From g.hyde at bigNOSPAMpond.net.au  Fri Aug  1 07:00:32 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Fri Aug  1 07:05:03 2008
Subject: [Scspamcop] Is SpamCop tracking this spamitem correctly?
Message-ID: <g6uqcn$og0$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz

Every time I check these spamitems, I get the funny feeling that something's 
not right somewhere.

It looks like the second Received: line could be at least a partial forgery, 
because that is where SpamCop stops and decides it can't trust anything 
beyond that.

So, my question therefore is (for the benefit of M.E. and others too 
clueless to just copy/paste themselves) this:

Is SpamCop tracking this spamitem correctly?


Cheers ...

Geoffrey Hyde



From ppearson at nowhere.invalid  Fri Aug  1 11:32:32 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Fri Aug  1 11:35:03 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net>
Message-ID: <g6vaag$qhn$1@news.spamcop.net>

On Fri, 1 Aug 2008 21:00:32 +1000, Geoffrey Hyde wrote:
> http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz
>
[snip]
>
> It looks like the second Received: line could be at least a partial forgery, 
> because that is where SpamCop stops and decides it can't trust anything 
> beyond that.

There are two things suspicious about the *first* Received: line:
the "from" string doesn't match the IP address 72.55.165.148; and
the IP address 72.55.165.148 resolves to something that ends with
".cn", which in my experience is invariably a signal that a spam
source has been identified.  So my conclusion is that SpamCop has
correctly identified 72.55.165.148 as the spam source.

The spammer seems to have taken the trouble to pretend to be
a bigpond intermediary while injecting this spam into bigpond.
I don't often see that level of diligence.

> So, my question therefore is (for the benefit of M.E. and others too 
> clueless to just copy/paste themselves) this:

I know this is off-topic, but may I request a small increase
in the general level of civility in this group?  In the big
picture, we're all on the same side.

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From nobody at spamcop.net  Fri Aug  1 11:41:29 2008
From: nobody at spamcop.net (Bar0)
Date: Fri Aug  1 11:45:02 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net> <g6vaag$qhn$1@news.spamcop.net>
Message-ID: <g6var3$shp$1@news.spamcop.net>


"Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
news:g6vaag$qhn$1@news.spamcop.net...
> On Fri, 1 Aug 2008 21:00:32 +1000, Geoffrey Hyde wrote:
>> http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz
>>
....
>
>> So, my question therefore is (for the benefit of M.E. and others too
>> clueless to just copy/paste themselves) this:

It's not cluelessness, Mr Hyde, YOU were asking the question, it's merly 
good practice and polite to make it easy for others to answer you, and yes, 
without forcing them to needlessly exercise their <ctrl>C and V fingers. 
Remember, you had the question, you are the supplicant who wants a favour 
from others.

>
> I know this is off-topic, but may I request a small increase
> in the general level of civility in this group?  In the big
> picture, we're all on the same side.

Let's hope so


From nobody at devnull.spamcop.net  Fri Aug  1 11:55:00 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Aug  1 11:55:03 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net>
Message-ID: <g6vbke$11v$1@news.spamcop.net>

> http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz
>
> Every time I check these spamitems, I get the funny feeling that
> something's not right somewhere.
>
> It looks like the second Received: line could be at least a partial
> forgery, because that is where SpamCop stops and decides it can't
> trust anything beyond that.
>
> So, my question therefore is (for the benefit of M.E. and others too
> clueless to just copy/paste themselves) this:
>
> Is SpamCop tracking this spamitem correctly?
>
>
> Cheers ...
>
> Geoffrey Hyde

I resent being called too clueless to just copy/paste.  You don't know 
me nor do you know just how clueless I am or am not.  Your snipe is 
meaningless in the context of anything I see in your post that's 
meaningful enough to me to be concerned with.

At least clueless can learn; snipers often can or will not.  You're a 
reasonably well respected member of this group and to do such things is 
well below you.  Or it used to be.

Twayne 


From nobody at spamcop.net  Fri Aug  1 12:01:00 2008
From: nobody at spamcop.net (Bar0)
Date: Fri Aug  1 12:05:03 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net> <g6vbke$11v$1@news.spamcop.net>
Message-ID: <g6vbvj$1nk$1@news.spamcop.net>


"Twayne" <nobody@devnull.spamcop.net> wrote in message 
news:g6vbke$11v$1@news.spamcop.net...
....
>
> At least clueless can learn; snipers often can or will not.  You're a 
> reasonably well respected member of this group

eh?

