news:dsb42s$8sd$1@news.spamcop.net... >> Rootsweb is a total free genealogy site so I don't understand why >> they would be >> spamming anyone. Give me some details about their abuse and I will >> take it up >> with their support staff. >> Thanks. >> >> Bert >> > The last 3 there are many more > all reports sent to > fraud [AT] myfamilyinc com > ******* > Submitted: Thursday, 2 February 2006 2:05:28 PM +1100: > [UpFront: NGS] UpFront with NGS - Volume 5, Number 2 - 1st February > 2006 > > Submitted: Monday, 30 January 2006 5:23:11 AM +1100: > [HESSE] Re: Latin meaning of cerevisia and vexillifri > > Submitted: Monday, 23 January 2006 12:58:09 AM +1100: > {not a subscriber} Morgage ratesLowered > ****** > 66.43.27.41 is a email server (off line?) > http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=66.43.2 > 7.41 > > If an email server is competently set-up SpamCop's SCBL will only list > the *computer* sending the spam > > That is only after SpamCop has tried to notify the email address given > for the operator of that IP > > Example of a properly configured computer > http://www.spamcop.net/sc?id=z871249632zae6106dbbd2b364ca8a481fc16532d2 > az > > you will see that SpamCop identified NO email servers just the IP > <203.134.9.119> of my computer that sent the above example to hotmail > http://www.geobytes.com/IpLocator.htm you can go here and put/replace > that IP in the box and see the country,city, suburb that IP belongs to > > If ANYONE is listed by SpamCop's SCBL it means they have a problem > they should fix and need to fix. SpamCop would have made an attempt to > tell them so > > Petzl > > > > > From gfdsfgh.nospam.- at _nomail_pfi.lt_bvcm Wed Feb 8 07:34:10 2006 From: gfdsfgh.nospam.- at _nomail_pfi.lt_bvcm (Mindaugas) Date: Wed Feb 8 02:35:02 2006 Subject: [SpamCop-List] Re: Gateway Timeout Bug? References: Message-ID: Same problem happens probably several months, however today it happens with every submission, earlier it happened from time to time. eddie wrote in news:ds8uci$ste$1@news.spamcop.net: > I just made a submission and received the dreaded Gateway Timeout > message. Hitting the backbutton on the browser, I get a page that > seems to indicate that I can no longer submit the spam. > I resubmitted it by pasting the message into the window and got > another gateway timeout. > However, I looked at my Recent Reports and find both submissions > logged in. So what do I believe? Did the report really get sent? Or > did it just get logged as if it were sent but really wasn't? > This has happened before when I got the gateway timout error but I > never realized that it might be a bug and that the report was never > really sent. > From vogt at spamcop.net Wed Feb 8 17:20:36 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Wed Feb 8 03:25:04 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists In-Reply-To: References: Message-ID: Mindaugas wrote: > Now example of Spamcop malfunction of test mail from well configured It is not malfunctioning. It is the way it works. And it does say so in the report: > Received: from mxb.rambler.ru (mxb.rambler.ru [81.19.66.30]) > by spi.pfi.lt (8.12.10/8.12.10) with ESMTP id k18798HY032466 > for ; Wed, 8 Feb 2006 09:09:08 +0200 > Received: from rambler.ru (mail13.rambler.ru [81.19.71.15]) > by mxb.rambler.ru (Postfix) with ESMTP id 60B8632698 > for ; Wed, 8 Feb 2006 10:09:13 +0300 (MSK) > Received: from [193.219.52.43] (account %$$$@&^&$$%@rambler.ru) > by mail13.rambler.ru (CommuniGate Pro WebUser 4.2.10) > with HTTP id 15600637 for x; Wed, 08 Feb 2006 10:08:10 +0300 >... > It is seen that real IP address is: 193.219.52.43 > > 1: Received: from rambler.ru (mail13.rambler.ru [81.19.71.15]) by > mxb.rambler.ru (Postfix) with ESMTP id 60B8632698 for ; Wed, 8 Feb 2006 > 10:09:13 +0300 (MSK) > Hostname verified: mail13.rambler.ru > > Possible forgery. Supposed receiving system not associated with any of your > mailhosts > Will not trust anything beyond this header There you are. Spamcop does not recognize this server. So what should it do? Just trust it? The problem is that any spammer can add any Received line it wants to to an email. The mail above could have a fourth Received line that was fully faked by the spammer. Mail servers usually do not touch any Received lines already in the email because how should they know? A spammer could just add a line that 193.219.52.43 received the email from 1.2.3.4. And another line that 1.2.3.4 received it from 4.5.6.7. If _you_ would see those header you wouldn't know either which of them is correct and which of them are faked. How should Spamcop? So the problem is: you have a chain of Received lines pointer to various IP addresses and mail servers. Spamcop just tries to find the point up to which it knows about the servers in the chain which are in the mailhosts list. The last known server is trusted. Anything beyond that is not because Spamcop has no mean to know. The spam could originate from the IP address that goes into the trusted server. The spam could go through several hops before. It is impossible for Spamcop to know. Gerald From / at /.cn Wed Feb 8 19:31:21 2006 From: / at /.cn (Petzl) Date: Wed Feb 8 03:35:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: "Mindaugas" wrote in message news:dsc6kk$tip$1@news.spamcop.net... > > It is seen that real IP address is: 193.219.52.43 > > And parsing results: > If reported today, reports would be sent to: > Re: 81.19.66.30 (Administrator of network where email originates) > > denis@rambler-co.ru > csa@rambler-co.ru > > Re: 81.19.66.30 (Third party interested in email source) > > > Where is real IP addres message was sent from? (193.219.52.43) > Sorry for not giving report url, as it has real email adresses, probably > spammers harvests them from there I make the spam coming from Vilnius in Latvia 193.219.52.43 but I do see that email server as one I would use or like to get email from, why is 81.19.66.30 not coming up as a email host if it is a properly configured server? Have you registerd your email hosts (which is the problem) From nospam.nospam.- at _nomail_pfi.lt_bvcm Wed Feb 8 08:38:32 2006 From: nospam.nospam.- at _nomail_pfi.lt_bvcm (Mindaugas) Date: Wed Feb 8 03:40:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: Really I tested free webmail service from www.rambler.ru, it shows IP address from which I sent test message (193.219.52.43) in headers, but due to mailhost parsing, Spamcop reports not the true sender (193.219.52.43), but webmail SMTP server (81.19.66.30), so this shows some problems with mailhost filtering. "Petzl" wrote in news:dsca90$f7$1@news.spamcop.net: > > "Mindaugas" wrote in message > news:dsc6kk$tip$1@news.spamcop.net... >> >> It is seen that real IP address is: 193.219.52.43 >> >> And parsing results: >> If reported today, reports would be sent to: >> Re: 81.19.66.30 (Administrator of network where email originates) >> >> denis@rambler-co.ru >> csa@rambler-co.ru >> >> Re: 81.19.66.30 (Third party interested in email source) >> >> >> Where is real IP addres message was sent from? (193.219.52.43) >> Sorry for not giving report url, as it has real email adresses, >> probably spammers harvests them from there > > I make the spam coming from Vilnius in Latvia 193.219.52.43 > > but I do see that email server as one I would use or like to get email > from, why is 81.19.66.30 not coming up as a email host if it is a > properly configured server? Have you registerd your email hosts (which > is the problem) > > From spam.nospam.- at _nomail_pfi.lt_bvcm Wed Feb 8 08:44:52 2006 From: spam.nospam.- at _nomail_pfi.lt_bvcm (Mindaugas) Date: Wed Feb 8 03:45:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: BTW, rambler.ru is not in my mailhosts lists and cannot be, but this (probably) means, that any webmail server will be reported by any spamcop user that has mailhosts enabled. Mindaugas wrote in news:dscam8$f8$1@news.spamcop.net: > Really I tested free webmail service from www.rambler.ru, it shows IP > address from which I sent test message (193.219.52.43) in headers, but > due to mailhost parsing, Spamcop reports not the true sender > (193.219.52.43), but webmail SMTP server (81.19.66.30), so this shows > some problems with mailhost filtering. > > "Petzl" wrote in news:dsca90$f7$1@news.spamcop.net: > >> >> "Mindaugas" wrote in message >> news:dsc6kk$tip$1@news.spamcop.net... >>> >>> It is seen that real IP address is: 193.219.52.43 >>> >>> And parsing results: >>> If reported today, reports would be sent to: >>> Re: 81.19.66.30 (Administrator of network where email originates) >>> >>> denis@rambler-co.ru >>> csa@rambler-co.ru >>> >>> Re: 81.19.66.30 (Third party interested in email source) >>> >>> >>> Where is real IP addres message was sent from? (193.219.52.43) >>> Sorry for not giving report url, as it has real email adresses, >>> probably spammers harvests them from there >> >> I make the spam coming from Vilnius in Latvia 193.219.52.43 >> >> but I do see that email server as one I would use or like to get >> email from, why is 81.19.66.30 not coming up as a email host if it is >> a properly configured server? Have you registerd your email hosts >> (which is the problem) >> >> > > From / at /.cn Wed Feb 8 21:25:11 2006 From: / at /.cn (Petzl) Date: Wed Feb 8 05:30:13 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: "Mindaugas" wrote in message news:dscam8$f8$1@news.spamcop.net... > Really I tested free webmail service from www.rambler.ru, it shows IP > address from which I sent test message (193.219.52.43) in headers, but due > to mailhost parsing, Spamcop reports not the true sender (193.219.52.43), > but webmail SMTP server (81.19.66.30), so this shows some problems with > mailhost filtering. > If you cannot or wont enable Mailhosts I don't see your point? Have you put the email address through SpamCops mailhost program? If rambler have set-up right SpamCop will acknowledge the mail servers I use hotmail and spamcop has their server because hotmail is one of the few free services that do have their set-up correct (It's not rocket science) Petzl From nobody at nowhere.invalid Wed Feb 8 12:58:15 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 8 07:00:09 2006 Subject: [SpamCop-List] Re: GMail Account Compromised References: <01c62c02$655eb4a0$LocalHost@default> Message-ID: On Tue, 7 Feb 2006 23:10:02 +0000 (UTC), Michael R N Dolbear coughed into spamcop and left this in <01c62c02$655eb4a0$LocalHost@default>: > Have you any evidence of this ? > > ie, if mark.weber4095 and mark.weber314159 both exist, have you ever > seen anyone trying some or all of the numbers in between ? Google for "dictionary attack". -- Steve From nobody at devnull.spamcop.net Wed Feb 8 07:46:40 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Feb 8 08:50:03 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: "Pop" wrote in message news:dsbdis$f8s$1@news.spamcop.net... > > With all due respect to Wazoo and > predecessors, I've probably learned many magnitudes more from > reading this sort of thread than from wading through all the > FAQs. Somehow, it has more relevance for me this way. The only issue I see in this is the lack of closing the loop, chiming in and making the FAQ better. From bar_n0ne at hotmail.com Wed Feb 8 09:48:06 2006 From: bar_n0ne at hotmail.com (Berny) Date: Wed Feb 8 10:50:02 2006 Subject: [SpamCop-List] colohostinginc.com - Spammer owned Domain? Message-ID: These asswipes have been spamming me with various sites for hookups/porn etc. Always landing at the same IP and reporst go to postmaster@colohostinginc.com the town name and postal code look pretty bogus for GB, i think UK postals are ABC XYZ , 6 characters Registrant: Colo Hosting Inc Box 143 Y Felinheli, Y Felinheli LL56 4WQ GB Domain name: COLOHOSTINGINC.COM Administrative Contact: Administrator, Domain *****@colohostinginc.com Box 143 Y Felinheli, Y Felinheli LL56 4WQ GB +44 7005-805-375 Fax: +44 7005-805-375 Technical Contact: Administrator, Domain *****@colohostinginc.com Box 143 Y Felinheli, Y Felinheli LL56 4WQ GB +44 7005-805-375 Fax: +44 7005-805-375 Registrar of Record: TUCOWS, INC. Record last updated on 05-May-2005. Record expires on 10-May-2006. Record created on 10-May-2004. Domain servers in listed order: NS0.COLOHOSTINGINC.COM 193.28.182.10 NS1.COLOHOSTINGINC.COM 193.28.182.11 Domain status: ACTIVE Location: Netherlands [City: Seattle, Washington] Huh? % This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-20050331.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Information related to '193.28.182.0 - 193.28.182.255' inetnum: 193.28.182.0 - 193.28.182.255 netname: UK-COLOHOST descr: Colo Hosting Inc network and hosting facilities country: GB org: ORG-CHI1-RIPE admin-c: CHAD1-RIPE tech-c: CHAD1-RIPE status: ASSIGNED PI notify: *******@colohostinginc.com mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-COLOHOST mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-COLOHOST mnt-domains: MNT-COLOHOST changed: **********@ripe.net 20040730 source: RIPE organisation: ORG-CHI1-RIPE org-name: Colo Hosting Inc org-type: NON-REGISTRY address: Box 143 address: Y Felinheli address: LL56 4WQ address: UK phone: +44 7005-805-375 e-mail: *******@colohostinginc.com admin-c: CHAD1-RIPE tech-c: CHAD1-RIPE ref-nfy: *******@colohostinginc.com mnt-ref: MNT-COLOHOST mnt-by: MNT-COLOHOST changed: *******@colohostinginc.com 20041116 source: RIPE role: Colo Hosting Admin address: Colo Hosting Inc. address: Box 143 address: Y Felinheli address: UK phone: +44 7005-805-375 e-mail: *******@colohostinginc.com admin-c: CHJM1-RIPE tech-c: CHJM1-RIPE nic-hdl: CHAD1-RIPE notify: *******@colohostinginc.com mnt-by: MNT-COLOHOST changed: *******@colohostinginc.com 20041116 source: RIPE From h9vzc2i02 at sneakemail.com Wed Feb 8 07:56:21 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Wed Feb 8 10:55:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Anonymous Coward" wrote in message news:dscdgq$1d1$1@news.spamcop.net... > > > Anon_ wrote: > > > >M J Nelson wrote... > > (BTW, is there any advantage to using nobody@devnull.spamcop.net > instead of nobody@spamcop.net?) > > >> Do they execute you if you go over? What is the consequence of > >> going over? > >> Mary > > > >*** > > > >The consequences of going over are pretty drastic - they freeze your account > >until the next month resets your 'count' to zero and you are back in > >business till you go over again. All mail is bounced - If one of the bounced > >e-mails is an SC parser response - your SC account is closed - bad news. > > > >Considering that spam or large legitimate e-mail could push you over the > >limit - as the OP said, he cannot take that chance. > > > >You DO get a warning when your account reaches 80% of the limit, so you can, > >at least, control your outgoing mail. > > > >For instance, I had been sending my SC submittals via sneakemail, as well as > >receiving the parser responses - I quickly found that my submittals were > >using too much of my allowed traffic. Now that I just have the parser > >responses going through sneakemail, I have been able to stay under the limit > >(except for last month, where my account was frozen for the last three or > >four days of the month. Too much spam did it. > > Just to make sure I got this straight, it's only too much *outgoing* > email that causes the freeze, right? In other words, too much spam > can only cause a freeze if I turn the incoming mail into outgoing > mail by reporting it? ** No. ALL traffic is counted both incoming and outgoing. Three things broke the back on bandwidth: My spam submittals to SC, their responses, and mainly spam that I received (I finally temporarily disabled the offending sneakemail address that was receiving the spam.) Actually, I use sneakemail as a filter for spam, when I receive too much spam on one of the addresses, I delete that address and if necessary, create a new sneakemail address for the same contact (repeat as necessary) for example, some contacts (merchants) will continue to send advertising e-mails after a purchase without permission (I kill that sneakemail address and use another for the next purchase.) -- A SpamCop user and forum reader, Not Admin *** > > I sure wouldn't want a situation where a spammer could freeze my > sneakemail account just by spamming me... > > From nobody at devnull.spamcop.net Wed Feb 8 11:03:55 2006 From: nobody at devnull.spamcop.net (Pop) Date: Wed Feb 8 11:05:03 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: "WazoO" wrote in message news:dscso0$k3p$1@news.spamcop.net... : "Pop" wrote in message : news:dsbdis$f8s$1@news.spamcop.net... : > : > With all due respect to Wazoo and : > predecessors, I've probably learned many magnitudes more from : > reading this sort of thread than from wading through all the : > FAQs. Somehow, it has more relevance for me this way. : : The only issue I see in this is the lack of closing the loop, : chiming in and making the FAQ better. : : I usderstand about lack of closing the loop, but, chiming in and making the FAQ better? What do you mean? For me, ti's just the opposite, I think. The discussions make things more understandable in the FAQs because I managed to gain some vicarious experience that relates the the FAQ's content. It's like anecdotal evicence. Pop From usenet at okean.invalid Wed Feb 8 08:32:37 2006 From: usenet at okean.invalid (Michael Wise) Date: Wed Feb 8 11:35:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: In article , "Petzl" wrote: > > It is seen that real IP address is: 193.219.52.43 > > > > And parsing results: > > If reported today, reports would be sent to: > > Re: 81.19.66.30 (Administrator of network where email originates) > > > > denis@rambler-co.ru > > csa@rambler-co.ru > > > > Re: 81.19.66.30 (Third party interested in email source) > > > > > > Where is real IP addres message was sent from? (193.219.52.43) > > Sorry for not giving report url, as it has real email adresses, probably > > spammers harvests them from there > > I make the spam coming from Vilnius in Latvia 193.219.52.43 Vilnius is in Lithuania; not Latvia. --Mike From dont_spam at thecow.me.uk Wed Feb 8 16:40:10 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Wed Feb 8 11:50:03 2006 Subject: [SpamCop-List] Re: colohostinginc.com - Spammer owned Domain? References: Message-ID: Berny wrote >These asswipes have been spamming me with various sites for hookups/porn >etc. > >Always landing at the same IP and reporst go to >postmaster@colohostinginc.com > >the town name and postal code look pretty bogus for GB, Welsh. > i think UK postals >are ABC XYZ , 6 characters Typically: AB12 12AB, 8chrs. Although a leading zero is silent and other variations, particularly in a large town or city with a prehistory of local postal areas, are not unknown. The House of Commons for example is SW1A 0AA >Registrant: > Colo Hosting Inc > Box 143 > Y Felinheli, Y Felinheli LL56 4WQ > GB The post code is in the right format and multimap[1] suggests it may be kosher [1] http://www.multimap.com/map/browse.cgi?lat=53.1851&lon=-4.1947&scale =25000&icon=x -- steve auvache still in search of The Perfect Date. From tmcgraw at spamcop.net Wed Feb 8 08:56:48 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Feb 8 12:00:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains In-Reply-To: References: Message-ID: LawAdmin wrote: > > > > It seems that in your desire to be obnoxious it never occurred to you that > several domains might be sharing a single server which has one IP address. > Thus if one accountholder has a script that was a problem for a few hours > and you guys overreact, every domain on that server is hosed. This is what > happened. 1. TINW 2. Translation: because your ISP is incompetent, I should shut up and eat the tripe it is spewing to my mailboxes. > People actually use email to send contracts, term sheets and many > other items which they think will be delivered on a timely basis. As Pop already pointed out, anyone with a lick of sense - and ESPECIALLY people who work in the legal field - knows that email is NOT a reliable NOR secure method of delivery. > Evidently I got it right. This is a list where nobody wants to perform a > whit of work to make it a useful service. It got your attention when your ISP's mail server abused the Internet, so it is working exactly as designed. From bar_n0ne at hotmail.com Wed Feb 8 11:54:10 2006 From: bar_n0ne at hotmail.com (Berny) Date: Wed Feb 8 12:55:02 2006 Subject: [SpamCop-List] Re: colohostinginc.com - Spammer owned Domain? References: Message-ID: "steve auvache" wrote in message news:w4JOEPBq7h6DFwTm@thecow.me.uk... SNIP > Welsh. SNIP > steve auvache ----> still in search of The Perfect Date. hmmm..., maybe I should forward these spams to you, that's what many of them claim to offer. :) From nobody at spamcop.net Wed Feb 8 13:04:15 2006 From: nobody at spamcop.net (Ellen) Date: Wed Feb 8 13:20:07 2006 Subject: [SpamCop-List] Possible slow reponse to spam submittals Message-ID: You may encounter slow responses to spam submittals. We had some system problems overnight which have resulted in the system needing to work thru some largish backlogs. Operations and engineering are closely monitoring the situation. Thanks for your patience Ellen SpamCop f/ups set to spamcop From nobody at nowhere.not Wed Feb 8 18:45:20 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed Feb 8 13:50:02 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: On Wed, 8 Feb 2006 08:38:32 UTC, Mindaugas wrote: > Really I tested free webmail service from www.rambler.ru, it shows IP > address from which I sent test message (193.219.52.43) in headers, but due > to mailhost parsing, Spamcop reports not the true sender (193.219.52.43), > but webmail SMTP server (81.19.66.30), so this shows some problems with > mailhost filtering. If you use rambler.ru as an email service you can configure them into your mailhosts. I get email from my ISP and two other servers and have them all in my mailhosts. -- Robert Blair From none at invalid.tld Wed Feb 8 19:09:28 2006 From: none at invalid.tld (JK) Date: Wed Feb 8 14:10:03 2006 Subject: [SpamCop-List] I forgot how much spam I really get... Message-ID: I finally got round to adding some fuel to spamcop last night, so just for laughs I though I would turn off spamassassin and report *all* my spam for a change, not just the ones that slip through the "drop spam on the floor" filtering. [1] Wow, what was I thinking... :-D Usage Estimates On Wed, 08 Feb 2006 01:41:13 +0000 you had 15.7M bytes. Now ( Wed, Feb 08 2006 18:30:29 +0000 ), you have 14.9M bytes. Average Usage Rate: 12.46 bytes/second (754006/60513) Monthly Charge: 32.3M bytes/month $32.30/month Yearly Charge: 392.7M bytes/year $392.68/year Yikes! Guess spamassassin will be turned back on pretty soon, lol. Slightly more seriously: My spam received count for 2005 was 20% up on 2004, and going by the numbers for January this year isn't looking any better. What was the FTC saying again? [2] [1] Using POP3 to fetch mail for this account, so I can't reject anything or *I* would be a backscatter spam source myself. [2] Not in the US so not directly affected by u-CAN-SPAM. -- JK From Nobody at SpamCop.devnull.diespammerdie.net Wed Feb 8 13:52:17 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Wed Feb 8 14:55:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: <43EA4BF1.620EB1D9@SpamCop.devnull.diespammerdie.net> Possum Trot wrote: > > > What I meant was that they should charge 1/4 to 1 dollar, not 1/4 to 1 cent > cent per spam. They'll argue the trash is not spam, but it's spam if I say > it is and it will all get reported. Notice that Experian was one of the first to sign up? The linked story described them as a credit-reporting company.......and they're a *mailing-list* company and a major source of junk-mailing lists at that. This is the junk-mailers lining up to be sold the AOL and Yahoo! e-mail accountholders, as AOL and Yahoo! answer the call of their stockholders and the financial community to "monetize their asset" -- their subscriber base. This is why the DMA bought themselves a Louisiana congressman, to put their CAN_SPAM definition of "not-spam (it's ours)" into U.S. law. You *did* sign up for all this junk mail in your Yahoo! account, didn't you.....? What, you didn't re-check your preferences after we HAD to reset them all to default ("send me EVERYTHING from EVERYBODY") when we had that big server upgrade......you didn't hear about it? Oh, sorry (hahahahahaaaa!). CHA-CHINNNNGGG! CAN_SPAM pays off..... And here's a thought. What if Leo and the boys decide to pay up, to be among the first in line to pay for spamming -- ahem, "marketing" -- privileges? What if Leo and the boys decide to go "legit" opt-out IAW the DMA's CAN_SPAM provisions? How do you say then, that their spew is spam? And how do you stay out of jail, for trying to impede their spew? It's a paid-for service after all. Money has changed hands! Good faith is involved now, Leo and Ruslan and Alexey have bought access to your account in *good faith* and *paid money*. How do you shut them off now? How dare you run that client-side filter! Felon! Renegade! Oldthinker! Just doing a little envisioning here.....here comes the Old Money, to collect our topknots and sell us down the river. JMO, Michael From nobody at spamcop.net Wed Feb 8 12:03:52 2006 From: nobody at spamcop.net (N. Miller) Date: Wed Feb 8 15:05:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: <1qkyry74omtmn$.dlg@news.spamcop.net> On Wed, 8 Feb 2006 08:44:52 +0000 (UTC), Mindaugas wrote: > Mindaugas wrote in > news:dscam8$f8$1@news.spamcop.net: >> Really I tested free webmail service from www.rambler.ru, it shows IP >> address from which I sent test message (193.219.52.43) in headers, but >> due to mailhost parsing, Spamcop reports not the true sender >> (193.219.52.43), but webmail SMTP server (81.19.66.30), so this shows >> some problems with mailhost filtering. > BTW, rambler.ru is not in my mailhosts lists and cannot be, but this > (probably) means, that any webmail server will be reported by any spamcop > user that has mailhosts enabled. I have no trouble with webmail servers and mailhosts; as long as I have sent the mailhosts test message through the webmail servers to establish the chain. If you are receiving normal email through rambler.ru, how can it not be in your mailhosts list? -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From n4jwyfo02 at sneakemail.com Wed Feb 8 20:36:20 2006 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Wed Feb 8 15:40:02 2006 Subject: [SpamCop-List] Re: colohostinginc.com - Spammer owned Domain? In-Reply-To: References: Message-ID: Berny wrote: > These asswipes have been spamming me with various sites for hookups/porn > etc. > > Always landing at the same IP and reporst go to > postmaster@colohostinginc.com > > the town name and postal code look pretty bogus for GB, i think UK postals > are ABC XYZ , 6 characters > > Registrant: > Colo Hosting Inc > Box 143 > Y Felinheli, Y Felinheli LL56 4WQ > GB I don't know (but Google probably will!) if the place name exists, but as the previous poster said it looks Welsh... and LL postcodes are in the Llandudno area so it all fits. The one thing that looks bogus to me is the "Inc" bit - it should be Ltd. for a UK company. From nobody at spamcop.net Wed Feb 8 13:03:51 2006 From: nobody at spamcop.net (N. Miller) Date: Wed Feb 8 16:05:03 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: On Wed, 8 Feb 2006 13:04:15 -0500, Ellen wrote: > You may encounter slow responses to spam submittals. We had some system > problems overnight which have resulted in the system needing to work thru > some largish backlogs. Operations and engineering are closely monitoring the > situation. Thanks for your patience In the last 12 hours I have dumped 21 reports. I just don't have the patience to work through this drag. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From none at invalid.tld Wed Feb 8 21:21:32 2006 From: none at invalid.tld (JK) Date: Wed Feb 8 16:25:05 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: N. Miller wrote: > On Wed, 8 Feb 2006 13:04:15 -0500, Ellen wrote: > >> You may encounter slow responses to spam submittals. We had some system >> problems overnight which have resulted in the system needing to work thru >> some largish backlogs. Operations and engineering are closely monitoring >> the situation. Thanks for your patience > > In the last 12 hours I have dumped 21 reports. I just don't have the > patience to work through this drag. > I did have some problems last night, but I've done 247 today with no problems at all. I know it's a strange way to spend my day off but I haven't really been reporting enough spam lately. -- JK From munged at nomorespamithurts.com Wed Feb 8 21:49:17 2006 From: munged at nomorespamithurts.com (KD) Date: Wed Feb 8 16:50:02 2006 Subject: [SpamCop-List] Re: My spam is gone. References: Message-ID: "schmide" wrote in message news:ds8kko$m5u$1@news.spamcop.net... >I used to get about 200 spams a day. As of Saturday I get like 20. Its >freaking odd to check the held mail and see no new messages. I wonder how I >got whitelisted. > > Schmide Has your ISP implemented an anti-spam policy ? I thought my spamload had dropped to nought a couple of months ago but it turned out to be my ISP who had suddenly started deleting emails they thought of as spam; without asking. I have to admit though that I've not spotted an incorrectly marked email yet - they alter the header. Keith From rathernot at nono.net Wed Feb 8 18:18:31 2006 From: rathernot at nono.net (Freewheeling) Date: Wed Feb 8 18:20:03 2006 Subject: [SpamCop-List] Starting to get annoyed. Message-ID: I've whitelisted an academic listserve I've subscribed to for four months, but Spamcop continues to send its emails to "Held Mail." It only just started doing this extensively, but has been accepting that list email with no problems for months. What the deuce is the problem? I'm also more than a little annoyed by the fact that 75% of my email is now spam. Isn't spamcop supposed to help with this, and why aren't they effective? I renewed the service recently, but it was probably wasted money given the low level of service and the frequent problems (such as those misidentified posts to the academic list). Seriously, how many times do I have to whitelist a sender for it to take? Is anyone at Spamcop awake? If things don't change this will be the last time I re-up with Spamcop. They're just not coming through. From / at /.cn Thu Feb 9 10:25:14 2006 From: / at /.cn (Petzl) Date: Wed Feb 8 18:30:03 2006 Subject: [SpamCop-List] Re: spamcop is cause me to bounce of rootsweb mailing lists References: Message-ID: "Michael Wise" wrote in message news:usenet-5C24CC.08323708022006@news.cesmail.net... > In article , "Petzl" wrote: [S] >> I make the spam coming from Vilnius in Latvia 193.219.52.43 > > Vilnius is in Lithuania; not Latvia. Opps http://www.geobytes.com/IpLocator.htm?GetLocation It even said Lithuania From MikeE at ster.invalid Wed Feb 8 15:40:55 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 8 18:45:02 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: Posted to spamcop & spamcop.mail; followups to .mail Freewheeling wrote: > I've whitelisted an academic listserve I've subscribed to for four > months, but Spamcop continues to send its emails to "Held Mail." - the spamcop ng is for general SC discussion, as opposed to the ng spamcop.mail which is for discussing SC mail accounts and problems - personally, I don't have any experience with a spamcop mail account, but I read the faq and the forum and the ng spamcop.mail - sometimes listservs are tricky to whitelist. It is my understanding that SC checks the headers for Return-Path, From, and Sender for whitelisted entries - there is also a faq page about how the entries work here http://www.spamcop.net/fom-serve/cache/304.html Some examples of whitelist and blacklist matching > It > only just started doing this extensively, but has been accepting that > list email with no problems for months. What the deuce is the > problem? Discussing a problem with heldmail is best done by discussing the particular SC Xlines which show why it was held. > I'm also more than a little annoyed by the fact that 75% of my email > is now spam. Isn't spamcop supposed to help with this, and why > aren't they effective? IMO SC spam reporting very very seldom does anything to prevent future spam. The strength of good filtering systems is to prevent spam being in the inbox and to prevent any goodmail from being in the spam. Those of us who advocate reporting may report sources thru' SC so as to contribute to the SC blocklist to aid in future filtering. Those who like to notify spamveriders - spamvertiser providers - would like to believe that might help squash some websites if a white hat provider were involved, and that it contributes to the sc-surbl blocklist. There's not much about the reporting of today's spam which actually causes the securing of spamsources or the dropping of websites, so the reporting doesn't actually lead to less spam in the combined inbox and heldmail -- just an aid in the filtering process if you are using the SC blocklist as one of your filtering aids. > I renewed the service recently, but it was > probably wasted money given the low level of service and the frequent > problems (such as those misidentified posts to the academic list). I think it is very very bad if goodmail gets put in with spam. That flaw in the configuration [likely] or execution [unlikely] should certainly be corrected. > Seriously, how many times do I have to whitelist a sender for it to > take? Is anyone at Spamcop awake? My first guess would be that there is something wrong with the/your whitelisting configuration. > If things don't change this will be the last time I re-up with > Spamcop. They're just not coming through. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Feb 8 16:54:02 2006 From: nobody at spamcop.net (Ellen) Date: Wed Feb 8 19:25:03 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: "N. Miller" wrote in message news:vz9qckd8uqbl$.dlg@news.spamcop.net... > On Wed, 8 Feb 2006 13:04:15 -0500, Ellen wrote: > > > You may encounter slow responses to spam submittals. We had some system > > problems overnight which have resulted in the system needing to work thru > > some largish backlogs. Operations and engineering are closely monitoring the > > situation. Thanks for your patience > > In the last 12 hours I have dumped 21 reports. I just don't have the > patience to work through this drag. > That's fine -- just do what makes sense for you in the time that you have for reporting spam. If you have to dump reports or spam then while we hate to lose it, we certainly understand that the system backlog creates problems for people. Ellen SpamCop From nomail at devnull.spamcop.net Wed Feb 8 16:42:16 2006 From: nomail at devnull.spamcop.net (schmide) Date: Wed Feb 8 19:45:02 2006 Subject: [SpamCop-List] Re: My spam is gone. In-Reply-To: References: Message-ID: KD wrote: > "schmide" wrote in message > news:ds8kko$m5u$1@news.spamcop.net... >> I used to get about 200 spams a day. As of Saturday I get like 20. Its >> freaking odd to check the held mail and see no new messages. I wonder how I >> got whitelisted. >> >> Schmide > > Has your ISP implemented an anti-spam policy ? I thought my spamload had > dropped to nought a couple of months ago but it turned out to be my ISP who > had suddenly started deleting emails they thought of as spam; without > asking. I have to admit though that I've not spotted an incorrectly marked > email yet - they alter the header. > > Keith > > Nope no new filters and I got that disabled anyways. Looks like some king spammer found out I was a spamcop client. From nospam at domain.invalid Thu Feb 9 01:05:50 2006 From: nospam at domain.invalid (Paul White) Date: Wed Feb 8 20:10:02 2006 Subject: [SpamCop-List] Re: I forgot how much spam I really get... References: Message-ID: On Wed, 08 Feb 2006 19:09:28 +0000, JK wrote: > Average Usage Rate: 12.46 bytes/second (754006/60513) > Monthly Charge: 32.3M bytes/month $32.30/month > Yearly Charge: 392.7M bytes/year $392.68/year Why not sign-up for a SpamCop mail account? Unlimited spam reporting for just $30 a year and you don't actually have to use the mail account if you don't want to. -- Paul White From tmcgraw at spamcop.net Wed Feb 8 17:23:03 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Feb 8 20:25:02 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: References: Message-ID: Freewheeling wrote: > I've whitelisted an academic listserve I've subscribed to for four > months, but Spamcop continues to send its emails to "Held Mail." It > only just started doing this extensively, but has been accepting that > list email with no problems for months. What the deuce is the problem? You're talking about a mailing list. FYI, Listserv (no 'e') is a trademark for a particular brand. Some automated email lists create headers as if it were a forwarding server - therefore, every person who posts from a "home" address that might land in a blocklist get stuck in Held Mail (which you should view frequently through the day). I have one list where posters continuously show up in Held Mail. But unlike Mike, who abhors getting "goodmail" held by a spam dam, I would rather clear these posts individually (usually not whitelisting sender) than deal with the spew that would inevitably come with it. A truly "academic" email list shouldn't have a problem. Though .edu-related IP#s do get listed, they are an anomaly. If your email list administrator is not putting something identifiable in the subject header - typically between brackets - to identify the source as their list, then they are not following best practices. Most email list operators can and will add this to the subject header when it's requested. > I'm also more than a little annoyed by the fact that 75% of my email is > now spam. Isn't spamcop supposed to help with this, and why aren't they > effective? Check your blocklists and uncheck DSBL open relays/list.dsbl.org > Seriously, how many times do I have to whitelist a sender for it to > take? Is anyone at Spamcop awake? What, do you think someone looks over your email before it's delivered or something? The process is automated. See first answer for most likely reason your whitelisting isn't working. From tmcgraw at spamcop.net Wed Feb 8 17:29:20 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Feb 8 20:30:03 2006 Subject: [SpamCop-List] Re: I could be wrong In-Reply-To: References: Message-ID: Fred K. wrote: > I see a number of complaints from various senders, including LawAdmin, > Islapiko and kiriakos kappa, complaining about SC > blocking them. Quite a few of them seem to be ignorant about the subject, > including "sysops". The majority never reply to requests for trackers/more > information. I think they maybe pranksters, using up peoples help resources. > I believe that is their intent. I have observed this phenom over the years and, like others, those who are really sincere in their misunderstandings don't bubble to the surface as quickly as you might expect. I do believe a small number of posts come in here designed to scare away potential users. Which is why it is important that anything that appears worthwhile receive an eventual response - to keep the search engine queries of the future honest, so to speak. From nobody at devnull.spamcop.net Wed Feb 8 19:45:08 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Feb 8 20:50:06 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Anonymous Coward" wrote in message news:dscdgq$1d1$1@news.spamcop.net... > > (BTW, is there any advantage to using nobody@devnull.spamcop.net > instead of nobody@spamcop.net?) Beyond making it look like you didn't bother to read the rules, guidelines, and tips offered for SpamCop.net users? The suggestion/request for the use of a specific address is on the very first Help page from the www.spamcop.net web page - Help link; http://www.spamcop.net/help.shtml (Please use "nobody@devnull.spamcop.net" if you use a fake address.) This is an ancient item/factoid, dating back three or four years, at least. From h9vzc2i02 at sneakemail.com Wed Feb 8 18:06:49 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Wed Feb 8 21:05:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "WazoO" wrote in message news:dse6r4$k98$1@news.spamcop.net... > "Anonymous Coward" wrote in message > news:dscdgq$1d1$1@news.spamcop.net... > > > > (BTW, is there any advantage to using nobody@devnull.spamcop.net > > instead of nobody@spamcop.net?) > > Beyond making it look like you didn't bother to read the > rules, guidelines, and tips offered for SpamCop.net users? > The suggestion/request for the use of a specific address is > on the very first Help page from the www.spamcop.net > web page - Help link; > http://www.spamcop.net/help.shtml *** This link just caused a circular loop. It linked to google which linked right back to this very link! How about an exact link to the appropriate FAQ? -- A SpamCop user and forum reader, Not Admin *** > (Please use "nobody@devnull.spamcop.net" if you use a fake address.) > > This is an ancient item/factoid, dating back three or four years, > at least. > > From vogt at spamcop.net Thu Feb 9 12:01:48 2006 From: vogt at spamcop.net (Gerald Vogt) Date: Wed Feb 8 22:05:05 2006 Subject: [SpamCop-List] Re: Try sneakemail.com In-Reply-To: References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: Anon_ wrote: > "WazoO" wrote in message > news:dse6r4$k98$1@news.spamcop.net... >> "Anonymous Coward" wrote in message >> news:dscdgq$1d1$1@news.spamcop.net... >>> (BTW, is there any advantage to using nobody@devnull.spamcop.net >>> instead of nobody@spamcop.net?) >> Beyond making it look like you didn't bother to read the >> rules, guidelines, and tips offered for SpamCop.net users? >> The suggestion/request for the use of a specific address is >> on the very first Help page from the www.spamcop.net >> web page - Help link; >> http://www.spamcop.net/help.shtml > > *** > This link just caused a circular loop. > > It linked to google which linked right back to this very link! > > How about an exact link to the appropriate FAQ? The link above is just a simple link to a static web page AFAICS. It does not link to google. Maybe your webbrowser is not working properly or you have some malware. Anyway, the link above is the exact link to the page where you find information about the email address. If you know google you may as well google for it. It will bring up the above link as first match. Gerald From nobody at devnull.spamcop.net Wed Feb 8 21:34:22 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Feb 8 22:35:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Anon_" wrote in message news:dse7uc$mdu$1@news.spamcop.net... > > "WazoO" wrote in message > news:dse6r4$k98$1@news.spamcop.net... > > > > The suggestion/request for the use of a specific address is > > on the very first Help page from the www.spamcop.net > > web page - Help link; > > http://www.spamcop.net/help.shtml > > This link just caused a circular loop. > > It linked to google which linked right back to this very link! > > How about an exact link to the appropriate FAQ? That is the "exact" link, copied from the page I was looking at when I verified that the data was still there. As I also stated, go to www.spamcop.net , hit the Help link ... you'll end up exactly where I pointed. From rathernot at nono.net Wed Feb 8 23:05:31 2006 From: rathernot at nono.net (Freewheeling) Date: Wed Feb 8 23:10:02 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: References: Message-ID: Tim McGraw wrote: > Freewheeling wrote: > >> I've whitelisted an academic listserve I've subscribed to for four >> months, but Spamcop continues to send its emails to "Held Mail." It >> only just started doing this extensively, but has been accepting that >> list email with no problems for months. What the deuce is the problem? > > > You're talking about a mailing list. FYI, Listserv (no 'e') is a > trademark for a particular brand. > > Some automated email lists create headers as if it were a forwarding > server - therefore, every person who posts from a "home" address that > might land in a blocklist get stuck in Held Mail (which you should view > frequently through the day). I have one list where posters continuously > show up in Held Mail. But unlike Mike, who abhors getting "goodmail" > held by a spam dam, I would rather clear these posts individually > (usually not whitelisting sender) than deal with the spew that would > inevitably come with it. > > A truly "academic" email list shouldn't have a problem. Though > .edu-related IP#s do get listed, they are an anomaly. > > If your email list administrator is not putting something identifiable > in the subject header - typically between brackets - to identify the > source as their list, then they are not following best practices. Most > email list operators can and will add this to the subject header when > it's requested. > >> I'm also more than a little annoyed by the fact that 75% of my email >> is now spam. Isn't spamcop supposed to help with this, and why aren't >> they effective? > > > Check your blocklists and uncheck DSBL open relays/list.dsbl.org > >> Seriously, how many times do I have to whitelist a sender for it to >> take? Is anyone at Spamcop awake? > > > What, do you think someone looks over your email before it's delivered > or something? > > The process is automated. See first answer for most likely reason your > whitelisting isn't working. Actually, the issue is that it DOESN'T WORK. Who cares whether it's automated or not? Is there an 800 number, or even a specific customer service email or number that I can contact? I really need to cancel my service... NOW! I'm basically "payin' fer nuthin'". How much clearer can it get? From MikeE at ster.invalid Wed Feb 8 21:13:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 9 00:15:04 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: Tim McGraw wrote: > I do believe a small number of posts come in here designed to scare > away potential users. Allegedly some Hanlon sed^1: Never attribute to malice that which is adequately explained by stupidity. Some background at the wiki ^2 - the jargon place^3 -- everything^4 ^2 http://en.wikiquote.org/wiki/Robert_J._Hanlon Hanlon's Razor ^3 http://www.jargon.net/jargonfile/h/HanlonsRazor.html Hanlon's Razor ^4 http://www.everything2.com/index.pl?node_id=67720 Hanlon's Razor -- Mike Easter kibitzer, not SC admin From verdy_p at wanadoo.fr Thu Feb 9 06:44:11 2006 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Thu Feb 9 00:45:03 2006 Subject: [SpamCop-List] Re: Yahoo and AOL Plan Would Charge Senders a Fee to Route E-Mail _ Around Spam Filters_ References: Message-ID: "Possum Trot" a écrit dans le message de news: ds83gm$anm$1@news.spamcop.net... > http://tinyurl.com/d3ht9 > > 1/4 to 1 cent? How about making that in dollars or Euros. Or 0.0025 EUR to 0.01 EUR What does it change? May be Yahoo and AOL could do the reverse: with your personal account, you have a limited weekly book of stamps. For sending more emails from the Yahoo account, you need to buy stamps online. To be allowed to send emails inany case, you must be authenticated. For almost all home usersthat send emails manually, they will have much enough stamps to use the service freely and reasonably. Above this threshold, users will need to go elsewhere (using aliases could be easily defeated by tracking the source IP of the sender, or by the confirmation email that is needed to verify the identity ofthe sender), or the emails would remain in the outgoing box. Users could still manage which email they feel is more urgent. Yahoo and AOL email creations would be also limited in time from the same IP or same alternate email address, with supplementary accounts being left on hold. At start, you would have fewer stamps, but the number of free stamps per week could increase with time with the number of past emails that were not rejected, and decreased with the rejected emails, or if a mailbox stays too long with too many received mails in the box. This would give bonus and more freedom for legitimate users, would reduce the load of their service, and mailboxes could then become larger. This would push out spammers currently using Yahoo or AOL to send email, so less spam originating from their network: there's a limit to the offered free service. And other ISPs would be much more happy (and easier to block with less collateral damages if they accept spammers in their system). Currently, the need to use filterscreatestoo many false positives and harms more the users of large ISPs justbecause they can host much more spammers and they canrelay their spew muchfaster before dectection and ousting, when the small ISPs or independant organizations can more easily tweak their filters and surveillance for the needs of their users. Another good thing is that this would greatly reduce the impact done by a single subscriber infected by a viral spamware: their email stamps would be exhausted immediately, theiroutgoing mailbox would be full of proofs of spam, and these users would need to take action to clean their PC, possibly using free cleaning tools provided by the ISP's assistance. From nobody at spamcop.net Wed Feb 8 22:41:50 2006 From: nobody at spamcop.net (Antispam Knight) Date: Thu Feb 9 01:45:03 2006 Subject: [SpamCop-List] Re: colohostinginc.com - Spammer owned Domain? References: Message-ID: "Aviatrix" wrote in message news:dsdko4$7oo$1@news.spamcop.net... > Berny wrote: > >> These asswipes have been spamming me with various sites for hookups/porn >> etc. >> >> Always landing at the same IP and reporst go to >> postmaster@colohostinginc.com >> >> the town name and postal code look pretty bogus for GB, i think UK >> postals >> are ABC XYZ , 6 characters >> >> Registrant: >> Colo Hosting Inc >> Box 143 >> Y Felinheli, Y Felinheli LL56 4WQ >> GB > > I don't know (but Google probably will!) if the place name exists, but > as the previous poster said it looks Welsh... and LL postcodes are in > the Llandudno area so it all fits. The one thing that looks bogus to me > is the "Inc" bit - it should be Ltd. for a UK company. Royalmail.com says the address/postal code is bogus. Has been reported to ICANN & registrar via http://wdprs.internic.net/. Probably wouldn't hurt if a few more people reported it. I also wonder why the websites are hosted at 193.28.182.80,193.28.182.85,193.28.182.87 none of which are listed in RADb. Is this a hijacked block? Tracert shows above.net to be the upstream. Can't find an AS for colohostinginc.com via RADb. Comments, anyone? AK From jkdfgh.nospam.- at _nomail_pfi.lt_bvcm Thu Feb 9 06:43:42 2006 From: jkdfgh.nospam.- at _nomail_pfi.lt_bvcm (Mindaugas) Date: Thu Feb 9 01:45:12 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: Really it seems to me, that in addition to current "transiently permanent" reporting problems, one very big additional slowdown of Spamcop reporting system is a DNS scan of web links, added by antiviruses or antispam tools (spf.pobox.com, bl.spamcop.net, etc.) It could be much simpler to whitelist by software these preliminary known websites (there are probably less than 30 of them) instead of doing time-consuming DNS scan on almost every spam message and later classifying them as "innocent bystander". Also, this may probably lower rate of not-parsed not-reported spamvertised websites, that are found qoite often. "Ellen" wrote in news:dse1uk$gof$1@news.spamcop.net: > > "N. Miller" wrote in message > news:vz9qckd8uqbl$.dlg@news.spamcop.net... >> On Wed, 8 Feb 2006 13:04:15 -0500, Ellen wrote: >> >> > You may encounter slow responses to spam submittals. We had some >> > system problems overnight which have resulted in the system needing >> > to work > thru >> > some largish backlogs. Operations and engineering are closely >> > monitoring > the >> > situation. Thanks for your patience >> >> In the last 12 hours I have dumped 21 reports. I just don't have the >> patience to work through this drag. >> > > > That's fine -- just do what makes sense for you in the time that you > have for reporting spam. If you have to dump reports or spam then > while we hate to lose it, we certainly understand that the system > backlog creates problems for people. > > > > Ellen > SpamCop > > > > From petzl at spamcop.net Thu Feb 9 17:55:14 2006 From: petzl at spamcop.net (petzl) Date: Thu Feb 9 02:00:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: "Freewheeling" wrote in message news:dsef2c$rfe$1@news.spamcop.net... > Actually, the issue is that it DOESN'T WORK. Who cares whether it's > automated or not? > > Is there an 800 number, or even a specific customer service email or > number that I can contact? I really need to cancel my service... NOW! I'm > basically "payin' fer nuthin'". How much clearer can it get? > Whitelisting works for me? http://www.spamcop.net/ces/contact.shtml you can cancel your Spam|Cop Email account here Petzl From none at invalid.tld Thu Feb 9 07:11:19 2006 From: none at invalid.tld (JK) Date: Thu Feb 9 02:15:03 2006 Subject: [SpamCop-List] Re: I forgot how much spam I really get... References: Message-ID: Paul White wrote: > On Wed, 08 Feb 2006 19:09:28 +0000, JK wrote: > >> Average Usage Rate: 12.46 bytes/second (754006/60513) >> Monthly Charge: 32.3M bytes/month $32.30/month >> Yearly Charge: 392.7M bytes/year $392.68/year > > Why not sign-up for a SpamCop mail account? Unlimited spam reporting > for just $30 a year and you don't actually have to use the mail > account if you don't want to. Now that is a thought. I never looked at that as I don't usually see much of the spam sent to me due to pretty good filters (the last 15 MB of fuel has lasted me about 2 years), but if there's no limit on how much spam can be reported that might be a way to go. Thanks for the suggestion. -- JK From nobody at nowhere.invalid Thu Feb 9 11:35:27 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Feb 9 05:40:19 2006 Subject: [SpamCop-List] Re: My spam is gone. References: Message-ID: On Wed, 08 Feb 2006 16:42:16 -0800, schmide coughed into spamcop and left this in : > Nope no new filters and I got that disabled anyways. Looks like some > king spammer found out I was a spamcop client. It has probably started sending your spam to me, judging by the results. I think I wouldn't be too far off-kilt if I said that I've had a sudden 3-fold increase in spam since Tuesday. -- Steve Individuals who make their abodes in vitreous edifices would be well advised to refrain from catapulting projectiles. From nobody at nowhere.invalid Thu Feb 9 11:37:20 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Feb 9 05:40:32 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: On Wed, 08 Feb 2006 18:18:31 -0500, Freewheeling coughed into spamcop and left this in : > I've whitelisted an academic listserve I've subscribed to for four > months, but Spamcop continues to send its emails to "Held Mail." It > only just started doing this extensively, but has been accepting that > list email with no problems for months. What the deuce is the problem? You've probably whitelisted the wrong address. Look at the headers of a message you receive through the list server and make a note of the "Return-Path:" header. Then take the domain part of that address and add it to your whitelist. -- Steve From / at /.cn Thu Feb 9 22:16:49 2006 From: / at /.cn (Petzl) Date: Thu Feb 9 06:20:04 2006 Subject: [SpamCop-List] SpamCop on Blink again? Message-ID: http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats Spam Quick reported over 2 hours ago still sitting there? Petzl From / at /.cn Thu Feb 9 22:20:59 2006 From: / at /.cn (Petzl) Date: Thu Feb 9 06:25:04 2006 Subject: [SpamCop-List] Re: SpamCop on Blink again? References: Message-ID: "Petzl" wrote in message news:dsf8bb$bhn$1@news.spamcop.net... > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats > > Spam Quick reported over 2 hours ago still sitting there? > > Petzl http://www.spamcop.net/spamgraph.shtml?spamstats here the stats graph Might be a maintenance issue? From nobody at devnull.spamcop.net Thu Feb 9 05:35:50 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 9 06:40:02 2006 Subject: [SpamCop-List] Re: SpamCop on Blink again? References: Message-ID: "Petzl" wrote in message news:dsf8bb$bhn$1@news.spamcop.net... > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats > > Spam Quick reported over 2 hours ago still sitting there? I