From nospam at nospam.org Mon May 1 02:52:49 2006 From: nospam at nospam.org (Ejo) Date: Sun Apr 30 20:48:41 2006 Subject: [SpamCop-List] Re: Parser fails to resolve the originating IP In-Reply-To: References: Message-ID: Mike Easter wrote: > Ejo wrote: >> This is an example of a parser error, the result is that spamcop >> reports would be sent in the wrong direction (ip 131.180.0.83) >> whereas the >> spew originates from 212.91.238.95 I suppose that I have to fix the >> mailhost configuration. >> > www.spamcop.net/sc?id=z930656263zb5221611aa988e6db3e66c00e0430ce0z > > It appears that SC does not recognize these bottom 3 looping lines 4-6 > as part of your current mailhost -- where 'loop' implies going thru' the > same IP again, in this case calling itself by different names in the > 'by'. > > Abbreviated Received tracelines *comment > from (mailservice.tudelft.nl [130.161.131.5]) by dutlru2.lr.tudelft.nl > from localhost (localhost [127.0.0.1]) by rav.antivirus > from srv028.tudelft.net (unknown [131.180.0.83]) by mx4.tudelft.nl > *serves you > from mailservice.tudelft.nl ([130.161.131.5]) by srv028.tudelft.net > *serves you > from localhost (localhost [127.0.0.1]) by rav.antivirus *serves you > from di-ve3016.com (unknown [212.91.238.95]) by mx1.tudelft.nl > *sourceline > > If it is going to be funky like that, SC needs the mailhost configured > like that. > > It looks like a Carlie Foxtrot situation, not uncommon at the TUD. Problem is right now that I have to trick the systems to jump into this particular mode of handling incoming e-mail. From nobody at devnull.spamcop.net Mon May 1 00:31:10 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon May 1 00:35:06 2006 Subject: [SpamCop-List] Re: What is reported for 63.238.179.181? References: Message-ID: "WazoO" wrote in message news:e2u645$idt$1@news.spamcop.net... > > From: "WazoO" > To: "SpamCop Support - JT" > Subject: Newgroup Archiving dead again > Date: Fri, 28 Apr 2006 17:45:33 -0500 > > Had a user asking for help in the spamcop newsgroup, wasn't > getting what he needed. I reposted his query into the Forum > asking someone with a paid-account type to do a look-up. > Had an answer within minutes. Posted the Forum pointers > to the newsgroup, then was going to cross-link back to the > newsgroup archives ... but saw that the spamcop-list archive > stopped on the 18th of April. I now recall that the same thing > happened the last time there was a major cesmail located issue > and you got the archiving thing restarted. Could I ask for a > repeat action? Thanks! And in catching things up, the archiving bit has been restarted, archives are caught up, and in fact, the new month started as designed. Thanks sent to JT. From nobody at nowhere.not Mon May 1 08:14:12 2006 From: nobody at nowhere.not (Robert Blair) Date: Mon May 1 03:15:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 02:43:16 UTC, "John E. Malmberg" wrote: > > That is, to try and stop a *single* 'rogue' SC user getting an email > > source listed (through laziness, "revenge", stupidity and/or whatever) > > it takes sufficient reports from *two* or more users to get an email > > source on the SCBL... > > > > That is, there needs to be two or more users being lazy or stupid or > > 'angry' OR there is an issue with the list subscription method OR more > > likely something in between... > > I know of cases that were discussed here where there was only one user > doing the reporting where they accidentally reported their own mail server. > > While the idea that it takes two reporters to cause a listing seems to > be mentioned a lot, it does not seem to be the case. Sending a report to your own ISP is bad but it does not get the ISP listed unless there has been other spam reported to the same IP. So my conclusion is that more than one person is reporting spam from that IP. Recently we went through the same process with another mailing list which turned out to be backscatter. So far no one has mentioned this to Patty. How does the list handle email it receives from someone not subscribed to the list? -- Robert Blair From MikeE at ster.invalid Mon May 1 01:58:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 04:00:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Robert Blair wrote: > "John E. Malmberg" >> >>> That is, there needs to be two or more users being lazy or stupid >> I know of cases that were discussed here where there was only one >> user doing the reporting >> While the idea that it takes two reporters to cause a listing seems >> to be mentioned a lot, it does not seem to be the case. It is also /my/ belief that there is no 'requirement' for more than one reporter making reports. There is a requirement for more than one report, not for more than one report-er http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- The SCBL will not list an IP address with only one report filed. > Sending a report to your own ISP is bad but it does not get the ISP > listed unless there has been other spam reported to the same IP. Why do you say that? Where are you getting that information? I can see why one reporter making multiple reports of their own ISP as source might /not/ cause a listing for it, because of the server reputation points -- and I can also see why that same ISP might get itself listed for also hitting spamtraps in addition to the one reporter, because of the heavier weight of the spamtraps -- but I'm not aware of a rule in the algorithm to not list the IP if there is only one reporter making reports. > So > my conclusion is that more than one person is reporting spam from that > IP. You are basing that conclusion on a belief that there is a 'requirement' that a listing cannot occur if there is only one reporter making multiple reports. I'm questioning the basis for that belief. > How does the list handle email it receives from someone not > subscribed to the list? That's a good question to ask. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Mon May 1 20:44:57 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon May 1 05:50:08 2006 Subject: [SpamCop-List] Possible spam from Tesltra user. Message-ID: http://www.spamcop.net/sc?id=z931966737zcbe8497f877d987e944951d04bbc846dz It would appear that this is coming from a telstra user, probably one of their bigpond customers. It also seems there is a rather large attachment, does that look like a virus or some kind of infectious trojan program? Cheers ... Geoffrey Hyde From patty1515NOSPAM at gmail.com Mon May 1 10:08:21 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:10:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: On Sun, 30 Apr 2006 20:13:33 -0700, Don Wannit wrote: > Patty wrote: > >> I heard back from our SysAdmin, and his concern is that the confirmation >> would cause someone to be subscribed automatically, and he definitely wants >> Administrator review of all profiles submitted. Right now, we review the >> profiles and then manually subscribe the person. I'm not sure how the >> confirmation could be worked in with that type of setup. I like the idea >> of a confirmation, but I'm not sure about how the software (Majordomo) >> handles the subscription requests. I know that right now, the profile and >> subscription request goes to a live person who reads it over before it is >> submitted. Granted, that doesn't ensure that someone can't maliciously >> subscribe their worst enemy, but he wants the human intervention in there. >> >> Thanks Mike. >> >> Patty > > > Hi, Patty! > > Since your subscription process already has the extra step of > the profile being explicitly examined and vetted by a human, > it seems your sysadmins have already changed the normal Majordomo > configuration, at least a bit. Could the necessary addition > be as simple as adjusting your signup process so that it does > not offer the profile form to the user to fill in until *after* > the user has responded to the confirmation email? > > In other words, the profile form would not be filled in > when the user submits his/her email address. To sign up > for a list or lists, the user would just provide the > email address. Then the confirmation email you send to > that address does the usual apology for the intrusion if > someone else submitted this email address, and provides > a link to the web form to fill in the profile, using a > randomly-generated gobblety-gook string as a unique key > that would be nearly impossible to guess. That would > provide the necessary confirmation step and still > let your editor/admin approve the profile, with very > little adjustment to your existing signup process. > > It might be relatively simple to modify your existing > Majordomo automation to do this. I don't know, since > I am not familiar with current Majordomo versions (only > old and decrepit ones; I use GNU Mailman for our lists > now). > > Hope this helps, > Don I am being told that with the current software, sending out a confirmation email would result in that person being subscribed automatically. Modifying it would be difficult and then would be very difficult to maintain when new versions came out. We are using a standard software package (I have not been told which one) and it is very big. I am also told that there are not nearly as many solutions as some would believe. Listservs are hard to set up and maintain for large lists. We have an exceptionally large list (nearly 5,000 members) and many integrated tools that everyone takes for granted. Changing now would require months of full-time effort and several full-time people to administer the list. Since we are a small non-profit organization, we don't have any paid staff, only volunteers that handle the day to day list duties. I guess the feeling is, that since we are an opt-in list (the person must choose to join), and because we are dealing with such a specific subject that has very limited appeal to the masses, a confirmation is not really necessary. Granted, it is considered a good practice, but is not required of a listserv. However, there are a couple of us on the administrative roster who do think that some type of confirmation would be a good idea. So, perhaps this option will be explored more in the future. Thanks everyone for all the suggestions, I have passed them along. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:10:06 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:10:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Sun, 30 Apr 2006 22:43:16 -0400, John E. Malmberg wrote: > Skiwi wrote: >> I may have missed this in all of the replies in this thread, so "just in >> case" - but my understanding the above sentence should read: >> >> "It is possible for user[s] to incorrectly report a mailing list and get >> it listed, but it is rare." >> >> That is, to try and stop a *single* 'rogue' SC user getting an email >> source listed (through laziness, "revenge", stupidity and/or whatever) >> it takes sufficient reports from *two* or more users to get an email >> source on the SCBL... >> >> That is, there needs to be two or more users being lazy or stupid or >> 'angry' OR there is an issue with the list subscription method OR more >> likely something in between... > > I know of cases that were discussed here where there was only one user > doing the reporting where they accidentally reported their own mail server. > > While the idea that it takes two reporters to cause a listing seems to > be mentioned a lot, it does not seem to be the case. > > -John > wb8tyw@qsl.network > Personal Opinion Only As far as I know, our situation is only one person doing the reporting. The Covad log trace only shows one person making the SC report. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:13:41 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:15:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: <1vt5dpskzga7d$.b7m6e4g95quk$.dlg@40tude.net> On Mon, 1 May 2006 07:14:12 +0000 (UTC), Robert Blair wrote: > On Mon, 1 May 2006 02:43:16 UTC, "John E. Malmberg" > wrote: > >>> That is, to try and stop a *single* 'rogue' SC user getting an email >>> source listed (through laziness, "revenge", stupidity and/or whatever) >>> it takes sufficient reports from *two* or more users to get an email >>> source on the SCBL... >>> >>> That is, there needs to be two or more users being lazy or stupid or >>> 'angry' OR there is an issue with the list subscription method OR more >>> likely something in between... >> >> I know of cases that were discussed here where there was only one user >> doing the reporting where they accidentally reported their own mail server. >> >> While the idea that it takes two reporters to cause a listing seems to >> be mentioned a lot, it does not seem to be the case. > > Sending a report to your own ISP is bad but it does not get the ISP > listed unless there has been other spam reported to the same IP. So > my conclusion is that more than one person is reporting spam from that > IP. > > Recently we went through the same process with another mailing list > which turned out to be backscatter. So far no one has mentioned this > to Patty. How does the list handle email it receives from someone not > subscribed to the list? It bounces to an administrator who reviews it. It never makes it to the list. Because we are a subscription only listserv, even if a current member sends from a non-subscribed email address, that email bounces to an administrator. If the administrator is able to confirm the person's membership, it may be forwarded on, but mostly that does not happen. The person must resubmit their email using their subscribed address. Patty From patty1515NOSPAM at gmail.com Mon May 1 10:15:05 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 09:15:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: <1srcb1z64id37.z7k8q5rk6lu2$.dlg@40tude.net> On Mon, 1 May 2006 00:58:05 -0700, Mike Easter wrote: > Robert Blair wrote: >> "John E. Malmberg" >>> > >>>> That is, there needs to be two or more users being lazy or stupid > >>> I know of cases that were discussed here where there was only one >>> user doing the reporting > >>> While the idea that it takes two reporters to cause a listing seems >>> to be mentioned a lot, it does not seem to be the case. > > It is also /my/ belief that there is no 'requirement' for more than one > reporter making reports. There is a requirement for more than one > report, not for more than one report-er > http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- > The SCBL will not list an IP address with only one report filed. > >> Sending a report to your own ISP is bad but it does not get the ISP >> listed unless there has been other spam reported to the same IP. > > Why do you say that? Where are you getting that information? I can see > why one reporter making multiple reports of their own ISP as source > might /not/ cause a listing for it, because of the server reputation > points -- and I can also see why that same ISP might get itself listed > for also hitting spamtraps in addition to the one reporter, because of > the heavier weight of the spamtraps -- but I'm not aware of a rule in > the algorithm to not list the IP if there is only one reporter making > reports. > >> So >> my conclusion is that more than one person is reporting spam from that >> IP. > > You are basing that conclusion on a belief that there is a 'requirement' > that a listing cannot occur if there is only one reporter making > multiple reports. I'm questioning the basis for that belief. > >> How does the list handle email it receives from someone not >> subscribed to the list? > > That's a good question to ask. I just answered that last question. See my prior post. :o) Patty From sgcarney at gmail.com Mon May 1 19:53:56 2006 From: sgcarney at gmail.com (Scott Carney) Date: Mon May 1 09:24:07 2006 Subject: [SpamCop-List] take me off this list Message-ID: <72F1D1C5-2EA2-48E7-861D-D9870AB13A6C@gmail.com> Dear SpamCop, Please unsubscribe me from this list. I get enough mail as is. s ___ Scott Carney Freelance Journalist Mobile: 091-9380185773 www.scottcarneyonline.com From nobody at devnull.spamcop.net Mon May 1 10:31:27 2006 From: nobody at devnull.spamcop.net (Peter) Date: Mon May 1 09:35:02 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: What list? -- Peter Toronto, Canada 2 x XP Pro SP2 (1 everyday, 1 for testing) P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD "Scott Carney" wrote in message news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... > Dear SpamCop, > > Please unsubscribe me from this list. I get enough mail as is. > > s > ___ > Scott Carney > Freelance Journalist > Mobile: 091-9380185773 > www.scottcarneyonline.com > > > > From sgcarney at gmail.com Mon May 1 20:06:45 2006 From: sgcarney at gmail.com (Scott Carney) Date: Mon May 1 09:36:54 2006 Subject: [SpamCop-List] Re: take me off this list In-Reply-To: References: Message-ID: <216ED222-80C5-4B82-A4AA-DA82839B6E8C@gmail.com> Maybe I e-mailed the wrong person. I'm trying toget off the spam cop list. s ___ Scott Carney Freelance Journalist Mobile: 091-9380185773 www.scottcarneyonline.com On May 1, 2006, at 7:01 PM, Peter wrote: > What list? > > -- > Peter > Toronto, Canada > 2 x XP Pro SP2 (1 everyday, 1 for testing) > P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD > "Scott Carney" wrote in message > news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... >> Dear SpamCop, >> >> Please unsubscribe me from this list. I get enough mail as is. >> >> s >> ___ >> Scott Carney >> Freelance Journalist >> Mobile: 091-9380185773 >> www.scottcarneyonline.com >> >> >> >> > > > _______________________________________________ > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list From MikeE at ster.invalid Mon May 1 07:40:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 09:45:03 2006 Subject: [SpamCop-List] Re: Possible spam from Tesltra user. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z931966737zcbe8497f877d987e944951d04bbc846dz > > It would appear that this is coming from a telstra user, probably one > of their bigpond customers. It also seems there is a rather large > attachment, does that look like a virus or some kind of infectious > trojan program? Pharm spam source 144.136.148.123 CPE-144-136-148-123.qld.bigpond.net.au not listed in open proxy db/s, just dynamics spamvertiser fzd.4qatada3909zxmmx9m4x94m4.therterhk.com 58.19.254.157 spamhaused as the /32 rokso Leo Kuvayev / BadCow CNCGROUP HuBei b64 gif attachment promoting Cialis, Viagra, Levitra You don't have to open the spam to examine the gif. You can access the message properties, isolate the attachment and save it as the b64, then b64 decode that into the gif, I use Iceows for various functions of arc/unarc, code/decode convert, and look at the gif with a normal viewer like IrfanView. The disadvantage of opening the spam to inspect it is the traditional insecurity of something like Outlook Express using Internet Explorer's rendering engine under Windows. If you are going to use Win, you don't have to deal with the inherent insecurities of OE/IE. In this case, you can inspect the interior and see that the b64 is a .gif, then all you have to worrry about is what the rendering engine of IE/OE can do insecurely with a malformed .gif. // Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. // named here http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1048 patched here http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx Microsoft Security Bulletin MS04-025 More from me in alt.spam about malformed gifs http://groups.google.com/group/alt.spam/msg/5bf26a618d243915?hl=en& or http://snipurl.com/pvyx From: "Mike Easter" Newsgroups: alt.spam Subject: Re: Nonsense Spam Message-ID: -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 07:49:08 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 09:50:03 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: Scott Carney wrote: > Dear SpamCop, > > Please unsubscribe me from this list. I get enough mail as is. The instructions for unsubbing for the list are present in the following places: - the trailer link on every mailing list item you receive - the page where you signed up - the headers of every mailing list item you receive. The trailer of this message to you says: > SpamCop-List mailing list > SpamCop-List@news.spamcop.net > http://news.spamcop.net/mailman/listinfo/spamcop-list Near the bottom of that page linked above, which I think should be at the very very tip top of the page is a section which sez: To unsubscribe from SpamCop-List, get a password reminder, or change your subscription options enter your subscription email address: where you click the Unsubscribe or Edit options button after entering your subbed addy. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 08:17:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 10:20:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote: > I am being told that with the current software, sending out a > confirmation email would result in that person being subscribed > automatically. Does that mean that you /could/ do the human vetting of the profile /first/ and then do the confirmation mail? -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Mon May 1 10:47:08 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 10:50:03 2006 Subject: [SpamCop-List] Re: take me off this list References: Message-ID: "Scott Carney" wrote in message news:mailman.1.1146490614.3606.spamcop-list@news.spamcop.net... > Maybe I e-mailed the wrong person. I'm trying toget off the spam cop > list. > > s > ___ > Scott Carney > Freelance Journalist > Mobile: 091-9380185773 > www.scottcarneyonline.com > > > > > On May 1, 2006, at 7:01 PM, Peter wrote: > > > What list? > > > > -- > > Peter > > Toronto, Canada > > 2 x XP Pro SP2 (1 everyday, 1 for testing) > > P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD > > "Scott Carney" wrote in message > > news:mailman.0.1146489848.3606.spamcop-list@news.spamcop.net... > >> Dear SpamCop, > >> > >> Please unsubscribe me from this list. I get enough mail as is. > >> > >> s > >> ___ > >> Scott Carney > >> Freelance Journalist > >> Mobile: 091-9380185773 > >> www.scottcarneyonline.com > >> > >> > >> > >> > > > > > > _______________________________________________ > > SpamCop-List mailing list > > SpamCop-List@news.spamcop.net > > http://news.spamcop.net/mailman/listinfo/spamcop-list > Yeah you did, but there are instructions at the top and/or the bottom of every missive you receive if you are on the mailling liston how to do that, follow them. No one else can do it for you. From bar_n0ne at hotmail.com Mon May 1 10:56:25 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 11:00:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e34f23$lqk$1@news.spamcop.net... SNIP > > You are basing that conclusion on a belief that there is a 'requirement' > that a listing cannot occur if there is only one reporter making > multiple reports. I'm questioning the basis for that belief. > Well there was a post from Julian, or a Deputy, a couple of years back about a change to the algorithm,. The change was basically that 2 reporters had to report spams from the same source before listing. There was a bit of grumbling in this newsgroup about that at the time. I don't know if this can be found with google now or not. From patty1515NOSPAM at gmail.com Mon May 1 12:08:43 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 11:10:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: <1b93cfua8sk2n$.1060nh0bpopj1$.dlg@40tude.net> On Mon, 1 May 2006 07:17:25 -0700, Mike Easter wrote: > Patty wrote: >> I am being told that with the current software, sending out a >> confirmation email would result in that person being subscribed >> automatically. > > Does that mean that you /could/ do the human vetting of the profile > /first/ and then do the confirmation mail? Hi Mike, I don't really know any specifics of the software so I can't answer that question. I have been told that the only way we could implement this type of procedure easily is to have the person processing the profiles manually send a confirmation email first before subscribing the person. At this point in time, that's being frowned on since we only have all volunteers and no one is paid to do this work. Putting extra work on volunteers doesn't always fly well, I'm afraid. There are a couple of us who like the idea, but we'll see what the overall consensus of the admin group is. Patty From patty1515NOSPAM at gmail.com Mon May 1 12:10:33 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Mon May 1 11:10:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 09:56:25 -0500, Berny wrote: > "Mike Easter" wrote in message > news:e34f23$lqk$1@news.spamcop.net... > SNIP >> >> You are basing that conclusion on a belief that there is a 'requirement' >> that a listing cannot occur if there is only one reporter making >> multiple reports. I'm questioning the basis for that belief. >> > > Well there was a post from Julian, or a Deputy, a couple of years back about > a change to the algorithm,. > > The change was basically that 2 reporters had to report spams from the same > source before listing. > > There was a bit of grumbling in this newsgroup about that at the time. > > I don't know if this can be found with google now or not. I only know that I've been told the log trace from Covad is showing only one person reporting. Patty From spam at nospam.org Mon May 1 18:11:29 2006 From: spam at nospam.org (Andy) Date: Mon May 1 11:15:03 2006 Subject: [SpamCop-List] Pump and Dump Message-ID: The P&D scam was completely new to me until a few weeks ago when I started getting a load of backscatter from a scammer - mail bounces coming to randomly generated user names (typically 3 to 5 random characters) at my domain. The originating IPs of the scam mails appears to indicate a number of bots located around the world, mostly South Korea, Latin America and Texas(!), with a few in Germany. I have researched some of the P&D companies and one is apparently a microscopic oil company located in Canada. There are only 39 share holders and the company appears to consist of one guy - the 'CEO'. The share price has increased by 44% recently. My questions are therefore - 1. Is P&D actually illegal or is it a case of 'caveat emptor'? 2. If it is illegal then where would you make a report? Given that there appear to be only 39 possible beneficiaries in this company it shouldn't be too hard to trace the scammer. 3. At the end of the day would anyone actually follow this up or would I be wasting my time? The scammer may make a few bucks but he won't be retiring on the proceeds of this one. An additional question - can you confirm that Spamcop encourages reporting the mail bounces themselves as spam? I've seen this suggestion a few times on the forums. Originally I was just annoyed by the scammer but the frequency of the incorrectly bounced mail is not decreasing and I'm actually getting more fed up with mail servers that are incapable of recognising a spoofed return address. As an aside - you wouldn't believe how many people out there send out-of-office autoresponses in reply to mail originating from outside their local networks... or maybe you would. :-) Thanks Andy From MikeE at ster.invalid Mon May 1 09:28:47 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 11:30:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Patty wrote: > I only know that I've been told the log trace from Covad is showing > only one person reporting. I'm assuming that what covad gets is the SC report of being spamsource provider. A SC report will provide a link to the evidence, but the report is sent from spamcop, not the reporter, regardless of whether that is a single repetitive IP address, it only means the source of the report remains the same, namely spamcop's IP. The reporter's addy in the evidence To would be munged by standard or default SC munge unless overridden by some action of the reporter or requirement of the notified provider, and the evidence itself would permit analysis of the headers of the mailing list item/s which were received by the reporter. Those items would show the 'mailbox' server for the recipient, such as AOL, but if any addresses of the recipient would have appeared in the recipient's headers in such as Received tracelines, those too would have been spamcop munged by the standard or default algorithm function on the handling of the evidence which is linked in the report to the providers for spamvertiser or source. So, the point of that long description is that I would think that the conclusion might be that all of the reports are being received by a user of only one provider, namely AOL, but not necessarily one 'person' -- since I'm thinking the person isn't being identified by username address, but only by mailbox server. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 09:41:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 11:45:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> <1b93cfua8sk2n$.1060nh0bpopj1$.dlg@40tude.net> Message-ID: Patty wrote: > I don't really know any specifics of the software so I can't answer > that question. I have been told that the only way we could implement > this type of procedure easily is to have the person processing the > profiles manually send a confirmation email first before subscribing > the person. At this point in time, that's being frowned on since we > only have all volunteers and no one is paid to do this work. Putting > extra work on volunteers doesn't always fly well, I'm afraid. I agree with that, more volunteer work is bad, but... > There > are a couple of us who like the idea, but we'll see what the overall > consensus of the admin group is. ...there's another concern I have. Now that we've been talking about all of this in here, it is 'common knowledge' that the/your mailing lists don't require confirmed opt-in. That makes the lists a 'target' for those who would cause trouble between antispammers and the 'public' -- where the public in question would be your mailing list admins and your list readers. An unconfirmed mailing list is a 'good thing' to be submitting email addresses to if your wish is to cause friction between blocklists such as spamcop's and the unconfirmed mailing list. Your mailing list doesn't have a feature that allows you to easily listwash based on spamcop reports which have munged the reporter's addy. Even tho' you have had little or no problems up to now over the past 10 years, that is liable to change in the future. The gig would be to subscribe spamcop reporter's addresses to your mailing list, and then those subbed reporters would not be required to confirm their subscription, and then as soon as the mailing list mail begins, the reporters would start reporting them, not unsubbing from a list they never subbed. Of course. This would give rise to much blocklisting of your servers and much interference with the mail to your subscribers. The deputies are not going to manually delist servers which have been listed because of reports caused by unconfirmed mailing lists. They are also not going to help you listwash. Your lists are going to be in the soup and your subscribers are going to have trouble getting their mailing list mail and everyone is going to be unhappy. Houston, we have a problem here. -- Mike Easter kibitzer, not SC admin From not at home.today Mon May 1 17:41:32 2006 From: not at home.today (Ant) Date: Mon May 1 11:45:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> <1vt5dpskzga7d$.b7m6e4g95quk$.dlg@40tude.net> Message-ID: "Patty" wrote: > On Mon, 1 May 2006 07:14:12 +0000 (UTC), Robert Blair wrote: >> Recently we went through the same process with another mailing list >> which turned out to be backscatter. So far no one has mentioned this >> to Patty. I mentioned that I didn't think it was happening. >> How does the list handle email it receives from someone not >> subscribed to the list? > > It bounces to an administrator who reviews it. It never makes it to the > list. Because we are a subscription only listserv, even if a current > member sends from a non-subscribed email address, that email bounces to an > administrator. If the administrator is able to confirm the person's > membership, it may be forwarded on, but mostly that does not happen. The > person must resubmit their email using their subscribed address. The important point is that you don't return the mail to who you thought sent it, i.e. the address in the "From:" field. This is forged by spammers, and any bounce will likely go to an innocent party who may report it as spam. From Kilgallen at SpamCop.net Mon May 1 11:42:40 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon May 1 11:45:09 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> In article , Patty writes: > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), Not at all. Somebody must merely choose to submit the person's address, perhaps to harass the addressee without any input from the addressee. > and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. Your subject matter has nothing at all to do with whether you provide a harassment vehicle. > Granted, it is considered a good practice, but is not required > of a listserv. However, there are a couple of us on the administrative > roster who do think that some type of confirmation would be a good idea. > So, perhaps this option will be explored more in the future. The fact that some will reject your mail due to this practice might be convincing. Consider someone who _wants_ to receive your mail but is prevented from doing so because your organization does not care about whether the email names on the list represent people who actually signed up. From MikeE at ster.invalid Mon May 1 09:55:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 12:00:05 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Berny wrote: > "Mike Easter" >> You are basing that conclusion on a belief that there is a >> 'requirement' that a listing cannot occur if there is only one >> reporter making multiple reports. I'm questioning the basis for >> that belief. >> > > Well there was a post from Julian, or a Deputy, a couple of years > back about a change to the algorithm,. > > The change was basically that 2 reporters had to report spams from > the same source before listing. > > There was a bit of grumbling in this newsgroup about that at the time. > > I don't know if this can be found with google now or not. This is all I've found so far http://news.spamcop.net/pipermail/spamcop-help/2003-August/041753.html http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html The forum discussion and question about requiring 2 seems to have never been confirmed by anyone, unless you can find it in that forum discussions which I don't like to dredge thru' repeatedly looking for something. I prefer nice simple plaintext to dig thru' instead of html. The 'illustration' of information from a spamcop parse in the 2nd link which would seem to imply that 2 reporters are required was 'discordant' -- in that the parser's verbose output mentioned a 2 reporter 'requirement' which wasn't met, but then 'turned around' and said there were two reporters. And, my experience with the verbose is that it cannot be counted on to say what it really means or mean what it says -- and in any case the algorithm and its verbose are highly dynamic, unstable, and perpetually changing and cannot be relied upon as a 'real' verification of a requirement which hasn't been verified in the faq or by a deputy or Julian that I can find so far. I only see people 'assuming' it to be the case. I think they are confused by the verified one report concept -- melding it into a one reporter concept. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 10:27:06 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 12:30:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works In-Reply-To: References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote: > > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. Your admin appears to be extremely clueless. That's NOT what a confirmation is. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. Big does not mean better, or even easier or harder. Whoever said it would be difficult to maintain a new, better package doesn't want to do their job. Find someone who has experience running opt-in lists and hire them instead. > I am also told that there are not nearly as many solutions as some would > believe. Listservs are hard to set up and maintain for large lists. We > have an exceptionally large list (nearly 5,000 members) and many integrated > tools that everyone takes for granted. Changing now would require months > of full-time effort and several full-time people to administer the list. > Since we are a small non-profit organization, we don't have any paid staff, > only volunteers that handle the day to day list duties. As others have stated there are some excellent programs that will likely import your list and set it up under a new app inside of a day. It appears your admin is feeding you a line of malarky. > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. HOGWASH! If you want your recipients to get the emails you need to use a program that adheres to the best practices previously cited. > Granted, it is considered a good practice, but is not required > of a listserv. However, there are a couple of us on the administrative > roster who do think that some type of confirmation would be a good idea. > So, perhaps this option will be explored more in the future. You're a trooper Patty. Keep asking the hard questions! From tmcgraw at spamcop.net Mon May 1 10:27:42 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 12:30:07 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] In-Reply-To: References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Patty wrote: > > I only know that I've been told the log trace from Covad is showing only > one person reporting. I thought you said it was an AOL user...? From DougThegarden at invalid.com Mon May 1 18:28:05 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon May 1 12:30:09 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Andy wrote: > > My questions are therefore - > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > Yes > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. > The SEC or FBI or whoever the local equivalent for the country the company is based in is. > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. > You are probably wasting your time and the "only 39 shareholders" indicates that at most 39 people have fallen for it. A bit like the FDA and drugs I suspect there are just too many small time players out there and too difficult to prove who did it to make investigation practical. Doug From MikeE at ster.invalid Mon May 1 10:51:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 12:55:02 2006 Subject: [SpamCop-List] Insulin pumpers headers Message-ID: I parsed manually and with SpamCop for a non-mailhosted account the headers of an insulin pumpers [hereafter IP] mailing list item and noted two things, one related to the IP mailing list SCbl listing recently and one unrelated. The IP headers do not parse to name the IP server [bizsystems] as source, but instead source the individual who emailed the item to the list, which is often the case for mailing list items, since the individual /was/ the source and the major domo simply forwarded the mail along to the recipient. Whether or not this current result is from a previously untrusted server now being trusted, either by SC experience or by a deputy manually trusting a server I can't say. I also have not tested the parser for this headers on a mailhosted account yet. And, incidentally, the parser does not currently 'require' that a spam have a body to offer to report, ie no need for such as 'empty body' or 'no body text' material change to report a spam. I cancelled the parse for the items unreported. The main point of this new thread on the subject is that at the present time, the IP server would not become listed by a spamcop reporter reporting the IP mailing list items with a non-mailhosted account. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 10:55:19 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:00:04 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > > The main point of this new thread on the subject is that at the present > time, the IP server would not become listed by a spamcop reporter > reporting the IP mailing list items with a non-mailhosted account. This is exactly how Mailman, Yahoo Groups, ya da ya da ya da work. Do the headers hint at what list software is being used? From MikeE at ster.invalid Mon May 1 11:23:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:25:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> >> The main point of this new thread on the subject is that at the >> present time, the IP server would not become listed by a spamcop >> reporter reporting the IP mailing list items with a non-mailhosted >> account. > > This is exactly how Mailman, Yahoo Groups, ya da ya da ya da work. > > Do the headers hint at what list software is being used? No. The server which is doing it is identified as pandora.is.bizsystems.com which rDNSes to the nonrouting 192.168.1.190 and also calls itself by another nonrouting in the chain-- which also calls itself in its helo and a traceline bzs.org -- and which ultimately outputs as 69.3.95.130 which rDNSes to ns2.bizsystems.net which was the blocklisted IP that caused the problems earlier. It also calls itself majordomo@localhost and daemon@localhost and mentions itself in X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set sender to insulin-pumpers@insulin-pumpers.org using -f If you can sleuth anything by its id Received: (from majordomo@localhost) by bzs.org (8.11.4/8.11.4) id k41GkQp18393 for insulin-pumpers-outgoing; Mon, 1 May 2006 09:46:26 -0700 In fact, here are 3 contiguous headers involving all of that: Received: (from majordomo@localhost) by bzs.org (8.11.4/8.11.4) id k41GkQp18393 for insulin-pumpers-outgoing; Mon, 1 May 2006 09:46:26 -0700 X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set sender to insulin-pumpers@insulin-pumpers.org using -f Received: from ns2.bizsystems.net (ns2.is.bizsystems.com [192.168.1.171]) by bzs.org (8.11.4/8.11.4) with ESMTP id k41GkOh18386 for ; Mon, 1 May 2006 09:46:24 -0700 I removed the leading whitespaces for posting here -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 11:27:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:30:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? Oh, yeah. What's this? X-nag: /home/majordomo/nag.header -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 11:37:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 13:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? How would you like to become an insulin pumpers mailing list admin? :-) Here's the how-to http://insulin-pumpers.org/howto/List-Admin-HOWTO.html#toc8 Insulin-Pumper's Mail List Administration HOWTO That is not a 'secret document' -- it is accessible to the public, found by searching on bzs.org -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 11:52:20 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:55:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > > X-Authentication-Warning: pandora.is.bizsystems.com: majordomo set > sender to insulin-pumpers@insulin-pumpers.org using -f If the result of sending something to insulin-pumpers@insulin-pumpers.org (as spammers tend to do) is an email to the "From" that says, "only members can post to this list," then they deserve to be listed. But we've already established that the way their mail sw works is an SC parse won't finger it as the source - so it's impossible for them to be listed from list traffic. Which probably means someone is lying. From tmcgraw at spamcop.net Mon May 1 11:52:24 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 13:55:07 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: >> Do the headers hint at what list software is being used? > > How would you like to become an insulin pumpers mailing list admin? :-) > > Here's the how-to > > http://insulin-pumpers.org/howto/List-Admin-HOWTO.html#toc8 > Insulin-Pumper's Mail List Administration HOWTO > > That is not a 'secret document' -- it is accessible to the public, found > by searching on bzs.org I thought this was even better: http://www.insulin-pumpers.org/membersonly.html If I can guess another user's name, I've got the universal password! From nobody at devnull.spamcop.net Mon May 1 11:58:35 2006 From: nobody at devnull.spamcop.net (G?? |\/|AC0|\|) Date: Mon May 1 14:00:03 2006 Subject: [SpamCop-List] Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: For the purpose of this post, it doesn't matter who wrote: >> I see that winking grin, but you are going to get a semantics discussion >> anyway. If the first person to change the topic from discussing the case of the mailing list operator wondering how spamcop works to the semantics of folder/directory naming would be so kind as to change the subject line, those of us who are interested in the first topic but not the second would find it easier to select posts that interest us. From MikeE at ster.invalid Mon May 1 12:07:46 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:10:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Do the headers hint at what list software is being used? My gut and some other findings like where Michael A. Robinton converses are causing me to lean toward believing the software is Majordomo http://www.greatcircle.com/majordomo/ -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 12:24:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:25:02 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: G?? |\/|AC0|\| wrote: > If the first person to change the topic from discussing the case of > the mailing list operator > wondering how spamcop works to the semantics of folder/directory > naming would be so > kind as to change the subject line, those of us who are interested in > the first topic but > not the second would find it easier to select posts that interest us. Of course you are correct. I find it a quaint observation that a subject change among topic drifters leads quickly or even immediately to the end of the subthread's conversation. Maybe that's the way it /should/ be. In this case, it lasted for 3 posts, longer than usual, in my experience. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 12:33:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 14:35:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > But we've already established that the way their mail sw works is an > SC parse won't finger it as the source - so it's impossible for them > to be listed from list traffic. You mean it is /currently/ impossible to be listed from list traffic to a nonmailhosted reporter. Looking at the headers, it is possible that the parser might've tripped while it was unfamiliar with the server chain. Or that it might still trip for a mailhosted account. > Which probably means someone is lying. We have incomplete information because we can't see the evidence. In the past when we the public could access the evidence, we would be able to 'reparse' the headers that had caused the bizsystems server to become listed and perhaps find that now the bizsystems server wouldn't be named as source, whereas/but it had been before. That doesn't mean that someone is lying; it means that the nonmailhosted parse doesn't currently name the server. It is also possible that a mailhosted parse might still show the bizsystem's server as source, since the algorithm's logic is different in several areas for mailhosted vs non-mailhosted. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon May 1 12:46:54 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon May 1 14:50:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote... > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. > > I am also told that there are not nearly as many solutions as some would > believe. Listservs are hard to set up and maintain for large lists. We > have an exceptionally large list (nearly 5,000 members) and many > integrated > tools that everyone takes for granted. Changing now would require months > of full-time effort and several full-time people to administer the list. > Since we are a small non-profit organization, we don't have any paid > staff, > only volunteers that handle the day to day list duties. May I make a suggestion? Perhaps you can persuade the person(s) who you are discussing this with to post here, and thus avoid the current situation where those who have the technical knowledge are passing messages through someone who is less technical. Have them start here: http://www.cluelessmailers.org/info/listmanagement.html http://www.mail-abuse.com/an_listmgntgdlines.html > I guess the feeling is, that since we are an opt-in list (the person must > choose to join), Alas, you have no way of knowing that the above is true. With your present setup, a bad guy can "opt-in" someone else who does not want to be on your list. Granted, they would have to be somewhat clever to get past your manual confirmation process, but it could be done (and *will* be done if the bad guys get wind of an abusable mailing list) > and because we are dealing with such a specific subject > that has very limited appeal to the masses, a confirmation is not really > necessary. Alas, while it is true that your specific subject has limited appeal, the practice of subscribing somneone who you dislike to thousands of mailing lists has a wide appeal among a certain class of person. These net-abusers tend to make up lists of abusable mailing lists, and once you get on such a list you will see a huge increase in bogus subscriptions. > Granted, it is considered a good practice, but is not required > of a listserv. Alas, delivering the emails your listserv sends is *also* not required, and many of them will end up being blocked as the abusers subscribe unwilling victims and some of the victims report you to spamcop and other blocklists and ask their system admins to block your IP address. If you really want to take the position that getting a person's consent before sending them a bunch of email is "not required", then please don't complain when a bunch of your recipients start asking why your emails are blocked; delivering those emails is also "not required." >However, there are a couple of us on the administrative >roster who do think that some type of confirmation would be a good idea. >So, perhaps this option will be explored more in the future. I urge you in the strongest possible terms to not wait. Do what is suggested in the following webpages http://www.cluelessmailers.org/info/listmanagement.html http://www.mail-abuse.com/an_listmgntgdlines.html now, before net-abusers discover that you have given them a loaded gun to "punish" their enemies with and destroy your reputation while doing it. -- G.M. From nobody at devnull.spamcop.net Mon May 1 14:56:05 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon May 1 15:00:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35b0s$7ge$1@news.spamcop.net... > > http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html > > The forum discussion and question about requiring 2 seems to have never > been confirmed by anyone, unless you can find it in that forum > discussions which I don't like to dredge thru' repeatedly looking for > something. I prefer nice simple plaintext to dig thru' instead of html. Ummmm ... RW / Richard is one of the Deputies .... > The 'illustration' of information from a spamcop parse in the 2nd link > which would seem to imply that 2 reporters are required was > 'discordant' -- in that the parser's verbose output mentioned a 2 > reporter 'requirement' which wasn't met, but then 'turned around' and > said there were two reporters. RW did say to "read carefully" ..... the question was about an IP address getting listed by a single reporter .... the answer was dealing with an IP address that had been listed already, such that another report was seen as a "reoccurrence" of the spew .... not quite the same thing. Not addressed at all was just how (in that case) just two reports could have been sufficient to trip the flag .... but that's a whole different issue. > And, my experience with the verbose is that it cannot be counted on to > say what it really means or mean what it says -- and in any case the > algorithm and its verbose are highly dynamic, unstable, and perpetually > changing and cannot be relied upon as a 'real' verification of a > requirement which hasn't been verified in the faq or by a deputy or > Julian that I can find so far. And I doubt you will .. that "not for public consumption" thing again ... > I only see people 'assuming' it to be the case. I think they are > confused by the verified one report concept -- melding it into a one > reporter concept. Once again, dialog with the Deputies has them repeatedly advising that the two-reporter thing is a fact .... but even I'll point out that these folks are not the actual coders of the toolset .... From MikeE at ster.invalid Mon May 1 13:06:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 15:10:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: WazoO wrote: > "Mike Easter" >> http://forum.spamcop.net/forums/lofiversion/index.php/t6038-50.html >> >> The forum discussion and question about requiring 2 seems to have >> never been confirmed by anyone, unless you can find it in that forum >> discussions which I don't like to dredge thru' repeatedly looking for >> something. I prefer nice simple plaintext to dig thru' instead of >> html. > > Ummmm ... RW / Richard is one of the Deputies .... And Richard the deputy did *not* answer the question which was asked, but instead stated, enigmatically, "read carefully..." blah blah -- when in fact the question was crystal clear, Is it or is it not necessary for 2 or more reporters to report an IP to become listed. Richard didn't answer that and he had a perfectly good opportunity to say Yes or No. He chose to say neither. > RW did say to "read carefully" Which was non helpful in the context of the question that /Steve/ presented: "I have sent a request to the deputies to clarify this issue. It has always been my understanding (perhaps back to my usenet days) that it required 2 REPORTERS to list an IP address, but the actual FAQ (http://www.spamcop.net/fom-serve/cache/297.html) states: The SCBL will not list an IP address with only one report filed." Then, Richard cited that statement and answered 'read carefully'. Big help. >> I only see people 'assuming' it to be the case. I think they are >> confused by the verified one report concept -- melding it into a one >> reporter concept. > > Once again, dialog with the Deputies has them repeatedly advising > that the two-reporter thing is a fact .... Show me where. Richard didn't say that in the link above when asked directly. And you haven't cited anything else. > but even I'll point out > that these folks are not the actual coders of the toolset .... -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon May 1 13:44:25 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 15:45:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> Do the headers hint at what list software is being used? > > My gut and some other findings like where Michael A. Robinton converses > are causing me to lean toward believing the software is Majordomo > http://www.greatcircle.com/majordomo/ If you are correct then someone /is/ lying. The link you provided says one of the features of Majordomo is that it "Supports confirmation of subscriptions, to protect against forged subscription requests." From MikeE at ster.invalid Mon May 1 14:12:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 16:15:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> Tim McGraw wrote: >> >>> Do the headers hint at what list software is being used? >> >> My gut and some other findings like where Michael A. Robinton >> converses are causing me to lean toward believing the software is >> Majordomo http://www.greatcircle.com/majordomo/ > > If you are correct then someone /is/ lying. > > The link you provided says one of the features of Majordomo is that it > "Supports confirmation of subscriptions, to protect against forged > subscription requests." You like that 'lying' term more than I do. Not only is it inflammatory, it presumes facts not in evidence, including intent. It is my understanding that majordomo supports confirmed optin by default. What I am not up to understanding is how the IP admin has chosen to configure the 'pathways' of using majordomo and its incorporation of the human oversight and profile process -- all of which is elaborated from an 'external' administration by email description at the link I gave. That is, I can read what a 'lay' non-IT-tech can do administratively from the 'outside' of majordomo which name is not even mentioned in the administrative pages. What I am not familiar with is how to IT-tech configure the actual software majordomo so as to both enable confirmed optin while maintaining the current human oversight profile management descibed in the length external email administration. That is, said another way: There is a very 'elaborate' external administration by email routine established in 1999 for the IP volunteers by Michael and Mary Jean who are familiar with the 'workings' of majordomo - which I am not - and those elaborate external administrative routines result in the type of non-confirmed optin which we are now dealing with, and with which the human oversight business is met to the satisfaction of someone adminstrative at IP. What would need to happen would be a rewrite [who knows how much, a little or a lot?] and retraining of the external administrative process for the majordomo which would incorporate its presumed 'builtin' confirmed optin character. However -- what we presume is that the *current* version of majordomo does confirmed optin by default. We don't know which version of majordomo we are dealing with here, and in fact, it is currently a guess as to whether it is actually majordomo of any version or not. -- Mike Easter kibitzer, not SC admin From Someone at invalid.foo Mon May 1 22:45:49 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 16:50:04 2006 Subject: [SpamCop-List] Feature idea: Strip X-Headers Message-ID: I use my spamcop.net reporting (paid) account with mundged reports selected. However, my personal domain name sometimes shows up in x-headers. Recently, someone did a backscatter-come-joe-job, which is still ongoing. I would like to be able to manually select certain X-Headers to be stripped out or mundged AND/OR have the ability to have certain keywords stripped out on mundged, such as my personal and/or identifying domain names. Thanks From tmcgraw at spamcop.net Mon May 1 14:46:53 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 16:50:07 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >> If you are correct then someone /is/ lying. >> >> The link you provided says one of the features of Majordomo is that it >> "Supports confirmation of subscriptions, to protect against forged >> subscription requests." > > You like that 'lying' term more than I do. Not only is it inflammatory, > it presumes facts not in evidence, including intent. Fair enough. > What I am not familiar with is how to IT-tech configure the actual > software majordomo so as to both enable confirmed optin while > maintaining the current human oversight profile management descibed in > the length external email administration. Well stated. > What would need to happen would be a rewrite [who knows how much, a > little or a lot?] and retraining of the external administrative process > for the majordomo which would incorporate its presumed 'builtin' > confirmed optin character. However -- what we presume is that the > *current* version of majordomo does confirmed optin by default. We > don't know which version of majordomo we are dealing with here, and in > fact, it is currently a guess as to whether it is actually majordomo of > any version or not. Noted. From borgholio at storymind.com Mon May 1 14:45:53 2006 From: borgholio at storymind.com (Borgholio) Date: Mon May 1 16:50:09 2006 Subject: [SpamCop-List] Archiving Spam Message-ID: I just realized that my Thunderbird Junk folder is full of spam that is as much as several years old. Would there be any purpose to keeping this stuff tucked away, or should I just nuke it all? From tmcgraw at spamcop.net Mon May 1 14:51:30 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 16:55:03 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Andy wrote: > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? Illegal. See http://www.investopedia.com/ask/answers/05/061205.asp > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. The conventional wisdom seems to be that investors, NOT the owners of the small or microcap company themselves, buy up penny stocks creating an artificial demand through spam, raising the stock's price for a very short period. At which time those investors obviously sell. From bar_n0ne at hotmail.com Mon May 1 17:13:30 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:15:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Andy" wrote in message news:e358h6$5pi$1@news.spamcop.net... > The P&D scam was completely new to me until a few weeks ago when I started > getting a load of backscatter from a scammer - mail bounces coming to > randomly generated user names (typically 3 to 5 random characters) at my > domain. The originating IPs of the scam mails appears to indicate a number > of bots located around the world, mostly South Korea, Latin America and > Texas(!), with a few in Germany. > > I have researched some of the P&D companies and one is apparently a > microscopic oil company located in Canada. There are only 39 share holders > and the company appears to consist of one guy - the 'CEO'. The share price > has increased by 44% recently. > > My questions are therefore - > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > > 2. If it is illegal then where would you make a report? Given that there > appear to be only 39 possible beneficiaries in this company it shouldn't be > too hard to trace the scammer. > > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. > > > An additional question - can you confirm that Spamcop encourages reporting > the mail bounces themselves as spam? I've seen this suggestion a few times > on the forums. Originally I was just annoyed by the scammer but the > frequency of the incorrectly bounced mail is not decreasing and I'm actually > getting more fed up with mail servers that are incapable of recognising a > spoofed return address. > > As an aside - you wouldn't believe how many people out there send > out-of-office autoresponses in reply to mail originating from outside their > local networks... or maybe you would. :-) > > Thanks > Andy > > > P&D is Illegal, but difficult to prove. It depends on where the shares have been traded, probably at the Vancouver Stock Exchange,which is part of the TSX, so you need to file a formal complaint with the Ontario, and, British Columbia Securities comissions, they have a web page, complaint would have to be on paper., I would CC the NASDAQ and SEC (USA) also. Because these shares may be purchased over the counter anywhere, in particular anywhere they pump, that means multiple jurisdictions could (in principle) get involved. Several of the companies i have seen share a president or chairman who lives in Penticton BC., probably has several names and one house. One of the garment manufacturers I've seen has years of letters of intent to buy this and that, but no revenues for several years, like 0 revenue, and negative income. I guess anyone can write a letter stating they intend to do something and then sign it and announce the writing of their signature. They don;t have to actually send the letter anywhere. From dws at dealing-with-spam.info Tue May 2 00:13:50 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon May 1 17:15:06 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> <6h8eaq0ycu51.9xmt3wujifpo.dlg@40tude.net> Message-ID: Patty wrote on Mon, 1 May 2006 09:08:21 -0400: > I am being told that with the current software, sending out a confirmation > email would result in that person being subscribed automatically. Sorry to be so blunt, but your current software sucks. > Modifying it would be difficult and then would be very difficult to > maintain when new versions came out. We are using a standard software > package (I have not been told which one) and it is very big. Could you find out which one? There are many people here who maintain mailing lists such as yours and they'll be able to tell you flat out whether or not it's true that a request for confirmation equates to a confirmed signup. From bar_n0ne at hotmail.com Mon May 1 17:18:29 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:20:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Tim McGraw" wrote in message news:e35scg$is2$2@news.spamcop.net... > Andy wrote: > > > > 1. Is P&D actually illegal or is it a case of 'caveat emptor'? > > Illegal. See http://www.investopedia.com/ask/answers/05/061205.asp > > > 2. If it is illegal then where would you make a report? Given that there > > appear to be only 39 possible beneficiaries in this company it shouldn't be > > too hard to trace the scammer. > > The conventional wisdom seems to be that investors, NOT the owners of > the small or nanocrap company themselves, buy up penny stocks creating > an artificial demand through spam, raising the stock's price for a very > short period. At which time those investors obviously sell. Yeah, but these stocks are so thinly held, I think that the investors are the principals in most of these. That "It wasn't us " excuse just doesn't wash look at KooKy Oil ;) , they contract with nonexistent companies for meaningless well surveys etc. according to their announcements.. I'd be really surprised , if at the end of the day the spam and some principal at kooky are well connected. From tmcgraw at spamcop.net Mon May 1 15:29:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 1 17:30:03 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: Berny wrote: > > P&D is Illegal, but difficult to prove. > > It depends on where the shares have been traded, probably at the Vancouver > Stock Exchange,which is part of the TSX, so you need to file a formal > complaint with the Ontario, and, British Columbia Securities comissions, > they have a web page, complaint would have to be on paper., I would CC the > NASDAQ and SEC (USA) also. I'm not an investor, but I don't believe NASDAQ has anything to do with microcaps. From bar_n0ne at hotmail.com Mon May 1 17:43:19 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon May 1 17:45:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35b0s$7ge$1@news.spamcop.net... > I only see people 'assuming' it to be the case. I think they are > confused by the verified one report concept -- melding it into a one > reporter concept. > > -- > Mike Easter > kibitzer, not SC admin > Well the messages I recall were specifically about requiring 2 reporting accounts, so one reporter could do this, but like you could, they would need to submit and report their spam through 2 accounts. From nttp.sc.s at bigsleep.org Mon May 1 22:56:09 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon May 1 18:00:03 2006 Subject: [SpamCop-List] Re: Archiving Spam References: Message-ID: On 01 May 2006, - Borgholio entered spamcop and left news:e35s5e$d7p$1@news.spamcop.net: > I just realized that my Thunderbird Junk folder is full of spam that is > as much as several years old. Would there be any purpose to keeping > this stuff tucked away, or should I just nuke it all? > I archive all my mail several times a year. You can search for a file called "Junk", that is if you don't know where your Thunderbird Profile and Mail is stored. There will be a Junk.msf (message summary file) right next to it, which doesn't need to be saved. Archive it, as in zip it up, then store it somewhere, it'll take up very little space then. I store them by year, as in "mail/2005". Since this is simply a text file, you can easily search it for text strings, so you could see how much spam you got last year, what IPs it came from, or whatever. You can even rename it (to avoid copying over new mail), then copy it back in the Mail folder, and reopen it in the program again. Each message starts with the line "From -" like this... >From - Sun Dec 05 11:46:50 2004 You can do this with all your Thunderbird/Mozilla/Seamonkey mail "folders", and once archived you can delete all the messages from within the program. You could just delete the Junk and Junk.msf files, but I recomend you delete messages from within the program. -- | Ric | From g.hyde at bigpond.net.au Tue May 2 09:15:51 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon May 1 18:20:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: "Mike Easter" wrote in message news:e35m7e$fcq$1@news.spamcop.net... > WazoO wrote: >> RW did say to "read carefully" > > Which was non helpful in the context of the question that /Steve/ > presented: > > "I have sent a request to the deputies to clarify this issue. It > has always been my understanding (perhaps back to my usenet days) that > it required 2 REPORTERS to list an IP address, but the actual FAQ > (http://www.spamcop.net/fom-serve/cache/297.html) states: The SCBL will > not list an IP address with only one report filed." > > Then, Richard cited that statement and answered 'read carefully'. Big > help. The actual link you quoted above sets out in sufficient detail how an IP can get listed. I can understand that - why do you have a problem with READING what Richard asked you to in the first place?? Here is a large chunk of the above link that I think you SHOULD read, cause I'm way dumber than you are (insofar as mucking around with spam and headers anyway) and I can quite easily understand it: SCBL Rules The system currently operates based on these rules: SCBL lists IP addresses with a large number of reports relative to reputation points. The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible. The SCBL weights reports depending on how recently the mail was received (or "freshness"): The SCBL counts the most recently received reports 4:1. The SCBL counts reports for email 48 hours and older 1:1, with a linear sliding scale between the most recent and 48 hours past. The SCBL ignores reports for email received more than one week ago. The SCBL uses Spamtrap reports to weight total reports. For spamtrap scores less than 6, the SCBL multiplies by 5 the quantity of spamtrap reports and adds this to the report score. For larger spamtrap scores, the SCBL squares the quantity. Examples: If an IP address has 2 spamtrap reports and 3 SpamCop user-reported reports, its weighted score is 13: (2 * 5) + 3 = 13. If a host has 7 spamtrap reports and 3 manual reports, its weighted score is 52: (7 * 7) + 3 = 52. The SCBL does not count reports regarding URLs or addresses in the body of the email. Therefore, the SCBL does not list websites or email addresses used to receive replies in reported email, unless that IP is also used to send the mail. The SCBL will not list an IP address with only one report filed. With only two reports against an IP address, the SCBL will list the IP address for a maximum of 12 hours after the most recent reported mail was sent. HTH. If you have a part of that which you don't understand please ask. I'm sure myself and other enthusiastic posters will gladly fill in the blanks. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Mon May 1 16:41:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 18:45:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Geoffrey Hyde wrote: > HTH. If you have a part of that which you don't understand please > ask. I'm sure myself and other enthusiastic posters will gladly fill > in the blanks. I understand everything in that faq, and in fact, I have cited the one salient line about not listing for one report. Which is not at all the same thing as multiple reports by one single reporter account. There is nothing in what you posted that gives any indication that if a single reporting address or 'reporter account' reported sufficient spam items for an IP to become mathematically eligible for listing, that it wouldn't be listed. There is nothing in all of what you posted that would explain what I linked to here earlier being a part of a confusing verbose: "but there are fewer than two individual users reporting" Posting a lot of lines you copied from a faq page doesn't do anything to clarify the issue. You haven't added anything helpful at all. -- Mike Easter kibitzer, not SC admin From Someone at invalid.foo Tue May 2 01:03:57 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 19:05:03 2006 Subject: [SpamCop-List] Spamcop blocking SSH tunelling / COTSE? Message-ID: Any spamcop users out there who can help with this, please? I can proxy read news.spamcop using SSH forwarding, but when I try and post the following happens: Outlook Express could not post your message. Subject '', Account: 'news.spamcop.net', Server: '127.0.0.1', Protocol: NNTP, Server Response: '440 Posting not allowed', Port: 120, Secure(SSL): No, Server Error: 440, Error Number: 0x800CCCA9 Port 120, listed above, is the local reading port. The remote port is still news.spamcop.net:119 From Someone at invalid.foo Tue May 2 01:23:44 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Mon May 1 19:25:03 2006 Subject: [SpamCop-List] Re: Spamcop blocking SSH tunelling / COTSE? References: Message-ID: "Someone who hates spam" wrote in message news:e3644u$ooq$1@news.spamcop.net... > Any spamcop users out there who can help with this, please? > > I can proxy read news.spamcop using SSH forwarding, but when I try and > post the following happens: > > > Outlook Express could not post your message. Subject '', > Account: 'news.spamcop.net', Server: '127.0.0.1', Protocol: NNTP, > Server Response: '440 Posting not allowed', Port: 120, Secure(SSL): > No, Server Error: 440, Error Number: 0x800CCCA9 > > > Port 120, listed above, is the local reading port. > > The remote port is > still news.spamcop.net:119 > > > Turns out that spamcop block the COTSE proxy. From MikeE at ster.invalid Mon May 1 17:25:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 19:30:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: In 2006 Feb jeffg sed: "at last check Reports from two or more humans are necessary for an IP Address to be listed by the SCBL." http://news.spamcop.net/pipermail/spamcop-list/2006-February.txt >From jeffg at spamcop.net Fri Feb 24 03:49:49 2006 Date: Fri Feb 24 03:50:03 2006 Subject: [SpamCop-List] Re: Need help To get our system setup correctly Message-ID: That two or more humans is certainly in error, as we/I have seen listings based on spamtraps only; and I also think it is another reflection or 'misstatement' of the two or more report requirement. It is my belief that the basis for a listing is a sufficient number of 'points' -- however they might be derived, all from spamtraps, all from one reporter, or any combination thereof. The explanation of the SCbl doesn't state exactly how the reputation or traffic points are used in the calculation, nor does it clarify how those points are derived. But the faq sez that if there is only one report, the implication being whether it is a spamtrap report or a human report doesn't matter, that the IP would not be listed, regardless of how low its reputation points. There is nothing in the scoring system other that the 'one report' statement that puts any other restrictions on the scoring of points for a listing, most specifically it does not require two different humans or nor even any humans, for that matter. The subject of whether or not the algorithm should list based on spamtraps only has been discussed, and a deputy stated that spamtraps were more reliable as in less error prone than humans -- ergo there was no problem with listing for spamtrap hits only. By my interpretation, there would have to be two or more reports, any kind of report; one spamtrap one human, two spamtraps, two same human reports would all be suficient if that achieved a high enough score considering the reputation points. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon May 1 17:51:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 1 19:55:03 2006 Subject: [SpamCop-List] Re: Spamcop blocking SSH tunelling / COTSE? References: Message-ID: Someone who hates spam wrote: > Turns out that spamcop block the COTSE proxy. Perhaps it has been used to abuse the spamcop newsgroups in the past by the trollish spoofer I mentioned in my recent posts on this subject alt.cotse. If cotse is going to allow its proxy to be used to abuse the SC newsserver, then it should be permanently blocked. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Tue May 2 04:47:33 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon May 1 23:50:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On 01 May 2006, - Berny entered spamcop and left news:e35vdp$ljp$1@news.spamcop.net: > Well the messages I recall were specifically about requiring 2 reporting > accounts, so one reporter could do this, but like you could, they would > need to submit and report their spam through 2 accounts. > Where would be the logic in that? I have over a dozen valid eMail addresses, and only use 1 Spamcop reporting account. Certainly multiple addresses receiving the same message is greater proof that is it spam, and even multiple messages sent to the same address proves a greater amount of (possible) spam. -- | Ric | From nobody at devnull.spamcop.net Tue May 2 00:28:29 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 00:30:03 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: "Andy" wrote in message news:e358h6$5pi$1@news.spamcop.net... > > 3. At the end of the day would anyone actually follow this up or would I be > wasting my time? The scammer may make a few bucks but he won't be retiring > on the proceeds of this one. If you want to believe the "bragging" ..... http://spamkings.oreilly.com/archives/2006/03/stock_spammers_stung_by_secret.html#trackbacks "According to the February 17 complaint, Moeller boasted to a fellow spammer (working for the feds as a confidential informant or CI) that he and Vitale were making $40,000 per week sending spam that touted shares of small-cap stocks -- a practice known as pump-and-dump spamming. The two operated a company called Viatelecom aka Via Telecom LLC to do their stock deals. In an April, 2005 instant message conversation with the CI, Moeller claimed that he had 40 servers for sending spam, as well as 35,000 "peas" or proxies to disguise the true origin of the spams. He said he exclusively spammed AOL members and boasted he could send millions of spams per hour, with less than 20 percent getting caught in AOL's spam filters." From nttp.sc.s at bigsleep.org Tue May 2 05:56:56 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 01:00:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 01 May 2006, - Mike Easter entered spamcop and left news:e35q3m$hrd$1@news.spamcop.net: > What I am not familiar with is how to IT-tech configure the actual > software majordomo so as to both enable confirmed optin while > maintaining the current human oversight profile management descibed in > the length external email administration. > According to the documentation I have on Majordomo and MajorCool, this is how it works. First, I believe, but can't be sure, that the web form sends an eMail to the admin. The admin checks the subscription, then adds the address to the Majordomo list which sends out the welcome message. I can't be sure how this process is set up at IP, however I can interject here at the point of "add the address to the Majordomo list" with this documentation: ---------- 3.7. Further Testing of the Configuration ... To see if the aliases are working properly, try subscribing and unsubscribing yourself to the list. [jarchie@kes jarchie]$ echo subscribe test | mail majordomo You will receive an E-mail message containing instructions on how to confirm your subscription as well as a letter confirming that your command was successful. After sending back your confirmation, Majordomo should send back two letters--one letter stating that your subscribe request was successful and another letter welcoming you to the test list. The owner of the list will also be sent a message stating that you have subscribed to the list. To unsubscribe from a list, send a unsubscribe command [jarchie@kes jarchie]$ echo unsubscribe test | mail majordomo You should be sent back a letter stating that your command was successful. ---------- So, either: confirmation is turned off, subscription is automatic, and the admin adds the subscription information (not needed by Majordomo) to a database or unsubscribes that address. Or: confirmation is turned off, subscriptions are manually added by the admin. It seems pretty simple to me to turn on confirmation and do manual subscriptions, and seems like a good idea anyway. Since they claim to do manual confirmation, the admin can simply subscribe the ones they would not otherwise unsubscribe, and ignore the rest. -- | Ric | From nttp.sc.s at bigsleep.org Tue May 2 06:38:32 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 01:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 01 May 2006, - Blammo entered spamcop and left news:Xns97B6DF8058716blammo@216.154.195.61: > Or: confirmation is turned off, subscriptions are manually added by the > admin. > Further reading leads me to believe that they are using the "approve" option... Approval ======== When Majordomo requests your approval for something, it sends you a message that includes a template of the approval message; if you concur, you simply need to replace "PASSWORD" in the template with your list password, and send the template line back to Majordomo. ... You can approve any "subscribe" or "unsubscribe" request, regardless of whether Majordomo has requested this approval, with an "approve" command. Thus, you can subscribe or unsubscribe people from your list without them having to send anything to Majordomo; just send an appropriate "approve PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST ADDRESS" command off to Majordomo. ... In addition, the following is from the majordomo config file... 'subscribe_policy', "One of three values: open, closed, auto; plus an optional modifier: '+confirm'. Open allows people to subscribe themselves to the list. Auto allows anybody to subscribe anybody to the list without maintainer approval. Closed requires maintainer approval for all subscribe requests to the list. Adding '+confirm', ie, 'open+confirm', will cause majordomo to send a reply back to the subscriber which includes a authentication number which must be sent back in with another subscribe command.", ... Confirmation has been an option for quite some time, so if that is not an option, obviously they need to upgrade. -- | Ric | From nobody at nowhere.not Tue May 2 07:17:54 2006 From: nobody at nowhere.not (Robert Blair) Date: Tue May 2 02:20:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: On Mon, 1 May 2006 23:25:23 UTC, "Mike Easter" wrote: > "at last check Reports from two or more humans are necessary for an IP > Address to be listed by the SCBL." > > http://news.spamcop.net/pipermail/spamcop-list/2006-February.txt > > From jeffg at spamcop.net Fri Feb 24 03:49:49 2006 > Date: Fri Feb 24 03:50:03 2006 > Subject: [SpamCop-List] Re: Need help To get our system setup correctly > Message-ID: > > That two or more humans is certainly in error, as we/I have seen > listings based on spamtraps only; and I also think it is another > reflection or 'misstatement' of the two or more report requirement. What is the error? The quote from jeff says two humans, a spamtrap is not a human. So a single spamtrap could list the IP. -- Robert Blair From nobody at spamcop.net Tue May 2 08:40:09 2006 From: nobody at spamcop.net (TimeLord) Date: Tue May 2 02:45:03 2006 Subject: [SpamCop-List] Re: Feature idea: Strip X-Headers References: Message-ID: "Someone who hates spam" wrote in message news:e35s21$iu2$1@news.spamcop.net... >I use my spamcop.net reporting (paid) account with mundged reports >selected. > > However, my personal domain name sometimes shows up in x-headers. > > Recently, someone did a backscatter-come-joe-job, which is still ongoing. > > I would like to be able to manually select certain X-Headers to be > stripped > out or mundged AND/OR have the ability to have certain keywords stripped > out > on mundged, such as my personal and/or identifying domain names. > > Thanks I'd go with that. I've been thinking for some time that X-Headers in mails I report often contain detail I'd rather not be passed on. Kev From MikeE at ster.invalid Tue May 2 01:02:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 03:05:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Robert Blair wrote: >"Mike Easter" >> "at last check Reports from two or more humans are necessary for an >> IP Address to be listed by the SCBL." > What is the error? The quote from jeff says two humans, a spamtrap is > not a human. So a single spamtrap could list the IP. "reports from two or more humans are necessary" I'm saying no humans are necessary, as opposed to two humans being required, spamtraps are sufficient; "reports from two or more (different) humans are necessary" and that one human (reporting account) is sufficient if that human account approves sufficient numbers of reports, such as two. I suppose you could call it semantics -- you want to be sure that semantics is about what something *means*. The only statement I understand and grasp comprehensively is "One report is not sufficient" [of any kind, spamtrap or human]. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Tue May 2 06:24:21 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue May 2 06:25:11 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> In article , "Robert Blair" writes: > What is the error? The quote from jeff says two humans, a spamtrap is > not a human. So a single spamtrap could list the IP. That has long been my understanding of how it works. 2 humans or 1 spamtrap. From patty1515NOSPAM at gmail.com Tue May 2 08:58:30 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 08:00:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > On 01 May 2006, - Blammo entered spamcop and left > news:Xns97B6DF8058716blammo@216.154.195.61: > >> Or: confirmation is turned off, subscriptions are manually added by the >> admin. >> > > Further reading leads me to believe that they are using the "approve" > option... > > Approval ======== > When Majordomo requests your approval for something, it sends you a message > that includes a template of the approval message; if you concur, you simply > need to replace "PASSWORD" in the template with your list password, and > send the template line back to Majordomo. > ... > You can approve any "subscribe" or "unsubscribe" request, regardless of > whether Majordomo has requested this approval, with an "approve" command. > Thus, you can subscribe or unsubscribe people from your list without them > having to send anything to Majordomo; just send an appropriate "approve > PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST > ADDRESS" command off to Majordomo. > > ... > > In addition, the following is from the majordomo config file... > > 'subscribe_policy', > "One of three values: open, closed, auto; plus an optional > modifier: '+confirm'. Open allows people to subscribe themselves to > the list. Auto allows anybody to subscribe anybody to the list without > maintainer approval. Closed requires maintainer approval for all > subscribe requests to the list. Adding '+confirm', ie, > 'open+confirm', will cause majordomo to send a reply back to the > subscriber which includes a authentication number which must be sent > back in with another subscribe command.", > I believe we must be set to closed in some manner. The list maintainer must subscribe NEW people. You cannot subscribe yourself to the list without first supplying a profile and request to the Administration. So, would not 'open+confirm' negate that setup by allowing someone to subscribe themself? Just trying to understand this. Thanks. Patty From nobody at devnull.spamcop.net Tue May 2 10:19:09 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue May 2 09:20:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: "Patty" wrote in message news:j7xu4ynj11h9$.rn3y1um2rgc4.dlg@40tude.net... > On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > >> On 01 May 2006, - Blammo entered spamcop and left >> news:Xns97B6DF8058716blammo@216.154.195.61: >> >>> Or: confirmation is turned off, subscriptions are manually >>> added by the >>> admin. >>> >> >> Further reading leads me to believe that they are using the >> "approve" >> option... >> >> Approval ======== >> When Majordomo requests your approval for something, it sends >> you a message >> that includes a template of the approval message; if you >> concur, you simply >> need to replace "PASSWORD" in the template with your list >> password, and >> send the template line back to Majordomo. >> ... >> You can approve any "subscribe" or "unsubscribe" request, >> regardless of >> whether Majordomo has requested this approval, with an >> "approve" command. >> Thus, you can subscribe or unsubscribe people from your list >> without them >> having to send anything to Majordomo; just send an appropriate >> "approve >> PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD >> unsubscribe LIST >> ADDRESS" command off to Majordomo. >> >> ... >> >> In addition, the following is from the majordomo config >> file... >> >> 'subscribe_policy', >> "One of three values: open, closed, auto; plus an optional >> modifier: '+confirm'. Open allows people to subscribe >> themselves to >> the list. Auto allows anybody to subscribe anybody to the list >> without >> maintainer approval. Closed requires maintainer approval for >> all >> subscribe requests to the list. Adding '+confirm', ie, >> 'open+confirm', will cause majordomo to send a reply back to >> the >> subscriber which includes a authentication number which must >> be sent >> back in with another subscribe command.", >> > > I believe we must be set to closed in some manner. The list > maintainer > must subscribe NEW people. You cannot subscribe yourself to > the list > without first supplying a profile and request to the > Administration. So, > would not 'open+confirm' negate that setup by allowing someone > to subscribe > themself? > > Just trying to understand this. > > Thanks. > > Patty Open +confirm, I believe, was simply an example. It looked like it could be used with any of the options. e.g. option +confirm. So it could be used wtih any of the options. Please read the description references for what 'confirmed subscriptions' are. You don't sound as though you've read them at all? Pop From MikeE at ster.invalid Tue May 2 08:25:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 10:30:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: POP wrote: > Please read the description references for what 'confirmed > subscriptions' are. You don't sound as though you've read them > at all? Try to understand where the 'disconnect' is here -- and this is based on some assumptions, which are probably valid. Majordomo is the listserv software. It actually doesn't handle any mail, but it sets up the instructions for some mail server software. Patty is not the listserv software majordomo 'manager' -- which is Michael Robinton and perhaps others. Majordomo was designed to be remotely administered by 'others' who have no access to the server or the server's software or the server's software's listserv software majordomo. This remote administration can be done by email -- or if implemented by a web manager called MajorCool. Michael Robinton and Mary Jean Renstrom wrote up a very very detail set of instructions to guide the non-tech volunteers about how to communicate by email with the majordomo software. They actually may not even know the majordomo software's name or anything about its configuration. Patty is one of the several volunteers who administers for the mailing lists by this email correspondence and its numerous webpages of guidelines for how to do so. We have determined that majordomo should be configured for optin confirmation. Patty and the other volunteers have no control over that, they only can control what they can administer to by email. The necessary reconfiguration would have to be done by Michael, and following that reconfiguration, some adjustment to the pages of guidelines which were written in 1999. It is possible that the majordomo version is of an old vintage. It is possible that the old majordomo is not so configurable. Majordomo's 'evolution' is described at the GreatCircle website -- in which the different versions may be incompatible with different versions of the Perl script and similar tediums. Patty ran into a snag when the list's server managed to get itself onto the SCbl. We've never seen the evidence, we only know what Patty told us had been told to her admin which had been told by covad the notify for the IP. Currently the headers do not parse to name the server, for whatever reason and significance that is at this point. The admin thinks it would be very difficult to reconfigure the majordomo or the majordomo plus the guidelines for the remote administration process. Ric doesn't think so. I'm not sure -- but it surely would require the motivation of Michael the majordomo admin or similar to do so because of the necessity to rewrite the guidelines a little or a lot, besides the majordomo reconfig. -- Mike Easter kibitzer, not SC admin From patty1515NOSPAM at gmail.com Tue May 2 11:37:49 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 10:40:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 07:25:31 -0700, Mike Easter wrote: > POP wrote: > >> Please read the description references for what 'confirmed >> subscriptions' are. You don't sound as though you've read them >> at all? > > Try to understand where the 'disconnect' is here -- and this is based on > some assumptions, which are probably valid. > > Majordomo is the listserv software. It actually doesn't handle any > mail, but it sets up the instructions for some mail server software. > > Patty is not the listserv software majordomo 'manager' -- which is > Michael Robinton and perhaps others. > > Majordomo was designed to be remotely administered by 'others' who have > no access to the server or the server's software or the server's > software's listserv software majordomo. This remote administration can > be done by email -- or if implemented by a web manager called MajorCool. > > Michael Robinton and Mary Jean Renstrom wrote up a very very detail set > of instructions to guide the non-tech volunteers about how to > communicate by email with the majordomo software. They actually may not > even know the majordomo software's name or anything about its > configuration. > > Patty is one of the several volunteers who administers for the mailing > lists by this email correspondence and its numerous webpages of > guidelines for how to do so. > > We have determined that majordomo should be configured for optin > confirmation. Patty and the other volunteers have no control over that, > they only can control what they can administer to by email. > > The necessary reconfiguration would have to be done by Michael, and > following that reconfiguration, some adjustment to the pages of > guidelines which were written in 1999. It is possible that the > majordomo version is of an old vintage. It is possible that the old > majordomo is not so configurable. Majordomo's 'evolution' is described > at the GreatCircle website -- in which the different versions may be > incompatible with different versions of the Perl script and similar > tediums. > > Patty ran into a snag when the list's server managed to get itself onto > the SCbl. We've never seen the evidence, we only know what Patty told > us had been told to her admin which had been told by covad the notify > for the IP. > > Currently the headers do not parse to name the server, for whatever > reason and significance that is at this point. > > The admin thinks it would be very difficult to reconfigure the majordomo > or the majordomo plus the guidelines for the remote administration > process. Ric doesn't think so. I'm not sure -- but it surely would > require the motivation of Michael the majordomo admin or similar to do > so because of the necessity to rewrite the guidelines a little or a lot, > besides the majordomo reconfig. I would like to know, however, where Ric got his information about the majordomo guidelines. I've searched the web and got some limited information about majordomo systems, but nothing that appeared to be as concise as what Ric had. I would love to read it, granted I may not understand a lot of it, but I still would like to be able to more familiarize myself with the process. Patty From MikeE at ster.invalid Tue May 2 08:52:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 10:55:05 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: > Mike Easter wrote: >> The admin thinks it would be very difficult to reconfigure the >> majordomo or the majordomo plus the guidelines for the remote >> administration process. Ric doesn't think so. I'm not sure -- but >> it surely would require the motivation of Michael the majordomo >> admin or similar to do so because of the necessity to rewrite the >> guidelines a little or a lot, besides the majordomo reconfig. > > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be > as concise as what Ric had. I would love to read it, granted I may > not understand a lot of it, but I still would like to be able to more > familiarize myself with the process. I think Ric has access to both Majordomo and MajorCool, its webadmin tool which can be used as an alternate to the emal management. I have done reading at the GreatCircle website [and also at the I-P admin website] but I've never handled any listserv or specifically Majordomo. As an outsider with zero experience managing lists as a listserv or majordomo admin or as a remote email admin of majordomo, the first solution that jumps into my mind, considering the difficulty of the IP mail admin 'writeup' or volunteer instruction pages, would be to implement the current version majordomo, because majordomo is what Michael knows, and also to implement the MajorCool web management administration tool for the volunteers. That assumes that by doing so, that everything which is currently operational would remain so, including the role of the volunteers and the profile management process of human oversight, plus the email optin confirmation step. If the webmanagement system were satisfactory or even preferred by the cadre of volunteers as well as the majordomo admins, then there would be no need for even a partial rewrite of the email admin instructions -- let it all be done by webadmin MajorCool. Otherwise, if the current email admin was required or preferred or necessary, there would need to be some perhaps little rewrite of the old 1999 email admin instructions. Maybe just a few sentences. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue May 2 09:07:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 11:10:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be > as concise as what Ric had. I would love to read it, granted I may > not understand a lot of it, but I still would like to be able to more > familiarize myself with the process. Maybe some clarification would be useful here. There are very many different softwares for performing majordomo or listserv functions, and those words are often used 'generically' -- like 'which' listserv/majordomo software? But, there are /actually/ 'brandname' products, namely Majordomo and Listserv -- where Majordomo's home is GreatCircle and LISTSERV is L-Soft's product. Majordomo is free and open source. L-Soft's listserv [caps] is a commercial product. We are assuming here [because I've seen Michael discussing Majordomo and because the majordomo description fits with the email remote admin at I-P] that the actual software is Majordomo, not some generic or 'other' listserv/majordomo. There is a brief wiki overview of Majordomo here http://en.wikipedia.org/wiki/Majordomo_%28software%29 Majordomo is an open source mailing list manager (MLM) developed by Brent Chapman of Great Circle Associates. It works in conjunction with sendmail on UNIX and related operating systems. There is a more comprehensive discussion of Majordomo at GreatCircle and faqs and free downloads http://www.greatcircle.com/majordomo/ Majordomo is a program which automates the management of Internet mailing lists. Commands are sent to Majordomo via electronic mail to handle all aspects of list maintenance. Once a list is set up, virtually all operations can be performed remotely by email, requiring no intervention upon the postmaster of the list site. (For a web-based interface to Majordomo, see the MajorCool add-on package). -- Majordomo controls a list of addresses for some mail transport system (like sendmail or smail) to handle. Majordomo itself performs no mail delivery (though it has scripts to format and archive messages). If you would download the free app's sourcecode and also have the ability to de-tar and de-gzip, I'm sure all of the docs can be found in there. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 2 09:27:01 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Tue May 2 11:30:04 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: Mike Easter wrote... > and that one human (reporting account) is sufficient if that human > account approves sufficient numbers of reports, such as two. That would be a Bad Thing. I think that it is safe to assume that Spamcop has some method in place that at least attempts to stop a single human from causing a listing. if it was simply a matter of getting a reporting account and faking two reports, I think that we would be seeing a lot of "revenge" listings. From patty1515NOSPAM at gmail.com Tue May 2 12:40:07 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 11:40:02 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On Tue, 2 May 2006 08:07:15 -0700, Mike Easter wrote: > If you would download the free app's sourcecode and also have the > ability to de-tar and de-gzip, I'm sure all of the docs can be found in > there. Yeah, Mike. I already did that. Interesting thing, I'm not sure what format the documents are written in, I've been able to open them in Word and get some information from them, but the formatting is not the best for easy reading. Notepad and Wordpad were even worse. I just haven't seen anything on GreatCircle or the documentation I've downloaded about processing new subscriptions other than the code used to subscribe someone. Unless I'm just not looking in the right place. When Ric brought up the switch for forcing confirmation on subscriptions (open+confirm) I haven't found anything yet that discussed that. I'm just going to have to assume that Michael knows what he is doing. I know that he has told me that it would take more than you think to rewrite the software he is using to implement a confirmation that would not result in an automatic sub using our setup. I can only accept what he tells me at this time. I do know that he is involved in tech forums for discussing how the mail list software works. I would think that if there were an easy fix, he would know it. I thank you again for all your help. You have treated me most graciously with my questions and my concerns. Patty From vxpy7do02 at sneakemail.com Tue May 2 09:44:53 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Tue May 2 11:45:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: "Patty" wrote in message news:j7xu4ynj11h9$.rn3y1um2rgc4.dlg@40tude.net... > On Tue, 2 May 2006 05:38:32 +0000 (UTC), Blammo wrote: > >> On 01 May 2006, - Blammo entered spamcop and left >> news:Xns97B6DF8058716blammo@216.154.195.61: >> >>> Or: confirmation is turned off, subscriptions are manually added by the >>> admin. >>> >> >> Further reading leads me to believe that they are using the "approve" >> option... >> >> Approval ======== >> When Majordomo requests your approval for something, it sends you a >> message >> that includes a template of the approval message; if you concur, you >> simply >> need to replace "PASSWORD" in the template with your list password, and >> send the template line back to Majordomo. >> ... >> You can approve any "subscribe" or "unsubscribe" request, regardless of >> whether Majordomo has requested this approval, with an "approve" command. >> Thus, you can subscribe or unsubscribe people from your list without them >> having to send anything to Majordomo; just send an appropriate "approve >> PASSWORD subscribe LIST ADDRESS" or "approve PASSWORD unsubscribe LIST >> ADDRESS" command off to Majordomo. >> >> ... >> >> In addition, the following is from the majordomo config file... >> >> 'subscribe_policy', >> "One of three values: open, closed, auto; plus an optional >> modifier: '+confirm'. Open allows people to subscribe themselves to >> the list. Auto allows anybody to subscribe anybody to the list without >> maintainer approval. Closed requires maintainer approval for all >> subscribe requests to the list. Adding '+confirm', ie, >> 'open+confirm', will cause majordomo to send a reply back to the >> subscriber which includes a authentication number which must be sent >> back in with another subscribe command.", >> > > I believe we must be set to closed in some manner. The list maintainer > must subscribe NEW people. You cannot subscribe yourself to the list > without first supplying a profile and request to the Administration. So, > would not 'open+confirm' negate that setup by allowing someone to > subscribe > themself? > > Just trying to understand this. > > Thanks. > > Patty What is the reason for an 'administrator' (manually) looking at the subscriber 'profiles'? That does not prevent someone from 'subscribing' someone else without their knowledge - 'profiles' are easily forges (most of the time that a site requires 'registration' in order to view it, I personally do not give any useful information as it is none of their business.) Therefore, how does the administrator determine who to deny registration to? And, ultimately, why do you even WANT to refuse a subscription, if someone is interested in IPs why do you or the subscriber have to go through all the hoops? -- A SpamCop user and forum reader, Not Admin From MikeE at ster.invalid Tue May 2 09:46:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 11:50:02 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works two or more users] References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1evh8vcq35soj$.c7kahuiwpym5$.dlg@40tude.net> <44556697.4020800@spamcop.net> Message-ID: G|_|Y |\/|AC0|\| wrote: > Mike Easter wrote... > >> and that one human (reporting account) is sufficient if that human >> account approves sufficient numbers of reports, such as two. > > That would be a Bad Thing. I think that it is safe to assume that > Spamcop has some method in place that at least attempts to stop a > single human from causing a listing. if it was simply a matter of > getting a reporting account and faking two reports, I think that we > would be seeing a lot of "revenge" listings. There are a lot of areas in which there are vulnerabilities to the system for abuse by a willful malcontent, and I don't think that 'directly' submitting bogus spams from a registered account would be a 'healthy' strategy for causing trouble or getting revenge -- so defending against that by requiring more than one account isn't a very sturdy defensive structure. Reporter reports only count 'one at a time'. Causing spamtrap hits causes the report numbers to be squared or multiplied into the next order of magnitude. Also, causing spamtrap hits could be done 'remotely' -- without exposing the actual account of the perpetrator. Creating an algorithmic defense requiring one more reporter account doesn't make much sense to me, while allowing all kinds of other hi-jinks. It is just as 'easy' [or hard] to get 'another' reporter account as it is to get one reporter account And besides; the logic or sensibleness of what we are talking about is a separate issue from what I'm trying to 'develop' in this discussion. I'm trying to get some admin in charge to categorically state this simple clarification about SC blocklisting. The faq goes into great details with exact numbers and all kinds of mathematical examples, but even when asked directly the admin hasn't stepped forward and straightened out this issue beyond the fact that more than one report is required. -- Mike Easter kibitzer, not SC admin From me at privacy.net Tue May 2 12:49:30 2006 From: me at privacy.net (Frog Prince) Date: Tue May 2 11:55:03 2006 Subject: [SpamCop-List] Re: Wondering about how SpamCop works References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "Patty" wrote in message news:itwt76zk3amr$.18lp9d1ebyzfq$.dlg@40tude.net... | On Sun, 30 Apr 2006 13:08:00 -0700, Mike Easter wrote: | | > So, one point is that I would recommend to the admins of your mailing | > lists that you have an email confirmation process in addition to | > whatever other things you want to do with profiles and correlating email | > addresses with IP addresses during the web signup. Whether you include | > the IP address of the signup process is another useful 'touch' that you | > might keep in mind. | > | > If you haven't been very troubled by bogus signups in 10 years you've | > been getting off easy. As you can see, it can cause a great deal of | > trouble for your subscribers to not have their mailing list managed | > properly. | > | > The possibility also exists that we are not dealing with a bogus signup, | > but a 'stupid' and bad spamcop reporter. | | Thanks, Mike. I will pass this information along. However, we are a | non-profit organization with only volunteers to handle the work of the mail | list. Sometimes it's hard to put more work on them. I will check with our | SysAdmin to see if a confirmation process can be put in place to | automatically send a confirmation to someone before subscribing them. | However, that still does not solve our current problem which is trying to | figure out who is causing the problem. Short of sending emails to nearly | 5,000 members to confirm that they want to be subscribed, I'm not sure what | else we can do. | | We have, in the past few years, added IP address and host name to the | information for each new subscriber, but with so many people using other | freebie email addresses such as hotmail and yahoo, sometimes that info | doesn't match, but at least it gives some trace as to where the request | came from. | | Thanks for your suggestions. I will pass them along. Off topic but as you're a non profit might look into: http://www.techsoup.org From MikeE at ster.invalid Tue May 2 10:07:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 2 12:10:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: Patty wrote: >Mike Easter wrote: > >> If you would download the free app's sourcecode and also have the >> ability to de-tar and de-gzip, I'm sure all of the docs can be found >> in there. > > Yeah, Mike. I already did that. > I just haven't seen anything on GreatCircle or the documentation I've > downloaded about processing new subscriptions other than the code > used to subscribe someone. Besides what is in the tar.gz, if you were going to look around the web, you would want to look at docs from/about the current version 1.94.5 -- since there are a lot of docs around from the mid 90/s. These are both from 1.94.5 http://www.faqs.org/docs/Linux-HOWTO/Majordomo-MajorCool-HOWTO.html Majordomo and MajorCool HOWTO http://www-uclink.berkeley.edu/major/major.new.html New Features available with Majordomo 1.94.5 -- The new version helps prevent forged mass subscription attacks by requiring that prospective subscribers to Majordomo lists confirm their subscription requests. When a person subscribes to a list, a message will be sent back to them with a confirmation code. They will then need to send the code back to Majordomo in order to be officially subscribed to the list. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 2 14:59:46 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 15:00:03 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC References: Message-ID: "Maxx Excaliber" wrote in message news:e3817j$2fj$1@news.spamcop.net... > Tracking URL: > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z > > Spamvertised URL: > http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php > > SpamCop does not recognize this as a valid URL. I was able to decode it > using a hex2dec convertor on the web. The hex part decodes to > 216.219.88.52. This should go to abuse@hostdepartment.com or > abuse@worldispnetwork.com > > Thanks. As posted in the Forum at http://forum.spamcop.net/forums/index.php?showtopic=6285 this should have been posted into spamcop or spamcop.help .... spamcop.routing is for where reports end up after a successful parse. I'm crossposting and setting follow-ups to the spamcop newsgroup. From tmcgraw at spamcop.net Tue May 2 13:30:01 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 15:30:04 2006 Subject: [SpamCop-List] [OT] phone spam Message-ID: I've read about this, but it's the first time it's happened to me. Despite being on the Do Not Call Registry I just received a pre-recorded message telling me that "the information I had requested on the Internet about extra income had been received" and it directed me to readfromhome.com. The incoming caller's number was blocked. So when I went to file a complaint at https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming the Web site as the company I was complaining about, I named the company as HostingISP/readfromhome.com. I also called the ISP and asked if I could leave a message for the owner (it's lunchtime here). In the message I succinctly described what happened and advised him that I would be filing a complaint with the FTC over readfromhome.com and unfortunately I had to name his company as well. I predict this will become a more prevalent way of spamming in the not-too-distant future as spam filtering becomes more aggressive and accurate. From patty1515NOSPAM at gmail.com Tue May 2 18:23:50 2006 From: patty1515NOSPAM at gmail.com (Patty) Date: Tue May 2 17:25:04 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: > I've read about this, but it's the first time it's happened to me. > > Despite being on the Do Not Call Registry I just received a pre-recorded > message telling me that "the information I had requested on the Internet > about extra income had been received" and it directed me to > readfromhome.com. The incoming caller's number was blocked. > > So when I went to file a complaint at > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming > the Web site as the company I was complaining about, I named the company > as HostingISP/readfromhome.com. > > I also called the ISP and asked if I could leave a message for the owner > (it's lunchtime here). In the message I succinctly described what > happened and advised him that I would be filing a complaint with the FTC > over readfromhome.com and unfortunately I had to name his company as well. > > I predict this will become a more prevalent way of spamming in the > not-too-distant future as spam filtering becomes more aggressive and > accurate. Speaking of phone spam and do not call lists. We get calls from businesses such as waterproofing basements, and when I tell them I'm on the Do Not Call List they explain that they are not selling anything but they are offereing to provide me with a free inspection. They are really trying to split hairs here. I still report them. Patty From tmcgraw at spamcop.net Tue May 2 17:31:29 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 19:35:06 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: References: Message-ID: Patty wrote: > > > > Speaking of phone spam and do not call lists. We get calls from businesses > such as waterproofing basements, and when I tell them I'm on the Do Not > Call List they explain that they are not selling anything but they are > offereing to provide me with a free inspection. They are really trying to > split hairs here. I still report them. They are splitting hairs, this is a common ploy, and yes they still should be reported. From none at none.none Tue May 2 21:20:35 2006 From: none at none.none (Pete) Date: Tue May 2 21:25:03 2006 Subject: [SpamCop-List] I'm curious, how does Amazon.com end up on the SCBL? Message-ID: It's a reputable site that doesn't spam, as far as I know, yet it still ends up in my Spamcop spam mail. How does this happen? Pardon my ignorance for how the system works. Here is the URL for the block: http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z From me at privacy.net Wed May 3 02:36:09 2006 From: me at privacy.net (Michael R N Dolbear) Date: Tue May 2 21:40:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: <01c66e3d$afa319c0$LocalHost@default> Tim McGraw wrote > I've read about this, but it's the first time it's happened to me. > > Despite being on the Do Not Call Registry I just received a pre-recorded > message telling me that "the information I had requested on the Internet > about extra income had been received" and it directed me to > readfromhome.com. The incoming caller's number was blocked. > > So when I went to file a complaint at > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming [...] > I predict this will become a more prevalent way of spamming in the > not-too-distant future as spam filtering becomes more aggressive and > accurate. Not really. Just as a Spam could say "as you requested on our web site" so can a attempt to get round the Do Not Call list. If the evidnce is missing or all the requests are from the same IP the owner of the outgoing call centre will have to drop his cleint with prejudice or be cut off. If the client generates a new company name and tries again the weak point is still the need to convince a call centre and the local phone company. Now if you could sign up with a VOIP provider with a throwaway account and run the whole thing from your PC that would be closer to the spam situation. Note however that the access to the PSTN to connect the call would still be a choke and observation point that the existance of zombies means Spam no longer has. BTW, I assume all the above was within the US ? The FCC apparently has no interest in automated Spam calls from Florida to Europe so you would have problems in such a case (Florida State government kindly took an interest) or if the call was to the US from anywhere outside. The EU requires every member to have a DNCL but hasn't considered what to do about transnational calls and thus there is no one to regulate calls anywhere to the UK or for that matter to Estonia. -- Mike D From me at privacy.net Tue May 2 22:35:45 2006 From: me at privacy.net (NotMe) Date: Tue May 2 21:45:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Pete" wrote in message news:e390h5$kte$1@news.spamcop.net... | It's a reputable site that doesn't spam, as far as I know, yet it still ends | up in my Spamcop spam mail. How does this happen? Pardon my ignorance for | how the system works. | | Here is the URL for the block: | http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z | I had a h*ll of a time with them a few years back. From me at privacy.net Tue May 2 22:40:45 2006 From: me at privacy.net (NotMe) Date: Tue May 2 21:45:06 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "Patty" wrote in message news:tuhj42nmp24q$.xd0idfddmogb$.dlg@40tude.net... | On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: | | > I've read about this, but it's the first time it's happened to me. | > | > Despite being on the Do Not Call Registry I just received a pre-recorded | > message telling me that "the information I had requested on the Internet | > about extra income had been received" and it directed me to | > readfromhome.com. The incoming caller's number was blocked. | > | > So when I went to file a complaint at | > https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming | > the Web site as the company I was complaining about, I named the company | > as HostingISP/readfromhome.com. | > | > I also called the ISP and asked if I could leave a message for the owner | > (it's lunchtime here). In the message I succinctly described what | > happened and advised him that I would be filing a complaint with the FTC | > over readfromhome.com and unfortunately I had to name his company as well. | > | > I predict this will become a more prevalent way of spamming in the | > not-too-distant future as spam filtering becomes more aggressive and | > accurate. | | Speaking of phone spam and do not call lists. We get calls from businesses | such as waterproofing basements, and when I tell them I'm on the Do Not | Call List they explain that they are not selling anything but they are | offereing to provide me with a free inspection. They are really trying to | split hairs here. I still report them. Invite them out for the free inspection. Best if there is a vacant lot in the neighborhood. I did that with a pest control company. took them a few months to figure things out. From tmcgraw at spamcop.net Tue May 2 20:01:33 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 2 22:05:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: <01c66e3d$afa319c0$LocalHost@default> References: <01c66e3d$afa319c0$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Tim McGraw wrote >> >> I predict this will become a more prevalent way of spamming in the >> not-too-distant future as spam filtering becomes more aggressive and >> accurate. > > Not really. Just as a Spam could say "as you requested on our web site" > so can a attempt to get round the Do Not Call list. If the evidnce is > missing or all the requests are from the same IP the owner of the > outgoing call centre will have to drop his cleint with prejudice or be > cut off. If the client generates a new company name and tries again the > weak point is still the need to convince a call centre and the local > phone company. I take it you are in Europe? Having hired phone centers in the US for legitimate marketing purposes many times, I can assure you that there is no shortage of call centers who will take on suspect clients so long as the check clears. Much the same way blackhat ISPs will take spammers' checks so long as they clear. I can't say for certain, but personally I don't believe a US call center has ever been "cut off" from the national phone system because they have a couple of suspect clients. And in the US, as long as the phone center's check clears, the phone company is going to provide them their connection so long as there is no evidence of overtly criminal activity (phishing by phone or making threats of bodily harm, for instance, and that's assuming those things are reported to the phone company; on criminal activity such as threats they will take action in the US, but most all other complaints will be ignored). In this case 1) the outbound message was automated (meaning a call center's warm bodies aren't really necessary) and 2) the caller ID was blocked. I could set up such a system in my home that would do this for me for <$5k US, and it is incredibly simple to do. > Now if you could sign up with a VOIP provider with a > throwaway account and run the whole thing from your PC that would be > closer to the spam situation. Note however that the access to the PSTN > to connect the call would still be a choke and observation point that > the existance of zombies means Spam no longer has. The real choke here is the VOIP provider. The primary choices are 1) Vonage and 2) skype. There are others for businesses. If you were making "illegal marketing calls" and the VOIP provider got wind of it they would cut you off, but if you could tunnel through from another IP# and had a second credit card or PayPal account you could be back on the trunk in less than 15 min. (with skype, anyway). > BTW, I assume all the above was within the US ? Who knows where the call came from? But the site it was pitching is hosted in the US. > The FCC apparently has no interest in automated Spam calls from Florida > to Europe so you would have problems in such a case (Florida State > government kindly took an interest) or if the call was to the US from > anywhere outside. The EU requires every member to have a DNCL but > hasn't considered what to do about transnational calls and thus there > is no one to regulate calls anywhere to the UK or for that matter to > Estonia. That's the downside of having a 20th century communications grid in the 21st century. BTW, the FCC tried to initiate the DNCL in the US and were immediately shot down over "freedom of speech" issues IIRC. The FTC (Federal Trade Commission) picked up the ball and administers the list. From nobody at devnull.spamcop.net Tue May 2 22:22:27 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue May 2 22:25:03 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Pete" wrote in message news:e390h5$kte$1@news.spamcop.net... > It's a reputable site that doesn't spam, as far as I know, yet it still ends > up in my Spamcop spam mail. How does this happen? Pardon my ignorance for > how the system works. > > Here is the URL for the block: > http://www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z Why are you blaming / identifying the SpamCopDNSBL???? X-SpamCop-Checked: 192.168.1.103 207.69.195.97 207.69.195.24 66.94.225.140 207.115.20.47 207.115.20.47 207.171.165.134 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net 207.171.165.134 not listed in bl.spamcop.net And for educational purposed, there are FAQs available. SpamCop.net Parsing & Reporting, the SpamCopDNSBL, ... in general could care less about the Domain involved .. it's the IP address of the spam spew source that's of prime interest. Google away to find all kinds of complaints about "unwanted e-mail from Amazon" ... despite your "they do not spam" description. From bll at seer.gentoo.com Wed May 3 03:43:51 2006 From: bll at seer.gentoo.com (Brad Lanam) Date: Tue May 2 22:45:03 2006 Subject: [SpamCop-List] .info domains are not being handled Message-ID: Reference: http://www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz seer:bll$ host theplaygame.info theplaygame.info has address 125.208.3.24 seer:bll$ -- Brad -- -- Brad Lanam bll@gentoo.com From nttp.sc.s at bigsleep.org Wed May 3 04:30:15 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 2 23:35:03 2006 Subject: [SpamCop-List] Re: Insulin pumpers headers References: Message-ID: On 02 May 2006, - Patty entered spamcop and left news:ub1bhf4rrojl$.uj5v9lsbqpil$.dlg@40tude.net: > On Tue, 2 May 2006 07:25:31 -0700, Mike Easter wrote: > >> >> The necessary reconfiguration would have to be done by Michael, and >> following that reconfiguration, some adjustment to the pages of >> guidelines which were written in 1999. It is possible that the >> majordomo version is of an old vintage. It is possible that the old >> majordomo is not so configurable. Majordomo's 'evolution' is described >> at the GreatCircle website -- in which the different versions may be >> incompatible with different versions of the Perl script and similar >> tediums. That is correct, however I don't know how far back you have to go before that isn't an option. I installed Majordomo 1.94.5 on a FreeBSD server, the config file checks for Perl version 4.019 (or greater), however this port is configured specifically for my server, and the port available at freebsd.org claims to require Perl 5.8.8, and the bizsystems server is running UNIX (not FreeBSD). Even that doesn't really tell us much, however the headers that Mike supplied imply that "majordomo" on the bizsystems network is using Sendmail 8.11.4, which is significantly old (but isn't necessarily an upgrade factor). I still adhere to the "if it ain't broke don't fix it" mentality, but if +confirm isn't an option upgrading is, even though that could require some other upgrade as well. >> >> Currently the headers do not parse to name the server, for whatever >> reason and significance that is at this point. >> I think, if I have time, I may run a test for that. I do have 3 mail-list managers available, MailMan, Majordomo and Dada Mail. I may try out all three. I don't currently need them, but I should be familiar with them so that they could be available. >> The admin thinks it would be very difficult to reconfigure the majordomo >> or the majordomo plus the guidelines for the remote administration >> process. Ric doesn't think so. majordomo.cf # Set the default subscribe policy for new lists here. # If not defined, defaults to "open", but in today's increasingly # imbecile Internet, "open+confirm" or "auto+confirm" is a wiser # choice for publicly available Majordomo servers. # $config'default_subscribe_policy = "open+confirm"; # I expect that each list has it's own subscribe policy. Still, whats harder: typing a couple words and writing a couple lines of instructions, or spending time dealing with abuse reports? > > I would like to know, however, where Ric got his information about the > majordomo guidelines. I've searched the web and got some limited > information about majordomo systems, but nothing that appeared to be as > concise as what Ric had. I would love to read it, granted I may not > understand a lot of it, but I still would like to be able to more > familiarize myself with the process. > You really need to install it and read the man files and the doc files. I don't expect you to be able to do this, but you can install on Windows Texpad (textpad.com)(or a UNIX-compatable text reader for your OS) and either WinZip or WinRar (I think you already have one of those, or something compatable with tar files), and then you can attempt to read through the .pl doc and/or man files in the majordomo archive (WinRar's View command works well on text files), but that's a bit like sorting through trash that's been through a shredder. The info I posted is from documentation I had, the Majordomo and MajorCool sites, and the config_parse.pl file. -- | Ric | From nobody at devnull.spamcop.net Wed May 3 00:58:14 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed May 3 01:00:03 2006 Subject: [SpamCop-List] Re: .info domains are not being handled References: Message-ID: "Brad Lanam" wrote in message news:slrne5g676.jft.bll@seer.gentoo.com... > > Reference: > http://www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz > > seer:bll$ host theplaygame.info > theplaygame.info has address 125.208.3.24 > seer:bll$ No idea what half the stuff you posted means ... Tracking URL shows; Tracking link: http://theplaygame.info Resolves to 125.208.3.24 Routing details for 125.208.3.24 [refresh/show] Cached whois for 125.208.3.24 : ajtel@vip.sina.com helen5888@sohu.com Using last resort contacts ajtel@vip.sina.com helen5888@sohu.com helen5888@sohu.com bounces (4424 sent : 2214 bounces) Using helen5888#sohu.com@devnull.spamcop.net for statistical tracking From nospam at nospam.org Wed May 3 09:10:07 2006 From: nospam at nospam.org (Ejo) Date: Wed May 3 02:15:04 2006 Subject: [SpamCop-List] Spam via vacation notice Message-ID: http://www.spamcop.net/sc?id=z933550898z771b68698c1cccd97048373c5a57ab74z And here it happens, vacation notices are sent around and this is the way spam propagates. Ejo From sigerson at shpvideo.com Wed May 3 03:25:06 2006 From: sigerson at shpvideo.com (Steve Holmes) Date: Wed May 3 03:30:03 2006 Subject: [SpamCop-List] Spam Film Idea Message-ID: <44585AD2.C99FBE06@shpvideo.com> Seems that education is the ultimate way to defeat spam, or at least to reduce it dramatically. The sharper the consumer, the less likely he or she is to fall victim to an online con. With that in mind, I am thinking of producing a film on spam and how to fight it. This would be a professional job. Filmmaking is my business. It would probably run about a half-hour and appear on public television. The film would focus on spamfighting tips (do not unsubscribe, do not use your e-mail address in online conversations, do not click on links and, of course, report through SpamCop) and would include interviews with spamfighters (how do you do it, how far do you take it, etc.). Let?s dissect each of the common types of spam and come-ons, point out the warning signs and tell folks where to report it. We would have some fun, too, detailing the 419 reverse scams such as 419eater.com and featuring a scene, done with professional actors, created entirely from spam gibberish. Though spammers may be viewed by the public as a bunch of small-time hucksters, I?m not letting the big guys off the hook. It?s important to hold Qwest, UU, Sprint and other big providers and domain brokers responsible for their role in UCE. I?d like the film to raise bigger issues, too, such as the rights to privacy and free speech. Questions: 1) Are there other films about spammers? 2) Does anyone have a demographic profile of spammers (age, gender, etc.)? This would come in handy since I plan to bring in actors to read some of the most outrageous spam lines I?ve received (among my favorites: ?powerful enlargement: How A Man can do it like a lesbian?). 3) Know where I can find an ex-spammer, one who?s been jailed or has reformed? 4) I?m looking for spamfighters to inverview within a 300-mile range of my home bases, Iowa City, Iowa and Joplin, Missouri. Any leads or volunteers? 5) Any thoughts as to what angles you feel a film on spam should cover? If you?d prefer to contact me offline, try sigerson at shpvideo.com. Thank you. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwestisevil.com Wed May 3 04:21:07 2006 From: nospam at qwestisevil.com (Steve Holmes) Date: Wed May 3 04:25:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <445867F3.15FC8559@qwestisevil.com> Steve Holmes wrote: > (snip) The film would focus on spamfighting tips (do not unsubscribe, do > not > use your e-mail address in online conversations, (snip) Yeah, before anyone points it out, I realize I just did that last one in my previous message. Maybe I should watch the film I propose to make. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From newandrew at rump.dk Wed May 3 09:24:01 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Wed May 3 04:25:07 2006 Subject: [SpamCop-List] Did a spammer F*** up joejobbing spamcop.com and not .net? Message-ID: This was just to funny to just let it slip by: http://www.spamcop.net/sc?id=z933583983z425146adb24ddadefe82474c583ab423z Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From MikeE at ster.invalid Wed May 3 07:09:43 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:10:03 2006 Subject: [SpamCop-List] Re: .info domains are not being handled References: Message-ID: WazoO wrote: > "Brad Lanam" >> Reference: www.spamcop.net/sc?id=z933433803z8b158c1b72cd25b82a249920a2d1c8ccz >> >> seer:bll$ host theplaygame.info >> theplaygame.info has address 125.208.3.24 >> seer:bll$ I think Brad got a non resolve when he ran it; that's what it did for me Cannot resolve http://theplaygame.info Reports regarding this spam have already been sent: Re: 83.22.227.87 (Administrator of network where email originates) > No idea what half the stuff you posted means ... So Brad was showing whatever he uses to resolve the URL > Tracking URL shows; > > Tracking link: http://theplaygame.info > Resolves to 125.208.3.24 > Routing details for 125.208.3.24 > [refresh/show] Cached whois for 125.208.3.24 : ajtel@vip.sina.com > helen5888@sohu.com > Using last resort contacts ajtel@vip.sina.com helen5888@sohu.com > helen5888@sohu.com bounces (4424 sent : 2214 bounces) > Using helen5888#sohu.com@devnull.spamcop.net for statistical tracking That is actually not very 'accurate' work by SC, based on the spamcop mirror which is not uptodate 125.208.3.24 = no rDNS inetnum: 125.208.0.0 - 125.208.31.255 netname: PRIMETELECOM admin-c: KS434-AP = ajtel@vip.sina.com tech-c: CZ352-AP = CONG390@hotmail.com inetnum: 125.208.0.0 - 125.208.31.255 netname: PRIMETELECOM admin-c: KS1-CN = ajtel@vip.sina.com tech-c: CZ1-CN = CONG390@hotmail.com But the IP is spamhaused as the /32 for Leo Kuvayev / BadCow and primetelecom has numerous other single and blocklistings, 3 /32s 2 of which are Leo rokso, and also /24 /22 and /19 - so they are definitely not worth notifying, especially with 'personal' email addies like hotmail primetelecom's name is actually primetelecom.cn which doesn't have a reg'd abuse.net contact whose registrant is ajtel@euncn.com -- so there's that 'ajtel' username again. IMO the whole thing is a waste of time. primetelcom is as24416 Upstream Adjacent AS list AS4847 CNIX-AP China Networks Inter-Exchange Chasing down unresponsive.cn providers and their unresponsive upstreams for ROKSO spamvertisers is not fruitful. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed May 3 07:18:25 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:20:02 2006 Subject: [SpamCop-List] Re: Did a spammer F*** up joejobbing spamcop.com and not .net? References: Message-ID: Andrew Engels Rump (formerly Leif Andrew Rump) wrote: Subject: Did a spammer F*** up joejobbing spamcop.com and not .net? > This was just to funny to just let it slip by: > www.spamcop.net/sc?id=z933583983z425146adb24ddadefe82474c583ab423z Spamvertised: HYIP established to provide investors a way to increase their profit http://www.spamcop.com/investdot.com Sourced: 219.93.199.99 listed in cbl.abuseat.org ( 127.0.0.2 ) 219.93.199.99 is an open proxy Globaltrust doesn't want notifies about that spamvertising. ISP does not wish to receive reports regarding http://www.spamcop.com/investdot.com -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed May 3 10:29:04 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 09:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: That's not going to be an info-mercial is it? "Steve Holmes" wrote in message news:44585AD2.C99FBE06@shpvideo.com... > Seems that education is the ultimate way to defeat spam, or at > least to > reduce it dramatically. The sharper the consumer, the less > likely he or > she is to fall victim to an online con. With that in mind, I am > thinking > of producing a film on spam and how to fight it. This would be > a > professional job. Filmmaking is my business. It would probably > run about > a half-hour and appear on public television. > > The film would focus on spamfighting tips (do not unsubscribe, > do not > use your e-mail address in online conversations, do not click > on links > and, of course, report through SpamCop) and would include > interviews > with spamfighters (how do you do it, how far do you take it, > etc.). > Let’s dissect each of the common types of spam and come-ons, > point out > the warning signs and tell folks where to report it. We would > have some > fun, too, detailing the 419 reverse scams such as 419eater.com > and > featuring a scene, done with professional actors, created > entirely from > spam gibberish. > > Though spammers may be viewed by the public as a bunch of > small-time > hucksters, I’m not letting the big guys off the hook. It’s > important to > hold Qwest, UU, Sprint and other big providers and domain > brokers > responsible for their role in UCE. I’d like the film to raise > bigger > issues, too, such as the rights to privacy and free speech. > > Questions: > > 1) Are there other films about spammers? > > 2) Does anyone have a demographic profile of spammers (age, > gender, > etc.)? This would come in handy since I plan to bring in > actors to read > some of the most outrageous spam lines I’ve received (among my > favorites: “powerful enlargement: How A Man can do it like a > lesbian”). > > 3) Know where I can find an ex-spammer, one who’s been jailed > or has > reformed? > > 4) I’m looking for spamfighters to inverview within a 300-mile > range of > my home bases, Iowa City, Iowa and Joplin, Missouri. Any leads > or > volunteers? > > 5) Any thoughts as to what angles you feel a film on spam > should cover? > > If you’d prefer to contact me offline, try sigerson at > shpvideo.com. > Thank you. > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > From MikeE at ster.invalid Wed May 3 07:37:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 09:40:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: Pete wrote: > It's a reputable site that doesn't spam, as far as I know, yet it > still ends up in my Spamcop spam mail. How does this happen? You have configured your spam filter to use sorbs including the sorbs 127.0.0.6 which is the sorbs-spam list. Sorbs-spam list is built by sorbs using these criteria http://www.us.sorbs.net/faq/spamdb.shtml and requires the IP owner to pay a US $50 'fine' to sorbs designated charity or good cause -- which many providers are disinclined to do -- to be delisted, and which listing will recur if a spamtrap or whatever is hit. > Here is the URL for the block: www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z That is a straightup amazon item, where straightup means from = source = spamvertiser. If you want to receive amazon promotionals, you should whitelist them. If you don't want to use a list like sorbs which has to be paid to get off, you should take it out of your spamfilter system. Sorbs has quite a few different lists, and not everyone should use all or any of them http.dnsbl.sorbs.net 127.0.0.2 socks.dnsbl.sorbs.net 127.0.0.3 misc.dnsbl.sorbs.net 127.0.0.4 smtp.dnsbl.sorbs.net 127.0.0.5 spam.dnsbl.sorbs.net 127.0.0.6 web.dnsbl.sorbs.net 127.0.0.7 block.dnsbl.sorbs.net 127.0.0.8 zombie.dnsbl.sorbs.net 127.0.0.9 dul.dnsbl.sorbs.net 127.0.0.10 badconf.rhsbl.sorbs.net 127.0.0.11 nomail.rhsbl.sorbs.net 127.0.0.12 -- Mike Easter kibitzer, not SC admin From hendrik_maryns at despammed.com Wed May 3 18:51:13 2006 From: hendrik_maryns at despammed.com (Hendrik Maryns) Date: Wed May 3 11:55:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam In-Reply-To: References: Message-ID: Frog Prince schreef: > "Hendrik Maryns" wrote in message > news:e2q7cf$jgt$1@news.spamcop.net... > | Hi, > | > | Often, I submit so much spam, I don't get the time to click to all the > | confirmation screens. Then I have to use the link that says: Remove all > | unreported spam, to get all those 'message is more than two days old' > | warnings away. It would be nice if it was also indicated how much > | messages one would remove that way. I.e. that one gets to see how much > | one still has to report. > | > | This would also be practical to estimate how much more clicks & time one > | needs to get it done. > | > > That feature and a way to delete reports too old with one click have been > requested many times previously. Now if I get more than 3-4 too old to > report I dump the entire back long. BTW that's the only way to find out > how many reports are back logged. It could be useful if you get a few too old messages, and you see there are only two or three left, you could as well click through them, because one of them might still be valid. OTOH, if you see there are still 20 left, you?ll remove them. Another option which would be more interesting, I think, is to handle reporting in (some) chronological order. But then, that will probably eschew some metrics. > Accurate info but useless. Is keeping your users happy by just adding one simple counter also useless? H. -- Hendrik Maryns ================== http://aouw.org Ask smart questions, get good answers: http://www.catb.org/~esr/faqs/smart-questions.html From MikeE at ster.invalid Wed May 3 09:55:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 12:00:03 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: Pete wrote: Subject: I'm curious, how does Amazon.com end up on the SCBL? If you don't put your question where it belongs, in the body of your message, it isn't possible to answer the question in context without pasting your subject into the body of the reply. That isn't the correct way to write a news message or question. For practice and propriety in writing subjects and bodies, you can structure properly by writing the body first, then writing a brief subject to encapsulate or name/say what is contained in the body. That is, the subject should not be the only place to find the question or point of a post. > how does Amazon.com end up on the SCBL? 'It' amazon.com isn't on the SCbl, for several reasons. - amazon.com isn't an IP, SCbl lists IP addresses, not domains - the source IP 207.171.165.134 rDNS mm-retail-out-1102.amazon.com is *not* SCbl listed - rather it was tagged for listing because you configured to use sorbs lists > How does this happen? Pardon > my ignorance for how the system works. > Here is the URL for the block: www.spamcop.net/sc?id=z933385992z1be4a0540a738d21ef328cdc495cccc3z You can examine the Xlines for how your configuration of the spamcop filter blocked an item: X-SpamCop-Checked: 192.168.1.103 207.69.195.97 207.69.195.24 66.94.225.140 207.115.20.47 207.115.20.47 207.171.165.134 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net That tells you that the last Xline IP 207.171.165.134 caused the item to be tagged for blocking from the inbox because it was listed in one of the sorbs blocklists. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed May 3 09:59:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 3 12:00:09 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? Message-ID: Mike Easter wrote: > - rather it was tagged for listing because you configured to use > sorbs lists s/listing/blocking/ - rather it was tagged for blocking because you configured... -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed May 3 17:59:16 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 3 12:00:13 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "G?? |\/|AC0|\|" wrote in message news:e35i8b$cmt$1@news.spamcop.net... > For the purpose of this post, it doesn't matter who wrote: > >>> I see that winking grin, but you are going to get a semantics discussion >>> anyway. > > If the first person to change the topic from discussing the case of the > mailing list operator > wondering how spamcop works to the semantics of folder/directory naming > would be so > kind as to change the subject line, those of us who are interested in the > first topic but > not the second would find it easier to select posts that interest us. Umm, ermmm, aahh, would that have been me?? Or was it Mike? ;-) Prolly me. Oops! Sorry! I apogolise! I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic I must remember to change the subject line when changing topic. . . . . . . . From porpoise1954 at yahoo.co.uk Wed May 3 18:00:30 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 3 12:05:03 2006 Subject: [SpamCop-List] Re: Subject lines and topic drift References: <1xx4tg2b8c8sv.nkjnv1d51ayj.dlg@40tude.net> <1hgr5wksbyk7r$.c49y5rrg8mxi$.dlg@40tude.net> <1tcx1gogz02o6$.3we3du1xf462.dlg@40tude.net> Message-ID: "Mike Easter" wrote in message news:e35jpa$dlr$1@news.spamcop.net... > > Of course you are correct. I find it a quaint observation that a > subject change among topic drifters leads quickly or even immediately to > the end of the subthread's conversation. Maybe that's the way it > /should/ be. In this case, it lasted for 3 posts, longer than usual, in > my experience. That's only because I surrendered early!!!!!.... ;-) From nttp.sc.s at bigsleep.org Wed May 3 19:46:49 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 14:50:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:44585AD2.C99FBE06@shpvideo.com: 1) Are there other films about spammers? I remember one, not a film to the extent that you are talking about, though. I don't remember the name of the show, but there was a mother who's child was getting porn spam, and she contacted the advertised site to try and get it to stop. I don't remember the whole show, but they tracked down the spammer and confronted him, it took them quite some time because they went through quite a few companies and several dead-ends. I'm sure it was over 30 mins and quite interesting. Maybe someone else here remembers that program? But I think we need more education. Ignoring or blocking it does little more than make it a little more interesting for the spammer (it actually creates more spam). Fighting it is the way to go, and we need more people fighting, and less fishies. I think a reality view of the spammer (and how easy it is for them) would be interesting. Also the domain registrars who accept money for all those crack domains, you can't complain to them and they don't care at all, that ain't right. -- | Ric | From nttp.sc.s at bigsleep.org Wed May 3 19:48:42 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 14:50:08 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:44585AD2.C99FBE06@shpvideo.com: > Filmmaking is my business. Hey, do you do that show on Discovery Home? I love that show, it's too short. -- | Ric | From nobody at devnull.spamcop.net Wed May 3 13:08:02 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 3 15:10:04 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: Hendrik Maryns wrote... > Another option which would be more interesting, I think, is to handle > reporting in (some) chronological order. But then, that will probably > eschew some metrics. ^^^^^^ ?????? http://www.m-w.com/dictionary/eschew From PossumTrot at dont.spam.me Wed May 3 13:23:14 2006 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed May 3 15:25:03 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: I report every call, politicians included. In the You-can-spam act they gave themselves immunity, but they get reported anyway. "Patty" wrote in message news:tuhj42nmp24q$.xd0idfddmogb$.dlg@40tude.net... > On Tue, 02 May 2006 12:30:01 -0700, Tim McGraw wrote: > >> I've read about this, but it's the first time it's happened to me. >> >> Despite being on the Do Not Call Registry I just received a pre-recorded >> message telling me that "the information I had requested on the Internet >> about extra income had been received" and it directed me to >> readfromhome.com. The incoming caller's number was blocked. >> >> So when I went to file a complaint at >> https://www.donotcall.gov/Complain/ComplainCheck.aspx instead of naming >> the Web site as the company I was complaining about, I named the company >> as HostingISP/readfromhome.com. >> >> I also called the ISP and asked if I could leave a message for the owner >> (it's lunchtime here). In the message I succinctly described what >> happened and advised him that I would be filing a complaint with the FTC >> over readfromhome.com and unfortunately I had to name his company as >> well. >> >> I predict this will become a more prevalent way of spamming in the >> not-too-distant future as spam filtering becomes more aggressive and >> accurate. > > Speaking of phone spam and do not call lists. We get calls from > businesses > such as waterproofing basements, and when I tell them I'm on the Do Not > Call List they explain that they are not selling anything but they are > offereing to provide me with a free inspection. They are really trying to > split hairs here. I still report them. > > Patty From nospam at qwest-is-evil.com Wed May 3 15:28:10 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:30:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459044A.E2E2F336@qwest-is-evil.com> POP wrote: > That's not going to be an info-mercial is it? > > "Steve Holmes" wrote in message > news:44585AD2.C99FBE06@shpvideo.com... > > Seems that education is the ultimate way to defeat spam, or at > > least to > > reduce it dramatically. The sharper the consumer, the less > > likely he or > > she is to fall victim to an online con. With that in mind, I am > > thinking > > of producing a film on spam and how to fight it. (snip) Informercial? For what? Sorry if I left that impression. It's supposed to be a documentary about how to detect, avoid and fight spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From vanguard.news at yahooNIX.com Wed May 3 15:35:37 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Wed May 3 15:40:02 2006 Subject: [SpamCop-List] Re: I'm curious, how does Amazon.com end up on the SCBL? References: Message-ID: "Mike Easter" wrote in message news:e3abmp$chb$1@news.spamcop.net... > > You have configured your spam filter to use sorbs including the sorbs > 127.0.0.6 which is the sorbs-spam list. > > Sorbs-spam list is built by sorbs using these criteria > http://www.us.sorbs.net/faq/spamdb.shtml and requires the IP owner to > pay a US $50 'fine' to sorbs designated charity or good cause -- which > many providers are disinclined to do -- to be delisted, and which > listing will recur if a spamtrap or whatever is hit. > Personally, the $50 "donation" reeks too much of extortion. An IP address could get listed simply due to complaints from ignorant users who haven't a clue as to where a spam actually originated. There are plenty of situations where an IP address is falsely listed. Another problem with SORBS is that their list is hardly dynamic. A source that got listed by SORBS could be on their blacklist for several months without regard to behavior after that time. SpamCop is must more responsive (i.e., dynamic). At one time, my IP lease expired and I got a new IP address (I'm on cable but occasional my IP address does change). I ended up with one that a prior spammer had used and which was on the SORBS blacklist. SORBS responded within 2 days to get their list updated to remove my IP address - but that record was over 4 months old (i.e., it had been that long since they added the record and nothing afterward would've caused that IP address to remain listed). I don't use the SORBS list anymore because it doesn't reflect the current state of spam sources. Because SORBS is slow to update their list, they don't accurately reflect the nature of Internet where users can and WILL get different IP addresses, some of which are blacklisted although the new user of that old IP address never spammed or may have never even sent a single e-mail. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From nospam at qwest-is-evil.com Wed May 3 15:41:17 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:45:05 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459075D.7F8C5390@qwest-is-evil.com> Blammo wrote: > On 03 May 2006, - Steve Holmes entered spamcop and left > news:44585AD2.C99FBE06@shpvideo.com: > > 1) Are there other films about spammers? > > I remember one, not a film to the extent that you are talking about, > though. I don't remember the name of the show, but there was a mother who's > child was getting porn spam, and she contacted the advertised site to try > and get it to stop. I don't remember the whole show, but they tracked down > the spammer and confronted him, it took them quite some time because they > went through quite a few companies and several dead-ends. I'm sure it was > over 30 mins and quite interesting. Maybe someone else here remembers that > program? Yeah, I would be interested to know more about this one. If it's done all that I propose to do, no use reinventing the wheel. I'd love to confront a spammer, but tracking one down within a few hundred miles might be tough. Too bad I don't live in Florida. > But I think we need more education. Ignoring or blocking it does little > more than make it a little more interesting for the spammer (it actually > creates more spam). Fighting it is the way to go, and we need more people > fighting, and less fishies. Amen! That's the whole idea: Show people that spammers are usually con artists, show them how to avoid, detect and fight spam and the flow of spam will dry up significantly. There will always be Darwin Award winners who get suckered into buying something that's too good to be true (even worse, they can vote and they can breed). And even if spam becomes less and less profitable, there will always be people who hear the siren song of one-million e-mail addresses and feel it's a can't-miss deal. But education can take away potential customers and add a new level of hassle. That would probably cause a lot of spammers to walk away. > I think a reality view of the spammer (and how > easy it is for them) would be interesting. Also the domain registrars who > accept money for all those crack domains, you can't complain to them and > they don't care at all, that ain't right. Yes. As I said, I don't want to let the big guys off the hook. Spammers are snake-oil salesmen, but they couldn't do business without "more respectable" people fronting for them. I doubt that GoDaddy, Qwest and other enablers would grant me on-camera interviews, but if that's the case, I'd use a few shots of a microphone pointed at their big, distant HQs as "equal time." -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Wed May 3 15:42:21 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Wed May 3 15:45:09 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459079D.6F2EB24C@qwest-is-evil.com> Blammo wrote: > On 03 May 2006, - Steve Holmes entered spamcop and left > news:44585AD2.C99FBE06@shpvideo.com: > > > Filmmaking is my business. > > Hey, do you do that show on Discovery Home? I love that show, it's too > short. Nope. Discovery's a different animal. My stuff gets on public television around the country. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From tmcgraw at spamcop.net Wed May 3 14:09:02 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 3 16:10:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea In-Reply-To: <4459075D.7F8C5390@qwest-is-evil.com> References: <44585AD2.C99FBE06@shpvideo.com> <4459075D.7F8C5390@qwest-is-evil.com> Message-ID: Steve Holmes wrote: > > I'd love to confront a spammer Been there, done that. I called a once-notorious spammer in the next town over back in the '90s, and within the hour he sent a couple of cronies to my house and they turned off my electrical circuits via the outside circuit breakers. After that incident I stuck to LARTs. From not at home.today Wed May 3 23:59:08 2006 From: not at home.today (Ant) Date: Wed May 3 18:05:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: "Steve Holmes" wrote: > 1) Are there other films about spammers? There was a documentary "Rogue Mail" shown on the BBC (UK television) in June 2003, which prompted this post: http://news.spamcop.net/pipermail/spamcop-list/2003-June/047927.html This was my comment at the time: | Because of MS sueing spammers, there have been a few reports about it | on TV. I'm not sure if it was the same programme, but the reporter | was at that recent spam conference in the US. He mentioned Richter, | and shot some film of him, and I think I also caught a glimpse of | Julian. There was also a short interview with the chap who runs | Spamhaus. Later they tried to track down Eddie Marin (top spammer | according to Spamhaus) at his Florida office to get an interview. | Some chance! Of course the door was locked, and the female voice on | the intercom said he was not there. However a car was parked in his | space. When the reporter asked when would be a good time to call back, | "I suggest you don't", was the reply. Perhaps it would be worth contacting the BBC. If I'm mistaken, and the film I remember wasn't shown by them, then I would have only seen it on Channel 4, or possibly ITV. From nttp.sc.s at bigsleep.org Thu May 4 00:10:30 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 19:15:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:4459079D.6F2EB24C@qwest-is-evil.com: > Blammo wrote: > >> On 03 May 2006, - Steve Holmes entered spamcop and left >> news:44585AD2.C99FBE06@shpvideo.com: >> >> > Filmmaking is my business. >> >> Hey, do you do that show on Discovery Home? I love that show, it's too >> short. > > Nope. Discovery's a different animal. My stuff gets on public television > around the country. > Kind of a joke, thought maybe you knew Mike Holmes. -- | Ric | From nttp.sc.s at bigsleep.org Thu May 4 00:25:41 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed May 3 19:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459075D.7F8C5390@qwest-is-evil.com> Message-ID: On 03 May 2006, - Steve Holmes entered spamcop and left news:4459075D.7F8C5390@qwest-is-evil.com: > Yeah, I would be interested to know more about this one. If it's done > all that I propose to do, no use reinventing the wheel. > > I'd love to confront a spammer, but tracking one down within a few > hundred miles might be tough. Too bad I don't live in Florida. > Well, it actually was pretty easy to find, it was on Dateline (I personally hate to link to this site, but its for a good cause)... Dateline tracks down a porn spammer On the hunt for a man who sent a vulgar e-mail to a Texas housewife By John Hockenberry Dateline NBC Updated: 8:37 p.m. ET Aug. 5, 2005 http://www.msnbc.msn.com/id/8841299/ and some more info here... The clues that led us to the porn spammer (Andy Lehren, Dateline producer) http://www.msnbc.msn.com/id/8871839/ -- | Ric | From nobody at devnull.spamcop.net Wed May 3 21:36:07 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 20:40:03 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "Possum Trot" wrote in message news:e3avvk$okn$1@news.spamcop.net... >I report every call, politicians included. In the You-can-spam >act they gave themselves immunity, but they get reported anyway. > I've never come across a reputable site whose AUP or TOS allowed anyone, even politicos or whatever, to spam. Spam is spam to the ISP and it's verboten; their servers, their right to decide what can be done on them. I consider the phone the same: It's MY phone, in MY house - no one has permission to disturb me with anything I dont' wish to be disturbed about. Just a thought Pop From nobody at devnull.spamcop.net Wed May 3 21:45:12 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 3 20:50:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459044A.E2E2F336@qwest-is-evil.com... > POP wrote: > >> That's not going to be an info-mercial is it? >> >> "Steve Holmes" wrote in message >> news:44585AD2.C99FBE06@shpvideo.com... >> > Seems that education is the ultimate way to defeat spam, or >> > at >> > least to >> > reduce it dramatically. The sharper the consumer, the less >> > likely he or >> > she is to fall victim to an online con. With that in mind, I >> > am >> > thinking >> > of producing a film on spam and how to fight it. (snip) > > Informercial? For what? Sorry if I left that impression. It's > supposed > to be a documentary about how to detect, avoid and fight spam. > > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > No, you didn't leave that impression; I came up with that Q all on my own with my own little pair of brain cells. Coincidentally, I'd just come from trying not to listen to a Canadian version of PBS showing how to fight spam and it turned out to be, after about fifteen minutes, a bait&switch to get you to buy their computers because they knew all about spam and how to control it. I was still a little irked. Sorry if I projected some of that your way. I love your idea, actually, and IMO, I think it should be a two-part, probably half hour mini-series on the subject. And with a good mix of ISPs represented also, in addition to the spammers. Maybe some law enforcement if they can be talked into it; some of them like a camera pointed at them. If it should hit with the audience, maybe it could grow into something more for the next season, who knows? Somehow you'd need a way to alert an audience to the show's airtimes/dates in order to replace the ones that leave because they aren't interested. You know, ratings and all that. In the end, I wish it could escalate until some news media of some sort picks it up as one of those short, daily "reports' on the state of today's spam or some such thing. Material would be SO easy to get! It should have become a daily part of media life a good three years ago; maybe we wouldn't be where we are now. Cheers, Pop From tmcgraw at spamcop.net Wed May 3 19:29:48 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 3 21:30:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea In-Reply-To: References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: POP wrote: > > If it should hit with the audience, maybe it could grow into > something more for the next season, who knows? Somehow you'd > need a way to alert an audience to the show's airtimes/dates in > order to replace the ones that leave because they aren't > interested. You know, ratings and all that. Seven spammers. Two computers. One double-wide and One cable modem. Who will become the spam king on NBC's new reality show "Chickenboner"? > In the end, I wish it could escalate until some news media of > some sort picks it up as one of those short, daily "reports' on > the state of today's spam or some such thing. Material would be > SO easy to get! It should have become a daily part of media life > a good three years ago; maybe we wouldn't be where we are now. Dang. That's not as crazy as it sounds! From me at privacy.net Wed May 3 22:56:08 2006 From: me at privacy.net (NotMe) Date: Wed May 3 22:30:04 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "POP" | >I report every call, politicians included. In the You-can-spam | >act they gave themselves immunity, but they get reported anyway. | > | | I've never come across a reputable site whose AUP or TOS allowed | anyone, even politicos or whatever, to spam. Spam is spam to the | ISP and it's verboten; their servers, their right to decide what | can be done on them. I consider the phone the same: It's MY | phone, in MY house - no one has permission to disturb me with | anything I dont' wish to be disturbed about. | | Just a thought According to what the CongressCritters have passed (it's a LAW) they have the RIGHT to do just that. From me at privacy.net Thu May 4 00:01:11 2006 From: me at privacy.net (NotMe) Date: Wed May 3 23:05:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459079D.6F2EB24C@qwest-is-evil.com... | Blammo wrote: | | > On 03 May 2006, - Steve Holmes entered spamcop and left | > news:44585AD2.C99FBE06@shpvideo.com: | > | > > Filmmaking is my business. | > | > Hey, do you do that show on Discovery Home? I love that show, it's too | > short. | | Nope. Discovery's a different animal. My stuff gets on public television | around the country. | | -- | Steve Holmes | Executive Producer | "The New Ball Game" | "RailFAN" | 319-337-9507 Might think about an on demand web cast. If you do go that route we'd be interested in contributing graphics {www.imagine-that.ws what's there is dated but will give you an idea} From newandrew at rump.dk Thu May 4 08:15:41 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Thu May 4 03:20:10 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Hendrik Maryns mumbled in news:e3ajhh$ggb$1@news.spamcop.net: > It could be useful if you get a few too old messages, and you see > there are only two or three left, you could as well click through > them, because one of them might still be valid. OTOH, if you see > there are still 20 left, you???ll remove them. Just go in to Past Reports and View recent reports and you see the status of the last ten submitted reports - or is this something you only get when you also pay for a mail account? Anyway the address is http://mailsc.spamcop.net/mcgi?action=histmenu Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From gazza at f2s.com Thu May 4 09:40:56 2006 From: gazza at f2s.com (Gareth) Date: Thu May 4 03:45:03 2006 Subject: [SpamCop-List] Does it work? Message-ID: Hi I am new to spamcop. I recently opened an email account with my ISP which has obviously been used before and receives around 10 spams per day. I have been reporting all the spam for nearly a month now but have not noticed any change in the volume of spam I receive. Is this normal? Should I persevere or are these spammers just too good at avoiding being being blocked? Cheers Gareth From nospam at qwest-is-evil.com Thu May 4 03:52:34 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 03:55:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: <4459B2C2.F8384A11@qwest-is-evil.com> POP wrote: > (snip) > > Informercial? For what? Sorry if I left that impression. It's > > supposed > > to be a documentary about how to detect, avoid and fight spam. > > > No, you didn't leave that impression; I came up with that Q all > on my own with my own little pair of brain cells. No harm, no foul. > (snip) I love your idea, actually, and IMO, I think it should be a > two-part, probably half hour mini-series on the subject. And > with a good mix of ISPs represented also, in addition to the > spammers. Maybe some law enforcement if they can be talked into > it; some of them like a camera pointed at them. This is good. Hadn't thought of bringing them in. I knew there was a reason I posted the idea here. > > If it should hit with the audience, maybe it could grow into > something more for the next season, who knows? Somehow you'd > need a way to alert an audience to the show's airtimes/dates in > order to replace the ones that leave because they aren't > interested. You know, ratings and all that. (snip) No problem. I can post those on my site (www.shpvideo.com). -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 03:54:40 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 03:55:10 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459044A.E2E2F336@qwest-is-evil.com> Message-ID: <4459B340.B441437C@qwest-is-evil.com> Tim McGraw wrote: > POP wrote: > > > > If it should hit with the audience, maybe it could grow into > > something more for the next season, who knows? Somehow you'd > > need a way to alert an audience to the show's airtimes/dates in > > order to replace the ones that leave because they aren't > > interested. You know, ratings and all that. > > Seven spammers. Two computers. One double-wide and One cable modem. > > Who will become the spam king on NBC's new reality show "Chickenboner"? > (snip) Thanks for the laugh of the day. And what would be the prize for our winner? One-hundred shares of Vinoble or Nano Superlattice? Remember, they're gonna be huge! -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 04:02:58 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 04:05:04 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> Message-ID: <4459B532.C111F400@qwest-is-evil.com> NotMe wrote: > (snip) Might think about an on demand web cast. > > If you do go that route we'd be interested in contributing graphics > {www.imagine-that.ws what's there is dated but will give you an idea} Distribution will depend in part on whoever funds the film. My guess is the festival route, public television and educational distribution for use in classrooms, perhaps as part of a DVD that contains examples of spam and links to anti-spam websites. It would be ironic to distribute an anti-spam film over the Internet that has brightened our lives with so much spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at qwest-is-evil.com Thu May 4 04:04:44 2006 From: nospam at qwest-is-evil.com (Steve Holmes) Date: Thu May 4 04:05:09 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> Message-ID: <4459B59C.5FDFBDCF@qwest-is-evil.com> Ant wrote: > "Steve Holmes" wrote: > > > 1) Are there other films about spammers? > > There was a documentary "Rogue Mail" shown on the BBC (UK television) > in June 2003 (snip) Appreciate the idea. I'll check it out. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From scamper at trisk.com Thu May 4 03:35:22 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Thu May 4 04:40:05 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > Hi > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. Reporting spam emails via SpamCop contributes to the SBL (SpamCop Blocklist), and potentially allows abuse desks at the sites hosting the spammer to be notified of the illicit activity. If the spammer's ISP cares, then yes, it can have an effect since the ISP can take measures. If not, then it probably won't stop the spam source, at least not immediately. However by contributing to the spamcop block list, you and others can make use of that blocklist to either tag and divert incoming mail to a spam folder, or possibly block the source directly during the SMTP transaction if your ISP allows that for your account. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. The spam problem is huge on the Internet. The spam filter program I use currently has over 60,000 domains listed in the filters internal lists, and about 20,000 IP/CIDR ranges. Reporting spam via spamcop won't stop spam. However it can be used as one of several weapons in an arsenal used to fight spam. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? Yes, it's normal (using normal in this sense as "the current state of affairs on the Internet"). Not to be confused with "desired". Yes, I think you should persevere. Spammers are not really very good at avoiding being blocked, but that depends on how you define "being blocked". The way I use the definition is: If the spam is kept out of your inbox and ends up in a junk or spam folder, or is accurately tagged as spam, then it was successfully "blocked". What you infer is that like most of us, you don't want to even have to look through a spam folder for potential false positives show up in your spam folder, or see false negatives show up in your inbox. That's the hard part of filtering and is what spammers count on because when you open a piece of their spam email even to examine it as a specimen to improve your filtering methods, it allows their message into your consciousness. In that respect being a spam fighter is similar to being a plumber. Sometimes you hire a plumber to do the dirty work. Sometimes you don't, and just do it yourself. When you make use of spamcop by choosing to open and examine spam specimens before reporting them, it's similar to you joining the ranks of plumbers on the Internet. Spamcop in that sense is like the plumbers helper, as are various spam filters. As for "blocking mail": I can block 100% of email. I will get no spam. I'll also get no email at all. :) Or I can implement a system to sort email into good email and bad email (spam) categories using various mechanisms. This is what spam filters attempt do, some are better at it than others, but none are perfect, though they can get above 99.9% accuracy which is very good even for manufacturing standards. Or I can implement a system to use DNS based blocklists such as the SBL to block IP's during the SMTP transaction level. The best DNS blocklists are about 50-70% accurate, and are prone to false positives. They are better used in a tag and divert mode rather than as a direct block of email. Or I can implement a combination white listing, DNS blocks, and filtering, or DNS tag and divert, and filtering, etc. There are many to deal with the issue as a receiver. Personally, I run my own mail server, because this gives me maximum control over the server configuration. On that server I use the following: Geographical blocks. (email from source countries such as China is blocked except for email sent to role accounts.) Spamcop blocks. (If an IP is on the SBL and not addressed to a role account, it is blocked. Email sent to role accounts are allowed to bypass this, or can be bypassed on a per account name basis.) Bayesian scoring, using a bayesian filter to give an opinion on the spamicity of the email, and set certain other variables based on that score. Custom whitelisting, using a combination of procmail recipes and email aliases that map to my accounts given to websites where I want their information that allows such email bypass further filtering Finally I use a spam filter to filter mail that fails the other tests, and have that filter configured to auto submit to spamcop. ISP's don't generally have such fancy filtering systems in place. In the end, it's up to you how to deal with the spam issue by making use of available tools or coming up with some home brew solution. This sort of system can be made to work with an unfiltered ISP email account if you set up the filter such that it downloads the mail then filters it locally according to whatever system you choose to setup. -- Garen From nttp.sc.s at bigsleep.org Thu May 4 10:19:50 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 05:20:10 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 04 May 2006, - Gareth entered spamcop and left news:e3cb68$gve$1@news.spamcop.net: > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per > day. It is more likely from a dictionary attack, this is when they use a list of names in order to "guess" eMail addresses. Also. posting your address anywhere, especially newsgroups and message boards, will get you spam. > I have been reporting all the spam for nearly a month now but > have not noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? > It depends, I can say with some certainty that reporting will NOT increase the amount you receive. However if you open even one message, and that message loads an image or any link to another site (which may indicate to the spammer that your account is active), you will definately see an increase in spam. There are things the ISP can do to reduce dictionary attacks, and if they do nothing, then you could see an increase. "Gazza" doesn't seem like it would be an easy guess, but I don't know it could be common in some other language, but my point would be that "mixing it up" would reduce the chance of it getting a hit. And then, the more you use an address, the greater the odds of getting spam. I have addresses that I never use, so I know they can get spam even if not used. Several are used only for newsletters and some only for mailing lists of which at least one gets the occasional spam. Some addresses go through block lists (and other anti-spam methods), and some only get tagged. So I can say with some certainty that reporting probably does help, but so far as I've seen, no method is anywhere near 100% effective. -- | Ric | From nttp.sc.s at bigsleep.org Thu May 4 10:25:04 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 05:30:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 04 May 2006, - Garen Erdoisa entered spamcop and left news:e3cech$jdb$1@news.spamcop.net: > Or I can implement a combination white listing, DNS blocks, and > filtering, or DNS tag and divert, and filtering, etc. > You might find spasm interesting... http://www.nspasm.org/ -- | Ric | From dws at dealing-with-spam.info Thu May 4 12:55:58 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu May 4 06:00:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: Steve Holmes wrote on Thu, 04 May 2006 03:02:58 -0500: > It would be ironic to distribute an anti-spam film over the Internet > that has brightened our lives with so much spam. I don't think so. What *would* be ironic is spamvertizing it :) From nospam at nospam.org Thu May 4 14:34:27 2006 From: nospam at nospam.org (geo_splash_12) Date: Thu May 4 07:35:07 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > I am new to spamcop. Welcome! > I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. This is sort of normal, most of us receive between 0 and approximately 200 spams per day. It is a valuable tool actually, since it reminds me that our e-mail systems are still working. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? yes > Should I persevere yes, perhaps consider to report only that stuff which is non-chinese, and non-korean. > or are these spammers just too good > at avoiding being being blocked? yes Live long and prosper! Ejo From nobody at devnull.spamcop.net Thu May 4 08:56:30 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 4 09:00:03 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC References: Message-ID: "WazoO" wrote in message news:e38a72$83p$1@news.spamcop.net... > "Maxx Excaliber" wrote in message > news:e3817j$2fj$1@news.spamcop.net... > > Tracking URL: > > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z > > > > Spamvertised URL: > > http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php > > > > SpamCop does not recognize this as a valid URL. I was able to decode it > > using a hex2dec convertor on the web. The hex part decodes to > > 216.219.88.52. This should go to abuse@hostdepartment.com or > > abuse@worldispnetwork.com > > > > Thanks. > > As posted in the Forum at > http://forum.spamcop.net/forums/index.php?showtopic=6285 > this should have been posted into spamcop or spamcop.help .... > spamcop.routing is for where reports end up after a successful parse. > I'm crossposting and setting follow-ups to the spamcop > newsgroup. Follow-up posted in the Forum, brought here to bring this thread up to date .. From: "SpamCop/Ellen" To: "WazoO" Subject: Re: URLs encoded as hex Date: Thu, 4 May 2006 07:51:00 -0400 the hex-encoding in the url issue has been added to the bugs list Ellen SpamCop Please include all correspondence with replies From nobody at devnull.spamcop.net Thu May 4 10:21:07 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 4 09:25:02 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: "NotMe" wrote in message news:e3bomp$6uk$1@news.spamcop.net... > > "POP" > > | >I report every call, politicians included. In the > You-can-spam > | >act they gave themselves immunity, but they get reported > anyway. > | > > | > | I've never come across a reputable site whose AUP or TOS > allowed > | anyone, even politicos or whatever, to spam. Spam is spam to > the > | ISP and it's verboten; their servers, their right to decide > what > | can be done on them. I consider the phone the same: It's MY > | phone, in MY house - no one has permission to disturb me with > | anything I dont' wish to be disturbed about. > | > | Just a thought > > According to what the CongressCritters have passed (it's a LAW) > they have > the RIGHT to do just that. > > I know what you're getting at, but: I also have the RIGHT to complain and report them for disturbing me or to block them. And I do. Pop From me at privacy.net Thu May 4 09:57:01 2006 From: me at privacy.net (Frog Prince) Date: Thu May 4 09:30:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:4459B532.C111F400@qwest-is-evil.com... | NotMe wrote: | | > (snip) Might think about an on demand web cast. | > | > If you do go that route we'd be interested in contributing graphics | > {www.imagine-that.ws what's there is dated but will give you an idea} | | Distribution will depend in part on whoever funds the film. My guess is the | festival route, public television and educational distribution for use in | classrooms, perhaps as part of a DVD that contains examples of spam and links | to anti-spam websites. | | It would be ironic to distribute an anti-spam film over the Internet that has | brightened our lives with so much spam. Perhaps distributed with new computer pruchases either from the manufacure or from the retailer. I know one very small retailer that would be interested. Sad part he's not big enough to make the project viable. From abuse at rinet.ru Thu May 4 14:41:51 2006 From: abuse at rinet.ru (RiNet Abuse Department) Date: Thu May 4 09:45:03 2006 Subject: [SpamCop-List] why our server got listed? Message-ID: Today our primary mail server got listed again (it was delisted yesterday). Server's ip is 195.54.192.35 Reason of listing is: System has sent mail to SpamCop spam traps in the past week Dispute listing didnt work - noone care to answer. How can i get any info about reasons of listing? This system does not originate mail itself, it's just mail relay. P.S. while reading spamcop web site i've found 'misdirected bounce' feature. Can anyone explain me how it can be avoided on secondary mail relays (which do not have any info about quotas/existing users etc. and _can not_ reject mail during smtp phase)? -- Oleg. From me at privacy.net Thu May 4 10:37:18 2006 From: me at privacy.net (Frog Prince) Date: Thu May 4 09:55:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: "Andrew Engels Rump ( | > It could be useful if you get a few too old messages, and you see | > there are only two or three left, you could as well click through | > them, because one of them might still be valid. OTOH, if you see | > there are still 20 left, youâ?Tll remove them. | | Just go in to Past Reports and View recent reports and you see the | status of the last ten submitted reports - or is this something | you only get when you also pay for a mail account? Anyway the | address is http://mailsc.spamcop.net/mcgi?action=histmenu I'm trying to avoid extra steps/work. Why not present the data up front? Or better yet allow me to delete the useless reports? From spamcop-list-at-news.spamcop.net at musaic.net Thu May 4 16:51:20 2006 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Thu May 4 09:55:48 2006 Subject: [SpamCop-List] why our server got listed? In-Reply-To: References: Message-ID: <184522787.20060504155120@musaic.net> > System has sent mail to SpamCop spam traps in the past week > Dispute listing didnt work - noone care to answer. Hmmmm - did you perhaps send your dispute to one of the spam traps..? ;) > How can i get any info about reasons of listing? This system > does not originate mail itself, it's just mail relay. ...that some spammer uses at will - probably thru someone's infected/intruded PC... > P.S. while reading spamcop web site i've found 'misdirected > bounce' feature. Can anyone explain me how it can be avoided > on secondary mail relays (which do not have any info about > quotas/existing users etc. and _can not_ reject mail during > smtp phase)? http://spamlinks.net/prevent-secure-backscatter.htm -- St From Kilgallen at SpamCop.net Thu May 4 10:09:30 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu May 4 10:10:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: <687R+IIvVo4Q@eisner.encompasserve.org> In article , RiNet Abuse Department writes: > P.S. while reading spamcop web site i've found 'misdirected bounce' > feature. Can anyone explain me how it can be avoided on secondary > mail relays (which do not have any info about quotas/existing users > etc. and _can not_ reject mail during smtp phase)? Such a machine is not viable in the world of today's spammers. Rejecting email during the SMTP dialog is essential. If your machine cannot do that, I recommend sending it to the scrap heap. From MikeE at ster.invalid Thu May 4 08:11:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 10:15:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: RiNet Abuse Department wrote: > Today our primary mail server got listed again (it was delisted > yesterday). Delisting is not the comprehensive way to manage a problem with a server getting itself blocklisted. > Server's ip is 195.54.192.35 195.54.192.35 = relay.rinet.ru which is one of several output servers in the same family, some of which are also listed on other blocklists. > Reason of listing is: > System has sent mail to SpamCop spam traps in the past week 195.54.192.35 listed in bl.spamcop.net will be delisted automatically in approximately 19 hours has sent mail to SpamCop spam traps past 86.9 days, it has been listed 5 times for a total of 44 hours > Dispute listing didnt work - noone care to answer. dispute listing only works for the instance of when the listing is based on 'mistakes' -- where a mistake is a mistake during the parse, that an IP is named as source when it wasn't, or when a reporter mistakenly reported their own provider named in a mistaken parse. 'Mistakes' do not include reports based on backscatter or other non-conventional abuse which is not typical spam sourced from the IP. The dispute par sez: // Dispute Listing -- If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes. // Disputing a listing because the listing was based on backscatter is going to be considered meritless. > How can i get any info about reasons of listing? This system does > not originate mail itself, it's just mail relay. Because the listing is based on spamtrap hitting, there isn't a process by which you could have gotten the report evidence itself. When there are reports from reporters and not spamtraps, those reports are sent to abuse@rinet.ru > P.S. while reading spamcop web site i've found 'misdirected bounce' > feature. Can anyone explain me how it can be avoided on secondary > mail relays (which do not have any info about quotas/existing users > etc. and _can not_ reject mail during smtp phase)? Misdirected bounces result from the condition of a server which is facing the internet and accepting mail with bogus Froms which it can't deliver which server then creates abusive newmails addressed to the bogus From. Those abusive newmails are spamcop reportable. That configuration is no good. When you were reading on the spamcop website faq, you must've surely encountered this lengthy help page, which you should have been following instead of simply express delisting instead of remedying the problem: http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders bad? -- Traditional auto-responders - Misdirected bounces Challenge/response spam filtering -- Why not allow bounces? -- Mitigation techniques? - If you use qmail, please apply a patch -- Microsoft has updates available for their Exchange Servers -- your responder should use SPF and/or Domain Keys to verify the authenticity of the message being replied to -- Sending delayed bounces to all and sundry is not a good way to prevent directory harvesting - it harms others and does not really prevent harvesting -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu May 4 08:30:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 10:35:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > RiNet Abuse Department wrote: >> Today our primary mail server got listed again > 195.54.192.35 = relay.rinet.ru > which is one of several output servers in the same family, some of > which are also listed on other blocklists. > 195.54.192.35 listed in bl.spamcop.net 195.91.195.33 = shvernik.rinet.ru was found in the CBL proxified spamtrap hitter inetnum: 195.54.192.0 - 195.54.192.127 netname: RINET-INTERNAL descr: Cronyx Plus Ltd. descr: RiNet ISP inetnum: 195.91.195.32 - 195.91.195.63 netname: SHV-DHCP-HNET descr: Shvernik residential network segment; DHCP descr: RiNet ISP marmot.rinet.ru DNS 158.250.26.66 158.250.26.66 rDNS ns.cronyx.ru 158.250.26.66 listed in bl.spamcop.net will be delisted automatically in approximately 7 hours has sent mail to SpamCop spam traps past 49.8 days, it has been listed 2 times for a total of 36 hours 195.91.198.239 h195-91-198-239.ln.rinet.ru CBL listed, outputs thousands of items per day 195.91.172.16 h195-91-172-16.ln.rinet.ru CBL listed, outputs hundreds of items per day -- Mike Easter kibitzer, not SC admin From turan.fe at t-online.de Thu May 4 18:44:21 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Thu May 4 11:45:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Your e-mail address can be considered as "burned". It is too well known to spammers to get it clean again. The best method to get rid of spam is - Get an additional address, if possible one that cannot be guessed and will not be found with a dictionary attack. - If the address does not get spammed, tell your friends (!) about this address and phase out the old one. - Otherwise, try yet another one. I have got rid of spam this way. Turan From MikeE at ster.invalid Thu May 4 09:58:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 12:00:04 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Gareth wrote: > I am new to spamcop. Good. Being a spamcop reporter is a more advanced form of good mailbox management than simply managing your Inbox to prevent spam annoyance -- it is actually slightly more trouble than just keeping spam out of the Inbox and out of your visual range, so it is important that your higher priorities should be met first. IMO, your first 'responsibility' is to manage your Inbox conveniently and your second responsibility is to never aid or profit any spammer, mainsleaze or otherwise, intentionally or inadvertently. That is a passive antispammer responsibility. The next higher level of antispammer action is to spamcop report your spam which has already been diverted from your Inbox by fulfilling the first two responsibilities. > I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per > day. That doesn't mean the address of the user+domain was used before. Spammers put usernames + various domainnames, so choosing a username which has ever been used by anyone with any domain will get you spam before you ever expose it. > I have been reporting all the spam for nearly a month now but > have not noticed any change in the volume of spam I receive. That is to be expected in the current condition of modern spam. Modern spam is mostly injected/sourced by abused user IP proxified trojans and mostly spamvertising bulletproof spamvertisers whose providers do not intend to terminate the spamvertiser. > Is this normal? Yes, as long as you are able to handle your spam conveniently and non-frustratingly and also report it sufficiently conveniently and as long as you are not profitting any spammers in the process of handling your spam. If you are profitting spammers in any way, I would suggest that you restructure how you are mail handling and fulfill the non-profitting role before you begin to report spam. If you are handling your spam insecurely to report to spamcop, I recommend that you do not do that. > Should I persevere or are these spammers just too good > at avoiding being being blocked? If the other responsibilities are otherwise met, ideally by having a proper spamfilter diverting all of your spam to the Junk folder from which it is reported, and if the submission to spamcop is performed properly and easily, then there is a benefit to the spamcop reporting. That reporting will not reduce your spam, but it will contribute to the SCbl which can help you and others filter your spam more effectively. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Thu May 4 09:59:40 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 4 12:00:09 2006 Subject: [SpamCop-List] Re: [OT] phone spam In-Reply-To: References: Message-ID: Tim McGraw wrote: > > I predict this will become a more prevalent way of spamming This not entirely unrelated item just came across my virtual desk: "Phishers are targeting potential victims through yet another channel: voice over IP systems... The scam is particularly ingenious because it is so cheap for the phisher to run." http://www.ecommercetimes.com/story/spQGvdVUfMu05r/Phishers-Latch-Onto-VoIP-Systems.xhtml From ppearson at nowhere.invalid Thu May 4 17:11:51 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Thu May 4 12:15:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On Thu, 04 May 2006 08:40:56 +0100, Gareth wrote: > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? Adding my perspective to those of previous posters: Spamcop doesn't keep spammers from sending you spam, but it does two useful things: 1. Spamcop makes it easy to report spammers, which you might want to do for public-spiritedness; and 2. Spamcop gives you some good spam-sorting tools to facilitate finding the wheat among the chaff. The parts that I find useful are: - the Held Mail folder, particularly the (unlabeled) "select all" box and the "Report as Spam" button; - the Filters; - the whitelist; and - the web-form-based Report Spam page (http://mailsc.spamcop.net), for spam that sneaks past all the guards and makes it to my Linux box. My ISP (Charter) silently discards email I send that looks like spam, so I can't just forward spam to my Spamcop reporting email address. If you read French, you can find detailed usage suggestions on Jean-Daniel Dodin's wiki: http://dodin.org/mediawiki/index.php/SpamCop -- To email me, substitute nowhere->spamcop, invalid->net. From oleg at lath.rinet.ru Thu May 4 18:45:16 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 13:50:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > RiNet Abuse Department wrote: >> Today our primary mail server got listed again (it was delisted >> yesterday). > > Delisting is not the comprehensive way to manage a problem with a server > getting itself blocklisted. Sure. But this server pass through about half million messages per day, serving ~8k clients. When it got listed, problem was fixed asap (i.e. manual delisting), then i've filled dispute form (in order to get details and fix root of the problem). > >> Server's ip is 195.54.192.35 > > 195.54.192.35 = relay.rinet.ru > which is one of several output servers in the same family, some of which > are also listed on other blocklists. > >> Reason of listing is: >> System has sent mail to SpamCop spam traps in the past week > > 195.54.192.35 listed in bl.spamcop.net > will be delisted automatically in approximately 19 hours > has sent mail to SpamCop spam traps > past 86.9 days, it has been listed 5 times for a total of 44 hours > yes, i've seen that. But it's still unclear was it mail originated from server? was it bounce? anything else? what should i fix? >> Dispute listing didnt work - noone care to answer. > > dispute listing only works for the instance of when the listing is based > on 'mistakes' -- where a mistake is a mistake during the parse, that an > IP is named as source when it wasn't, or when a reporter mistakenly > reported their own provider named in a mistaken parse. > > 'Mistakes' do not include reports based on backscatter or other > non-conventional abuse which is not typical spam sourced from the IP. > > The dispute par sez: // Dispute Listing -- If you are the administrator > of this system and you are sure this listing is erroneous, you may > request that we review the listing. Because everyone wants to dispute > their listing, regardless of merit, we reserve the right to ignore > meritless disputes. // > > Disputing a listing because the listing was based on backscatter is > going to be considered meritless. > How can i know what was that? 'Sending mail to spamcop trap' diagnostic is not detailed enough - i still dont know which kind of problem should i fix (was it bounce to spamtrap? someone who has access to this server sent mail to spamtrap? autoresponder message?). Daily log of this server is about 2G, so i _have to know_ what i'm looking for. >> How can i get any info about reasons of listing? This system does >> not originate mail itself, it's just mail relay. > > Because the listing is based on spamtrap hitting, there isn't a process > by which you could have gotten the report evidence itself. When there > are reports from reporters and not spamtraps, those reports are sent to > abuse@rinet.ru yes, i know this. I'm the person who is dealing with those reports. If i get such report for the issue we are talking about - i would be happy and we had nothing to discuss. > >> P.S. while reading spamcop web site i've found 'misdirected bounce' >> feature. Can anyone explain me how it can be avoided on secondary >> mail relays (which do not have any info about quotas/existing users >> etc. and _can not_ reject mail during smtp phase)? > > Misdirected bounces result from the condition of a server which is > facing the internet and accepting mail with bogus Froms which it can't > deliver which server then creates abusive newmails addressed to the > bogus From. Those abusive newmails are spamcop reportable. That > configuration is no good. > > When you were reading on the spamcop website faq, you must've surely > encountered this lengthy help page, which you should have been following > instead of simply express delisting instead of remedying the problem: > > http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders > bad? -- Traditional auto-responders - Misdirected bounces > Challenge/response spam filtering -- Why not allow bounces? -- > Mitigation techniques? - If you use qmail, please apply a patch -- > Microsoft has updates available for their Exchange Servers -- your > responder should use SPF and/or Domain Keys to verify the authenticity > of the message being replied to -- Sending delayed bounces to all and > sundry is not a good way to prevent directory harvesting - it harms > others and does not really prevent harvesting > I'm aware of all that stuff. But ISP mail server should avoid standard violation as much as possible. Correct me if i'm wrong: server may be listed if (and due to!) it does conform rfc822 (i.e. will send bounce)? And you can avoid this if you violate this part of rfc822? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From nobody at devnull.spamcop.net Thu May 4 14:56:36 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 4 14:00:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: ... > > Perhaps distributed with new computer pruchases either from the > manufacure > or from the retailer. I know one very small retailer that > would be > interested. Sad part he's not big enough to make the project > viable. > > IMO that would be ideal, but ... since MS has done something similar to that, along with many vendors too, it's so hidden and innocuous that most people don't even realize the information is there, or care, since it looks like part of the sales hype when it is mentioned. Including av-ware with OEMs has helped a little I think, but not much. Somehow there has to be a way to make it compelling for people to WANT to find out about such things, and to follow through at least a little bit. And that's where education of the masses comes back into the picture: Somehow, it has to become part of the everyday dialog of "normal" computer users. PBS and their like is an excellent starting point. I know I'd watch it. I even watch dotto Tech when I know they're going to talk about spam and/or email, but for whatever reason I'm never impressed with their presentations. That's why I think interviews with everyone from spammers to the spammed and scammed is so important. I saw AMW (or was it COPS?) do a piece on the 'net and chatting the other day, netting them a bunch of pedophiles: THAT was interesting! But, once it's over, it over; on to the next big thing. What they presented was good, but only as far as it went. I doubtr it did much more than cause a few family arguements with the teens and maybe one or two people thought it could really happen to them! And that, IMO, points out that NEWBIES are not only in the majority, and need the information the most, but they aren't getting it. Why not? is the question that has to be answered. Hell, I just realized I don't know what I'm talking about! Regards, Pop From MikeE at ster.invalid Thu May 4 13:32:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 15:35:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > Correct me if i'm wrong: server may be listed if (and due to!) it does > conform rfc822 (i.e. will send bounce)? And you can avoid this if you > violate this part of rfc822? You are wrong. Sending newmails you are calling 'bounces' to forged >From addresses is no longer acceptable server behavior. rfc822 does not state that you should create a newmail and address it to a bogus address. rfc822 does not address the issue of forged From. rfc822 was written in yesteryear before there was any such thing as SFC or other such as domain keys to verify authenticity of source and did not address the necessity to avoid abusive server behavior caused by more forged From mail failures than real ones. Talking about rfc822 isn't going to keep an abusive server from being blocklisted. If you will go to the faq I cited earlier http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders bad? you will see mention of that same 'rfc822 song and dance' and an answer. // Q: Why not allow bounces? They are required by RFC822! A: [...] it is possible to avoid the situation under which they are required (see above). So they aren't really required unless you have already 'painted yourself into a corner.' // -- Mike Easter kibitzer, not SC admin From nospam at eserverspace-is-evil.com Thu May 4 15:40:37 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 15:45:01 2006 Subject: [SpamCop-List] Re: [OT] phone spam References: Message-ID: <445A58B4.41174EC6@eserverspace-is-evil.com> POP wrote: > "NotMe" wrote in message > news:e3bomp$6uk$1@news.spamcop.net... > > > > "POP" > > > > | >I report every call, politicians included. In the > > You-can-spam > > | >act they gave themselves immunity, but they get reported > > anyway. > > | > > > | > > | I've never come across a reputable site whose AUP or TOS > > allowed > > | anyone, even politicos or whatever, to spam. Spam is spam to > > the > > | ISP and it's verboten; their servers, their right to decide > > what > > | can be done on them. I consider the phone the same: It's MY > > | phone, in MY house - no one has permission to disturb me with > > | anything I dont' wish to be disturbed about. > > | > > | Just a thought > > > > According to what the CongressCritters have passed (it's a LAW) > > they have > > the RIGHT to do just that. > > > > > > I know what you're getting at, but: > I also have the RIGHT to complain and report them for disturbing > me or to block them. And I do. > > Pop Or you could simply do what my brother did. When a telemarketer bugged him about a stereo system or some other consumer goods, he said, "We live a simple life by the Good Book." -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at eserverspace-is-evil.com Thu May 4 15:56:18 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 16:00:03 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> Message-ID: <445A5C62.6780901A@eserverspace-is-evil.com> POP wrote: > ... > > > > Perhaps distributed with new computer pruchases either from the > > manufacure > > or from the retailer. I know one very small retailer that > > would be > > interested. Sad part he's not big enough to make the project > > viable. Very nice idea, though I see POP's point about software getting lost in the bundle. I've had my computer for two or three years and there are still plenty of OEM programs I have yet to explore. I hadn't thought about a partnership with hardware or software vendors, perhaps because I view some of them as part of the problem. Worth mulling over. > Somehow there has to be a way to make it compelling for people > to WANT to find out about such things, and to follow through at > least a little bit. That's where the fun comes in. Have actors read real spam excerpts. Show how the 419eaters work. The sugar coating that helps the medicine go down. It has to be user-friendly. A spam-reporting newbie who looks at full e-mail headers is going to be frustrated and intimidated. How do I decipher and decode all this? Well, you don't need to. We would isolate the parts that mean something or, better yet, simply refer newbies to SpamCop. > (snip) That's why I think interviews with everyone from spammers to > the spammed and scammed is so important. Occasionally, a newspaper or TV report features someone who's chomped on spam bait. Would love to know how these people are discovered. Police reports, I guess. > > And that, IMO, points out that NEWBIES are not only in the > majority, and need the information the most, but they aren't > getting it. Why not? is the question that has to be answered. POP, you *do* know what you're talking about. Why isn't the information out there already? Follow the money. Who stands to make a buck out of antispam efforts? Do hardware and software vendors, ISPs and hosting companies see that education about spam boosts their bottom lines? Doubtful. The black hats profit from spam. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at eserverspace-is-evil.com Thu May 4 15:59:30 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Thu May 4 16:00:10 2006 Subject: [SpamCop-List] (OT) Good Domain Registrars & Hosting Companies Message-ID: <445A5D22.DCE84955@eserverspace-is-evil.com> For my website, I'm looking for domain registrars and hosting companies that are affordable and white-hat. Website's not complictated. No flash, but will probably add film trailers or short films that take up a lot of space. Not sure that it matters, but I'm in Iowa. Thanks in advance. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From tmcgraw at spamcop.net Thu May 4 14:06:13 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 4 16:10:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies In-Reply-To: <445A5D22.DCE84955@eserverspace-is-evil.com> References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Steve Holmes wrote: > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. Personally I have found GoDaddy to be very responsive and anti-spam, but I've seen many others complain about them. I also use crystaltech.com for all my hosting. Not the cheapest, but the tools are excellent and there's 24-hour telephone support with a live human in Arizona. From not at here.invalid Thu May 4 17:05:02 2006 From: not at here.invalid (Ellen) Date: Thu May 4 16:10:09 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: "RiNet Abuse Department" wrote in message news:e3d0av$tkm$1@news.spamcop.net... > Today our primary mail server got listed again (it was delisted > yesterday). Server's ip is 195.54.192.35 > Reason of listing is: > System has sent mail to SpamCop spam traps in the past week > > Dispute listing didnt work - noone care to answer. > Answered via email this morning. Ellen SpamCop From not at here.invalid Thu May 4 17:06:13 2006 From: not at here.invalid (Ellen) Date: Thu May 4 16:10:15 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: "Steve Holmes" wrote in message news:445A5D22.DCE84955@eserverspace-is-evil.com... > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. > I have been happy with pair.com and have used them for years. Ellen From nobody at spamcop.net Thu May 4 17:24:27 2006 From: nobody at spamcop.net (indigo) Date: Thu May 4 16:25:02 2006 Subject: [SpamCop-List] Re: Pump and Dump References: Message-ID: Tim McGraw wrote: > Berny wrote: > > > > P&D is Illegal, but difficult to prove. > > > > It depends on where the shares have been traded, probably at the > > Vancouver Stock Exchange,which is part of the TSX, so you need to > > file a formal complaint with the Ontario, and, British Columbia > > Securities comissions, they have a web page, complaint would have > > to be on paper., I would CC the NASDAQ and SEC (USA) also. > > I'm not an investor, but I don't believe NASDAQ has anything to do > with microcaps. The issue isn't whether it's a microcap or not, it's what exchange the stock is traded on. If it's a pink sheet stock (over the counter), obviously you can't complain to NASDAQ about it, but if it's traded on NASDAQ you sure can file a complaint with them or the SEC (and it will be taken seriously). But since the stock price has to be above $1.00 for it to be listed on NASDAQ, chances are that it's not on that exchange. From Someone at invalid.foo Thu May 4 22:43:09 2006 From: Someone at invalid.foo (Someone who hates spam) Date: Thu May 4 16:45:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: X-No-Archive: Yes "Steve Holmes" wrote in message news:445A5D22.DCE84955@eserverspace-is-evil.com... > For my website, I'm looking for domain registrars and hosting companies > that are affordable and white-hat. Website's not complictated. No flash, > but will probably add film trailers or short films that take up a lot of > space. Not sure that it matters, but I'm in Iowa. > > Thanks in advance. > > -- > Steve Holmes > Executive Producer > "The New Ball Game" > "RailFAN" > 319-337-9507 > We use www.liquidweb.com. Found them to be excellent value. They seem to stay out of the DNSBL's as well, as well as having good anti-spam and DNSBL's included in their email systems - including spamcop. From oleg at lath.rinet.ru Thu May 4 21:46:39 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 16:50:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > Oleg Bulyzhin wrote: > >> Correct me if i'm wrong: server may be listed if (and due to!) it does >> conform rfc822 (i.e. will send bounce)? And you can avoid this if you >> violate this part of rfc822? > > You are wrong. Sending newmails you are calling 'bounces' to forged > From addresses is no longer acceptable server behavior. Okay. I was wrong naming such messages 'bounces', rfc calls them DSNs. And of course it's not rfc822 it's rfc821 (or newer one 2821). > > rfc822 does not state that you should create a newmail and address it to > a bogus address. rfc822 does not address the issue of forged From. > rfc822 was written in yesteryear before there was any such thing as SFC > or other such as domain keys to verify authenticity of source and did > not address the necessity to avoid abusive server behavior caused by > more forged From mail failures than real ones. rfc821 (status: standard), 3.6 Relaying: ... If a server-SMTP has accepted the task of relaying the mail and later finds that the forward-path is incorrect or that the mail cannot be delivered for whatever reason, then it must construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path). rfc2821 (status: proposed standard), 3.7 Relaying: ... If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse- path). And you can't avoid situation when you have to accept message first and deliver it later. Point. Just remember there are non-smtp mail systems. > Talking about rfc822 isn't going to keep an abusive server from being > blocklisted. Uhm. I didnt ask for delisting or whitelisting. I just want to know why i got listed. > If you will go to the faq I cited earlier > http://www.spamcop.net/fom-serve/cache/329.html Why are auto responders > bad? > > you will see mention of that same 'rfc822 song and dance' and an answer. > > // Q: Why not allow bounces? They are required by RFC822! A: [...] it > is possible to avoid the situation under which they are required (see > above). So they aren't really required unless you have already 'painted > yourself into a corner.' // As i mentioned above i'm talking about DSNs (which i incorrectly named bounce). Supressing DSNs is standard violation. _There are_ situations when you should accept mail and deliver it later. -- Oleg. From redford_stone at INVERSE_OF_COLDmail.com Thu May 4 21:53:35 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu May 4 16:55:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Tim McGraw wrote in news:e3dmrm$edu$1 @news.spamcop.net: > Steve Holmes wrote: >> For my website, I'm looking for domain registrars and hosting companies >> that are affordable and white-hat. Website's not complictated. No flash, >> but will probably add film trailers or short films that take up a lot of >> space. Not sure that it matters, but I'm in Iowa. > > Personally I have found GoDaddy to be very responsive and anti-spam, but > I've seen many others complain about them. > > I also use crystaltech.com for all my hosting. Not the cheapest, but the > tools are excellent and there's 24-hour telephone support with a live > human in Arizona. > I'll concur that GoDaddy is pretty good in terms of responding to spam reports. They've whacked sites that I've sent LARTs about. From pantheus at suespammers.org Thu May 4 15:01:49 2006 From: pantheus at suespammers.org (ken) Date: Thu May 4 17:05:02 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: On Thu, 04 May 2006 16:06:13 -0400, Ellen wrote: > > "Steve Holmes" wrote in message > news:445A5D22.DCE84955@eserverspace-is-evil.com... >> For my website, I'm looking for domain registrars and hosting companies >> that are affordable and white-hat. > I have been happy with pair.com and have used them for years. > > Ellen I too highly recommend pair.com ... there isn't a more white-hat host out there. They have a wide range of plans from very low cost to co-lo and a discount for registration and hosting packages. Been with them 7+ years, after trying vastly inferior hosts/registrars. Ken From MikeE at ster.invalid Thu May 4 16:23:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 18:25:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > rfc821 (status: standard), 3.6 Relaying: > ... > If a server-SMTP has accepted the task of relaying the mail and > later finds that the forward-path is incorrect or that the mail > cannot be delivered for whatever reason, then it must construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the > reverse-path). > > > rfc2821 (status: proposed standard), 3.7 Relaying: > ... > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). rfc means 'request for comments' -- in which rfc 821 was written in 1982 and superceded by rfc 2821 which was written in 2001 and which also failed to adquately address security considerations which were addressed in rfc 3552 which required that all rfc/s have security considerations addressed. rfc 2821 had some security considerations but rfc 3552 recognizes that the smtp issues were inadequately addressed. RFC 3552 : All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. 