From fredfighter at spamcop.net Sun Jan 2 18:10:49 2005 From: fredfighter at spamcop.net (Fred the Red Shirt) Date: Sun Jan 2 12:35:05 2005 Subject: [SpamCop-Mail] Why is this Mail FROM SpamCop to SpamCop being blacklisted by SORBS? Message-ID: <41D83928.EA7F7AC4@spamcop.net> Headers appended below. According to the headers this auto-response from SpamCop originated on a Level3 IP [4.159.77.67] that is blacklisted as a trojaned server. How does this happen? Why doesn't the SpamCop whitelisting of SpamCop.net take precedence over it? As they say on the net, thanks in advance. -- FF Return-Path: <1327382223@bounces.spamcop.net> Delivered-To: spamcop-net-fredfighter@spamcop.net Received: (qmail 1178 invoked from network); 31 Dec 2004 19:50:39 -0000 Received: from unknown (192.168.1.101) by blade5.cesmail.net with QMQP; 31 Dec 2004 19:50:39 -0000 Received: from vmx2.spamcop.net (64.74.133.250) by mailgate.cesmail.net with SMTP; 31 Dec 2004 19:50:39 -0000 Received: from sc-app2.eq.ironport.com (HELO spamcop.net) (192.168.19.202) by vmx2.spamcop.net with SMTP; 31 Dec 2004 11:50:37 -0800 Received: from [4.159.77.67] by spamcop.net with HTTP; Fri, 31 Dec 2004 19:50:37 GMT From: "Fred" <1327382223@reports.spamcop.net> To: fredfighter@spamcop.net Subject: [SpamCop (61.91.75.68) id:1327382223]Want a home? Precedence: list Message-ID: Date: Fri, 31 Dec 2004 11:33:49 -0500 X-SpamCop-sourceip: 61.91.75.68 X-Mailer: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; JUNO) via http://www.spamcop.net/ v1.394 X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5 X-Spam-Level: X-Spam-Status: hits=-92.1 tests=FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, FROM_ENDS_IN_NUMS,J_CHICKENPOX_21,J_CHICKENPOX_46,J_CHICKENPOX_52, URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL,USER_IN_WHITELIST version=3.0.0 X-SpamCop-Checked: 192.168.1.101 64.74.133.250 192.168.19.202 4.159.77.67 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net X-SpamCop-Whitelisted: spamcop.net From jeffg at spamcop.net Sun Jan 2 18:59:20 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Jan 2 19:00:03 2005 Subject: [SpamCop-Mail] Re: Why is this Mail FROM SpamCop to SpamCop being blacklisted by SORBS? References: <41D83928.EA7F7AC4@spamcop.net> Message-ID: Fred the Red Shirt organized electrons in article news:41D83928.EA7F7AC4@spamcop.net that appeared as follows: > Headers appended below. > > According to the headers this auto-response from SpamCop originated > on a Level3 IP [4.159.77.67] that is blacklisted as a trojaned server. > > How does this happen? Why doesn't the SpamCop whitelisting > of SpamCop.net take precedence over it? > > As they say on the net, thanks in advance. The whitelisting is supposed to take precedence. Where did the email end up, and is there any possibility one of your Filters put it there? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From somebody at somewhere.com Wed Jan 5 22:19:43 2005 From: somebody at somewhere.com (Kevin Hurni) Date: Wed Jan 5 22:20:24 2005 Subject: [SpamCop-Mail] More spam coming through than before? Message-ID: I apologize in advance if this is the wrong forum to post this in. I've been a subscriber to spamcop for a few years and it's served me VERY well. MAYBE 1 spam email "leaked" through every 1-2 months. However, lately (I'd say last 2 months or so) I've seen a rather large increase of false-negative emails slipping past spamcop. I'm up to about 3-5 per day now. Also, about the same time, Road Runner (whose email system I don't use, but I have the account they "gave" me), also increased from about 10- 20/day to 50-75 spam emails/day. I've asked a few of my co-workers and they seem to notice the same thing (increase in spam as of lately). I know that no system is 100% perfect, so I'm not "busting" on Spamcop, but a lot of what is slipping through seems obvious to me that it is spam. Subject lines are a dead giveaway as are the actual wording of the emails. I DO submit the spam emails (I actually gave up this week and have just been deleting time). Is there some sort of new "spam attack" that's been going around? From turan.fe at web.de Thu Jan 6 09:12:22 2005 From: turan.fe at web.de (Turan Fettahoglu) Date: Thu Jan 6 03:15:19 2005 Subject: [SpamCop-Mail] Persistant worm sender Message-ID: I keep on receiving one or two worm e-mails like this. It comes from a Nigerian address and contains a Bagle worm. SpamCop says this address is listed. The complaint address seems to be the sender's address. What would be a reasonable address for a complaint - without exposing oneself to the sender? It seems to be the revenge of a Nigerian scam artist. Kind regards Turan Fettahoglu Return-Path: Nadine. Ruchti@somewhere-in-switzerland.ch Received: from filter04.aul.t-online.de ([127.0.0.1]) by localhost with smtp id 1ClJgH-0HeykS0; Mon, 3 Jan 2005 05:18:57 +0100 Received: from mailin07.aul.t-online.de [172.18.16.135] by filter04.aul.t-online.de id EKDNPR61 outgoing id HTRUTAYU; 03 Jan 2005 05:18:57 +0100 Received: from dorinet4.com ([213.181.81.242]) by mailin07.sul.t-online.de with smtp id 1ClJfy-102jAG0; Mon, 3 Jan 2005 05:18:38 +0100 Date: Mon, 03 Jan 2005 05:18:32 -0800 To: "Turan.Fe" From: "Nadine.Ruchti" Subject: **SPAM** **SPAM BLIST 213.181.81.242** *SPAM* Forum notify Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------uloaytxhnfkqcwtblxqs" X-WW-Spam-Likelihood: profile=default;Bayesian=50, BodyRules=50, DBL=50, HeaderRules=99, Mailshell=94, total=100 X-TOI-SPAM: y;1;2005-01-03T04:19:11Z X-TOI-MSGID: f48ad91d-79a2-4112-9b08-b4d5522eaf2c X-Seen: false X-Bayesian-Result: Spam (100) X-Bayesian-Words: ajilon 99 aktivit?ten 99 angewendet 99 bedrohung 99 dorinet4 99 erzeugt 99 gefunden 99 ma?nahmen 99 mcafee 99 melden 99 m?gliche 99 nadine 99 ruchti 99 teile 99 verd?chtigen 99 X-HTMLM-Score: 0 X-HTMLM-Attach: MD5=594B38EE3AB6AACBE9A7A25FA463B43C Name=McAfee_EmailScanReport.txt X-SpamPal: SPAM BLIST 213.181.81.242 X-Blist-Pattern: 213.181.64.0 - 213.181.95.255 From MikeE at ster.invalid Thu Jan 6 07:58:52 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jan 6 11:00:09 2005 Subject: [SpamCop-Mail] Re: Persistant worm sender References: Message-ID: Turan Fettahoglu wrote: > I keep on receiving one or two worm e-mails like this. It comes from a > Nigerian address and contains a Bagle worm. It comes from a .ng IP address > SpamCop says this address is listed. The IP address is listed all over the place, including spews, which indicates that the provider is unresponsive. > The complaint address seems to be the sender's address. I don't know what you mean by that. But I don't think the information which SC is using is very good. > What would be > a reasonable address for a complaint - without exposing oneself to > the sender? It seems to be the revenge of a Nigerian scam artist. Almost never is a virmail or virm [virus worm email] an intentional mailing. They are almost universally due to an infected propagation. The problem is whether or not you are able to notify a responsive provider for the IP address. > Received: from dorinet4.com ([213.181.81.242]) Sourceline. 213.181.81.242 no rDNS whois -h whois.ripe.net 213.181.81.242 ... inetnum: 213.181.64.0 - 213.181.95.255 org: ORG-BL4-RIPE netname: NG-BROADBANDTECH-20000327 descr: BT Limited admin/tech-c IO243-RIPE e-mail: bt@micro.com.ng e-mail: i.oyeleke@moneynett.com SC sez i.oyeleke@moneynett.com I disagree with the SC notify. That is not a good notify for that netblock. Neither of those domainnames belong in that netblock and also the IP address is known to be non-responsive. You should look for alternate notifies while also notifying both of those admin/tech addies. Notice also that BT Limited in there. Here's some more information on one of the admin/tech contacts: person: Israel Oyeleke address: BT Limited e-mail: i.oyeleke@moneynett.com nic-hdl: IO243-RIPE notify: i.oyeleke@moneynett.com changed: ifiok@btlimited.com 20010605 changed: ifiok_moses@yahoo.com 20030917 So, my first strategy would be to include the abuse addies for btlimited as well as Israel's btlimited addy whois -h whois.abuse.net btlimited.com ... ghundertmark@newskiessat.com postmaster@btlimited.com abuse@newskies.com Then, I might consider also evaluating the ASN provider for the IP using radb and cymru whois -h whois.radb.net 213.181.81.242 ... route: 213.0.0.0/8 descr: REACH (Customer Route) tech-c: RRNOC1-REACH origin: AS23649 whois -h whois.cymru.com 213.181.81.242 ... ASN | IP | Name 16422 | 213.181.81.242 | NEWSKI New Skies Networks, Inc There's that newskies information again. I like that better than Reach. I'm going for abuse.net on newskies whois -h whois.abuse.net newskies.com ... ghundertmark@newskiessat.com abuse@mfn.com abuse@newskies.com postmaster@newskies.com (for newskies.com) So, I would notify all of the admin/tech contacts for the ripe IP block i.oyeleke@moneynett.com & bt@micro.com.ng plus all of the abuse.net for newskies, which includes the same addies as for btlimited. I don't think it does any good to go upstream for something like a provider not doing anything about virm propagations. However, if you want to go up from newskies because the IP is listed in spews and numerous other db/s for being unresponsive, that's up to you. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Thu Jan 6 11:01:46 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Jan 6 11:40:02 2005 Subject: [SpamCop-Mail] Re: Persistant worm sender References: Message-ID: Turan Fettahoglu organized electrons in article news:crirt5$84m$1@news.spamcop.net that appeared as follows: > I keep on receiving one or two worm e-mails like this. It comes from a > Nigerian address and contains a Bagle worm. > > SpamCop says this address is listed. > > The complaint address seems to be the sender's address. What would be > a reasonable address for a complaint - without exposing oneself to > the sender? It seems to be the revenge of a Nigerian scam artist. > > Kind regards > Turan Fettahoglu > > Return-Path: Nadine. Ruchti@somewhere-in-switzerland.ch > Received: from filter04.aul.t-online.de ([127.0.0.1]) by localhost > with smtp id 1ClJgH-0HeykS0; Mon, 3 Jan 2005 05:18:57 +0100 > Received: from mailin07.aul.t-online.de [172.18.16.135] by > filter04.aul.t-online.de id EKDNPR61 outgoing id HTRUTAYU; > 03 Jan 2005 05:18:57 +0100 > Received: from dorinet4.com ([213.181.81.242]) by > mailin07.sul.t-online.de with smtp id 1ClJfy-102jAG0; Mon, 3 Jan > 2005 05:18:38 +0100 > Date: Mon, 03 Jan 2005 05:18:32 -0800 > To: "Turan.Fe" > From: "Nadine.Ruchti" > Subject: **SPAM** **SPAM BLIST 213.181.81.242** *SPAM* Forum notify > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------uloaytxhnfkqcwtblxqs" > X-WW-Spam-Likelihood: profile=default;Bayesian=50, BodyRules=50, > DBL=50, HeaderRules=99, Mailshell=94, total=100 > X-TOI-SPAM: y;1;2005-01-03T04:19:11Z > X-TOI-MSGID: f48ad91d-79a2-4112-9b08-b4d5522eaf2c > X-Seen: false > X-Bayesian-Result: Spam (100) > X-Bayesian-Words: ajilon 99 aktivit?ten 99 angewendet 99 bedrohung 99 > dorinet4 99 erzeugt 99 gefunden 99 ma?nahmen 99 mcafee 99 melden 99 > m?gliche 99 nadine 99 ruchti 99 teile 99 verd?chtigen 99 > X-HTMLM-Score: 0 > X-HTMLM-Attach: MD5=594B38EE3AB6AACBE9A7A25FA463B43C > Name=McAfee_EmailScanReport.txt > X-SpamPal: SPAM BLIST 213.181.81.242 > X-Blist-Pattern: 213.181.64.0 - 213.181.95.255 At present, reports for 213.181.81.242 would go to i.oyeleke@moneynett.com. Even spammers deserve to know that their systems are infected, but you need not reveal your important secret email addresses to them while reporting such infected systems. spammotel.com and sneakemail.com can help you with this task, using the Manual Report guidelines at http://forum.spamcop.net/forums/index.php?showtopic=2530#entry19972 . Please don't try to send reports to the Organizational Contact for 213.181.64.0 - 213.181.95.255 (CIDR 213.181.64.0/19), bt@micro.com.ng because micro.com.ng has no nameservice. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From Kilgallen at SpamCop.net Thu Jan 6 12:06:18 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jan 6 13:10:03 2005 Subject: [SpamCop-Mail] SpamCop got a bounce from SpamCop Mail ??? Message-ID: <$cKV7qDDuZb1@eisner.encompasserve.org> Has anyone else gotten one of these on http://mailsc.spamcop.net/: Bounce error Your email address, MUNGED@spamcop.net has returned a bounce: Subject: Delivery Notification: Delivery has failed Reason: 5.0.0 (MAIL.DELIVERY line 171 contains too many parameters: " "*MailWatch Help Desk Please ensure your email account is reliable, then click below: From Kilgallen at SpamCop.net Thu Jan 6 15:31:07 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jan 6 16:35:04 2005 Subject: [SpamCop-Mail] Re: SpamCop got a bounce from SpamCop Mail ??? References: <$cKV7qDDuZb1@eisner.encompasserve.org> Message-ID: <7iRZ20oBcJXV@eisner.encompasserve.org> In article <$cKV7qDDuZb1@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: > Has anyone else gotten one of these on http://mailsc.spamcop.net/: > > Bounce error > Your email address, MUNGED@spamcop.net has returned a bounce: > Subject: Delivery Notification: Delivery has failed > Reason: 5.0.0 (MAIL.DELIVERY line 171 contains too many parameters: " "*MailWatch Help Desk > > Please ensure your email account is reliable, then click below: I got another one of these. The line about "*MailWatch Help Desk" is particularly confusing, since that is a product I never heard of. From jeffg at spamcop.net Thu Jan 6 16:28:05 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Jan 6 17:00:21 2005 Subject: [SpamCop-Mail] Re: SpamCop got a bounce from SpamCop Mail ??? References: <$cKV7qDDuZb1@eisner.encompasserve.org> Message-ID: Larry Kilgallen organized electrons in article news:$cKV7qDDuZb1@eisner.encompasserve.org that appeared as follows: > Has anyone else gotten one of these on http://mailsc.spamcop.net/: > > Bounce error > Your email address, MUNGED@spamcop.net has returned a bounce: > Subject: Delivery Notification: Delivery has failed > Reason: 5.0.0 (MAIL.DELIVERY line 171 contains too many parameters: " > "*MailWatch Help Desk > > Please ensure your email account is reliable, then click below: I haven't, but I've heard rumors. If your SpamCop Email System account forwards to your account at a provider that uses MailWatch, then the problem is between the SpamCop Email System and that provider - please contact that provider and CC support at spamcop.net. If your SpamCop Email System account does not forward, then the problem is between the SpamCop Parsing and Reporting Service and the SpamCop Email System - please contact support at spamcop.net and CC service at admin.spamcop.net. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From averyc50 at hotmail.com Thu Jan 6 21:12:36 2005 From: averyc50 at hotmail.com (Christopher Avery [397936]) Date: Thu Jan 6 22:15:25 2005 Subject: [SpamCop-Mail] webmail down? Message-ID: Is the Spamcop Webmail down? I can't reach it via mail.spamcop.net or webmail.spamcop.net. -- -- Chris Avery averyc@spamcop.net From beachcliff at hotmail.com Fri Jan 7 07:17:20 2005 From: beachcliff at hotmail.com (ken.g@insightbb.com on behalf of beachcliff@hotmail.com) Date: Fri Jan 7 07:20:16 2005 Subject: [SpamCop-Mail] Re: webmail down? In-Reply-To: References: Message-ID: I just clicked onto 'mail.spamcop.net' and it seems okay. Found one spam and sent it in to Spam Cop. Try logging in again. Christopher Avery [397936] wrote: > Is the Spamcop Webmail down? I can't reach it via mail.spamcop.net or > webmail.spamcop.net. > -- Green's my name - Linux User # 320273 - Linspire From jvm_cop at spamcop.net Fri Jan 7 13:40:55 2005 From: jvm_cop at spamcop.net (J. Merrill) Date: Fri Jan 7 13:40:04 2005 Subject: [SpamCop-Mail] "Can't find nnnn" messages in my Held Mail Message-ID: My Held Mail display includes Check All Reset [17804] ( Preview ) (Blocked bl.spamcop.net ) [17805] ( Preview ) (Blocked bl.spamcop.net ) and when I click either of the Preview links, I get (lines of = shortened) ======================================================== Previewing raw email. Use your browser's back button to return to menu. ======================================================== error:Cannot find 17804 (or 17805) I could obviously delete these, but doesn't this indicate that something's gone wrong? From jeffg at spamcop.net Fri Jan 7 20:45:35 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Jan 7 20:50:12 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: Message-ID: J. Merrill organized electrons in article news:crmkvq$ldo$1@news.spamcop.net that appeared as follows: > My Held Mail display includes > > Check All Reset > [17804] ( Preview ) > (Blocked bl.spamcop.net ) > [17805] ( Preview ) > (Blocked bl.spamcop.net ) > > and when I click either of the Preview links, I get (lines of = > shortened) > > ======================================================== > Previewing raw email. Use your browser's back button to return > to menu. > ======================================================== > error:Cannot find 17804 (or 17805) > > I could obviously delete these, but doesn't this indicate that > something's gone wrong? If you did something to change the state of your Held Mail mailbox/Folder between submitting the request for the Held Mail display (VER) and clicking on the messages to preview them, that could explain the symptoms you have presented. This type of problem doesn't happen with the Webmail view of the Held Mail mailbox/Folder (the recommended and only linked method of processing Held Mail). Why are you still using VER? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From TJLWBECGSGWU at spammotel.com Sat Jan 8 02:27:53 2005 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Fri Jan 7 21:30:12 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: Message-ID: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> On Fri, 7 Jan 2005 20:45:35 -0500, "Jeff G." wrote: >J. Merrill organized electrons in article >news:crmkvq$ldo$1@news.spamcop.net that appeared as follows: > >> ======================================================== >> Previewing raw email. Use your browser's back button to return >> to menu. >> ======================================================== >> error:Cannot find 17804 (or 17805) >> >> I could obviously delete these, but doesn't this indicate that >> something's gone wrong? > >If you did something to change the state of your Held Mail >mailbox/Folder between submitting the request for the Held Mail display >(VER) and clicking on the messages to preview them, that could explain >the symptoms you have presented. FWIW, I saw the same thing yesterday. I hadn't touched the held mail folder since quick reporting the previous batch. Two of them (the earliest two) produced this error. I've checked a few messages in subsequent batches and haven't seen it again. >This type of problem doesn't happen with the Webmail view of the Held >Mail mailbox/Folder (the recommended and only linked method of >processing Held Mail). Why are you still using VER? The SpamCop front page "Held Email" link goes to http://www.spamcop.net/reportheld?action=heldlog , not to webmail. "heldlog" is also easier to read and use IMO. Is it not supported anymore? -- Mat. From sam_2361 at hotmail.com Sat Jan 8 18:33:01 2005 From: sam_2361 at hotmail.com (Steve Milano) Date: Sat Jan 8 18:35:03 2005 Subject: [SpamCop-Mail] What is this? Message-ID: <41E06DAD.6030007@hotmail.com> Sorry if I'm in the wrong forum. I keep getting this e-mail over and over. There's no return or from address. SpamCop says there's no body provided, so I can't report it. Any ideas? Thanks. From - Sat Jan 8 18:28:34 2005 X-UIDL: 20050108225659r1800fri09e000ltb X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Date: Sat, 8 Jan 2005 22:56:59 +0000 (GMT) X-Comment: Sending client does not conform to RFC822 minimum requirements X-Comment: Date has been added by Maillennium Received: from ip-wv-68-117-145-090.charterwv.net ([68.117.145.90]) by rwcrmxc18.comcast.net (rwcrmxc18) with SMTP id <20050108225639r1800pr0e5e>; Sat, 8 Jan 2005 22:56:56 +0000 X-Originating-IP: [68.117.145.90] Received: from ramrod.o2.pl ([44.114.134.100]) by appetite.o2.pl (Sun Java System Messaging Server 6.1 HotFix 0.09 (built Aug 29 2004)) with ESMTP id <0E7E00IL2[3 From MikeE at ster.invalid Sat Jan 8 15:59:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jan 8 19:00:25 2005 Subject: [SpamCop-Mail] Re: What is this? References: <41E06DAD.6030007@hotmail.com> Message-ID: Steve Milano wrote: > Sorry if I'm in the wrong forum. .mail is for newsgroup discussing problems with the spamcop mail service. I'll crosspost this to .help and set f/ups there. > I keep getting this e-mail over and over. > > There's no return or from address. Return/from addresses on spams and virms are almost always bogus anyway. Disregard them; that is information useful only for normal mail. > SpamCop says there's no body provided, so I can't report it. > > Any ideas? That item is apparently an empty spam sourced from 68.117.145.90 rDNS ip-wv-68-117-145-090.charterwv.net notify abuse@charter.net which is multilisted in spamcop and other spamsource db/s and also in trojan/proxy db/s. > Received: from ip-wv-68-117-145-090.charterwv.net ([68.117.145.90]) SC is configured to not 'allow' reporting of empty spams because many times when people submit such an item it is felt to be an error in submission method. There is some controversy over whether or not it is permissible to add some words to the empty body after a blank line below the headers such as 'no body text' to enable the report on empty spam. The faq doesn't permit that action; no deputy has approved something different from the faq's permission; but it is common practice for some people to advise making such an entry in the body, while others don't do that since it isn't expressly permitted. That item is also missing a number of other header elements, such as To, Subject, MessageID. Previously such a deficient item would fail to be parsed for insufficient header elements; apparently that part of the algorithm has changed. It will now process a spam if there is only just a Received line and offer to send a report as long as there is something in the body. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Jan 8 19:26:37 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Jan 8 19:30:04 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Mathew Hendry organized electrons in article news:5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com that appeared as follows: > On Fri, 7 Jan 2005 20:45:35 -0500, "Jeff G." > wrote: > >> J. Merrill organized electrons in article >> news:crmkvq$ldo$1@news.spamcop.net that appeared as follows: >> >>> ======================================================== >>> Previewing raw email. Use your browser's back button to return >>> to menu. >>> ======================================================== >>> error:Cannot find 17804 (or 17805) >>> >>> I could obviously delete these, but doesn't this indicate that >>> something's gone wrong? >> >> If you did something to change the state of your Held Mail >> mailbox/Folder between submitting the request for the Held Mail >> display (VER) and clicking on the messages to preview them, that >> could explain the symptoms you have presented. > > FWIW, I saw the same thing yesterday. I hadn't touched the held mail > folder since quick reporting the previous batch. Two of them (the > earliest two) produced this error. I've checked a few messages in > subsequent batches and haven't seen it again. > >> This type of problem doesn't happen with the Webmail view of the Held >> Mail mailbox/Folder (the recommended and only linked method of >> processing Held Mail). Why are you still using VER? > > The SpamCop front page "Held Email" link goes to > http://www.spamcop.net/reportheld?action=heldlog , not to webmail. > "heldlog" is also easier to read and use IMO. Is it not supported > anymore? No new development is being done to the VER page at http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more useful than Webmail for viewing from email addresses and for queueing for reporting, and that link was supposed to have been changed. Please see the following URLs for details: http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 http://forum.spamcop.net/forums/index.php?showtopic=3419 -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From jeffg at spamcop.net Sat Jan 8 19:34:31 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Jan 8 19:35:02 2005 Subject: [SpamCop-Mail] Re: What is this? References: <41E06DAD.6030007@hotmail.com> Message-ID: Steve Milano organized electrons in article news:41E06DAD.6030007@hotmail.com that appeared as follows: > Sorry if I'm in the wrong forum. > > I keep getting this e-mail over and over. > > There's no return or from address. > > SpamCop says there's no body provided, so I can't report it. > > Any ideas? > > Thanks. > > > > From - Sat Jan 8 18:28:34 2005 > X-UIDL: 20050108225659r1800fri09e000ltb > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Date: Sat, 8 Jan 2005 22:56:59 +0000 (GMT) > X-Comment: Sending client does not conform to RFC822 minimum > requirements X-Comment: Date has been added by Maillennium > Received: from ip-wv-68-117-145-090.charterwv.net ([68.117.145.90]) > by rwcrmxc18.comcast.net (rwcrmxc18) with SMTP > id <20050108225639r1800pr0e5e>; Sat, 8 Jan 2005 22:56:56 > +0000 X-Originating-IP: [68.117.145.90] > Received: from ramrod.o2.pl ([44.114.134.100]) > by appetite.o2.pl (Sun Java System Messaging Server 6.1 HotFix 0.09 > (built Aug 29 2004)) with ESMTP id <0E7E00IL2[3 In addition to Mike Easter's advice, you could ask Comcast to have Maillennium block such messages rather than merely comment on them. :) -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From sam_2361 at hotmail.com Sat Jan 8 21:23:53 2005 From: sam_2361 at hotmail.com (Steve Milano) Date: Sat Jan 8 21:25:02 2005 Subject: [SpamCop-Mail] Re: What is this? References: <41E06DAD.6030007@hotmail.com> Message-ID: <41E095B9.2040203@hotmail.com> Thanks! Jeff G. wrote: > Steve Milano organized electrons in article > news:41E06DAD.6030007@hotmail.com that appeared as follows: > >>Sorry if I'm in the wrong forum. >> >>I keep getting this e-mail over and over. >> >>There's no return or from address. >> >>SpamCop says there's no body provided, so I can't report it. >> >>Any ideas? >> >>Thanks. >> >> >> >> From - Sat Jan 8 18:28:34 2005 >>X-UIDL: 20050108225659r1800fri09e000ltb >>X-Mozilla-Status: 0001 >>X-Mozilla-Status2: 00000000 >>Date: Sat, 8 Jan 2005 22:56:59 +0000 (GMT) >>X-Comment: Sending client does not conform to RFC822 minimum >>requirements X-Comment: Date has been added by Maillennium >>Received: from ip-wv-68-117-145-090.charterwv.net ([68.117.145.90]) >> by rwcrmxc18.comcast.net (rwcrmxc18) with SMTP >> id <20050108225639r1800pr0e5e>; Sat, 8 Jan 2005 22:56:56 >>+0000 X-Originating-IP: [68.117.145.90] >>Received: from ramrod.o2.pl ([44.114.134.100]) >> by appetite.o2.pl (Sun Java System Messaging Server 6.1 HotFix 0.09 >> (built Aug 29 2004)) with ESMTP id <0E7E00IL2[3 > > > In addition to Mike Easter's advice, you could ask Comcast to have > Maillennium block such messages rather than merely comment on them. :) > From TJLWBECGSGWU at spammotel.com Sun Jan 9 03:00:11 2005 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Sat Jan 8 22:05:04 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: <5961u0hm7vifpkm4f4reu0o91llkvkriks@4ax.com> On Sat, 8 Jan 2005 19:26:37 -0500, "Jeff G." wrote: >[snip snip]> > >No new development is being done to the VER page at >http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more >useful than Webmail for viewing from email addresses and for queueing >for reporting, and that link was supposed to have been changed. Please >see the following URLs for details: >http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 >http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 >http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 >http://forum.spamcop.net/forums/index.php?showtopic=3419 Righto, thanks Jeff. Actually, the webmail version would be just peachy if it had a sortable-by column for spamassassin score. I home in on scores in single and low-double digits on the heldlog page because spamassassin has never assigned a score higher than 8 or so to any of my non-spam messages. (I'm using only spamassassin for filtering at the moment because I don't really trust the "hair trigger" setup currently used for the BLs). -- Mat. From jeffg at spamcop.net Sat Jan 8 22:31:15 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Jan 8 22:35:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> <5961u0hm7vifpkm4f4reu0o91llkvkriks@4ax.com> Message-ID: Mathew Hendry organized electrons in article news:5961u0hm7vifpkm4f4reu0o91llkvkriks@4ax.com that appeared as follows: > On Sat, 8 Jan 2005 19:26:37 -0500, "Jeff G." > wrote: > >> [snip snip]> >> >> No new development is being done to the VER page at >> http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more >> useful than Webmail for viewing from email addresses and for queueing >> for reporting, and that link was supposed to have been changed. >> Please see the following URLs for details: >> http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 >> http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 >> http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 >> http://forum.spamcop.net/forums/index.php?showtopic=3419 > > Righto, thanks Jeff. Actually, the webmail version would be just > peachy if it had a sortable-by column for spamassassin score. I home > in on scores in single and low-double digits on the heldlog page > because spamassassin has never assigned a score higher than 8 or so > to any of my non-spam messages. (I'm using only spamassassin for > filtering at the moment because I don't really trust the "hair > trigger" setup currently used for the BLs). > > -- Mat. Mat, you're welcome, and thanks for the suggestion. I duplicated it at http://forum.spamcop.net/forums/index.php?showtopic=3420 -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From fredfighter at spamcop.net Sun Jan 9 04:19:39 2005 From: fredfighter at spamcop.net (Fred the Red Shirt) Date: Sat Jan 8 23:40:03 2005 Subject: [SpamCop-Mail] Re: Why is this Mail FROM SpamCop to SpamCop being blacklisted by SORBS? References: <41D83928.EA7F7AC4@spamcop.net> Message-ID: <41E0B0DB.8281E97D@spamcop.net> "Jeff G." wrote: > Fred the Red Shirt organized electrons in > article news:41D83928.EA7F7AC4@spamcop.net that appeared as follows: > > Headers appended below. > > > > According to the headers this auto-response from SpamCop originated > > on a Level3 IP [4.159.77.67] that is blacklisted as a trojaned server. > > > > How does this happen? Why doesn't the SpamCop whitelisting > > of SpamCop.net take precedence over it? > > > > As they say on the net, thanks in advance. > > The whitelisting is supposed to take precedence. Where did the email > end up, and is there any possibility one of your Filters put it there? It would up in held mail. It was my use of the SORBSBL that put it there. This is clear from the headers I posted. -- FF From fredfighter at spamcop.net Sun Jan 9 04:23:20 2005 From: fredfighter at spamcop.net (Fred the Red Shirt) Date: Sat Jan 8 23:45:03 2005 Subject: [SpamCop-Mail] Re: Why is this Mail FROM SpamCop to SpamCop being blacklisted by SORBS? References: <41D83928.EA7F7AC4@spamcop.net> <41E0B0DB.8281E97D@spamcop.net> Message-ID: <41E0B1B8.EE6EF4F9@spamcop.net> Fred the Red Shirt wrote: > "Jeff G." wrote: > > > Fred the Red Shirt organized electrons in > > article news:41D83928.EA7F7AC4@spamcop.net that appeared as follows: > > > Headers appended below. > > > > > > According to the headers this auto-response from SpamCop originated > > > on a Level3 IP [4.159.77.67] that is blacklisted as a trojaned server. > > > > > > How does this happen? Why doesn't the SpamCop whitelisting > > > of SpamCop.net take precedence over it? > > > > > > As they say on the net, thanks in advance. > > > > The whitelisting is supposed to take precedence. Where did the email > > end up, and is there any possibility one of your Filters put it there? > It wound up in held mail. It was my use of the SORBSBL that put it there. > > This is clear from the headers I posted. 