>and to do such things is well below you.  Or it used to be.
>
> Twayne
> 

From tmcgraw at spamcop.net  Fri Aug  1 16:57:13 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Fri Aug  1 17:00:03 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
In-Reply-To: <g6uqcn$og0$1@news.spamcop.net>
References: <g6uqcn$og0$1@news.spamcop.net>
Message-ID: <g6vtba$6ao$1@news.spamcop.net>

Geoffrey Hyde wrote:
> http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz
> 
> Every time I check these spamitems, I get the funny feeling that something's 
> not right somewhere.

This is what ME would call a "straightup" spam. The FROM is valid, it's 
a Chinese manufacturer that earnestly wants your business.

I used to get quite a few of these, but haven't seen one in months.

> It looks like the second Received: line could be at least a partial forgery, 
> because that is where SpamCop stops and decides it can't trust anything 
> beyond that.

usa3.cs-corpmail.cn actually does = 72.55.165.148.

> Is SpamCop tracking this spamitem correctly?

Yes.
From tmcgraw at spamcop.net  Fri Aug  1 17:00:23 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Fri Aug  1 17:05:02 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
In-Reply-To: <g6vaag$qhn$1@news.spamcop.net>
References: <g6uqcn$og0$1@news.spamcop.net> <g6vaag$qhn$1@news.spamcop.net>
Message-ID: <g6vth8$6j8$1@news.spamcop.net>

Peter Pearson wrote:
> Geoffrey Hyde wrote:
>> http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz
>>
> [snip]
>> It looks like the second Received: line could be at least a partial forgery, 
>> because that is where SpamCop stops and decides it can't trust anything 
>> beyond that.
> 
> There are two things suspicious about the *first* Received: line:
> the "from" string doesn't match the IP address 72.55.165.148.

I believe this is a vagary of bigpond email handling, which has been 
observed in this group before.

> I know this is off-topic, but may I request a small increase
> in the general level of civility in this group?  In the big
> picture, we're all on the same side.

<AOL> Me too! </AOL>

But don't forget tinw.

This is a user-to-user support forum. For best results, check your ego 
at the door.

Have a great weekend!
From MikeE at ster.invalid  Fri Aug  1 17:15:32 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Aug  1 17:20:04 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net>
Message-ID: <g6vude$9j7$1@news.spamcop.net>

Geoffrey Hyde wrote:
>
http://www.spamcop.net/sc?id=z2115431011zf7e48fc8dcd1ef5d0797fbe521ec0a9fz

> Is SpamCop tracking this spamitem correctly?

The short answer is yes.  The longer answer is that SC the algo actually
prefers to name the IP behind a mailserver as the source, rather than name
the mailserver as source.  However, sometimes the standard parsing of the
chain will not result in naming the IP source.

IMO the actual source of this item was the client
kelly.meng@imt-technologies.com who is emailing a straightup
solicitation -- where straightup means the From = the source = the
spamvertised site, and there are no bogus lines, only the bigpond
noncompliant topline.

Kelly Meng, who is the 'author'/writer of the solicitation and address in
the From and the source in the Received traceline, emailed this missive
from IP 121.9.248.187 cname IS~CS3 using the mailserver which SC named as
'source' because the tracelines could not be properly chained further than
that.

  Abbreviated Received tracelines *comment
  from nskntingx02p.mx.bigpond.com ([72.55.165.148]) by
nskntmtas03p.mx.bigpond.com *noncompliant bigpond traceline, ignored
  from usa3.cs-corpmail.cn ([72.55.165.148]) by
nskntingx02p.mx.bigpond.com *healthy bigpond traceline, mailserver output
  from unknown (HELO PC-200807021648)
(kelly.meng@imt-technologies.com@121.9.248.187) by usa3.cs-corpmail-com
*sourceline, mailserver input traceline
  From: "kelly.meng" <kelly.meng@imt-technologies.com> *source client at
121.9.248.187

Verbose story:  in the beginning Kelly Meng composed and emailed this item
using the imt-technologies server at 72.55.165.148 whose name is
usa3.cs-corpmail.cn.  That server is one of 4 output servers at
cs-corpmail.cn used to output mail and listed at senderbase with their
activity, which in the case of this server is about 2-5000 items per day,
and the cumulative output of the 4 servers is about 8000 items per day
roughly.  None of the 4 servers are blocklisted anywhere.

After/When Kelly Meng emailed the item thru' hir mailserver, the server
stamped the bottommost traceline, and accessed the bigpond server and
transacted.  Then the bigpond server stamped the 2nd from the bottom (and
top) traceline properly, following which some bigpond server stamped an
additional traceline which we must ignore here, and which SC properly
ignores because it is a mailhosted configuration whose zaniness SC is
familiar with.

In the body of the mail, Kelly provides hir email address and information
about the spamvertised site and source of the mail and mailserver.



