From Paul.Hunt at CustomSUPPORT.com Wed Dec 1 13:09:24 2004 From: Paul.Hunt at CustomSUPPORT.com (Paul F. Hunt) Date: Wed Dec 1 13:09:48 2004 Subject: [SpamCop-Mail] Re: dnsbl.sorbs.net References: <20041201170042.16657.qmail@blade1.cesmail.net> Message-ID: <41AE08CF.3306764D@CustomSUPPORT.com> Mike, Thank you for tackling this for me. > Paul F. Hunt wrote: > > tops-tele.com is a local provider in my area that I (always?) see > > being blocked through Spamcop due to dnsbl.sorbs.net (and, yes, I > > know I can whitelist them). > I'm not following that. What does 'blocked through Spamcop due to > [sorbs]' mean? It gets held in my incoming held email at Spamcop and the reason is given as: X-SpamCop-Disposition: Blocked dnsbl.sorbs.net > If we want to talk about a mail being blocked which you see, then that > means that the sender of the mail would see some kind of nondelivery > error, which optimally would show the IP being blocked, so that we don't > have to guess at it. Not happening. > Therein you see the 'problem' of needing to know what IP address you are > talking about in order to find out what its condition is. OK. I see that now. So I pulled up the original email. Its first "Received:" was 208.24.123.10. That IP I can find at www.MXToolbox.com as being on a number of blocking lists with Return Codes of 127.0.0.7 and 127.0.0.10. But www.MXToolbox.com doesn't tell me what the 127 Return Codes mean. So I went to www.dnsbl.us.sorbs.net and found that 127.0.0.7 means 208.24.123.10 is in the web.dnsbl.sorbs.net database and 127.0.0.10 means it's in the dul.dnsbl.sorbs.net database and, frankly, I still don't know any more than I did. But I guess I'm getting closer. Thanks, Paul -- Paul.Hunt@CustomSUPPORT.com http://www.CustomSUPPORT.com From Merlyn at Spamcop.net Wed Dec 1 13:31:23 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Dec 1 13:35:03 2004 Subject: [SpamCop-Mail] Re: dnsbl.sorbs.net References: <20041201170042.16657.qmail@blade1.cesmail.net> Message-ID: "Paul F. Hunt" wrote in message news:mailman.22.1101924591.4572.spamcop-mail@news.spamcop.net... > Mike, > > Thank you for tackling this for me. > >> Paul F. Hunt wrote: >> > tops-tele.com is a local provider in my area that I (always?) see >> > being blocked through Spamcop due to dnsbl.sorbs.net (and, yes, I >> > know I can whitelist them). > >> I'm not following that. What does 'blocked through Spamcop due to >> [sorbs]' mean? > > It gets held in my incoming held email at Spamcop and the reason is > given as: > > X-SpamCop-Disposition: Blocked dnsbl.sorbs.net > [snipped] It is listed in SORBS because it is a dialup/dynamic IP. Most email administrators will not accept mail from a dialup/dynamic IP. Dynamic IP Space (LAN, Cable, DSL & Dial Ups) Netblock: 208.24.123.8/29 (208.24.123.8-208.24.123.15) Record Created: Mon Nov 24 16:15:57 2003 GMT Record Updated: Mon Nov 24 16:15:57 2003 GMT Additional Information: [Dynablock] Dynamic IP address, use your ISPs mail server Currently active and flagged to be published in DNS -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From jeffg at spamcop.net Wed Dec 1 15:33:26 2004 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 1 15:35:02 2004 Subject: [SpamCop-Mail] Re: dnsbl.sorbs.net References: <20041201170042.16657.qmail@blade1.cesmail.net> Message-ID: Paul F. Hunt organized electrons in article news:mailman.22.1101924591.4572.spamcop-mail@news.spamcop.net that appeared as follows: > the original email. Its first "Received:" was 208.24.123.10. According to http://www.dnsbl.us.sorbs.net/cgi-bin/db?IP=208.24.123.10 , that IP Address has the following "Additional Information": "Likely Trojaned Machine, host running Korgo trojan" for 208.24.123.10 and "[Dynablock] Dynamic IP address, use your ISPs mail server" for 208.24.123.8/29 (208.24.123.8-208.24.123.15). However, the IP Address that was blocked, and you should be looking at, is the one at the end of the "X-SpamCop-Checked" Header Line, and it's continuation if necessary. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From MikeE at ster.invalid Wed Dec 1 13:13:03 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 1 16:15:03 2004 Subject: [SpamCop-Mail] Re: dnsbl.sorbs.net References: <20041201170042.16657.qmail@blade1.cesmail.net> Message-ID: Paul F. Hunt wrote: > It gets held in my incoming held email at Spamcop and the reason is > given as: > > X-SpamCop-Disposition: Blocked dnsbl.sorbs.net Gotit. I didn't know you were talking about spamcop mail; I tho't you were posting in the wrong ng. Doh! Don't mind /me/. ;-) I'm weak on spamcop mail, since I don't use it. But, I'm not completely helpless ;-) > OK. I see that now. So I pulled up the original email. Its first > "Received:" was 208.24.123.10. Which [the first received line] would be an 'abnormal' way to be getting mail from a 'real person' at that domain. But, finding it in some lower preceding line wouldn't necessarily be abnormal or even spammish. To go off to the side conjecturing for a minute, 208.24.123.10 rDNS du-208-10.tops-tele.com 'looks like' [and is] an individual enduser in that netblock which is actually here. whois -h whois.arin.net 208.24.123.10 ... Sprint 208.0.0.0 - 208.35.255.255 CITIZENS TELEPHONE CO. 208.24.123.0 - 208.24.123.255 which means that Sprint 'owns' the whole 208.x.x.x or 'class A' block [almost 17 million IPs in there] and that the little subsection of that, the 208.24.123.x or 'class C' block - 256 IPs in there belong to citizen, which is where your target IP is, and your IP's 'name' looks like 'dialup' or dynamic, and there are blocklists which identify such dyamic IPs for you. However, you should be careful about using a filter on a dynamic IP. More on that below. So, most people on dynamic IPs, such as dialups, 'typically' are supposed to go through their provider's smtp server. They aren't supposed to be sending out mail directly to your provider's MX. And, that is a 'good' reason for a /server/ to be having a list of dynamic IPs. However, it is sometimes a 'bad' reason for a filter such as SpamPal's to filter on the occurrence of that IP anywhere in the header, because a goodmail might've started at that IP and then went on to the tops-tele.com smtp server and then out. > That IP I can find at www.MXToolbox.com as being on a number of > blocking lists with Return Codes of 127.0.0.7 and 127.0.0.10. But > www.MXToolbox.com doesn't tell me what the 127 Return Codes mean. I went over to mxtoolbox to poke around in the tools and see what they look like. The place where you would input that IP is in the blacklists section and you can get a good education by tinkering around in there. It is very useful to understand how the various blocklists work, and you should try to have a good understanding of that if you are going to involve yourself in picking one blocklist over another to be doing things for you. The blacklists section of mxtoolbox has links which can be clicked on to either give you the detail [if there are any] of a listing or can take you to the main section of a particular blacklist. When you have an IP which is listed like that one above in a number of blocklists, you can go all around and read about what the various listings mean. Very informative. It takes a long time, but eventually you become acquainted with what each of them are all about. I like the way mxtoolbox does it; it is somewhat different from the way dnsstuff and openrbl handle the same job. > So I went to www.dnsbl.us.sorbs.net and found that 127.0.0.7 means > 208.24.123.10 is in the web.dnsbl.sorbs.net database and 127.0.0.10 > means it's in the dul.dnsbl.sorbs.net database and, frankly, I still > don't know any more than I did. But I guess I'm getting closer. The .7 was originally intended to be for insecure webservers, but now sorbs has changed it so that it has encompassed other problems as well, so it doesn't mean exactly the same as it used to. But, it does mean something 'bad', ie the listing is associated with either a spam or an identified insecurity, which is typically associated with spam. The .10 doesn't necessarily mean something bad; it is 'conditional'. The .10 simply means that that IP is in a dynamic block. Any dialup person's IP is going to be in a dynamic block; and the next time they dialup, they will be a different IP. However, normally we wouldn't expect to be getting mail directly from a dynamic IP, so that makes it 'bad' because of the condition. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 1 13:24:18 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 1 16:25:03 2004 Subject: [SpamCop-Mail] Re: dnsbl.sorbs.net References: <20041201170042.16657.qmail@blade1.cesmail.net> Message-ID: oops, misspoke about/ overstated/ what sprint owns there. Mike Easter wrote: > whois -h whois.arin.net 208.24.123.10 ... > Sprint 208.0.0.0 - 208.35.255.255 > CITIZENS TELEPHONE CO. 208.24.123.0 - 208.24.123.255 > > which means that Sprint 'owns' the whole 208.x.x.x Not! Sprint owns 208.0.x.x to just before 208.36.x.x or 37 class Bs, there, which I guess is 32 + 4 + 1 or 2,424,832 IPs, not almost 17 million there. -- Mike Easter kibitzer, not SC admin From DONOTSPAMpeterpepper at NOSPAMbizwax.com Fri Dec 3 11:42:48 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Fri Dec 3 12:40:04 2004 Subject: [SpamCop-Mail] White/Black List Interface Is *NOT* User Friendly Message-ID: Let me specify a few problems with it: * Only 15 addresses displayed per page; and no option to change this. Why can't I just see all of addresses on one page? * There is no way to go to a particular page. The user must hit the 'Next' button to goto their desired page. This morning I had 25 pages in my whitelist (see my follow-up post to find out why so many). Do you know how frustrating it is to hit the 'Next' button 25 times just to get to the last page? (After a while I figured out I could change the 'page=' argument within the URL, but I seriously doubt if the average user would catch on to that.) * If a user deletes an address (let's say on page 25), the system returns the user to the first page therefore causing the user to hit the 'Next' button 25 more times to get back to their desired location. Very frustrating indeed. * There is no way to edit the address itself. A user must delete the address and then add it back if it simply needs to be updated. * There is no way to select all the addresses to delete. A user must manually click EVERY selection checkbox to select them all. Let's see, if I had wanted to delete my entire whitelist this morning, I would have had to manually click 375 checkboxes (25 pages x 15 addresses per page = 375 checkboxes) to delete them. And that doesn't include all the 'Next' button clicks to just get to the desired pages. I spent over a hour cleaning up my whitelist this morning. Whereas if it were a properly designed and user friendly interface it should have taken no more than 2 minutes. The White/Black List Interface Is *NOT* User Friendly at all and is a big time-consumer. For a white/black listing interface, PLEASE implement what SC had before SC implemented the Horde system. Just give us a big text box where we can cut and paste a list of addresses to submit. It certainly would make my life easier. Keep it simple stupid. Or at the very least give us the option to see ALL of our white/black list entries on ONE page. Rant - Over and out. PP From DONOTSPAMpeterpepper at NOSPAMbizwax.com Fri Dec 3 11:51:46 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Fri Dec 3 12:50:09 2004 Subject: [SpamCop-Mail] Release and Whitelist: How about an 'Are You Sure?' confirmation Message-ID: SC has a confirmation dialog for submitting spam. Why doesn't it have the same confirmation for releasing and whitelisting? This morning I scanned my held mail folder for legit email. After I had cleared it and there was only spam left, I selected all messages and attempted to report them as spam. Unfortunately my wireless mouse had a hiccup and I ended up clicking 'Release and Whitelist' instead. There was no confirmation dialog to make sure I wanted to do this. So I ended up with a cluttered inbox and 222 unwanted spammers' email addresses in my whitelist. I spent over a hour cleaning all this up (see my post on the whitelist