can only state that I've never gotten anyone at IrornPort to offer any answers. The only details offered up from staff essentially are the acknowledgement that there was an outage. The outage yesterday was acknowledged something like 4 or 5 hours after the fact. Pointing out that this Forum graphic / link was put in place to offer an off-site status monitor for the Parsing & Reporting system in another newsgroup yesterday was met with a suggestion to recommend pointing folks to http://www.spamcop.net/spamgraph.shtml?spamstats which seems a bit of an odd thing to do when the "question" is dealing with http://www.spamcop.net being "down" ... But that's just me. If the Quick-Reported data wasn't actually lost in a crash, the result should eventually show up, based the typical "working through the backlog" scenario. From / at /.cn Thu Feb 9 23:01:49 2006 From: / at /.cn (Petzl) Date: Thu Feb 9 07:05:03 2006 Subject: [SpamCop-List] Re: SpamCop on Blink again? References: Message-ID: "WazoO" wrote in message news:dsf9em$co0$1@news.spamcop.net... > "Petzl" wrote in message news:dsf8bb$bhn$1@news.spamcop.net... >> > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats >> >> Spam Quick reported over 2 hours ago still sitting there? > > I can only state that I've never gotten anyone at IrornPort to > offer any answers. The only details offered up from staff > essentially are the acknowledgement that there was an > outage. The outage yesterday was acknowledged something > like 4 or 5 hours after the fact. Pointing out that this Forum > graphic / link was put in place to offer an off-site status > monitor for the Parsing & Reporting system in another newsgroup > yesterday was met with a suggestion to recommend pointing folks > to http://www.spamcop.net/spamgraph.shtml?spamstats > which seems a bit of an odd thing to do when the "question" > is dealing with http://www.spamcop.net being "down" ... > But that's just me. > > If the Quick-Reported data wasn't actually lost in a crash, the > result should eventually show up, based the typical "working > through the backlog" scenario. > > Well the graph has sprung to life again (might just been maintenance The IronPort servers I use seem extremely reliable Petzl From nobody at devnull.spamcop.net Thu Feb 9 07:08:52 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 9 08:10:04 2006 Subject: [SpamCop-List] Re: SpamCop on Blink again? References: Message-ID: "Petzl" wrote in message news:dsfavn$doq$1@news.spamcop.net... > > Well the graph has sprung to life again (might just been maintenance > The IronPort servers I use seem extremely reliable That status chart isn't dealing with anything IronPort sells .... it's dealing with the hardware running the Parsing & Reporting software. These systems are located on IronPort turf, maintained by IronPort staff. From nobody at devnull.spamcop.net Thu Feb 9 09:20:39 2006 From: nobody at devnull.spamcop.net (Pop) Date: Thu Feb 9 09:25:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: Link works fine from here. IE/OE 6 XP SP2+. It sounds like your address bar might have searched instead of processing the link? Or the link didn't paste right? Anyway, it seems OK at the moment. Pop "Anon_" wrote in message news:dse7uc$mdu$1@news.spamcop.net... : : "WazoO" wrote in message : news:dse6r4$k98$1@news.spamcop.net... : > "Anonymous Coward" wrote in message : > news:dscdgq$1d1$1@news.spamcop.net... : > > : > > (BTW, is there any advantage to using nobody@devnull.spamcop.net : > > instead of nobody@spamcop.net?) : > : > Beyond making it look like you didn't bother to read the : > rules, guidelines, and tips offered for SpamCop.net users? : > The suggestion/request for the use of a specific address is : > on the very first Help page from the www.spamcop.net : > web page - Help link; : > http://www.spamcop.net/help.shtml : : *** : This link just caused a circular loop. : : It linked to google which linked right back to this very link! : : How about an exact link to the appropriate FAQ? : : -- : A SpamCop user and forum reader, : Not Admin : *** : : > (Please use "nobody@devnull.spamcop.net" if you use a fake address.) : > : > This is an ancient item/factoid, dating back three or four years, : > at least. : > : > : : From kenbrody at spamcop.net Thu Feb 9 10:23:56 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Feb 9 10:30:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: <43EB5E8C.8547FC76@spamcop.net> Freewheeling wrote: > > I've whitelisted an academic listserve I've subscribed to for four > months, but Spamcop continues to send its emails to "Held Mail." It [...] > Seriously, how many times do I have to whitelist a sender for it to > take? Is anyone at Spamcop awake? [...] My whitelistings take effect almost immediately. Are you sure that you whitelisted it properly? Also, how does one whitelist a server? Isn't the whitelist based on the "from" address? (Or is this perhaps a feature of mailhosts?) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From tmcgraw at spamcop.net Thu Feb 9 08:12:31 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Feb 9 11:15:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: References: Message-ID: Freewheeling wrote: > Tim McGraw wrote: >> >> What, do you think someone looks over your email before it's delivered >> or something? >> >> The process is automated. See first answer for most likely reason your >> whitelisting isn't working. > > Actually, the issue is that it DOESN'T WORK. Who cares whether it's > automated or not? You simply cannot whitelist some mailing lists by whitelisting the sender(s) in the "From" field because that is frequently the poster's email addy, not the source of the server sending messages. Whitelisting the domain in the "Return-Path" header as Stephen suggested may be a solution. Did you try checking your blocklists and unchecking DSBL open relays/list.dsbl.org as I suggested? From h9vzc2i02 at sneakemail.com Thu Feb 9 10:00:26 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Thu Feb 9 13:00:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "WazoO" wrote in message news:dsed7u$q5r$1@news.spamcop.net... > "Anon_" wrote in message > news:dse7uc$mdu$1@news.spamcop.net... > > > > "WazoO" wrote in message > > news:dse6r4$k98$1@news.spamcop.net... > > > > > > The suggestion/request for the use of a specific address is > > > on the very first Help page from the www.spamcop.net > > > web page - Help link; > > > http://www.spamcop.net/help.shtml > > > > This link just caused a circular loop. > > > > It linked to google which linked right back to this very link! > > > > How about an exact link to the appropriate FAQ? > > That is the "exact" link, copied from the page I was looking > at when I verified that the data was still there. As I also stated, > go to www.spamcop.net , hit the Help link ... you'll end up > exactly where I pointed. > > *** Here is where I ended when I followed your suggestion - see below: This is also where the original link put me!! This is NOT the answer to "nobody@..." The list below does not point me to anything about "nobody@... ---copy of page--- Help Options: FAQ | Search | Forums Frequently Asked Questions The FAQ is much more than just frequently asked questions. Here, you will find documentation on all aspects of SpamCop and spam in general, as well as pointers to other sites and other information. Use the Google search box below to search the FAQ or select the link to browse. Popular FAQs include: Table of contents Parsing and reporting service SpamCop mail service Mailhosts configuration Help for abuse-desks and administrators SpamCop Blocking list How can I contact a SpamCop representative? Search SpamCop ---end of copy--- -- A SpamCop user and forum reader, Not Admin *** From MikeE at ster.invalid Thu Feb 9 10:26:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 9 13:30:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: Anon_ wrote: > "WazoO" >>>> http://www.spamcop.net/help.shtml When I go to that page, at the bottom it sez Please use "nobody@devnull.spamcop.net" if you use a fake address. in the par named Security note: > This is NOT the answer to "nobody@..." > > The list below does not point me to anything about "nobody@... > > ---copy of page--- > Search SpamCop > ---end of copy--- After Search SC comes the search tool, then the sections Web-based Bulletin Boards Newsgroups Newsgroup Posting Rules and then the par Security note with the nobody@ sentence. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Thu Feb 9 22:31:07 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Feb 9 16:35:02 2006 Subject: [SpamCop-List] Re: I could be wrong References: Message-ID: <43EBB49B.2E4B@xyzzy.claranet.de> Mike Easter wrote: > Never attribute to malice that which is adequately explained > by stupidity. The plausible version works with s/malice/conspiracy/ The so-called Hanlon-version is a typical "distractor" used by interested parties to brain-wash the masses. "Laziness" or "greed" are also plausible if "stupidity" doesn't catch it, and of course "greed" can be evil / bad / "malice" if it's about issues like "paying for a proper abuse desk ? Never" I wouldn't trust that Hanlon-character any further than I can throw him or her. Bye, Frank From nobody at xyzzy.claranet.de Thu Feb 9 22:53:57 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Feb 9 16:55:04 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: <43EBB9F5.7324@xyzzy.claranet.de> Mindaugas wrote: > one very big additional slowdown of Spamcop reporting system > is a DNS scan of web links, added by antiviruses or antispam > tools (spf.pobox.com, bl.spamcop.net, etc.) The SPF site is now openspf.org, and it's completely unrelated to Web links. AFAIK SpamCop does not yet check SPF anywhere: That's how a mail user found this intl.paypal.com phish in his SC-mail inbox, reported here a few days ago. The SCBL (bl.spamcop.net) is also irrelevant for Web links. > It could be much simpler to whitelist by software these > preliminary known websites (there are probably less than > 30 of them) Maybe. In theory it should be also fast to have them in the DNS cache until it expires, but SC's use of DNS appears to be somewhat non-standard to fight DNS-tricks of the opposition. > this may probably lower rate of not-parsed not-reported > spamvertised websites, that are found qoite often. You could ask for a "quick reporting" account if you are _very_ sure that all your spam is spam, and that you generally don't want to parse the body for Web links. Another strategy would be to filter "known spam" ("just hit del") and reoprt only the potentially interesting spam. I mix these strategies, "jhd" is an alias for "quick report" in my address book, and "spamcop" is an alias for normal reports of "interesting" spam incl. the attempt to parse Web links. The definition of "interesting" depending on my mood / time ;-) Bye, Frank From rathernot at nono.net Thu Feb 9 21:30:52 2006 From: rathernot at nono.net (Freewheeling) Date: Thu Feb 9 21:35:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: References: Message-ID: Tim McGraw wrote: > Freewheeling wrote: > >> Tim McGraw wrote: >> >>> >>> What, do you think someone looks over your email before it's >>> delivered or something? >>> >>> The process is automated. See first answer for most likely reason >>> your whitelisting isn't working. >> >> >> Actually, the issue is that it DOESN'T WORK. Who cares whether it's >> automated or not? > > > You simply cannot whitelist some mailing lists by whitelisting the > sender(s) in the "From" field because that is frequently the poster's > email addy, not the source of the server sending messages. Whitelisting > the domain in the "Return-Path" header as Stephen suggested may be a > solution. Thanks, that's helpful if I can figure out how to do it. I'm also able to run the filter on "held mail" so that I can clear the list emails quickly, which is a help. > > Did you try checking your blocklists and unchecking DSBL open > relays/list.dsbl.org as I suggested? Haven't done that yet. Other stuff came up, but thanks for the suggestion. Will let you know if it works. It's not so much that Spamcop is horrible. It's just kind of oversold. What we really need is some "opt in" legislation. That'll put the kaibosh on the whole spam epidemic. It's getting to be a matter of cultural hygeine. --Scott From rathernot at nono.net Thu Feb 9 21:33:46 2006 From: rathernot at nono.net (Freewheeling) Date: Thu Feb 9 21:35:10 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: <43EB5E8C.8547FC76@spamcop.net> References: <43EB5E8C.8547FC76@spamcop.net> Message-ID: Kenneth Brody wrote: > Freewheeling wrote: > >>I've whitelisted an academic listserve I've subscribed to for four >>months, but Spamcop continues to send its emails to "Held Mail." It > > [...] > >>Seriously, how many times do I have to whitelist a sender for it to >>take? Is anyone at Spamcop awake? > > [...] > > My whitelistings take effect almost immediately. Are you sure that you > whitelisted it properly? "Release and Whitelist" right? How many times does it have to be done? Actually I think I need to do this manually, using the "return path domain" in the header. Reg'lar ol' whitelisting just won't cut it. > > Also, how does one whitelist a server? Isn't the whitelist based on the > "from" address? (Or is this perhaps a feature of mailhosts?) > Dunno. You're talkin' to a novice here, friend. From nobody at spamcop.net Fri Feb 10 02:18:03 2006 From: nobody at spamcop.net (Mark) Date: Fri Feb 10 02:20:03 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: Hi Ellen Yes, I'm noticing considerable delays related to this issue -- and they are probably related to what I have noticed over the past few weeks. I have finished my numerical analysis of sending emails, and there is no doubt that mail routed through spamcop has taken significantly longer in the past 3 days, and I have numbers to prove it. I see no need to share these new numbers because the current condition is not necessarily representative of intended service design. However, I have made some configuration changes on my side which have solved the speed problem while continuing to be protected by spamcop reporting. Thanks for keeping us subscribers updated. -- Mark "Ellen" wrote in message news:dsdclg$sj$1@news.spamcop.net... You may encounter slow responses to spam submittals. We had some system problems overnight which have resulted in the system needing to work thru some largish backlogs. Operations and engineering are closely monitoring the situation. Thanks for your patience Ellen SpamCop f/ups set to spamcop From nobody at spamcop.net Fri Feb 10 02:21:08 2006 From: nobody at spamcop.net (Mark) Date: Fri Feb 10 02:25:02 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: Hi Ellen Yes, I'm noticing considerable delays related to this issue -- and they are probably related to what I have noticed over the past few weeks. I have finished my numerical analysis of sending emails, and there is no doubt that mail routed through spamcop has taken significantly longer in the past 3 days, and I have numbers to prove it. I see no need to share these new numbers because the current condition is not necessarily representative of intended service design. However, I have made some configuration changes on my side which have solved the speed problem while continuing to be protected by spamcop reporting. Thanks for keeping us subscribers updated. -- Mark "Ellen" wrote in message news:dsdclg$sj$1@news.spamcop.net... You may encounter slow responses to spam submittals. We had some system problems overnight which have resulted in the system needing to work thru some largish backlogs. Operations and engineering are closely monitoring the situation. Thanks for your patience Ellen SpamCop f/ups set to spamcop From nobody at devnull.spamcop.net Fri Feb 10 01:43:05 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Feb 10 02:45:03 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: I gave up trying to fix the results ot top-posting an HTML reply. Your remarks about a SpamCop e-mail account issue have nothing to do with Ellen's belated remarks about a drop-out of the Parsing & Reporting system. That set of "e-mail responses to a spam submittal" are all handled on the IronPort systems in California. Your e-mail account issues are handled by JT's systems in Geogia. Most of this was also addressed in one of your threads in the spamcop.mail newsgroup. Bottom line: you're mixing apples and oranges and there's a hole in your bucket. From MikeE at ster.invalid Thu Feb 9 23:44:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 10 02:45:11 2006 Subject: [SpamCop-List] Re: Possible slow reponse to spam submittals References: Message-ID: Mark wrote: X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 Content-Type: text/html; > Thanks for keeping us subscribers updated. For newsgroup posting, it is best to configure your OE newsreader to post in plaintext, not html. That configuration is in OE/ Tools/ Options/ Send tab - News sending format - check the radio button Plaintext, not html. For newsgroup replying, it is best to trim and contextualize, not top post. http://members.fortunecity.com/nnqweb/nquote.html news.newusers.questions -- Quoting Style in Newsgroup Postings - This document is a description of the traditionally accepted "quoting style" in Usenet newsgroup postings. Since your newsreader can't be configured to handle the placement of a signature automatically at the end of a trimmed and contextualized post, you would need to disable OE's autosig, unless you were using OE QuoteFix http://home.in.tum.de/~jain/software/oe-quotefix/ The autosig function is one of the 'features' of OE which some people feel 'forces' them to top post. OE's design was 'thinking about' corporate email TOFU [top post full quote under] - not proper trimmed and contextualized news posting - and OE was never upgraded to be configurable to both autosign and to also put the signature at the bottom where it belongs after a trimmed and contextualized reply. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Fri Feb 10 12:41:17 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Feb 10 06:45:04 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: On Thu, 09 Feb 2006 21:30:52 -0500, Freewheeling coughed into spamcop and left this in : > It's not so much that Spamcop is horrible. It's just kind of oversold. > What we really need is some "opt in" legislation. That'll put the > kaibosh on the whole spam epidemic. It's getting to be a matter of > cultural hygeine. You're preaching to the choir there! Unfortunately, it isn't going to happen as long as marketers are buying politicians and therefore laws. Furthermore, it'll only be as effective as its enforcement (ie: totally ineffective as of today) and it would have to be the same right across the globe. The only thing we (tinw) can do right now is help convince consumer ISPs that it's in their best interest to disconnect users with infected machines in order to clean them out before reconnecting them to the 'Net. As things are right now, ISPs are doing their damndest to reduce subscription costs in order to attract users, and that means cutting costs. The first service to go is invariably the abuse desk because it doesn't generate revenue. There's one machine not too far from me (I'm registered as an interested 3rd party for reports concerning abuse in the same netblock as me) that's been spewing crud out since.... fx: greps through logs... December 13th last year. That's nearly 2 months ago, and the ISP has allowed it to continue merely because there's no abuse desk. Get consumer ISPs to pull their act together and there will be far fewer trojanned open proxies for spammers to abuse. That will leave spammers no choice but to spam from their own IP blocks, and that will make them that much easier to block. End of problem. Easier said than done... -- Steve Let's call it an accidental feature. -- Larry Wall From nobody at nowhere.invalid Fri Feb 10 12:43:36 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Feb 10 06:45:12 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: <43EB5E8C.8547FC76@spamcop.net> Message-ID: On Thu, 09 Feb 2006 21:33:46 -0500, Freewheeling coughed into spamcop and left this in : > "Release and Whitelist" right? How many times does it have to be done? > Actually I think I need to do this manually, using the "return path > domain" in the header. Reg'lar ol' whitelisting just won't cut it. Actually, it will, as long as you whitelist the right thing! The mail server doesn't even see the address in the From: header. All it sees is the one in the "Return-Path:" header, which happens to be the MAIL FROM address given during the SMTP handshake. *That* is what needs whitelisting. There's no point whitelisting something the server will never even see in the first place. -- Steve From nobody at nowhere.invalid Fri Feb 10 12:46:44 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Feb 10 06:50:02 2006 Subject: [SpamCop-List] Anyone here read Hebrew? Message-ID: Netvision only sends out their auto-acks in Hebrew. Can anyone translate this, please? http://lugtouraine.free.fr/netvision.png It might also be worthwhile informing them that Hebrew isn't the only language used on the Internet, and that they should use English in addition to Hebrew if they want people elsewhere to understand what they have to say. -- Steve Which is worse: ignorance or apathy? Who knows? Who cares? From MikeE at ster.invalid Fri Feb 10 06:06:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 10 09:10:03 2006 Subject: [SpamCop-List] Re: Anyone here read Hebrew? References: Message-ID: Steven Maesslein wrote: > Netvision only sends out their auto-acks in Hebrew. Can anyone > translate this, please? > > http://lugtouraine.free.fr/netvision.png Seeing a right to left language using left to right numbers is a little dizzying. Here come some right to left words followed by a colon followed by a left to right number. Swirl. You can't really tell which way the 'arabic' numbers in the autoack go, but you can tell if you visit the website and enable javascript, because the number values on the webpage are more familiar than the numbers in the autoack. http://www.netvision.net.il refers to http://home.netvision.net.il/ Where by 'left to right' for the algoristic decimal system, I mean the decimal position notation method of each number's position being 10 times the value of the numeral to its right. Actually, the autoack demonstrates the phenomenon of 'bi-directional text' or 'Bi Di' with both LTR and RTL texts 'all mixed up'. It is my understanding that bi di text is supposed to keep the two types in separate par/s, not on the same line as is done with the terms Abuse and abuse@netvision.net.il -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Feb 10 06:21:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 10 09:25:03 2006 Subject: [SpamCop-List] Re: Anyone here read Hebrew? References: Message-ID: Steven Maesslein wrote: > Netvision only sends out their auto-acks in Hebrew. Can anyone > translate this, please? Maybe it_logs@netvision.net.il got the mail addressed to abuse@netvision.net.il and is telling you to send abuse notifies to abuse@netvision.net.il That would be a Doh effect. The spamcop notify is the abuse@. The mail is From it_logs@. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Fri Feb 10 10:40:16 2006 From: jeffg at spamcop.net (Jeff G.) Date: Fri Feb 10 10:45:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: WazoO wrote: > "Anonymous Coward" wrote in message > news:dscdgq$1d1$1@news.spamcop.net... >> >> (BTW, is there any advantage to using nobody@devnull.spamcop.net >> instead of nobody@spamcop.net?) > (Please use "nobody@devnull.spamcop.net" if you use a fake address.) > > This is an ancient item/factoid, dating back three or four years, > at least. Actually, this change dates back just over two years - please compare http://web.archive.org/web/20031202031716/http://www.spamcop.net/forum.shtml to http://web.archive.org/web/20040202111318/http://www.spamcop.net/forum.shtml . -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From dmitry at mailinator.com Fri Feb 10 14:27:50 2006 From: dmitry at mailinator.com (Dmitry) Date: Fri Feb 10 14:30:03 2006 Subject: [SpamCop-List] Re: Anyone here read Hebrew? References: Message-ID: The translation is: Dear Customer, Thanks for your request. Your request logged and will be handled soon. Abuse Department tel: 04-8560570 (well, full number is +972-4-8560570) email: abuse @ netvision . net . il "Steven Maesslein" wrote in message news:slrnduov94.660.nobody@127.0.0.1... > Netvision only sends out their auto-acks in Hebrew. Can anyone translate > this, please? > > http://lugtouraine.free.fr/netvision.png > > It might also be worthwhile informing them that Hebrew isn't the only > language used on the Internet, and that they should use English in > addition to Hebrew if they want people elsewhere to understand what they > have to say. > > -- > Steve > > Which is worse: ignorance or apathy? Who knows? Who cares? From eddie at eddie.web Fri Feb 10 14:34:33 2006 From: eddie at eddie.web (eddie) Date: Fri Feb 10 14:35:03 2006 Subject: [SpamCop-List] Re: Gateway Timeout Bug? In-Reply-To: References: Message-ID: Mindaugas wrote: > Same problem happens probably several months, however today it happens with > every submission, earlier it happened from time to time. > > eddie wrote in news:ds8uci$ste$1@news.spamcop.net: > > >>I just made a submission and received the dreaded Gateway Timeout >>message. Hitting the backbutton on the browser, I get a page that >>seems to indicate that I can no longer submit the spam. >>I resubmitted it by pasting the message into the window and got >>another gateway timeout. >>However, I looked at my Recent Reports and find both submissions >>logged in. So what do I believe? Did the report really get sent? Or >>did it just get logged as if it were sent but really wasn't? >>This has happened before when I got the gateway timout error but I >>never realized that it might be a bug and that the report was never >>really sent. >> > > My concern, that has not been addressed, is if the report was actually sent or not? I guess nobody is really concerned. It may be too deep for understanding. From nobody at devnull.spamcop.net Fri Feb 10 14:50:08 2006 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Feb 10 14:55:03 2006 Subject: [SpamCop-List] Spamcop and Gmail Message-ID: My Google alerts spotted this article today. I'm not sure how objective it is. Any feedback? http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at devnull.spamcop.net Fri Feb 10 14:20:31 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Feb 10 15:25:03 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:dsiqpe$qme$1@news.spamcop.net... > My Google alerts spotted this article today. I'm not sure how objective > it is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 This article has a whole lot of wrong information. I don't see a way to contact the author. But one source of information from both sides of the fence can be "publicly" seen at http://forum.spamcop.net/forums/index.php?showtopic=3973 Seen in that huge Topic/Discussion are snippets of dialog between users and Google "techs" explaining exactly what the issue is. The "privacy" thing to me doesn't fly because it's not a blanket deal, as seen by my testing and demonstrating the differences between GMail sent via the web interface as compared to using the added POP/SMTP access. Only the web-access method fails to identify the "real" source of the e-mail. This the end of the parsing chain when trying to track it down .. can't go any further than the GMail server involved. Even the description offered of the "blocking action" by SpamCop is ass backwards, even if it was close to being correct at all. Yet another "reporter" that has not done his homework before rushing to press. The "lack of an IronPort" response has come up before by folks trying to contact them to "complain about SpamCop" ... The SpamCop "staff" doesn't work "at" IronPort. This doesn't necessarily explain the lack of a response, but ... From nobody at devnull.spamcop.net Fri Feb 10 14:57:29 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Feb 