--
Mike Easter
kibitzer, not SC admin

From g.hyde at bigNOSPAMpond.net.au  Sat Aug  2 02:51:04 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Sat Aug  2 02:55:03 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
References: <g6uqcn$og0$1@news.spamcop.net> <g6vude$9j7$1@news.spamcop.net>
Message-ID: <g7104u$jid$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:g6vude$9j7$1@news.spamcop.net...

> In the body of the mail, Kelly provides hir email address and information
> about the spamvertised site and source of the mail and mailserver.

One would think they'd actually bother to check if someone actually had a 
website, instead of presuming someone had a website.  I don't have a website 
of my own, so why they're bothering me with some unsolicited commercial 
advertisement for plastic pellets is beyond me.  They don't even point out 
where they found my email address from in their spam email, so why should I 
bother with whatever information they provide about "their" site/mailserver?

Therefore, it's obvious that they're a person who doesn't bother to clean 
their mailing lists, and that they don't bother to check who they're 
spamming.  Because if they did, that would mean they cared, and they don't 
seem to have shown any such indication in their spam email.



Cheers ...

Geoffrey Hyde


From spamtrap at spamcop.net  Sat Aug  2 03:44:42 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 03:45:04 2008
Subject: [Scspamcop] Re: "This header is incomplete. " problem. Can this
	PLEASE be fixed?
References: <ld8t84h1m0l1lrimfn7ji5lkthdkrj3eq5@4ax.com>
	<g6n8if$tb0$1@news.spamcop.net>
	<36vu84576s4mab3jhdu65397dj63bv2224@4ax.com>
	<g6o14j$tit$1@news.spamcop.net>
	<v5qv84hjb8829o664dstv8rcqc7mqjdbcv@4ax.com>
	<g6p33a$g20$1@news.spamcop.net>
	<j690941qpae7omaqmq1f32j7cdahcjv16m@4ax.com>
	<g6puvi$bsh$2@news.spamcop.net>
Message-ID: <ev28949bj52a843labijkv0qkchdlmtmuo@4ax.com>

Em Wed, 30 Jul 2008 07:48:18 -0700, Tim McGraw <tmcgraw@spamcop.net>
escreveu o seguinte:

>Sam Trappe wrote:
>> Whatever. In a "good" world, your nuttiness
>
>Nutty is coming into a public forum and asking for an email exchange 
>because you don't like what one or two people are saying.

Actully, trying to save your butt-budy public humiliation byshowing
point by point, how he was wrong, in private email. Check his public
USENET posting history and you'l see his skill level is just about
right for trolling 24hourhelpdesk all day long.

>Nutty is not accepting valid criticism about a direct and obvious 
>contradiction in your posts.

You'r being silly again, and stretching to look for things to
criticise. sig-flames are just one step above spelling flames - try
practing in alt.flame. To stoop to your level of intellect one last
time, there is no contradiction in my .sig saying "Replies by postings
preferred", which means "I'd rather someone reply to my posts via a
post than an email", but also, in one thread, *asking* a participant
if we could take our discussion to email, so as to save the NG
participants from what I suspected would become off-topic. In fact,
netiquette suggests just such an approach.

If you still have your panties in a twist about this, check the blue
pages of your local phone book for government-provided mental health
clinics. There are several treatments available for OCD, but none,
generally, for sociopathy.

>
>> I'm just trying to get some SC bugs fixed
>
>Good luck with that!

You're continued off-topic posts don't help. Factually incorrect posts
don't help. Why is the former allowed at all by the SC, and the latter
encouraged by Lusers such as yourself? Some clearly have no life, and
no job to speak of, so posting to USENET and SC is their only
connection to people, however tenous - this is what allows them time
to post all day, every day, pontificating about trivial things. Others
get off on criticizing strangers on trivia to make themselves feel
big, while overlooking the problem at hand.

To stay on topic to this NG, I reiterate that the "Luser Support"
model SC uses to hide its understaffing is frustratingly inefficient.
Time must be wasted debating nonesense with non-entities rather than
just reporting a problem and moving on. I suggest that .spamcop be
split into two groups:

a. .spamcop.errors, a moderated group with automatic follow-ups to
.spamcop.discussions.  Bug reports are enqueued, accepted or rejected
from .spamcop.errors

b. .spamcop.discussions, where posts in reply to .spamcop.errors are
posted, unmoderated. The great unwashed can post here all day if they
like.

I futher suggest that those that *continue* off-topic postings, such
as your silly ad-hominem attacks and flames with no on-topic
information, temporarily lose their right to post and eventually be
banned. Some of you need to get out of your wheel-chairs and your
momma's basements and get another hobby. Torturing pets seems your
speed.