interface not being user friendly to find why it took so long). Please implement an 'Are You Sure?' confirmation dialog for releasing and whitelisting. PP From jeffg at spamcop.net Fri Dec 3 17:55:37 2004 From: jeffg at spamcop.net (Jeff G.) Date: Fri Dec 3 18:00:04 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Peter Pepper organized electrons in article news:coq8ai$acv$1@news.spamcop.net that appeared as follows: > Let me specify a few problems with it: > > * Only 15 addresses displayed per page; and no option to change this. > Why can't I just see all of addresses on one page? > > * There is no way to go to a particular page. The user must hit the > 'Next' button to goto their desired page. This morning I had 25 pages > in my whitelist (see my follow-up post to find out why so many). Do > you know how frustrating it is to hit the 'Next' button 25 times just > to get to the last page? (After a while I figured out I could change > the 'page=' argument within the URL, but I seriously doubt if the > average user would catch on to that.) > > * If a user deletes an address (let's say on page 25), the system > returns the user to the first page therefore causing the user to hit > the 'Next' button 25 more times to get back to their desired > location. Very frustrating indeed. > > * There is no way to edit the address itself. A user must delete the > address and then add it back if it simply needs to be updated. > > * There is no way to select all the addresses to delete. A user must > manually click EVERY selection checkbox to select them all. Let's > see, if I had wanted to delete my entire whitelist this morning, I > would have had to manually click 375 checkboxes (25 pages x 15 > addresses per page = 375 checkboxes) to delete them. And that doesn't > include all the 'Next' button clicks to just get to the desired pages. > > I spent over a hour cleaning up my whitelist this morning. Whereas if > it were a properly designed and user friendly interface it should > have taken no more than 2 minutes. The White/Black List Interface Is > *NOT* User Friendly at all and is a big time-consumer. > > For a white/black listing interface, PLEASE implement what SC had > before SC implemented the Horde system. Just give us a big text box > where we can cut and paste a list of addresses to submit. It > certainly would make my life easier. Keep it simple stupid. > > Or at the very least give us the option to see ALL of our white/black > list entries on ONE page. > > Rant - Over and out. > > PP While we appreciate your suggestions, they should be made in the new SpamCop Forum devoted to SpamCop Email at http://forum.spamcop.net/forums/index.php?showforum=4 . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From DONOTSPAMpeterpepper at NOSPAMbizwax.com Fri Dec 3 17:49:46 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Fri Dec 3 18:50:14 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: "Jeff G." wrote in message news:coqqtc$n8f$1@news.spamcop.net... > > While we appreciate your suggestions, they should be made in the new > SpamCop Forum devoted to SpamCop Email at > http://forum.spamcop.net/forums/index.php?showforum=4 . > Then what is spamcop.mail used for now? Is it being retired? PP From MikeE at ster.invalid Fri Dec 3 15:56:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 19:00:04 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Peter Pepper wrote: > "Jeff G." >> While we appreciate your suggestions, they should be made in the new >> SpamCop Forum devoted to SpamCop Email at >> http://forum.spamcop.net/forums/index.php?showforum=4 . >> > > Then what is spamcop.mail used for now? Is it being retired? Give 'em hell Peter; I'm on your side. Someone developed the deluded idea that webforums were growing in popularity while only a minority of people were nntp capable. And many people needing help could find it in a webforum but couldn't in a newsgroup, even including a newsgroup attached to a mailing list awkwardly. As a result of the delusion, 'they' drifted in the direction of 'phasing out' the nntp support in favor of the forum, and they did that even though there was an existing integration between webforum, mailing list, and nntp at gmane. Where 'they' will have to speak up for themselves; I don't even know who 'we' is, except there is no we. Meanwhile, all kinds of people who are messing with their webforums 'out there' are wishing they could 'convert' them over to nntp while still maintaining the same following they have in the forum. My own opinion was that the webforums should be used to train or coax people how to nntp while helping them and to 'ooch' them over to nntp as soon as possible, because the forums have a great many disadvantages compared to the nntp. OTOH, the forums also have some advantages; so having both is the best of both worlds. Except having both is not at all the same as 'phasing out' nntp. The nntp support for mail should be improved and 'integrated with' the forum. Not phased out and pushed into the forum. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 3 17:05:42 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 20:10:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: David Dean wrote: > "Jeff G." >> While we appreciate your suggestions, they should be made in the new >> SpamCop Forum devoted to SpamCop Email at >> http://forum.spamcop.net/forums/index.php?showforum=4 . > > The forum is even more user unfriendly than the whitelist/blacklist > maintenance. 8P~ (At least it was when I gave up on it.) Have you seen > the forums at MacNN? Those ones I can deal with. It's easy to see what > I've already read, easy to mark a sub-section as read. And if I go > away for a couple of weeks, It is easy to catch up. The newsgroup would indeed be a strange place to be debating what is wrong with the forum, but one of the 'beauties' of usenet in general and everything that resembles it, like this non-usenet nntp, is its highly organized anarchy. So, if 'we' [tinw] want to debate what's wrong with the forum structure in the newsgroup, then I guess we can do that. I would rather let the forum people do whatever they want to do with their structure 'over there' and just encourage the powers that be, including Jeff and WazoO, to try to integrate as well as they can. I think it would have been better to have done things another way; but I also think the feeling was that those forum advocates wanted to have the 'best' kind of forum structure they could have, based on their own scorecard of what /they/ wanted. What should probably happen is a fair amount of 'artificial' cross pollination; wherein some posts from the forum are pasted into the nntp group, and some posts from the nntp group are pasted into the forum. That way, some people in the forum would start participating in the nntp, and some people in the nntp might start participating in the forum. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 3 17:29:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 20:30:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: David Dean wrote: > "Mike Easter" >> What should probably happen is a fair amount of 'artificial' cross >> pollination; > > Well, I have to say that I tried, but the way the forum works is so > alien to nntp (IMHO) I don't see why anyone would ever want to go > there from here. I don't know what to say except that you see where I hang out. I confess that I haven't had any interest in webforum participation, so I'm not a good/fair example or voice about it. I considered saying 'at least' you tried -- but I don't think anyone, you or I, has any 'necessity' or obligation to try to mess around in a forum when there's a perfectly good newsgroup. Or, the newsgroup /should/ be perfectly good. In my opinion, there should be a newsgroup and there should be a faq which is as flexible as a wiki or something. There's only *ONE* /real/ advantage to the forum; that novices who can't nntp can interact there, and the other 'half-*ssed' advantage is that it can also function as a half-*ssed wiki for quick 'postings' or pinnings which are trying to function as a wannabe more dynamic faq page. There are better wiki/s than the forum for that. 'They' are trying to use the forum as a 'fix' for the b0rken inflexibility of the faq, which should've been fixed differently from that, and as a successful fix for the problem of the non-nntp person who needs help. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Fri Dec 3 20:01:49 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Dec 3 21:05:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: In article , "Peter Pepper" writes: > > "Jeff G." wrote in message > news:coqqtc$n8f$1@news.spamcop.net... >> >> While we appreciate your suggestions, they should be made in the new >> SpamCop Forum devoted to SpamCop Email at >> http://forum.spamcop.net/forums/index.php?showforum=4 . >> > > Then what is spamcop.mail used for now? It is for Jeff G. to provide non-answers. From jeffg at spamcop.net Sat Dec 4 04:46:30 2004 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 4 04:50:56 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Larry Kilgallen organized electrons in article news:uiU7kUB+ULja@eisner.encompasserve.org that appeared as follows: > In article , "Peter Pepper" > writes: >> >> "Jeff G." wrote in message >> news:coqqtc$n8f$1@news.spamcop.net... >>> >>> While we appreciate your suggestions, they should be made in the new >>> SpamCop Forum devoted to SpamCop Email at >>> http://forum.spamcop.net/forums/index.php?showforum=4 . >>> >> >> Then what is spamcop.mail used for now? > > It is for Jeff G. to provide non-answers. Allow me to rephrase: Those suggestions can only be implemented by JT, and he doesn't read this newsgroup any more. I suggest that you post them where he does read, http://forum.spamcop.net/forums/index.php?showforum=4 , or email them to him at support spamcop.net. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From 1122 at 1122noexiste.net Sat Dec 4 14:13:25 2004 From: 1122 at 1122noexiste.net (GB Blanchard) Date: Sat Dec 4 08:15:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Mike Easter wrote: > but I don't think anyone, you or I, has any > 'necessity' or obligation to try to mess around in a forum when there's > a perfectly good newsgroup. Or, the newsgroup /should / be perfectly > good. 100% agreed. I did look at the web forum one time, and that one time was enough to strengthen my already powerful dislike of that medium, although I see how it could appeal to people who just bought their first computer last week. I used to follow this newgroup with interest before the "move" to the web forum and had at least a vague feeling of being part of the 'Spamcop group'. I continue downloading the messages in this newsgroup since I assume that if any sort of major change (for better or worse) happens in SC, then it will probably be noted here so that I won't be taken by surprise. But any sort of feeling of "being part of SC" is now gone. I just report my spam and move on. Spamcop is just an anonymous tool to me now. -- Brad Blanchard http://www.braser.com Email accepted from the website From 1122 at 1122noexiste.net Sat Dec 4 14:13:26 2004 From: 1122 at 1122noexiste.net (GB Blanchard) Date: Sat Dec 4 08:15:05 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Jeff G. wrote: > Those suggestions can only be implemented by JT, > and he doesn't read this newsgroup any more. And that is a tremendous error, in my honest opinion, or at least an obvious lack of business acumen. There used to be some very talented people here who were a never-ending source of ideas and constructive criticism. I wonder how many of them made it over to the web forum. -- Brad Blanchard http://www.braser.com Email accepted from the website From Kilgallen at SpamCop.net Sat Dec 4 15:29:08 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 4 16:30:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: In article , GB Blanchard <1122@1122noexiste.net> writes: > Jeff G. wrote: > >> Those suggestions can only be implemented by JT, >> and he doesn't read this newsgroup any more. > > And that is a tremendous error, in my honest opinion, or at least > an obvious lack of business acumen. There used to be some very > talented people here who were a never-ending source of ideas and > constructive criticism. I wonder how many of them made it over to > the web forum. Presumably those who care about the issues and frequent both media would relay the appropriate concerns to JT. Jeff G. indicates that _he_ is not going to do any such thing. From jeffg at spamcop.net Sun Dec 5 12:05:13 2004 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 5 12:10:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: Larry Kilgallen organized electrons in article news:OXFoelDNbyNt@eisner.encompasserve.org that appeared as follows: > In article , GB Blanchard > <1122@1122noexiste.net> writes: >> Jeff G. wrote: >> >>> Those suggestions can only be implemented by JT, >>> and he doesn't read this newsgroup any more. >> >> And that is a tremendous error, in my honest opinion, or at least >> an obvious lack of business acumen. There used to be some very >> talented people here who were a never-ending source of ideas and >> constructive criticism. I wonder how many of them made it over to >> the web forum. > > Presumably those who care about the issues and frequent both media > would relay the appropriate concerns to JT. > > Jeff G. indicates that _he_ is not going to do any such thing. I did not so indicate. The OP posted in the new web-based forums all by himself. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From administrator at zjisp.net Wed Dec 8 10:12:33 2004 From: administrator at zjisp.net (administrator@zjisp.net) Date: Tue Dec 7 21:15:22 2004 Subject: [SpamCop-Mail] My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! Message-ID: My Server's Ip is 61.129.64.172,listed in spamcop' blocking list yestoday.I delisted this ip by myself using email address administrator@zjisp.net But this morning,this ip was listed again,I cann't find the email which sended the bad mail,someone or spamcop'master who can help me? please send mail to administrator@zjisp.net Thanks! From administrator at zjisp.net Wed Dec 8 10:39:15 2004 From: administrator at zjisp.net (administrator@zjisp.net) Date: Tue Dec 7 21:40:02 2004 Subject: [SpamCop-Mail] My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! Message-ID: My Server's Ip is 61.129.64.172,listed in spamcop' blocking list yestoday.I delisted this ip by myself using email address administrator@zjisp.net But this morning,this ip was listed again,I cann't find the email which sended the bad mail,someone or spamcop'master who can help me? please send mail to administrator@zjisp.net Thanks! From rcarlton at spamcop.net Tue Dec 7 18:50:50 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Tue Dec 7 21:50:03 2004 Subject: [SpamCop-Mail] Re: My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! In-Reply-To: References: Message-ID: <41B66C0A.4000300@spamcop.net> administrator@zjisp.net wrote: > My Server's Ip is 61.129.64.172,listed in spamcop' blocking list > yestoday.I delisted this ip by myself using email address > administrator@zjisp.net > > But this morning,this ip was listed again,I cann't find the email which > sended the bad mail,someone or spamcop'master who can help me? please send > mail to administrator@zjisp.net Looks like your machine was sending email to spamtraps.... again. And you have some bigger problems. Check out http://www.openrbl.org/ip/61/129/64/172.htm (Not a Spamcop admin) From MikeE at ster.invalid Tue Dec 7 19:48:39 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 7 22:50:03 2004 Subject: [SpamCop-Mail] Re: My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! References: Message-ID: administrator@zjisp.net wrote: > My Server's Ip is 61.129.64.172,listed in spamcop' blocking list > yestoday.I delisted this ip by myself using email address > administrator@zjisp.net Just delisting your IP 'manually' doesn't solve any security problems. > But this morning,this ip was listed again,I cann't find the email > which sended the bad mail,someone or spamcop'master who can help me? > please send mail to administrator@zjisp.net If the insecurity is smtp, you should look in your server logs. There's also a webmailer there. You might have insecurities which don't show in the logs. It looks like you were recently in cbl but just became unlisted. Your IP space is also in spews S1784 1, 61.129.57.0 - 61.129.88.255, lovefromabroad.com / findanewgirl.com which is a bigger netblock [32 class C size] than inetnum: 61.129.64.169 - 61.129.64.178 netname: NBJDETYCO-NETWORK descr: Ningbo Jiangdong ETYCO Network Service Co., Ltd. which is just 10 IPs -- Mike Easter kibitzer, not SC admin From administrator at zjisp.net Wed Dec 8 12:21:26 2004 From: administrator at zjisp.net (administrator@zjisp.net) Date: Tue Dec 7 23:25:09 2004 Subject: [SpamCop-Mail] Re: My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! References: Message-ID: "Mike Easter" wrote in message news:cp5tid$kkj$1@news.spamcop.net... > administrator@zjisp.net wrote: > > My Server's Ip is 61.129.64.172,listed in spamcop' blocking list > > yestoday.I delisted this ip by myself using email address > > administrator@zjisp.net > > Just delisting your IP 'manually' doesn't solve any security problems. > > > But this morning,this ip was listed again,I cann't find the email > > which sended the bad mail,someone or spamcop'master who can help me? > > please send mail to administrator@zjisp.net > > If the insecurity is smtp, you should look in your server logs. > > There's also a webmailer there. You might have insecurities which don't > show in the logs. > How can I find out wrongs in the mail server's logs? > It looks like you were recently in cbl but just became unlisted. Your > IP space is also in spews S1784 > > 1, 61.129.57.0 - 61.129.88.255, lovefromabroad.com / findanewgirl.com > > which is a bigger netblock [32 class C size] than > > inetnum: 61.129.64.169 - 61.129.64.178 > netname: NBJDETYCO-NETWORK > descr: Ningbo Jiangdong ETYCO Network Service Co., Ltd. > > which is just 10 IPs > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Tue Dec 7 23:16:49 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 7 23:25:23 2004 Subject: [SpamCop-Mail] Re: My Server's IP was listed in spamcop,and I cann't know which email send the bad mail! References: Message-ID: wrote in message news:cp5nv4$hfl$1@news.spamcop.net... > My Server's Ip is 61.129.64.172,listed in spamcop' blocking list > yestoday.I delisted this ip by myself using email address > administrator@zjisp.net > > But this morning,this ip was listed again,I cann't find the email which > sended the bad mail,someone or spamcop'master who can help me? please send > mail to administrator@zjisp.net > > Thanks! > > You are sending emails to spamtraps containing the following text: 552 Channel size limit exceeded. Ellen From DONOTSPAMpeterpepper at NOSPAMbizwax.com Wed Dec 8 07:16:28 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Wed Dec 8 08:15:04 2004 Subject: [SpamCop-Mail] Spamcop Quick Reporting Data: Notice Sending is Inconsistent Message-ID: Sometimes I get these notices and sometimes I don't. Would be nice if this were consistent. PP From DONOTSPAMpeterpepper at NOSPAMbizwax.com Wed Dec 8 07:22:34 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Wed Dec 8 08:20:02 2004 Subject: [SpamCop-Mail] What's the route for getting support on paid email accounts these days? Message-ID: It used to be this NG, spamcop.mail. Then I was informed that some people use the web forum at forum.spamcop.net Then I was informed that I need to use the support email address, support at spamcop.net. Over the last week I have tried all and haven't seen a word back from any support personnel at SC. (Thanks for the other SC users posting though.) Give me a clue guys. PP From DONOTSPAMpeterpepper at NOSPAMbizwax.com Wed Dec 8 07:30:42 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Wed Dec 8 08:30:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: "Jeff G." wrote in message news:covf4a$cg2$1@news.spamcop.net... > I did not so indicate. The OP posted in the new web-based forums all by > himself. > Who/what is the 'OP'? PP From DONOTSPAMpeterpepper at NOSPAMbizwax.com Wed Dec 8 07:33:49 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Wed Dec 8 08:30:06 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: Message-ID: "Jeff G." wrote in message news:covf4a$cg2$1@news.spamcop.net... > I did not so indicate. The OP posted in the new web-based forums all by > himself. PS... that sounds like something I would say to my 9-month-old baby. "Awww, look. He pooped all my himself. Isn't that cute!" :) PP From johnl at spamcop.net Wed Dec 8 15:00:26 2004 From: johnl at spamcop.net (JohnL) Date: Wed Dec 8 10:05:03 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: <1i5er0dffaub031le16i9q0vc8p2shvg56@4ax.com> Message-ID: Kenneth Loafman wrote in news:1i5er0dffaub031le16i9q0vc8p2shvg56@4ax.com: > On Wed, 8 Dec 2004 07:30:42 -0600, "Peter Pepper" > wrote: >>Who/what is the 'OP'? > > Other Poster > > ...Ken > I always thought it meant "Original Poster"? From Kilgallen at SpamCop.net Wed Dec 8 09:53:36 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Dec 8 10:55:11 2004 Subject: [SpamCop-Mail] Re: What's the route for getting support on paid email accounts these days? References: Message-ID: In article , "Peter Pepper" writes: > It used to be this NG, spamcop.mail. > > Then I was informed that some people use the web forum at forum.spamcop.net > > Then I was informed that I need to use the support email address, support at > spamcop.net. How about: http://mail.spamcop.net/contact.php From jeffg at spamcop.net Wed Dec 8 11:36:14 2004 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 8 11:40:04 2004 Subject: [SpamCop-Mail] Re: White/Black List Interface Is *NOT* User Friendly References: <1i5er0dffaub031le16i9q0vc8p2shvg56@4ax.com> Message-ID: JohnL organized electrons in article news:Xns95B9517355CC5johnlspamcopnet@216.154.195.61 that appeared as follows: > Kenneth Loafman wrote in > news:1i5er0dffaub031le16i9q0vc8p2shvg56@4ax.com: > >> On Wed, 8 Dec 2004 07:30:42 -0600, "Peter Pepper" >> wrote: >>> Who/what is the 'OP'? >> >> Other Poster >> >> ...Ken >> > > I always thought it meant "Original Poster"? That's how I meant it. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From sdp at spamcop.net Thu Dec 9 14:36:44 2004 From: sdp at spamcop.net (Scott Peterson) Date: Thu Dec 9 17:40:13 2004 Subject: [SpamCop-Mail] feature request: read/write/append entire whitelist Message-ID: Today for the second time in two years I've accidentally reported mail from someone I know as SPAM. That's an error rate of 2 in something like 140,000, but low as it is it causes some grief. It happened because his work address was not on my whitelist. This was apparently the first time mail form him there was classed as SPAM by the filters. Clearly this was human error on my part (I missed the message when I scanned Held Mail), but I can see some things that would help avoid this in the future. I really need everyone in my address book on my whitelist. Actually, like most of us, I have several address books across several computers so I need to be able to add whole address books to the whitelist. These change, so I need to be able to do it either automatically, or at least without dozens or hundreds of manual steps, as there are now. One simple mechanism would be to accept a whole list in the "add to whitelist" page instead of single addresses in separate boxes. This box would have an "add to whitelist" as well as a "replace whitelist" button. The add (or append) option would of course remove duplicates (|sort|uniq) from the result. We'd also need a "download whitelist" button that links to a text/plain file containing the whole list. These simple mechanisms would give us everything we'd need to keep whitelists synchronized with address books either manually, or with wget in some simple scripts on our end. Who knows, maybe someone will even cook up a Thunderbird add-on to do this automatically. As a stretch goal, I'd also like the ability to re-apply the whitelist to the Held Mail folder when the whitelist is changed. Any messages matching the updated whitelist would be released to the Inbox. I don't use my