6.1. SMTP When RFC 821 was written, Security Considerations sections were not required in RFCs, and none is contained in that document. [RFC 2821] updated RFC 821 and added a detailed security considerations section. We reproduce here the Security Considerations section from that document (with new section numbers). Our comments are indented and prefaced with 'NOTE:'. We also add a number of new sections to cover topics we consider important. rfc 3552 has a section: 6.1.1.1. Mail Security and Spoofing which starts: // SMTP mail is inherently insecure in that it is feasible for even fairly casual users to negotiate directly with receiving and relaying SMTP servers and create messages that will trick a naive recipient into believing that they came from somewhere else. // Citing a RFC as a basis for a server performing abusively doesn't work any better than me citing a RFC which says that some 24 year old RFC which was upgraded 5 years ago with some inadquate improvement failed to address the inherent insecure aspects of smtp mail handling. The realworld situation is that your server is outofdate in its behavior if it is newmailing abusive DSNs to bogus Froms and citing the old RFC isn't getting you any closer to fixing it. > Uhm. I didnt ask for delisting or whitelisting. > I just want to know why i got listed. Presumably abusive backscatter -- if you know you are backscattering or newmailing forged Froms, that's all the information you need. You don't need any examples of it. > As i mentioned above i'm talking about DSNs (which i incorrectly > named bounce). Supressing DSNs is standard violation. _There are_ > situations when you should accept mail and deliver it later. There are /not/ situations in which you should be manufacturing a newmail addressed to some address which never sent you a mail in the first place. Putting yourself into a situation in which you are 'holding' a mail which you have accepted insecurely and claiming that it is some kind of alleged 'violation' to not abusively newmail a forged >From is choosing to use some old RFC as an excuse for an unacceptable behavior. It is a violation of the rights of the mailbox holder of the forged From address for you to be emailing unsolicited and abusive mails. Claiming you need to do that to comply with your theory of what an old RFC used to mean doesn't justify the abusive server behavior. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu May 4 16:26:40 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 18:30:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote... > rfc821 (status: standard), 3.6 Relaying: > ... > If a server-SMTP has accepted the task of relaying the mail and > later finds that the forward-path is incorrect or that the mail > cannot be delivered for whatever reason, then it must construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the > reverse-path). > > > rfc2821 (status: proposed standard), 3.7 Relaying: > ... > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). > > And you can't avoid situation when you have to accept message first and > deliver it later. Because spammers forge identities, the assumption that the originator is indicated by the reverse-path (or by the From line) is now false in the vast majority of cases, and "undeliverable mail" notification emails are now nearly universally considered to be spam. You need to stop doing what the RFCs above tell you to do. One way (the method most commonly used) is to simply never relay, thus following the letter of the RFCs without spamming. If your situation is such that you can't avoid relaying, then you have two choices; disobey the RFC sections that tell you to spam, or obey the RFC sections that tell you to spam and be treated like the RFC-compliant spammer that you are. I don't like the available choices any better than you do, but they are the only available choices just the same. G.M. From oleg at lath.rinet.ru Fri May 5 01:32:33 2006 From: oleg at lath.rinet.ru (Oleg Bulyzhin) Date: Thu May 4 20:35:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Mike Easter wrote: > Oleg Bulyzhin wrote: > >> rfc821 (status: standard), 3.6 Relaying: >> ... >> If a server-SMTP has accepted the task of relaying the mail and >> later finds that the forward-path is incorrect or that the mail >> cannot be delivered for whatever reason, then it must construct an >> "undeliverable mail" notification message and send it to the >> originator of the undeliverable mail (as indicated by the >> reverse-path). >> >> >> rfc2821 (status: proposed standard), 3.7 Relaying: >> ... >> If an SMTP server has accepted the task of relaying the mail and >> later finds that the destination is incorrect or that the mail cannot >> be delivered for some other reason, then it MUST construct an >> "undeliverable mail" notification message and send it to the >> originator of the undeliverable mail (as indicated by the reverse- >> path). > > rfc means 'request for comments' -- in which rfc 821 was written in 1982 > and superceded by rfc 2821 which was written in 2001 and which also > failed to adquately address security considerations which were addressed > in rfc 3552 which required that all rfc/s have security considerations > addressed. > > rfc 2821 had some security considerations but rfc 3552 recognizes that > the smtp issues were inadequately addressed. > > RFC 3552 : All RFCs are required to have a Security Considerations > section. Historically, such sections have been relatively weak. This > document provides guidelines to RFC authors on how to write a good > Security Considerations section. > > 6.1. SMTP When RFC 821 was written, Security Considerations sections > were not required in RFCs, and none is contained in that document. > [RFC 2821] updated RFC 821 and added a detailed security > considerations section. We reproduce here the Security Considerations > section from that document (with new section numbers). Our comments are > indented and prefaced with 'NOTE:'. We also add a number of new > sections to cover topics we consider important. > > rfc 3552 has a section: 6.1.1.1. Mail Security and Spoofing > > which starts: // SMTP mail is inherently insecure in that it is > feasible for even fairly casual users to negotiate directly with > receiving and relaying SMTP servers and create messages that will > trick a naive recipient into believing that they came from somewhere > else. // > > Citing a RFC as a basis for a server performing abusively doesn't work > any better than me citing a RFC which says that some 24 year old RFC > which was upgraded 5 years ago with some inadquate improvement failed to > address the inherent insecure aspects of smtp mail handling. > > The realworld situation is that your server is outofdate in its behavior > if it is newmailing abusive DSNs to bogus Froms and citing the old RFC > isn't getting you any closer to fixing it. rfc3552 has status 'best current practice', compare it to 'standard' for rfc821. Moreover, rfc3552 _does not_ refute rfc821 or 2821. It just explaining smtp design flaws and describing methods to make it better. I understand that rfc-like DSNs can be abused. But we have no any newer smtp standard. > >> Uhm. I didnt ask for delisting or whitelisting. >> I just want to know why i got listed. > > Presumably abusive backscatter -- if you know you are backscattering or > newmailing forged Froms, that's all the information you need. You don't > need any examples of it. I do. I need that damn header. I've got reply from spamcop official - server was listed cause of spamcop parser failure - trojaned machine of our client sent mail to spamtrap, but our server got listed instead of that client. So we have problem with mail delivery (about 2 days already), diagnostic of it was unclear, excluding possible reasons yeilds paradoxical result: only reason (beside an error) why our server may get listed is ... standard compliance! Funny, isn't it? > >> As i mentioned above i'm talking about DSNs (which i incorrectly >> named bounce). Supressing DSNs is standard violation. _There are_ >> situations when you should accept mail and deliver it later. > > There are /not/ situations in which you should be manufacturing a > newmail addressed to some address which never sent you a mail in the > first place. Putting yourself into a situation in which you are > 'holding' a mail which you have accepted insecurely and claiming that it > is some kind of alleged 'violation' to not abusively newmail a forged > From is choosing to use some old RFC as an excuse for an unacceptable > behavior. > > It is a violation of the rights of the mailbox holder of the forged From > address for you to be emailing unsolicited and abusive mails. Claiming > you need to do that to comply with your theory of what an old RFC used > to mean doesn't justify the abusive server behavior. It isnt my theory, see rfc 2026 & 3700. -- Oleg. From MikeE at ster.invalid Thu May 4 19:05:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 4 21:10:03 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote: > I do. I need that damn header. I've got reply from spamcop official - > server was listed cause of spamcop parser failure - trojaned machine > of > our client sent mail to spamtrap, but our server got listed instead > of that client. That's good news. It is much much better for a user IP behind the server to get named as source than the server. However, it would be even better if you secured your problematic spewing proxy/trojan user IPs, and example of which I named earlier. The parser is designed to not name a server relaying for its user if it can chain the parse back to a user IP behind the server. It is not desirable for servers to be listed for user IP behavior behind because of the collateral damage caused by the server listing. > So we have problem with mail delivery (about 2 days already), > diagnostic of it was unclear, excluding possible reasons yeilds > paradoxical result: only reason (beside an error) why our server may > get listed is ... > standard compliance! Funny, isn't it? Somewhere earlier I thought you were explaining why it was necessary to send DSN failures to bogus Froms. I'm thinking you have a backscattering server. If the listing was caused /entirely/ by a server getting named by the parser tripping by prematurely breaking the chain error, then the deputy will 'fix' that. If the listing were caused by a combination of chain errors which should have sourced a user IP and backscatter which should have named the server, then I expect that s/he would let the backscatter reports stand. If the 'removal' of the mistaken report counts resulted in the server's delisting, then that would be good for you. If the server can get itself listed by too much backscatter in addition to a bad parse for something else, then you still have a problem. -- Mike Easter kibitzer, not SC admin From / at /.cn Fri May 5 12:15:20 2006 From: / at /.cn (Petzl) Date: Thu May 4 21:20:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Gareth" wrote in message news:e3cb68$gve$1@news.spamcop.net... > Hi > > I am new to spamcop. I recently opened an email account with my ISP which > has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good at > avoiding being being blocked? > > Cheers > > Gareth SpamCop does notify, or try's to, the owner of the spam source, this source gets added to many blocklists For a spam proof/resistant email account the only effective one is http://www.spamcop.net/ces/individuals.shtml This sorts spam to a folder for Very Easy Reporting (VER) and deletes virus's Keeps inbox clean Unless your email account is properly using the SCBL and or other blocking means you are fighting a losing battle Security of far to many computers is non-existent For instance anyone with a WiFi laptop can find unsecured computers everywhere http://stumbler.net/ has a (no cost, beggarware) program which will easily locate such networks for one to use and abuse Petzl -- Check your computers security (free) From nobody at devnull.spamcop.net Thu May 4 19:30:10 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 21:35:02 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote... > rfc3552 has status 'best current practice', compare it to 'standard' > for rfc821. Moreover, rfc3552 _does not_ refute rfc821 or 2821. It just > explaining smtp design flaws and describing methods to make it better. > > I understand that rfc-like DSNs can be abused. But we have no any newer > smtp > standard. It appears to me that everyone is doing something that they are convinced that they are allowed to do. You are following an RFC that tells you to send spam. You are allowed to do that by the RFC, but you are not immune from this basic fact of life: Actions Have Consequences. Your choice to send email to people who never emailed you has the consequence of pretty much everyone on the Internet treating you like the spammer that you are. As much as we all would like to live in a world where we are immune to any undesired consequences, this is not that world, and we all have to live with the consequences of our actions. SpamCop is placing the IP addresses that you use to send spam (that the RFC said you can send) in a database of IP addresses that meet certain criteria. You can't claim that Spamcop isn't allowed to do that; anybody can put anything they wish into their own database. Spamcop isn't immune to the basic fact of life that Actions Have Consequences either. I note two consequences as being particularly interesting; first, I pay Spamcop (I am a customer and I donate beyond what I pay for the service). That's because I approve of what Spamcop is doing. Second, you complain and your complaints get ignored. That's because you do not approve of what Spamcop is doing. You have a right to complain, Spamcop has a right to ignore your complaints, and I have a right to send money to Spamcop and to give my own not-affiliated-with-spamcop answer to your complaint. I, among many others on the Internet, have configured my email system to accept then silently delete any email from any of the IP addresses listed in the Spamcop database -- including yours. You can't claim that I am not allowed to do that; anybody can refuse to read any emails that they don't want to read and I don't want to read anything from known spammers such as yourself. Now that we have dealt with what we each are allowed to do, let's look at the matter of politeness; polite people don't do things that inconvenience others without having a good reason to do so -- even if they are allowed to. You no doubt feel that you are inconvenienced by me and others like me blocking your emails. I feel that I am inconvenienced by you and others like you who send me spam. I have a very good reason for rejecting your spam emails; they are part of a flood of emails from you and other spammers that, if not filtered out, would make my email system unusable. As far as I can tell you do not have a good reason to send your spam emails to people who have never emailed you. So the principle of politeness demands that you be the one who changes his behavior. IHTH. G.M. From nobody at devnull.spamcop.net Thu May 4 19:39:10 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu May 4 21:40:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: > For a spam proof/resistant email account the only effective one is > http://www.spamcop.net/ces/individuals.shtml Nonsense. Spamcop is a good choice, but it is not the only effective choice. It might not even be the best choice; Tuffmail has many useful features that Spamcop lacks, for example. (That doesn't make them better, of course, what is important is whether your needs are addressed). http://www.tuffmail.com/features.php From / at /.cn Fri May 5 12:46:54 2006 From: / at /.cn (Petzl) Date: Thu May 4 21:50:06 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3eabu$rm4$1@news.spamcop.net... > > >> For a spam proof/resistant email account the only effective one is >> http://www.spamcop.net/ces/individuals.shtml > > Nonsense. Spamcop is a good choice, but it is not the only effective > choice. It might not even be the best choice; Tuffmail has many useful > features that Spamcop lacks, for example. (That doesn't make them better, > of course, what is important is whether your needs are addressed). > > http://www.tuffmail.com/features.php > Not IMO!! Unless it notifies ISP's of caught spam as SpamCop does sounds pretty useless Just bitbin'ing spam does nothing to reduce spam Petzl -- Check your computers security (free) From nttp.sc.s at bigsleep.org Fri May 5 03:17:17 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu May 4 22:20:02 2006 Subject: [SpamCop-List] Re: Spam Film Idea References: <44585AD2.C99FBE06@shpvideo.com> <4459079D.6F2EB24C@qwest-is-evil.com> <4459B532.C111F400@qwest-is-evil.com> <445A5C62.6780901A@eserverspace-is-evil.com> Message-ID: On 04 May 2006, - Steve Holmes entered spamcop and left news:445A5C62.6780901A@eserverspace-is-evil.com: > Do hardware and software vendors, ISPs and hosting > companies see that education about spam boosts their bottom lines? > Doubtful. The black hats profit from spam. It gives gives them something to sell, like the butterfly ad (is it just me, or does the MS butterfly like just like The Tick? Don't think I'd feel too confortable having that big bozo watching over me). "Can spam? I'd say it's already canned... though, a square shiny can... and who says a can has to be round? Maybe it could be a ball? And boy! what a ball we'd have playing with that shiny can of spam... and if it were a ball... I'd smash it FLAT! 'cause a shiny round can of spam just ain't no match for The Tick!" -- | Ric | From edb2000 at spamcop.net Thu May 4 21:17:24 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu May 4 23:20:04 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies In-Reply-To: References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Redstone wrote: > I'll concur that GoDaddy is pretty good in terms of responding to spam > reports. They've whacked sites that I've sent LARTs about. I've heard reports from a couple of affected domain owners that GoDaddy goes further than whacking hosted web sites they host. According to these reports, GoDaddy will take down the DNS for a domain name, if they are the registrar, upon receipt of a single complaint of a spamvertised web site. Both of these claimed they were Innocent Bystanders (IB), but I have not myself verified any part of their claims. That said, I use GoDaddy for my domain registrations, and hope those claims are not true! (I don't host web sites there, so this is somewhat OT, but not too far afield.) -- Don Wannit A paid SpamCop user since 1999 From jg at coks.net Thu May 4 22:26:27 2006 From: jg at coks.net (jg) Date: Fri May 5 00:25:04 2006 Subject: [SpamCop-List] Re: Pump and Dump In-Reply-To: References: Message-ID: On 5/4/2006 1:24 PM indigo scribbled: > Tim McGraw wrote: >> Berny wrote: >>> P&D is Illegal, but difficult to prove. >>> >>> It depends on where the shares have been traded, probably at the >>> Vancouver Stock Exchange,which is part of the TSX, so you need to >>> file a formal complaint with the Ontario, and, British Columbia >>> Securities comissions, they have a web page, complaint would have >>> to be on paper., I would CC the NASDAQ and SEC (USA) also. >> I'm not an investor, but I don't believe NASDAQ has anything to do >> with microcaps. > > The issue isn't whether it's a microcap or not, it's what exchange the stock > is traded on. If it's a pink sheet stock (over the counter), obviously you > can't complain to NASDAQ about it, but if it's traded on NASDAQ you sure can > file a complaint with them or the SEC (and it will be taken seriously). But > since the stock price has to be above $1.00 for it to be listed on NASDAQ, > chances are that it's not on that exchange. > > AFAIK, if the fraud /isn't/ perpetrated by a /member/ of NASDAQ, NASDAQ has no interest - they have enuff fish to fry - its spelled out on their site in pretty plain english - > https://apps.nasd.com/Investor_Information/complaints/spam.asp > While NASD does not prohibit its member brokerage firms or their employees from sending out spam, it does regulate the content of such messages sent to the public. In any communication with the public, NASD rules require that a member identify itself and that investors be given enough information to make a sound investment. NASD rules prohibit statements making promises. > > Remember, though, that NASD can only regulate the actions of its member brokerage firms and their employees. While all U.S. brokerage firms have to be members of NASD to do business with the public, most problem spams are likely sent to you by non-regulated businesses or individuals. > > You can check out if the firm or individual spamming you is registered with NASD on our Web site. > > If you think that the problem spammers may be registered with NASD, you can forward spam or junk e-mail recommending that you invest in a stock or other investment to spam@nasd.com. > > If the spammers are not registered with NASD, you can forward spam (junk e-mail) or copies of message board postings to enforcement@sec.gov. From skiwi at spamcop.net Thu May 4 22:53:20 2006 From: skiwi at spamcop.net (Skiwi) Date: Fri May 5 00:55:02 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Gareth wrote: > Hi > > I am new to spamcop. I recently opened an email account with my ISP > which has obviously been used before and receives around 10 spams per day. > I have been reporting all the spam for nearly a month now but have not > noticed any change in the volume of spam I receive. > Is this normal? Should I persevere or are these spammers just too good > at avoiding being being blocked? sorry if this seems like I am teaching you how to suck eggs... to reiterate what many have said here, via a bad analogy, by using spamcop (and by using, I mean reporting, as it sounds like you are doing...) then you are helping build a forcefield around the spammer's email sources - and we all thank you for helping 'us' build that field, otherwise know as the SpamCop block list (SCBL)... The problem is, you are helping to build the force field from the *spammer's side* - you need to get on the other side (I DID tell you it was a bad analogy!!) There are many ways of doing this, but the three main 'groups' of ways that I see are: (1) using an ISP or some service online that uses the SCBL (and other lists and algorithms such as SpammAssasain) to re-direct the spam somewhere safe *before* you download it, where you can check it on a semi-regular basis to make sure it is spam, report it, then dump it... (for instance, Spamcop offers this mail filtering service themselves, allowing you to (semi) transparently keep your *current* email address and run it through the service' I use it and love it, very elegant and yet fully customisable interface, $50 a year, and you ALSO get another email address that I use for online shopping, newsgroups, etc as I know it is being heavily 'checked'; it also supports 'plusage', so I have skiwi+nordstrums1@spamcop.net, skiwi+bestbuy1@spamcop.net or whatever so if I do get spam I can often see who leaked my email, if I feel so inclined [these are not 'real' email addresses BTW]) (2) get a service that 'intercepts' the mail on your PC *after* it comes off the mail server and been downloaded but *before* it gets to your email software and treats appropriately - i.e., the good stuff is let straight through, the bad is ; for friends who don't care how it works, just don't want to see spam in their In Box I use SpamPal (free, but 'donation' encouraged) on Windoze OSs and it seems to be pretty 'set and forget' (but you can tweak it as you need, if for instance it is being too aggressive) (3) you likely know about this one - this doesn't use the SCBL or other BLs, etc - but any decent email software such as Thunderbird (and even bad email software such as Outlook - woops, is my prejudice showing...) has junk filters now... kinda "AI" - when you first start using it, you manually mark spam as junk, it will trundle itself off to a sub-folder where you can deal with it; as you use the software more and more, it gets smarter and smarter (sic!) about what you consider spam and marks it itself - and you can easily un-mark (sic) it - and if say you are on a list about, I don't know, rooster husbandry, you can whitelist incoming addresses (i.e., tell the software that any email from that address will never be junk) Anyway... Just a point - I used 'force field' rather than 'wall' in my analogy as in a sense the SCBL is a vibrant, dynamic list; as spammers get through it, 'we' report spam from these sources and that hole is now plugged AND if a previous sources 'cleans up its act' it will (eventually) come off the SCBL and email from there can flow freely through to those of use using the SCBL between the emails sources and their In Boxes... From gazza at f2s.com Fri May 5 10:36:20 2006 From: gazza at f2s.com (Gareth) Date: Fri May 5 04:40:02 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Many thanks for all your helpful responses. My email address is probably quite vulnerable to dictionary attack as some of you mentioned (gazza is a popular nickname in the UK!) but I know for sure someone had it before me as I have had emails from companies to which the previous owner had subscribed (eBay and the like). I have other address which don't suffer so much spam and just created this new one as a spare. Hence I will probably drop it as it is a chore to report all this spam considering I don't really do anything else with the address. I had heard of some people having success in significantly reducing their spam with spamcop so thought I'd try it to see if I could clean up this address. I've also heard of a program called Mailwasher which apparently generates a bounce in response to spam in an attempt to convince the spammers the address in invalid. I am a bit sceptical of this since a) I doubt whether the spammers care about bounces and b) I worry if such bounces could be detected as being false and thus validate the address. Any comments on this would be appreciated. Thanks Gareth From nttp.sc.s at bigsleep.org Fri May 5 10:04:46 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 05:05:17 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 05 May 2006, - Gareth entered spamcop and left news:e3f2q4$a92$1@news.spamcop.net: > but I > know for sure someone had it before me as I have had emails from > companies to which the previous owner had subscribed (eBay and the like). Are you sure those are from eBay, I never get anything from eBay unless I buy something. Try reporting them and if they are from eBay or PayPal Spamcop will say so (you can cancel if it looks legit). It very well may be "phishing" spam, as I get those among the dictionary attacks to a new address that eBay don't have. Don't be fooled, read the headers, if in doubt, report it. Though I agree that someone certainly could have had it before, but don't assume those are legit, or change your address. -- | Ric | From dws at dealing-with-spam.info Fri May 5 12:14:15 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri May 5 05:15:04 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: Oleg Bulyzhin wrote on Thu, 4 May 2006 20:46:39 +0000 (UTC): > As i mentioned above i'm talking about DSNs (which i incorrectly named > bounce). Supressing DSNs is standard violation. _There are_ situations > when you should accept mail and deliver it later. Nobody wants you to suppress the DSN. What we (tinw) *do* want you to do is rig your secondary MX such that the situation in which a DSN should be sent no longer arises. LDAP goes a long way towards solving your problems. By using LDAP, your secondary MX can have access to the user list on the primary MX, and therefore REJECT (rather than bounce) messages sent to non-existent users. No more backscatter. Admittedly, accounts over quota are another problem. However, I'm sure that most of your problems are due to non-existent users. From dws at dealing-with-spam.info Fri May 5 12:16:47 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri May 5 05:20:02 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: Redstone wrote on Thu, 4 May 2006 20:53:35 +0000 (UTC): > I'll concur that GoDaddy is pretty good in terms of responding to spam > reports. They've whacked sites that I've sent LARTs about. I wish I could concur. They've never whacked domains with obviously bogus whois data in them that I've reported, and they've even spammed me as late as this morning (reported via SC). I'm transferring my domains away from them (Boulder Pledge obliges). From newandrew at rump.dk Fri May 5 11:04:28 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Fri May 5 06:05:03 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, "Frog Prince" mumbled in news:e3d0uq$u2n$1@news.spamcop.net: > "Andrew Engels Rump ( >| > It could be useful if you get a few too old messages, and you see >| > there are only two or three left, you could as well click through >| > them, because one of them might still be valid. OTOH, if you see >| > there are still 20 left, you??Tll remove them. >| Just go in to Past Reports and View recent reports and you see the >| status of the last ten submitted reports - or is this something >| you only get when you also pay for a mail account? Anyway the >| address is http://mailsc.spamcop.net/mcgi?action=histmenu > I'm trying to avoid extra steps/work. Why not present the data up > front? Well most people (apparently) don't care so why waste CPU-, database-, ...-power on a minor detail - which is accessable through other means. > Or better yet allow me to delete the useless reports? This is something that pops up again and again - well I am pretty sure it is on the To-Do-list but again a minor feature compared to the rest of the system. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:andrew@rump.dk * WWW: http://www.rump.dk/homepage/andrew/ From me at privacy.net Fri May 5 10:06:04 2006 From: me at privacy.net (Frog Prince) Date: Fri May 5 09:20:02 2006 Subject: [SpamCop-List] Re: Feature request: see number of unreported spam References: Message-ID: "Andrew Engels Rump ( | >| > It could be useful if you get a few too old messages, and you see | >| > there are only two or three left, you could as well click through | >| > them, because one of them might still be valid. OTOH, if you see | >| > there are still 20 left, youâ?Tll remove them. | >| Just go in to Past Reports and View recent reports and you see the | >| status of the last ten submitted reports - or is this something | >| you only get when you also pay for a mail account? Anyway the | >| address is http://mailsc.spamcop.net/mcgi?action=histmenu | > I'm trying to avoid extra steps/work. Why not present the data up | > front? | | Well most people (apparently) don't care so why waste CPU-, | database-, ...-power on a minor detail - which is accessible | through other means. Consumes a lot more CPU and bandwidth the way things are, regardless it consumes HUMAN processing time to manually display and acknowledge. Ergo when confronted with the waste I delete. Works for me but the data is lost to the system. From gazza at f2s.com Fri May 5 15:24:48 2006 From: gazza at f2s.com (Gareth) Date: Fri May 5 09:25:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Gareth entered spamcop and left > news:e3f2q4$a92$1@news.spamcop.net: > > >>but I >>know for sure someone had it before me as I have had emails from >>companies to which the previous owner had subscribed (eBay and the like). > > > Are you sure those are from eBay, I never get anything from eBay unless I > buy something. Try reporting them and if they are from eBay or PayPal > Spamcop will say so (you can cancel if it looks legit). It very well may be > "phishing" spam, as I get those among the dictionary attacks to a new > address that eBay don't have. > > Don't be fooled, read the headers, if in doubt, report it. Though I agree > that someone certainly could have had it before, but don't assume those are > legit, or change your address. > They all independently knew the guy's full name and didn't look like pishing scams. They were just adverts and weren't asking me to log in to anything. The eBay one looked identical to ones I have received in another account which I don't mind since I signed up for it. Unfortunately I trashed the eBay one but here is the report from one sent by ashampoo (a German based software retailer): http://www.spamcop.net/sc?id=z935483606z37da30f120103b39b5bfe3c7a9577287z I am no good at figuring out all the headers, etc, but from one part of the report it tells me ashampoo have been reported previously but appealed. I conclude that the guy had previously bought various stuff on the internet and is subscribed to a number of legitimate marketing mailing lists. Gareth From MikeE at ster.invalid Fri May 5 09:09:21 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 5 11:10:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Gareth wrote: > I've also heard of a program called Mailwasher which apparently > generates a bounce in response to spam in an attempt to convince the > spammers the address in invalid. That [MW bogus bounce] is a really really bad idea which is entirely misrepresented by the developers of MW mailwasher and which should be disabled because it is both abusive, against the AUP/TOS [acceptable use/ terms of service] of your provider, and can cause you problems with your provider, with blocklisting services and can even endanger your account with your mail provider. > I am a bit sceptical of this since > a) I doubt whether the spammers care about bounces 99.9% of the time the bounce never goes toward the spamsource -- only in the case of straightup spam. > and b) I worry if > such bounces could be detected as being false and thus validate the > address. A bogus bounce can be determined to be from your IP. A bogus bounce is 'designed' to try to pretend to show that a particular address had no such mailbox, so the recipient address is definitely included in the bounce. > Any comments on this would be appreciated. Don't use MW's or any other app which performs bogus bounces. The vast majority of spams have bogus From which From is typically derived from the same lists as the recipient spammees. The bogus From is occasionally 'manufactured' or not real as a part of the social engineering of a spam, such as a girl's name on some porn spam or a bank's name on a phish -- but usually bogus From is a regular address. When you bogus bounce, you are sending a newmail to the bogus From address, which address is not only innocent of the spam, but may be a reporter who reports abusive unsolicited mail such as bogus bounces or a spamtrap which also reports. Your abusive bogus bounce has your IP address in its headers and it is also a forgery of your mail provider's role accounts. The rare instance in which a bogus bounce might have any positive effect whatsoever is so uncommon as to be not worth talking about, to prevent any confusion over the issue. Do *not* bogus bounce. In fact, there is so much wrong with the MW developers' attitude that I am 'against' MW even tho' it has other positive features which are not its bogus bounce capabilities. You can use other mail applications to avoid downloading mail from the server, and most people would be better off using a filter which is able to access the entire mail rather than trying to delete from the server. That subject is a more complicated and different discussion from the issue of bogus bouncing. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri May 5 09:17:33 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 11:20:02 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Petzl wrote... > > G|_|Y |\/|AC0|\| wrote... >> >>> For a spam proof/resistant email account the only effective one is >>> http://www.spamcop.net/ces/individuals.shtml >> >> Nonsense. Spamcop is a good choice, but it is not the only effective >> choice. It might not even be the best choice; Tuffmail has many useful >> features that Spamcop lacks, for example. (That doesn't make them >> better, >> of course, what is important is whether your needs are addressed). >> >> http://www.tuffmail.com/features.php > > Not IMO!! > > Unless it notifies ISP's of caught spam as SpamCop does sounds pretty > useless > > Just bitbin'ing spam does nothing to reduce spam From dont_spam at thecow.me.uk Fri May 5 17:45:57 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Fri May 5 11:55:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: Mike Easter wrote >Gareth wrote: > >> I've also heard of a program called Mailwasher which apparently >> generates a bounce in response to spam in an attempt to convince the >> spammers the address in invalid. > >That [MW bogus bounce] is a really really bad idea which is entirely >misrepresented by the developers of MW mailwasher and which should be >disabled because it is both abusive, against the AUP/TOS [acceptable >use/ terms of service] of your provider, and can cause you problems with >your provider, with blocklisting services and can even endanger your >account with your mail provider. I'll say. >> Any comments on this would be appreciated. > >Don't use MW's or any other app which performs bogus bounces. I use MW and I nearly agree with most of what you say. Times have changed and tools for users that even suggest bouncing should be overhauled have that feature removed pdq. Problem is that I am a user and despite the many shortcomings of this particular tool, I and thousands of others find the click and go interface a tad more useful than messing about with Perl scripting. Mainly because of the inbuilt interface with Spamcop, until I find a "better" one, I shall continue to use it. > >Do *not* bogus bounce. Do not bounce at all is my philosophy but I do report. -- steve auvache From nttp.sc.s at bigsleep.org Fri May 5 17:43:49 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 12:45:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: On 05 May 2006, - Gareth entered spamcop and left news:e3fjn1$k5g$1@news.spamcop.net: > I am no good at figuring out all the headers, etc, but from one part > of the report it tells me ashampoo have been reported previously but > appealed. > > I conclude that the guy had previously bought various stuff on the > internet and is subscribed to a number of legitimate marketing mailing > lists. > That does indeed appear to be the case, that one was obviously from ashampoo, though it's not always easy to tell because companies often use another company to advertise. You could try to unsubscribe from those that look legit, but the problem is that it may be too late, some companies sell addresses, so if for example that address was submitted to a casino site you're going to be knee deep in spam. Many people here will say that advertisers should reconfirm their subscriptions, but most don't and I don't feel it's fair to report them, at least not without attempting to unsubscribe first. -- | Ric | From nobody at devnull.spamcop.net Fri May 5 10:44:55 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 12:45:10 2006 Subject: [SpamCop-List] Spamcop mail References: Message-ID: Petzl wrote... > > G|_|Y |\/|AC0|\| wrote... >> >>> For a spam proof/resistant email account the only effective one is >>> http://www.spamcop.net/ces/individuals.shtml >> >> Nonsense. Spamcop is a good choice, but it is not the only effective >> choice. It might not even be the best choice; Tuffmail has many useful >> features that Spamcop lacks, for example. (That doesn't make them >> better, >> of course, what is important is whether your needs are addressed). >> >> http://www.tuffmail.com/features.php > > Not IMO!! > > Unless it notifies ISP's of caught spam as SpamCop does sounds pretty > useless > > Just bitbin'ing spam does nothing to reduce spam You can report spam sent to a tuffmail account (or an account at any other ISP) to spamcop almost as easily as you can from a spamcop mail account. And you can choose not to report anything with an email account from any vendor. Spamcop reporting/DNSBL = unique, unmatched, and insanely great. Spamcop email account = pretty good, but doesn't have important features that vendors like sneakemail and tuffmail have. In fact, if you do a feature-by-feature comparison, there is, IMO, only one area where a spamcop email account beats a tuffmail email account (but it is a big enough advantage to me that I use a spamcop email account as my public email address); having "@spamcop.net" at the end of your email address tends to reduce your incoming spam load by scaring some spammers. G.M. From wb8tyw at qsl.network Fri May 5 13:50:47 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri May 5 12:55:02 2006 Subject: [SpamCop-List] Re: why our server got listed? In-Reply-To: References: Message-ID: D-W-S wrote: > Oleg Bulyzhin wrote on Thu, 4 May 2006 20:46:39 +0000 (UTC): > > >>As i mentioned above i'm talking about DSNs (which i incorrectly named >>bounce). Supressing DSNs is standard violation. _There are_ situations >>when you should accept mail and deliver it later. > > > Nobody wants you to suppress the DSN. What we (tinw) *do* want you to do > is rig your secondary MX such that the situation in which a DSN should > be sent no longer arises. > > LDAP goes a long way towards solving your problems. By using LDAP, your > secondary MX can have access to the user list on the primary MX, and > therefore REJECT (rather than bounce) messages sent to non-existent > users. No more backscatter. > > Admittedly, accounts over quota are another problem. However, I'm sure > that most of your problems are due to non-existent users. A new worm seems to have surfaced this week and already it is causing significant backscatter from e-mail systems that send DSN for no such users and over quota users. The last SOBER worm could cause a single mail domain sending DSNs for non-existent users to mailbomb an innocent victim at 40 messages per second for a period of 24 hours. The only pauses that I saw was when the system sending the DNS messages was listed by spamcop.net for it's mailbombing. The advent of these worms makes the idea of accept and bounce later obsolete. The SMTP mail system can no longer handle that amount of backscatter when a worm breaks out. The test.com domain a few years ago was a case where the backscatter was so high that it at least for a while knocked them off the internet. A mail server accepting e-mail from the public internet now has to make the decision as to accept the e-mail or not during the SMTP session. For a forwarding server, this means that it needs to know all the e-mail addresses that it is accepting e-mail for, and it needs to have a buffer for delivering to internal mail servers. At the time that a message comes in, the gateway SMTP server can do a probe to see if the destination SMTP mail server is up, and if it is not, it can reject the message with a 4xx SMTP code. If a mail server accepts a message for delivery and it can not be delivered, it should be directed to the human running the postmaster for manual disposition. Until the human running the postmaster account has handled that message for that e-mail address and resolved the non-delivery problem, all future e-mail for that e-mail address should be rejected with a 4xx SMTP code. This allows you to operate a forwarding mail server in compliance with the RFCs and with out generating backscatter. Also note that I saw reports on news.admin.net-abuse.email about spamhaus.org listing mail servers for backscatter before spamcop.net changed their policy to do so. -John wb8tyw@qsl.network Personal Opinion Only From nospam at eserverspace-is-evil.com Fri May 5 17:17:09 2006 From: nospam at eserverspace-is-evil.com (Steve Holmes) Date: Fri May 5 17:20:03 2006 Subject: [SpamCop-List] Re: (OT) Good Domain Registrars & Hosting Companies References: <445A5D22.DCE84955@eserverspace-is-evil.com> Message-ID: <445BC0D5.EDC2F959@eserverspace-is-evil.com> Thanks, all, for the recommendations. You've probably saved me a lot of money. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 Someone who hates spam wrote: > X-No-Archive: Yes > "Steve Holmes" wrote in message > news:445A5D22.DCE84955@eserverspace-is-evil.com... > > For my website, I'm looking for domain registrars and hosting companies > > that are affordable and white-hat. Website's not complictated. No flash, > > but will probably add film trailers or short films that take up a lot of > > space. Not sure that it matters, but I'm in Iowa. > > > > Thanks in advance. > > > > -- > > Steve Holmes > > Executive Producer > > "The New Ball Game" > > "RailFAN" > > 319-337-9507 > > > > We use www.liquidweb.com. Found them to be excellent value. > > They seem to stay out of the DNSBL's as well, as well as having good > anti-spam and DNSBL's included in their email systems - including spamcop. From / at /.cn Sat May 6 08:28:14 2006 From: / at /.cn (Petzl) Date: Fri May 5 17:30:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3fve8$r9m$1@news.spamcop.net... > > Petzl wrote... >> >> G|_|Y |\/|AC0|\| wrote... >>> >>>> For a spam proof/resistant email account the only effective one is >>>> http://www.spamcop.net/ces/individuals.shtml >>> >>> Nonsense. Spamcop is a good choice, but it is not the only effective >>> choice. It might not even be the best choice; Tuffmail has many useful >>> features that Spamcop lacks, for example. (That doesn't make them >>> better, >>> of course, what is important is whether your needs are addressed). >>> >>> http://www.tuffmail.com/features.php >> >> Not IMO!! >> >> Unless it notifies ISP's of caught spam as SpamCop does sounds pretty >> useless >> >> Just bitbin'ing spam does nothing to reduce spam > > You can report spam sent to a tuffmail account (or an account at any other > ISP) > to spamcop almost as easily as you can from a spamcop mail account. And > you > can choose not to report anything with an email account from any vendor. > Spamcop reporting/DNSBL = unique, unmatched, and insanely great. Spamcop > email > account = pretty good, but doesn't have important features that vendors > like > sneakemail and tuffmail have. > > In fact, if you do a feature-by-feature comparison, there is, IMO, only > one area where a spamcop email account beats a tuffmail email account > (but it is a big enough advantage to me that I use a spamcop email account > as my public email address); having "@spamcop.net" at the end of your > email > address tends to reduce your incoming spam load by scaring some spammers. > > G.M. SpamCop so far does not need extra features of tuffmail (why would you want to fix something not broken) SpamCop email sets-up the reporting so it'sVery Easy Reporting (VER) used (not a afterthought) Just a click of a mouse has all spam in your bulk folder selected and reported This ofeten stops the hole that spammer is crawling through Other pluses are that SpamCop allow efficient whitelisting which is missing in Tuffmail? The methods of tuffmail sorting spam will mean a very high false positive without whitelisting with a lot of legitimate email blended in with spam. SpamCop email also use spamassasin but with the very much needed and unique whitelist of one's own creation (not only email addresses but domains and even countries) Also they do not use the best and most accurate of Blocklists our very own SCBL which lists spammers as they try to send sam not aterwards and releasing that IP when spam stops. Other blocklists used by tuffmail just add to lists removal from lists is nt that effiecient And yes SpamCop email has even more to offer than is said here From / at /.cn Sat May 6 08:31:02 2006 From: / at /.cn (Petzl) Date: Fri May 5 17:35:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Gareth" wrote in message news:e3f2q4$a92$1@news.spamcop.net... > Many thanks for all your helpful responses. > My email address is probably quite vulnerable to dictionary attack as some > of you mentioned (gazza is a popular nickname in the UK!) but I know for > sure someone had it before me as I have had emails from companies to which > the previous owner had subscribed (eBay and the like). > I have other address which don't suffer so much spam and just created this > new one as a spare. Hence I will probably drop it as it is a chore to > report all this spam considering I don't really do anything else with the > address. > I had heard of some people having success in significantly reducing their > spam with spamcop so thought I'd try it to see if I could clean up this > address. > I've also heard of a program called Mailwasher which apparently generates > a bounce in response to spam in an attempt to convince the spammers the > address in invalid. I am a bit sceptical of this since a) I doubt whether > the spammers care about bounces and b) I worry if such bounces could be > detected as being false and thus validate the address. > Any comments on this would be appreciated. > Thanks > > Gareth Mail washer is a good option (not as good as SpamCop email) just turn the "bounce annoyance" off From nobody at devnull.spamcop.net Fri May 5 16:22:57 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Fri May 5 18:25:04 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: Petzl wrote... > SpamCop email sets-up the reporting so it'sVery Easy Reporting (VER) used > (not a afterthought) Just a click of a mouse has all spam in your bulk > folder selected and reported This ofeten stops the hole that spammer is > crawling through > Other pluses are that SpamCop allow efficient whitelisting which is > missing in Tuffmail? "Any user configured restrictions, can be bypasssed with a user controlled Allow list entry for the full envelope sender address, the envelope sender domain, the client IP address, or a CIDR network." http://www.tuffmail.com/fixed-policy.php SpamCop FAQ : SpamCop Mail Service : FAQ about the Personal Blacklist and Whitelist : What headers are checked? The following headers are checked against the whitelist Envelope Sender aka Return Path From: Sender: http://www.spamcop.net/fom-serve/cache/303.html > The methods of tuffmail sorting spam will mean a very high false positive Evidence, please. > without whitelisting with a lot of legitimate email blended in with spam. > SpamCop email also use spamassasin but with the very much needed and > unique whitelist of one's own creation (not only email addresses but > domains and even countries) "Tuffmail spam scoring is based on the SpamAssassin(tm) Open Source software. Scoring may be enabled or disabled and score thresholds set for an address, for a domain, or for the account. Allow/Deny lists can be created for an individual address, for a domain, or for the account." http://www.tuffmail.com/filter.php > Also they do not use the best and most accurate of Blocklists our very own > SCBL which lists spammers as they try to send sam not aterwards and > releasing that IP when spam stops. SCBL is part of the Spamassassin scoring and can be given a high weight if you wish. Search on "BL_SPAMCOP_NET" at http://www.tuffmail.com/scores.php > Other blocklists used by tuffmail just add to lists removal from lists is > nt that effiecient I realize that humans tend to have a certain amount of "brand loyalty" and can get quite upset with any discussion that hints at their favorite software / servbice / sports team / nation / etc. not being perfect, but you are no only claiming that spamcop is the best possible mail service but also that the SCBL is the best possible DNSBL. Different DNSBLs have different goals and purposes. > And yes SpamCop email has even more to offer than is said here Like the inability to block an IP address? Or to generate a new email address for every webform you fill out? Or to graylist? Or to use "-" on those brain-dead systems that won't let you put "+" in your email address? Or to set the MX records for your domain to point to spamcop-provided relay servers? As I said, Spamcop email is a fine system - better than most. It is the one I use. From raoul at somoen.com Fri May 5 23:25:35 2006 From: raoul at somoen.com (raoul@someone.com) Date: Fri May 5 22:30:07 2006 Subject: [SpamCop-List] Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Hi all, So one of my domains is being forged by some spammer. In this thread there was a question about sending NDRs in to SpamCop - is that acceptable / practical? I am tempted to break it intentionaly for a few days. I could use suggestions other than sending out spam myself(!) Perhaps there could be a blacklist for domain owners that want to blacklist themselves for a few days to discourage domain spoofing... "WazoO" wrote in message news:e36n5d$393$1@news.spamcop.net... > "Andy" wrote in message > news:e358h6$5pi$1@news.spamcop.net... >> >> 3. At the end of the day would anyone actually follow this up or would I > be >> wasting my time? The scammer may make a few bucks but he won't be >> retiring >> on the proceeds of this one. > > If you want to believe the "bragging" ..... > > http://spamkings.oreilly.com/archives/2006/03/stock_spammers_stung_by_secret.html#trackbacks > "According to the February 17 complaint, Moeller boasted to a fellow > spammer > (working for the feds as a confidential informant or CI) that he and > Vitale > were making $40,000 per week sending spam that touted shares of small-cap > stocks -- a practice known as pump-and-dump spamming. The two operated a > company called Viatelecom aka Via Telecom LLC to do their stock deals. > > In an April, 2005 instant message conversation with the CI, Moeller > claimed > that he had 40 servers for sending spam, as well as 35,000 "peas" or > proxies > to disguise the true origin of the spams. He said he exclusively spammed > AOL > members and boasted he could send millions of spams per hour, with less > than > 20 percent getting caught in AOL's spam filters." > > From scamper at trisk.com Fri May 5 21:55:24 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Fri May 5 23:00:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: raoul@someone.com wrote: > Hi all, > > So one of my domains is being forged by some spammer. > > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? > > I am tempted to break it intentionaly for a few days. I could use > suggestions > other than sending out spam myself(!) Perhaps there could be a blacklist for > domain That is what SPF (Sender Policy Framework) does. You don't have to blacklist yourself, you just publish what IP's can be used in combination with your domain name. Every other possible combination is thus blacklisted by those who honor SPF records. For more info on SPF see: http://www.openspf.org/ > owners that want to blacklist themselves for a few days to discourage domain > spoofing... > >[snip] -- Garen From / at /.cn Sat May 6 14:01:23 2006 From: / at /.cn (Petzl) Date: Fri May 5 23:05:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3gj81$7g1$1@news.spamcop.net... > > Petzl wrote... [S] >> And yes SpamCop email has even more to offer than is said here > > Like the inability to block an IP address? Or to generate a new email > address > for every webform you fill out? Or to graylist? Or to use "-" on those > brain-dead systems that won't let you put "+" in your email address? Or > to > set the MX records for your domain to point to spamcop-provided relay > servers? > > As I said, Spamcop email is a fine system - better than most. It is the > one I use. http://www.spamcop.net/ces/individuals.shtml versus http://www.tuffmail.com/features.php Well I suppose some thing's are not "everyone's cup of tea" Not found other "tack-ons" yet necessary You already use SpamCop as do I (Which can also retrieve & accurately filter email from existing providers, as well as Hotmail Yahoo etc) The major strength with SpamCop email is it accurately sorts my spam from my legit email and then attacks the spammer/s who tried to spam me in the first place. Often being used by various authorities to help track down spammers It is the only email I have used since last century which has proved itself bullet proof While you might get fluffed up about other gee whiz ideas in email service? SpamCop email is still proving to me it is much more than adequate and no need for a new broom yet. SpamCop email & SpamCop is always continuously improving as, when and often before needing to Petzl -- Check your computers security (free) From nttp.sc.s at bigsleep.org Sat May 6 04:15:48 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri May 5 23:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3h37a$f9l$1@news.spamcop.net: > That is what SPF (Sender Policy Framework) does. You don't have to > blacklist yourself, you just publish what IP's can be used in > combination with your domain name. Every other possible combination is > thus blacklisted by those who honor SPF records. > That's only useful if you have control over your DNS text records for your domain, and you know the outgoing mail servers that any user of your domain might use. That's only part of the problem with SPF, and you almost never want to use SPF-Fail (If you can even figure it out from their documentation). -- | Ric | From MikeE at ster.invalid Fri May 5 21:17:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri May 5 23:20:12 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: raoul@someone.com wrote: > So one of my domains is being forged by some spammer. You haven't made your issue perfectly clear. > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? Maybe you are talking about, combining the fact that you are 'thinking about' an address being forged, presumably in the From, and you are also 'thinking about' something sending something, presumably a server initiating a newmail addressed to a bogus From, none of which has been mentioned by you yet, the following... Then or therefore, if some server is newmailing you a delivery status notification failed or DSN to some bogus From, then, if the question about /that/ is if such a newmail addressed to a bogus From is 'acceptable', as opposed to reportable, then the answer is "No." Or to manufacture a complete story all by myself who is guessing at what you are not saying, "Can I report an abusive email which I receive from a server which is creating a newmail addressed to my bogus From as a delivery status notification failed - because that server accepted a mail for delivery with my addy as a bogus From and then chose to notify the bogus From about it with a DSN failed?" Then the ansewr is "Yes." Notice how much words I am having to make up for myself here because your words are ambiguous. If that 'acceptable' sentence is asking, "Can I spamcop report a server which is emailing me delivery status notifications failed because my addy or domain addy has been forged into a bogus From and that server is accepting mails which are undeliverable which have my domain/addy in the From, and then newmailing me about it." Then, the answer would be "Yes." If the question is something else which hasn't yet been made clear here, then you will have to ask that question more clearly and distinctly. > I am tempted to break it intentionaly for a few days. I could use > suggestions I have no idea what those words mean. > other than sending out spam myself(!) I have no idea what those words mean. > Perhaps there could be a > blacklist for domain > owners that want to blacklist themselves for a few days to discourage > domain spoofing... And I have no idea what those words mean. -- Mike Easter kibitzer, not SC admin From scamper at trisk.com Fri May 5 22:43:26 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Fri May 5 23:45:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3h37a$f9l$1@news.spamcop.net: > >> That is what SPF (Sender Policy Framework) does. You don't have to >> blacklist yourself, you just publish what IP's can be used in >> combination with your domain name. Every other possible combination is >> thus blacklisted by those who honor SPF records. >> > > That's only useful if you have control over your DNS text records for your > domain, and you know the outgoing mail servers that any user of your domain > might use. This is not an insurmountable problem. Every domain owner potentially has such control since only the domain owner can point their domain at any given DNS. A domain owner doesn't have to use the DNS services of their provider. Even if they do choose to use their provider, a simple phone call to tech support with instructions on what to include in an SPF record will generally suffice. As for outgoing mail servers the protocol is very flexible. There are lots of ways to specify acceptable outgoing servers besides using numeric ranges. A bit of testing can figure it out. > > That's only part of the problem with SPF, and you almost never want to use > SPF-Fail (If you can even figure it out from their documentation). > Well I can only speak for myself, but I have been using SPF now for over a year and have yet to see a case where rejecting an email that failed an SPF check caused any problems. For me at least it solved far more problems that it might potentially have caused. Thousands of sites use it with no problems. The only problems it might cause that I am aware of are for relay servers, and there are workarounds for those situations that which are discussed in the protocol. I had no problem figuring it out. I have had no problem using SPF "fail" myself, and configuring to reject messages that fail an SPF check. -- Garen From nttp.sc.s at bigsleep.org Sat May 6 05:14:46 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 00:15:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3h61b$gll$1@news.spamcop.net: > Thousands of sites use it with no problems. The only problems it might > cause that I am aware of are for relay servers, and there are > workarounds for those situations that which are discussed in the > protocol. > A "workaround" fix for broken software is not acceptable except for those use that software. SPF is broken and they expect everyone else to fix it. And I have seen complaints to ISPs that use SPF records, from their users, probably because they were using SPF-Fail, but then again you never know these days why someone might reject your mail. -- | Ric | From scamper at trisk.com Fri May 5 23:53:38 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 00:55:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3h61b$gll$1@news.spamcop.net: > >> Thousands of sites use it with no problems. The only problems it might >> cause that I am aware of are for relay servers, and there are >> workarounds for those situations that which are discussed in the >> protocol. >> > > A "workaround" fix for broken software is not acceptable except for those > use that software. SPF is broken and they expect everyone else to fix it. How do you define "broken"? The Internet is constantly evolving. I have rarely seen a piece of software that wasn't "broken" such that it didn't ever require a fix or workaround, or update, or patch, or tweak, or whatever to make it work the way you wanted it to work. New protocols can cause problems when getting them to interface with older protocols. This doesn't mean the new protocol is broken, nor does it mean the old one is. It can make them somewhat incompatible without adjustments and compromises being made. Sometimes making the time to do such adjustments is more desirable than doing nothing. The SPF protocol is still in RFC Draft form. So is DKIM-Signature: and Domainkey-Signature: (a trial run of DKIM). Yet people are making use of the protocols, software has been and is being developed and improved, the protocols are being discussed and updated, eventually I'm sure that in the not to distant future, full fledged RFC's will be issued. IMHO, in the case of SPF, the benefits of using SPF now, far outweigh the hassle of making the necessary software adjustments or attitude adjustments, or waiting until RFC's are issued. This is especially true if you are a victim of having your domain name forged into the from lines of spam. I have have been the victim of such forgery, and when searching for a solution I found SPF. I chose along with many other sites to adopt it early. Speaking from experience here, it had the effect almost immediately of cutting down to a trickle the amount of DSN (Delivery Status Notification) emails I had been getting prior to that. I'm sure if I disabled the record, I would soon have a ton of DSN's to deal with again instead of the one or two a week I see now from sites that haven't implemented SPF. I used to get hundreds a day prior to implementing SPF. It was almost as big a problem as spam was before implementing SPF. > > And I have seen complaints to ISPs that use SPF records, from their users, > probably because they were using SPF-Fail, but then again you never know > these days why someone might reject your mail. That is possible, but I have never personally seen any complaints about SPF. If I ever do, I'll deal with that situation as appropriate. Admittedly there is a learning curve with it, and if it's mis configured it can potentially cause horrendous problems. The same can be said of a lot of networking software. :-) > From scamper at trisk.com Sat May 6 00:32:42 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 01:35:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Garen Erdoisa wrote: >[snip] > The SPF protocol is still in RFC Draft form. So is DKIM-Signature: and > Domainkey-Signature: (a trial run of DKIM). Yet people are making use of > the protocols, software has been and is being developed and improved, > the protocols are being discussed and updated, eventually I'm sure that > in the not to distant future, full fledged RFC's will be issued. I'll have to make one correction to myself here. I just checked the status of the RFC and found that the SPF RFC is no longer in Draft form. An experimental RFC was issued 4/28/2006. http://www.ietf.org/rfc/rfc4408.txt >[snip] -- Garen From nttp.sc.s at bigsleep.org Sat May 6 07:02:02 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 02:05:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3ha4v$ir6$1@news.spamcop.net: > How do you define "broken"? > It's common knowledge, they say it right on their site. They may have fixed it in the last year, but I doubt it as you indicated the problem still exists. Besides all that, SPF doesn't check the From header anyway, as far as I know, so it's pretty easy to get around, as all the PayPal phish proves. -- | Ric | From scamper at trisk.com Sat May 6 01:32:36 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 02:35:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3ha4v$ir6$1@news.spamcop.net: > >> How do you define "broken"? >> > > It's common knowledge, they say it right on their site. They may have fixed > it in the last year, but I doubt it as you indicated the problem still > exists. > > Besides all that, SPF doesn't check the From header anyway, as far as I > know, so it's pretty easy to get around, as all the PayPal phish proves. > The "classic" SPF version checks the envelope from and falls back to checking the HELO strings for forgeries. If a test is inconclusive SPF allows the mail to pass on through. AFAIK It was never intended for SPF to check the From: header given in the message data because to do so you first have to accept the data. DSN's are typically sent to the return path as given in the envelope from, which is not necessarily the same as the path in the From: header. Also note that it's only when a test is conclusive as a fail that a message should be rejected during the SMTP transaction. That policy is up to the mail administrator. They can accept and tag emails that fail an SPF check if they so choose. There are several competing protocols right now which are in development and address the various aspects of sender forgery and there is an ongoing technical effort to resolve the conflicts between the competing protocols. So what else is new? :-) From nttp.sc.s at bigsleep.org Sat May 6 08:15:50 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat May 6 03:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 05 May 2006, - Garen Erdoisa entered spamcop and left news:e3hfuh$lmp$1@news.spamcop.net: > AFAIK It was never intended for SPF > to check the From: header given in the message data because to do so you > first have to accept the data. > ... I know that, but the common response to "someone's forging my domain" is "get SPF", which doesn't exactly stop anyone from forging your domain. It won't even stop many bounces since most of us try not to bounce anyway (I mean, you expect servers that bounce to use SPF?). > > That policy is up to the mail administrator. They can accept and tag > emails that fail an SPF check if they so choose. Well that's what its good for. Why not expand on that and have a "SMTP=Yes" or "SMTP=No" text record for PTRs? Put authenticated senders in the Received header? Some DNSBLs I tag, but if it's in two I reject, math works too. -- | Ric | From spam at nospam.org Sat May 6 12:24:23 2006 From: spam at nospam.org (Andy) Date: Sat May 6 05:30:11 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: "Mike Easter" wrote in message news:e3h4g8$g1c$1@news.spamcop.net... > raoul@someone.com wrote: > > > So one of my domains is being forged by some spammer. > > You haven't made your issue perfectly clear. Mike, I think you're working on a higher level than us mere mortals. It seemed pretty clear, although highly impractical, to me. The guy's domain is yet another victim of backscatter due to spam sent out with a bogus From address. What he wants to do is blacklist his own domain so that spam sent from any bots around the world would be killed at source, hopefully discouraging the spammer from using his domain in bogus addresses in future. The comment about sending out spam was a tongue in cheek reference to a way to get his domain blacklisted. Andy From g.hyde at bigpond.net.au Sat May 6 23:26:49 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat May 6 08:30:03 2006 Subject: [SpamCop-List] Bogus listserv email. Message-ID: http://www.spamcop.net/sc?id=z936376658zfa06d5d13a07782bc9de59bae83622f5z This one appears to be from some listserv or mailing list server, and yet resolves to somwhere in the .in domain. Other than the listserv's supposed unsubscribe link, it seemed like most of the usual spam email junk. Full of advertising rubbish. This one was reported, since I never subscribed to their list junk, and it also apparently has been sent through an open proxy. I am wondering if that .info domain should have resolved to somewhere. Anyone care to speculate if it's worthwhile doing a manual report for the domain? Cheers ... Geoffrey Hyde From MikeE at ster.invalid Sat May 6 07:18:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:20:03 2006 Subject: [SpamCop-List] Re: Bogus listserv email. References: Message-ID: Geoffrey Hyde wrote: > I am wondering if that .info domain should have resolved to somewhere. > Anyone care to speculate if it's worthwhile doing a manual report for > the domain? fakcvb.theworldset.info DNS 148.247.195.109 148.247.195.109 rDNS gluon.mda.cinvestav.mx spamhaused as the /32 rokso yambo financials since May 6 The provider cinvestav.mx is a /16 and has that one spamhaus listing If the provider isn't responsive to the spamhaus listing, it isn't going to be responsive to your manual notify or a SC courtesy notice - or you could take the attitude that the recent spamhaus listing is sufficient motivation, you don't need to further notify manually. There are many different tools you can use to resolve spamvertiser url or even study why SC didn't resolve it. SC also can't resolve that name if plugged nakedly into the parser, suggesting maybe SC is blocked. The other alternative is that the nameservice gets a D minus timing score at dnsstuff and takes over 300 ms to answer. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat May 6 07:29:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:30:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Andy wrote: > "Mike Easter" >> raoul@someone.com wrote: >> >>> So one of my domains is being forged by some spammer. >> >> You haven't made your issue perfectly clear. > The guy's domain is yet another victim of backscatter due to spam > sent out with a bogus From address. I figgered that's what he was probably saying. > What he wants to do is blacklist > his own domain so that spam sent from any bots around the world would > be killed at source, hopefully discouraging the spammer from using > his domain in bogus addresses in future. If you think that's what he meant, or if that /was/ what he meant, it is no wonder that I could not imagine what he was saying. He wasn't speaking a language I can understand. I can't even imagine it when you are saying it more clearly or rather /distinctly/, rather than clearly. Because it isn't clear even when you say it distinctly. That is not just a dumb idea, it is an idea which has no foundation whatsoever in logic or mechanics, making it a ridiculous idea, actually not an idea at all. In the first place, how would you blocklist a domainname? That is, how would you go about doing that? Wbat blocklist? Almost nothing blocks on domainnaame even as the *source*, and nothing whatsoever, with the possible exception of some daft end user, blocks their email based on the From. > The comment about sending out spam was a tongue in cheek reference to > a way to get his domain blacklisted. I see. First he speaks in inanities, then he compounds the inanity with facetiousness. I think I would have been better of without having it translated for me. Thanks. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat May 6 07:31:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 09:35:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Mike Easter wrote: > I see. First he speaks in inanities, then he compounds the inanity > with facetiousness. I think I would have been better of without > having it translated for me. Thanks. Oops. That was supposed to have some kind of smiley on it, wry or otherwise :-/ s/of/off ... I would have been better off.... -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Sat May 6 12:34:56 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat May 6 11:35:09 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Garen Erdoisa wrote: > > Well I can only speak for myself, but I have been using SPF now for over > a year and have yet to see a case where rejecting an email that failed > an SPF check caused any problems. For me at least it solved far more > problems that it might potentially have caused. If the postmaster where I pick up my e-mail from implements SPF to reject alleged forwarding, I would lose a significant portion of my e-mail. One of my public e-mail addresses is a forwarding service, and SPF specifically breaks such forwarding services because they all they add is a header line, and do not rewrite the other parts of the header. The "solution" described by the SPF is to require replacement of the software in use by the mail forwarding service. I have seen posted several times on the DSBL and other mailing list archives that the RFCs require all systems connected to the public internet to have a working rDNS. Considering that a strict rDNS check foils more spam attempts than SPF does, and can not be implemented because there are a few popular networks that can not take the 15 minutes to correct their rDNS, an anti-spam system that requires a modification or replacement to RFC compliant mail processing systems owned by others is not a good solution. If you run a small domain where you personally know all the users and where they get their e-mail from, you can safely implement SPF to reject spam/backscatter. For the large domains that are proposing/promoting it, they do not seem to care how many of their users that they are breaking e-mail reception for. Now as far as your backscatter problem: Can you modify your DNS server to respond differently to the I.P. addresses of the few mail servers generating the backscatter? If so, present them with an MX record resolving to 127.0.0.1, it will eventually eliminate the backscatter from those servers. -John wb8tyw@qsl.network Personal Opinion Only From me at privacy.net Sat May 6 18:00:14 2006 From: me at privacy.net (Michael R N Dolbear) Date: Sat May 6 13:05:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: <01c67125$0e287960$LocalHost@default> Mike Easter wrote [...] > on domainnaame even as the *source*, and nothing whatsoever, with the > possible exception of some daft end user, blocks their email based on > the From. Me! Me! Me! You don't, I think, read the forum, but under "how to use Spamcop mail features" "personal blacklist" I noted that I block mail that says it comes from ebay.com, paypal.com and some others (I have just added chase.com and irs.gov). Some other users have taken the idea up. The fraudsters whose emails I wish to block *have* to use plausible Froms and so I exploit that. -- Mike D From edb2000 at spamcop.net Sat May 6 11:51:02 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 13:55:02 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: G|_|Y |\/|AC0|\| wrote: > having "@spamcop.net" at the end of your email > address tends to reduce your incoming spam load by scaring some spammers. While it is impossible to know how many spammers are scared off by the @spamcop.net, I have numerous examples showing that by no means are all of them put off by it. -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Sat May 6 13:05:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 15:05:04 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: <01c67125$0e287960$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Mike Easter >> nothing whatsoever, with the >> possible exception of some daft end user, blocks their email based on >> the From. > > Me! Me! Me! > > You don't, I think, read the forum, but under "how to use Spamcop mail > features" "personal blacklist" I noted that I block mail that says it > comes from ebay.com, paypal.com and some others (I have just added > chase.com and irs.gov). Some other users have taken the idea up. > > The fraudsters whose emails I wish to block *have* to use plausible > Froms and so I exploit that. Exploit? How about mis-tag? I just looked back thru' my collection of legitimate mail and I have lots of goodmail items from ebay and paypal. Whitelisting Froms isn't a bad idea. Blacklisting From domains seems like an idea fraught with the possibility of false positives. Then you get to deal with what you do with your positives and how much you like digging thru' your spam to find the occasional false positive. Sometimes having a bright idea about how to block something isn't such a bright idea after all. My experience with phishes is that they are mostly sourced from listed open proxies. I would much rather tag as spam something coming from an open proxy than something coming from a paypal or ebay.address. I think the best kind of filter is one which never has a false positive ever, even if an occasional spam leaks thru'. Creating a filter tag which might possibly have a false positive is not a good strategy in my opinion. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Sat May 6 13:07:34 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 15:10:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Mike Easter wrote: > In the first place, how would you blocklist a domainname? If you have control of the DNS zone, maybe something like this: domain.name. 3H IN A 127.0.0.1 domain.name. 3H IN MX 10 127.0.0.1 Might result in lots of "loops back to myself" errors, but should prevent backscatter email. [might interfere with other uses of the domain name besides email, though] :-) -- Don Wannit A paid SpamCop user since 1999 From MikeE at ster.invalid Sat May 6 13:26:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat May 6 15:30:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: Don Wannit wrote: > Mike Easter wrote: > >> In the first place, how would you blocklist a domainname? > > > If you have control of the DNS zone, maybe something like this: That's actually not how I meant what I said. > domain.name. 3H IN A 127.0.0.1 > domain.name. 3H IN MX 10 127.0.0.1 > > Might result in lots of "loops back to myself" errors, > but should prevent backscatter email. [might interfere > with other uses of the domain name besides email, though] My question didn't really mean block it for yourself, I was trying to say "How would some individual 'cause' a particular domainname to get onto some publicly available and widely used blocklist which is made of domainnames?" The inane original 'question' [if you can call the absurd notion a question] was about the OP wanting their domainname to somehow be blocked by great numbers of recipient servers so that those recipient servers couldn't possibly accept the items and then generate a newmail delivery status notification to the bogus From. So, the notion would 'require' that somehow 'magically' there would be a blocklist widely used by servers which blocklist was made of domainnames, and thus all of these servers using this imaginary blocklist wouldn't be bothering the OP with their backscatter. I can't believe we are discussing the original post. -- Mike Easter kibitzer, not SC admin From spam at nospam.org Sun May 7 00:00:48 2006 From: spam at nospam.org (Andy) Date: Sat May 6 17:05:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: "raoul@someone.com" wrote in message news:e3h1f2$egc$1@news.spamcop.net... > In this thread there was a question about sending NDRs in to SpamCop - > is that acceptable / practical? > This was part of the original question that I posed but was never answered. However, the answer is 'yes', sending misdirected bounces to SpamCop is legitimate behaviour. The administrator of the bounce server will get a report suggesting that he/she reconfigure the server to reflect the realities of the 21st century. > I am tempted to break it intentionaly for a few days. I could use > suggestions > other than sending out spam myself(!) Perhaps there could be a blacklist for > domain > owners that want to blacklist themselves for a few days to discourage domain > spoofing... > I just discovered that my ISP has a well hidden option to drop all incoming DSNs to my domain, instantly stopping the backscatter. The downside is that valid bounces are also dropped but this is a small price to pay for the reduced admin load. Now there should only be the really helpful 'you are a dirty spammer' mails coming to my 'abuse' mailbox to deal with. Obviously this is only treating the symptom not the disease but it's definitely boosted my kharma. Andy From edb2000 at spamcop.net Sat May 6 15:44:17 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 17:45:02 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: G|_|Y |/|AC0||" " wrote: > Alas, > there are a huge number of spammers that pump out email without > even minimal listwashing such as removing duplicates or domains > that don't exist. Or even postmaster@ or abuse@ (I'm sure those recipients have a very HIGH rate of response to spam...) -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Sat May 6 15:47:51 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat May 6 17:50:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Andy wrote: > I just discovered that my ISP has a well hidden option to drop all incoming > DSNs to my domain, instantly stopping the backscatter. The downside is that > valid bounces are also dropped but this is a small price to pay for the > reduced admin load. Now there should only be the really helpful 'you are a > dirty spammer' mails coming to my 'abuse' mailbox to deal with. For that matter, anyone who can use procmail or other mailhost-side mail processor, or even subject-based mail filtering on their mail-reading agent, has similar ability. If you don't care about valid bounces (for suitable definition of "valid"), then just filter all incoming DSN's to /dev/null or the Trash mailbox, as appropriate. -- Don Wannit A paid SpamCop user since 1999 From scamper at trisk.com Sat May 6 17:28:04 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 18:30:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Garen Erdoisa wrote: >> >> Well I can only speak for myself, but I have been using SPF now for >> over a year and have yet to see a case where rejecting an email that >> failed an SPF check caused any problems. For me at least it solved far >> more problems that it might potentially have caused. > > If the postmaster where I pick up my e-mail from implements SPF to > reject alleged forwarding, I would lose a significant portion of my e-mail. This can indeed happen if the postmaster does not follow the recommendations put forth on how to resolve issues like this for forwarding email servers as part of his implementation. That is not the fault of SPF, that is an administration issue for that one site and situation. The recommended solution for those who wish to implement SPF is to re-write the envelope sender address as part of the forwarding process so the forwarded mail isn't rejected due to an SPF failure. This is a trivial task that can be done with a handful of lines of procmail code and a cronjob. It isn't rocket science. > > One of my public e-mail addresses is a forwarding service, and SPF > specifically breaks such forwarding services because they all they add > is a header line, and do not rewrite the other parts of the header. That is not the fault of the SPF protocol. If they are not following the recommendations even that much, that is just being lazy. > > The "solution" described by the SPF is to require replacement of the > software in use by the mail forwarding service. That is one possible scenario yes. There are other means to accomplish the same task without having to replace much in the way of existing software. > > I have seen posted several times on the DSBL and other mailing list > archives that the RFCs require all systems connected to the public > internet to have a working rDNS. I've heard that also, but I have yet to find the relevant RFC's. Admittedly I have not looked that hard for that particular one since it is of no concern to me. All my hosts have correct working rDNS and have since the day they went online, so it's not really a piece of information I've been all that motivated to find. :-) > > Considering that a strict rDNS check foils more spam attempts than SPF > does, and can not be implemented because there are a few popular > networks that can not take the 15 minutes to correct their rDNS, an Strict rDNS checks can also foil legitimate email. China is a good example. They use their own root name servers so it's rare that you'll find an IP hailing from China that has an rDNS mapped to anything on our name servers other than for required ISP roll accounts. I receive a lot of spam attempts from China. I block all of China also, because I don't know anyone there, and have no desire to establish any business relationships with anyone there. However that does not mean that there is never any good mail out of China. I'm sure there is quite a lot, hopefully more good mail than spam. If it weren't for the continual spam attempts from that geographical area, I would remove the block. > anti-spam system that requires a modification or replacement to RFC > compliant mail processing systems owned by others is not a good solution. I have a problem with your logic here, see below. > > If you run a small domain where you personally know all the users and > where they get their e-mail from, you can safely implement SPF to reject > spam/backscatter. Yes. You an also do the same for a large ISP, or MSP, or mail forwarding service, or list mail servers, etc. The issues that have been raised are not insurmountable. IMO, it's a relatively trivial administration task. Once it's setup and working properly it requires little maintenance. > > For the large domains that are proposing/promoting it, they do not seem > to care how many of their users that they are breaking e-mail reception > for. I doubt that. I think that businesses do care very much what their clients think and believe and go to great lengths to make their clients happy. Especially so when they find out their clients are unhappy with some aspect of their business relationship. The old business motto comes to mind. Happy customers are repeat customers, and repeat customers are what keeps a business alive. People who choose to implement SPF do so for a reason. It's not something they do willy nilly for no reason at all. I certainly would not have done so myself if I didn't have a damn good reason. That reason was that I absolutely needed a way to discourage spammers from forging my domain into the from headers of their spams. My site was under such abusive attacks and harassment for several months over a year ago before I stumbled on SPF as a possible solution. I knew it was a draft then, but chose to implement it early out of necessity. It did solve that particular problem for my case. > > Now as far as your backscatter problem: > > Can you modify your DNS server to respond differently to the I.P. > addresses of the few mail servers generating the backscatter? > > If so, present them with an MX record resolving to 127.0.0.1, it will > eventually eliminate the backscatter from those servers. Yes I am quite capable of modifying source code of software to change it's functionality. However I have 2 problems with this approach. 1) You stated above that in your opinion you thought that it was not to your liking that SPF would require software updates of software owned by others in order to implement the RFC properly for forwarders. Now here you are recommending that I hack my own DNS servers in order to trick the sending servers into sending the DSN notices to their own localhost postmaster accounts. This tantamount to fighting abuse with abuse, and is at the same time recommending that I (and possibly others) modify software to solve a spam problem. It doesn't really look all that good when you state in one paragraph that you are against the SPF requirement that software be modified to fully implement their solution, then turn right around and suggest that I modify my software to implement your alternate solution, without even an RFC draft in hand? Also I do believe that your suggestion (while admittedly funny in practice) *would* violate the RFC's relevant to good DNS management. It would violate net etiquette in the sense that you would have me have my DNS servers actually lie about the addresses assigned to my MX. It would violate my own sense of ethics as well, and it would not necessarily solve the problem. I think that it would at most just hide it from view. 2) Such modification of DNS software if this became a general practice could also be used to abuse other servers. You don't have to set the record to 127.0.0.1, in theory it could be set to *any* IP address. This would also be tantamount to net abuse in it's own right. I have never seen or heard of any such project being seriously proposed for use on the Internet to fight spam. In any case, the Internet is a constantly changing community of cooperating networks. One of the problems with spam is that senders forge addresses. SPF is one of several solutions proposed to deal with that. SPF is not and never was intended to be the solution to end spam. It is only supposed to help deal with MAIL FROM: forgery and HELO forgery. If it's used properly, I think that it does it's job quite well. Thank you for sharing your thoughts. :-) Be well >[snip] -- Garen From scamper at trisk.com Sat May 6 18:04:12 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sat May 6 19:05:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 05 May 2006, - Garen Erdoisa entered spamcop and left > news:e3hfuh$lmp$1@news.spamcop.net: > >> AFAIK It was never intended for SPF >> to check the From: header given in the message data because to do so you >> first have to accept the data. >> ... > > I know that, but the common response to "someone's forging my domain" is > "get SPF", which doesn't exactly stop anyone from forging your domain. It > won't even stop many bounces since most of us try not to bounce anyway (I > mean, you expect servers that bounce to use SPF?). SPF is a viable solution to such forgery. It's a perfectly valid answer to suggest adopting SPF as an answer to such a question. I agree with you that SPF will not stop header forgery. However it does provide a mechanism that mail administrators can use to detect such header forgery and make a decision on the spot to accept or reject email during the SMTP transaction based on that test before accepting the data. Servers that bounce have other more serious issues. SPF might or might not help with that. I think that their administrators still have to ultimately take responsibility for and fix the underlying issues that are generating the bounce messages in the first place even if they adopt SPF. > >> That policy is up to the mail administrator. They can accept and tag >> emails that fail an SPF check if they so choose. > > Well that's what its good for. Why not expand on that and have a "SMTP=Yes" > or "SMTP=No" text record for PTRs? Put authenticated senders in the > Received header? Some DNSBLs I tag, but if it's in two I reject, math works > too. That is effectively what SPF does. It states "SMTP = yes for these IP's, SMTP = no for everything else." I also use DNSBL's here. Spammers can publish SPF records too. This doesn't make any difference to me if they do or not. I actually hope they will because it makes them that much easier to block. What it does do is allow *me* to state *what* servers are allowed to send mail using *my* domain name in the envelope sender. As far as SPF relates to me and how I use it that is all I really care about what it does. The flip side to that is that I also honor (out of common courtesy) the SPF policies of others who publish their policy, thus rejecting mail that fails the test. Both are my choices. You don't have to implement SPF if you don't want to. SPF compliant mail servers will not reject your mail if you don't publish an SPF policy. They may reject it for other reasons, but that's another issue. Remember, SPF is an experimental protocol. According to what I read last night it looks like it is going to remain in the experimental state for at least 2 more years. Since you obviously feel so strongly about it, might I suggest that you join the forums that discuss the protocol and voice your feelings there as well? Perhaps those that are more enlightened than I can sway you, or perhaps you can sway them. :-) -- Garen From nobody at devnull.spamcop.net Sat May 6 21:59:02 2006 From: nobody at devnull.spamcop.net (POP) Date: Sat May 6 21:00:03 2006 Subject: [SpamCop-List] OT: Re: why our server got listed? References: Message-ID: ... > > > I predict that we will see no answer to the above from Oleg > Bulyzhin... :) > > > I don't really care what you predict, nor do I have any interest in your apparent wish to act so trollish in so many ways. If you're not a troll, you should brush up on your interpersonal skills a bit, and if you are a troll, well ... . Not going to debate; have nothing further to say unless you wish to act upon on-topicality in your posts and to proceed with a more realistic attitude. If you want to be read, you need to have a point, and a bit of intelligence in the content of your posts. Pop From nobody at spamcop.net Sat May 6 19:24:33 2006 From: nobody at spamcop.net (N. Miller) Date: Sat May 6 21:30:01 2006 Subject: [SpamCop-List] Re: why our server got listed? References: Message-ID: <15rk4rco7kev5.dlg@news.spamcop.net> On Thu, 4 May 2006 17:45:16 +0000 (UTC), Oleg Bulyzhin wrote: > Correct me if i'm wrong: server may be listed if (and due to!) it does > conform rfc822 (i.e. will send bounce)? And you can avoid this if you violate > this part of rfc822? AFAIK, RFC 2822, as well its predecessor, RFC 822, does not _require_ an SMTP server to accept email. An SMTP server which can't determine that it can't deliver email to a given email address, should not accept email to that email address. Period. If the server can't be configured to verify that received email is deliverable, it _should_ refuse to handle that email during the SMTP transaction. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Sun May 7 02:33:53 2006 From: nobody at spamcop.net (RandallW) Date: Sun May 7 04:35:12 2006 Subject: [SpamCop-List] contact info for yesnic.com Message-ID: Anyone know an e-mail addres for yesnic.com? From MikeE at ster.invalid Sun May 7 08:02:26 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 10:05:02 2006 Subject: [SpamCop-List] Re: contact info for yesnic.com References: Message-ID: RandallW wrote: > Anyone know an e-mail addres for yesnic.com? Yesnic is a registrar for domainname registration. They have a website. If you want to register a domainname with them you can go thru' the website. If you have some other purpose for contacting them, that purpose would affect what contact address to use. Typically if you are going to 'complain to' -- or rather /notify/ a domainname registrar because you are unhappy about something that a domainname registrant did, such as provide bad contact information, you should do that thru' internic because that way internic 'watches over' the registrar about their responsiveness to bad information in the registration http://wdprs.internic.net/ Whois Data Problem Report System The standard spamcop notify 'structure' for notifying providers about spamsources and spamvertisers doesn't include the domainname registrar for a reason. Choosing a strategy for notifying that registrar should be based on 'something'. The yesnic abuse policy notification is here http://www.yesnic.com/ENG/misc/notice_0809.php3 Abuse Policy Notification and gives the address abuse@yesnic.com -- Mike Easter kibitzer, not SC admin From blah at blah.com Sun May 7 13:19:59 2006 From: blah at blah.com (news.spamcop.net) Date: Sun May 7 12:25:02 2006 Subject: [SpamCop-List] BlueSecurity/Blue Frog Message-ID: You guys have experience with this outfit? /. and Digg have been talking about it. From pantheus at spamcop.net Sun May 7 11:19:36 2006 From: pantheus at spamcop.net (ken) Date: Sun May 7 13:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 07 May 2006 12:19:59 -0400, news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been talking > about it. Yes, I have experience with them. And it is all good. They have been under attack from a spammer who is trying to hurt them, and using DDoS attacks and a nasty email campaign to attempt to hurt them. His (the spammer/scammer) attempts will fail. BlueSecurity has just come back online after the DDoS and is very much aware of who is doing it, and will prevail. While some may feel BS's goal is abusive, we /DO/ have the right to protect out inboxes, and BlueSecurity's Do Not Spam Registry and opt-out mechanism does work ! They have gained much Venture Capital and Security Company money to continue the valient fight and will prevail! Ken From MikeE at ster.invalid Sun May 7 11:53:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 13:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been > talking about it. I am opposed to BlueFrog/BS and I don't trust them. I think the primary business model is to make money off a venture capitalism idea by first attracting frustrated and naive spammees. I think they use shady business practices and collusion with spamvertisers. In the recent ddos incident, they acted very badly, diverting their problem onto innocent others and displaying their 'mentality' They are a rotten bunch -- I think the BlueFrogger spammees who envision themselves as spam retaliators are fools hanging out in a rotten barrel. It is not my job to prove those opinions here or elsewhere. There is plenty of discussion by me and by others in alt.spam and nanae for anyone who wants to search it. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Sun May 7 22:38:02 2006 From: nospam at nospam.org (Ejo) Date: Sun May 7 15:40:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Gareth" wrote in message > news:e3f2q4$a92$1@news.spamcop.net... >> Many thanks for all your helpful responses. >> My email address is probably quite vulnerable to dictionary attack as some >> of you mentioned (gazza is a popular nickname in the UK!) but I know for >> sure someone had it before me as I have had emails from companies to which >> the previous owner had subscribed (eBay and the like). >> I have other address which don't suffer so much spam and just created this >> new one as a spare. Hence I will probably drop it as it is a chore to >> report all this spam considering I don't really do anything else with the >> address. >> I had heard of some people having success in significantly reducing their >> spam with spamcop so thought I'd try it to see if I could clean up this >> address. >> I've also heard of a program called Mailwasher which apparently generates >> a bounce in response to spam in an attempt to convince the spammers the >> address in invalid. I am a bit sceptical of this since a) I doubt whether >> the spammers care about bounces and b) I worry if such bounces could be >> detected as being false and thus validate the address. >> Any comments on this would be appreciated. >> Thanks >> >> Gareth > > Mail washer is a good option (not as good as SpamCop email) > just turn the "bounce annoyance" off Have you tried spampal already, it is free and it essentially offers the same functionality as MW. From nobody at nowhere.not Sun May 7 22:07:52 2006 From: nobody at nowhere.not (Robert Blair) Date: Sun May 7 17:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 7 May 2006 16:19:59 UTC, "news.spamcop.net" wrote: > You guys have experience with this outfit? Until now only by receiving their spam. >From the little I have seen my guess it is a scam to sell an IPO and get rich quick then depart for warmer climates. The information I have read appears to be suspect. -- Robert Blair From / at /.cn Mon May 8 08:29:27 2006 From: / at /.cn (Petzl) Date: Sun May 7 17:35:03 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Ejo" wrote in message news:e3liam$tet$1@news.spamcop.net... > Petzl wrote: >> "Gareth" wrote in message >> news:e3f2q4$a92$1@news.spamcop.net... [S >> >> Mail washer is a good option (not as good as SpamCop email) >> just turn the "bounce annoyance" off > > Have you tried spampal already, it is free and it essentially offers the > same functionality as MW. Does SpamPal offer automated reporting the spammers or does it just delete (not used SpamPal) MailWasher not only stops spam but also allows basic reporting The best though is forking out the $US30 for a SpamCop email account which not only stops spam getting to ones inbox but also allows Very Easy Reporting (VER) of these spammers effectively closing their ability to send spam BEFORE it gets sent. Often making the ISP aware of spamming activity and SpamCop listing/blocking the spam IP source identified until spam stops. SpamCop is a very powerful weapon against spammers. SpamCop email makes stopping and reporting spam very easy Petzl -- Check your computers security (free) From pantheus at spamcop.net Sun May 7 15:47:11 2006 From: pantheus at spamcop.net (ken) Date: Sun May 7 17:50:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Sun, 07 May 2006 10:53:33 -0700, Mike Easter wrote: > news.spamcop.net wrote: >> You guys have experience with this outfit? /. and Digg have been >> talking about it. > > I am opposed to BlueFrog/BS and I don't trust them. We're going to have to agree to disagree ;-) > I think the primary business model is to make money off a venture > capitalism idea by first attracting frustrated and naive spammees. Frustrated, hell, yes! In five years of feeding SpamCop with, so far 110,000 bits of trash, I find I only get more spam. I don't think feeding it more will bring me (or anyone else) less spam. I've tossed a half dozen domain names and thrown wildcards away on all the rest, due to spam and I still get more. I don't have one open email address in the wild. Naive, not a chance! > I think they use shady business practices and collusion with > spamvertisers. I've seen nothing to allude to this. I hung around and watched for months before I signed up and used their devices. I had some doubts before, but those are gone, now. > In the recent ddos incident, they acted very badly, diverting their > problem onto innocent others and displaying their 'mentality'. By turning the DDoS back onto a couple trojaned proxies as collateral damage.. even the best of the 'fighters' have made a few "errors". By turning it back at the perp, he did get the message. ! > They are a rotten bunch -- I think the BlueFrogger spammees who envision > themselves as spam retaliators are fools hanging out in a rotten barrel. Harsh, without an iota of proof. The resumes of the principals reads far differently. > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. 