Cheers,

--
Replies by posting preferred. All spam reported
From spamtrap at spamcop.net  Sat Aug  2 03:45:44 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 03:50:02 2008
Subject: [Scspamcop] Re: "This header is incomplete. " problem. Can this
	PLEASE be fixed?
References: <ld8t84h1m0l1lrimfn7ji5lkthdkrj3eq5@4ax.com>
	<g6n8if$tb0$1@news.spamcop.net>
	<36vu84576s4mab3jhdu65397dj63bv2224@4ax.com>
	<g6o14j$tit$1@news.spamcop.net>
	<v5qv84hjb8829o664dstv8rcqc7mqjdbcv@4ax.com>
	<g6p33a$g20$1@news.spamcop.net>
	<j690941qpae7omaqmq1f32j7cdahcjv16m@4ax.com>
	<g6puvi$bsh$2@news.spamcop.net> <g6qr8u$s6f$1@news.spamcop.net>
Message-ID: <744894pl44tjm8cr1no1bnbk4en6m33d61@4ax.com>

Em Wed, 30 Jul 2008 18:51:13 -0400, "Twayne"
<nobody@devnull.spamcop.net> escreveu o seguinte:

>> Sam Trappe wrote:
>>> Whatever. In a "good" world, your nuttiness
>>
>> Nutty is coming into a public forum and asking for an email exchange
>> because you don't like what one or two people are saying.
>>
>> Nutty is not accepting valid criticism about a direct and obvious
>> contradiction in your posts.
>>
>>> I'm just trying to get some SC bugs fixed
>>
>> Good luck with that!
>
>Not very satisfying to anyone involved, I'm sure, but never the less it 
>was strangely entertaining.  Some person's egoes (sp?) do make for 
>comedic outcomes on occasion. 

Another completely off-topic post from the peanut gallery. Isn't that
the point of .social? 


--
Replies by posting preferred. All spam reported
From spamtrap at spamcop.net  Sat Aug  2 04:33:07 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 04:35:03 2008
Subject: [Scspamcop] multiple routing issues posted in .routing at end of
	June - status?
Message-ID: <176894t3hhd34gpdo8be8nemdusat6btb1@4ax.com>

There's been no response to any of the multiple routing issues I
posted in .routing at end of June.

What is the status of these reporting problems?

If not adressed, when will they be addressed, if ever?

I don't think over one month of no response is an acceptable level of
responsiveness for a paid service.

I also think allowing users to post off-topic ad-hominem attacks in
response to problem reports is contrary to SC's own AUP for the
.spamcop and .routing  NGs. Will SC's NG 'admin' continue to
selectively (if at all) enforce the NG guidelines?

If these NGs arethe wrong place to ask such a question, what are the
correct forums? Is an email address available to ask such status
questions from the SC deputies? The .routing deputy did not reply to
my single email. Is there an email address at IronPort or Cisco that
can address SC's lack of responsiveness? There are contact addresses
at those two firms (both my principal employer and my consulting firm
are Cisco channel partners, and I'm our consulting firm's primary
POC), but I've not gone that route yet, either.

--
Replies by posting preferred. All spam reported
From spamtrap at spamcop.net  Sat Aug  2 04:36:15 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 04:40:03 2008
Subject: [Scspamcop] multiple routing issues posted in .routing at end of
	June - status?
Message-ID: <p37894ddgo9csgkcnpa2bh74mi0nhsgd1o@4ax.com>

There's been no response to any of the multiple routing issues I
posted in .routing at end of June.

What is the status of these reporting problems?

If not adressed, when will they be addressed, if ever?

I don't think over one month of no response is an acceptable level of
responsiveness for a paid service.

I also think allowing users to post off-topic ad-hominem attacks in
response to problem reports is contrary to SC's own AUP for the
.spamcop and .routing  NGs. Will SC's NG 'admin' continue to
selectively (if at all) enforce the NG guidelines?

If these NGs arethe wrong place to ask such a question, what are the
correct forums? Is an email address available to ask such status
questions from the SC deputies? The .routing deputy did not reply to
my single email. Is there an email address at IronPort or Cisco that
can address SC's lack of responsiveness? There are contact addresses
at those two firms (both my principal employer and my consulting firm
are Cisco channel partners, and I'm our consulting firm's primary
POC), but I've not gone that route yet, either.

--
Replies by posting preferred. All spam reported

--
Replies by posting preferred. All spam reported
From MikeE at ster.invalid  Sat Aug  2 11:26:11 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug  2 11:30:04 2008
Subject: [Scspamcop] Re: Wrong header parsing
References: <g715pv$9p8$1@news.spamcop.net>
Message-ID: <g71uac$uuo$1@news.spamcop.net>

Posted to spamcop & .routing, f/ups to spamcop

Jonas Maebe wrote:
> This is not technically a routing question, but rather a parsing
> question (but I didn't see a more appropriate group).
This type of post/issue does best in spamcop where parsing issues can be
discussed by posting a tracker as you did.

spamcop.routing is for another different purpose, see below.