blacklist, but similar features for the blacklist may be useful for those that do. --- sdp From DONOTSPAMpeterpepper at NOSPAMbizwax.com Thu Dec 9 18:51:28 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Thu Dec 9 19:50:02 2004 Subject: [SpamCop-Mail] Re: feature request: read/write/append entire whitelist References: Message-ID: "Scott Peterson" wrote in message news:cpak1t$lk8$1@news.spamcop.net... > One simple mechanism would be to accept a whole list in the "add to > whitelist" page instead of single addresses in separate boxes. "Peter Pepper" wrote in message news:coq8ai$acv$1@news.spamcop.net... > For a white/black listing interface, PLEASE implement what SC had before SC > implemented the Horde system. Just give us a big text box where we can cut > and paste a list of addresses to submit. It certainly would make my life > easier. Keep it simple stupid. Let's keep the ball rolling and hopefully someone will actually do something about it. If not, Scott will take you fishing on his new boat. PP From jeffg at spamcop.net Thu Dec 9 20:10:45 2004 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 9 20:15:04 2004 Subject: [SpamCop-Mail] Re: feature request: read/write/append entire whitelist References: Message-ID: Scott Peterson organized electrons in article news:cpak1t$lk8$1@news.spamcop.net that appeared as follows: > Today for the second time in two years I've accidentally reported mail > from someone I know as SPAM. That's an error rate of 2 in something > like 140,000, but low as it is it causes some grief. It happened > because his work address was not on my whitelist. This was apparently > the first time mail form him there was classed as SPAM by the filters. > > Clearly this was human error on my part (I missed the message when I > scanned Held Mail), but I can see some things that would help avoid > this in the future. > > I really need everyone in my address book on my whitelist. Actually, > like most of us, I have several address books across several computers > so I need to be able to add whole address books to the whitelist. > These change, so I need to be able to do it either automatically, or > at least without dozens or hundreds of manual steps, as there are now. > > One simple mechanism would be to accept a whole list in the "add to > whitelist" page instead of single addresses in separate boxes. This > box would have an "add to whitelist" as well as a "replace whitelist" > button. The add (or append) option would of course remove duplicates > (|sort|uniq) from the result. We'd also need a "download whitelist" > button that links to a text/plain file containing the whole list. > These simple mechanisms would give us everything we'd need to keep > whitelists synchronized with address books either manually, or with > wget in some simple scripts on our end. Who knows, maybe someone > will even cook up a Thunderbird add-on to do this automatically. > > As a stretch goal, I'd also like the ability to re-apply the whitelist > to the Held Mail folder when the whitelist is changed. Any messages > matching the updated whitelist would be released to the Inbox. > > I don't use my blacklist, but similar features for the blacklist may > be useful for those that do. > > --- sdp Your requested features sound enticing but non-trivial to implement. You may also be interested in my "New Whitelists" post at http://news.spamcop.net/pipermail/spamcop-mail/2003-December/011976.html that never got much support (although "personal ip whitelist" is partially solved by the new Mailhosts configuration). JT (the only person who can implement such features) doesn't read this newsgroup any more. If you don't post your requested features to http://forum.spamcop.net/forums/index.php?showforum=4 in the next 24 hours, I will. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From DONOTSPAMpeterpepper at NOSPAMbizwax.com Thu Dec 9 19:46:01 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Thu Dec 9 20:45:13 2004 Subject: [SpamCop-Mail] Re: NNTP vs WebForum (was: White/Black List Interface Is *NOT* User Friendly) References: Message-ID: "Peter Pepper" wrote in message news:coqtql$p3v$1@news.spamcop.net... > > "Jeff G." wrote in message > news:coqqtc$n8f$1@news.spamcop.net... > > > > While we appreciate your suggestions, they should be made in the new > > SpamCop Forum devoted to SpamCop Email at > > http://forum.spamcop.net/forums/index.php?showforum=4 . > > > > Then what is spamcop.mail used for now? Is it being retired? > Me try web forum. Me no likee web forum. Me feel like caveman in web forum. Me want to hit people over head with big stick. Me really geek-a-zoid. Me need to be near other NG geek-a-zoids. PP From DONOTSPAMpeterpepper at NOSPAMbizwax.com Thu Dec 9 19:54:49 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Thu Dec 9 20:55:03 2004 Subject: [SpamCop-Mail] Re: feature request: read/write/append entire whitelist References: Message-ID: "Jeff G." wrote in message news:cpat58$sm8$1@news.spamcop.net... > Scott Peterson organized electrons in article > news:cpak1t$lk8$1@news.spamcop.net that appeared as follows: > > > > I can see some things that would help > > Your requested features sound enticing but non-trivial to implement. JG, are you qualified to make that analysis? I hate having to repeat myself on both NNTP and the web forum. Regardless, here is a copy of my forum post: I understand your point. Being an experienced software developer for over 25 years, I know that some tasks require much more resources than others. But based on my experience (yes folks, you are now hearing from an expert), I personally believe that implementing the items I requested to the white/black list would take little time and effort. And in the case of adding an 'Are You Sure' dialog for Releasing and Whitelisting ... I can honestly state it would take (me) no more than 5 minutes to implement. I have already looked at the JavaScript code used to create a confirm dialog for reporting spam, and duplicating that for Releasing and Whitelisting would be a PIECE OF CAKE. That's right SC developers, I'm calling you out! Remember that old game show, "Name That Tune". Well, I've got a new game... it's called "Write That Code". I can write it in less than 5 minutes. Beat that. PP From jeffg at spamcop.net Thu Dec 9 21:40:40 2004 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 9 21:45:13 2004 Subject: [SpamCop-Mail] Re: NNTP vs WebForum References: Message-ID: I removed " (was: White/Black List Interface Is *NOT* User Friendly)" from the Subject. Peter Pepper organized electrons in article news:cpause$tu1$1@news.spamcop.net that appeared as follows: > "Peter Pepper" wrote in > message news:coqtql$p3v$1@news.spamcop.net... >> "Jeff G." wrote in message >> news:coqqtc$n8f$1@news.spamcop.net... >>> While we appreciate your suggestions, they should be made in the new >>> SpamCop Forum devoted to SpamCop Email at >>> http://forum.spamcop.net/forums/index.php?showforum=4 . >> Then what is spamcop.mail used for now? Not much, actually. >> Is it being retired? That was JT's stated direction, but the timeframe is unknown. Whenever JT gets around to it, I guess. > Me try web forum. Me no likee web forum. Me feel like caveman in web > forum. Me want to hit people over head with big stick. Me really > geek-a-zoid. Me need to be near other NG geek-a-zoids. [continuing with the Carrie Bradshaw impersonation] Me likee both types of fora, but me stickee with the fora the paid support folks likee for communicatee with them. [in English] I like both types of fora, but I stick with the fora the paid support folks like for communicating with them. Seriously, I'm here in this newsgroup to try and help those who don't know about the web fora, can't use it, or won't use it, mostly because Wazoo and JT aren't here and I'm a fellow SpamCop Email System Customer (whereas Wazoo isn't one). I'm pretty sure JT reads the Spamcop Email Forum regularly, but he's usually very quiet about it, and he's a very busy man with a very long to-do list. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From DONOTSPAMpeterpepper at NOSPAMbizwax.com Thu Dec 9 22:54:26 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Thu Dec 9 23:50:04 2004 Subject: [SpamCop-Mail] Re: Release and Whitelist: How about an 'Are You Sure?' confirmation References: Message-ID: "Peter Pepper" wrote in message news:coq8rb$ap6$1@news.spamcop.net... > SC has a confirmation dialog for submitting spam. Why doesn't it have the > same confirmation for releasing and whitelisting? > > Please implement an 'Are You Sure?' confirmation dialog for releasing and > whitelisting. > Geez, you want something done, you gotta do it yourself. Here's the code. Now implement it... function Submit(actID) { if (actID == 'spam_report') { if (!window.confirm('Are you sure you wish to report this message as spam?')) { return; } } // START NEW CODE else if (actID == 'sc_relwhite') { if (!window.confirm('Are you sure you wish to release and whitelist the selected message(s)?')) { return; } } // END NEW CODE if (AnySelected()) { document.messages.actionID.value = actID; document.messages.submit(); } else { window.alert('You must select at least one message first.'); } } PP From ckeogh at spamcop.net Mon Dec 13 21:22:34 2004 From: ckeogh at spamcop.net (C. Keogh) Date: Tue Dec 14 00:25:03 2004 Subject: [SpamCop-Mail] Grrr. . . X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net Message-ID: The following spam passed through my filters: Addressed to: 812168083@reports.spamcop.net http://mailsc.spamcop.net/mcgi?action=gettrack&reportid=1314100869 Return-Path: Delivered-To: x Received: (qmail 15449 invoked from network); 14 Dec 2004 02:36:48 -0000 Received: from unknown (192.168.1.101) by blade6.cesmail.net with QMQP; 14 Dec 2004 02:36:48 -0000 Received: from vmx1.spamcop.net (64.74.133.248) by mailgate.cesmail.net with SMTP; 14 Dec 2004 02:36:48 -0000 Received: from sc-app2.eq.ironport.com (HELO spamcop.net) (192.168.19.202) by vmx1.spamcop.net with SMTP; 13 Dec 2004 18:36:15 -0800 X-SpamCop-Return-Path: Return-Path: Received: from vmx2.spamcop.net (sc-smtp2.eq.ironport.com [192.168.18.82]) by sc-app2.eq.ironport.com (Postfix) with ESMTP id E3CC2515921; Mon, 13 Dec 2004 18:33:50 -0800 (PST) Received: from unknown (HELO KCUIPSI) (220.68.254.99) by vmx2.spamcop.net with SMTP; 13 Dec 2004 18:33:47 -0800 X-Message-Info: 2nlywbk0225gpB/dCEEfYuWGVoaQ4Lqz Received: from bedimming (186.158.144.156) by ub955.nonsensic.loquat.gelatine.cableinet.co.uk (InterMail vC.3.46.48.35 2-8544-6-4-8236-180415) with ESMTP id <44425556366707.PUZC9729.ild056-mail.sullivan.emblazon.net.cable.rogers.com@puckish> for ; Tue, 14 Dec 2004 00:30:37 -0200 Message-ID: <5131_______________________________i174@conqueror> Reply-To: "Melvin Mccracken" From: "Melvin Mccracken" To: Subject: The new, revollutionaary peenjs enlaargment tool! viscous Date: Tue, 14 Dec 2004 07:27:37 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--9362550155947174" X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade6 X-Spam-Level: X-Spam-Status: hits=-77.9 tests=FORGED_RCVD_HELO,HTML_10_20,HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,INFO_TLD,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF,SARE_OBFUENLARGE,UNIQUE_WORDS, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL,USER_IN_WHITELIST_TO, X_MESSAGE_INFO version=3.0.0 X-SpamCop-Checked: 192.168.1.101 64.74.133.248 192.168.19.202 192.168.18.82 220.68.254.99 X-SpamCop-Disposition: Blocked bl.spamcop.net X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net ~~~~~~~~~~~~~~~~~~ Is there going to be a fix for this type of SPAM? CK From jeffg at spamcop.net Tue Dec 14 01:02:05 2004 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 14 01:05:18 2004 Subject: [SpamCop-Mail] Re: Grrr. . . X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net References: Message-ID: C. Keogh organized electrons in article news:cpltah$m0j$1@news.spamcop.net that appeared as follows: > The following spam passed through my filters: > > Addressed to: 812168083@reports.spamcop.net ... > Is there going to be a fix for this type of SPAM? Where did SpamCop send Report 812168083 on your behalf? That's where the leak is. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From ckeogh at spamcop.net Mon Dec 13 22:32:30 2004 From: ckeogh at spamcop.net (C. Keogh) Date: Tue Dec 14 01:35:03 2004 Subject: [SpamCop-Mail] Re: Grrr. . . X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net References: Message-ID: "Jeff G." wrote in message news:cplvkv$nds$1@news.spamcop.net... > C. Keogh organized electrons in article > news:cpltah$m0j$1@news.spamcop.net that appeared as follows: >> The following spam passed through my filters: >> >> Addressed to: 812168083@reports.spamcop.net > ... >> Is there going to be a fix for this type of SPAM? > > Where did SpamCop send Report 812168083 on your behalf? That's where > the leak is. > > -- > Thanks and Best Regards, Jeff G. > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please reply via Forum, Group, > or List only. > Hmm . . . that report doesn't show up when I search for it. I don't know who it would have been addressed to originally. CK From nobody at spamcop.net Tue Dec 14 06:37:04 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 14 07:15:03 2004 Subject: [SpamCop-Mail] Re: Grrr. . . X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net References: Message-ID: "C. Keogh" wrote in message news:cpltah$m0j$1@news.spamcop.net... > The following spam passed through my filters: > > Addressed to: 812168083@reports.spamcop.net > > ~~~~~~~~~~~~~~~~~~ > > Is there going to be a fix for this type of SPAM? > Yes there is a fix either already online or in progress for the spam to old report numbers. Ellen From jeffg at spamcop.net Tue Dec 14 18:58:18 2004 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 14 19:00:19 2004 Subject: [SpamCop-Mail] Re: Grrr. . . X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net References: Message-ID: Ellen organized electrons in article news:cpml8l$6tq$1@news.spamcop.net that appeared as follows: > "C. Keogh" wrote in message > news:cpltah$m0j$1@news.spamcop.net... >> The following spam passed through my filters: >> >> Addressed to: 812168083@reports.spamcop.net >> > >> ~~~~~~~~~~~~~~~~~~ >> >> Is there going to be a fix for this type of SPAM? >> > > Yes there is a fix either already online or in progress for the spam > to old report numbers. > > Ellen The age is less of a problem than the recipients. I know abuse@na.nic.it and abuse@nic.it to have posted directly on the Internet. Which others (if any) are you concerned about? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From jknepfle at spamcop.net Wed Dec 15 12:13:08 2004 From: jknepfle at spamcop.net (Josh Knepfle) Date: Wed Dec 15 12:15:04 2004 Subject: [SpamCop-Mail] Mail not going through Message-ID: Hello, My mail server is not able to forward mail to the spamcop service. Here is the log of the transmission: > The attached message had transient non-fatal delivery errors > > THIS IS A WARNING MESSAGE ONLY - YOU DO NOT NEED TO RESEND YOUR MESSAGE! > > This server is configured to automatically retry delivery at configured > intervals. Subsequent attempts to deliver this message are pending. > > Failed address: jknepfle@spamcop.net > > --- Session Transcript --- > Wed 2004-12-15 10:56:10: Parsing Message > Wed 2004-12-15 10:56:10: From: > Wed 2004-12-15 10:56:10: To: jknepfle@spamcop.net > Wed 2004-12-15 10:56:10: Subject: > Wed 2004-12-15 10:56:10: Message-ID: > Wed 2004-12-15 10:56:10: MX-record resolution of [spamcop.net] in progress (DNS Server: 209.173.159.5)... > Wed 2004-12-15 10:56:10: P=010 D=spamcop.net TTL=(39) MX=[mx2.spamcop.net] {216.154.195.53} > Wed 2004-12-15 10:56:10: P=005 D=spamcop.net TTL=(39) MX=[mx.spamcop.net] {216.154.195.53} > Wed 2004-12-15 10:56:10: Attempting MX: P=005 D=spamcop.net TTL=(39) MX=[mx.spamcop.net] {216.154.195.53} > Wed 2004-12-15 10:56:10: Attempting SMTP connection to [216.154.195.53 : 25] > Wed 2004-12-15 10:56:10: Waiting for socket connection... > Wed 2004-12-15 10:56:31: Winsock Error 10060 The connection timed out. > Wed 2004-12-15 10:56:31: Attempting MX: P=010 D=spamcop.net TTL=(39) MX=[mx2.spamcop.net] {216.154.195.53} > Wed 2004-12-15 10:56:31: Attempting SMTP connection to [216.154.195.53 : 25] > Wed 2004-12-15 10:56:31: Waiting for socket connection... > Wed 2004-12-15 10:56:52: Winsock Error 10060 The connection timed out. > Wed 2004-12-15 10:56:52: This message is 60 minutes old; it has 0 minutes left in this queue > Wed 2004-12-15 10:56:52: Primary queue lifetime exceeded; message placed in retry queue > --- End Transcript --- From nobody at spamcop.net Wed Dec 15 13:05:12 2004 From: nobody at spamcop.net (Ellen) Date: Wed Dec 15 13:10:03 2004 Subject: [SpamCop-Mail] Re: Mail not going through References: Message-ID: "Josh Knepfle" wrote in message news:cpprb9$6n7$1@news.spamcop.net... > Hello, > > My mail server is not able to forward mail to the spamcop service. Here is > the log of the transmission: > I sent this to Jeff. Ellen From newandrew at rump.dk Sat Dec 18 20:51:34 2004 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Sat Dec 18 15:56:17 2004 Subject: [SpamCop-Mail] Re: ReportingID Spam References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Blammo mumbled in news:Xns95C2C9EF6F755blammo@ 216.154.195.61: > On 17 Dec 2004 Gingko entered spamcop.help and left > news:cpv6jc$jcc$1@news.spamcop.net: >> Two of these spams have addresses like "@" >> in the "To" field. >> With theses addresses, I should have had two "unknown users" in >> the log files of my SMTP server. > Not necessarily, To: is not the same as SMTP RCPT TO: No and that include Bcc: (and Cc:). We need to get information from someone who records the SMTP RCPT TO:. I know spamcop.mail is "dead", but I have posted this to the group hoping that someone will take it over to the forum - or that I will do it on monday. What I am suggesting is that Jeff records the RCPT TO: - just as my own ISP does in a X-RCPT-TO:. A field just as Return-Path: which gives the SMTP input from MAIL FROM:. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From jeffg at spamcop.net Sun Dec 19 01:24:14 2004 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 19 02:00:21 2004 Subject: [SpamCop-Mail] Re: ReportingID Spam References: Message-ID: Andrew Engels Rump (formerly Leif Andrew Rump) organized electrons in article news:Xns95C3DE5DC6981newandrewrumpdk@216.154.195.61 that appeared as follows: > After drinking 3 Pan Galactic Gargle Blasters, Blammo > mumbled in news:Xns95C2C9EF6F755blammo@ > 216.154.195.61: >> On 17 Dec 2004 Gingko entered spamcop.help and left >> news:cpv6jc$jcc$1@news.spamcop.net: >>> Two of these spams have addresses like "@" >>> in the "To" field. >>> With theses addresses, I should have had two "unknown users" in >>> the log files of my SMTP server. >> Not necessarily, To: is not the same as SMTP RCPT TO: > > No and that include Bcc: (and Cc:). We need to get information > from someone who records the SMTP RCPT TO:. I know spamcop.mail > is "dead", but I have posted this to the group hoping that someone > will take it over to the forum - or that I will do it on monday. > > What I am suggesting is that Jeff records the RCPT TO: - just as > my own ISP does in a X-RCPT-TO:. A field just as Return-Path: which > gives the SMTP input from MAIL FROM:. > > Andrew Have you seen the "Delivered-To" Header Line? I've asked for a "for" clause on the Received Header Lines, there hasn't been enough support for that idea. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From ric.gates at bigsleep.org Sun Dec 19 07:34:50 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 19 02:35:09 2004 Subject: [SpamCop-Mail] Re: ReportingID Spam References: Message-ID: On 18 Dec 2004 Jeff G. entered spamcop.help and left news:cq38k6$3fi$1@news.spamcop.net: > I've asked for a "for" > clause on the Received Header Lines, there hasn't been enough support > for that idea. > Depending on the server / configuration, it may not work for multiple recipients. The value for "for" is probably the same value used for whatever x-Envelope-To header you might add. Still, spammers often forge the To header, so it's not like we can really depend on that for anything. -- | Ric | From newspapertranscripts at hotmail.com Sun Dec 19 17:49:22 2004 From: newspapertranscripts at hotmail.com (Helen Castle) Date: Sun Dec 19 02:50:02 2004 Subject: [SpamCop-Mail] Deleted Held Mail Folder - HELP Message-ID: I somehow deleted my Held Mail Folder and now I cant get it back I thought if I just created a new one called Held Mail it would be fine I have been away from home for 3 days and have not got a single spam in my Held Mail folder Any suggestions??? Helen Castle Narangba Qld From SpamCopNews.5.myspamgobbler at spamgourmet.com Sun Dec 19 14:47:16 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Sun Dec 19 17:50:03 2004 Subject: [SpamCop-Mail] Re: Deleted Held Mail Folder - HELP In-Reply-To: References: Message-ID: Helen Castle wrote: > I somehow deleted my Held Mail Folder and now I cant get it back > > I thought if I just created a new one called Held Mail it would be fine > > I have been away from home for 3 days and have not got a single spam in my > Held Mail folder > > Any suggestions??? > > Helen Castle > Narangba Qld > > That's one solution to not having to look at it ;) From eddie at eddie.web Sun Dec 19 20:54:43 2004 From: eddie at eddie.web (eddie) Date: Sun Dec 19 20:55:02 2004 Subject: [SpamCop-Mail] Re: Deleted Held Mail Folder - HELP References: Message-ID: On Sun, 19 Dec 2004 17:49:22 +1000, Helen Castle scratched out the following: > I somehow deleted my Held Mail Folder and now I cant get it back > > I thought if I just created a new one called Held Mail it would be fine > > I have been away from home for 3 days and have not got a single spam in my > Held Mail folder Did you spell it exactly as it was? Also, the space between the two words may be a problem. I am surprised you were allowed to delete it. I wonder where the mail is going that should be going there? Does it bounce? -- "I don't understand what happened. Nobody I know voted for Bush." Dan Pauline Kael-Rather From jeffg at spamcop.net Sun Dec 19 19:47:09 2004 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 19 21:05:03 2004 Subject: [SpamCop-Mail] Re: Deleted Held Mail Folder - HELP References: Message-ID: Helen Castle organized electrons in article news:cq3bpn$5nk$1@news.spamcop.net that appeared as follows: > I somehow deleted my Held Mail Folder and now I cant get it back > > I thought if I just created a new one called Held Mail it would be > fine > > I have been away from home for 3 days and have not got a single spam > in my Held Mail folder > > Any suggestions??? > > Helen Castle > Narangba Qld Please email JT about this using his address "support at spamcop.net". -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From minkus at ntlworld.com Fri Dec 24 11:28:03 2004 From: minkus at ntlworld.com (Christopher Hill) Date: Fri Dec 24 06:30:23 2004 Subject: [SpamCop-Mail] dsbl.org SERIOUS problem Message-ID: BEWARE OF VISITING THE DSBL.ORG SITE. Don't follow the links to dsbl.org in this email until you've read the whole thing and understand the potential consequences! I noticed this morning that my cable modem's IP address was being blocked on dsbl.org. So I went and had a look at the dsbl.org listing for the IP and saw a range of requests to block my IP address http://dsbl.org/listing?81.103.11.204 For those who don't know, dsbl.org works by people sending a special message through any open proxies to listme@listme.dsbl.org. Any IP addresses that send an email to this address are automatically added to the block list. So I was wondering why my IP address would have sent such an email to their account, as I am a fairly savvy user - no mail server, no web proxy, no spyware, and behind a hardware NAT firewall anyway. As I was investigating it, I noticed something very interesting. The list was getting longer as I was looking at the dsbl.org site - in real time. I realised that whatever or whoever was causing the listings was causing it *right now*. So I looked harder at the listings. Here is the first one: [quote] IP: 81.103.11.204 Input IP: 213.107.224.10 Transport: ftp-url Input Port: 80 Message Received: 2004/12/23 17:48:48 UTC Message Sent By: ian Extended Information for Transport: dsbl.org website hit Full Message: Subject: DSBL Submission To: listme@listme.dsbl.org [endquote] The IP address is mine alright, and 213.107.224.10 is the address of ntlworld's transparent proxy servers (which I have to use for all port 80 traffic, as they're transparent). What confused me was the 'transport' which is ftp-url and the 'extended information' - dsbl.org website hit. So I fiddled around a bit more... but then I started to look at the date and time of each of the requests... ... and realised that they coincided *exactly* with *every* time I visited *any* part of the dsbl.org site. Oh dear. I tested this further and yes, indeed, every time I loaded a page from dsbl.org into Internet Explorer, a new request to block my IP address was added. At this point I started to get very, very slightly annoyed with the maintainers of dsbl.org. And yes, that is good old British understatement. I think someone has *seriously* goofed up here. Maybe they're testing something new on their web server, but if they are, they've seriously messed it up, and it seems that every request I make to their web site is resulting in the originating IP address being added to their list. I can confirm this because if you look at the listing, you'll see that there's one request for yesterday, and lots for today. Guess what I was doing yesterday at about 17:48:48 UTC? I happened to visit just the home page of the dsbl.org site. I hope people are beginning to understand how stupid and dangerous this behaviour is. Can anyone else confirm that it happens to them, or is it just me? If they can, I think there is a very serious case for removing dsbl.org from being used on SpamCop, and discouraging *anyone* else from using them again, *ever*. I don't know whether it's administrator incompetence or a hack attack, but whatever it is, if they're not competent enough to keep their systems secure or (even worse) to not let this sort of thing happen when they make changes, I for one don't trust them to block spam emails any more. Let us know how you get on. Regards, Chris -- 'Therefore, if anyone is in Christ, he is a new creation; the old has gone, the new has come!' - 2 Corinthians 5v17 minkus@ntlworld.com From minkus at ntlworld.com Fri Dec 24 12:11:21 2004 From: minkus at ntlworld.com (Christopher Hill) Date: Fri Dec 24 07:15:03 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: OK, this sucks. Turns out that dsbl.org now blocks people for using Internet Explorer to visit their site. Let me qualify that. It blocks people for using any version of IE that has a particular vulnerability. Trouble is, there's no patch for that vulnerability yet. So you visit dsbl.org with IE and images enabled, even if you're totally patched up - you get your email blocked. Does that sound really really stupid to anyone else? Here is what I got back from dsbl.org: > Your browser has a vulnerability that can be exploited by websites you > visit to send mail from your machine. Try turning off image loading in > your browser and see if that helps. And my reply is below. If anyone else thinks this is a bad idea, please tell dsbl.org as well. Maybe enough voices will get this through... Regards, Chris -- 'Therefore, if anyone is in Christ, he is a new creation; the old has gone, the new has come!' - 2 Corinthians 5v17 minkus@ntlworld.com (Reply to dsbl.org quoted:) OK, so what you've done is set up a policy where anyone that goes to your website using ANY version of Internet Explorer (mine is patched with the latest available patches), is going to start having problems sending emails to certain servers. That is, you have made it so that 95% of the people who are browsing the World Wide Web are going to have problems sending emails, just because they visited your site, and 94% of them aren't going to have a clue: 1) That it's even happened, and 2) What to do about it, and 3) If they do know and they are able, they can't fix it yet because the patch hasn't been released. Way to go, man. Please don't give me yadda yadda yadda about using FireFox or something instead. You and I both know that is going to take a *loooong* time. Yes, let's say that I switch, but what about the millions of people who are quite happy with their insecure Internet Explorer and are too *afraid* to switch? And the millions more who think that Internet Explorer *is* the Internet? Well they'll have to learn that Internet Explorer is not an option Great attitude. How dare these people try to use the Internet without a clue? How dare they think it can be as helpful and useful and troublefree as switching on a TV or driving their car? I agree that there needs to be more education, and people need to learn to patch and maintain their computers. Do we really have to make things so difficult for them in the mean time by making them have loads of problems with their emails that they just don't understand? I say again, people are going to get onto dsbl.org and never get off, just because they didn't know. (By the way, yes it will cause problems for those people, even if they use their ISP's SMTP server to send email. I *used* to use dsbl.org for blocking on my SpamCop account, and that means that *every* IP address in the Received: headers has to be clear of *all* the blocking lists. That includes the very first one, the user's computer, not just the SMTP relay server that their ISP supplies. So guess what? People visit dsbl.org with the latest patched Internet Explorer, and suddenly I don't get their emails any more. Great.) What percentage of poeple will update Internet Explorer when the patch does come out? Even with time, you'll be blocking 75% of the people who visit your website, just because they happened to visit your website. Please wake up. That sucks. How many 'ordinary' users that are visiting your website for *information* are never going to get off the dsbl.org list because they don't even know they're on it in the first place? ALL responsible blocklists should ONLY punish people who have been negligent - either in configuring their mail server, or in not updating their software, or not installing a firewall, or SOMETHING. Not just because Microsoft made a programming mistake that we can't even get a patch for yet. When people hear about this I think they will stop using dsbl.org, unless you reverse your policy on this pretty quickly, and unblock the IPs that have already been listed in this way. As far as I can see, there's not even any mention on your website that you've adopted this policy. The aim of dsbl.org should *not* be to punish people for using Internet Explorer, EVEN WHEN the patch for the vulnerability is released. How much spam is actually sent by this method, right now? Even if you disagree with this, you need to think very, very carefully about doing this sort of thing, especially as I was under the impression that dsbl.org does NOT do testing of remote computers. This sounds like testing of remote computers to me. Please reconsider. I've done my best in this email to be responsible rather than shouting. But what you have done... sucks. Regards, Chris From none at domain.invalid Fri Dec 24 21:50:13 2004 From: none at domain.invalid (Anonymous) Date: Sat Dec 25 02:00:22 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: "Christopher Hill" wrote in message news:cqgufk$3jf$1@news.spamcop.net... > BEWARE OF VISITING THE DSBL.ORG SITE. Don't follow the links to dsbl.org > in this email until you've read the whole thing and understand the > potential consequences! > > I noticed this morning that my cable modem's IP address was being blocked > on dsbl.org. > > So I went and had a look at the dsbl.org listing for the IP and saw a > range of requests to block my IP address > http://dsbl.org/listing?81.103.11.204 Hmmm... very weird. I just visited the DSBL.ORG website, and surfed through ALL their pages, so we'll see tomorrow if I'm listed. I'll post here in the morning and let you know. IP address 63.207.207.236, in case you want to check on it yourself. Perhaps it's a glitch that gigged for some reason on your IP address (regex error or something?). From none at domain.invalid Sat Dec 25 13:17:19 2004 From: none at domain.invalid (Anonymous) Date: Sat Dec 25 16:20:03 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: "Anonymous" wrote in message news:cqj30t$6uo$1@news.spamcop.net... > "Christopher Hill" wrote in message > news:cqgufk$3jf$1@news.spamcop.net... >> BEWARE OF VISITING THE DSBL.ORG SITE. Don't follow the links to dsbl.org >> in this email until you've read the whole thing and understand the >> potential consequences! >> >> I noticed this morning that my cable modem's IP address was being >> blocked on dsbl.org. > I just visited the DSBL.ORG website, and surfed through ALL their pages, > so we'll see tomorrow if I'm listed. I'll post here in the morning and > let you know. IP address 63.207.207.236, in case you want to check on it > yourself. I just visited DSBL.ORG again, my IP address isn't listed. It must have been a glitch of some kind. I'd contact them, if I were you, and work with them to resolve the glitch. From Kilgallen at SpamCop.net Sat Dec 25 18:04:49 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 25 19:05:36 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: <+eoBOZd3$j0N@eisner.encompasserve.org> In article , "Christopher Hill" writes: > OK, this sucks. Turns out that dsbl.org now blocks people for using Internet > Explorer to visit their site. > > Let me qualify that. It blocks people for using any version of IE that has a > particular vulnerability. Trouble is, there's no patch for that > vulnerability yet. So you visit dsbl.org with IE and images enabled, even if > you're totally patched up - you get your email blocked. > > Does that sound really really stupid to anyone else? To use a browser with a known vulnerability ? Yes, that sounds stupid. From ttk at itrezzo.com Sat Dec 25 20:26:06 2004 From: ttk at itrezzo.com (Tim Koltek) Date: Sun Dec 26 00:20:04 2004 Subject: [SpamCop-Mail] testing Message-ID: testing From jeffg at spamcop.net Sun Dec 26 17:51:26 2004 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 26 17:55:03 2004 Subject: [SpamCop-Mail] Re: testing References: Message-ID: Tim Koltek organized electrons in article news:cqlhkr$h1l$1@news.spamcop.net that appeared as follows: > testing Your test failed: Your post showed up here, instead of a test newsgroup. Your newsreader appears to be posting to the wrong group. In the future please use the spamcop.test -- that's what it is there for. Thanks for your consideration. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From nobody at spamcop.net Mon Dec 27 00:43:18 2004 From: nobody at spamcop.net (RW) Date: Mon Dec 27 01:45:15 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: "Christopher Hill" wrote in message news:cqgufk$3jf$1@news.spamcop.net... > BEWARE OF VISITING THE DSBL.ORG SITE. Don't follow the links to dsbl.org > in this email until you've read the whole thing and understand the > potential consequences! > > I noticed this morning that my cable modem's IP address was being blocked > on dsbl.org. > > So I went and had a look at the dsbl.org listing for the IP and saw a > range of requests to block my IP address > http://dsbl.org/listing?81.103.11.204 I think what you are seeing is dsbl.org blocking you from accessing their site because your computer has been used in a DDoS campaign against their site. 81.103.11.204 was tested by them and proven to be an open proxy. Further, the computer on that IP was part of a zombie army used in a personal DDoS attack against them in an attempt to knock them off the air. dsbl's response was to block access to their site from that IP. It is a defensive move taken by many sites to fend of attacks. What you need to do is find the backdoor on your computer and secure it so it can't be used by spammers and in future attacks on Internet sites. Richard From minkus at ntlworld.com Mon Dec 27 12:42:56 2004 From: minkus at ntlworld.com (Christopher Hill) Date: Mon Dec 27 07:45:03 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: >> So I went and had a look at the dsbl.org listing for the IP and saw a >> range of requests to block my IP address >> http://dsbl.org/listing?81.103.11.204 > > I think what you are seeing is dsbl.org blocking you from accessing their > site because your computer has been used in a DDoS campaign against their > site. 81.103.11.204 was tested by them and proven to be an open proxy. > Further, the computer on that IP was part of a zombie army used in a > personal DDoS attack against them in an attempt to knock them off the air. > > dsbl's response was to block access to their site from that IP. It is a > defensive move taken by many sites to fend of attacks. > > What you need to do is find the backdoor on your computer and secure it so > it can't be used by spammers and in future attacks on Internet sites. It's not because of any DDoS campaign on my behalf (although dsbl.org does seem to be down...?) - it's because I'm running fully-patched IE... Here is the latest response and reply to dsbl.org for those who are interested: Fred Smith wrote: > On Fri, 2004-12-24 at 12:06 +0000, Christopher Hill wrote: >> OK, so what you've done is set up a policy where anyone that goes to >> your website using ANY version of Internet Explorer (mine is patched >> with the latest available patches), is going to start having >> problems sending emails to certain servers. > > Yes, just like people who are running mdaemon software are going to be > listed because that software is impossible to secure. You'll need to > pressure your vendor for a patch (you did *pay* for that browser, > since it came with your paid OS), or switch to a different piece of > software. If you don't, you'll need to understand that people may be > using your system to send unsolicited email without your consent, and > that many people don't want to receive email from your system as a > result of it. > The exploit we're testing has been known publicly for 6 months now, > and Microsoft hasn't patched it. OK, yes, I understand the reasoning behind it. I run insecure software, you block me. What I'm saying is that while mail administrators should be expected to have a 'clue' and patch their software - after all, it is their job - home users in general don't. In principle, I can see where you're coming from. My system may be used to send unsolicited mail. However, at the moment I would guess that this exploit isn't being used to send spam because it's just not practical - realistically you're going to be sending perhaps one or two emails with this command, and any mass spammer is going to have to write some sort of script to get people who visit his site to automatically send loads and loads of emails, with the page getting refreshed and so on. I think that with the number of open-relay SMTP daemons around and other ways of sending spam, they're not going to bother. >> That is, you have made it so that 95% of the people who are browsing >> the World Wide Web are going to have problems sending emails, > > under 90% these days, actually. Mozilla Firefox is used by an ever > growing percentage of Internet users, for reasons much like this one. OK, yes, but it's not ready for some deployments. I've considered deploying it at the school where I work (I am the ICT technician there) but it's just not quite ready yet. I could go in depth into the reasons for you if you wanted. And besides, whether it's 90% or 95%... isn't that still quite a large percentage? >> How dare these people try to use the >> Internet without a clue? How dare they think it can be as helpful >> and useful and troublefree as switching on a TV or driving their car? > > I'm not sure how it works in your country, but in the US, people who > do not know how to drive are not given drivers licenses and are not > allowed on the road. You can kill people if you don't drive properly. Sending an unsolicited email isn't quite on the same level. >> (By the way, yes it will cause problems for those people, even if >> they use their ISP's SMTP server to send email. I *used* to use >> dsbl.org for blocking on my SpamCop account, and that means that >> *every* IP address in the Received: headers has to be clear of *all* >> the blocking lists. > > That's a significant bug in spamcop's filtering system, then. You > cannot trust any header appended by anything but your mail server. > Mail filtering systems should never make decisions like that based on > untrustable and easily spoofed data. They have software that automatically detects which headers can be trusted and which can't when you *report* spam. And as for receiving spam, who is going to *deliberately* put an IP address into a header that they *know* is on a DNS block list? >> ALL responsible blocklists should ONLY punish people who have been >> negligent - either in configuring their mail server, or in not >> updating their software > > Thank you for making our point for us. People running Internet > explorer in this day and age are negligent. Every piece of software has security holes. FireFox doubtless has some (for example, opening certain mangled HTML files can cause problems that don't occur in IE - see http://www.internetnews.com/ent-news/article.php/3425631) Yes, Internet Explorer has serious problems in its actual architecture. Yes, Microsoft in general take longer than most vendors to release patches, and sometimes ignore holes completely. And someone needs to take them to task over that. But I don't think that blocking people who use Internet Explorer because they don't even think of switching to anything else, or they can't (some sites still don't work in FireFox - see http://www.launch.com/ among others), or because they just expect their computers to work, is a very good attitude to have. It's preventing the flow of information. I haven't got a problem with that as such (otherwise I wouldn't use lists like dsbl.org myself) but I think that you have overstepped the mark in this case, because the solution that you require to the problem (everyone moves to FireFox or another browser) is too radical to ever actually happen. Or if it does happen, it probably won't be for another 5 to 10 years, and your action will not speed that process up significantly. So I hope you see that I think your principles are correct (insecure software should be blocked) but your application of them *in this case* is flawed (the consequences of your actions will create more problems than they solve, and will not be easily reversed). >> When people hear about this I think they will stop using dsbl.org, >> unless you reverse your policy on this pretty quickly, and unblock >> the IPs that have already been listed in this way. As far as I can >> see, there's not even any mention on your website that you've >> adopted this policy. > > It's not a policy change. These listings are perfectly legitimate, > and work under our existing policy. I can't see your website at the moment (is it down?) but I thought the policy was that you did not undergo active testing of sites, but you let other people do your testing for you. Isn't attempting to exploit a flaw in a piece of software when people visit your site active testing? Even if you don't consider this to be a change in policy, I still think you should advertise this fact on your site. When people are finding out whether to use your DNS list or not, they want to know the source of your data. When I read your site trying to find out why I was listed, I did not find anything that might suggest that it was because I was using Internet Explorer to access your site. The site is almost entirely geared towards checking for open relays and buggy daemons. There should at the very least be an entry in your FAQ that says 'I've been blocked since visiting your website with Internet Explorer. Why?' to answer questions like these and make clear what you are doing. IMHO there should also be an entry on the main page of your site telling existing dsbl.org users that you are now blocking those who visit your site with buggy (ie all current) versions of Internet Explorer, and why. If this is something that people who currently use your list want (as you seem to think it is) then why not be upfront about it? Doubtless there *will* be some people who like this new policy. But as an existing user, I do *not* like it, and need to be informed as well so that I can choose to stop using your DNS blacklist. I hope that you do agree that while this may not be a change of policy in your opinion, yet it is a significant change to the way that the blocklist is compiled, and something that some (if not many) people will want to know about. I disagree with your policy, but putting that aside, you should make it 100% clear on your website, so that each user can make an informed decision. >> 'Therefore, if anyone is in Christ, he is a new creation; >> the old has gone, the new has come!' - 2 Corinthians 5v17 > > Ah, that explains it. Get a clue. I don't think you're helping anything by insulting my faith. This has nothing to do with the discussion and I am saddened that you should bring that into it. Regards, Chris Hill -- 'Therefore, if anyone is in Christ, he is a new creation; the old has gone, the new has come!' - 2 Corinthians 5v17 minkus@ntlworld.com From gavan+mail_list at spamcop.net Tue Dec 28 11:10:22 2004 From: gavan+mail_list at spamcop.net (Gavan Schneider) Date: Mon Dec 27 19:08:31 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On or about 2004-12-27 11:42 PM (-0000) Christopher Hill wrote: >>> 'Therefore, if anyone is in Christ, he is a new creation; >>> the old has gone, the new has come!' - 2 Corinthians 5v17 >> >> Ah, that explains it. Get a clue. > >I don't think you're helping anything by insulting my faith. This has >nothing to do with the discussion and I am saddened that you should >bring that into it. > quite so. Though, to be charitable, the original request to "get a clue" may really have been one suggesting an alternate translation of that verse, such as: 'So for anyone who is in Christ, there is a new creation: the old order is gone and a new being is there to see.' 2 Cor 5:17 The New Jerusalem Bible (Dragging back towards the topic. :) Maybe this as a good hint: IE/Win ('the old order') is gone, and decent standards compliant browsers ('a new creation') are 'there to see'. Use them. Deploy them at your school. Provide feedback to the developers if they are wanting in some regard. Write to webmasters when you find buggy web sites that need IE/Win to "work". None of this should change how dsbl.org do their business. None of this will change how Microsoft does their business. But we will find we don't need IE/Win far sooner than we imagined. (FWIW IE/Mac is frozen at 5.2.3, no longer being developed, and almost never needed.) Regards Gavan - -- Gavan Schneider "The first discovery I'd like to present here is an algorithm for lazy evaluation of research papers. Just write whatever you want and don't cite any previous work, and indignant readers will send you references to all the papers you should have cited." Paul Graham -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.2.2 iQA/AwUBQdCkbs86FtnpdFMWEQLHVwCdHs2X0o0ElI0Z9Rs/JrrrR3/x4FgAoK96 Gl4oVnOQIRgJ9gGNTk9F17cw =qIyd -----END PGP SIGNATURE----- From minkus at ntlworld.com Tue Dec 28 11:20:45 2004 From: minkus at ntlworld.com (Christopher Hill) Date: Tue Dec 28 06:25:04 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: "Gavan Schneider" wrote in message news:mailman.51.1104192512.4572.spamcop-mail@news.spamcop.net... > (Dragging back towards the topic. :) > Maybe this as a good hint: IE/Win ('the old order') is gone, and decent > standards compliant browsers ('a new creation') are 'there to see'. Use > them. Deploy them at your school. Provide feedback to the developers if > they are wanting in some regard. Write to webmasters when you find buggy > web sites that need IE/Win to "work". > > None of this should change how dsbl.org do their business. None of this > will change how Microsoft does their business. But we will find we don't > need IE/Win far sooner than we imagined. (FWIW IE/Mac is frozen at 5.2.3, > no longer being developed, and almost never needed.) Thanks for your reply. I've now given up on trying to change their policy, even though I disagree with it. Am now campaining to get them to make it a bit more obvious on their website. Latest reply