4.159.77.67 is listed. -- FF From MikeE at ster.invalid Sat Jan 8 21:24:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jan 9 00:25:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Jeff G. wrote: > No new development is being done to the VER page at > http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more > useful than Webmail for viewing from email addresses and for queueing > for reporting, and that link was supposed to have been changed. > Please see the following URLs for details: > http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 > http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 > http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 > http://forum.spamcop.net/forums/index.php?showtopic=3419 I disagree that there should only be a one-way communication between the newgroups and the forum. It seems to me that the only information transferring around here is people, eg Jeff G, from the forum telling people in the newsgroups to go to the forums. Or, stated another way, it appears to me that Sacagawea is working for the British instead of for the settlers /or/ the Indians, or something like that. What is going to come out of that is going to be an adversareal relationship between the newsgroups and the forums. If that's the way it is going to be; there should be no referrals from the newsgroups to the forums for any information. That is, there should be no such referrals from anyone with any allegiance to newsgroups. IMO referring people to the forums for any kind of information is not good advice unless you think the newsgroups should go away. Better advice would be to steer forum related questions which /can/ be answered in the newsgroups to the newsgroups. Further, the same people who are answering questions in the forums should be answering questions in the newsgroups instead of the forums. The only time or reason that any question should be answered in the forum instead of the newsgroups is when the person asking the question is incompetent to be answered in the newsgroups. The idea of steering newsgroup people who are capable of being answered in the newsgroups to the forums is completely outawhack. -- Mike Easter kibitzer, not SC admin From paul at spamcop.net Sun Jan 9 13:27:13 2005 From: paul at spamcop.net (Paul Hutchings) Date: Sun Jan 9 08:30:02 2005 Subject: [SpamCop-Mail] Spamcop MX Records? Message-ID: Does anyone have an idea as to why Spamcop has two MX records with different values that both point to exactly the same IP addresses? cheers, Paul -- paul spamcop net From nobody at devnull.spamcop.net Sun Jan 9 10:14:42 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jan 9 11:15:18 2005 Subject: [SpamCop-Mail] Re: Spamcop MX Records? References: Message-ID: "Paul Hutchings" wrote in message news:paul-AC17D5.13271309012005@news.cesmail.net... > Does anyone have an idea as to why Spamcop has two MX records with > different values that both point to exactly the same IP addresses? You just did this to give Mike E. some ammunition, didn't you? First response, already answered "over there" in the web-based Forum to your posted query there. As said there, it's hard to believe that it's been over a year ... The catch is that this is also where JT made his explanation. Search of the archives here should get you to where the data was also brought "over here" .. but, the specific answer is at; http://forum.spamcop.net/forums/index.php?showtopic=3007 "DNS Issues, An explanation of what's been going on" From jeffg at spamcop.net Sun Jan 9 13:10:41 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Jan 9 13:30:03 2005 Subject: [SpamCop-Mail] Re: Why is this Mail FROM SpamCop to SpamCop being blacklisted by SORBS? References: <41D83928.EA7F7AC4@spamcop.net> <41E0B0DB.8281E97D@spamcop.net> Message-ID: Fred the Red Shirt organized electrons in article news:41E0B0DB.8281E97D@spamcop.net that appeared as follows: > "Jeff G." wrote: > >> Fred the Red Shirt organized electrons in >> article news:41D83928.EA7F7AC4@spamcop.net that appeared as follows: >>> Headers appended below. >>> >>> According to the headers this auto-response from SpamCop originated >>> on a Level3 IP [4.159.77.67] that is blacklisted as a trojaned >>> server. >>> >>> How does this happen? Why doesn't the SpamCop whitelisting >>> of SpamCop.net take precedence over it? >>> >>> As they say on the net, thanks in advance. >> >> The whitelisting is supposed to take precedence. Where did the email >> end up, and is there any possibility one of your Filters put it >> there? > > It would up in held mail. It was my use of the SORBSBL that put it > there. > > This is clear from the headers I posted. Please confirm that spamcop.net is in your Personal Whitelist and forward at least the headers to support at spamcop.net. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From jeffg at spamcop.net Sun Jan 9 13:28:26 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Jan 9 13:30:07 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Mike Easter organized electrons in article news:crqf3c$194$1@news.spamcop.net that appeared as follows: > Jeff G. wrote: >> No new development is being done to the VER page at >> http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more >> useful than Webmail for viewing from email addresses and for queueing >> for reporting, and that link was supposed to have been changed. >> Please see the following URLs for details: >> > http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 >> > http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 >> > http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 >> http://forum.spamcop.net/forums/index.php?showtopic=3419 > > I disagree that there should only be a one-way communication between > the newgroups and the forum. > > It seems to me that the only information transferring around here is > people, eg Jeff G, from the forum telling people in the newsgroups to > go to the forums. Or, stated another way, it appears to me that > Sacagawea is working for the British instead of for the settlers /or/ > the Indians, or something like that. What is going to come out of > that is going to be an adversareal relationship between the > newsgroups and the forums. > > If that's the way it is going to be; there should be no referrals > from the newsgroups to the forums for any information. That is, > there should be no such referrals from anyone with any allegiance to > newsgroups. > > IMO referring people to the forums for any kind of information is not > good advice unless you think the newsgroups should go away. > > Better advice would be to steer forum related questions which /can/ > be answered in the newsgroups to the newsgroups. > > Further, the same people who are answering questions in the forums > should be answering questions in the newsgroups instead of the forums. > > The only time or reason that any question should be answered in the > forum instead of the newsgroups is when the person asking the question > is incompetent to be answered in the newsgroups. > > The idea of steering newsgroup people who are capable of being > answered in the newsgroups to the forums is completely outawhack. People can't be "incompetent to be answered in the newsgroups." I am trying to answer questions in both places, and transfer information when necessary. JT is only answering questions in the new web-based forums. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From MikeE at ster.invalid Sun Jan 9 10:51:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jan 9 13:55:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Jeff G. wrote: > Mike Easter >> Jeff G. wrote: >>> Please see the following URLs for details: >> I disagree that there should only be a one-way communication between >> the newgroups and the forum. >> >> It seems to me that the only information transferring around here is >> people, eg Jeff G, from the forum telling people in the newsgroups >> to go to the forums. >> The idea of steering newsgroup people who are capable of being >> answered in the newsgroups to the forums is completely outawhack. > > I am > trying to answer questions in both places, and transfer information > when necessary. When asked a question in the forums, you answer the question in the forum. When you respond to a question in the newsgroup, it is to point to a group of threads in the forum. You have no problem cutting and pasting from the newsgroup to the forum, but you seem to have a great deal of trouble pasting something from the forum into the newsgroup. That's what I'm talking about. > JT is only answering questions in the new web-based > forums. It doesn't matter where JT is posting because JT's strengths aren't in what he posts or where he posts it. JT's strengths are in what he is doing behind the scenes; he isn't much of a poster anywhere and that's just fine. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sun Jan 9 13:54:49 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Jan 9 13:55:05 2005 Subject: [SpamCop-Mail] Re: Spamcop MX Records? References: Message-ID: WazoO organized electrons in article news:crrl9m$m76$1@news.spamcop.net that appeared as follows: > "Paul Hutchings" wrote in message > news:paul-AC17D5.13271309012005@news.cesmail.net... >> Does anyone have an idea as to why Spamcop has two MX records with >> different values that both point to exactly the same IP addresses? > > You just did this to give Mike E. some ammunition, didn't > you? First response, already answered "over there" > in the web-based Forum to your posted query there. As > said there, it's hard to believe that it's been over a year ... > > The catch is that this is also where JT made his explanation. > Search of the archives here should get you to where the data > was also brought "over here" .. but, the specific answer is at; > http://forum.spamcop.net/forums/index.php?showtopic=3007 > "DNS Issues, An explanation of what's been going on" Mike Easter brought it over in a reply here entitled "[SpamCop-Mail] Re: {webmail,imap,mail}.spamcop.net not found?", dated "Tue, 9 Nov 2004 03:19:47 -0800", with "Message-ID: ", NNTP posted "Tue, 9 Nov 2004 11:16:43 +0000 (UTC)", still available on news.spamcop.net, and archived "Tue Nov 9 03:15:41 EST 2004" (apparent 3 hours backward time travel notwithstanding) at http://news.spamcop.net/pipermail/spamcop-mail/2004-November/014634.html . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From MikeE at ster.invalid Sun Jan 9 11:47:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jan 9 14:50:03 2005 Subject: [SpamCop-Mail] Re: Spamcop MX Records? References: Message-ID: Jeff G. wrote: > Mike Easter brought it over in a reply here entitled "[SpamCop-Mail] > Re: {webmail,imap,mail}.spamcop.net not found?", dated "Tue, 9 Nov > 2004 03:19:47 -0800", with "Message-ID: > ", NNTP posted "Tue, 9 Nov 2004 > 11:16:43 +0000 (UTC)", still available on news.spamcop.net, and > archived "Tue Nov 9 03:15:41 EST 2004" (apparent 3 hours backward > time travel notwithstanding) at > http://news.spamcop.net/pipermail/spamcop-mail/2004-November/014634.html Since it is still on this newsserver, which contains about 220 messages in this newsgroup, going back to Oct 20, the individual message could be looked at with news://news.spamcop.net/cmq8uq$rij$1@news.spamcop.net For an even deeper archive, there are over 11000 messages for this newsgroup in gmane, and the same message can be accessed from that newsserver with news:///news.gmane.org/gmane.mail.spam.spamcop.email/cmq8uq$rij$1@news.spamcop.net I didn't download all of them to see how far back it goes, but 1000 messages go back to Apr 1. Gmane also accesses with a web access; and the above described thread is here http://thread.gmane.org/gmane.mail.spam.spamcop.user/88402 -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jan 9 11:53:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jan 9 14:55:13 2005 Subject: [SpamCop-Mail] Re: Spamcop MX Records? References: Message-ID: Mike Easter wrote: > Gmane also accesses with a web access; and the above described thread > is here http://thread.gmane.org/gmane.mail.spam.spamcop.user/88402 