> Anyway, this is the report it's about:
www.spamcop.net/sc?id=z2117817402zdc2c07ef56cb8779c775138578cf31d2z

  Abbreviated Received tracelines *comment
  from ams.dnska.com ([89.18.166.108]) by cedar.ugent.be *server output
  from fuiyp (14.174.158.224) by ams.dnska.com *server input, unallocated
source, bogus?

> Spamcop "traced" the origin to a non-assigned ip-address. It did so
> because it interpreted a fake received header as being genuine. I'm not
> sure if there's much you can do about this (there's only so much you can
> do in an automated tool), so it's mainly FYI.

The situation with the IP at 89.18.166.108 rDNS ams.dnska.com is that it
is a mailserver answering at port 25 and has a history at senderbase of a
signficant output of roughly 4000 items per day, which has jumped in the
past day to over 60,000/d.

It is currently listed in the SCbl for hitting spamtraps;  and/but testing
it for relay promiscuity with the abuse.net testing script is negative.

You are correct that the IP block 14/8 is supposed to be IANA
reserved/unallocated, but I'm not really sure what is going on here.  I'm
not sure whether the under-traceline is 'bogus' as in completely
artificial, or if there is some kind of IP spoofing/masking hijacking
going on and the line is 'real' -- as in 'really' stamped by the
mailserver.


spamcop.routing is a group which ideally one could post an 'argument' for
an alternative notify address.  That is, if the SC algo for derives a
contact address for a particular netblock, but one thinks that there is a
better way to notify for that block, then they show their 'proof' or logic
or strategy for a better notify address.  That is, not just name a
different address but how they determined that it is a better notify.

It isn't really good enough to just 'complain about' a notify address
which SC's algo derives, because that complaining doesn't really help the
routing deputy.  If one wants to post in routing, it is my opinion that
they should post information which might help the deputy, if s/he wants to
accept the argument for the better address.  If s/he likes the better or
improved information, s/he can modify the routing database with it.  If
s/he looks at the information but decides that s/he would rather retain
the algo's result, then s/he can just pass on accepting the suggesting.

I don't think that just complaining about an address in routing really
helps anything.

--
Mike Easter
kibitzer, not SC admin

From spamtrap at spamcop.net  Sat Aug  2 13:13:20 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 13:15:03 2008
Subject: [Scspamcop] SC parsing error remains - PLEASE can this be enqueued
	for analysis and correction?
Message-ID: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>

See .spam, subject "SC parsing error remains unfixed - See
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz"

See
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
for unsuccessful parse.

See http://www.spamcop.net/mcgi?action=gettrack&reportid=3338712139
for successful parse, performed by simply copy/pasting the original
spam, as posted into .sightings, into SC.

Evidence available indicates the spammer (same as before, and as all
samples I receive have been: the pharmacy botnet spammer)  are
inserting some special character(s) at the end of the subject line
that results in the extra line shown between that and the X-SpamCop
headers added. Copy/paste of resulting text always results in
successful parse, which is unsurprising.

The problem has been previously reported, and incorrect assertions
made by other(s) that this is just a mysterious timing issue.
Regardless, the problem persists. If action has been taken, it has
neither been noted, nor has it appeared to have provided the desired
results.

Can this please be passed along as a maintenance request? A
confirmation of this action would be appreciated. 

Thank you,


--
Replies by posting preferred. All spam reported
From ppearson at nowhere.invalid  Sat Aug  2 14:20:40 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Sat Aug  2 14:25:03 2008
Subject: [Scspamcop] [Maybe OT] Receiving mail for malformed addresses
Message-ID: <g728ho$d45$1@news.spamcop.net>

The mail-delivery system on my own Linux box has started
sending me occasional emails like this:

  Subject: Postfix SMTP server: errors from localhost.localdomain[127.0.0.1]

  Transcript of session follows.

   Out: 220 eleodes.pearson.localdomain ESMTP Postfix (Ubuntu)
   In:  HELO eleodes.pearson.localdomain
   Out: 250 eleodes.pearson.localdomain
   In:  MAIL FROM:<>
   Out: 250 2.1.0 Ok
   In:  RCPT TO:<taesun-lemmodni@>
   Out: 501 5.1.3 Bad recipient address syntax
   In:  QUIT
   Out: 221 2.0.0 Bye

I'm not the world's greatest Linux whiz, but as best I can
tell, these messages (I got one yesterday, two today) occur
when fetchmail (which runs every 15 minutes) checks my two
mailboxes at spamcop.net and charter.net and in one of them
(I don't know which) finds this message with a malformed
destination address ("taesun-lemmodni@").  Fetchmail then
invokes my mail-delivery system (Postfix) to finish delivering
the message, but Postfix detects the defective address, logs
an error message, and sends me this notification email.