10 16:00:02 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:dsiqpe$qme$1@news.spamcop.net... > My Google alerts spotted this article today. I'm not sure how objective > it is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 Interestingly enough, one of the "reference" articles listed in this article also points back to the exact Forum discussion I just pointed to. Brian McWilliams Spam Kings blog .... http://spamkings.oreilly.com/archives/2006/01/spamcop_blocking_some_gmail_se.html Posted there as a comment (awaiting 'approval') How SpamCop.net makes the call; http://www.spamcop.net/fom-serve/cache/297.html Note the math involved. Note also that even SpamCop.net does not recommend using their BL in a blocking fashion, even the SpamCop.net filtered e-mail accounts side of the house uses it as either a Tagging option or part of a filter set which moves suspected spam e-mail to a "Held" folder (option selectable by the user) ... and also pointing out the obvious .. SpamCop.net cannot block any e-mail itself, this "action" being due to the configuration of the ISP using the BL in their e-mail management toolset. As noted, there is a huge discussion at http://forum.spamcop.net/forums/index.php?showtopic=3973 .. which includes some snippets of dialog with Gmail "techs" ... and the demonstrated issue with their "privacy" stand ... the lack of the appropriate data in the headers only occurs from the web-based interface. Use of the POP/SMTP feature/function results in "correct" headers, which allows the SpamCop.net parser to track beyond the GMail servers for the 'actual' source. Posted as a comment at the other referenced site; (awaiting 'approval') http://www.spamroll.com/blogarch/2006/01/spamcop_fills_t_1.php How SpamCop.net makes the call; http://www.spamcop.net/fom-serve/cache/297.html Note the math involved. Note also that even SpamCop.net does not recommend using their BL in a blocking fashion, even the SpamCop.net filtered e-mail accounts side of the house uses it as either a Tagging option or part of a filter set which moves suspected spam e-mail to a "Held" folder (option selectable by the user) ... and also pointing out the obvious .. SpamCop.net cannot block any e-mail itself, this "action" being due to the configuration of the ISP using the BL in their e-mail management toolset. As Brian McWilliams also noted, there is a huge discussion at http://forum.spamcop.net/forums/index.php?showtopic=3973 .. which includes some snippets of dialog with Gmail "techs" ... and the demonstrated issue with their "privacy" stand ... the lack of the appropriate data in the headers only occurs from the web-based interface. Use of the POP/SMTP feature/function results in "correct" headers. From MikeE at ster.invalid Fri Feb 10 13:05:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 10 16:10:02 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: Sofa King Tyred of Lar Ting wrote: > My Google alerts spotted this article today. I'm not sure how > objective it is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 // Spamcop and Gmail lock horns again -- 2006 February 09 // The above is the derivative of the derivative of the derivative, where the beginning starts in the forum 9 months ago: http://forum.spamcop.net/forums/index.php?showtopic=3973 would someone please enlighten me, how does adding gmail's server to a black list makes any sense at all? -- 2005 Apr 19 http://spamkings.oreilly.com/archives/2006/01/spamcop_blocking_some_gmail_se.html SpamCop blocking some Gmail servers -- At least three mail systems operated by Google Mail have been placed on the SpamCop blacklist. -- 2006 January 29 http://www.spamroll.com/blogarch/2006/01/spamcop_fills_t_1.php SpamCop fills the paddy-wagon - And again, its GMail users in the shackles. SpamCop recently added several Gmail servers to its blacklist. -- 2006 January 30 Spam from gmail webmail SC parses to name the gmail server as the source. Considering that the SC blocklisting algorithm uses a formula which includes the number of spam reports as a numerator, and a derivative of the number of nonspam mails which constitutes 'reputation' or 'traffic' based on nonspam queries to the blocklist as the denominator, for busy servers like gmail's to get themselves blocklisted indicates that some significant quantity of spam or whatever causes spam reports by reporters or spamtraps is being generated behind gmail servers. None of the articles do justice to describing the issue comprehensively, which can best be explored in the forum or other spamcop related exchanges such as the archives of news messages. Naturally I prefer to read the discussions which occurred in the newsgroups which you can see here: http://www.google.com/search?as_q=gmail+servers&num=10&hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occ t=any&as_dt=i&as_sitesearch=news.spamcop.net&as_rights=&safe=images make oneline or use http://snipurl.com/mfpm which is a search for the terms gmail servers in news.spamcop.net -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Feb 10 13:15:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 10 16:15:02 2006 Subject: [SpamCop-List] Re: Gateway Timeout Bug? References: Message-ID: eddie wrote: > However, I looked at my Recent Reports and find both submissions > logged in. So what do I believe? Did the report really get sent? Or > did it just get logged as if it were sent but really wasn't? I would say that if there's a record of a report, then a report got sent -- but if you never had a chance to approve or cancel, that would be strange. My reports say if they were cancelled or sent. What do yours say? Cancelled or sent? > This has happened before when I got the gateway timout error but I > never realized that it might be a bug and that the report was never > really sent. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Fri Feb 10 23:06:43 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Feb 10 17:10:04 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: On Fri, 10 Feb 2006 14:50:08 -0500, Sofa King Tyred of Lar Ting coughed into spamcop and left this in : > My Google alerts spotted this article today. I'm not sure how objective > it is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 The article is plainly and simply false. SpamCop does not (indeed COULD not) block mail coming from google servers - except for its own users, and even then the mail is diverted to the user's "held mail" folder rather than being rejected outright. SpamCop's DNSBL is no more than a list of IP addresses that have sent spam to SC reporters or to SC spam traps. Google servers *do* send spam because google has users that spam. Furthermore, in their infinite wisdom, google does not include the IP address of the user of their webmail system, meaning that it's their servers that get identified as the spam source and therefore listed. -- Steve Shin, n. : a device for finding furniture in the dark. From Kilgallen at SpamCop.net Fri Feb 10 16:47:49 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Feb 10 17:50:12 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: In article , Steven Maesslein writes: > Google servers *do* send spam > because google has users that spam. Of course they do, because their economic model promotes "throwaway" useage. From nobody at devnull.spamcop.net Fri Feb 10 17:43:04 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Feb 10 18:45:02 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:dsiqpe$qme$1@news.spamcop.net... > My Google alerts spotted this article today. I'm not sure how objective > it is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 And while I was at it, fired off an e-mail to John Dunn, listed as the Security section Editor .... From: "WazoO" To: John Dunn @ techworld.com Cc: "SpamCop Support - JT" , "SpamCop, Deputies" Subject: Bad reporting Date: Fri, 10 Feb 2006 17:31:07 -0600 Either a lack of research or a lack of understanding seems to be involved in the article just read at "Spamcop and Gmail lock horns again" written by Guy Kewney, Techworld http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 The leading sentence is obviously some kind of an attempt a simply gathering attention and generating emotion ... yeah, I know, standard fare ... however, pointing to the obvious fact that the SpamCopDNSBL is a very dynamic list, the real 'facts' are a bit different than conjectured. > Several minor incidents of "false positive" spam identification > occurred last year, Not true at all, spam is spam. The fact that Google doesn't build a complete set of headers from the web-based interface causes the SpamCop.net parser to stop chasing the source at the last IP address in the chain, which turns out to be the GMail server. The "last year" and the following "this month" are totally absurd. Based on a mathematical formula, comparing the amount of "total" e-mail traffic seen from a specific server and the amount of user- reported spam tracking back to that source and/or spam-trap hits, those various servers go on and come off the SpamCopDNSBL on a continuing basis, depending on the spam spew. See http://www.spamcop.net/fom-serve/cache/297.html > but this month, several Google servers have been blacked > completely, shutting all users of those servers off from sending > e-mail to any address monitored by Spamcop. Even if this was close to being correct, it's still ass-backwards. SpamCop.net does not have the power to block anything. It's the providing of a dynamic (and aggressive) Block List that is "the story" ..... Any actual "blocking" is performed by an ISP that has decided to configure his / her e-mail server to user this BL in a blocking mode. This is not the recommended way to use it, stated quite clearly in the associated FAQ. In fact, the SpamCopDNSBL was originally created to be used for folks using a SpamCop.net filtered e-mail account. The use of this BL is to either "TAG" the headers of a suspected spam and delivering that e-mail to the user's InBox, or using the BL as a part of a filtering list (that also includes other BLs) that would then move the suspected spam into the user's "Held Mail" folder, thus keeping it out of the InBox. SpamCop.net does not "monitor" addresses ... the BL is driven by user-submitted spam reports and spam-trap hits, comparing those numeric results to traffic numbers developed by IronPort's SenderBase application. See http://www.ironport.com/company/ > Occasionally, Gmail is listed on SpamCop because we do not reveal > the IP address of our users. Only partially true ... use of the GMail system via the POP/SMTP functions result in "correct" headers. > Brian McWilliams noted that the Gmail servers in question are not > on other big blacklists, "which makes you wonder how SpamCop > is making decisions on their own account," said Spamroll. I've provided a comment on Spamroll's site and the Spam King site, both referencing the same link as above which offers some dialog on how the SpamCop.netDNSBL works. There are thousands of public BLs out there, probably millions (?) of personal BLs in use ... each one of them is built to some specification, which explains why there are so many of them. SpamCop.net's is unique in that it is "automatic" ... spam complaints / spam-trap hits come in with sufficient quantity, it gets listed for a maximum of 24 hours (after the spam stops) ... There is even a one-time offer of a "quick delisting" for that ISP/Admin that may have tan into an issue, got it resolved, and is sure that the spew has stopped. Of course, in reality, too many folks hit this page first, then try to troubleshoot the issue. The really embarrassing thing is that one of the articles referenced in this article also includes a pointer to a huge SpamCop.net Forum Topic / Discussion on the "GMail servers are blocked" issue. That discussion also includes snippets of some e-mail dialog with some GMail "techs" ... some work-ups on the actual issue, words from folks on both sides of the fence ... never mind the ovbious information about the on/off situation of various GMail servers. Please see http://forum.spamcop.net/forums/index.php?showtopic=3973 That dialog was updated again today based on some traffic in one of the SpamCop.net newsgroups. > Coincidentally, perhaps, Spamcop's owner, IronPort Systems, has > failed to respond to requests for a comment on this issue. This might > indicate that it has nothing to say, or it might indicate that even inside > IronPort, Spamcop implementation is not sensitively set up. I can't speak for anyone, just a volunteer supporter, but have to point out that SpamCop.net has its own staff. Please see a list at; "Section 8 - SpamCop's System & Active Staff" http://forum.spamcop.net/forums/index.php?act=faq&cat=10 For contact points, please see "Where to get Help" at http://forum.spamcop.net/forums/index.php?act=faq&article=78 or "How To Get Official SpamCop.Net Customer Support" at; http://forum.spamcop.net/forums/index.php?act=announce&f=2&id=23 Again, I'm going with the fact that there seems to be a huge lack of actual research and understanding of the actual issues involved in this specific issue. c.w. edwards Yes, I'm showing as the Admin of the SpamCop.net support Forum, but this is a totally volunteer effort on my part. This e-mail will also be added to that Forum discussion so as to inform anyone else following up on this article or either of the referenced links mentioned by the author .. in addition to keeping that Topic 'current' For the record, SpamCop.net has no association with the Domain thieves that offer up samcop.COM and / or spamcop.ORG ..... From / at /.cn Sat Feb 11 13:29:26 2006 From: / at /.cn (Petzl) Date: Fri Feb 10 21:30:03 2006 Subject: [SpamCop-List] Re: Spamcop and Gmail References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:dsiqpe$qme$1@news.spamcop.net... > My Google alerts spotted this article today. I'm not sure how objective it > is. Any feedback? > > http://www.techworld.com/security/news/index.cfm?NewsID=5337&inkc=0 > Any One can sign up with Gmail and as many accounts as one wants https://www.google.com/accounts/SmsMailSignup1 so stating Gmail is only available on recommendation is false For spamcop to block an email server means that server is not compliant (not stamping originating IP) and a *lot* of abuse reports would have to be generated. All abuse reports would be sent to Gmail and all Gmail is going to do is close one email address only. for the spammer to then open another Gmail one. Not attack the hole the spammer is sending through Further if Gmail wishes to whitelist it's servers it can do so http://www.bondedsender.org if they are so confident they are not just another incompetently set-up email server Petzl From smcgarrett at hawaii.com Fri Feb 10 23:08:44 2006 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Sat Feb 11 00:10:05 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains In-Reply-To: References: Message-ID: Tim McGraw wrote: > As Pop already pointed out, anyone with a lick of sense - and ESPECIALLY > people who work in the legal field - knows that email is NOT a reliable > NOR secure method of delivery. Assuming that all, or even most, lawyers belong to the group of people with a lick of sense is a stretch. Instead, most of them, along with doctors, seem to hold the belief from the old Dilbert strip: "Anything I don't understand is easy to do." I have several legal firms as clients. They routinely correspond with other law firms, clients, expert witnesses, etc. via good old unencrypted SMTP Internet email. I have repeatedly pointed out the security and reliability problems with this, yet almost all refuse to change their ways. It took me three years to get one small firm to stop using Internet email for their communications *within* the office. Their ISP had thoughtfully provided ten free addresses, so they thought it would be a fine thing to use them. Their ISP, one of the larger ones, would periodically have troubles with their email system, and mail originating from the ISP would sometimes take hours to be delivered, while mail from outside would be delivered almost immediately. I kept getting calls from the attorneys to come "fix" their "internal" email, and that's how I finally sold them on an in-house system. The senior partner at this same firm is the one who insists the landlord keep the phone closet locked at all times and refuses to discuss client matters over cell phones because he's scared of wiretapping by opposing parties. (But not the feds. He works entirely on big money civil cases, not criminal.) Oh, yeah, he's also willing to accept over a hundred spam emails a day because a filtering system might block an important message. Other than that, Tim's comments are on the money. Aloha, McGarrett "LART 'em, Danno!" From nobody at devnull.spamcop.net Sat Feb 11 10:30:09 2006 From: nobody at devnull.spamcop.net (Pop) Date: Sat Feb 11 10:35:03 2006 Subject: [SpamCop-List] Re: Major Problem Blacklisting All Domains References: Message-ID: "Steve McGarrett" wrote in message news:dsjrgt$e8r$1@news.spamcop.net... : Tim McGraw wrote: : : > As Pop already pointed out, anyone with a lick of sense - and ESPECIALLY : > people who work in the legal field - knows that email is NOT a reliable : > NOR secure method of delivery. : : Assuming that all, or even most, lawyers belong to the group of : people with a lick of sense is a stretch. Instead, most of them, : along with doctors, seem to hold the belief from the old Dilbert : strip: "Anything I don't understand is easy to do." : : I have several legal firms as clients. They routinely correspond : with other law firms, clients, expert witnesses, etc. via good old : unencrypted SMTP Internet email. : : I have repeatedly pointed out the security and reliability problems : with this, yet almost all refuse to change their ways. : ... Yeah, but the point is, they KNOW because they've been told, by you! But you're right, they still aren't necessarily "smart" people . My experience is just the opposite of yours although not nearly so wide; a grand total of three in nearby offices and a judge. But, they, and they claimed, "everyone" would never even consider e-mail for anything to do with their business of clients. They claimed it's the clients they don't trust to know what to not send, not themselves . The judge in the office right next to mine (at that time) said the most efficient processes were: Telephone, best & quickest, followed by a dictated facsimile, each followed up with a snail mail. E-mail was only used for research. Oh and everyone's machine was equipped with a snooper that daily sorted activity and created a weekly report of who/where/when. They didn't even trust the server: the snoopers were on each individual machine. Strange world out there. Pop From g.hyde at bigpond.net.au Sun Feb 12 09:12:06 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Feb 11 18:15:07 2006 Subject: [SpamCop-List] Why doesn't spamcop find the obvious HTML links in this spam email? Message-ID: http://www.spamcop.net/sc?id=z873291386zddad65b735462367ccf2ad0309a7349dz These do not appear obsfucated, or in any way obstructed, and I'd think SC would certainly have picked them up on a plaintext parse which it tried, and failed to detect them. Can anyone tell me how the spammer is obsfucating the links so SC doesn't parse them? I reported the spam 'as is' - NO modifications whatsoever. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Sat Feb 11 15:26:47 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 11 18:30:03 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z873291386zddad65b735462367ccf2ad0309a7349dz > > These do not appear obsfucated, or in any way obstructed, and I'd > think SC would certainly have picked them up on a plaintext parse > which it tried, and failed to detect them. When SC parsed that tracker for me, it found the link and failed to resolve it. Finding links in message body Resolving link obfuscation http://violandera.com/ Host violandera.com (checking ip) IP not found ; violandera.com discarded as fake. Tracking link: http://violandera.com/ [report history] Cannot resolve http://violandera.com/ > Can anyone tell me how the spammer is obsfucating the links so SC > doesn't parse them? When SC finds links, it can decline to try to resolve them, or it can try to resolve them and fail. IMO I think the reporter should have the option to notify a devnull address for any/every link found, instead of SC trying to resolve and not notifying anything and also failing to feed the spamvertised link to the stats page or the sc-surbl. If there are IBs, the reporter would uncheck the devnull. SC resources would be conserved instead of spending any time trying to resolve something. The SC reporter would be 'protected' from providing spam evidence to blackhat spamvertiser providers and their cohorts, and the reporter would be 'declining' to notify the spamvertiser provider. All of the 'good guys' would be better off and the bad guys would be both 'foiled' and contributed to a minor blocklist functionality better, namely the sc-surbl. Currently SC resources are being 'wasted' in trying to resolve spamvertiser IPs and blackhats are being aided with the SC functions of notifying. Bad configuration. Needs to be updated. Those 'advanced' spamfighters who can tell the blackhats from the whitehat spamvertiser providers can also option to notify in the current 'old fashioned' way in the event of a whitehat provider. Incidentally, violandera.com resolves to 220.231.20.231 which is a blackhat .cn provider for Leo BadCow Kuvayev SBL36758 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36758 ... so you wouldn't want to be notifying that anyway -- but by my idea of a new improved spamcop parser option, you could have been putting that spamvertiser on the stats list and feeding it to sc-surbl. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Sun Feb 12 10:23:11 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Feb 11 19:25:04 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: "Mike Easter" wrote in message news:dslrrd$h3m$1@news.spamcop.net... > Geoffrey Hyde wrote: > www.spamcop.net/sc?id=z873291386zddad65b735462367ccf2ad0309a7349dz >> >> These do not appear obsfucated, or in any way obstructed, and I'd >> think SC would certainly have picked them up on a plaintext parse >> which it tried, and failed to detect them. > > When SC parsed that tracker for me, it found the link and failed to > resolve it. That was the odd thing for me, it was a fairly short parse, but it never found the links or even tried to find the links. It just did both the HTML and text parses without even finding the links. Which was decidedly odd behaviour for SC. > Finding links in message body > Resolving link obfuscation > http://violandera.com/ > Host violandera.com (checking ip) IP not found ; violandera.com > discarded as fake. > Tracking link: http://violandera.com/ > [report history] > Cannot resolve http://violandera.com/ > >> Can anyone tell me how the spammer is obsfucating the links so SC >> doesn't parse them? > > When SC finds links, it can decline to try to resolve them, or it can > try to resolve them and fail. That was my problem, SC didn't even find the links. > IMO I think the reporter should have the option to notify a devnull > address for any/every link found, instead of SC trying to resolve and > not notifying anything and also failing to feed the spamvertised link to > the stats page or the sc-surbl. It should tell me if it found an error that prevented it from finding a link (system busy, whatever) I suspect perhaps it had a little too much server load to handle when I submitted this spam for tracking. > If there are IBs, the reporter would uncheck the devnull. SC resources > would be conserved instead of spending any time trying to resolve > something. The SC reporter would be 'protected' from providing spam > evidence to blackhat spamvertiser providers and their cohorts, and the > reporter would be 'declining' to notify the spamvertiser provider. Not sure what you mean by "IB" but if you mean more than one provider, I'd guess that is what should probably happen. > All of the 'good guys' would be better off and the bad guys would be > both 'foiled' and contributed to a minor blocklist functionality better, > namely the sc-surbl. Currently SC resources are being 'wasted' in > trying to resolve spamvertiser IPs and blackhats are being aided with > the SC functions of notifying. And if someone is an unknown or whitehat provider, should this also apply to them? It does sound a bit one-sided to me. > Bad configuration. Needs to be updated. > > Those 'advanced' spamfighters who can tell the blackhats from the > whitehat spamvertiser providers can also option to notify in the current > 'old fashioned' way in the event of a whitehat provider. I guess so but what do you do with the unknown borderline cases? Or those that are simply totally unresponsive? I don't necessarily agree that an ISP should get lumped in with blackhats just because they're unresponsive - it may be that they're understaffed or don't understand the problem. That is not necessarily reason to blackhat label them. > Incidentally, violandera.com resolves to 220.231.20.231 which is a > blackhat .cn provider for Leo BadCow Kuvayev SBL36758 > http://www.spamhaus.org/SBL/sbl.lasso?query=SBL36758 Heh - I might have known it was him. > ... so you wouldn't want to be notifying that anyway -- but by my idea > of a new improved spamcop parser option, you could have been putting > that spamvertiser on the stats list and feeding it to sc-surbl. Would he even care about being notified? It sounds to me like the only thing that will shut Leo up is a total lack of internet connectivity or the IP addess allocation providers get sick and tired of him. It would be nice if your suggested improvements get approval, but I think there are still unresolved issues that need working out. Cheers ... Geoffrey Hyde From / at /.cn Sun Feb 12 11:44:42 2006 From: / at /.cn (Petzl) Date: Sat Feb 11 19:45:04 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: "Geoffrey Hyde" wrote in message news:dslr05$gkv$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z873291386zddad65b735462367ccf2ad0309a7349dz > > These do not appear obsfucated, or in any way obstructed, and I'd think SC > would certainly have picked them up on a plaintext parse which it tried, > and failed to detect them. > > Can anyone tell me how the spammer is obsfucating the links so SC doesn't > parse them? > > I reported the spam 'as is' - NO modifications whatsoever. > > Cheers ... > > Geoffrey Hyde > > You can always add addresses to an abuse report You can be better than the bot SpamCop http://violandera.com/ Is dead probably already indentified & killed by SpamCop reports From MikeE at ster.invalid Sat Feb 11 16:49:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 11 19:50:02 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> IMO I think the reporter should have the option to notify a devnull >> address for any/every link found, instead of SC trying to resolve and >> not notifying anything and also failing to feed the spamvertised >> link to the stats page or the sc-surbl. > > It should tell me if it found an error that prevented it from finding > a link (system busy, whatever) I suspect perhaps it had a little too > much server load to handle when I submitted this spam for tracking. Another element of confusion in this issue is the fact that there is a discrepancy between the header content type, which sez text/html and the fact that the body is actually not proper html markup, but a 'funky' markup. In addition, there is an empty line in the header >> If there are IBs, the reporter would uncheck the devnull. SC >> resources would be conserved instead of spending any time trying to >> resolve something. The SC reporter would be 'protected' from >> providing spam evidence to blackhat spamvertiser providers and their >> cohorts, and the reporter would be 'declining' to notify the >> spamvertiser provider. > > Not sure what you mean by "IB" but if you mean more than one > provider, I'd guess that is what should probably happen. No, by IB I mean 'innocent bystander'. It has always been the responsibility of the reporter to uncheck SC's offer to notify the provider for a found link which is actually not being spamvertised, but which is a 'red herring' of being incidental to the content and purpose of the spam. Some spam contains links which are not the 'party' to the spamvertisement. By 'my' system, the reporter would still have the responsibility to uncheck an innocent bystander. Currently, the standard model is for SC to parse the body to deobfuscate the spamvertised links, which would include any innocent bystanders. If SC takes the time to try to resolve the link, and if SC is successful in resolving the link, which is frequently not the case, then SC offers to notify the provider for the IP. Generally that is a bad idea. So, SC has spent some resources thinking about trying to resolve, perhaps decided that it didn't have sufficient resources available -- and/or decided to try to resolve and then spent considerably more resources waiting for the resolution process, which might or not work. All of that is usually wasting resources, because the provider shouldn't be being notified in the first place. The only providers which should be notified are the whitehat providers who are responsive to being notified. The spamvertiser notify is a 'courtesy' and a 'wish' that the provider would do something. There is no penalty or teeth in the SC determination of a spamvertiser, with the exception of what happens with the sc-surbl. Since there is no spamcop consequence, I don't think the reporter or spamcop should feel any necessary obligation to be notifying the provider if the reporter doesn't want to. It would be better if SC didn't notify the non-responsive or blackhat providers and it would also be better if SC didn't spend its resources trying to do so -- and also failing to do so. And also failing to provide the spamvertised link to the sc-surbl. Try try try --- fail fail fail. All of which are misguided efforts to do the wrong thing most of the time. >> Currently SC resources are being >> 'wasted' in trying to resolve spamvertiser IPs and blackhats are >> being aided with the SC functions of notifying. > > And if someone is an unknown or whitehat provider, should this also > apply to them? It does sound a bit one-sided to me. The whole basis for SC's notification of spamvertiser providers is the wish for the provider to take action against the spamvertiser. That basis is a pipedream for the most part. The only providers who should be so notified are the responsive ones. All the rest don't even need to be resolved, much less notified. >> Bad configuration. Needs to be updated. >> >> Those 'advanced' spamfighters who can tell the blackhats from the >> whitehat spamvertiser providers can also option to notify in the >> current 'old fashioned' way in the event of a whitehat provider. > > I guess so but what do you do with the unknown borderline cases? Personally I think the 'default' mode could be the quick report effect -- just like it works for the spamtraps and the quick reporters, which is to not try to resolve anything in the body and only contribute to the SC blocklist. But under my scheme there would be a difference in the devnulled spamvertiser notifies and the quick report. The quick doesn't 'expose' the spamvertiser. The devnull would. > Or > those that are simply totally unresponsive? I don't necessarily > agree that an ISP should get lumped in with blackhats just because > they're unresponsive - it may be that they're understaffed or don't > understand the problem. That is not necessarily reason to blackhat > label them. Label schmabel -- the only reason people talk about black vs whitehats is to help them determine whether to notify them with the spam evidence or not. I don't think it matters whether you want to call someone understaffed or illiterate or 'poor' -- the important issue is that they are unresponsive. Their unresponsiveness causes them to 'expand' their presence into other blocklists such as spews and spamhaus, for one type of evidence. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Feb 11 19:42:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 11 22:45:03 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: Petzl wrote: > http://violandera.com/ > Is dead probably already indentified & killed by SpamCop reports Using a GET on http://violandera.com/ shows me a live site with commercial software spamvertised at ridiculously low prices -- so I would say they're pirated. You download the zip files of the software There's a page with unbelievable answers to believable questions, such as... http://violandera.com/faq.html How can you sell this software so cheap? It seems to good to be true - is there a catch? and others which describe how the operation works. -- Mike Easter kibitzer, not SC admin From / at /.cn Sun Feb 12 15:25:25 2006 From: / at /.cn (Petzl) Date: Sat Feb 11 23:30:03 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: "Mike Easter" wrote in message news:dsmaqr$oht$1@news.spamcop.net... > Petzl wrote: > >> http://violandera.com/ >> Is dead probably already indentified & killed by SpamCop reports > > Using a GET on http://violandera.com/ shows me a live site with > commercial software spamvertised at ridiculously low prices -- so I > would say they're pirated. > > You download the zip files of the software There's a page with > unbelievable answers to believable questions, such as... > > http://violandera.com/faq.html How can you sell this software so cheap? > It seems to good to be true - is there a catch? > > and others which describe how the operation works. > > -- > Mike Easter > kibitzer, not SC admin Using IE 6 I still get The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings From nobody at spamcop.net Sat Feb 11 23:20:42 2006 From: nobody at spamcop.net (N. Miller) Date: Sun Feb 12 02:25:05 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: <1qj58l68b703i.dlg@news.spamcop.net> On Sun, 12 Feb 2006 09:12:06 +1000, Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z873291386zddad65b735462367ccf2ad0309a7349dz > > These do not appear obsfucated, or in any way obstructed, and I'd think SC > would certainly have picked them up on a plaintext parse which it tried, and > failed to detect them. Last couple of these that I got were reported after a "Ctrl+R", or two. In general, if SC says, "Cannot resolve http://violandera.com/", I through the URL into Sam Spade and try to resolve it. If the Sam Spade Win32 tool can't find the host, I trust the SC parse and move on. If the Sam Spade Win32 resolves a host, I use "Ctrl+R" a couple of times. If the SC parser doesn't pop a site to report, I mark that message for manual notify, and move on. > Can anyone tell me how the spammer is obsfucating the links so SC doesn't > parse them? As Mike Easter said; probably just badly constructed HTML. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jeffg at spamcop.net Sat Feb 11 21:52:06 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sun Feb 12 12:45:03 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: Petzl wrote: > You can always add addresses to an abuse report Only if you're paying for the privilege. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Sun Feb 12 10:21:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 12 13:25:02 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: Jeff G. wrote: Date: Sat, 11 Feb 2006 21:52:06 -0500 NNTP-Posting-Date: Sun, 12 Feb 2006 17:42:54 +0000 (UTC) > Petzl wrote: >> You can always add addresses to an abuse report > > Only if you're paying for the privilege. Tweet! Voluntary clock police report. It appears that Jeff's machine's clock is almost 15 hours slow, altho' there are other causes for such nntp stamp discrepancy, which Ellen manifests sometimes to a much lesser degree. -- Mike Easter kibitzer, not SC admin From rathernot at nono.net Sun Feb 12 15:05:59 2006 From: rathernot at nono.net (Freewheeling) Date: Sun Feb 12 15:10:08 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Thu, 09 Feb 2006 21:30:52 -0500, Freewheeling coughed into spamcop > and left this in : > > >>It's not so much that Spamcop is horrible. It's just kind of oversold. >> What we really need is some "opt in" legislation. That'll put the >>kaibosh on the whole spam epidemic. It's getting to be a matter of >>cultural hygeine. > > > You're preaching to the choir there! > > Unfortunately, it isn't going to happen as long as marketers are buying > politicians and therefore laws. Furthermore, it'll only be as effective > as its enforcement (ie: totally ineffective as of today) and it would > have to be the same right across the globe. > > The only thing we (tinw) can do right now is help convince consumer ISPs > that it's in their best interest to disconnect users with infected > machines in order to clean them out before reconnecting them to the > 'Net. As things are right now, ISPs are doing their damndest to reduce > subscription costs in order to attract users, and that means cutting > costs. The first service to go is invariably the abuse desk because it > doesn't generate revenue. There's one machine not too far from me (I'm > registered as an interested 3rd party for reports concerning abuse in > the same netblock as me) that's been spewing crud out since.... > > fx: greps through logs... > > December 13th last year. That's nearly 2 months ago, and the ISP has > allowed it to continue merely because there's no abuse desk. > > Get consumer ISPs to pull their act together and there will be far fewer > trojanned open proxies for spammers to abuse. That will leave spammers > no choice but to spam from their own IP blocks, and that will make them > that much easier to block. End of problem. > > Easier said than done... > Well, I'm a political scientist. Link this stuff to terrorism and the resistance is over. The politicians may be craven, but it'll become a matter of vice following virtue. And yeah, I do think terrorists are using this means to generate revenue. And the FBI thinks so too. From bert at iphouse.com Sun Feb 12 20:39:24 2006 From: bert at iphouse.com (Bert Hyman) Date: Sun Feb 12 15:40:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: In news:slrnduouut.660.nobody@127.0.0.1 Steven Maesslein wrote: > Unfortunately, it isn't going to happen as long as marketers are > buying politicians and therefore laws. Oh dear. When laws are passed which benefit marketers, it's because politicians are corrupt, but when laws are passed which serve your interests, they're doing god's work? These days, nearly every law passed and every regulation enacted benefits somebody at the expense of somebody else; of course the system is corrupt. Every time you look to the government to solve these personal problems, you simply make the situation worse. [By "you", I don't necessarily mean you, of course] -- Bert Hyman St. Paul, MN bert@iphouse.com From nobody at nowhere.invalid Sun Feb 12 22:26:42 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Feb 12 16:30:03 2006 Subject: [SpamCop-List] Re: Starting to get annoyed. References: Message-ID: On Sun, 12 Feb 2006 20:39:24 +0000 (UTC), Bert Hyman coughed into spamcop and left this in : > When laws are passed which benefit marketers, it's because politicians > are corrupt, but when laws are passed which serve your interests, > they're doing god's work? I know you said that the "you" wasn't aimed at me personally but... If a politician passes a law that serves me personally then, if it serves *only* me then the politician is a damn fool, but if it serves the public in general then the politician is doing hir job. Spam is theft. Theft of everyone's resources, from the backbone providers to the end users. Laws such as the U-CAN-SPAM act that was bought by the DMA specifically authorise such theft. They serve a handful of people (and I use that term loosely), namely marketers, to the detriment of the wider community. -- Steve This door is baroquen, please wiggle Handel. (If I wiggle Handel, will it wiggle Bach?) -- Found on a door in the MSU music building From bill_beyer at excite.cXoYmZ Sun Feb 12 18:25:14 2006 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Sun Feb 12 21:20:02 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: "Patti" wrote in message news:dsook1$2ds$1@news.spamcop.net... > I'm getting really angry. Spamcop keeps bouncing my Yahoo Group Email. > These groups are important to me and I don't want to miss a single email. > > Does anyone know what I can do about it??????? > > Last Bounced Message > Remote host said: 550 5.7.1 > com>... > no access from[209.73.160.81],see http://www.spamcop.net/ [MAIL_FROM] > > Thank you in advance > > Patti Your outrage is wasted here. Once again, SpamCop doesn't block any email! Period. Your ISP is using the SCBl to block emails. Talk to them about their email filtering process. Then tell Yahoo to start cleaning up their network and you won't have these problems. From / at /.cn Mon Feb 13 16:01:10 2006 From: / at /.cn (Petzl) Date: Mon Feb 13 00:05:02 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: "Patti" wrote in message news:dsook1$2ds$1@news.spamcop.net... > I'm getting really angry. Spamcop keeps bouncing my Yahoo Group Email. > These groups are important to me and I don't want to miss a single email. > > Does anyone know what I can do about it??????? > > Last Bounced Message > Remote host said: 550 5.7.1 > com>... > no access from[209.73.160.81],see http://www.spamcop.net/ [MAIL_FROM] > Realistically because the a large numbers in Yahoo groups they also have a large number of spammers You are best to open a Hotmail account whitelisting any such groups Petzl From notgiven at nodomain.net Mon Feb 13 02:54:59 2006 From: notgiven at nodomain.net (C. S.) Date: Mon Feb 13 02:55:03 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: Sometime around Mon, 13 Feb 2006 16:01:10 +1100, "Petzl" deemed it necessary to offer: > "Patti" wrote in message > news:dsook1$2ds$1@news.spamcop.net... > > I'm getting really angry. Spamcop keeps bouncing my Yahoo Group Email. > > These groups are important to me and I don't want to miss a single email. > > > > Does anyone know what I can do about it??????? > > > > Last Bounced Message > > Remote host said: 550 5.7.1 > > > com>... > > no access from[209.73.160.81],see http://www.spamcop.net/ [MAIL_FROM] > > > > Realistically because the a large numbers in Yahoo groups they also have a > large number of spammers > > You are best to open a Hotmail account whitelisting any such groups > > Petzl > In addition, I will respectfully ask that you post no further binary/signature/HTML/bloated content to these newsgroups. This hierarchy of newsgroups has always asked that postings are made in simple ASCII/plain-text only, and I have always appreciated the simplicity of such a request: Simple to read and reply to, ASCII makes for a much more enjoyable and level experience for all. Please refrain in the future from posting such binary-laden abnormalities in these(SpamCop) newsgroups. From usenet at okean.invalid Mon Feb 13 01:05:53 2006 From: usenet at okean.invalid (Michael Wise) Date: Mon Feb 13 04:10:01 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: In article , "Patti" wrote: > I'm getting really angry. Spamcop keeps bouncing my Yahoo Group Email. > These groups are important to me and I don't want to miss a single email. > > Does anyone know what I can do about it??????? Yes, get Yahoo to stop allowing spam to be relayed through their servers. > > Last Bounced Message > Remote host said: 550 5.7.1 > com>... > no access from[209.73.160.81],see http://www.spamcop.net/ [MAIL_FROM] > > Thank you in advance > > Patti > From nobody at xyzzy.claranet.de Mon Feb 13 10:18:24 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Feb 13 04:20:02 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: Message-ID: <43F04EE0.6A9D@xyzzy.claranet.de> Mike Easter wrote: > Date: Sat, 11 Feb 2006 21:52:06 -0500 > NNTP-Posting-Date: Sun, 12 Feb 2006 17:42:54 +0000 (UTC) [...] > Tweet! Voluntary clock police report. > It appears that Jeff's machine's clock is almost 15 hours > slow, altho' there are other causes for such nntp stamp > discrepancy 21.52 +5 = 26.52, 26.52 -24 = 2.52, 17.42 -2.52 = 14.50, okay, I got it. One simple cause is reading news offline, write a followup, and actually post it when you're online again. Perfectly harmless if that's the reason. ;-) -- Frank From redford_stone at INVERSE_OF_COLDmail.com Mon Feb 13 10:31:12 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Feb 13 05:35:12 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: Michael Wise wrote in news:usenet-6DF0DB.01055213022006@news.cesmail.net: > In article , > "Patti" wrote: > >> I'm getting really angry. Spamcop keeps bouncing my Yahoo Group >> Email. These groups are important to me and I don't want to miss a >> single email. >> >> Does anyone know what I can do about it??????? > > Yes, get Yahoo to stop allowing spam to be relayed through their > servers. > > http://www.spamcop.net/w3m?action=checkblock&ip=209.73.160.81 Spamming spamtrap addresses.. not good on Yahoo's part. Either way, delisting occurs 24 hours after the spam stops. From / at /.cn Mon Feb 13 21:51:31 2006 From: / at /.cn (Petzl) Date: Mon Feb 13 05:55:05 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: "C. S." wrote in message news:p3e0v1hq681353flgttq130f77pjra4gi5@4ax.com... > Sometime around Mon, 13 Feb 2006 16:01:10 +1100, "Petzl" deemed > it necessary to > offer: > > In addition, I will respectfully ask that you post no further > binary/signature/HTML/bloated content to these newsgroups. > > This hierarchy of newsgroups has always asked that postings > are made in simple ASCII/plain-text only, and I have always > appreciated the simplicity of such a request: > Simple to read and reply to, ASCII makes for a much more > enjoyable and level experience for all. > > Please refrain in the future from posting such binary-laden > abnormalities in these(SpamCop) newsgroups. I have never done so? Petzl From porpoise1954 at yahoo.co.uk Mon Feb 13 13:36:09 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Feb 13 09:00:03 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: "Petzl" wrote in message news:dspobq$in3$1@news.spamcop.net... > > "C. S." wrote in message > news:p3e0v1hq681353flgttq130f77pjra4gi5@4ax.com... >> Sometime around Mon, 13 Feb 2006 16:01:10 +1100, "Petzl" deemed >> it necessary to >> offer: >> >> Please refrain in the future from posting such binary-laden >> abnormalities in these(SpamCop) newsgroups. > > I have never done so? > > Petzl > I think his words are directed at Patti (the OP) and he's linked it to your response in error...... From jeffg at spamcop.net Mon Feb 13 09:01:07 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 13 09:05:04 2006 Subject: [SpamCop-List] Re: Why doesn't spamcop find the obvious HTML links in this spam email? References: <43F04EE0.6A9D@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: >> Date: Sat, 11 Feb 2006 21:52:06 -0500 >> NNTP-Posting-Date: Sun, 12 Feb 2006 17:42:54 +0000 (UTC) [...] >> Tweet! Voluntary clock police report. >> It appears that Jeff's machine's clock is almost 15 hours >> slow, altho' there are other causes for such nntp stamp >> discrepancy > 21.52 +5 = 26.52, 26.52 -24 = 2.52, 17.42 -2.52 = 14.50, > okay, I got it. One simple cause is reading news offline, > write a followup, and actually post it when you're online > again. Perfectly harmless if that's the reason. ;-) Or OE getting tied up in its own underwear (getting stuck trying to check one of its accounts) until I noticed the problem. :( This computer is kept within 500ms of tick.usno.navy.mil, one of the US Naval Observatory's time servers, which is directly linked to a radio clock (Stratum Level 1, a Primary reference) and was at last check 20.044ms away. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From Nobody at SpamCop.devnull.diespammerdie.net Mon Feb 13 09:25:39 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Feb 13 10:30:03 2006 Subject: [SpamCop-List] "Straightup" with Forged Headers? Message-ID: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> I see a lot of these: http://www.spamcop.net/sc?id=z873995044z3c21887c97e6a996ab1fbf2d028b39efz It's a phony-diploma spam, with (seemingly invariably) an Area Code 206 (Seattle) private-dialtone-provider, unlisted number as the only contact. The content is all in a Base 64 .GIF image. What is interesting about this phony-degree spam is that there's no open or blocklisted proxy involved. If the header weren't forged, it'd be a straight-up spam from a ChinaTieTong MX. Am I reading this correctly, and is this a significant difference from what we've seen in the past? Are the spammers and their blackhat ISP's becoming more confident in their impunity? As a side issue, since there's a Seattle-area entity involved, why isn't he/she/it in federal custody awaiting trial under (You)CanSpam? Regards, Michael From MikeE at ster.invalid Mon Feb 13 07:56:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 13 11:00:02 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > What is interesting about this phony-degree spam is that there's no > open or blocklisted proxy involved. If the header weren't forged, > it'd be a straight-up spam from a ChinaTieTong MX. Am I reading this > correctly, and is this a significant difference from what we've seen > in the past? Are the spammers and their blackhat ISP's becoming more > confident in their impunity? IMO, what is happening is that the .cn /18 or larger netblock is being used to rotate IPs as spamsources. If you go to senderbase and look up the IP 222.58.13.219, the default senderbase 'spread' will show you the other IP sources in the /24. You can also configure senderbase to give larger and larger spreads, using /23, /22, etc. I only tinkered to /18 - but it kept showing more and more of the same thing, namely.... ... that a very large 'cadre' of IPs show identical 'monotonous' history of behavior. They all have a daily magnitude of 0.0 and a monthly magnitude of about 2.4 - almost as if they all magically were rotated to spread out the exposure. A /18 is over 16000 IPs, there are about 283 identically 'behaving' IPs in that sized netblock. In the /24 of 256 there are 22. The IP does show up in some db/s -- such as PSBL for hitting spamtraps. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Feb 13 11:02:21 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 13 11:05:02 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > It's a phony-diploma spam, with (seemingly invariably) an Area Code > 206 (Seattle) private-dialtone-provider, unlisted number as the only > contact. ... > As a side issue, since there's a Seattle-area entity involved, why > isn't he/she/it in federal custody awaiting trial under (You)CanSpam? Please feel free to report it yourself via http://www.secstate.wa.gov/elections/elected_officials.aspx#3006 , https://tips.fbi.gov/ , or http://www.cybertipline.com/ . -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at spamcop.net Mon Feb 13 11:17:14 2006 From: nobody at spamcop.net (Ellen) Date: Mon Feb 13 12:25:02 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net... > I see a lot of these: > > http://www.spamcop.net/sc?id=z873995044z3c21887c97e6a996ab1fbf2d028b39efz > > > What is interesting about this phony-degree spam is that there's no open > or blocklisted proxy involved. It's going to bl rsn. >If the header weren't forged, it'd be a > straight-up spam from a ChinaTieTong MX. Am I reading this correctly, > and is this a significant difference from what we've seen in the past? > Are the spammers and their blackhat ISP's becoming more confident in > their impunity? I don't see any header forgery. Ellen SpamCop From MikeE at ster.invalid Mon Feb 13 09:39:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 13 12:40:03 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: Ellen wrote: > "Michael Brennan" >> What is interesting about this phony-degree spam is that there's no >> open or blocklisted proxy involved. > > It's going to bl rsn. Now it is on cbl and scbl as well as psbl -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Feb 13 09:52:50 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 13 12:55:03 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: Ellen wrote: > "Michael Brennan" >> If the header weren't forged, it'd be a >> straight-up spam from a ChinaTieTong MX. I wouldn't call 222.58.13.219 no rDNS an MX. It /is/ CRTC .cn tietong CRTC = CHINA RAILWAY TELECOMMUNICATIONS CENTER > I don't see any header forgery. I think this line is bogus Received: from preston0 ([127.0.0.1]) by writely.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 13 Feb 2006 06:50:04 -0800 The evidence at psbl shows direct to mx from the 222.58.13.219 and cbl thinks it is a proxytrojan, so there shouldn't be any server writely in there. Atho' the timestamp fits. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Feb 13 17:19:05 2006 From: nobody at spamcop.net (Ellen) Date: Mon Feb 13 17:35:03 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:dsqh1i$2h3$1@news.spamcop.net... > Ellen wrote: > > I think this line is bogus > > Received: from preston0 ([127.0.0.1]) by writely.com with Microsoft > SMTPSVC(6.0.3790.1830); Mon, 13 Feb 2006 06:50:04 -0800 > > The evidence at psbl shows direct to mx from the 222.58.13.219 and cbl > thinks it is a proxytrojan, so there shouldn't be any server writely in > there. Atho' the timestamp fits. > yeah, makes sense, hard to say. Ellen From nobody at spamcop.net Mon Feb 13 14:37:37 2006 From: nobody at spamcop.net (Dar) Date: Mon Feb 13 17:40:02 2006 Subject: [SpamCop-List] Form Mail Message-ID: I don't think you need full headers for this one. Please see Subject: Form Mail in spamcop.spam We have form mail set up on the servers and in such a way that it will not be sent to anyone unless the recipient included in a text file named: formmail-domains.txt and only domains on the server are listed there. For months, now, this type of thing has been bouncing back to me. I thought, to begin with, it was someone making an *attempt* at bouncing spam off the form mail, but it continues and mostly using the same syntax or email addresses. When I look at the mail log, I can tell nothing's getting out, but I can't figure out why it continues. Do you think... they *think* they're having success? Or maybe they don't care? Maybe, because they don't know it isn't working, they keep it up? Or something else altogether? Dar From jeffg at spamcop.net Mon Feb 13 18:17:45 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Feb 13 18:20:03 2006 Subject: [SpamCop-List] Re: Form Mail References: Message-ID: Dar wrote: > I don't think you need full headers for this one. > Please see Subject: Form Mail in spamcop.spam > > We have form mail set up on the servers and in such a way that it > will not be sent to anyone unless the recipient included in a text > file named: formmail-domains.txt and only domains on the server are > listed there. > > For months, now, this type of thing has been bouncing back to me. > I thought, to begin with, it was someone making an *attempt* at > bouncing spam off the form mail, but it continues and mostly using > the same syntax or email addresses. > > When I look at the mail log, I can tell nothing's getting out, but > I can't figure out why it continues. Do you think... they *think* > they're having success? Or maybe they don't care? Maybe, because > they don't know it isn't working, they keep it up? Or something > else altogether? I hope you're reporting these attempts at spamming, theft of service, conversion, and trespass against chattels. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at spamcop.net Mon Feb 13 15:59:42 2006 From: nobody at spamcop.net (Dar) Date: Mon Feb 13 19:00:03 2006 Subject: [SpamCop-List] Re: Form Mail References: Message-ID: > > I don't think you need full headers for this one. > > Please see Subject: Form Mail in spamcop.spam > > > > We have form mail set up on the servers and in such a way that it > > will not be sent to anyone unless the recipient included in a text > > file named: formmail-domains.txt and only domains on the server are > > listed there. > > > > For months, now, this type of thing has been bouncing back to me. > > I thought, to begin with, it was someone making an *attempt* at > > bouncing spam off the form mail, but it continues and mostly using > > the same syntax or email addresses. > > > > When I look at the mail log, I can tell nothing's getting out, but > > I can't figure out why it continues. Do you think... they *think* > > they're having success? Or maybe they don't care? Maybe, because > > they don't know it isn't working, they keep it up? Or something > > else altogether? > > I hope you're reporting these attempts at spamming, theft of service, > conversion, and trespass against chattels. > > -- > Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 Against chattels?? From g.hyde at bigpond.net.au Tue Feb 14 10:11:25 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon Feb 13 19:15:02 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: I am seeing a lot of spam lately coming out of one part of the .cn domain or another, or at the very least, getting reported there. I can get 5-6 spams a day, may not seem like much, but then I don't keep track of it all, I just SC report it and wait to see if reporting has any actual effect. If anyone is interested in these spams, drop me an email to my inbox, I'll see if I can forward on the spams that come in (I delete them as I get them, because they're rubbish) onto you for further analysis. Although, it's as likely as not that it's one of those SpamGangs (IE Ralsky or whoever) behind all of this rubbish I keep getting in my inbox. Cheers ... Geoffrey Hyde "Mike Easter" wrote in message news:dsqh1i$2h3$1@news.spamcop.net... > Ellen wrote: >> "Michael Brennan" > >>> If the header weren't forged, it'd be a >>> straight-up spam from a ChinaTieTong MX. > > I wouldn't call 222.58.13.219 no rDNS an MX. It /is/ CRTC .cn tietong > > CRTC = CHINA RAILWAY TELECOMMUNICATIONS CENTER > >> I don't see any header forgery. > > I think this line is bogus > > Received: from preston0 ([127.0.0.1]) by writely.com with Microsoft > SMTPSVC(6.0.3790.1830); Mon, 13 Feb 2006 06:50:04 -0800 > > The evidence at psbl shows direct to mx from the 222.58.13.219 and cbl > thinks it is a proxytrojan, so there shouldn't be any server writely in > there. Atho' the timestamp fits. > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Mon Feb 13 18:57:24 2006 From: nobody at spamcop.net (Dar) Date: Mon Feb 13 22:00:01 2006 Subject: [SpamCop-List] Re: Form Mail References: Message-ID: > > > I don't think you need full headers for this one. > > > Please see Subject: Form Mail in spamcop.spam > > > > > > We have form mail set up on the servers and in such a way that it > > > will not be sent to anyone unless the recipient included in a text > > > file named: formmail-domains.txt and only domains on the server are > > > listed there. > > > > > > For months, now, this type of thing has been bouncing back to me. > > > I thought, to begin with, it was someone making an *attempt* at > > > bouncing spam off the form mail, but it continues and mostly using > > > the same syntax or email addresses. > > > > > > When I look at the mail log, I can tell nothing's getting out, but > > > I can't figure out why it continues. Do you think... they *think* > > > they're having success? Or maybe they don't care? Maybe, because > > > they don't know it isn't working, they keep it up? Or something > > > else altogether? > > > > I hope you're reporting these attempts at spamming, theft of service, > > conversion, and trespass against chattels. > > > > -- > > Best Regards, Jeff G. > > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > > > Against chattels?? I posted another one in spamcop.spam -- this one even includes a BCC email address. Dar From info at pyroreview.com Mon Feb 13 22:36:52 2006 From: info at pyroreview.com (PyroReview.Com) Date: Mon Feb 13 22:40:05 2006 Subject: [SpamCop-List] Not a fan of "lists" Message-ID: I've found that these lists are more cumbersome then they're worth. I've had to delist my server multiple times because the "spam traps" get bogus emails that say they are coming from my server. My server has a very limited number of users and it's nearly impossible for them to be sending out spam. And I know for a fact that it's not being used as a "relay" server because I check the logs, and every attempt to relay is denied. I even tried using the SORBS list once on my server, but it was more of a pain than it was worth. I got too many complaints from the users, so I got rid of it. From Kilgallen at SpamCop.net Mon Feb 13 22:31:01 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Feb 13 23:35:03 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" References: Message-ID: In article , "PyroReview.Com" writes: > I've found that these lists are more cumbersome then they're worth. I've had > to delist my server multiple times because the "spam traps" get bogus emails > that say they are coming from my server. My server has a very limited number > of users and it's nearly impossible for them to be sending out spam. Historically, people who make that claim often figure out to their chagrin that somehow they have not prevented their users from setting up an "autoanswer" automaton and in fact their users (even by some corporate mandate in certain cases) are sending incoming spam to the person from whom it was allegedly sent. From notgiven at nodomain.net Mon Feb 13 23:34:14 2006 From: notgiven at nodomain.net (C. S.) Date: Mon Feb 13 23:35:12 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: Sometime around Mon, 13 Feb 2006 13:36:09 -0000, "Porpoise" deemed it necessary to offer: > > "Petzl" wrote in message news:dspobq$in3$1@news.spamcop.net... > > > > "C. S." wrote in message > > news:p3e0v1hq681353flgttq130f77pjra4gi5@4ax.com... > >> Sometime around Mon, 13 Feb 2006 16:01:10 +1100, "Petzl" deemed > >> it necessary to > >> offer: > >> > >> Please refrain in the future from posting such binary-laden > >> abnormalities in these(SpamCop) newsgroups. > > > > I have never done so? > > > > Petzl > > > > I think his words are directed at Patti (the OP) and he's linked it to your > response in error...... > True; my mistake for not making that more clear. From nobody at devnull.spamcop.net Tue Feb 14 02:51:22 2006 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Tue Feb 14 02:55:14 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" In-Reply-To: References: Message-ID: <43F18BFA.4050003@devnull.spamcop.net> Larry Kilgallen wrote: > In article , "PyroReview.Com" writes: > >>I've found that these lists are more cumbersome then they're worth. I've had >>to delist my server multiple times because the "spam traps" get bogus emails >>that say they are coming from my server. My server has a very limited number >>of users and it's nearly impossible for them to be sending out spam. > > > Historically, people who make that claim often figure out to their > chagrin that somehow they have not prevented their users from setting > up an "autoanswer" automaton and in fact their users (even by some > corporate mandate in certain cases) are sending incoming spam to > the person from whom it was allegedly sent. I'll follow this up with the same link that appears on the spamcop reporting page: Postmasters, please limit forgery blow-back: Delayed bounces, virus notices, vacation messages http://www.spamcop.net/fom-serve/cache/329.html -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at nowhere.invalid Tue Feb 14 09:55:26 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Feb 14 04:00:14 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: On Tue, 14 Feb 2006 10:11:25 +1000, Geoffrey Hyde coughed into spamcop and left this in : > I am seeing a lot of spam lately coming out of one part of the .cn domain or > another, or at the very least, getting reported there. Everybody does. ".cn" is China, one of the top sources of spam. -- Steve God prefers spiritual fruit, not religious nuts... From g.hyde at bigpond.net.au Tue Feb 14 19:33:45 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Feb 14 04:35:02 2006 Subject: [SpamCop-List] "Replica classic watches" spam. Message-ID: http://www.spamcop.net/sc?id=z874324051zca89ddc7cede69ac5f85d912fd436193z I keep getting this particular repeat spam - I think about half a dozen, but lost interest in keeping track around about the 2nd or 3rd I reported/deleted - about replica classic watches, anyone know who the real source is? If the spam is related in some way to Ralsky, I suppose I'll have to look into filters for OE. Otherwise, I'll have to see if I can find someone who cares to inform them that their spam is not welcome at my inbox. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Tue Feb 14 09:50:33 2006 From: jeffg at spamcop.net (Jeff G.) Date: Tue Feb 14 09:55:04 2006 Subject: [SpamCop-List] Re: Form Mail References: Message-ID: Dar wrote: >>> I don't think you need full headers for this one. >>> Please see Subject: Form Mail in spamcop.spam >>> >>> We have form mail set up on the servers and in such a way that it >>> will not be sent to anyone unless the recipient included in a text >>> file named: formmail-domains.txt and only domains on the server are >>> listed there. >>> >>> For months, now, this type of thing has been bouncing back to me. >>> I thought, to begin with, it was someone making an *attempt* at >>> bouncing spam off the form mail, but it continues and mostly using >>> the same syntax or email addresses. >>> >>> When I look at the mail log, I can tell nothing's getting out, but >>> I can't figure out why it continues. Do you think... they *think* >>> they're having success? Or maybe they don't care? Maybe, because >>> they don't know it isn't working, they keep it up? Or something >>> else altogether? >> I hope you're reporting these attempts at spamming, theft of service, >> conversion, and trespass against chattels. > Against chattels?? Yes, against chattels. See the following quote, from http://itmanagement.earthweb.com/columns/executive_tech/article.php/3507261 via http://forum.spamcop.net/forums/index.php?showtopic=4293 : 'Trespass to chattels. This claim is perhaps the most interesting. "Chattels" means someone's personal property that is movable, such as a computer (but not land or buildings). New York law prohibits "the intentional intermeddling with a chattel" that results in "the deprivation of the chattel or impairment of the condition, quality or usefulness of the chattel." Even slowing a computer system down, as spyware almost always does, would seem to fall into this definition of trespass, if a user had not consented to it.' This term appears to be common law descended from England. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Tue Feb 14 06:52:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 09:55:11 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z874324051zca89ddc7cede69ac5f85d912fd436193z That item is sourced from a proxytrojan listed in CBL spamvertising a site for the ROKSO [Register Of Known Spam Operations] Spamhaus listed Daniel Mankani.spamgang. If you like to read about rokso/s at spamhaus, here's his http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Daniel%20Mankani > I keep getting this particular repeat spam - I think about half a > dozen, but lost interest in keeping track around about the 2nd or 3rd > I reported/deleted - about replica classic watches, anyone know who > the real source is? What does 'real source' mean in this context? An open proxy doesn't provide a trail to the injector 'source' behind the proxy. A spamvertiser and/or spamvertiser provider are 'implicated' by their benefitting from the spam. Does that make the spamvertiser spamgang the 'source' vy your definition or what? You cannot manufacture facts not in evidence by conjecture. > If the spam is related in some way to Ralsky, I suppose I'll have to > look into filters for OE. Whether a spam is from Ralsky's spamgang, see Spamhaus ROKSO intro to Ralsky here http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Alan%20Ralsky ... or some otther spamgang such as Mankani, seems to be immaterial to me. My spamfilter would have tagged that item as spam and it would have been sorted into my Junk folder and reported and contributed to the SCbl. Which you did. My filter calls items with CBL listed IPs in the header 'spam' and OE puts them into the Junk. > Otherwise, I'll have to see if I can find > someone who cares to inform them that their spam is not welcome at my > inbox. I think that notifying spamhaus listed spamveriders [spamvertiser provider] is a waste of time, as they are non-responsive. What other alternatives you have about such an issue is another subject. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Tue Feb 14 10:47:48 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Feb 14 11:10:04 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" References: Message-ID: <43F1FBA4.91AD04E4@spamcop.net> "PyroReview.Com" wrote: > > I've found that these lists are more cumbersome then they're worth. I've had > to delist my server multiple times because the "spam traps" get bogus emails > that say they are coming from my server. My server has a very limited number > of users and it's nearly impossible for them to be sending out spam. And I > know for a fact that it's not being used as a "relay" server because I check > the logs, and every attempt to relay is denied. [...] If you are getting listed because spamtraps are getting e-mail that "say they are coming from [your] server", the odds are that they _are_ coming from your server. I believe that you can contact "deputies at spamcop dot net" and give them the IP address of the server, and they can examine the spamtrap hits and tell you if they look like autoresponders, misdirected bounces, misdirected virus warnings, or "normal" spam. (They can't give you too many specifics, as spamtraps must remain secret to remain useful.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue Feb 14 08:45:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 11:50:03 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" References: Message-ID: PyroReview.Com wrote: > I've found that these lists are more cumbersome then they're worth. My most valuable spam defenses are based on dnsbl/s. DNSBL/s are very valuable to me, including spamcop's. > I've had to delist my server multiple times because the "spam traps" > get bogus emails that say they are coming from my server. I'm understanding you to say that your server is generating abusive mails, probably some kind of autoresponder, and that your 'response' to the problem is to 'delist' instead of fixing the problem. That's pretty stupid. Your server is also listed at PSBL for stockspam's hitting spamtraps. That's pretty irresponsible. > My server > has a very limited number of users and it's nearly impossible for > them to be sending out spam. That's not the point or a material fact. Nor accurate. See below. > And I know for a fact that it's not > being used as a "relay" server because I check the logs, and every > attempt to relay is denied. Checking your logs is a useful activity, but what are you doing about autoresponders? Also stock spam see example below. > I even tried using the SORBS list once on my server, but it was more > of a pain than it was worth. The sorbs list has numerous 'sub-lists' -- some of which are useful for some functions and some of which shouldn't be used for some other functions. My own spamfilter uses some sorbs lists but not all of them. You shouldn't be using any kind of list you don't know how to use. > I got too many complaints from the > users, so I got rid of it. Like I said, you shouldn't be using any kind of list you don't know how to use. If you are thinking about using sorbs in the future, you should go to the site and learn what the various lists mean and how to use sorbs. And you shouldn't be delisting your server without finding out what your server is doing wrong and fixing that problem. If this is about the server at 209.51.140.66 rDNS 209.51.140.66 which is also pyroreview.com, that server is currently PSBL listed for hitting spamtraps. Here's an example of a 9 day old PickOfTheWeek stockspam which I put into the parser to create a tracking url for http://www.spamcop.net/sc?id=z874486766zbc78682aaab11eebcf633c3d51f5cc43z If your logs aren't showing you that kind of spam, then there's something wrong with your security and your logs. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Feb 14 08:48:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 11:50:11 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" References: Message-ID: Mike Easter wrote: > If this is about the server at 209.51.140.66 rDNS 209.51.140.66 which > is also pyroreview.com, that server is currently PSBL listed for > hitting spamtraps. rDNS smartwebsolutions.com -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Feb 14 10:50:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 13:55:03 2006 Subject: [SpamCop-List] Re: Not a fan of "lists" References: Message-ID: PyroReview.Com wrote: > My server > has a very limited number of users and it's nearly impossible for > them to be sending out spam. Yeah, right. There are about 85 differerent domainnames parked at 209.51.140.66 which has a webserver, an ftp server, an smtp server, a pop server and I don't know whatall kinds of vulnerabilities. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Wed Feb 15 09:55:02 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Feb 14 18:55:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: "Mike Easter" wrote in message news:dssqrk$f03$1@news.spamcop.net... > Geoffrey Hyde wrote: > www.spamcop.net/sc?id=z874324051zca89ddc7cede69ac5f85d912fd436193z > > That item is sourced from a proxytrojan listed in CBL spamvertising a > site for the ROKSO [Register Of Known Spam Operations] Spamhaus listed > Daniel Mankani.spamgang. You promptly tell me who this particular spamgang is ... > If you like to read about rokso/s at spamhaus, here's his > http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Daniel%20Mankani > >> I keep getting this particular repeat spam - I think about half a >> dozen, but lost interest in keeping track around about the 2nd or 3rd >> I reported/deleted - about replica classic watches, anyone know who >> the real source is? > > What does 'real source' mean in this context? An open proxy doesn't > provide a trail to the injector 'source' behind the proxy. A > spamvertiser and/or spamvertiser provider are 'implicated' by their > benefitting from the spam. Does that make the spamvertiser spamgang the > 'source' vy your definition or what? You cannot manufacture facts not > in evidence by conjecture. And then attempt to bewilder me by going into 'context' and 'real source'. When I asked about 'real source' I simply wanted to know if it was a known spamgang, not what your reply seemed to think I needed. >> If the spam is related in some way to Ralsky, I suppose I'll have to >> look into filters for OE. > > Whether a spam is from Ralsky's spamgang, see Spamhaus ROKSO intro to > Ralsky here > http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Alan%20Ralsky > > ... or some otther spamgang such as Mankani, seems to be immaterial to > me. My spamfilter would have tagged that item as spam and it would have > been sorted into my Junk folder and reported and contributed to the > SCbl. Which you did. > > My filter calls items with CBL listed IPs in the header 'spam' and OE > puts them into the Junk. Perhaps you can be bothered to use the CBL stuff - or whatever it is you setup on your computer's mailbox(es) to handle spam. But for the relatively small amount I'm getting here, I think it's a bit much to expound in great detail, although I thank you for the information. As far as this particular spamgang goes, if it keeps coming I think I'll have to make a rule for OE to delete right off the server emails which have "replica" + "classic" + "watches" in the subject line. And before you ask, I know my version of OE has the ability to delete emails right off the server. What would be useful to know is if there's any way to check IP addresses of servers listed in headers so that OE could filter on the server emails coming from known ROKSO IP addresses - I'd think not, as technically, one has to download header info first. But if someone knows differently, please inform me as to how to do it. >> Otherwise, I'll have to see if I can find >> someone who cares to inform them that their spam is not welcome at my >> inbox. > > I think that notifying spamhaus listed spamveriders [spamvertiser > provider] is a waste of time, as they are non-responsive. What other > alternatives you have about such an issue is another subject. Good question. Anyone want to have a go at it? Cheers ... Geoffrey Hyde From jeffg at spamcop.net Tue Feb 14 19:13:29 2006 From: jeffg at spamcop.net (Jeff G.) Date: Tue Feb 14 19:15:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Geoffrey Hyde wrote: > I know my version of OE What version is that? > has the ability to delete emails right off the server. How does it do that, exactly? Does it do that using IMAP4 or POP3? What Message Rule Checkboxes allow it? -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From g.hyde at bigpond.net.au Wed Feb 15 11:12:53 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Feb 14 20:15:02 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: I don't know if my current version has had the ability replaced/removed or if I misread it's rules, but it indicates that it applies message rules after message arrives. But what I have seen in a previous version of OE is lines in the .log for OE actions, that it could and would simply "top" and "dele" messages according to subject line rules I had set for it, right off the server, so I never even saw them any more. I've since purchased a new computer, but that particular version of OE was fantastic as far as handling spam emails went. I never even had to see the spam emails. I've been looking for an email client that does the very same thing ever since. Apologies for any confusion. Cheers ... Geoffrey Hyde "Jeff G." wrote in message news:dstroi$32j$1@news.spamcop.net... > Geoffrey Hyde wrote: >> I know my version of OE > > What version is that? > >> has the ability to delete emails right off the server. > > How does it do that, exactly? Does it do that using IMAP4 or POP3? > What Message Rule Checkboxes allow it? > > -- > Thanks and Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > From MikeE at ster.invalid Tue Feb 14 17:29:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 20:30:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Geoffrey Hyde wrote: > And then attempt to bewilder me by going into 'context' and 'real > source'. When I asked about 'real source' I simply wanted to know if > it was a known spamgang, not what your reply seemed to think I needed. Calling a spamvertiser a spam *source* is not accurate. A 'source' is an IP address as far back as the item can be traced. The contents of the spambody /may/ reflect the spamvertiser, an innocent bystander, or a joejob victim. Making sloppy assumptions and calling a spamvertiser provider or a spamvertiser a spamsource is no more accurate than the problem of failing to know the actual mechanics of how the spam was generated and who has a contract with whom to do what. There are all kinds of methodologies afoot by which spamvertiser contract with 3rd parties to propagate viruses, create proxy trojans, and marshall the trojans to enable spam generation and injection into the smtp stream. You cannot make assumptions of who is guilty of what. You can only define what you see by the evidence in your hand. The spam you posted the link for has an IP source and it has a spamvertiser. The source has a provider and the spamvertiser has a provider. > Perhaps you can be bothered to use the CBL stuff - or whatever it is > you setup on your computer's mailbox(es) to handle spam. But for the > relatively small amount I'm getting here, I think it's a bit much to > expound in great detail, although I thank you for the information. You might think it is a 'bit much' -- but you are complaining about spam in your Inbox. That's not a problem for me. > As far as this particular spamgang goes, if it keeps coming I think > I'll have to make a rule for OE to delete right off the server emails > which have "replica" + "classic" + "watches" in the subject line. > And before you ask, I know my version of OE has the ability to delete > emails right off the server. IMO it is a bad idea to delete anything sight unseen, off the server or otherwise. Also, some people make rules for OE to delete from server, but it actually doesn't happen that way. You should read a little bit about deleting from server by OE somewhere like Tom Koch's site http://www.insideoe.com/tips/rules.htm Deleting messages without downloading - Caution should be used when creating rules that delete messages from the server without downloading them. [...] Also care must be taken not to create a 'delete' rule based on conditions that require the message be downloaded in order to test against the rule. > What would be useful to know is if there's any way to check IP > addresses of servers listed in headers so that OE could filter on the > server emails coming from known ROKSO IP addresses There you go again... confusing the IP of spamsources with ROKSO spamvertisers. >- I'd think not, > as technically, one has to download header info first. But if > someone knows differently, please inform me as to how to do it. OE has no capacity to look into the most valuable information in the headerlines which include the most useful information of all, namely the IPs in the Received tracelines. For that you need a real spam filter. I wouldn't even bother making any kind of rules for OE other than those of whitelisting my friends and wanted mailing lists and putting everything else in Junk if you can do that. Or, alternatively you can use OE's rules to slightly lessen your spam by sending the items not addressed to you or whitelisted into Junk. Those are very weak rules. Other real filters like SpamPal can do a lot more. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Feb 14 17:43:01 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 20:45:02 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Geoffrey Hyde wrote: > I'll have to make a rule for OE to delete right off the server emails > which have "replica" + "classic" + "watches" in the subject line. If I were going to make message rules for OE, I would not try to make any fancy schmancy kind of rules -- because OE's rule making powers are too weak for that. I would also not make any rules which involved deleting anything, because your rules need oversight. In addition, it would be better if you were spamcop reporting your spam rather than deleting it unseen. Then I would make two folders in addition to my Inbox. I would make a Suspect folder and a Junk folder. The most likely thing is that both of them are going to contain spam; and an alternative is to only have a Junk folder without a Suspect. With both Suspect and Junk folders you would make only two types of rules. You would make a rule which would whitelist all of your friends and mailing lists and that would result in their mail going/staying in the Inbox. That rule comes before the other. You would make another rule which sent all of the mail which wasn't addressed to you to the Junk folder. Everything else that wasn't whitelisted or Junked would go into the Suspect folder, which probably is going to be all spam anyway, unless you happen to be getting good mail which is addressed to you from unknown parties. If you need any more rules than that, you should be using a real spamfilter like SpamPal and not trying to do too much with weak OE rules. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Feb 14 17:54:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 20:55:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Mike Easter wrote: > With both Suspect and Junk folders you would make only two types of > rules. An easier configuration to rulemake is to have a Friends folder and a Junk folder and no Suspect and let your Inbox be Suspect, ie not whitelisted and not 'Junk' where Junk is not addressed to you. The problem I would rather have everyone avoid is that of eyeball filtering spam by 'reading' spamsubjects and spamfroms. That is no good. A proper spamfilter doesn't involve doing that, because a proper filter has already combed the interior of the spamheaders and the spambody in a much more sophisticated and speedy fashion that your error prone eyeballs are able to do. That proper spamfilter has already identified the spams as coming from spamsources and/or containing spam content as opposed to the 'frailty' of your eyeballs landing on the outside misleading spamsubject and spamfrom. A real spamfilter is quite sophisticated thorough and accurate and efficient. OE's rules are quite incompetent, just like reading spamsubjects. Also, reading spamsubjects is the first step toward opening a spam to either find out what it is or out of human curiosity. That is generally an unhealthy activity. The average spam recipient should *not* be reading spamsubjects and/or opening spams or reading spams. Spamreading is only for more advanced spamfighters and advanced spam reporters, not the curious. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Wed Feb 15 13:04:29 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Feb 14 22:05:02 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: "Mike Easter" wrote in message news:dsu1ku$750$1@news.spamcop.net... > A real spamfilter is quite sophisticated thorough and accurate and > efficient. OE's rules are quite incompetent, just like reading > spamsubjects. Okay, so now you're saying that a rule I configure myself, based on known spam parameters is "incompetent" - something that a computer is technically incapable of. Either it filters based on what it has been told to or it doesn't. You're also saying that a spamfilter can be more effective than a human scanning the spam can be. I don't quite get that part. > Also, reading spamsubjects is the first step toward opening a spam to > either find out what it is or out of human curiosity. That is generally > an unhealthy activity. The average spam recipient should *not* be > reading spamsubjects and/or opening spams or reading spams. Spamreading > is only for more advanced spamfighters and advanced spam reporters, not > the curious. What you're talking about is a matter of preference, not a matter of "should" or "should not" - if a person is used to reading spam in a particular manner they're going to act accordingly on it, no matter what you or the rest of the universe *thinks* they should do. What I'd like to be able to do is take things to the next level. IE how can this person or organization (be they spamgang or unknown entity) be persuaded to stop sending me this spam? If you're willing to answer that, fine, if not kindly do not spew at me with loads of advanced-level tripe. Lastly, when you're replying, please think of things from my POV - IE an end-user who would quite willingly do whatever it takes to get rid of this spam in his inbox, never mind the reporting of it, I doubt these spamgangs would be that much influenced by a few spam reports about their spam email anyway. If I could, I'd gladly take spam which is coming from known spamsources and forward it on via OE with spam rules. But I find it more fun to check the spam for content and to manually copy/paste it's source into SC. At the moment, I don't really find it necessary or desirable to fork over expensive $$$ for a piece of software which might work on my system as designed, or might trash my emails. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Tue Feb 14 20:00:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 14 23:05:05 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Geoffrey Hyde wrote: > Lastly, when you're replying, please think of things from my POV I already did that. I recommend that if you are going to use OE only, that you make the 2 message rules and folders as I described and no other and no auto deleting. That is an inferior filter to my better recommendation. I recommend if you need a better spamfilter than that that you use SpamPal which is free. SpamPal's best use requires some understanding of dnsbl blocklist choices, but it also has simplistic configuration choices such as Safe, Medium, and Aggressive for those who don't want to customize their blocklist choices. Or, just do things your own way and whine about spam in your inbox. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Feb 15 13:39:45 2006 From: nobody at devnull.spamcop.net (Patto) Date: Tue Feb 14 23:40:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z874324051zca89ddc7cede69ac5f85d912fd436193z > > I keep getting this particular repeat spam - I think about half a dozen, but > lost interest in keeping track around about the 2nd or 3rd I > reported/deleted - about replica classic watches, anyone know who the real > source is? > > If the spam is related in some way to Ralsky, I suppose I'll have to look > into filters for OE. Otherwise, I'll have to see if I can find someone who > cares to inform them that their spam is not welcome at my inbox. You can always forward your fake Rolex spam to legal@rolex.com in the hope that they will some day be able to take legal action against this particular spam gang. From nobody at nowhere.invalid Wed Feb 15 09:40:53 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Feb 15 03:45:09 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: On Wed, 15 Feb 2006 11:12:53 +1000, Geoffrey Hyde coughed into spamcop and left this in : > I don't know if my current version... Your current version of what? There's no context above your comments so nobody knows WTF you're talking/writing about. -- Steve From cfw at prodigy.net Wed Feb 15 01:48:02 2006 From: cfw at prodigy.net (Chris F. Willoughby) Date: Wed Feb 15 04:50:40 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: "Steven Maesslein" wrote in message news:slrndv5q8l.505.nobody@127.0.0.1... > Your current version of what? There's no context above your comments so > nobody knows WTF you're talking/writing about. > > -- > Steve You could always read his earlier posts... and for the record he was talking about Outlook Express. From MikeE at ster.invalid Wed Feb 15 07:33:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 15 10:35:03 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: Chris F. Willoughby wrote: > "Steven Maesslein" >> There's no context above your comments >> so nobody knows WTF you're talking/writing about. > You could always read his earlier posts... Steven's point is that in a 'complex' conversation which is a dialogue and for which there were multiple elements and multiple questions which are being replied to, that the reply should be trimmed and contextualized. Here's what Jeff said that Geoffrey was replying to. Jeff G. wrote: > Geoffrey Hyde wrote: >> I know my version of OE > > What version is that? > >> has the ability to delete emails right off the server. > > How does it do that, exactly? Does it do that using IMAP4 or POP3? > What Message Rule Checkboxes allow it? ... in which Jeff G's remarks were distinctly and succinctly contextualized to Geoffrey's, and which lent itself to being replied inline which would have expressed so much more precisely the response. The imaginary dialogue could have looked like this: Jeff G. wrote: > Geoffrey Hyde wrote: >> I know my version of OE > > What version is that? 6.00.2900.2670 >> has the ability to delete emails right off the server. > > How does it do that, exactly? A message rule on the From or Subject can delete from the server > Does it do that using IMAP4 or POP3? Both, either. > What Message Rule Checkboxes allow it? All of the rules allow it to be configured, but naturally it can't possibly work as advertised on information which cannot be obtained until the message has been downloaded. See http://www.insideoe.com/tips/rules.htm Deleting messages without downloading -- Mike Easter kibitzer, not SC admin From PossumTrot at dont.spam.me Wed Feb 15 10:34:27 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Feb 15 13:40:06 2006 Subject: [SpamCop-List] Anyone know the Amazon address to report phishing Message-ID: From gezgin at spamcop.net Wed Feb 15 20:49:34 2006 From: gezgin at spamcop.net (gezgin) Date: Wed Feb 15 13:50:03 2006 Subject: [SpamCop-List] Re: Anyone know the Amazon address to report phishing References: Message-ID: I use: stop-spoofing@amazon.com -- Bob http://www.kanyak.com From ChironP at gmail.com Wed Feb 15 22:29:00 2006 From: ChironP at gmail.com (Chiron Paixos) Date: Wed Feb 15 16:30:09 2006 Subject: [SpamCop-List] Re: Anyone know the Amazon address to report phishing References: Message-ID: You can try report@amazon.com Usually I forward phishing emails to SpamCop reportphishing@antiphishing.org spoof@millersmiles.co.uk submit@websensesecuritylabs.com as well. -- Never give up the fight for freedom - a fight which, though it may never end, is the most ennobling known to man. (Ronald Reagan) From asterix at no_where.net Wed Feb 15 23:18:35 2006 From: asterix at no_where.net (Asterix) Date: Wed Feb 15 17:20:03 2006 Subject: [SpamCop-List] What's the deal with geocities parsing - no go ? Message-ID: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> The last week I've got about a dozen or so "male enhancement" spams with links to wierd geocities addresses like http://ca.geocities.com/timmie37698elfrida42259/ or http://au.geocities.com/ailsun42549evonne50420/ The links are always detected and parsed but *never* reported to yahoo (even if the links below *may* tell you a report would have been sent I never got the opportunity despite reloading the page 5-6 times). Why ? Samples: http://www.spamcop.net/sc?id=z874912007zb7a4946ef6e77f4c07cdef5eb8c3e50ez and http://www.spamcop.net/sc?id=z874306072z52a23a2189f77b2ba424ed915ef41863z -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From MikeE at ster.invalid Wed Feb 15 15:41:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 15 18:45:02 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: Asterix wrote: www.spamcop.net/sc?id=z874912007zb7a4946ef6e77f4c07cdef5eb8c3e50ez I'll address one of them. That spam has two links which SC deobfuscates http://au.geocities.com/massimiliano13368josephina33987/ http://au.geocities.com/ailsun42549evonne50420 SC does not resolve those links in your tracker. If I feed the link/s naked to the parser, SC will resolve and provide a notify addy Parsing input: http://au.geocities.com/massimiliano13368josephina33987/ Routing details for 66.218.77.68 Reporting addresses: network-abuse@cc.yahoo-inc.com If I create a new spam from the message to have it parsed: http://www.spamcop.net/sc?id=z875205461z311a639484053b972cfed752e2715d18z One time SC did not bother with resolving, the 2nd time SC resolved and offered to notify Re: http://au.geocities.com/ailsun42549evonne50420/ (Administrator of network hosting website referenced in spam) To: network-abuse@cc.yahoo-inc.com (Notes) Re: http://au.geocities.com/massimiliano13368joseph... (Administrator of network hosting website referenced in spam) To: network-abuse@cc.yahoo-inc.com (Notes) IMO SC does not consider the process of resolving spamvertisers and notifying spamvertisers to be of sufficient priority to bother with when SC doesn't feel like it. If we assign the parsing algorithm a 'mood' - presumably based on resource management. IMO the parser should have an additional option for reporters to be able to use, that of devnulling the notifies to all found spamvertisers without resolving them. The advantage of that new mode is that in examples like your recent experience, those spamvertisements would have been fed to the stats page and to the sc-surbl listing service -- whereas with the current configuration, nothing was done about the spamvertisers. -- Mike Easter kibitzer, not SC admin From not at home.today Thu Feb 16 00:08:53 2006 From: not at home.today (Ant) Date: Wed Feb 15 19:10:02 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: "Asterix" wrote: [geocities links] > The links are always detected and parsed but *never* reported to yahoo > (even if the links below *may* tell you a report would have been sent I > never got the opportunity despite reloading the page 5-6 times). This has been happening for almost a year. I can't believe you've only just noticed. > Why ? It's been much discussed here already. Nobody from Spamcop has said a word about it. From nobody at devnull.spamcop.net Wed Feb 15 18:47:23 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Feb 15 19:50:02 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: "Ant" wrote in message news:dt0fqu$jnu$1@news.spamcop.net... > > > The links are always detected and parsed but *never* reported to yahoo > > (even if the links below *may* tell you a report would have been sent I > > never got the opportunity despite reloading the page 5-6 times). > > This has been happening for almost a year. I can't believe you've only > just noticed. > > > Why ? > > It's been much discussed here already. Nobody from Spamcop has said a > word about it. Not ignoring that I know Don/Deputies are busy, busy, but .... and one could assume that the actual action has been addressed by the comment (most use by Ellen) "we have opened up a ticket" ... Yet .... here's a non-answered couple of e-mails on the subject, asking for just that bit of data; From: "Wazoo" To: deputies Subject: Fw: Parsor action questioned Date: Mon, 13 Feb 2006 18:37:01 -0600 I don't see any response to the original e-mail, nothing posted into the Topic ... but the same user is back with a different spam (and spam construct) which is also a bit hosed due to a broken header .. I offered up a best-guess at some of the things probably involved, but ... back to the card that wants to be played, where / what is the 'official' answer / response to something like this. Can't help but point out that the issue of non-resolving URLs has only been going on for (seemingly) years, there's a ton-load of these queries in the newsgroups .. no one seems to be very happy with Mike Easter's replies or my (Forum) SpamCop FAQ entry to try to explain some of the philosophy behind some parsing priorities ... http://forum.spamcop.net/forums/index.php?showtopic=5843 Same Topic, just more discussion. ----- Original Message ----- From: "Wazoo" To: deputies Sent: Wednesday, January 25, 2006 3:31 AM Subject: Parsor action questioned > Query asked at < http://forum.spamcop.net/forums/index.php?showtopic=5843> > > Tracking URL > http://www.spamcop.net/sc?id=z863702354zb4df934abe748cc74f92c1ad9ec1da7ez > > Issue: in the HTML (Quoted-Printable) portion of the spam, > a dozen or so instances of "" > seem to be ignored (noting several of them have image tags > involved) but .... sees, gagas, and trips over the single instance of; > > " ex.thanksbilly.com/>" > > I can't begin to come up with an explanation .... From h9vzc2i02 at sneakemail.com Wed Feb 15 17:34:38 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Wed Feb 15 20:35:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Mike Easter" wrote in message news:dsg1h0$tek$1@news.spamcop.net... > Anon_ wrote: > > "WazoO" > > >>>> http://www.spamcop.net/help.shtml > > When I go to that page, at the bottom it sez > > Please use "nobody@devnull.spamcop.net" if you use a fake address. **** Thanks - I had not found that (was not highlighted and was hidden within a paragraph.) Thanks again. -- A SpamCop user and forum reader, Not Admin *** > > in the par named Security note: > > > This is NOT the answer to "nobody@..." > > > > The list below does not point me to anything about "nobody@... > > > > ---copy of page--- > > > > Search SpamCop > > ---end of copy--- > > After Search SC comes the search tool, then the sections > > Web-based Bulletin Boards > Newsgroups > Newsgroup Posting Rules > > and then the par Security note with the nobody@ sentence. > > > > -- > Mike Easter > kibitzer, not SC admin From mwnospam at comcast.net Wed Feb 15 22:46:10 2006 From: mwnospam at comcast.net (spamacyde) Date: Wed Feb 15 22:45:03 2006 Subject: [SpamCop-List] eBay Phish from E-Insites.com Message-ID: Every 4 months or so I get a Phish that Spamcop traces back to E-Insites.com. I report it to Ebay also. Ebay doesn't do anything about it. Nor does e-Insites. Anybody know anything about E-insites? Anthing I can do? Thanks. From nobody at devnull.spamcop.net Wed Feb 15 23:41:44 2006 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Wed Feb 15 23:45:03 2006 Subject: [SpamCop-List] Re: eBay Phish from E-Insites.com References: Message-ID: "spamacyde" wrote in message news:dt0sf8$qlf$1@news.spamcop.net... > Every 4 months or so I get a Phish that Spamcop traces back to > E-Insites.com. I report it to Ebay also. Ebay doesn't do anything about > it. Nor does e-Insites. Anybody know anything about E-insites? Anthing I > can do? > > Thanks. > > Yes. Usually posting a SpamCop.net parse Tracking URL results in having a site summarily 'nuked', but without the Tracking URL I have no real clue as to the nature of the difficulty. -g From Kilgallen at SpamCop.net Wed Feb 15 23:09:01 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Feb 16 00:10:02 2006 Subject: [SpamCop-List] Reporting Address Silently Changed Message-ID: In the past couple days that spam leaking through my SpamCop Filtering Service has not been showing up after I forwarded it to my SpamCop Reporting Address. Sure enough, checking http://mailsc.spamcop.net/ shows that my reporting address has been changed out from under me without notification. Others might want to check for the same thing happening to them. From MikeE at ster.invalid Wed Feb 15 21:24:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 16 00:25:03 2006 Subject: [SpamCop-List] Re: Reporting Address Silently Changed References: Message-ID: Larry Kilgallen wrote: > checking http://mailsc.spamcop.net/ shows that my > reporting address has been changed out from under me without > notification. Well /that's/ pretty weird. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Feb 15 23:41:53 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Feb 16 00:45:03 2006 Subject: [SpamCop-List] Re: Reporting Address Silently Changed References: Message-ID: Munged a bit for this newsgroup post; From: "Wazoo" To: Don, JT Subject: Reporting address changed somehow Date: Wed, 15 Feb 2006 23:36:43 -0600 Larry made no mention of making contact, so forwarding this to at least advise of something possibly going on with the database. Not sure of exactly which database is actually involved here, so hitting both sides of the fence. Path: news.spamcop.net!kilgallen From: (Larry Kilgallen) Newsgroups: spamcop Subject: Reporting Address Silently Changed Date: 15 Feb 2006 23:09:01 -0600 Message-ID: NNTP-Posting-Date: Thu, 16 Feb 2006 05:09:13 +0000 (UTC) In the past couple days that spam leaking through my SpamCop Filtering Service has not been showing up after I forwarded it to my SpamCop Reporting Address. Sure enough, checking http://mailsc.spamcop.net/ shows that my reporting address has been changed out from under me without notification. Others might want to check for the same thing happening to them. From g.hyde at bigpond.net.au Thu Feb 16 16:36:10 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Feb 16 01:40:03 2006 Subject: [SpamCop-List] Re: eBay Phish from E-Insites.com References: Message-ID: If it's still there, try going to the trouble (when/if you think it's worth it) of manually reporting the complete spam email and headers through their webform. I believe ebay won't take spam emails the same way that paypal does. For some strange reason, you actually have to report it through their webform, (there's an option in there somewhere although it's quite tedious to go through their website to find it) and you'll probably get a few replies, some of which will be auto-acks, but the last one should be from a real person, saying that they're shutting the site down. I've not dealt with ebay very often, so I can't say if this is a reliable means of reporting it, but it may be the length you'll end up having to go to get rid of the phish site anyway. Cheers ... Geoffrey Hyde "spamacyde" wrote in message news:dt0sf8$qlf$1@news.spamcop.net... > Every 4 months or so I get a Phish that Spamcop traces back to > E-Insites.com. I report it to Ebay also. Ebay doesn't do anything about > it. Nor does e-Insites. Anybody know anything about E-insites? Anthing > I > can do? From nobody at nowhere.invalid Thu Feb 16 09:09:00 2006 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Feb 16 03:10:03 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: On Wed, 15 Feb 2006 23:18:35 +0100, Asterix coughed into spamcop and left this in <1hatph4.1xdqnj81ezot92N%asterix@no_where.net>: > The links are always detected and parsed but *never* reported to yahoo > (even if the links below *may* tell you a report would have been sent I > never got the opportunity despite reloading the page 5-6 times). > > Why ? Because it's a waste of bandwidth sending abuse reports to an abuse desk of which the sole purpose is to devnull inbound mail. -- Steve Reporter (to Mahatma Gandhi): "Mr. Gandhi, what do you think of Western civilisation?" Gandhi: "I think it would be a good idea." From Nobody at SpamCop.devnull.diespammerdie.net Thu Feb 16 04:19:51 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Feb 16 05:20:16 2006 Subject: [SpamCop-List] Re: "Replica classic watches" spam. References: Message-ID: <43F451C7.C7D08B1D@SpamCop.devnull.diespammerdie.net> Patto wrote: > > > You can always forward your fake Rolex spam to legal@rolex.com in the > hope that they will some day be able to take legal action against this > particular spam gang. I've forwarded some of mine, no response of any sort, no encouragement, no discouragement, no statement about whether Rolex finds the information helpful. I got a chuckle the other day from reading on the side of a dead tree a story about a government which is beginning to take their plague of cheap Chinese watches with Swiss names on the bezels seriously. It seems the Chinese have been aggressively pushing trade in their junk, with the result that gullible people all over the Old World are wearing flashy Patek and Rolex designs, complete with trademarks, stuffed with Chinese Tinkertoy guts. These watches have half-lives measured in months. And so the *Nigerian* government is going to put its foot down! -- LOL! Ding hao, Michael From Kilgallen at SpamCop.net Thu Feb 16 06:43:10 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Feb 16 07:45:07 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: In article , Anonymous Coward writes: > Back to the topic at hand; sneakemail is useless if anyone with a > grudge and a DSL line can freeze your account by spamming it. > I hope I can find something like it without that fatal flaw. Sneakemail is backed by a human, Kevin Swopes, who likely would be responsive to persuasive arguments in such a case. One you discover the spamming, it is easy enough to disable an address so it does not count against your bandwidth in the future. From elizabeta.zadro at tel.net.ba Thu Feb 16 14:47:47 2006 From: elizabeta.zadro at tel.net.ba (elizabeta) Date: Thu Feb 16 08:50:03 2006 Subject: [SpamCop-List] how can I remove from spamcop Message-ID: Hello! I had problem with my IP adress because is listed in blacklist from spamcom. Now I solved problems in my network. How can I remove this from blacklist? From MikeE at ster.invalid Thu Feb 16 05:59:52 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 16 09:00:03 2006 Subject: [SpamCop-List] Re: how can I remove from spamcop References: Message-ID: elizabeta wrote: > I had problem with my IP adress because is listed in blacklist from > spamcom. Now I solved problems in my network. How can I remove this > from blacklist? You didn't say what IP is listed so that we are talking about a real and specific issue instead of a hypothetical nonspecific one.. Unless you have previously delisted, if you are the admin at the algorithmic reporting address, you can delist an IP by using this tool http://www.spamcop.net/bl.shtml Else you can use that tool to see the listing and to see when it will automatically delist if the spamsourcing has stopped. -- Mike Easter kibitzer, not SC admin From Nobody at SpamCop.devnull.diespammerdie.net Thu Feb 16 08:52:07 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Feb 16 09:55:05 2006 Subject: [SpamCop-List] Re: "Straightup" with Forged Headers? References: <43F0A4F3.3B162025@SpamCop.devnull.diespammerdie.net> Message-ID: <43F49196.44BE44FF@SpamCop.devnull.diespammerdie.net> "Jeff G." wrote: > > Michael Brennan wrote: > > It's a phony-diploma spam, with (seemingly invariably) an Area Code > > 206 (Seattle) private-dialtone-provider, unlisted number as the only > > contact. ... > > As a side issue, since there's a Seattle-area entity involved, why > > isn't he/she/it in federal custody awaiting trial under (You)CanSpam? > > Please feel free to report it yourself via > http://www.secstate.wa.gov/elections/elected_officials.aspx#3006 , > https://tips.fbi.gov/ , or http://www.cybertipline.com/ . Jeff, Thanks for the links. By the way, I was reading up on "dialer" Trojans last night and there are some ugly ones (see them here: http://www.spywareguide.com/product_list_category.php?pageNum_Rs_product=0&totalRows_Rs_product=107&category_id=8). What caught my eye was one in particular that called home to the Area Code 206, which is Seattle. Makes you wonder if it's the same guy. Michael From jeffg at spamcop.net Thu Feb 16 10:33:54 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Feb 16 12:00:04 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: Anonymous Coward wrote: > sneakemail is useless if anyone with a > grudge and a DSL line can freeze your account by spamming it. > I hope I can find something like it without that fatal flaw. I have switched to using SpamMotel ( http://www.spammotel.com/ ) for new contacts. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Thu Feb 16 12:28:24 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Feb 16 12:30:03 2006 Subject: [SpamCop-List] Re: how can I remove from spamcop References: Message-ID: elizabeta wrote: > I had problem with my IP adress because is listed in blacklist from > spamcom. It's spelled SpamCop. > Now I solved problems in my network. How can I remove this > from blacklist? It appears to be already removed. "212.39.98.132 not listed in bl.spamcop.net" per http://mailsc.spamcop.net/w3m?action=blcheck&ip=212.39.98.132 -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From h9vzc2i02 at sneakemail.com Thu Feb 16 10:40:17 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Thu Feb 16 13:40:02 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Anonymous Coward" wrote in message news:dt12go$t7n$1@news.spamcop.net... > > > > WazoO wrote: > > > >"Anonymous Coward" wrote... > >> > >> (BTW, is there any advantage to using nobody@devnull.spamcop.net > >> instead of nobody@spamcop.net?) > > > >Beyond making it look like you didn't bother to read the > >rules, guidelines, and tips offered for SpamCop.net users? > >The suggestion/request for the use of a specific address is > >on the very first Help page from the www.spamcop.net > >web page - Help link; > >http://www.spamcop.net/help.shtml > >(Please use "nobody@devnull.spamcop.net" if you use a fake address.) > > > > It was "nobody@spamcop.net" when I signed up and read *all* of the > "rules, guidelines, and tips." > > You could have simply informed me of the change without being snotty. > > >This is an ancient item/factoid, dating back three or four years, > >at least. > > Nope. Less than two. The change in the page you reference happened > on Oct 12, 2004. > > http://web.archive.org/web/*/http://www.spamcop.net/help.shtml > > Back to the topic at hand; sneakemail is useless if anyone with a > grudge and a DSL line can freeze your account by spamming it. > I hope I can find something like it without that fatal flaw. > ** Yes that is correct - that is why I like sneakemail, you just either deactivate the address (temporarily) which will send a message to the SENDER (not the from) that the account is full, then either kill the address and create another to that person or just kill the address. Without sneakemail, you have to cancel a real account and create another real account with your ISP - that is a pain, especially when you have to tell all your friends that you have a new address.. I have had to do this several times with some merchants. -- A SpamCop user and forum reader, Not Admin *** > > > > From asterix at no_where.net Thu Feb 16 20:11:21 2006 From: asterix at no_where.net (Asterix) Date: Thu Feb 16 14:15:02 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: <1havavc.19n9j2t1af4xp3N%asterix@no_where.net> Mike Easter wrote: > Asterix wrote: > www.spamcop.net/sc?id=z874912007zb7a4946ef6e77f4c07cdef5eb8c3e50ez > > I'll address one of them. > > That spam has two links which SC deobfuscates > > http://au.geocities.com/massimiliano13368josephina33987/ > http://au.geocities.com/ailsun42549evonne50420 > > SC does not resolve those links in your tracker. > > If I feed the link/s naked to the parser, SC will resolve and provide a > notify addy > > Parsing input: http://au.geocities.com/massimiliano13368josephina33987/ > Routing details for 66.218.77.68 > Reporting addresses: > network-abuse@cc.yahoo-inc.com Yes - I've been that, done there. > If I create a new spam from the message to have it parsed: > > http://www.spamcop.net/sc?id=z875205461z311a639484053b972cfed752e2715d18z > > One time SC did not bother with resolving, the 2nd time SC resolved and > offered to notify > > Re: http://au.geocities.com/ailsun42549evonne50420/ (Administrator of > network hosting website referenced in spam) > To: network-abuse@cc.yahoo-inc.com (Notes) > Re: http://au.geocities.com/massimiliano13368joseph... (Administrator of > network hosting website referenced in spam) > To: network-abuse@cc.yahoo-inc.com (Notes) > Did that too. *Sometimes* one or two addresses will be parsed on 5th or 7th try and give the reporting address above. This happens with other spamveritized sites too, but they are *always* resolved on 2nd or 3rd try. > > IMO SC does not consider the process of resolving spamvertisers and > notifying spamvertisers to be of sufficient priority to bother with when > SC doesn't feel like it. If we assign the parsing algorithm a 'mood' - > presumably based on resource management. Seems like yahoo/geocities has a special (low) priority. The point is that the links - and lots of similar links - are still alive and well, and all redirect to the real SPUR-M site at http://210.76.97.112/sm/ (in China of course). And that is despite manual LART-ing to network-abuse@cc.yahoo-inc.com - which gives you the canned reply "if it didn't originate at yahoo.com we can't do anything". BTW Yahoo say in their FAQ: Q: I received spam promoting a Yahoo! GeoCities site. What can I do? A: To help us prevent spam on Yahoo!, please forward the entire body and subject of the email to our Abuse team at abuse@yahoo-inc.com. And "be sure to include the headers" yadda yadda. Note the address! Seems to me that SC has the wrong reporting address for geocities sites. What color is their hat ? -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From asterix at no_where.net Thu Feb 16 20:11:22 2006 From: asterix at no_where.net (Asterix) Date: Thu Feb 16 14:15:12 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> Message-ID: <1havbvi.11vw51r1u7yruzN%asterix@no_where.net> Ant wrote: > "Asterix" wrote: > > [geocities links] > > > The links are always detected and parsed but *never* reported to yahoo > > (even if the links below *may* tell you a report would have been sent I > > never got the opportunity despite reloading the page 5-6 times). > > This has been happening for almost a year. I can't believe you've only > just noticed. Of course not - but the last week or two it suddenly got much worse. Before that almost all Geocities sites would resolve on 2nd or 3dr try - like most others still do. Now it's no dice at all. -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From MikeE at ster.invalid Thu Feb 16 11:48:42 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 16 14:50:04 2006 Subject: [SpamCop-List] Re: What's the deal with geocities parsing - no go ? References: <1hatph4.1xdqnj81ezot92N%asterix@no_where.net> <1havavc.19n9j2t1af4xp3N%asterix@no_where.net> Message-ID: Asterix wrote: > Mike Easter >> details for 66.218.77.68 >> Reporting addresses: >> network-abuse@cc.yahoo-inc.com > > Yes - I've been that, done there. >> To: network-abuse@cc.yahoo-inc.com (Notes) > The point is that the links - and lots of similar links - are still > alive and well, and all redirect to the real SPUR-M site at > http://210.76.97.112/sm/ (in China of course). 210.76.97.112 rDNS mail.c-b-w.com.cn is spamhaused as the /32. It is also listed in openrbl as an open smtp relay. http://www.ordb.org/lookup/?host=210.76.97.112 Input IP 210.76.97.179 output .112 > Q: I received spam promoting a Yahoo! GeoCities site. What can I do? > A: To help us prevent spam on Yahoo!, please forward the entire body > and subject of the email to our Abuse team at abuse@yahoo-inc.com. > > And "be sure to include the headers" yadda yadda. Note the address! > Seems to me that SC has the wrong reporting address for geocities > sites. SC's notify derives from the arin reg'd abuse contact: whois -h whois.arin.net 66.218.77.68 ... NetRange: 66.218.64.0 - 66.218.95.255 OrgName: Yahoo! OrgAbuseEmail: network-abuse@cc.yahoo-inc.com > What color is their hat ? Go by your own experiences. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Feb 16 15:41:23 2006 From: nobody at spamcop.net (Ellen) Date: Thu Feb 16 15:45:06 2006 Subject: [SpamCop-List] Maint Window 2/16/06 Message-ID: Maintenance Window February 16, 2006 8 PM PST -0800 The will be a maintenance window, starting at 8 PM PST -0800 and lasting under an hour, to make some infrastructure changes. This will affect the reporting system only. The email system will continue to operate normally. After the maintenance completes you may notice some delays in processing as the system works thru the backlog. Thanks for your patience. Ellen SpamCop f/ups to spamcop Please propagate to the forums. From jeffg at spamcop.net Thu Feb 16 15:56:16 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Feb 16 16:10:03 2006 Subject: [SpamCop-List] Re: Maint Window 2/16/06 References: Message-ID: Ellen wrote: > Maintenance Window > February 16, 2006 > 8 PM PST -0800 ... > Please propagate to the forums. Done. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at spamcop.net Thu Feb 16 17:50:06 2006 From: nobody at spamcop.net (Ellen) Date: Thu Feb 16 17:55:03 2006 Subject: [SpamCop-List] Re: Maint Window 2/16/06 References: Message-ID: "Jeff G." wrote in message news:dt2pfb$1ii$1@news.spamcop.net... > Ellen wrote: > > Maintenance Window > > February 16, 2006 > > 8 PM PST -0800 > ... > > Please propagate to the forums. > > Done. > Thanks Ellen From me at privacy.net Thu Feb 16 17:54:30 2006 From: me at privacy.net (MikeV06) Date: Thu Feb 16 18:55:02 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: On Thu, 16 Feb 2006 10:40:17 -0800, Anon_ wrote: [snip] > Yes that is correct - that is why I like sneakemail, you just either > deactivate the address (temporarily) which will send a message to the SENDER > (not the from) that the account is full, then either kill the address and > create another to that person or just kill the address. > > Without sneakemail, you have to cancel a real account and create another > real account with your ISP - that is a pain, especially when you have to > tell all your friends that you have a new address.. > > I have had to do this several times with some merchants. I use Tuffmail which not only has unlimited addresses, but allows one to set specific MX restrictions for incoming mail. One can use really aggressive restrictions with vendors and friendly with family and friends. From MikeE at ster.invalid Thu Feb 16 16:12:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 16 19:15:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: MikeV06 wrote: > I use Tuffmail which not only has unlimited addresses, but allows one > to set specific MX restrictions for incoming mail. One can use really > aggressive restrictions with vendors and friendly with family and > friends. TuffMail has autoresponders that /don't/ function at the mx transaction. // Auto-responders can be created in the Manager and attached to email addresses. The responders will not respond to messages that appear to be from mailing lists, messages that score as spam, or messages that do not have the target email address in the To: header field. // http://www.tuffmail.com/features.php Account Features Those are some useful features to attempt to diminish autoresponder problems. In the rejecting category, you can configure blocklists. There's also a graylisting function. -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Thu Feb 16 22:49:54 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Fri Feb 17 00:50:03 2006 Subject: [SpamCop-List] Re: I want my Yahoo Group Emails so stop bouncing it!!!!!! References: Message-ID: "Patti" wrote: > I'm getting really angry. Spamcop keeps bouncing my Yahoo Group Email. > These groups are important to me and I don't want to miss a single email. You can always read them online at http://groups.yahoo.com/. Besides, SpamCop does not *ever* bounce mail. If your mail's getting bounced, take it up with your ISP. Carol Late of Seattle, now of Pocatello From MikeE at ster.invalid Fri Feb 17 19:34:52 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 17 22:35:03 2006 Subject: [SpamCop-List] X-Originating-IP source Message-ID: When did SC start naming X-Originating-IP which does not appear in the Received tracelines as source? http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Fri Feb 17 21:59:46 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Fri Feb 17 23:00:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: "Mike Easter" wrote in message news:dt64ks$4p5$1@news.spamcop.net... > When did SC start naming X-Originating-IP which does not appear in the > Received tracelines as source? > > http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z At the tracking URL, the X-Originating-IP header is shown. When I click on the "View entire message" link, that header was already in the original e-mail that you sent to SpamCop. So how is SpamCop "renaming" the header that appears in the original mail headers? I do wonder why the "Tracking message source" line shows the IP address from the X-Originating-IP header. Since that header is added by the sender's mail server (or somewhere before it hits your mail host), why would it be trusted? It could've been added by vsmtp12.tin.it, or it could've been added sometime before it passed through pswm10.cp.tin.it (if vsmtp12.tin.it is a relay). -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From MikeE at ster.invalid Fri Feb 17 20:03:06 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 17 23:05:02 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Mike Easter wrote: > When did SC start naming X-Originating-IP which does not appear in the > Received tracelines as source? > > http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z Abbreviated Received tracelines *comment from [212.216.176.206] (helo=vsmtp12.tin.it) by lon1-hub.mail.demon.net *output server from pswm10.cp.tin.it (192.168.70.33) by vsmtp12.tin.it *MTA, non-routing X-Originating-IP: 82.169.149.87 * source IP Relay trusted (212.216.176.206) Report Spam to: Re: 212.216.176.206 (Third party interested in email source) To: postmaster@tin.it (Notes) To: e.berti@tin.it (Notes) To: abuse#na.nic.it@devnull.spamcop.net (Notes) To: abuse@tin.it (Notes) Re: 82.169.149.87 (Administrator of network where email originates) To: abuse@easyw.nl (Notes) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Feb 17 20:11:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 17 23:15:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Vanguard wrote: > "Mike Easter" > At the tracking URL, the X-Originating-IP header is shown. When I > click on the "View entire message" link, that header was already in > the original e-mail that you sent to SpamCop. So how is SpamCop > "renaming" the header that appears in the original mail headers? Actually I didn't get the mail. That .it server and its XOIP line is being discussed in nanae, and I found some recent examples posted as 'sightings' in non-sightings newsgroups^1. I parsed the example to discuss this XOIP sourcing by SC which I've never seen before and which I vehemently denied ever occurred until I had to eat crow in nanae. > I do wonder why the "Tracking message source" line shows the IP > address from the X-Originating-IP header. Since that header is added > by the sender's mail server (or somewhere before it hits your mail > host), why would it be trusted? It could've been added by > vsmtp12.tin.it, or it could've been added sometime before it passed > through pswm10.cp.tin.it (if vsmtp12.tin.it is a relay). Yes -- one should be very circumspect about deciding that an XOIP line is actually the source. I think that it is 'dangerous' for an algorithm to be doing that without being specifically 'programmed' for a particular server or set of servers. I've also seen that server handle spams which had an additional XOIP for a total of 2 of them. I wonder how SC would deal with that? In this particular case, because of a lot of investigating of vsmtp12.tin.it and its siblings, I'm convinced that the XOIP line is actually the source, but I've never seen SC name such a line as source before today. Maybe it is something new. ^1 The recent news msgs are news:82681671.31140199852527.JavaMail.rob@dionysus.nephelococcygia.demon.co.uk news:43f630b4$0$11075$e4fe514c@news.xs4all.nl news:43f630bf$0$11064$e4fe514c@news.xs4all.nl -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Sat Feb 18 00:04:31 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Sat Feb 18 01:05:13 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: "Mike Easter" wrote in message news:dt66pv$622$1@news.spamcop.net... > Vanguard wrote: > >> I do wonder why the "Tracking message source" line shows the IP >> address from the X-Originating-IP header. Since that header is added >> by the sender's mail server (or somewhere before it hits your mail >> host), why would it be trusted? It could've been added by >> vsmtp12.tin.it, or it could've been added sometime before it passed >> through pswm10.cp.tin.it (if vsmtp12.tin.it is a relay). > > Yes -- one should be very circumspect about deciding that an XOIP line > is actually the source. I think that it is 'dangerous' for an algorithm > to be doing that without being specifically 'programmed' for a > particular server or set of servers. I've also seen that server handle > spams which had an additional XOIP for a total of 2 of them. I wonder > how SC would deal with that? > > In this particular case, because of a lot of investigating of > vsmtp12.tin.it and its siblings, I'm convinced that the XOIP line is > actually the source, but I've never seen SC name such a line as source > before today. > > Maybe it is something new. I didn't notice it before, but the tracking URL page shows "Relay trusted". Well, I guess I wasn't trusting that the relay put that header there. Seems like the sender before that trusted relay host could've added that header. If it is something new (to interrogate and use the XOIP header to determine the source), and since it isn't clear why it would be trusted that the trusted relay added it and not the sending host before that, I'd probably uncheck the box to send a spam report there. I don't want to be sending spam reports to innocents. It is unfortunate that there is no standard to the order in which a mail host adds its headers so you could guarantee that the trusted relay added the XOIP header rather than the sender adding it that used that relay. Guess I'll have to dig through SpamCop's help to see if they ever define just what qualifies a relay host as trusted. From nospam at nospam.org Sat Feb 18 17:09:26 2006 From: nospam at nospam.org (Ejo) Date: Sat Feb 18 11:10:15 2006 Subject: [SpamCop-List] Re: X-Originating-IP source In-Reply-To: References: Message-ID: Mike Easter wrote: > When did SC start naming X-Originating-IP which does not appear in the > Received tracelines as source? > > http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z > > Apparently SC does that at least since today. From MikeE at ster.invalid Sat Feb 18 09:17:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 18 12:20:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Ejo wrote: > Mike Easter wrote: >> When did SC start naming X-Originating-IP which does not appear in >> the Received tracelines as source? >> >> http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z >> > Apparently SC does that at least since today. Here's another one from the same server family http://www.spamcop.net/sc?id=z878075129zcf57dbc66bc9c391681c8b9e5426bfa9z I'm noticing that SC handles the trusted server line's language slightly differently -- as if this were a different kinds of 'trust' or rather than SC has specifically programmed some servers to have their headers handled that way. Relay trusted (212.216.176.141 vsmtp1.tin.it) also SC notifies the relay in addition to the XOIP source -- which is different from usual -- and calls the relay a '3rd party' Report Spam to: Re: 212.216.176.141 (Third party interested in email source) To: e.berti@tin.it (Notes) To: abuse@tin.it (Notes) To: postmaster@tin.it (Notes) To: abuse#na.nic.it@devnull.spamcop.net (Notes) Re: 83.39.183.141 (Administrator of network where email originates) To: nemesys@telefonica.es (Notes) To: postmaster#telefonica.es@devnull.spamcop.net (Notes) So far I have not found any other servers or server families in which SC derives the source from an IP which occurs *only* in the XOIP line and not in the Received tracelines. There are plenty of servers which make an XOIP line which can be the source, but almost all of them also construct their Received tracelines properly, so that the source also appears in the Received and SC can do its parse in the normal manner. But the tin.it servers put a nonrouting IP in the Received tracelines, so the real source only appears in the XOIP. And SC is now reading the XOIP as a source even when it doesn't appear in the Received. There are also plenty of spams which have bogus XOIP lines, but so far I haven't run into any instances of SC reading the XOIP inappropriately. I even forged a spamheader from a trusted server which uses an XOIP line, but SC didn't fall for my forgery. Apparently SC now has 2 different kinds of trusted servers, and one kind is the tin.it kind, for which SC uses the XOIP instead of the Received information. There are several different servers in that family which is vsmtp'n'.tin.it and for which 'n' is a one or two digit number from 1 to about 12. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Feb 18 14:22:01 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Feb 18 14:25:02 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Vanguard wrote: > just what qualifies a relay host as trusted. AFAIK, only manual action by a SpamCop Deputy or a SpamCop Admin can get SpamCop's Parser to trust a relay host. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Sat Feb 18 11:49:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 18 14:50:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Jeff G. wrote: > Vanguard wrote: >> just what qualifies a relay host as trusted. > > AFAIK, only manual action by a SpamCop Deputy or a SpamCop Admin can > get SpamCop's Parser to trust a relay host. I think we now have a new class of trusted relay, in which the parser uses the X-Originating-IP as the source instead of the Received line information, and notifies differently, notifying the source provider as source and the relay provider as a 3rd party. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Feb 18 15:15:24 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Feb 18 15:20:02 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Mike Easter wrote: > Jeff G. wrote: >> Vanguard wrote: >>> just what qualifies a relay host as trusted. >> AFAIK, only manual action by a SpamCop Deputy or a SpamCop Admin can >> get SpamCop's Parser to trust a relay host. > I think we now have a new class of trusted relay, in which the parser > uses the X-Originating-IP as the source instead of the Received line > information, and notifies differently, notifying the source provider > as source and the relay provider as a 3rd party. Yes, that's how it appears. However, I think it's setting a bad precedent to allow tin.it to so blatantly violate the applicable SMTP RFCs. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Sat Feb 18 12:36:54 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 18 15:40:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: Jeff G. wrote: > Mike Easter wrote: >> I think we now have a new class of trusted relay, in which the parser >> uses the X-Originating-IP as the source instead of the Received line >> information, and notifies differently, notifying the source provider >> as source and the relay provider as a 3rd party. > > Yes, that's how it appears. However, I think it's setting a bad > precedent to allow tin.it to so blatantly violate the applicable SMTP > RFCs. I wonder if someone who knows could comment on how long it has been like that and whether or not there are other server families in that class besides the tin.it servers. I looked pretty stupid in nanae when I stated so emphatically yesterday that it didn't happen; that SC didn't name the XOIP as source when it only appeared there and not in the Received tracelines. I suspect it may have been like that for as much as a month, judging by the SC listing of an IP we were discussing in nanae and whose sightings at least only showed it appearing in the tin.it XOIP lines. That IP being 62.194.60.46 -- which probably was insecure for a while and now might not be. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sat Feb 18 22:36:07 2006 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Feb 18 16:40:04 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: Message-ID: <43F79347.6100@xyzzy.claranet.de> Mike Easter wrote: > I wonder if someone who knows could comment on how long it > has been like that While I dont know, but I have an older case (2006-01-11): http://article.gmane.org/gmane.mail.spam.spamcop.user/102227 > whether or not there are other server families in that class > besides the tin.it servers. It might make sense for Webmail providers. We had a similar Webmail case back in October. Ellen said she can configure it: http://news.gmane.org/group/gmane.mail.spam.spamcop.user/thread=99546 That example wasn't XOIP, the relevant part of the header is quoted in your reply (the tracker is apparently too old). -- Frank From h9vzc2i02 at sneakemail.com Sat Feb 18 13:48:20 2006 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Sat Feb 18 16:50:03 2006 Subject: [SpamCop-List] Re: Try sneakemail.com References: <6pLM5DrpLkZ4@eisner.encompasserve.org> Message-ID: "Anonymous Coward" wrote in message news:dt817t$5pl$2@news.spamcop.net... > > > Anon_ wrote: > > > >"Anonymous Coward" wrote... > > > >> Back to the topic at hand; sneakemail is useless if anyone with a > >> grudge and a DSL line can freeze your account by spamming it. > >> I hope I can find something like it without that fatal flaw. > > > >Yes that is correct - that is why I like sneakemail, you just either > >deactivate the address (temporarily) which will send a message to the SENDER > >(not the from) that the account is full, then either kill the address and > >create another to that person or just kill the address. > > > >Without sneakemail, you have to cancel a real account and create another > >real account with your ISP - that is a pain, especially when you have to > >tell all your friends that you have a new address.. > > > >I have had to do this several times with some merchants. > > The above describes sneakemail during normal operation, and it is > indeed a great way of handling email. What I am talking about, > however, is sneakemail during abnormal operation -- an account > frozen because of too much spam to a particular address. That's > a Bad Thing IMO. > *** Yes, too true. That is what I described above. Even a regular account will have a limit to how much your mailbox will hold before it starts to bounce mail. If you get the 'abnormal' action a regular account, you have to kill that address and startup a new address with your ISP - that sucks. -- A SpamCop user and forum reader, Not Admin *** From MikeE at ster.invalid Sat Feb 18 13:52:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 18 16:55:03 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: <43F79347.6100@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> I wonder if someone who knows could comment on how long it >> has been like that > > While I dont know, but I have an older case (2006-01-11): > http://article.gmane.org/gmane.mail.spam.spamcop.user/102227 The tracker referenced in that message http://www.spamcop.net/sc?id=z855293194za64fa151f8dc63816606075eb3ccce90z gets reparsed and shows the XOIP being named as source. The tracker also shows that the XOIP source was notified back then in Jan 9, so apparently it has been working that way at least that long Reports regarding this spam have already been sent: Re: 83.229.48.195 (Administrator of network where email originates) Reportid: 1616252264 To: nomaster@devnull.spamcop.net > >> whether or not there are other server families in that class >> besides the tin.it servers. > > It might make sense for Webmail providers. We had a similar > Webmail case back in October. Ellen said she can configure it: > > http://news.gmane.org/group/gmane.mail.spam.spamcop.user/thread=99546 > > That example wasn't XOIP, the relevant part of the header is > quoted in your reply (the tracker is apparently too old). The headers from that thread show the 'regular' webmailer showing the source in the Received lines. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Sat Feb 18 23:01:30 2006 From: nospam at nospam.org (Ejo) Date: Sat Feb 18 17:05:02 2006 Subject: [SpamCop-List] Re: X-Originating-IP source In-Reply-To: References: Message-ID: Jeff G. wrote: > Mike Easter wrote: >> Jeff G. wrote: >>> Vanguard wrote: >>>> just what qualifies a relay host as trusted. >>> AFAIK, only manual action by a SpamCop Deputy or a SpamCop Admin can >>> get SpamCop's Parser to trust a relay host. >> I think we now have a new class of trusted relay, in which the parser >> uses the X-Originating-IP as the source instead of the Received line >> information, and notifies differently, notifying the source provider >> as source and the relay provider as a 3rd party. > > Yes, that's how it appears. However, I think it's setting a bad > precedent to allow tin.it to so blatantly violate the applicable SMTP > RFCs. > It's from Italy, so I'm not surprised that at least something is blatantly violated. From jeffg at spamcop.net Sat Feb 18 17:55:08 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Feb 18 18:00:02 2006 Subject: [SpamCop-List] Re: X-Originating-IP source References: <43F79347.6100@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > Frank Ellermann wrote: >> Mike Easter wrote: >>> I wonder if someone who knows could comment on how long it >>> has been like that ... >>> whether or not there are other server families in that class >>> besides the tin.it servers. >> It might make sense for Webmail providers. We had a similar >> Webmail case back in October. Ellen said she can configure it: >> >> http://news.gmane.org/group/gmane.mail.spam.spamcop.user/thread=99546 >> >> That example wasn't XOIP, the relevant part of the header is >> quoted in your reply (the tracker is apparently too old). > The headers from that thread show the 'regular' webmailer showing the > source in the Received lines. SpamCop's Parser has been using "Sender relay:" terminology as far back as late April 2004 for XOIP Header Lines inserted by MSN Hotmail Webmail, but until your examples, the XOIP Header Lines appear to have always been also reflected in Received Header Lines "with HTTP", so their usage didn't affect parsing. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From h9vzc2i02 at sneakemail.c