oops. Wrong thread. This is the thread http://thread.gmane.org/gmane.mail.spam.spamcop.user/87729 I'm not very skilled at navigating at gmane. -- Mike Easter kibitzer, not SC admin From jvm_cop at spamcop.net Mon Jan 10 13:22:50 2005 From: jvm_cop at spamcop.net (J. Merrill) Date: Mon Jan 10 13:20:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: Message-ID: "Jeff G." wrote in message news:crne85$740$1@news.spamcop.net... > J. Merrill organized electrons in article > news:crmkvq$ldo$1@news.spamcop.net that appeared as follows: > > My Held Mail display includes > > > > Check All Reset > > [17804] ( Preview ) > > (Blocked bl.spamcop.net ) > > [17805] ( Preview ) > > (Blocked bl.spamcop.net ) > > > > and when I click either of the Preview links, I get (lines of = > > shortened) > > > > ======================================================== > > Previewing raw email. Use your browser's back button to return > > to menu. > > ======================================================== > > error:Cannot find 17804 (or 17805) > > > > I could obviously delete these, but doesn't this indicate that > > something's gone wrong? > > If you did something to change the state of your Held Mail > mailbox/Folder between submitting the request for the Held Mail display > (VER) and clicking on the messages to preview them, that could explain > the symptoms you have presented. I didn't do anything weird; these messages are still there, days later; when I went to look at the first of those messages with Webmail, it displayed a message like "message not found" -- that's what I was going to say in this message. But I didn't write down the message, and when I went to look again (just now) to be able to give the exact message (having since reported the other messages in my Held Mail folder as spam), it's now showing me a real message (not an error display) that's only got headers and no body. (Should I report such messages?) So Webmail seems to have "fixed" this -- but I still get the error message looking at the same messages in VER. Are you suggesting that nothing is wrong if VER can't find the same header-only message that Webmail can see, or that VER's message "can't find xxx" is a limitation of VER reason that I shouldn't use VER? > This type of problem doesn't happen with the Webmail view of the Held > Mail mailbox/Folder (the recommended and only linked method of > processing Held Mail). Why are you still using VER? Because it works for me. It's Very Easy. It's linked from all the pages that share Report Spam page's top-line menu. It doesn't show me my Inbox (which is always empty, as I use POP to get my new (not-held) messages into my mail reader), and I can't make Webmail show Held Mail by default (can I?). If VER is deprecated, why doesn't the VER page say that? This is the first time I've heard that. (I've never been to the forums. I'm not required to go there to use the service, am I?) Are you the person who says I shouldn't I use it, or is it Julian / Jeff / SpamCop that says so? (Is there really something wrong with it?) If it's SpamCop that says so, where do they say it? > -- > Thanks and Best Regards, Jeff G. > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please reply via Forum, Group, > or List only. From jeffg at spamcop.net Tue Jan 11 08:44:46 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Jan 11 08:45:04 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: The following is for completeness, for those of you who can't or won't visit the new web-based forums. I organized electrons in article news:crptnv$mkd$1@news.spamcop.net that appeared as follows: > Mathew Hendry organized electrons in > article news:5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com that appeared > as follows: >> On Fri, 7 Jan 2005 20:45:35 -0500, "Jeff G." >> wrote: >>> This type of problem doesn't happen with the Webmail view of the >>> Held Mail mailbox/Folder (the recommended and only linked method of >>> processing Held Mail). Why are you still using VER? >> >> The SpamCop front page "Held Email" link goes to >> http://www.spamcop.net/reportheld?action=heldlog , not to webmail. >> "heldlog" is also easier to read and use IMO. Is it not supported >> anymore? > > No new development is being done to the VER page at > http://mailsc.spamcop.net/reportheld?action=heldlog - it's only more > useful than Webmail for viewing from email addresses and for queueing > for reporting, and that link was supposed to have been changed. > Please see the following URLs for details: > http://forum.spamcop.net/forums/index.php?showtopic=40&view=findpost&p=410 In that Post, JT wrote on Jan 29 2004 at 10:01 AM ET: > The plan now is that the non-Webmail interface (which we have > historically called VER) won't necessarily go away but there won't be > much development taking place on it. New features and the like will > all need to go into the webmail interface. Major bugs will be fixed > in VER, but we're not going to be adding features. > > The webmail already offers a lot fo things that people have complained > about in VER. Webmail lets you display 500 messages per page if you > want. It's faster than VER, both for showing the messages and for > sending spam reports. You can sort by various fields. You can turn on > a preview of the messages so you can see the first few lines of every > held mail. (That's what I do and I scan through them to make sure > they're spam). > > Webmail does not yet have the "forward and whitelist" button, but it's > coming. The last paragraph above has been superceded - the Webmail name for this feature is "Release and Whitelist". > http://forum.spamcop.net/forums/index.php?showtopic=762&view=findpost&p=4702 In that Post, I wrote on Mar 22 2004 at 02:23 PM ET: > There were earlier predictions of doom for VER, which I repeated. > However, the latest word from JT is that VER is staying put, with only > fixes but no new development, and that Webmail is being customized to > do what VER can currently do. Unless something goes horribly wrong, I > expect the next steps in the development of Webmail to be duplication > of the following VER capabilities: "Queue for reporting" Actions, > Optional Display of From Email Address, and Optional Display of > Reason Held. > > I just updated the chart in "FAQ Entry: What is Quick Reporting?" at > http://forum.spamcop.net/forums/index.php?showtopic=163 to reflect the > new "Release" Links in Webmail. > > Please note that "Release" works just like "Forward" in VER - if your > mail is normally forwarded, the mail that is "Released" gets > forwarded, and if your mail is normally sent to your SpamCop INBOX, > then the mail that is "Released" gets sent to your SpamCop INBOX. > > Also, please note that in Webmail the "Release and Whitelist" Link is > using the Alt+N hotkey normally used by the unlabeled "Select All" > checkbox under the "Delete" link, so you should use Alt+K to "Select > All" while viewing your "Held Mail" Folder. The chart in "FAQ Entry: What is Quick Reporting?" at http://forum.spamcop.net/forums/index.php?showtopic=163 shows the following two columns (best viewed in a fixed-pitch font): > VER Action Webmail Capability > ~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~ > Quick - report immediately and trash "Report as Spam" > Queue for reporting (and move to trash) In Progress > Queue for reporting (do not trash) In Progress > Forward (and whitelist sender) "Release and Whitelist" > Forward (do not whitelist sender) Release (or Move or Open and > Redirect) > Delete Delete > http://forum.spamcop.net/forums/index.php?showtopic=2787&view=findpost&p=19381 In that Post, I wrote on Oct 30 2004 at 12:15 PM ET in reference to the web-based forums' Glossary: > I think that more appropriate would be a definition that mentioned > that VER will have no new development and that the preferred method of > reporting spam in Held Mail is Webmail via the secure > [https://webmail.spamcop.net/horde/imp/heldmail.php?mailbox=INBOX.Held+M ail&1=1/] > or insecure > [http://webmail.spamcop.net/horde/imp/heldmail.php?mailbox=INBOX.Held+Ma il&1=1/] > method. > http://forum.spamcop.net/forums/index.php?showtopic=3419 Wazoo posted in web forums Topic "Default behavior of Held Mail button changed" at http://forum.spamcop.net/forums/index.php?showtopic=2665 on Sep 20 2004 at 11:32 AM ET: > Per e-mail to Deputies, Don, and me; > > [Quoting JT AKA Jeff T.] > I've changed the default behavior of the Held Mail button at the top > of the > page in webmail. It now takes you to the Held Mail folder in webmail, > instead of the old VER page. Since you can report spam, whitelist, and > release emails from the webmail view, I think this is superior in just > about every way. > > The old page still exists and users can get to it by going straight to > the > old URL. There's no plan for this to go away right away, although that > may > happen eventually. I expect a lot of complaints and questions from the > users as they get used to this. If they want to complain, just tell > them to > bookmark the old URL and go straight to it. No need even to login to > webmail. > > Jeff [T.] > > And a follow-up from Don; > > By "old URL" he means for the users to log into > http://mailsc.spamcop.net > and access Held Mail from there. It's the only way they can queue spam > for > regular reporting (as opposed to quick reporting) and some of them may > prefer the look and feel of that interface. > > - Don - > > and a bit later; > > Thanks Jeff [T.]. > > I'm going to start encourageing users in this [reporting of Held Mail > using Webmail's Held Mail mailbox/Folder rather than using VER] > direction now too - I'll > change the "held mail" link on the reporting pages to go to imp login > too. > Or at least put a message at the top of the page telling users to use > it instead. I think we can create a login form that takes users > directly to the held mail folder. > > -=Julian=- In web forums Topic "Please change the "held mail" link on the reporting pages to go to imp" ["imp" is the original software that JT modified to become SpamCop Webmail - "Webmail" wouldn't fit in the Topic Title] at http://forum.spamcop.net/forums/index.php?showtopic=3419 , I quoted Julian's portion of the above (including the bracketed section which I wrote) on Jan 8 2005 at 07:14 PM ET and added: > This hasn't happened in the 3+ months since that post. I'd suggest > this link > [https://webmail.spamcop.net/horde/imp/heldmail.php?mailbox=INBOX.Held+M ail&1=1/]. > Please make it so. Thanks! -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From MikeE at ster.invalid Tue Jan 11 06:25:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jan 11 09:25:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Jeff G. wrote: > The following is for completeness, for those of you who can't or won't > visit the new web-based forums. Thanks Jeff. I don't do mail, so I'm totally weak over here. I think it would be a big mistake to have mail support and questions disappear from the newsgroups. It doesn't matter if JT doesn't show up nntp, but news is a valuable resource, as is a good faq. The forum is not a substitute for a good and dynamic faq or news, but it is useful for its own purposes and to also bolster the functions of both.. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Tue Jan 11 09:40:04 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Jan 11 09:45:28 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: Message-ID: J. Merrill organized electrons in article news:cruh05$gji$1@news.spamcop.net that appeared as follows: > "Jeff G." wrote in message > news:crne85$740$1@news.spamcop.net... >> J. Merrill organized electrons in article >> news:crmkvq$ldo$1@news.spamcop.net that appeared as follows: >>> My Held Mail display includes >>> >>> Check All Reset >>> [17804] ( Preview ) >>> (Blocked bl.spamcop.net ) >>> [17805] ( Preview ) >>> (Blocked bl.spamcop.net ) >>> >>> and when I click either of the Preview links, I get (lines of = >>> shortened) >>> >>> ======================================================== >>> Previewing raw email. Use your browser's back button to return >>> to menu. >>> ======================================================== >>> error:Cannot find 17804 (or 17805) >>> >>> I could obviously delete these, but doesn't this indicate that >>> something's gone wrong? >> >> If you did something to change the state of your Held Mail >> mailbox/Folder between submitting the request for the Held Mail >> display (VER) and clicking on the messages to preview them, that >> could explain the symptoms you have presented. > > > I didn't do anything weird; these messages are still there, days > later; when I went to look at the first of those messages with > Webmail, it displayed a message like "message not found" -- > that's what I was going to say in this message. > > But I didn't write down the message, and when I went to look > again (just now) to be able to give the exact message (having > since reported the other messages in my Held Mail folder as > spam), it's now showing me a real message (not an error display) > that's only got headers and no body. (Should I report such > messages?) If they were unsolicited and you have the time and inclination, you should report them with some text in the body indicating that there was no original body. > So Webmail seems to have "fixed" this -- but I still get the > error message looking at the same messages in VER. Are you > suggesting that nothing is wrong if VER can't find the same > header-only message that Webmail can see Such a situation (which looks like a bug in VER) should be reported to JT via email to support at spamcop.net, including the headers you can see in Webmail, the location (presumably still Held Mail), the Message Numbers (17804 and 17805 above), and your SpamCop Email Address. > , or that VER's message > "can't find xxx" is a limitation of VER reason that I shouldn't > use VER? If you don't want to wait for VER to be fixed to stop this situation from happening to you, and this situation is that annoying to you, than if I were you I'd avoid VER. >> This type of problem doesn't happen with the Webmail view of the Held >> Mail mailbox/Folder (the recommended and only linked method of >> processing Held Mail). Why are you still using VER? > > Because it works for me. It's Very Easy. It's linked from all > the pages that share Report Spam page's top-line menu. It > doesn't show me my Inbox (which is always empty, as I use POP to > get my new (not-held) messages into my mail reader), and I can't > make Webmail show Held Mail by default (can I?). Yes, you can "make Webmail show Held Mail by default" - here's how: 1. Login to Webmail (if you haven't already). 2. Click the "Options" Button at the top of the page in the middle to go to the "User Options" page. 3. Click the "Login Tasks" Link halfway down the page in the right "Other Options" column to go to the "Login Tasks" page. 4. Under "View or mailbox to display after login:", select the appropriate mailbox/Folder name from the Dropdown List, in this case "Held Mail". 5. Click the "Save Options" Button to save your options. Please note that if your Webmail session times out and you try to re-use that browser session to access Webmail, you will be presented with your "INBOX" mailbox/Folder after you login. I have reported this bug. Don't worry, the next time you login to Webmail you will get your "Held Mail" mailbox/Folder again. To help avoid this bug, please Logout of Webmail if your browser will be away from the Internet for more than half an hour. > If VER is deprecated, why doesn't the VER page say that? Because SpamCop Admins have not chosen to have the VER page say that. > This is > the first time I've heard that. (I've never been to the forums. > I'm not required to go there to use the service, am I?) No, you're not, unless you want to stay informed firsthand. > Are you > the person who says I shouldn't I use it, or is it Julian / Jeff > / SpamCop that says so? We all say that - please see my previous post in a different subthread of this thread, which has the following headers: Date: Tue, 11 Jan 2005 08:44:46 -0500 Message-ID: X-Trace: news.spamcop.net 1105451092 28170 24.193.127.128 (11 Jan 2005 13:44:52 GMT) NNTP-Posting-Date: Tue, 11 Jan 2005 13:44:52 +0000 (UTC) > (Is there really something wrong with > it?) VER has speed issues relating to the real servers serving mailsc.spamcop.net at IronPort (in California or Washington State) being on the opposite US Coast from imap.spamcop.net at Corporate Email Services (in Georgia) and also relating to the overhead Akamaizing puts on dynamic content. Also, VER is awkward for dealing with more than 100 pieces of Held Mail (impossible if you want to save the first 100 pieces of Held Mail as Held Mail and refuse to use IMAP or Webmail). In addition, VER can't apply Filtering Rules to Held Mail, while Webmail can. > If it's SpamCop that says so, where do they say it? Again, please see my previous post. You really didn't have to quote my sig. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From jeffg at spamcop.net Tue Jan 11 09:54:28 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Jan 11 09:55:03 2005 Subject: [SpamCop-Mail] Re: "Can't find nnnn" messages in my Held Mail References: <5ggut0d6tttb94ssd0a16i7b109qtjt44o@4ax.com> Message-ID: Mike Easter organized electrons in article news:cs0nhs$spl$1@news.spamcop.net that appeared as follows: > Jeff G. wrote: >> The following is for completeness, for those of you who can't or >> won't visit the new web-based forums. > > Thanks Jeff. I don't do mail, so I'm totally weak over here. You're welcome. > I think it would be a big mistake to have mail support and questions > disappear from the newsgroups. It doesn't matter if JT doesn't show > up nntp, but news is a valuable resource News that JT feels is important will continue to be posted on the Webmail login pages at https://webmail.spamcop.net and http://webmail.spamcop.net for 24 hours, and archived on the SpamCop Email System News page at http://mail.spamcop.net/news.php . > as is a good faq. The best FAQ we've come up with so far is in the web-based forums at http://forum.spamcop.net/forums/index.php?showtopic=2238 , with many links to pages on www.spamcop.net as well as Topics and Posts on the web-based forums. > The > forum is not a substitute for a good and dynamic faq or news, but it > is useful for its own purposes and to also bolster the functions of > both.. FYI, the vast majority of recent questions about the SpamCop Email System (as opposed to the newsgroups vs. web-based forums meta-discussion) are being posted in the web-based forums, rather than being posted here in the spamcop.mail newsgroup and mailed to the SpamCop-Mail mailing list. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please reply via Forum, Group, or List only. From conectacom at spam.spamcop.net Wed Jan 12 12:14:24 2005 From: conectacom at spam.spamcop.net (Conectacom) Date: Wed Jan 12 09:15:03 2005 Subject: [SpamCop-Mail] Spam Message-ID: Untitled DocumentCaso não esteja vendo a figura clique aqui. O que são links patrocinados - Alguém vai procurar na Internet um serviço como o seu. - Essa pessoa digita as palavras-chave que você selecionou. - Seu site aparece nos lugares de mais destaque dos resultados de busca no Yahoo!, Cadê?, Altavista, Bondfaro, Ibest e Central de Desejos. - Sua empresa só paga quando o link é clicado, sem dispersão. Como funciona - Selecione as palavras-chave mais adequadas ao seu ramo de atuação. - Faça o depósito inicial (a partir de R$ 90,00). - Quando o link é clicado, é descontado do depósito o valor de um clique (a partir de R$ 0,15). Resultado - Sua empresa apareceu para o cliente no momento da compra. - É a maneira mais prática e eficiente de anunciar na Internet. Vantagens - Sua empresa só paga quando o link é clicado. - Quem clica no link é um cliente em potencial. - É a melhor relação custo/benefício. - Dispersão zero. Nossos Parceiros Contrate já e veja como é vantajoso estar no lugar mais nobre da Internet! atendimento@overture.com 11 3046 5480 Se você não responde pela publicidade da sua empresa, encaminhe este e-mail à pessoa responsável. Ela vai agradecer a você. * No caso de contratação da consultoria Fast Track, o crédito será dado como desconto neste serviço. Promoção não cumulativa, válida somente para novas assinaturas até 31/01/2005. Este e-mail não é um Spam. Caso não queira mais receber clique aqui. From nobody at spamcop.net Wed Jan 12 14:58:34 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jan 12 15:00:21 2005 Subject: [SpamCop-Mail] SpamCop outage Message-ID: We anticipate a brief outage of 15-30 minutes sometime in the next couple of hours as we move some hardware around. Please be patient as the outage should be brief. Thanks! Ellen SpamCop If someone will propagate this to the appropriate forum groups I would appreciate it. Follow-ups to spamcop. From naughtyjinx at hotmail.com Fri Jan 14 02:44:20 2005 From: naughtyjinx at hotmail.com (naughty jinx) Date: Thu Jan 13 21:45:05 2005 Subject: [SpamCop-Mail] Technical spam books, my quest for knowledge. Message-ID: I hope this is the right list to post this to, I have been reading up on spam books, some of them seem to be intresting, while others kinda lacking. I thought i would share my findings with the list, since good technical information on spam is kinda hard to find in one place. I was after a book with detailed technical information used by spammers, not trival stuff like open proxy servers and formmail, because we all know how those work. I wanted to know more about the filter evasion side of things, how messages are constructed and what work goes into it. I started off with Spam Kings, it was cheap and had some decent reviews, but the content was more 'general' about spammers.. not really technical at all, learning factor of 0 for me. I then moved onto "Spam Inside The Spam Cartel", by syngress (http://www.syngress.com/catalog/?pid=3130). Although the book reads a little rough and costed a bit more, the content was perfect for what i needed, so i must share this book with the list. Its seriously a good read and goes well into the details of spam filters and filter evasion. Also covers techniques such as AS hijacking, handy since there is not much published information on this. Its not written from the point of 'stopping spam', but more written by a spammer talking about how to defeat spam filters. So you really get to see spam from the 'other side of the fence'. Really intresting since the book goes into language aspects of spam and composing messages that are close to unfilterable. I read the book cover to cover and not only was happy with it, but even learned a fair bit :) Anyone else suggest any good spam books? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From wb8tyw at qsl.network Sun Jan 16 13:57:23 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Jan 16 14:00:03 2005 Subject: [SpamCop-Mail] Re: Technical spam books, my quest for knowledge. In-Reply-To: References: Message-ID: naughty jinx wrote: > I read the book cover to cover and not only was happy with it, but even > learned a fair bit :) > Anyone else suggest any good spam books? In general, no. I have been greatly disappointed in most books and articles about spam or computer security. In most cases they totally ignore critical information that the reader needs to know. In the case of computer security, they usually fail to take into account the low cost social engineering techniques that will usually defeat the most sophisticated technological approach that they are usually advocating. In the case of spam filtering, most of what I have read in commercial publications is aimed at selling commercial spam filters, or more precisely, convincing the commercial spam filter vendors to advertise in that publication. There are also a lot of publications about people describing their fantastic new content filtering algorithms, and these totally ignore obvious weaknesses in those algorithms, and even after these weaknesses have been taken advantage of by spammers, there are still proponents of them that totally ignore that. Most of the commercial spam content filters that I have seen so far are simply ineffective placebo filters that are usually not effective unless used with other techniques that are so effective that the content filter is only looking at a small percentage of the incoming e-mail. > I was after a book with detailed technical information used by > spammers, not trival stuff like open proxy servers and formmail, > because we all know how those work. I wanted to know more about the > filter evasion side of things, how messages are constructed and what > work goes into it. Almost all content filtering methods are trivial for all but the dumbest spammers to avoid. The main thing useful about studying them is if you are a legitimate newsletter sender or commercial mail sender so that you can know to avoid somethings that are sure to help trip an aggressive content filter. For example, one of the key things that will help get a real e-mail to be misclassified by a content filter is for it to be sent in HTML to an e-mail address that did not expressly request HTML mailings to be sent. The presence of HTML in an e-mail to some addresses indicates between a 50% to 90% chance of it being spam. And typically when a corporate mail server uses a content filter, the messages are silently deleted. If outgoing mail causes whitelisting, a company can usually get away with running a very aggressive spam filter, with almost none of their users catching on. After all SMTP e-mail has no guarantee of delivery or non delivery information, and if a message just disappears, most people can not determine at what point it was dropped or why. Just about every content analysis method has proved that it will give you a choice of either leaking a significant portion of spam, or catching more than a noticeable amount of real e-mail by mistake if used on a mail server. And sometimes you do not have a choice and it does both. The larger the population that shares a content filter's algorithms, the less accurate the content filter will be. Consider if you share a mail server with a legitimate mortgage broker and some medical doctors. Right away you have eliminated most of the keywords used in spam, including their mis-spelled variants. Besides the fact that content filtering is inherently inaccurate, what the articles covering it fail to point out is that it is expensive to implement. The usual implementation of a content filter as a primary spam defense is by someone that wants be able to claim that the mail server has state of the art spam defenses, and hope that most of the users do not know better. This is in a hope that the users will think they are doing all they can do and not complain. For content filtering to be applied, the entire spam must be inside the mail server. Now you may be on a fixed cost ISP link, or not be aware of your company's network costs, but be aware that once your network load gets large enough, you pay a rate based on how much data you pass on a network. And with some plans, if you go over your bandwidth quota, the rates increase significantly. If you have a T1 quota on a line that can handle a higher rate, and you go over the T1 quota, even by a small amount you can get charged for a second entire T1 quota for that month. And the bandwidth bill for a large mail server can be significant. Now the way to control that costs are to use DNS based blocking lists to prevent the spam from entering the mail server. And the conservative DNSbls have shown that they are far more accurate at separating spam from the real e-mail than content filters. Reports are that between 80% to 95% of spam blockage with zero false positives can be achieved with just the conservative DNSbls. Now it is unlikely that you can come up with a spam filtering solution that is perfect. You have to decide how close that you can come. Now to handle errors in false positives, the spam filtering must be done before the SMTP transaction is over, as that is the only way to non-abusively notify a real sender that their message was not delivered, because it is their ISP's mail server that notifies them. After the SMTP transaction is over, which is the time that most content filtering is done, there is no way to non-abusively notify a mail sender that the mail was not accepted. The sending information is too easily forged, and sending non-delivery messages to suspected spam or viruses is having that mail server take part in a DDOS attack on some other victim of the spammer. So a false positive from a content filter is far worse than a false positive from an DNSbl, as usually with a content filter, neither the sender or the receiver knows that the e-mail was not delivered. It has also been shown if you monitor any of the help forums for DNS based blocking list that a large number of mail server operators or ISP's will not do anything about security problems on their networks as long as other ISP's will still accept packets from them. It is routine to find mail server operators complaining about unfair blocking and insisting on the following: 1. There is no spam coming from their network, the I.P. addresses in the reports are spoofed. 2. They have configured a spam filter to remove all spam and virus complaints from their abuse mail box. 3. In violation of the RFCs they do not have the required abuse and postmaster mailboxes, or they have configured them to automatically delete all incoming e-mail. Now of the content filtering method, the only one that the spammers have not figured out how to easily bypass and still advertise their stuff is one that looks up the URLs or links in the spam, and checks them against the same DNSbls that the mail server refuses to accept e-mail from. Even this can have false positives if you are receiving spam samples to assist in the decoding of spam. But if you limit the content check to I.P. addresses in that are in aggressive DNSbls or have less than perfect rDNS, it is unlikely that you will find a false positive. Since you can usually use the conservative DNSbls to safely remove between 80% and 95% of the spam, only a small amount of e-mail would actually need running through the content filter for a final check. Currently SpamAssasin 3.0 appears to be the only content filter that knows how to do this test. It does not appear to be available in any commercial content filter in spite of that algorithm being well known for over a year. -John wb8tyw@qsl.network Personal Opinion Only From paul at spamcop.net Thu Jan 20 13:18:08 2005 From: paul at spamcop.net (Paul Hutchings) Date: Thu Jan 20 08:20:17 2005 Subject: [SpamCop-Mail] Firefox Problems - webmail crawls Message-ID: Looked on the forum and I've seen several people reporting problems but no sign of a solution. I'm at work and can get to webmail.spamcop.net to check my mail at what I'd consider normal speeds if I use IE6. If I use Firefox, it gets there, but it absolutely crawls. Does anyone have any suggestions? We are using a firewall/proxy and whilst I guess it could be to do with that, I don't see how it would be selective about which browsers it works with as every other site I use is fine with Firefox (barring ones using IE specific content of course). cheers, Paul From nobody at devnull.spamcop.net Sun Jan 23 15:38:54 2005 From: nobody at devnull.spamcop.net (Heidi) Date: Sun Jan 23 15:50:09 2005 Subject: [SpamCop-Mail] WHY???? Message-ID: WHY am I such a cunt? Because its my motherfucking personality. I am not a sweet girl and never have been. There is no WHY. From 79ytka802 at sneakemail.com Thu Jan 27 13:38:52 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Thu Jan 27 08:40:03 2005 Subject: [SpamCop-Mail] Spamcop Mail Delays Message-ID: I use mail forwarding from my "published" address to my address at-spamcop-dot-net to my POP3 maibox. This has generally worked well, except for a short period a couple of years ago when mail flow was occasionally somewhat erratic. ISTR Spamcop was suffering some denial of service attacks at the time. Lately I've started noticing delays, and things seem to be particularly bad, with one email (which has reached other recipients) still not having found its way into my POP3 box 90 minutes after it was sent. I've sent some test messages since, and have also looked at headers of messages that did get through, and the problem definitely seems to lie with Spamcop (cesmail). Does anyone have any idea what's going on? Any Spamcop deputies reading this? From nobody at devnull.spamcop.net Sun Jan 30 00:10:03 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jan 30 01:16:25 2005 Subject: [SpamCop-Mail] SpamCop Forum FAQ Intro Message-ID: Original SpamCop FAQ & Added Forum Items Never up to date, changes often This page found at There is no way to 'gracefully' post this monster 'here' and include all the links ... so for those that have never made it 'there' or wonder why it is referenced as an alternative entry point for the www.spamcop.net FAQ, this is the page structure of what you've been missing. Technically, it would be preferable to enter at and see the other available Forum sections (working on filling out the "How to use ..." Forum for example ...) Line wraps may