Does this diagnosis sound plausible?  Does anyone have any
similar experience, with malformed destination addresses
that sure aren't yours ending up in your inbox?  Does any
fetchmail maven know a good way to tell which of my mailboxes
(spamcop or charter) is burping up these monstrosities?

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From MikeE at ster.invalid  Sat Aug  2 15:27:08 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug  2 15:30:04 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
Message-ID: <g72ce3$rdl$1@news.spamcop.net>

Sam Trappe wrote:
> See .spam, subject "SC parsing error remains unfixed - See
>
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
"

I don't know what is going on in this problem, not even whether it is a
problem with the/your spamcop mailbox or the parser or something else,
but, perhaps if it were presented as if it could possibly be a problem
with the mailbox, it will get a different kind of attention, because the
mail system is run/administered differently than the parsing algo.

The mailbox admin doesn't frequent the newsgroups at all, only
occasionally the forums in the mail section, and you don't see him there
very often, but it is possible that forum moderators may move the issue
along some kind of channel.

The forum's front page is here
http://forum.spamcop.net/forums/index.php?act=home

... and especially note -- Start Here - before you make your first Post

... then after you are all checked out on the forum's info and policies,
here's the forum's mail section
http://forum.spamcop.net/forums/lofiversion/index.php/f4.html   SpamCop
Email System & Accounts - issues with a SpamCop Filtered E-Mail Account

In a sense, you are having a problem with your SC filtered email account,
namely that reporting from the account isn't working.


--
Mike Easter
kibitzer, not SC admin

From spamtrap at spamcop.net  Sat Aug  2 20:32:06 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 20:35:03 2008
Subject: [Scspamcop] STILL A PROBLEM - SC parsing error remains - PLEASE can
	this be enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
Message-ID: <esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>

Em Sat, 2 Aug 2008 12:27:08 -0700, "Mike Easter" <MikeE@ster.invalid>
escreveu o seguinte:

>Sam Trappe wrote:
>> See .spam, subject "SC parsing error remains unfixed - See
>>
>http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
>"
>
>I don't know what is going on in this problem

... as you have amply demonstrated in your prior post on this issue.
If you have no idea, perhaps you could restrain yourself from posting
a response? Will you ever yield to courtesy, if not sanity, and just
stop posting to "hear yourself talk"?

(This is yet another example of what I have described before as:
a. Your posts "cluttering" SC NGs, and,
b. The disadvantage of the "User Support" model for SC:
1) User submits problem, 
2) Response of no help (in this case, many words that could be
substituted with silence, as the poster even leads with admission that
he/she/it does NOT "know what is going on in this problem"),
3) (sadly, recently) "flame" responses from other(s) who provide
off-topic ad-hominen attacks for reasons unknown (knee-jerk support
for high-volume poster and attack against 'an outsider' who questions
his usefulness)  further clutter NG and offer no help, either, are
tacitly permitted by the NG admin,
4) No responses from anyone with authority (Deputies) or capability
(volunteers) are received,
5) Reported problems persist,
6) "Rinse and repeat".

So, to reiterate, in an act of sheer optimism that someone can do
something, and the "cycle of despair" (1..5, above) can be broken, and
a problem actually fixed, I'm reposting my problem report. Thank you,
in advance, for someone with authority or capability for taking action
to have this problem enqueued for analysis and repair.

== repost of error report ==

From: Sam Trappe <spamtrap@spamcop.net>
Newsgroups: spamcop.spam
Subject: SC parsing error remains - another example & another request
to fix
Date: Sat, 02 Aug 2008 17:11:10 -0600
Sender: spamtrap@spamcop.net
Organization: Moderate
Reply-To: spamtrap@spamcop.net
Message-ID: <mrp994tm7bb4cadulsie4069mcpahbm27s@4ax.com>
X-Newsreader: Forte Agent 4.2/32.1118

See .spam, subject "SC parsing error remains unfixed - See
http://www.spamcop.net/sc?id=z2119400515zd0c04905ca1c5ca7958465d88408a4eez"

See
http://www.spamcop.net/sc?id=z2119400515zd0c04905ca1c5ca7958465d88408a4eez
for unsuccessful parse:

== SC says..