'Ya, like most of those who post in nanae, and some of the alt.spam are saints and always right. hmmmmph BlueSecurity with almost a 1/2 million members has made great strides in turning a *lot* of my spam off, unlike the route I tried for 5 years. I still feed the ScBL, but wonder why. I could give you a couple urls of message boards that are not nanae-types which say just the opposite of what you are saying, (except for the spammer trolls, there) and they are NOT BlueSecurity boards. But I'm not going to convince you. But I do see several other @spamcop address using their service too, so I'm not alone. Ken From nttp.sc.s at bigsleep.org Sun May 7 23:10:02 2006 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun May 7 18:15:02 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) References: Message-ID: On 06 May 2006, - Garen Erdoisa entered spamcop and left news:e3ja1r$lgg$1@news.spamcop.net: > That is effectively what SPF does. It states "SMTP = yes for these IP's, > SMTP = no for everything else." > I know exactly what SPF does, I'm talking about the connecting server, I'm not talking about a possibly forged envelope sender here. -- | Ric From MikeE at ster.invalid Sun May 7 17:19:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 19:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: ken wrote: > Mike Easter wrote: > Frustrated, hell, yes! In five years of feeding SpamCop with, so far > 110,000 bits of trash, I find I only get more spam. There is almost nothing about spamcop reporting that is going to get you less spam. >> In the recent ddos incident, they acted very badly, diverting their >> problem onto innocent others and displaying their 'mentality'. > > By turning the DDoS back onto a couple trojaned proxies as collateral > damage.. even the best of the 'fighters' have made a few "errors". > By turning it back at the perp, he did get the message. ! That is not at all an accurate description of what happened. BS diverted the attack after they fell by turning their own nameservice [falsifying their nameservice] toward a blog site which they were only using and which wasn't their IP and which was hosting numerous other innocent bystanders. That site suffered DoS crash because of BS's nameservice 'defensive' manipulation. Here's a description of the BS nameservice 'forgery' effect on the innocent Six Apart http://q.queso.com/archives/001917 The dishonor of Blue Security >> They are a rotten bunch > Harsh, without an iota of proof. The resumes of the principals reads > far differently. The purpose of giving financial position to some 'principals' with favorable sounding so-called credentials so as to get their backing or support or the use of the credentials is to lure in the investors or venture capitalists by making the whole thing sound positive and more legitimate. It is a big snake oil operation, song and dance, dog and pony show. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sun May 7 19:19:47 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sun May 7 19:20:10 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Mike Easter" wrote in message news:e3lc6c$q6i$1@news.spamcop.net... SNIP > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. > > -- > Mike Easter > kibitzer, not SC admin > Speaking of NANAE, since I am constrained to gargle grope it, er,use Google Groups, hence no killfilter, Can't anybody stop the hipcrime flood? What happened to the Usenet death? From MikeE at ster.invalid Sun May 7 19:24:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun May 7 21:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Berny wrote: > Speaking of NANAE, since I am constrained to gargle grope it, er,use > Google Groups, hence no killfilter, Can't anybody stop the hipcrime > flood? What happened to the Usenet death? Dealing with hipcrime depends on either the processes of the newsserver you use, some of which do a good job, or developing your own strategies and filter techniques. Some people are completely untroubled by the recent and current rashes -- ie don't know what you are talking about. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon May 8 11:53:03 2006 From: nobody at devnull.spamcop.net (Patto) Date: Sun May 7 21:55:03 2006 Subject: [SpamCop-List] spambr@admin.spamcop.net bounces Message-ID: http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z SC bouncing its own messages...? From nobody at devnull.spamcop.net Sun May 7 22:33:30 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun May 7 22:35:04 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces References: Message-ID: "Patto" wrote in message news:e3m88c$9bm$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z > > SC bouncing its own messages...? Wrong Tracking URL snagged? I don't see anything about a bounce, nothing connected to SpamCop.net in the headers, addresses identified for Reports ...???? From scamper at trisk.com Sun May 7 22:18:42 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun May 7 23:20:03 2006 Subject: [SpamCop-List] Re: Sending Non Delivery Reports? (was Pump and Dump) In-Reply-To: References: Message-ID: Blammo wrote: > On 06 May 2006, - Garen Erdoisa entered spamcop and left > news:e3ja1r$lgg$1@news.spamcop.net: > >> That is effectively what SPF does. It states "SMTP = yes for these IP's, >> SMTP = no for everything else." >> > > I know exactly what SPF does, I'm talking about the connecting server, I'm > not talking about a possibly forged envelope sender here. > Hmm, well if you don't qualify such a txt record with an envelope sender it seems to me like that would add a lot of unnecessary DNS overhead unless you limited it to the SOA records and used NETWORK/CIDR ranges. I really don't see how your idea would be effectively any different than what SPF already provides for. If I'm understanding what you are suggesting correctly this is the way a potential mail session would proceed: -=-=-=- In your scenario: IP connects to mail server Mailserver does a host -t txt 1.100.168.192.in-addr.arpa. it receives a txt "SMTP=no" or txt "SMTP=yes" Mailserver rejects if IP is not allowed Mailserver continues. if IP is allowed. -=-=-=- In SPF's scenario: IP connects to mail server IP issues a MAIL FROM: someone@somehost.example.net Mailserver does a host -t txt example.net it receives a txt "v=spf1 ip4:192.168.100.1/24 -all" Mailserver rejects if IP isn't allowed Mailserver continues if IP is allowed. It does not seem to me to be all that different and I think that SPF provides for a lot more flexibility since the domain name owner controls the SPF record, while in your scenario only the owner of the IP range would control the record unless they forward the rDNS authority to the domain name owner for that IP. If you really think that it is a good idea, why not write up your solution and submit it as an RFC Draft? -- Garen From blah at blah.com Mon May 8 01:09:26 2006 From: blah at blah.com (news.spamcop.net) Date: Mon May 8 00:15:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Are you a spammer troll? You're being weird. "Mike Easter" wrote in message news:e3lc6c$q6i$1@news.spamcop.net... > news.spamcop.net wrote: > > You guys have experience with this outfit? /. and Digg have been > > talking about it. > > I am opposed to BlueFrog/BS and I don't trust them. > > I think the primary business model is to make money off a venture > capitalism idea by first attracting frustrated and naive spammees. > > I think they use shady business practices and collusion with > spamvertisers. > > In the recent ddos incident, they acted very badly, diverting their > problem onto innocent others and displaying their 'mentality' > > They are a rotten bunch -- I think the BlueFrogger spammees who envision > themselves as spam retaliators are fools hanging out in a rotten barrel. > > It is not my job to prove those opinions here or elsewhere. There is > plenty of discussion by me and by others in alt.spam and nanae for > anyone who wants to search it. > > -- > Mike Easter > kibitzer, not SC admin > From vanguard.news at yahooNIX.com Mon May 8 00:48:49 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Mon May 8 00:50:01 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "news.spamcop.net" wrote in message news:e3l6u4$mun$1@news.spamcop.net... > You guys have experience with this outfit? /. and Digg have been > talking > about it. I'm not into vigilantism, as in DOS attacks, which is how BS behaves. Interesting to see BS's true self when they got DOS'ed. From MikeE at ster.invalid Sun May 7 23:00:56 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 01:05:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: news.spamcop.net wrote: > Are you a spammer troll? You're being weird. No one can tell exactly what that statement means or refers to because it lacks any context. It lacks context because there was no trimming or contextualization of the message you replied to. The message you replied to was mine which was a reply to yours. The way you contextualize a reply is by trimming away everything which you are not replying to and then to place your remark just under an empty line just under the exact words to which you are replying. Here are some instructions and illustrations in the new users links page http://members.fortunecity.com/nnqweb/nquote.html news.newusers.questions - Quoting Style in Newsgroup Postings -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun May 7 23:29:51 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 01:30:03 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces In-Reply-To: References: Message-ID: WazoO wrote: > "Patto" wrote in message > news:e3m88c$9bm$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z >> >> SC bouncing its own messages...? > > Wrong Tracking URL snagged? I don't see anything about a > bounce, nothing connected to SpamCop.net in the headers, > addresses identified for Reports ...???? antispambr@abuse.net redirects to spambr at admin.spamcop.net spambr at admin.spamcop.net bounces (99 sent : 99 bounces) From MikeE at ster.invalid Sun May 7 23:51:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 01:55:02 2006 Subject: [SpamCop-List] Re: spambr@admin.spamcop.net bounces References: Message-ID: Tim McGraw wrote: >> "Patto" www.spamcop.net/sc?id=z937652392z6ae64f009245d775d5adbe827b3e11a5z >>> >>> SC bouncing its own messages...? > antispambr@abuse.net redirects to spambr at admin.spamcop.net > spambr at admin.spamcop.net bounces (99 sent : 99 bounces) That whole thing is kinda funky. It is about open proxy source 201.7.3.143 rDNS 201-7-3-143.spopa302.dial.brasiltelecom.net.br That leads to whois -h whois.abuse.net noc.brasiltelecom.net.br ... mail-abuse@cert.br postmaster@brasiltelecom.net.br abuse@NOC.BRASILTELECOM.NET.BR antispambr@abuse.net (for brasiltelecom.net.br) which leads to the above. I don't exactly get why brasiltelecom.net.br got an abuse.net address registered as a contact, or how that abuse.net addy became 'redirected to' a spamcop.net addy. The business about it ending up bouncing is just the final chapter in a little mess, which really isn't very important anyway, since there are plenty of other addresses. -- Mike Easter kibitzer, not SC admin From vanguard.news at yahooNIX.com Mon May 8 01:55:30 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Mon May 8 02:00:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "news.spamcop.net" wrote in message news:e3mgg6$dre$1@news.spamcop.net... > Are you a spammer troll? You're being weird. And you are being a child, especially since you haven't bothered to review past posts to check on Mike's demeanor. Children often use the excuse that if they are being hurt that they will then go hurt someone else, and not particularly the one that hurt them. The argument I see most that defends BS' (yeah, an appropriate abbreviation for them) flood redirect is that it was the spammers' fault for DOS'ing BS and that BS was in its right to then redirect the flood at someone else. Regardless of the problem, if a stray dog shits in your yard, you are NOT legally permitted to pick it up and toss it into your neighbor's yard. Clean up your own mess! From the ineptitude rampant amongst users that classify all undesirable e-mails as spam and go reporting it, it is highly likely that lots of web hosting providers are getting nailed due to stupid users. Cloudmark, at least, using a voting scheme that also ranks users based on their past performance regarding accuracy, is still a passive scheme as are most other responsible methods. BS has a "team" of analysts inspecting your e-mails (so much for privacy) and then has the local client on your host do the DOS bomb. Christ, users bitch about mailer trojans and yet they subscribe to this puerile zombism of their host. "Blue Security follows the links inside the body of the spam message, which typically lead to a site that wants to sell you prescription medications, porn, a get-rich-quick scheme, or the like. It then identifies the form fields at the spammer's site (where you're asked to input credit card data, for example) and then uses the software you installed to direct your PC to insert in those fields a request to unsubscribe you from the site's mailing list." (http://www.pcworld.com/news/article/0,aid,121841,00.asp) So BS disguises their DOS attack of the hosting provider as a shit-load of opt-outs. It doesn't matter what the hell is contained within their flood of messages. That's just BS trying to hide their true intent. Like a child, they just want to punish someone, anyone, regardless of the harm done to others. Extremists never care about how many they hurt as long as some of the victims might include their intended targets. Look at the terrorists that use bombs indiscriminately. They don't care who they hit. They just want to kill someone, and maybe it might be someone they don't like. It's like the Bruce Willis "Die Hard" movie where the FBI agents say something about something like 20% casualties (of innocents) was doable. Yeah, as long as they got the bad guys then some innocents getting nailed was okay. Wrong! There's a reason why cops are not allowed to spray the street with shotguns to get a bankrobber that's running through a crowd. Oh, and if it was the spammer's fault for making BS go DOS a site then the real fault lies with the idiot users that actually buy something from the spammers. Obviously the spammers couldn't continue to exist if they generated no revenue. So let's hide BS' puerile and harmful tactics by claiming it is the users' fault that buy anything promoted by spam. Yeah, let's blame everyone but BS for the actions committed by BS. I'm sure the morality and social attitudes of Israelis is different than Americans is different then . Vengeance may be more acceptable in your country. However, it seems a rather universal social norm that you are not allowed to help yourself by harming others. If you are wronged by an assailant, you may have some recourse against that particular assailant, but you don't get to burn down the apartment complex in which they live so that one of the victims might be the wrongdoer. The same childish vengeance excuse is also spewed by those using bogus bounces and challenge-response. They can't manage to look beyond their own egotistical needs. "Works for me" is all the excuse they need to do it as long as they don't get punished for it. Of the two extremist camps - spammers and anti-spammers - neither is good for the community. The rest of us have found usable solutions and aren't interested in being the collateral damage in their feud. Well BS is getting their just deserts in themselves getting DOS'ed. Too bad it isn't a flood from all innocents that have been harmed by BS' shotgun approach to vengeance. Those who relinquished their e-mail addresses and privacy to BS' registry were getting messages that threaten them with getting 20-40 times more spam than they might otherwise receive. BS described the spammer's tactics - the same ones that BS uses - as "bullying" and "extortion". Gee, ya think? Duh! Guess BS doesn't appreciate experiencing its own "solution". From nospam at nospam.org Mon May 8 09:09:23 2006 From: nospam at nospam.org (Ejo) Date: Mon May 8 02:10:03 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Ejo" wrote in message > news:e3liam$tet$1@news.spamcop.net... >> Petzl wrote: >>> "Gareth" wrote in message >>> news:e3f2q4$a92$1@news.spamcop.net... > [S >>> Mail washer is a good option (not as good as SpamCop email) >>> just turn the "bounce annoyance" off >> Have you tried spampal already, it is free and it essentially offers the >> same functionality as MW. > > Does SpamPal offer automated reporting the spammers or does it just delete > (not used SpamPal) Petzl: Spampal will add information to the header or subject of an e-mail telling you whether IPs in the mail header were listed in a public or local blacklist, or whether e-mail is considered to be spam according to a configurable regular expression filter. Spampal can be configured in any way you like it. It strongly reminds me of spamassassin except that it works under windows as a proxy server, either locally or as a system service. You wouldn't notice whether spampal runs on your PC, the icon in the system tray indicates that it is busy and this happens only when a mail program like thunderbird, outlook or anything else is using pop or imap to read a mailbox. In this way the retrieval speed of e-mail is slightly reduced since spampal is busy with the rDNS lookups, although that would also be the case if you had used MW. DNS lookups results are therefore temporarily stored within spampal (and probably MW) to speed up the process. After spampal you have to find your own way within a mail program to handle annotated e-mail. To report spam you forward all eligible labeled e-mail to your spamcop reporting account. My experience is that this works best in thunderbird since outlook has the nasty habit of pruning e-mail headers. It is possible in outlook to retrieve the entire header, but is a more complicated. The combination of spampal and thunderbird has the same functionality as mailwasher. Actually I think spampal is to be preferred over mailwasher since you have to deal with only one mail program rather than several since mailwasher is a separate mail client. Working with MW means that you have to manually interact with MW, with spampal that is not the case, and this saves me time. Furthermore spampal is free. Some functions in mailwasher are not easy to emulate with spampal, one of them is the use of Firetrust's own reporting service. But I don't care to miss that service since it is poorly performing. Actually, I started first with MW, later to find out the hard way that spampal is making life easier. > > MailWasher not only stops spam but also allows basic reporting MW sets spew aside in a separate folder just like everyone does. To the best of my knowledge nothing will really stop spam. > > The best though is forking out the $US30 for a SpamCop email account which > not only stops spam getting to ones inbox but also allows Very Easy > Reporting (VER) of these spammers effectively closing their ability to send > spam BEFORE it gets sent. Often making the ISP aware of spamming activity > and SpamCop listing/blocking the spam IP source identified until spam stops. Many of us have several mail accounts that offer filtering of spam. In total I have four of those including fastmail. I never tried the spamcop email account service but I bet it is pretty much the way fastmail works. > > SpamCop is a very powerful weapon against spammers. > SpamCop email makes stopping and reporting spam very easy That is true, I prefer to use its rDNS lookup service and I do occasionally report spam the way I described above. Ejo From nobody at devnull.spamcop.net Mon May 8 17:45:18 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon May 8 03:45:08 2006 Subject: [SpamCop-List] Re: Hex URL confuses SC In-Reply-To: References: Message-ID: WazoO wrote: > "WazoO" wrote in message > news:e38a72$83p$1@news.spamcop.net... >> "Maxx Excaliber" wrote in message >> news:e3817j$2fj$1@news.spamcop.net... >>> Tracking URL: >>> > http://www.spamcop.net/sc?id=z933057970z9f2d834e0d06ad7ef38f23648bb19169z >>> Spamvertised URL: >>> http://0xd8db5834/photogallery/albums/userpics/10002/images/.phone.php >>> >>> SpamCop does not recognize this as a valid URL. I was able to decode it >>> using a hex2dec convertor on the web. The hex part decodes to >>> 216.219.88.52. This should go to abuse@hostdepartment.com or >>> abuse@worldispnetwork.com >>> >>> Thanks. >> As posted in the Forum at >> http://forum.spamcop.net/forums/index.php?showtopic=6285 >> this should have been posted into spamcop or spamcop.help .... >> spamcop.routing is for where reports end up after a successful parse. >> I'm crossposting and setting follow-ups to the spamcop >> newsgroup. > > Follow-up posted in the Forum, brought here to bring this thread > up to date .. > > From: "SpamCop/Ellen" > To: "WazoO" > Subject: Re: URLs encoded as hex > Date: Thu, 4 May 2006 07:51:00 -0400 > > the hex-encoding in the url issue has been added to the bugs list > > Ellen > SpamCop Thanks for the follow-up. It is good to know that this may be looked at some time in the future, as a good number of phishing scams now employ this method. From / at /.cn Mon May 8 20:11:05 2006 From: / at /.cn (Petzl) Date: Mon May 8 05:15:10 2006 Subject: [SpamCop-List] Re: Does it work? References: Message-ID: "Ejo" wrote in message news:e3mnaf$hfb$1@news.spamcop.net... > Petzl wrote: >> "Ejo" wrote in message >> news:e3liam$tet$1@news.spamcop.net... >>> Petzl wrote: >>>> "Gareth" wrote in message >>>> news:e3f2q4$a92$1@news.spamcop.net... >> [S] [S] >> >> The best though is forking out the $US30 for a SpamCop email account >> which not only stops spam getting to ones inbox but also allows Very Easy >> Reporting (VER) of these spammers effectively closing their ability to >> send spam BEFORE it gets sent. Often making the ISP aware of spamming >> activity and SpamCop listing/blocking the spam IP source identified until >> spam stops. > > > Many of us have several mail accounts that offer filtering of spam. In > total I have four of those including fastmail. I never tried the spamcop > email account service but I bet it is pretty much the way fastmail works. > >> >> SpamCop is a very powerful weapon against spammers. >> SpamCop email makes stopping and reporting spam very easy > > That is true, I prefer to use its rDNS lookup service and I do > occasionally report spam the way I described above. > > Ejo SpamCop Email can download (by POP or Forwarding) then filter both spam and virus *all* your existing email accounts as well as giving you a SpamCop.net email address should you choose to use it. I advise you do this and gradually let old email addresses become legacy petzl@spamcop.net is used by me for over a decade and is my only contact email address. Extremely bullet proof All spam caught is (VER) reported at a click of your mouse from your Web Browser. I do not have the time to report spam manually SpamCop email is set-up to easily function with SpamCop reporting, All spam that has been and is sent to me is effortlessly reported (non time consuming) The best defence against spammers is to attack back. While the advent of Trojans does allow hackers & spammers complete control and access to many computers defence is simple and for windows users free. Check out my signature on how http://forum.spamcop.net/forums/index.php?showtopic=6089&hl= If you have the time to do set-up spam control yourself then SpamPal is maybe a way to consider also. You seem happy with it, Just as I am with the easy effective SpamCop way I have tested MailWasher the version I used handled spam from the server and never required downloading to inbox (all header info to SpamCop was sent from server) My 30 days free trail or pay $US37 has for some time now expired (The SpamCop Email US$30 is IMO a much better more effective deal) Petzl -- Check your computers security (free) From dws at dealing-with-spam.info Mon May 8 12:51:07 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon May 8 05:55:03 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: Don Wannit wrote on Sat, 06 May 2006 10:51:02 -0700: > While it is impossible to know how many spammers are scared off > by the @spamcop.net, I have numerous examples showing that by > no means are all of them put off by it. Quite on the contrary. Of the many addresses I have, my @spamcop.net address is one of the most heavily spammed. Recently I've taken to holding everything in my held mail folder except that which is whitelisted. It dawned on me that seepage through SC was one of the largest sources of spam in my inbox. That has now ceased. From dont_spam at thecow.me.uk Mon May 8 13:01:06 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Mon May 8 07:05:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote >news.spamcop.net wrote: >> You guys have experience with this outfit? /. and Digg have been >> talking about it. > >I am opposed to BlueFrog/BS and I don't trust them. > >I think the primary business model is to make money off a venture >capitalism idea by first attracting frustrated and naive spammees. > >I think they use shady business practices and collusion with >spamvertisers. > >In the recent ddos incident, they acted very badly, diverting their >problem onto innocent others and displaying their 'mentality' > >They are a rotten bunch -- I think the BlueFrogger spammees who envision >themselves as spam retaliators are fools hanging out in a rotten barrel. Interesting comments. Were this posted elsewhere and by a different author it may be said to have been posted by one of the spammers who have been upset by BlueSecurity. Whose side are you on? >It is not my job to prove those opinions here or elsewhere. There is >plenty of discussion by me and by others in alt.spam and nanae for >anyone who wants to search it. Disregarding the foregoing entirely, this little episode has caused more reaction from the spammers than anything I can remember in a generation of interwebby experience. There are lessons to be learnt from it and it should not be summarily dismissed in the way that you have done. This is something that to ignore is to do so at your own peril. Your choice of course, as ever. I wish them every success in their fight against spam and if I can help I will. -- steve auvache one step closer to The Perfect Date. From MikeE at ster.invalid Mon May 8 06:59:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 09:00:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: steve auvache wrote: > Interesting comments. Were this posted elsewhere and by a different > author it may be said to have been posted by one of the spammers who > have been upset by BlueSecurity. Whose side are you on? Not BS or the spamvertisers they collude with.. > I wish them every success in their fight against spam and if I can > help I will. Then you should become a blue frogger and also follow their other requests to hype the service -- all of which helps their business model, and disregard their lying misrepresentations. Here are a couple of articles showing the discrepancies in BS version of events http://www.wired.com/news/technology/security/0,70831-0.html?tw=wn_index_2 I'm the Blue Security Spammer http://www.informationweek.com/story/showArticle.jhtml?articleID=187200875 Blue Security Denies It's At Fault In Blog Outage -- "But if my couch is on fire, I don't push it out of my house and into my neighbor's. It just wasn't ethical for Blue Security to not sound the alarm with Six Apart, and instead to silently redirect the [DoS] traffic to them." -- Mike Easter kibitzer, not SC admin From dont_spam at thecow.me.uk Mon May 8 15:27:00 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Mon May 8 09:35:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote >steve auvache wrote: > BlueSecurity. > >> I wish them every success in their fight against spam and if I can >> help I will. > >Then you should become a blue frogger Some of my honeypots all ready are. The early reaction/statistics are interesting to say the least and certainly worthy of further examination imo. > and also follow their other >requests to hype the service If their service turns out to be half of what it claims then I will happily sing their praises as I would with *any* successful anti-spam campaign. > -- all of which helps their business model, >and disregard their lying misrepresentations. > I cannot help but get the impression that you are sitting just a little too close to the forest to see the trees clearly and this is colouring your reactions accordingly. As you yourself have commented, both here and in other places, 'everybody has a different experience with spam'. For some the BlueFrog model may be just what they need. -- steve auvache one step closer to The Perfect Date. From tmcgraw at spamcop.net Mon May 8 09:22:26 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 11:25:03 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: D-W-S wrote: > > Recently I've taken to holding everything in my held mail folder except > that which is whitelisted. It dawned on me that seepage through SC was > one of the largest sources of spam in my inbox. That has now ceased. Of course, you regularly visit your Held Mail and frequently Quick Report after reviewing what's there, right? And you ESPECIALLY report the spam that seeps through immediately, so that others may benefit from your vigilance, right? From MikeE at ster.invalid Mon May 8 09:35:03 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon May 8 11:35:02 2006 Subject: [SpamCop-List] Re: Spamcop mail References: Message-ID: D-W-S wrote: > Recently I've taken to holding everything in my held mail folder > except that which is whitelisted. For people who don't get wanted mail from non-whitelisteds, that is an excellent strategy for 'complete' or total spam control. But..... > It dawned on me that seepage > through SC was one of the largest sources of spam in my inbox. I presume that 'SC' in this context means that you are a spamcop mail subscriber, so these comments might be best in the ng spamcop.mail. I'm not a SC mail subscriber, but I've read about configuring the SC mail filters in the forum and elsewhere, and how 'tight' your SC filters are is completely up to the individual subscriber configurer. That is, if you were leaking a lot of spam, you weren't configured very tightly. > That > has now ceased. If you are only allowing whitelisteds, then you /are/ now configured very tightly. For many many people, that would require digging some wanted mail out of their held spam. Some people find that to be a bad job, depending upon the volume of spam. Most people would prefer to configure tight spamfilter rules *and* whitelist their friends. Under that scenario, they would be able to receive in the Inbox unknown but wanted mail which didn't have spammish characteristics, while never filtering their known correspondents. IMO that is a better configuration than Inboxing whitelisteds only. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon May 8 19:17:38 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon May 8 13:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Mike Easter" wrote in message news:e3mj9n$f9k$1@news.spamcop.net... > > Here are some instructions and illustrations in the new users links page > http://members.fortunecity.com/nnqweb/nquote.html > news.newusers.questions - Quoting Style in Newsgroup Postings Mike, you forgot to also mention to him that he shouldn't be posting as thereby trying to give the impression that he his somehow an "official" of spamcop. From tmcgraw at spamcop.net Mon May 8 13:16:25 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon May 8 15:20:06 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: steve auvache wrote: > > Whose side are you on? When US cities spawn ghettos we don't blast them into oblivion, and only in extreme instances have we sent in the National Guard. Hurricanes, now, are another thing... From nobody at spamcop.net Mon May 8 13:22:18 2006 From: nobody at spamcop.net (N. Miller) Date: Mon May 8 15:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: <1rpq36wtn32kf.dlg@news.spamcop.net> On Mon, 8 May 2006 12:01:06 +0100, steve auvache wrote: > Mike Easter wrote >>news.spamcop.net wrote: >>> You guys have experience with this outfit? /. and Digg have been >>> talking about it. >>I am opposed to BlueFrog/BS and I don't trust them. >> >>I think the primary business model is to make money off a venture >>capitalism idea by first attracting frustrated and naive spammees. >> >>I think they use shady business practices and collusion with >>spamvertisers. >> >>In the recent ddos incident, they acted very badly, diverting their >>problem onto innocent others and displaying their 'mentality' >> >>They are a rotten bunch -- I think the BlueFrogger spammees who envision >>themselves as spam retaliators are fools hanging out in a rotten barrel. > Interesting comments. Were this posted elsewhere and by a different > author it may be said to have been posted by one of the spammers who > have been upset by BlueSecurity. Whose side are you on? Mike is obviously _not_ on the side of vigilantes with big guns, big egos, and no sense of justice. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From motobojo+news.spamcop.net at spamcop.net Mon May 8 18:17:58 2006 From: motobojo+news.spamcop.net at spamcop.net (Tom Morrissey) Date: Mon May 8 19:20:06 2006 Subject: [SpamCop-List] hughes.net filtering content for spam Message-ID: A week or so back I presented this forum with an SMTP Server Error: 554, Error Number: 0x800CCC6F that I was getting when I tried to send spam reports (quick or otherwise) to SC through SMTP.hughes.net using OE as my mail client. After much VERY painful dialogue with various (way too many) hughes.net support staff I finally got somebody who should know to admit to the fact that hughes.net was filtering both outgoing and incoming email content and flat refusing to send on mail it identified as spam. This filter is trapping my spam reports containing the spam as .eml attachments under these criteria and giving me the message described above. Lucky for me I have other smtp paths through which I can report spam to SC. It is an interesting situation though. I don't use my hughes.net incoming mail account so I don't really "benefit" from the service, instead I'm just hampered from reporting spam through their smtp server to SC that I happen to get through other incoming paths. From jg at coks.net Mon May 8 18:29:46 2006 From: jg at coks.net (jg) Date: Mon May 8 20:30:02 2006 Subject: [SpamCop-List] A question - related to Re: hughes.net filtering content for spam In-Reply-To: References: Message-ID: On 5/8/2006 4:17 PM Tom Morrissey scribbled: > A week or so back I presented this forum with an SMTP Server Error: 554, > Error Number: 0x800CCC6F that I was getting when I tried to send spam > reports (quick or otherwise) to SC through SMTP.hughes.net using OE as my > mail client. > > After much VERY painful dialogue with various (way too many) hughes.net > support staff I finally got somebody who should know to admit to the fact > that hughes.net was filtering both outgoing and incoming email content and > flat refusing to send on mail it identified as spam. This filter is > trapping my spam reports containing the spam as .eml attachments under these > criteria and giving me the message described above. > > Lucky for me I have other smtp paths through which I can report spam to SC. > It is an interesting situation though. > > I don't use my hughes.net incoming mail account so I don't really "benefit" > from the service, instead I'm just hampered from reporting spam through > their smtp server to SC that I happen to get through other incoming paths. > > Cox is doing the same thing, started 2-3 months ago on outgoing - everything I was sending out hit the floor. 2 weeks ago, my spam dried up - I posted the fact here, at first in wonderment. Cox sent an email to their customers about 4-5 days after they started using new filters on incoming. Everyone is forced to use a webmail account to go and clean out the spam box. Just today I noticed a forwarding setting I'm thinking about exploring. Does anyone know if I can take my special SC address and try to forward to it? Or is entering it into their system a SC no-no? Cox will probably block it, but worth the try... From jg at coks.net Mon May 8 18:38:11 2006 From: jg at coks.net (jg) Date: Mon May 8 20:35:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: On 5/8/2006 6:27 AM steve auvache scribbled: > If their service turns out to be half of what it claims then I will > happily sing their praises as I would with *any* successful anti-spam > campaign. > > > >> -- all of which helps their business model, >> and disregard their lying misrepresentations. >> > > I cannot help but get the impression that you are sitting just a little > too close to the forest to see the trees clearly and this is colouring > your reactions accordingly. > > As you yourself have commented, both here and in other places, > 'everybody has a different experience with spam'. For some the BlueFrog > model may be just what they need. > > > AFAICT, this talk of business models and IPOs puts bs intentions in question and makes me wonder as to their objectivity. The profit motive works in a capitalist society (who here hasn't griped about black hat ISPs having it?) I think if there a viable profit to it all, Microsloth would have cleaned up the net years ago. And I have not seen/read about any slacking of spam since their little endeavor started over a year or more ago. From edb2000 at spamcop.net Mon May 8 20:56:06 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Mon May 8 23:00:06 2006 Subject: [SpamCop-List] Re: Spamcop mail In-Reply-To: References: Message-ID: Tim McGraw wrote: > D-W-S wrote: > >> >> Recently I've taken to holding everything in my held mail folder >> except that which is whitelisted. It dawned on me that seepage through >> SC was one of the largest sources of spam in my inbox. That has now >> ceased. > > > Of course, you regularly visit your Held Mail and frequently Quick > Report after reviewing what's there, right? > > And you ESPECIALLY report the spam that seeps through immediately, so > that others may benefit from your vigilance, right? It's convenient to have the SC webmail page open in a separate browser window, showing the Held Mail inbox. This page auto refreshes every 5 minutes, and with javascript enabled it will pop up an alert telling you when new messages come in. So if I have a moment, it's easy to pop that browser window to the front, quickly report or release the held message(s), and return to what I was doing. Quick and easy! If I'm busy, I ignore it. (I only need to monitor Held Mail this way, because ham gets immediately forwarded from SC to my private inbox which is monitored by my email reader.) -- Don Wannit A paid SpamCop user since 1999 From vanguard.news at yahooNIX.com Tue May 9 00:51:27 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Tue May 9 00:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "steve auvache" wrote in message news:KNnQp4Akc0XEFwSt@thecow.me.uk... > > If their service turns out to be half of what it claims then I will > happily sing their praises as I would with *any* successful anti-spam > campaign. An end-user speaketh. So you use e-mail and browse to someone ELSE's web site. Ever run a business site of your own (i.e., for YOUR own business)? Would you like to have your webhost provider DOS'ed because some other site is using spam to induce traffic to their site and meanwhile your site becomes inaccessible to all your existing clients and potential customers? Would you like some malcontent or disgruntled ex-employee to spew spam that had links to your site so you get DOS'ed? Yeah, different story when it is YOU that becomes the collateral damage. From turan.fe at t-online.de Tue May 9 14:18:20 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Tue May 9 07:20:11 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: I do not exactly trust BlueSecurity, but they have kicked several spammers into their butts, more than SpamCop ever managed to. Forget about legal aspects for a moment. The BlueFrog idea might force several spammers out of business, which is a good thing. The "Robin Hood principle" is observed, no one feels sorry for the spammers, and if this is THE idea to get rid of spammers - why not. I'll wait until BlueSecurity has established that they do not wear a black hat and BlueFrog is not a Trojan horse. Afterwards, I'll gladly use their software! Turan From dont_spam at thecow.me.uk Tue May 9 13:51:20 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Tue May 9 08:05:01 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Vanguard wrote >"steve auvache" wrote in message >news:KNnQp4Akc0XEFwSt@thecow.me.uk... >> >> If their service turns out to be half of what it claims then I will >> happily sing their praises as I would with *any* successful anti-spam >> campaign. > > >An end-user speaketh. Aren't us Users what this is all about? The little men and women? The ones who have the inboxes that is the destination for all this? Have you forgotten something? Or did you not bother to learn it in the first place? >Yeah, different story when it is YOU that becomes the collateral damage. I am a User, I am the collateral damage. -- steve auvache one step closer to The Perfect Date. From / at /.cn Tue May 9 23:38:51 2006 From: / at /.cn (Petzl) Date: Tue May 9 08:40:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3ptqf$7gq$1@news.spamcop.net... >I do not exactly trust BlueSecurity, but they have kicked several spammers >into their butts, more than SpamCop ever managed to. > SpamCop itself only reports spammers and logs the IP after "scoring" on its SCBL However this evidence" is then often used by authorities to target spammers which then often end up facing the courts a recent one http://www.latimes.com/services/site/premium/access-registered.intercept or http://tinyurl.com/km3qj registration required ****extracts***** Hacker Sentenced in Spam Case By Charles Piller, Times Staff Writer May 9, 2006 A Downey man was sentenced to nearly five years in federal prison Monday for using malicious software to seize control of 400,000 computers and then selling access to the "zombie" machines to spammers and hackers. "Every conviction raises the barrier to entry for these guys," said Scott Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces anti-spam software. ************* Petzl -- Check your computers security (free) From kenbrody at spamcop.net Tue May 9 11:19:05 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue May 9 10:25:02 2006 Subject: [SpamCop-List] Bad feelings about SpamCop in alt.sysadmin.recovery Message-ID: <4460A4D9.132BA241@spamcop.net> In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", there is some anti-SpamCop discussion. It started with someone mentioning that their servers got blacklisted (they didn't say by whom) because of one of their lusers, to which someone else replied Go on, surprise me. Tell me it isn't spamcop.net. and went from there. (Note that alt.sysadmin.recovery is a "self-moderated" newsgroup, which means that you can't post there unless you know what that means. And, no, I can't tell you.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue May 9 08:42:36 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 9 10:45:02 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: Kenneth Brody wrote: > (Note that alt.sysadmin.recovery is a "self-moderated" newsgroup, > which means that you can't post there unless you know what that > means. And, no, I can't tell you.) It also means that not all newsreaders can post there even if the 'deficient' newsreader user knows what that means, depending upon the 'flexibility' of the robo-moderator.^1 But I think you are doing a fine job in there so far, so maybe no one else /needs/ to post :-) ^1 -- disregard that. There's a registry edit for OE users. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Tue May 9 09:58:56 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue May 9 12:00:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery In-Reply-To: <4460A4D9.132BA241@spamcop.net> References: <4460A4D9.132BA241@spamcop.net> Message-ID: Kenneth Brody wrote: > In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", > there is some anti-SpamCop discussion. > > It started with someone mentioning that their servers got blacklisted > (they didn't say by whom) because of one of their lusers, to which > someone else replied > > Go on, surprise me. Tell me it isn't spamcop.net. > > and went from there. Ken, I applaud you for fighting the good fight, but reading between the lines it looks like this is a bunch of sysadmins for small and middling systems who say, "damn the torpedoes, backscatter ahead!" Talk about a negative bunch. Here's what the group's FAQ sez: > Alt.sysadmin.recovery is for discussion by recovered and recovering sysadmins. > It is a forum for mutual support and griping over idiot lusers, stupid > tech support, brain-dead hardware, and generally how stupid this idiotic > job is. Do they ever say anything good about anyone/thing? This is not a group /I/ would hang out with! From kenbrody at spamcop.net Tue May 9 14:20:11 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue May 9 13:25:04 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <4460CF4B.7B043B4B@spamcop.net> Tim McGraw wrote: > > Kenneth Brody wrote: > > In alt.sysadmin.recovery, thread "Be very quiet, I'm hunting lusers", > > there is some anti-SpamCop discussion. > > > > It started with someone mentioning that their servers got blacklisted > > (they didn't say by whom) because of one of their lusers, to which > > someone else replied > > > > Go on, surprise me. Tell me it isn't spamcop.net. > > > > and went from there. > > Ken, I applaud you for fighting the good fight, but reading between the > lines it looks like this is a bunch of sysadmins for small and middling > systems who say, "damn the torpedoes, backscatter ahead!" Given that they go there to complain about such tactics from lusers, I expect more from them. There were only a few messages in the thread when I last read it, so I'm not sure where their negativity towards SpamCop comes from. > Talk about a negative bunch. Here's what the group's FAQ sez: > > > Alt.sysadmin.recovery is for discussion by recovered and recovering sysadmins. > > It is a forum for mutual support and griping over idiot lusers, stupid > > tech support, brain-dead hardware, and generally how stupid this idiotic > > job is. > > Do they ever say anything good about anyone/thing? I good rant can draw applause and admiration. Before the group became moderated, it was entertaining to read the replies to people who posted questions thinking that it was a place to ask sysadmins for help with your problems. > This is not a group /I/ would hang out with! -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue May 9 12:03:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue May 9 14:05:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: pasted from nanae news:e3qjqp$497$1@calcite.rhyolite.com Newsgroups: news.admin.net-abuse.email Subject: Re: Blue Security & Hyperbole Vernon Schryver wrote: > Mike Easter >> >>> I don't have a problem with the basic concept. It's >>> similar to Spamcop's concept. >> >> Which BS concepts are similar to which SC concepts? >> >> SC is a free and paid parsing and reporting service and the >> maintainer of the SCbl blocklist, besides being a mail/spam >> filtertagging reporting service for its mail clients. >> >> I don't see the similarity. > > That is at best disingenous. Irrelevant characteristics such as > details of pricing do not obscure or outweigh the similarities. As > far as I > can tell: > > - SpamCop and BlueSecurity offer free services or free versions of > their services. > > - SpamCop and BlueSecurity sell some other services, or perhaps > the same services in other situations. > > - SpamCop and BlueSecurity have some unsavory connections or > connotations, but SpamCop has at least as many: > > -- SpamCop has sent me unsolicited bulk email but BlueSecurity > has not, unless the spam touting "The Skybox Solution" that > talks about "Commercial DDOS emulation based on Bluesecurity > solution" is BlueSecurity's > > -- SpamCop is owned by Ironport, which has a long, well > established history of empowering Internet commerce with push email > advertisersing > > - advocates for both SpamCop and BlueSecurity make knowingly false > claims: > -- SpamCop advocates claim SpamCop does not ever send spam, > and never mind the public records. > -- SpamCop at least used to claim to be able to parse Received: > headers to find the source of spam, and never mind that without > external information it is impossible to detect forged Received: > headers. > -- BlueSecurity claims their "registry" is secure, and never > mind the unavoidable effectiveness and high speed of dictionary > attacks on it after it has been given to spammers. > > - both SpamCop and Bluesecurity appeal to what can be described > pejoratively as the mob or positively as the desire of people > to work together to stop spam. > > There are other claims from what seem to be third parties that seem > to be false. The most obvious is that Bluesecurity uses denial of > service attacks on spammer web sites. Assuming the accuracy of the > statements on http://www.bluesecurity.com including the statement by > Marcus J. Ranum that Bluesecurity never does more than one interaction > with a spammer web site per spam received by Bluesecurity protected > mailboxes, that DoS claim is false. > > I wonder why Mike Easter is so outraged by Blueseurity. The only > thing > I imagine is that he fears Bluesecurity's competition for the outfit > he shills for, Ironport/SpamCop. I wouldn't trust Bluesecurity more > or even as much as Scott Richter. I dislike SpamCop and Scott Richter > because of the SpamCop and Richer's spam I have received. Scott > Richter is a known quantity, but I have no first hand evidence of the > claimed evils of Bluesecurity. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue May 9 13:53:00 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Tue May 9 15:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: ken wrote > Frustrated, hell, yes! In five years of feeding SpamCop with, so far > 110,000 bits of trash, I find I only get more spam. Please go to http://www.spamcop.net/ and tell me where it says that feeding spamcop will reduce the amount of spam you get. > I don't think feeding it more will bring me (or anyone else) less spam. It doesn't matter what you think. Feeding it does reduce the amount of spam that those who use the blocklist. I have a folder full of filtered spam to prove this. Please note that using the blocklist and reporting spam are not the same thing. > 'Ya, like most of those who post in nanae, and some of the alt.spam are > saints and always right. hmmmmph Drama queen. > I could give you a couple urls of message boards that are not nanae-types > which say just the opposite of what you are saying, (except for the > spammer trolls, there) and they are NOT BlueSecurity boards. > > But I'm not going to convince you. So, on the basis that you don't think that you can convince Mike Easter, you choose not to post evidence supporting your position which may convince me? Have yoiu decided that I cannot be convinced? And that those who read but do not post cannot be convinced? From remaker at cisco.com Tue May 9 15:30:54 2006 From: remaker at cisco.com (Phillip Remaker) Date: Tue May 9 17:35:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: Unfortunately, they have a point. I am about to stop using bl.spamcop.net since it routinely lists reputable ISPs like GMAIL and Earthlink and block a lot of legitimate mail because of it. My most recent problem: http://www.spamcop.net/w3m?action=blcheck&ip=64.233.182.191 Almost all outbound GMAIL servers are hit. My site stopped receiving GMAIL mail. 8-( From great-gazoo at bling.bling.hotmail.com Tue May 9 15:47:00 2006 From: great-gazoo at bling.bling.hotmail.com (The Great Gazoo) Date: Tue May 9 17:50:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "ken" wrote in message news:pan.2006.05.07.17.19.35.430654@spamcop.net... > On Sun, 07 May 2006 12:19:59 -0400, news.spamcop.net wrote: > >> You guys have experience with this outfit? /. and Digg have been talking >> about it. > > Yes, I have experience with them. And it is all good. > > They have been under attack from a spammer who is trying to hurt them, and > using DDoS attacks and a nasty email campaign to attempt to hurt them. > His (the spammer/scammer) attempts will fail. BlueSecurity has just come > back online after the DDoS and is very much aware of who is doing it, and > will prevail. > > While some may feel BS's goal is abusive, we /DO/ have the right to > protect out inboxes, and BlueSecurity's Do Not Spam Registry and opt-out > mechanism does work ! They have gained much Venture Capital and Security > Company money to continue the valient fight and will prevail! > > Ken > Little Mikey Easter is always going to whine so I wouldn't pay much attention to it. You'll notice how Mikey always posts and always has an answer to everything. Reminds me of bloated pelvis from the GRC tech newsgroups. Thought he knew everything as well. If you like the tools you use, Ken, keep using them. I've found nothing bad about Blue Security either. Much the same as Mikey seems to whine about Mailwasher. ...and most likely Mikey will have his rants continue on from this message. It's probably best to plonk Mikey and let him spew. From nobody at spamcop.net Tue May 9 15:48:09 2006 From: nobody at spamcop.net (N. Miller) Date: Tue May 9 17:50:11 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <1us30xsn186no$.dlg@news.spamcop.net> On Tue, 9 May 2006 14:30:54 -0700, Phillip Remaker wrote: > Unfortunately, they have a point. I am about to stop using bl.spamcop.net > since it routinely lists reputable ISPs like GMAIL and Earthlink and block a > lot of legitimate mail because of it. Not even the SpamCop directions for use of the SCBL recommend using the SCBL to actually block servers. The recommended use of the SCBL is as a scoring system. Usually in conjunction with something like SpamAssassin, where the SCBL, itself, won't cause a rejection, but will add points to an overall threshold, above which email is tagged as "possible spam". If you don't know how to use the tool properly, you _will_ injure yourself. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Kilgallen at SpamCop.net Tue May 9 18:06:49 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue May 9 18:10:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: <0LOCCKELCjsw@eisner.encompasserve.org> In article , "Phillip Remaker" writes: > Unfortunately, they have a point. I am about to stop using bl.spamcop.net > since it routinely lists reputable ISPs like GMAIL An ISP that sends me spam is not "legitimate". GMAIL has no way to impose financial penalties on their users, and thus has a broken business model. > and Earthlink and block a lot of legitimate mail because of it. SpamCop does not block anything. SpamCop provides a list, and you can combine that list with the whitelist of your choice. I do that even based on the "From:" address and it works quite well. From bar_n0ne at hotmail.com Tue May 9 20:09:18 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue May 9 20:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "The Great Gazoo" wrote in message news:e3r2kj$2ut$1@news.spamcop.net... SNIP > > It's probably best to plonk Mikey and let him spew. and get advice, information, from you? *PLONK From nobody at devnull.spamcop.net Tue May 9 21:11:16 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue May 9 20:15:03 2006 Subject: [SpamCop-List] Re: Bad feelings about SpamCop in alt.sysadmin.recovery References: <4460A4D9.132BA241@spamcop.net> Message-ID: "Phillip Remaker" wrote in message news:e3r1me$2fr$1@news.spamcop.net... > Unfortunately, they have a point. I am about to stop using > bl.spamcop.net since it routinely lists reputable ISPs like > GMAIL and Earthlink and block a lot of legitimate mail because > of it. ... That's a good idea, actually. Since you can not or do not read, can not or do not bother to think for yourself, exhibit little original though, and in general don't think period, stopping use of it is an excellent idea in your case. If ever there was a good example of a wart on the ass of progress, BS/BF and its supporters rate high on the list. You not only don't understand spamcop, but you have little understanding of BS/BF either, and that's abundantly clear in your posts. It's a lot better if follower-type non-thinkers such as the display you present for yourself here, along with a couple of others, go your separate ways and enjoy the darkness of the sands. If you ever do decide to learn the facts though, and manage to get your collective heads around them, I'm quite sure you'd still be welcomed when you had some on-topic questions or insights. Until that time though, you'll be mostly talking to yourself here. Also until then, I'll be pressing the "bypass" buttons for you 'uns. Cheers, Pop From nobody at nowhere.not Wed May 10 05:18:09 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed May 10 00:20:03 2006 Subject: [SpamCop-List] A new excuse for the sending of spam Message-ID: I thought I had seen most of the excuses but this one tops them all. I have never done an opt-in or an opt-out to this outfit. Date: Tue, 9 May 2006 20:47:49 -0700 From: abuse@he.net To: 1743985206@reports.spamcop.net Subject: [HE_ABUSE#1643465] [SpamCop (65.19.140.49) id:1743985206]Printer Cartridges - Up To Eighty Percent Off Reta.. Hi, There was an error with the mailing list management that caused an advertisement to be sent to the \'opt-out\' list rather than the \'opt-in\' list. The offending net-block was null-routed as quickly as possible, but many mails were still sent. We apologize for the inconvenience, this problem should now be resolved. -Chris -- Robert Blair From g.hyde at bigpond.net.au Wed May 10 15:50:33 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed May 10 00:55:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-T0HjYbwZzfEx@dsl-206-55-144-107.tstonramp.com... >I thought I had seen most of the excuses but this one tops them all. > > I have never done an opt-in or an opt-out to this outfit. [snippage] Without seeing a tracking URL: people will have no idea what you're talking about. I occasionally receive some emails purporting to be from some mailing list I've never subscribed to, they get reported like the rest of the spam. If I can identify an actual mailing list, and if I have the time to, I'll check what their web page is, and send them a notification of the list email purporting to be from them, so they can take whatever action they want about the spammer. I've yet to receive anyone replying back though. Cheers ... Geoffrey Hyde From pantheus at spamcop.net Wed May 10 00:38:02 2006 From: pantheus at spamcop.net (ken) Date: Wed May 10 02:40:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: On Tue, 09 May 2006 12:53:00 -0700, G|_|Y |\/|AC0|\| wrote: > > ken wrote > >> Frustrated, hell, yes! In five years of feeding SpamCop with, so far >> 110,000 bits of trash, I find I only get more spam. > > Please go to http://www.spamcop.net/ and tell me where it says that > feeding spamcop will reduce the amount of spam you get. **PLONK** From nobody at nowhere.not Wed May 10 08:04:14 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed May 10 03:05:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Wed, 10 May 2006 04:50:33 UTC, "Geoffrey Hyde" wrote: > Without seeing a tracking URL: people will have no > idea what you're talking about. I did not think there was any need for a tracking URL as I know where it came from and was not asking for any help. Domain owner Ingenious Marketing Group 2533 N. Carson St. Suite #6273 Carson City, Nevada 89706 IP owner Hurricane Electric 760 Mission Court Fremont, CA 94539 > I occasionally receive some emails purporting to be > from some mailing list I've never subscribed to, they > get reported like the rest of the spam. They did not claim I was subscribed and I very much doubt it is a mailing list. > If I can > identify an actual mailing list, and if I have the time > to, I'll check what their web page is, and send them a > notification of the list email purporting to be from > them, so they can take whatever action they want about > the spammer. I've yet to receive anyone replying back though. Email from mail49.easyingenious.com (mail49.business-img.com [65.19.140.49]). It appears to be straight-up spam although I can not get to the web site at this time. I just was passing along a rather lame excuse as to why I was getting spam from them. -- Robert Blair From nospam at nospam.org Wed May 10 10:09:03 2006 From: nospam at nospam.org (Ejo) Date: Wed May 10 03:10:04 2006 Subject: [SpamCop-List] Re: Does it work? In-Reply-To: References: Message-ID: Petzl wrote: > "Ejo" wrote in message > news:e3mnaf$hfb$1@news.spamcop.net... >> Petzl wrote: >>> "Ejo" wrote in message >>> news:e3liam$tet$1@news.spamcop.net... >>>> Petzl wrote: >>>>> "Gareth" wrote in message >>>>> news:e3f2q4$a92$1@news.spamcop.net... >>> [S] > [S] >>> The best though is forking out the $US30 for a SpamCop email account >>> which not only stops spam getting to ones inbox but also allows Very Easy >>> Reporting (VER) of these spammers effectively closing their ability to >>> send spam BEFORE it gets sent. Often making the ISP aware of spamming >>> activity and SpamCop listing/blocking the spam IP source identified until >>> spam stops. >> >> Many of us have several mail accounts that offer filtering of spam. In >> total I have four of those including fastmail. I never tried the spamcop >> email account service but I bet it is pretty much the way fastmail works. >> >>> SpamCop is a very powerful weapon against spammers. >>> SpamCop email makes stopping and reporting spam very easy >> That is true, I prefer to use its rDNS lookup service and I do >> occasionally report spam the way I described above. >> >> Ejo > > SpamCop Email can download (by POP or Forwarding) then filter both spam and > virus *all* your existing email accounts as well as giving you a SpamCop.net > email address should you choose to use it. I advise you do this and > gradually let old email addresses become legacy petzl@spamcop.net is used by > me for over a decade and is my only contact email address. Extremely bullet > proof > > All spam caught is (VER) reported at a click of your mouse from your Web > Browser. > I do not have the time to report spam manually SpamCop email is set-up to > easily function with SpamCop reporting, > All spam that has been and is sent to me is effortlessly reported (non time > consuming) > The best defence against spammers is to attack back. > > While the advent of Trojans does allow hackers & spammers complete control > and access to many computers defence is simple and for windows users free. > Check out my signature on how > http://forum.spamcop.net/forums/index.php?showtopic=6089&hl= > > If you have the time to do set-up spam control yourself then SpamPal is > maybe a way to consider also. You seem happy with it, Just as I am with the > easy effective SpamCop way > > I have tested MailWasher the version I used handled spam from the server and > never required downloading to inbox (all header info to SpamCop was sent > from server) My 30 days free trail or pay $US37 has for some time now > expired (The SpamCop Email US$30 is IMO a much better more effective deal) > > Petzl > -- > Check your computers security (free) > > > I switched! From nobody at spamcop.net Wed May 10 05:12:20 2006 From: nobody at spamcop.net (N. Miller) Date: Wed May 10 07:15:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: <1f4tz2iqk6009.dlg@news.spamcop.net> On Tue, 9 May 2006 14:47:00 -0700, The Great Gazoo wrote: > It's probably best to plonk Mikey and let him spew. I'd rather plonk you. Mike doesn't have an attitude; he is just right. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Wed May 10 12:03:35 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 10 14:05:03 2006 Subject: [SpamCop-List] The Standard Advice Message-ID: In response to the current crop of flames and flamers, I present:THE STANDARD ADVICE: "There is a way to influence what gets discussed in a newsgroup that works well, and another way that has never worked no matter how many people have tried it. "What works: Post articles on the topic you wish to see discussed and participate in the resulting discussion. Use killfiles and filters so that you don't see the articles that you dislike. If you don't know how to use a killfile, use good old fashioned discipline and don't read posts by people who post articles that you dislike. Never, ever respond to articles that you dislike. "What doesn't work: Respond to articles that you dislike, complain about articles that you dislike, complain about posters that you dislike, complain about how terrible everyone else is for not posting what you want them to post. Talk about how to respond to articles that you dislike. Make the articles that you dislike the center of attention, the main topic of discussion, and a personal crusade." -Guy Macon From nobody at spamcop.net Wed May 10 16:06:43 2006 From: nobody at spamcop.net (indigo) Date: Wed May 10 15:10:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Mike Easter wrote: > > > > I wonder why Mike Easter is so outraged by Blueseurity. The only > > thing > > I imagine is that he fears Bluesecurity's competition for the outfit > > he shills for, Ironport/SpamCop. Mike, I didn't know you were a shill on the side too (besides kibitzing)......oh well, that *was* Vernon talking.....smarmy bastard. From MikeE at ster.invalid Wed May 10 13:53:52 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed May 10 15:55:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: indigo wrote: > Mike Easter wrote: >>> >>> I wonder why Mike Easter is so outraged by Blueseurity. The only >>> thing >>> I imagine is that he fears Bluesecurity's competition for the outfit >>> he shills for, Ironport/SpamCop. > > Mike, I didn't know you were a shill on the side too (besides > kibitzing)......oh well, that *was* Vernon talking.....smarmy bastard. Yes, I'm 'always' accused of shilling for SC in nanae. Those dudes over there don't see me over here being critical of various SC features or methods or notifies. The problem is that several admins over there have a very anti-spamcop attitude that is based partly on old misinformation or mistakes and partly on their own notions which are not subject to change. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed May 10 18:22:13 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 10 17:25:04 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: There's a simpler way: Ignore the trollers. Starve them. They'll go elsewhere for their daily ration. "G|_|Y |\/|AC0|\|" wrote in message news:e3t9tn$98c$1@news.spamcop.net... > In response to the current crop of flames and flamers, I > present:THE STANDARD ADVICE: > > "There is a way to influence what gets discussed in a newsgroup > that > works well, and another way that has never worked no matter how > many > people have tried it. > > "What works: Post articles on the topic you wish to see > discussed > and participate in the resulting discussion. Use killfiles and > filters so that you don't see the articles that you dislike. > If you don't know how to use a killfile, use good old fashioned > discipline and don't read posts by people who post articles > that you > dislike. Never, ever respond to articles that you dislike. > > "What doesn't work: Respond to articles that you dislike, > complain > about articles that you dislike, complain about posters that > you > dislike, complain about how terrible everyone else is for not > posting > what you want them to post. Talk about how to respond to > articles > that you dislike. Make the articles that you dislike the > center of > attention, the main topic of discussion, and a personal > crusade." > > -Guy > Macon > From tmcgraw at spamcop.net Wed May 10 16:54:08 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed May 10 18:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: news.spamcop.net wrote: > You guys have experience with this outfit? /. and Digg have been talking > about it. InternetWeek reader reaction to Blue Security's decision to redirect traffic from a denial of service attack from its servers to those of hosting provider was, not surprisingly, universally negative. Readers found much to condemn about Blue Security's offensive defensive maneuver, its chief executive Eran Reshef's rationalization for that decision, and the general state of software insecurity today. There is oh so much more at IW editor Amy Larsen DeCarlo's Blog: http://internetweek.cmp.com/blog/archives/2006/05/readers_talk_ba_1.html From nobody at devnull.spamcop.net Wed May 10 17:52:52 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Wed May 10 19:55:03 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: "POP" wrote... > > "G|_|Y |\/|AC0|\|" wrote... > >> In response to the current crop of flames and flamers, I present: >> >>THE STANDARD ADVICE: >> >>"There is a way to influence what gets discussed in a newsgroup that works >>well, and another way that has never worked no matter how many people have >>tried it. >> >>"What works: Post articles on the topic you wish to see discussed and >>participate in the resulting discussion. >> Use killfiles and filters so that you don't see the articles that you >> dislike. If you don't know how to use a killfile, use good old fashioned >> discipline and don't read posts by people who post articles that you >> dislike. Never, ever respond to articles that you dislike. >> >>"What doesn't work: Respond to articles that you dislike, complain about >>articles that you dislike, complain about posters that you dislike, >>complain about how terrible everyone else is for not posting what you want >>them to post. Talk about how to respond to articles that you dislike. >>Make the articles that you dislike the center of attention, the main topic >>of discussion, and a personal crusade." >> >> -Guy Macon >> > > There's a simpler way: Ignore the trollers. Starve them. They'll go > elsewhere for their daily ration. I am having trouble differentiating between "Ignore/Starve them" and "Never, ever respond." You appear to have restated the Standard Advice. Then again, being repeated by many people is what makes it standard... :) From nobody at devnull.spamcop.net Wed May 10 21:24:33 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed May 10 20:25:02 2006 Subject: [SpamCop-List] Re: The Standard Advice References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e3tuck$l5r$1@news.spamcop.net... > > "POP" wrote... >> >> "G|_|Y |\/|AC0|\|" wrote... >> >>> In response to the current crop of flames and flamers, I >>> present: >>> >>>THE STANDARD ADVICE: >>> >>>"There is a way to influence what gets discussed in a >>>newsgroup that works well, and another way that has never >>>worked no matter how many people have tried it. >>> >>>"What works: Post articles on the topic you wish to see >>>discussed and participate in the resulting discussion. >>> Use killfiles and filters so that you don't see the articles >>> that you dislike. If you don't know how to use a killfile, >>> use good old fashioned discipline and don't read posts by >>> people who post articles that you dislike. Never, ever >>> respond to articles that you dislike. >>> >>>"What doesn't work: Respond to articles that you dislike, >>>complain about articles that you dislike, complain about >>>posters that you dislike, complain about how terrible everyone >>>else is for not posting what you want them to post. Talk about >>>how to respond to articles that you dislike. Make the articles >>>that you dislike the center of attention, the main topic of >>>discussion, and a personal crusade." >>> >>> -Guy Macon >>> >> >> There's a simpler way: Ignore the trollers. Starve them. >> They'll go elsewhere for their daily ration. > > I am having trouble differentiating between "Ignore/Starve > them" and "Never, ever respond." You appear to have > restated the Standard Advice. > > Then again, being repeated by many people is what makes it > standard... :) > > Truthfully, I don't know what you said; it only required a couple of lines, but you chose to write a missive from what I glanced at; e.g. waste of time for saying such a few words. Or are you trolling? Verbosity is often a troller's trait. From not at home.today Thu May 11 02:39:50 2006 From: not at home.today (Ant) Date: Wed May 10 20:45:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote: > I thought I had seen most of the excuses but this one tops them all. Here's an excuse for backscatter excerpted from a non-delivery report of an email I didn't send: The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. They (telesat.com.co) received the spam from 200.51.86.80 (Telefonica Data Argentina) which has no rDNS but is not listed in any important blocklists. Their SpamAssassin gave it 10.8 points out of the 10.0 required, so I suppose that's why they consider it 'less obvious' UBE. For a large ISP (I don't know if this Colombian ISP is) it would be impractical for a human to review every borderline case. Perhaps their strategy is a reasonable compromise if they don't mind a little collateral damage in the form of popping in and out of blocklists. At least they didn't bounce the whole spam, which would have been quite large going by the familiar headers I've seen in a lot of recent turds forging my From address. I didn't actually report this one because it was outside my self- imposed time-window. I might not have reported it anyway, since I rather appreciated the explanation from a South American ISP that is obviously mindful of the issues. From not at here.invalid Wed May 10 22:01:07 2006 From: not at here.invalid (Ellen) Date: Wed May 10 21:20:02 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-T0HjYbwZzfEx@dsl-206-55-144-107.tstonramp.com... >I thought I had seen most of the excuses but this one tops them all. > > I have never done an opt-in or an opt-out to this outfit. > > > Date: Tue, 9 May 2006 20:47:49 -0700 > From: abuse@he.net > To: 1743985206@reports.spamcop.net > Subject: [HE_ABUSE#1643465] [SpamCop (65.19.140.49) > id:1743985206]Printer Cartridges - Up To Eighty Percent Off Reta.. > If you still have that mail can you please send it to me with complete headers at deputies admin.spamcop.net Thanks Ellen SpamCop From cmling at teleweb.at Thu May 11 05:34:05 2006 From: cmling at teleweb.at (Charley) Date: Wed May 10 22:35:02 2006 Subject: [SpamCop-List] Newbie question Message-ID: Greetings! I know that the fresher spam is, the better SpamCop can deal with it. My question is whether I should refrain from sending reports if the spam is several hours of age. I get up in the morning, and have spam that can be 8-9 hours old. Should I send it to SpamCop, or just the new stuff? Thank you, Charley From me at privacy.net Thu May 11 01:15:36 2006 From: me at privacy.net (Frog Prince) Date: Thu May 11 00:20:02 2006 Subject: [SpamCop-List] Re: Newbie question References: Message-ID: "Charley" wrote in message news:e3u7qt$q1u$1@news.spamcop.net... | Greetings! | | I know that the fresher spam is, the better SpamCop can deal with it. | My question is whether I should refrain from sending reports if the spam | is several hours of age. I get up in the morning, and have spam that | can be 8-9 hours old. Should I send it to SpamCop, or just the new stuff? | | Thank you, | Charley Send it all, let SC sort 'em out. From mwnospam at comcast.net Thu May 11 02:14:01 2006 From: mwnospam at comcast.net (spamacyde) Date: Thu May 11 01:10:04 2006 Subject: [SpamCop-List] The Phish that isn't Going Away Message-ID: I reported a phish containing the link http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to save Spamcop's link), Ebay and Paypal. It's still live 12 hours later. Could somebody tell me if there is a security risk visiting it? It offers up a cookie and I rejected it. How much damage could the cookie have done? Also has anybody had any luck getting Yahoo to cough up the identity of a phisher? Thanks in advance. From nobody at nowhere.not Thu May 11 07:09:18 2006 From: nobody at nowhere.not (Robert Blair) Date: Thu May 11 02:10:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Thu, 11 May 2006 00:39:50 UTC, "Ant" wrote: > > The message carried your return address, so it was either a genuine mail > from you, or a sender address was faked and your e-mail address abused > by third party, in which case we apologize for undesired notification. > > We do try to minimize backscatter for more prominent cases of UBE and > for infected mail, but for less obvious cases of UBE some balance > between losing genuine mail and sending undesired backscatter is sought, > and there can be some collateral damage on both sides. > If they went that far (to examine the email) you would think they could look at the FROM and the source and determine the FROM was a fake. I do occasionally send email from a different domain than the domain of the FROM so some of my email may seem to have a fake FROM. I would not be too concerned if they did not send a delivery failure notice because of the apparent fake FROM, it is the chance I take. -- Robert Blair From nobody at nowhere.not Thu May 11 07:23:56 2006 From: nobody at nowhere.not (Robert Blair) Date: Thu May 11 02:25:03 2006 Subject: [SpamCop-List] Re: A new excuse for the sending of spam References: Message-ID: On Thu, 11 May 2006 01:01:07 UTC, "Ellen" wrote: > If you still have that mail can you please send it to me with complete > headers at deputies admin.spamcop.net It has been sent. -- Robert Blair From vanguard.news at yahooNIX.com Thu May 11 03:45:31 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu May 11 03:50:07 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "steve auvache" wrote in message news:bx$UmuA4IIYEFwrV@thecow.me.uk... > Vanguard wrote >>"steve auvache" wrote in message >>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>> >>> If their service turns out to be half of what it claims then I will >>> happily sing their praises as I would with *any* successful >>> anti-spam >>> campaign. >> >> >>An end-user speaketh. > > Aren't us Users what this is all about? Not when you are vicious and attacking someone else and causing collateral damage in the process. BS works through a coordinated DOS attack from its zombied users. They aren't just hurting the spammer. Their shotgun approach hurts OTHERS. So let's all mailbomb YOUR e-mail account just because, well, a spammer said they were you. Would you appreciate that? Let's all mailbomb YOUR e-mail provider because one of their customers is spamming but which makes it impossible for anyone to send you mail because your mail server is too busy with the mailbomb. Would you appreciate that? So let's all DOS (denial-of-service) attack YOUR webhost provider so no one can get to YOUR web site. Would you appreciate that? Yeah, let's all be petulant children attacking everyone else and hope we're not the one getting reamed as a result. Oh, no, spammers would never lie, right, and put links in their spamverts to some other innocent's web site. Oh, yes, YOU are to be held responsible for your webhost provider and must suffer because some spammer happens to be using a site that is also hosted by your webhost provider. Protecting yourself and fucking over someone else as collateral damage is NOT a responsible solution. Even if you were really lucky and happen to be attacking the spammer, your vigilante actions are still reprehensible. If you can't be a responsible netizen, then leave! We would appreciate it. If you can't manage to find and use a responsible anti-spam solution then you really shouldn't be doing e-mail at all. From vanguard.news at yahooNIX.com Thu May 11 03:57:43 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Thu May 11 04:00:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3ptqf$7gq$1@news.spamcop.net... >I do not exactly trust BlueSecurity, but they have kicked several >spammers into their butts, more than SpamCop ever managed to. > > Forget about legal aspects for a moment. The BlueFrog idea might force > several spammers out of business, which is a good thing. The "Robin > Hood principle" is observed, no one feels sorry for the spammers, and > if this is THE idea to get rid of spammers - why not. Gee, I must've missed something in those Robin Hood tales. Don't remember ever hearing that Robin Hood had his band of merry men (i.e., the zombied BS users) strafe a crowd with a barrage of arrows to slay a slew of innocents just so he could kill a couple of the sherriff's men. Looks like terroristic bombing has become the new favorite anti-spam tactic: kill your enemy and don't care about the collateral damage to others. Don't bother with tactical strikes or non-lethal weapons. Just nuke 'em and rationalize all the innocents deserved it, too, since they should gleefully sacrifice themselves for your cause. From MikeE at ster.invalid Thu May 11 02:02:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu May 11 04:05:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: spamacyde wrote: > I reported a phish containing the link > http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to > save Spamcop's link), Ebay and Paypal. www.qcywblysecurity-ep.info = premium7.geo.yahoo7.akadns.net That is a yahoo site. > It's still live 12 hours > later. That isn't surprising. Yahoo isn't particularly responsive about squashing their customers, even the ones which are running illegal operations. > Could somebody tell me if there is a security risk visiting > it? If you visit websites insecurely, you are at risk. > It offers up a cookie and I rejected it. How much damage could > the cookie have done? Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie An HTTP cookie, or a Web cookie, is a parcel of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. > Also has anybody had any luck getting Yahoo to > cough up the identity of a phisher? The identity? -- Mike Easter kibitzer, not SC admin From gezgin at spamcop.net Thu May 11 13:05:13 2006 From: gezgin at spamcop.net (gezgin) Date: Thu May 11 05:10:11 2006 Subject: [SpamCop-List] Update my CC info with Spamcop Message-ID: Every time I need to do this, I have to ask again. How do I update my credit card info with Spamcop? SC should make this easier. There's no obvious way to update account information. At least none that I can find... -- Bob http://www.kanyak.com From turan.fe at t-online.de Thu May 11 12:45:23 2006 From: turan.fe at t-online.de (Turan Fettahoglu) Date: Thu May 11 05:50:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: > "Every conviction raises the barrier to entry for these guys," said Scott > Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces > anti-spam software. Mr Weiss may be right, because in such cases, the American courts seem to work properly. Mostly, however, we are talking about spammers in countries with a not-so-good legal system, say, Russia, Nigeria, China or the like. Did anybody sue a scam artist / spammer in such a country and actually get him under lock and key? Turan From nobody at devnull.spamcop.net Thu May 11 06:23:24 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu May 11 06:25:03 2006 Subject: [SpamCop-List] Re: Update my CC info with Spamcop References: Message-ID: "gezgin" wrote in message news:e3uuoa$6rr$1@news.spamcop.net... > Every time I need to do this, I have to ask again. How do I update my credit > card info with Spamcop? > > SC should make this easier. There's no obvious way to update account > information. At least none that I can find... For a paid-Reporting account, log into 'your' www.spamcop.net web-page and follow the "add fuel" link to: http://www.spamcop.net/mcgi?action=paymenu For an e-mail account, JT wanted the prime support spot to be the Forum, at which you'd find a much expanded SpamCop FAQ, which includes entries like the following; How do I sign up for multiple accounts under the family plan? Discounted Additional Account, more detail When does my account expire? How do I renew my account? How do I setup my account? https://mail.spamcop.net/account_renew.php From / at /.cn Thu May 11 22:28:34 2006 From: / at /.cn (Petzl) Date: Thu May 11 07:30:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Turan Fettahoglu" wrote in message news:e3v13n$84h$1@news.spamcop.net... >> "Every conviction raises the barrier to entry for these guys," said Scott >> Weiss, CEO of IronPort Systems in San Bruno, Calif., which produces >> anti-spam software. > > Mr Weiss may be right, because in such cases, the American courts seem to > work properly. > > Mostly, however, we are talking about spammers in countries with a > not-so-good legal system, say, Russia, Nigeria, China or the like. Did > anybody sue a scam artist / spammer in such a country and actually get him > under lock and key? > > Turan Convictions in the "Christian" West will take away liberty our most treasured freedom These in their selves favour criminals, with 100% certainty factor, or innocent ruling being the prerogative Many use our Christian nascent, not yet developed laws as a weapon or a scam to skirt justice However that said the corrupt "Russia, Nigeria, China or the like" do not need the 100% factor but convicts do not have any rights with life expectancy in prisons less than a year for most The USa conviction will now turn on companies and those connected with this villain to inform and convict other spammers in countries with a not-so-good legal system, say, Russia, Nigeria, China or the like Petzl From mwnospam at comcast.net Thu May 11 08:37:16 2006 From: mwnospam at comcast.net (spamacyde) Date: Thu May 11 07:35:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "Mike Easter" wrote in message news:e3ur20$4ms$1@news.spamcop.net... > spamacyde wrote: > > I reported a phish containing the link > > http://www.qcywblysecurity-ep.info to Spamcop(unfortunately forgot to > > save Spamcop's link), Ebay and Paypal. > > www.qcywblysecurity-ep.info = premium7.geo.yahoo7.akadns.net > > That is a yahoo site. > > > It's still live 12 hours > > later. > > That isn't surprising. Yahoo isn't particularly responsive about > squashing their customers, even the ones which are running illegal > operations. > > > Could somebody tell me if there is a security risk visiting > > it? > > If you visit websites insecurely, you are at risk. > > > It offers up a cookie and I rejected it. How much damage could > > the cookie have done? > > Cookies cannot do damage. http://en.wikipedia.org/wiki/HTTP_cookie An > HTTP cookie, or a Web cookie, is a parcel of text sent by a server to a > web browser and then sent back unchanged by the browser each time it > accesses that server. > > > Also has anybody had any luck getting Yahoo to > > cough up the identity of a phisher? > > The identity? > > > -- > Mike Easter > kibitzer, not SC admin > Thanks, Mike! Identity = Name of spammer on his drivers license and other info with which to prosecute. If somebody is convicted of trying to pick your pocket, they are punished regardless of whether they were succeessful. Apparently with phishing, you have to steel 50 bucks or more. Somebody correct me if I'm wrong. The site now no longer exists. Imagine that :) From g.hyde at bigpond.net.au Thu May 11 22:56:06 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu May 11 08:00:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > Not when you are vicious and attacking someone else and causing collateral > damage in the process. BS works through a coordinated DOS attack from its > zombied users. They aren't just hurting the spammer. I fail to see where you have offered conclusive proof that BS computers are "zombied" users. From what I can see, the program is of a type which the user can uninstall if they choose to do so. If you have conclusive evidence to the contrary, please post it here. And they go to an extensive length to identify a spammer - something I have not seen elsewhere on the net, other than SC, which simply reports emails and analyzes headers for things like blackhat ISPs, open relay mail servers, etc. While I may appear to be supporting BS users, I do not. However, they seem to be going to an extraodinary length to get spammers shut down. Which is in the final analysis a good thing. If you are going to post a blatant attack without offering some conclusive proof to offer it up (in this case that BS users have zombied machines) please remember that your attack brings with it consequences, and it also means you have the responsibility to back your claims up to other posters in this newgroup. At the moment you are little better than a troll which posts in order to gain pleasure. If you wish to continue this futile method of posting unsubstantiated claims please be aware that other intelligent users of this newsgroup may start to ignore you. Cheers ... Geoffrey Hyde From gezgin at spamcop.net Thu May 11 16:57:37 2006 From: gezgin at spamcop.net (gezgin) Date: Thu May 11 09:00:03 2006 Subject: [SpamCop-List] Re: Update my CC info with Spamcop References: Message-ID: "WazoO" wrote > How do I renew my account? > https://mail.spamcop.net/account_renew.php Thanks for that link. This time I've bookmarked it. -- Bob http://www.kanyak.com From dont_spam at thecow.me.uk Thu May 11 16:15:05 2006 From: dont_spam at thecow.me.uk (steve auvache) Date: Thu May 11 10:20:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Vanguard wrote >"steve auvache" wrote in message >news:bx$UmuA4IIYEFwrV@thecow.me.uk... >> Vanguard wrote >>>"steve auvache" wrote in message >>>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>>> >>>> If their service turns out to be half of what it claims then I will >>>> happily sing their praises as I would with *any* successful >>>> anti-spam >>>> campaign. >>> >>> >>>An end-user speaketh. >> >> Aren't us Users what this is all about? > >Not when you are vicious and attacking someone else and causing >collateral damage in the process. BS works through a coordinated DOS >attack from its zombied users. " No. *I* am Sparticus. " > Yeah, let's all be petulant children attacking >everyone else and hope we're not the one getting reamed as a result. You make some interesting statements, not all of which are correct. When I look at this:- http://www.youtube.com/watch?v=Ee18vXyLBMM It really does bring to mind the recent reaction of the spammer rather than the spamees. >Protecting yourself and fucking over someone else as collateral damage >is NOT a responsible solution. Even if you were really lucky and happen >to be attacking the spammer, your vigilante actions are still >reprehensible. If you can't be a responsible netizen, then leave! We >would appreciate it. If you can't manage to find and use a responsible >anti-spam solution then you really shouldn't be doing e-mail at all. So, this backscatter thing that has happened as a result of all this, good or bad? I say good. Even if the only result is to lower the burden on the long suffering American tax payer supporting all those badly configured mailservers that their government runs. -- steve auvache one step closer to The Perfect Date. From bar_n0ne at hotmail.com Thu May 11 10:22:21 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 10:25:02 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > > Protecting yourself and fucking over someone else as collateral damage > is NOT a responsible solution. Even if you were really lucky and happen > to be attacking the spammer, your vigilante actions are still > reprehensible. If you can't be a responsible netizen, then leave! We > would appreciate it. If you can't manage to find and use a responsible > anti-spam solution then you really shouldn't be doing e-mail at all. > OK, first off, for a variety of reasons I don't and wouldn't use BS's BF service. That being said, I shoould say that out of dozens of spams I look at carefully on a daily basis, and many more cursorily while fulfilling SC reports, that the number of IB'd and joe jobbed sites is almost vanishingly small,. perhaps 1 spam or less a month out of thousands. Collateral damage to spam sources and spamvertizing hosters is inevitable and , frankly necessary, it's the only way ISP's and hosters will be forced to choose between an abusive and non abusive clientele. Until then they can all make salutory efforts against the spammers, scammers, phishers and ddossers and earn revenue from all of them. The las time anyone showed real balls to spammers was when AOL blackholed Telia, a couple of years ago, yerah there was a lot of collateral damage, mails lost, but, hey it worked, I have hardly seen any spam since from Telia. Theirabuse department must be effective, wonder why?. Well since then the providers have all lost their collective cojones unfortunately. Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's better than what most mail providers do now, some 80 to 90 % of the incoming mailstream after analysis for spammishness of one kind or another is silently dropped on the floor. and yes a not insignificant amount of goodmail simply disappears, the sender never knows, the receiver never knows, (unless the sender asks the receiver to write back if the mail was not received :) ). I'd rather have a pissed off goodmail sender complaining and finding an alternate way to get hold of me than the current situation. Most people shouln't delude themselves, if you're using a large commercial mail service, those dozen or so spams in your junk folder are only a small fraction of the junk mail stream that has been dropped into dave nulls basket. Anyway to get back to the topic at hand, SC its self does something similar, mailbombing postmasters etc. who are connected with a spam, and Vern Shryver isn't so far off the mark, and SC's whiteness isn't so different from BS's blackness. we're all dealing with shades of grey here. I use SC, support what it does, I don't intend to use blue frog, but I do support the aims, and the methods are a bit extreme for my liking. Remeber , if you don;t have effective policing and justice, you will always get vigilantism, in fact that's is really what police and courts are for, to protect us all from vigilantism. IN the internet at the moment the police and courts are dozing at the wheel. From bar_n0ne at hotmail.com Thu May 11 10:24:14 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 10:25:10 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Petzl" wrote in message news:e3v759$bpe$1@news.spamcop.net... SNIP > Convictions in the "Christian" West will take away liberty our most > treasured freedom > These in their selves favour criminals, with 100% certainty factor, or > innocent ruling being the prerogative > Many use our Christian nascent, not yet developed laws as a weapon or a scam > to skirt justice > > However that said the corrupt "Russia, Nigeria, China or the like" do not > need the 100% factor but convicts do not have any rights with life > expectancy in prisons less than a year for most > > The USa conviction will now turn on companies and those connected with this > villain to inform and convict other spammers in countries with a not-so-good > legal system, say, Russia, Nigeria, China or the like > > Petzl > > This is not your usual style of writing, were you tired? From dannyg at dannyg.com Thu May 11 09:37:54 2006 From: dannyg at dannyg.com (Danny Goodman) Date: Thu May 11 11:38:02 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away In-Reply-To: <200605111010.k4BAA5kl037573@dannyg.com> Message-ID: on 5/11/06 3:10 AM, spamcop-list-request@news.spamcop.net wrote: > I reported a phish containing > It's > still live 12 hours later. Yahoo's response time to phishing site reports varies. For sites whose domains are registered and hosted at Yahoo, I report directly and instantaneously to network-abuse at cc.yahoo-inc.com Don't give them too much info, or their filters will reject the message. I supply simply the domain name and complete phishing URL, letting the Subject convey why I'm sending the message. I hear back with a mostly standard message after they've closed down the site...usually somewhere between 12 and 96 hours. :-( A lot of the Yahoo-hosted phishing sites in phishing messages I get are physically hosted about 10 miles from my place. Thus the pull-the-giant-plug-out-of-the-wall fantasy when I continue to receive messages over a few days pointing to one of those sites still up and running. Danny http://www.dannyg.com http://www.spamwars.com From tmcgraw at spamcop.net Thu May 11 09:50:34 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 11:55:05 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > I fail to see where you have offered conclusive proof that BS computers are > "zombied" users. From what I can see, the program is of a type which the > user can uninstall if they choose to do so. If you have conclusive evidence > to the contrary, please post it here. Google "bluefrog" and "zombie" and you'll see that a lot of people agree with Vanguard. One blogger called them "voluntary zombies," which is a good descriptor. > While I may appear to be supporting BS users, I do not. However, they seem > to be going to an extraodinary length to get spammers shut down. Which is > in the final analysis a good thing. Here in the US the government has gone to extraordinary lengths to "stop terrorism." However, the methods the government has used to do that - infringing on well-established civil liberties - is not seen as a good thing by perhaps a majority of the population. I believe this argument is listed at http://www.aros.net/~wenglund/Logic101a.htm but I wouldn't know EXACTLY which one it is. > At the moment you are little better than a troll which posts in order to > gain pleasure. If you wish to continue this futile method of posting > unsubstantiated claims please be aware that other intelligent users of this > newsgroup may start to ignore you. Now that argument I KNOW is listed there. I believe Vanguard and like what he has to say. From edb2000 at spamcop.net Thu May 11 09:52:37 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Thu May 11 11:55:16 2006 Subject: [SpamCop-List] Funny spam of the day Message-ID: Eloquent gibberish taken from filter-busting attempt in the text alternative part of today's spam: When a photon near a sandwich is flatulent, some blood clot buries a fraction for a chess board. -- Don Wannit A paid SpamCop user since 1999 From tmcgraw at spamcop.net Thu May 11 09:57:46 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu May 11 12:00:04 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog In-Reply-To: References: Message-ID: Berny wrote: > > That being said, I shoould say that out of dozens of spams I look at > carefully on a daily basis, and many more cursorily while fulfilling SC > reports, that the number of IB'd and joe jobbed sites is almost vanishingly > small,. perhaps 1 spam or less a month out of thousands. That may be true for your spam, but that doesn't make it true for my spam. > Collateral damage to spam sources and spamvertizing hosters is inevitable > and , frankly necessary, it's the only way ISP's and hosters will be forced > to choose between an abusive and non abusive clientele. Until then they can > all make salutory efforts against the spammers, scammers, phishers and > ddossers and earn revenue from all of them. Using that logic, if we eliminate all the pimps in the world there won't be any prostitution. I don't buy it. > Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's > better than what most mail providers do now, some 80 to 90 % of the incoming > mailstream after analysis for spammishness of one kind or another is > silently dropped on the floor. and yes a not insignificant amount of > goodmail simply disappears, the sender never knows, the receiver never > knows, (unless the sender asks the receiver to write back if the mail was > not received :) ). Lots of problems here. For one thing, blocking based on the SCBL alone is a bad idea. If you applied scoring intelligently you would virtually never drop goodmail on the floor. I'm glad you're not my postmaster. > Most people shouln't delude themselves, if you're using a large commercial > mail service, those dozen or so spams in your junk folder are only a small > fraction of the junk mail stream that has been dropped into dave nulls > basket. You can't make a blanket statement like that without the evidence. In fact, I'm on a large commercial mail service and I know I get /everything/. > Anyway to get back to the topic at hand, SC its self does something similar, > mailbombing postmasters etc. who are connected with a spam, and Vern Shryver > isn't so far off the mark, and SC's whiteness isn't so different from BS's > blackness. we're all dealing with shades of grey here. There is nothing grey about the long-established tradition of sending LARTs to abuse@ or postmaster@ or another addy "on file." From nobody at devnull.spamcop.net Thu May 11 14:51:02 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 11 13:55:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: Well said! "Vanguard" wrote in message news:e3uq2r$426$1@news.spamcop.net... > "steve auvache" wrote in message > news:bx$UmuA4IIYEFwrV@thecow.me.uk... >> Vanguard wrote >>>"steve auvache" wrote in message >>>news:KNnQp4Akc0XEFwSt@thecow.me.uk... >>>> >>>> If their service turns out to be half of what it claims then >>>> I will >>>> happily sing their praises as I would with *any* successful >>>> anti-spam >>>> campaign. >>> >>> >>>An end-user speaketh. >> >> Aren't us Users what this is all about? > > Not when you are vicious and attacking someone else and causing > collateral damage in the process. BS works through a > coordinated DOS attack from its zombied users. They aren't > just hurting the spammer. Their shotgun approach hurts OTHERS. > So let's all mailbomb YOUR e-mail account just because, well, a > spammer said they were you. Would you appreciate that? Let's > all mailbomb YOUR e-mail provider because one of their > customers is spamming but which makes it impossible for anyone > to send you mail because your mail server is too busy with the > mailbomb. Would you appreciate that? So let's all DOS > (denial-of-service) attack YOUR webhost provider so no one can > get to YOUR web site. Would you appreciate that? Yeah, let's > all be petulant children attacking everyone else and hope we're > not the one getting reamed as a result. Oh, no, spammers would > never lie, right, and put links in their spamverts to some > other innocent's web site. Oh, yes, YOU are to be held > responsible for your webhost provider and must suffer because > some spammer happens to be using a site that is also hosted by > your webhost provider. > > Protecting yourself and fucking over someone else as collateral > damage is NOT a responsible solution. Even if you were really > lucky and happen to be attacking the spammer, your vigilante > actions are still reprehensible. If you can't be a responsible > netizen, then leave! We would appreciate it. If you can't > manage to find and use a responsible anti-spam solution then > you really shouldn't be doing e-mail at all. > From nobody at devnull.spamcop.net Thu May 11 14:55:56 2006 From: nobody at devnull.spamcop.net (POP) Date: Thu May 11 14:00:03 2006 Subject: [SpamCop-List] Re: The Phish that isn't Going Away References: Message-ID: "spamacyde" wrote in message news:e3ugun$uo3$1@news.spamcop.net... > > I reported a phish containing the link > http://www.qcywblysecurity-ep.info to > Spamcop(unfortunately forgot to save Spamcop's link), Ebay and > Paypal. ... Go to Spamcop.net and click on your Recents list; it'll be there, along with the link you didn't catch. You don't have to be a paid user to use that feature. Pop From bar_n0ne at hotmail.com Thu May 11 14:13:38 2006 From: bar_n0ne at hotmail.com (Berny) Date: Thu May 11 14:15:03 2006 Subject: [SpamCop-List] Re: BlueSecurity/Blue Frog References: Message-ID: "Tim McGraw" wrote in message news:e3vmtr$mgn$1@news.spamcop.net... > Berny wrote: SNIP > > Collateral damage to spam sources and spamvertizing hosters is inevitable > > and , frankly necessary, it's the only way ISP's and hosters will be forced > > to choose between an abusive and non abusive clientele. Until then they can > > all make salutory efforts against the spammers, scammers, phishers and > > ddossers and earn revenue from all of them. > > Using that logic, if we eliminate all the pimps in the world there won't > be any prostitution. > > I don't buy it. > > > Yes I'd like to see providers 5xx-ing all mails on the SCBL, why? well it's > > better than what most mail providers do now, some 80 to 90 % of the incoming > > mailstream after analysis for spammishness of one kind or another is > > silently dropped on the floor. and yes a not insignificant amount of > > goodmail simply disappears, the sender never knows, the receiver never > > knows, (unless the sender asks the receiver to write back if the mail was > > not received :) ). > > Lots of problems here. For one thing, blocking based on the SCBL alone > is a bad idea. If you applied scoring intelligently you would virtually > never drop goodmail on the floor. > > I'm glad you're not my postmaster. Well , I personally find tagging spam a waste of my time, I don't want anything in a junk mailbox, otherwise I find I have to go dumpster diving to see what got tagged that was goodmail, I'd rather the sender got the 5xx notice, even my friends. Imagine AOL, Earthlink, SpamCast Hotmail, Yahoo and Gmail* all using SCBL, CBL, Spews 1 to 5xx reject, and say banning everything from say hbtele or teleglobe or some particularly obnoxious service or country until they cleaned up their act. Then targetting the next worse provider, I think the spam problem would find itself cleaned up remarkably fast, by services policing themselves *I don't mean to imply any quality or lack thereof in their spamfighting here. or even wether they ar black or white hat. Or if we had mass access to whois, and blackholing every IP and DNS owned by spammers, for example every IP touched by "Paul Gregoire" or registered to that funny non-address in Nanaimo, I think the registrars would cle