screw this up also??? Not going to spend a lot of time on this, figure that'll wait to see how much of a flame session this starts -=-=-=-=-=-=-=-=-=- Wazoo Jul 28 2004, 11:33 AM Starting with this posting here in the Lounge ... will put Pinned entries into the Help and E-Mail Forums pointing to this post ... nothing in this FAQ that addresses the Mail-Host stuff .... and as mentioned in another Topic, an IronPort staffer has been given the task of updating the www.spamcop.net FAQ (this one points both there and within "here") so maybe even this effort has been wasted .. but hey, it's a start. Last Revised : 29 January 2005 SpamCop Glossary SpamCop FAQ .... (FAQ = Frequently Asked Questions) Overview of SpamCop Services Why am I Blocked? Has your email been blocked? (ISP, Mailing List Admin, Advertiser) SpamCop Blocking List - Am I listed? Why am I getting all these bounces? Why does SpamCop want to send a report to my own network administrator? Password Problems? Am I running mailing lists responsibly? Outlook 2003 REG hack to work around MIME issues Alternate Outlook 2003/XP e-mail submit methods NEW Why Outlook Express Forward doesn't work / Secure E-Mail Handling E-Mail Address Removal, Unsubscription, & Listwashing Yahoo Groups Mail Blocked? Say NO to the Challenge/Response Lunacy Cost of Spam Spammer Rules How can I contact a SpamCop representative? How To Ask Questions The Smart Way (language issue, but there really is only one defintion for RTFM) SpamCop Parsing and Reporting Service What is this? How does it work? How do I use it? SpamCop Analogous to a Credit Reporting Agency? How do I sign up? Rules - everybody read! (recent changes made ... you may need to re-look) What do I need to know to get started reporting spam? Parsing & Reporting spam - decisions, problems How do I get my email program to reveal the full, unmodified email? How do I configure Mailhosts for SpamCop? NEW One version of a Step-by-step MailHost set-up How do I submit spam via email? E-Mail spam submittals blocked by your ISP? Emailed Spam Submissions Disappearing?, No Confirmation e-mails? What is Quick Reporting? How can I unsend a Report? "Header incomplete, aborting." and "No, source IP address found, cannot proceed." Causes of "Would send" and "If reported, today, reports would be sent to:" messages SpamCop said "No reports filed." What does it mean? Member and account management questions Why was my authorization revoked? Is there a limit on reporting spam? -----> 3,000 per day -----> not older than 48 hours Why did my spam load increase after I started Reporting? What is mole reporting? How do I set up SpamAssassin to work with SpamCop? NEW Can I automatically forward spam from my spamtraps? SpamCop Mail Service What is this SpamCop Mail Service? What is the cost? How do I sign up? How do I setup my account? SpamCop E-Mail Account Storage Quota / Limit I can report and trash but not Delete from Held Folder Jeff G.'s Guide to accessing SpamCop email, using OE and IMAP How do I sign up for multiple accounts under the family plan? Discounted Additional Account, more detail When does my account expire? How do I renew my account? I forgot my Password How I use my SpamCop E-Mail account examples Blocking and Blackhole lists available FAQ about the Personal Blacklist and Whitelist FAQ about POP'ing out of SpamCop FAQ about WebMail NEW FAQ about Webmail: Deleting and Moving Messages WebMail Login problems & General Slowness, First things to check FAQ about IMAP IMAP - Deleting E-Mail How to save Sent Mail in SpamCop Webmail FAQ about Filtering and Held Mail FAQ about the personal webmail filters, Client filters within webmail Messages not Filtered - Why? Jeff G.'s Guide to SpamCop Quick Reporting from a SpamCop E-Mail Account Does SpamCop work with AOL/MSN/Hotmail? I want email to go from myaccount@myemail.com and back to the same account. Is this possible? When does my account expire? Where can I get further assistance? Why can't I receive any email? Getting Mail From The SpamCop Email System SpamCop Blocking List Service How do I configure my mailserver to reject mail based on the blocklist? What is on the list? How can I be de-listed NEW One-time automatic BL De-listing - Possible BETA? How much does it cost? Is it possible to download the entire blocklist? How can I check if an IP is on the list? If my IP is listed, does it mean I am a spammer or my ISP hosts spammers? Why can't I get to the blocking list from ATT's network? General Information about SpamCop How can I get help? How can I report a bug? How can I suggest a feature? What are the rules for posting to the forum? May I create a link to SpamCop from my site? Can I get a copy of the source code for SpamCop? Who is Julian Haight? Why did I get a spam promoting SpamCop? What are some general tips for responding to questions in the forum? Adding items to the FAQ Features and Bugs Use the parser without reference to your mailhosts configuration Non-SpamCop information Make an anonymous donation to support SpamCop Can I advertise on SpamCop? Help for abuse-desks and administrators These are questions commonly asked by Internet Service Providers. Users of SpamCop need not read this (skip on down a few sections), but may find it interesting. You have probably arrived here because of a SpamCop report. Please read the introduction for information about the report you are viewing. Introduction - What is this thing? How does it work? I have been falsely and/or maliciously accused of spamming, what can I do? How can I contact a real person about this? Interacting with SpamCop and it's users: You are mailbombing me! How can I make it stop? How can I get SpamCop reports about my network? How do I register an abuse@ email address? How can I get removed from SpamCop's blocking system? Once I close a spammer's account, how can I prevent others reporting it? How can I respond to spam complaints via email? How can I control what type of reports I receive? You've munged the header... How do I get in touch with the person who filed the complaint? Help with SpamCop reports and spam in general Robots: Mailing lists and autoresponders I didn't originate the spam. My server might have relayed this message. Why report it to me? What does a SpamCop Report look like? Why did SpamCop report this usenet message to me? General questions: Who appointed you the "cop" of the internet? Where do you get off? My web site got terminated/threatened because of SpamCop, but I did not send the spam. What's the big idea? Why did SpamCop submit my server to relay-testing sites? What is your opinion of FFA (free for all) pages? How do Deputies respond to appeals? Abuse-queue management tools Assistance stopping spam: I'm receiving spam reports, but my mail server logs don't reflect it. Why? HTTP Proxies (Cisco / Squid / Mailtraq) Formmail Open Relay Servers Adding BLs to Postfix Spam-sending malware But my Exchange 2000 server is secured against relaying! How can I control spam from my network? How can I control unsolicited bounces? SOCKS Proxy Servers Links to help with removing open proxies Other information, help and links What other sites should I visit to help fight spam? CAN-SPAM Act of 2003 - Bill Number S.877 for the 108th U.S. Congress Abuse.net's introduction to spam: What is it and why is it bad? Elsop's anti-spam page - lots of other links to more information U.S. FTC Spam page for the Consumer spam uce.gov replaces uce ftc.gov SamSpade - tools for the unix-deprived and other good info Bestprac.com - A guide for all types of users on how to avoid spamming abuse.net - ISP abuse address clearinghouse Realtime blackhole list - blocking of selected email servers Spamhaus - Lists ISPs who keep organized spamming alive Spam Links - Many Resources, Definitions, and Tools The SpamCon Foundation (formerly suespammers.org) The author of this software, Julian Haight Net abuse jargon file - Cues for the acronym challenged Net abuse FAQ - all about spam An organization to fight "street spam" - those unsightly weight loss signs on the highway. Reading Email Headers. Sneakemail is a service that gives you more control over the emails you receive. SpamList is a config file for sendmail which agressively blocks spam. Use with caution. SPEWS is not SpamCop, SpamCop is not SPEWS - Note the spelling SpamWars, a humorous kill-the-spammer browser-based game Monitoring and reporting worm/hacking activity Marjolein's Ban Spam page The Crystal Cave - News, Tools, Resources to combat Spam Surf the Internet Safely Outlook & Exchange Solutions Center Inside Outlook Express Anti-Phishing Working Group U.S.DoJ Identity Theft and Fraud Information Follow the Money; or, why does my computer keep getting infested with spyware? Recursos anti-spam en español Campaña anti-spam de El Espectador (Uruguay) Información básica acerca del 'spam' Credit and thanks Noting that the above link is Julian's credit / contributor list for the stuff found at spamcop.net and JT's newsgroup and e-mail support. What follows is my list of credit for the web-based Forum stuff .... for starters, the contributors to this existing FAQ (not sure I've got a 100% identity list, don't have permission to use real names, and will probably add more items into this FAQ and forget to update this list .. apologies in advance for missing the kudos and correct attributions) ... and just to keep things a bit off-kilter, in reverse alphabetical order; WB8TYW turetzsr (who does request to be known as Steve T) studog StevenUnderwood petzl PeterJ Miss Betsy Merlyn JeffG dbiel DavidT agsteele From alan+spamcop at spamcop.net Mon Jan 31 19:20:45 2005 From: alan+spamcop at spamcop.net (Al) Date: Mon Jan 31 22:25:04 2005 Subject: [SpamCop-Mail] Re: Spamcop Mail Delays References: Message-ID: Mine has been having the same problems for about two weeks. One batch of emails took two days to arrive (see snip of header below). Latley, most are held up for about 2 hours. Received: from source ([216.154.1xx.xx]) (using TLSv1) by exprod5mx3.postini.com ([64.18.x.xx]) with SMTP;Sat, 22 Jan 2005 06:48:53 EST Received: from unknown (HELO blade5.cesmail.net) (192.168.x.xxx) by c60.cesmail.net with SMTP; 20 Jan 2005 00:30:27 -0500 Received: (qmail 24244 invoked by uid 1010); 20 Jan 2005 "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:ctaqt4$1aq$1@news.spamcop.net... >I use mail forwarding from my "published" address to my address > at-spamcop-dot-net to my POP3 maibox. This has generally worked well, > except for a short period a couple of years ago when mail flow was > occasionally somewhat erratic. ISTR Spamcop was suffering some denial of > service attacks at the time. > > Lately I've started noticing delays, and things seem to be particularly > bad, with one email (which has reached other recipients) still not > having found its way into my POP3 box 90 minutes after it was sent. I've > sent some test messages since, and have also looked at headers of > messages that did get through, and the problem definitely seems to lie > with Spamcop (cesmail). > > Does anyone have any idea what's going on? > > Any Spamcop deputies reading this?