Return-Path: <suzie_wright@hlnsj.com>
Delivered-To: x
Received: (qmail 29917 invoked from network); 2 Aug 2008 17:41:55
-0000
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7
X-Spam-Level: **********************
X-Spam-Status: hits=22.9
tests=FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR2,

MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_DYNAMIC,

TVD_SPACE_RATIO,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,
	URIBL_WS_SURBL version=3.2.4
Received: from unknown (192.168.1.108)
  by filter7.cesmail.net with QMQP; 2 Aug 2008 17:41:55 -0000
Received: from 189-015-99-222.xd-dynamic.ctbcnetsuper.com.br
(189.15.99.222)
  by mx71.cesmail.net with SMTP; 2 Aug 2008 17:41:54 -0000
Received: (from tomcat@localhost)	by 189.15.99.222
(8.12.8/8.12.8/Submit) id j4CHmn6V569528	for shorn@spamcop.net;
Sat, 02 Aug 2008 13:41:42 -0500Date: Sat, 02 Aug 2008 13:41:42
-0500Message-ID:
<018989x87qT8qQ4125771Q8q0@i9-159-666-25-01.Lg4L.cjbs.com>X-Mailer:
Mediacomm Communicator 1.11X-AntiAbuse: This header was added to track
abuse, please include it with any abuse reportX-AntiAbuse: Primary
Hostname - deceit.cjbs.comX-AntiAbuse: Original Domain -
cjbs.comX-AntiAbuse: Originator/Caller UID/GID - [99 99] / [26
16]X-AntiAbuse: Sender Address Domain - cjbs.comX-Auth:
3-DESX-Auth-bits: 53472171111848739971802634Content-Type: text/plain;
charset="us-ascii"Content-Transfer-Encoding: 7bitTo:
shorn@spamcop.net, sjohgart@spamcop.net, skemerson@spamcop.net,
slmatthews@spamcop.net, sniperozzie@spamcop.net, solokat@spamcop.net,
spamkiller@spamcop.net, spamtrap@spamcop.net, steven@spamcop.netFrom:
"Matthew  Landis" <Suzie_Wright@hlnsj.com>Subject: Customer Notice:
Pharmacy Expiry Notice
X-SpamCop-Checked: 
X-SpamCop-Disposition: Blocked SpamAssassin=22

View entire message
(http://www.spamcop.net/sc?id=z2119400515zd0c04905ca1c5ca7958465d88408a4eez;action=display)

Parsing header:
This header is incomplete. Please supply the full headers of the spam
you're trying to report.
No source IP address found, cannot proceed.
...

Nothing to do.

See
http://www.spamcop.net/sc?id=z2119453860z14b4d964ac7fee6c105eee2814e34e1ez
for successful parse, performed by simply copy/pasting the original
spam, as posted into .sightings, into SC. As before, this is from the
phamacy drug botnet spammer:

== botnet ==
Domain Type Class TTL Answer 
discussmillion.com. A IN 120 67.184.29.131 
discussmillion.com. A IN 120 68.190.35.222 
discussmillion.com. A IN 120 69.201.135.42 
discussmillion.com. A IN 120 69.245.174.253 
discussmillion.com. A IN 120 71.228.50.215 
discussmillion.com. A IN 120 75.139.130.32 
discussmillion.com. A IN 120 82.83.89.155 
discussmillion.com. A IN 120 85.216.224.150 
discussmillion.com. A IN 120 87.228.66.14 
discussmillion.com. A IN 120 89.208.196.194 
discussmillion.com. A IN 120 93.100.82.13 
discussmillion.com. A IN 120 124.49.160.219 
discussmillion.com. A IN 120 203.198.37.202 
discussmillion.com. A IN 120 213.248.16.85 
discussmillion.com. A IN 120 218.190.85.230 
discussmillion.com. A IN 120 221.154.48.75 
discussmillion.com. A IN 120 58.143.226.169 
discussmillion.com. A IN 120 59.20.126.52 
discussmillion.com. A IN 120 61.93.124.77 
discussmillion.com. A IN 120 61.224.203.225 
(root) NS IN 120 ns0.renewwdns1.com. 
(root) NS IN 120 ns0.nameedns1.com. 
(root) NS IN 120 ns0.renewwdns.com. 
(root) NS IN 120 ns0.nameedns.com. 

Thank you,



--
Replies by posting preferred. All spam reported
From no_not at never.tld  Sat Aug  2 21:03:27 2008
From: no_not at never.tld (Lynn)
Date: Sat Aug  2 21:05:03 2008
Subject: [Scspamcop] Re: STILL A PROBLEM - SC parsing error remains - PLEASE
 can this be enqueued for analysis and correction?
In-Reply-To: <esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
	<esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
Message-ID: <g7304v$f83$2@news.spamcop.net>

Sam Trappe wrote:
> Em Sat, 2 Aug 2008 12:27:08 -0700, "Mike Easter" <MikeE@ster.invalid>
> escreveu o seguinte:
>> Sam Trappe wrote:
>>> See .spam, subject "SC parsing error remains unfixed - See
>>>
>> http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
>> "
>>
>> I don't know what is going on in this problem
> 
> ... as you have amply demonstrated in your prior post on this issue.
> If you have no idea, perhaps you could restrain yourself from posting
> a response?