follows. Hopefully the last: Ian Gulliver wrote: > Chris: > >> OK, yes, I understand the reasoning behind it. I run insecure >> software, you block me. What I'm saying is that while mail >> administrators should be expected to have a 'clue' and patch their >> software - after all, it is their job - home users in general don't. > > This seems to be the crux of your argument, and it's flawed. Most > spam these days is sent through open proxies, which are also the end > users' problems. End users have a responsibility to secure their > systems, or to get off the Internet; increasingly, there is no middle > ground. > You also need to learn how to read, and realize that you're replying > to the same email address for all of us. If you want to discuss > policy, take it to list@dsbl.org; admin@dsbl.org is for support. Forgive me for replying once more to admin@dsbl.org, but this is my last email and as you will see it is more about support than policy. I can see that I'm not going to be able to persuade you to change your policy on this one, so instead can I reiterate what I asked you at the end of my last email, namely, please make what you are doing more clear on your website. I noticed that you now have a warning on the front page of your website if you are running IE, and that you've taken the tag off from the front page - thanks for doing that. Please could you also alter your FAQ at: http://dsbl.org/faq-listed#whyserver to state that another reason that you might be listed is if you browse the dsbl.org web page with an insecure browser (it would be nice I think to name the browsers in question so that people are 100% clear about it) and tell people what their options are there as well. One of the things that frustrated me the most when I first discovered the problem was that I had *no* idea why it was happening, and it looked like a bug with your website to me. Please also alter: http://dsbl.org/faq-listed#notaserver as I think this should contain the same information. I would also suggest a *new* FAQ entry/entries, something along the lines of 'I've never run a proxy server or mail server on my computer. Why am I listed' (and tell people to look for spyware/trojans as well as insecure IE), and/or 'I've been listed, and all I did was browse your website', and/or 'I've been listed, and the transport is 'ftp-url'. What does that mean?'. I think as an end-user of your list myself (I used to use it to filter my own SpamCop mail as well as on the mail server at the school where I work) I would like to have been more aware that you were doing this, before you did it, and after you did it. You must admit that even though in essence you're still just receiving an email from an IP address, it is a bit of a departure from what people expect your list to contain. At the moment the FAQ gives no hints that browsers are being checked as well as MTAs and proxies. I hope you understand where I'm coming from. Regards, Chris -- 'Therefore, if anyone is in Christ, he is a new creation; the old has gone, the new has come!' - 2 Corinthians 5v17 minkus@ntlworld.com From wb8tyw at qsl.network Tue Dec 28 23:19:31 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Dec 28 23:20:05 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem In-Reply-To: <+eoBOZd3$j0N@eisner.encompasserve.org> References: <+eoBOZd3$j0N@eisner.encompasserve.org> Message-ID: Larry Kilgallen wrote: > In article , "Christopher Hill" writes: > >>OK, this sucks. Turns out that dsbl.org now blocks people for using Internet >>Explorer to visit their site. >> >>Let me qualify that. It blocks people for using any version of IE that has a >>particular vulnerability. Trouble is, there's no patch for that >>vulnerability yet. So you visit dsbl.org with IE and images enabled, even if >>you're totally patched up - you get your email blocked. >> >>Does that sound really really stupid to anyone else? As soon as the vulnerability gets more widely published, a worm or spamware will be written to take advantage of it. In the 30 seconds that someone might be waiting for images to load, a lot of spam can be queued up on an SMTP server for relaying. > To use a browser with a known vulnerability ? Yes, that sounds stupid. It appears that this is a new vulnerability, and that the number of browsers that are affected have not been mapped, but may not be restricted to IE. If your browser will not allow you to connect to ftp://localhost:25, then it is likely that you will pass the dsbl.org test. That does not mean that your browser is totally free of the exploit. According to postings on the archives of the dsbl.org mailing lists, the systems with browsers that they get to relay mail are going on the "multihop" list, not the main one. Absolute blocking on the multihop list is a bad idea as it is almost impossible for most major commercial ISPs to stay off of it all of the time. So even before this action by the dsbl, using the multihop list for blocking was likely to cause real e-mail to be blocked. DSBL has always recommended that the mutihop list only be used for scoring. This test by the DSBL actually is helping to find sources of potential direct to MX viruses, most of which lately morph into spam zombies. If a company requires all e-mail to be sent through a designated SMTP gateway, even if they have a vulnerable browser, they will currently pass the dsbl test unless they are using vulnerable browser on their outgoing mail server. Also if your ISP is blocking port 25 except to it's designated SMTP servers, then you will pass the DSBL test, even if you have an insecure browser. It might have been more useful if DSBL would create a new zone for this exploit. Of course then it would be more likely that this zone would be used for directly blocking mail, since as pointed out earlier, the multihop list is already too aggressive for that. -John wb8tyw@qsl.network Personal Opinion Only From no at privacy.net Wed Dec 29 08:37:57 2004 From: no at privacy.net (Andreas Jakum) Date: Wed Dec 29 02:40:22 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem In-Reply-To: References: <+eoBOZd3$j0N@eisner.encompasserve.org> Message-ID: John E. Malmberg wrote: > According to postings on the archives of the dsbl.org mailing lists, the > systems with browsers that they get to relay mail are going on the > "multihop" list, not the main one. Unfortunately this does not seem to be the case. We have a host around which has only "ftp-url/dsbl.org website hit" as listing reason at DSBL and is listed both in unconfirmed and singlehop, but not in multihop. Listed in unconfirmed (unconfirmed.dsbl.org): yes Listed in singlehop (list.dsbl.org): yes Listed in multihop (multihop.dsbl.org): no > It might have been more useful if DSBL would create a new zone for this > exploit. Of course then it would be more likely that this zone would be > used for directly blocking mail, since as pointed out earlier, the > multihop list is already too aggressive for that. Exactly. The idea is not that bad, but adding it to their main zones is, uhm, maybe not the best thing to do - especially when the advisory about the bug was released at the time this feature was added to the dsbl website with no vendor notification or any possibility of reaction to it besides changing browsers. And the 23rd of december is for sure the best date for such things anyway. -- Andreas Jakum From minkus at ntlworld.com Wed Dec 29 15:37:14 2004 From: minkus at ntlworld.com (Christopher Hill) Date: Wed Dec 29 10:40:19 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: Thanks to all those who replied, but it seems that dsbl.org have changed their mind. http://dsbl.org/cgi-bin/ezmlm-browse.cgi?list=list/list&cmd=showmsg&msgnum=1553 > Bowing to pressure, I've removed the exploit code from every page on the > website except removal_confirm. Sorry for the hassle. Which is a good thing in my opinion. They have still left all the IPs that were listed as 'ftp-url' in the system (including me), and many people aren't going to have a clue how to get themselves back out again... but at least there aren't more people falling into the trap. I personally am not going to use dsbl.org again. -- 'Therefore, if anyone is in Christ, he is a new creation; the old has gone, the new has come!' - 2 Corinthians 5v17 minkus@ntlworld.com From wb8tyw at qsl.network Wed Dec 29 13:23:06 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Dec 29 13:25:02 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem In-Reply-To: References: Message-ID: Christopher Hill wrote: > Thanks to all those who replied, but it seems that dsbl.org have changed > their mind. > > http://dsbl.org/cgi-bin/ezmlm-browse.cgi?list=list/list&cmd=showmsg&msgnum=1553 > >>Bowing to pressure, I've removed the exploit code from every page on the >>website except removal_confirm. Sorry for the hassle. > > > Which is a good thing in my opinion. They have still left all the > IPs that were listed as 'ftp-url' in the system (including me), and > many people aren't going to have a clue how to get themselves back out > again... but at least there aren't more people falling into the trap. When the seven days are up, you can request removal again, but make sure that you use a different browser, or a computer that you can risk getting listed. It was queued for removal once, except that the browser vulnerability caused it to be listed again, so it appears that you or someone can follow the removal procedure. > I personally am not going to use dsbl.org again. What problems is the DSBL.ORG listing causing you? Your listed I.P. address (obtained from the public DSBL archives) is in three of the most popular DYNAMIC pool DNSBLs in use. SORBS, NJABL, and the PDL. It is not yet in the MAPS-DUL, but the first spam report that MAPS-DUL gets from an I.P. address in the same address pool as you are will change that. That listing is only a matter of time. Which means that to reach a large portion of the internet through e-mail, you must go through your ISP's mail servers anyway. If you are not on a DHCP pool, then you need to get your ISP to fix their designation of your I.P. address and then get it removed from the other dynamic pool lists. For most of the postmasters that I know, the dynamic lists are checked second after the local blocking lists, but before the open proxy / open relay lists. MAPS-DUL was just dropped by one because it was missing too many known DHCP pools. According to the statistics from one of my postmasters, dropping the DSBL.ORG confirmed list would result in at least 10 to 15% more spam getting through. Since they also use one or more of the above dynamic pool listings, it would be hard to convince them to drop the DSBL confirmed list just because it is listing insecure browsers that are allowing the execution of scripts against other servers. It looks like there may be other exploits of this issue that the DSBL is not testing for, so I would recommend contacting your browser vendor for a fix or a statement to verify that they are not vulnerable. The DSBL tests are not sufficient to rule out that a browser is vulnerable. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Wed Dec 29 12:18:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 29 15:20:03 2004 Subject: [SpamCop-Mail] Re: dsbl.org SERIOUS problem References: Message-ID: Christopher Hill wrote: > I personally am not going to use dsbl.org again. I am. I think you're just miffed because it doesn't seem to you that he was responsive enough to you personally, but he actually was responsive. He picked up on an exploit which he learned about in an IRC channel, he created a testing ground, he started listing [inappropriately] about the exploit, and he also discussed what he was doing in his forum [see link below]. A number of people told him what was wrong with his strategy in that forum [and also your communication with him] and so he 'undid' what he was doing wrong, and posted the 'undoing' in the same forum. Besides the forum post which you posted for the undoing, see the thread 'Website Change Heads Up' at http://dsbl.org/cgi-bin/ezmlm-browse.cgi?list=list/list&cmd=threadindex&month=200412&threadid=akmhlfmmcpphmdpifled or use http://snipurl.com/bnpf -- Mike Easter kibitzer, not SC admin