He told you all you need to know: "The mailbox admin doesn't frequent 
the newsgroups at all"
From connyank at cox.net  Sat Aug  2 21:11:56 2008
From: connyank at cox.net (jg)
Date: Sat Aug  2 21:15:03 2008
Subject: [Scspamcop] Google headers on a spam...
Message-ID: <g730kt$ikq$1@news.spamcop.net>

I know I need to set up an account w/ SC for google, I think.  I can't
parse this with my current config.  I don't currently have the time to
do so while knowing what I am doing and am only getting this single
sender showing up in my thunderbird junk folder daily - 2 or 3 a day.
 Usual google junk collects at google w/o hitting my Tbird junk box.
Appears to be some offer to help me quit smoking.
Could someone parse the headers manually and let me know if there is a
legit "unsubscribe" for whoever this is?

>From - Sat Aug  2 02:36:16 2008
X-Account-Key: account9
X-UIDL: GmailId11b82c4309470edb
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:

Delivered-To: x@gmail.com
Received: by 10.210.75.8 with SMTP id x8cs83365eba;
        Sat, 2 Aug 2008 02:34:01 -0700 (PDT)
Received: by 10.151.9.1 with SMTP id m1mr4736332ybi.12.1217669640567;
        Sat, 02 Aug 2008 02:34:00 -0700 (PDT)
Return-Path: <support@email.getquit.com>
Received: from mail10.promosupport.com (Mail10.PromoSupport.com
[69.7.235.75])
        by mx.google.com with ESMTP id 4si3839279yxj.7.2008.08.02.02.33.59;
        Sat, 02 Aug 2008 02:34:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of support@email.getquit.com
designates 69.7.235.75 as permitted sender) client-ip=69.7.235.75;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
support@email.getquit.com designates 69.7.235.75 as permitted sender)
smtp.mail=support@email.getquit.com
Return-Path: <support@email.getquit.com>
Received: from [192.168.5.22] ([192.168.5.22:4410] helo=svrsql11)
	by mail10.promosupport.com (ecelerity 2.1.1.18 r(16931)) with ESMTP
	id 04\EF-03820-6D924984 for <x@gmail.com>; Sat, 02 Aug 2008 09:33:10 +0000
Message-ID: <04.EF.03820.6D924984@mail10.promosupport.com>
X-RTM-ID: 13244bf8-fdb2-4df5-8e1a-cc9db4b3b43a
MIME-Version: 1.0
From: GETQUIT <support@email.getquit.com>

apologize for OT...
From connyank at cox.net  Sat Aug  2 21:14:14 2008
From: connyank at cox.net (jg)
Date: Sat Aug  2 21:15:04 2008
Subject: [Scspamcop] Re: Is SpamCop tracking this spamitem correctly?
In-Reply-To: <g7104u$jid$1@news.spamcop.net>
References: <g6uqcn$og0$1@news.spamcop.net> <g6vude$9j7$1@news.spamcop.net>
	<g7104u$jid$1@news.spamcop.net>
Message-ID: <g730p7$ikq$2@news.spamcop.net>

On 08/01/2008 11:51 PM Geoffrey Hyde scribbled:

> "Mike Easter" <MikeE@ster.invalid> wrote in message 
> news:g6vude$9j7$1@news.spamcop.net...
> 
>> In the body of the mail, Kelly provides hir email address and information
>> about the spamvertised site and source of the mail and mailserver.
> 
> One would think they'd actually bother to check if someone actually had a 
> website, instead of presuming someone had a website.  I don't have a website 
> of my own, so why they're bothering me with some unsolicited commercial 
> advertisement for plastic pellets is beyond me.

so why does my mother raise ducks?

  They don't even point out
> where they found my email address from in their spam email, so why should I 
> bother with whatever information they provide about "their" site/mailserver?
> 
> Therefore, it's obvious that they're a person who doesn't bother to clean 
> their mailing lists, and that they don't bother to check who they're 
> spamming.  Because if they did, that would mean they cared, and they don't 
> seem to have shown any such indication in their spam email.

so, what else is new?
whats your point here?

cheers
jg

From MikeE at ster.invalid  Sat Aug  2 21:31:19 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug  2 21:35:03 2008
Subject: [Scspamcop] Re: STILL A PROBLEM - SC parsing error remains - PLEASE
	can this be enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
	<esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
Message-ID: <g731p0$l1n$1@news.spamcop.net>

Sam Trappe wrote:
> "Mike Easter"
>> Sam Trappe wrote:
>>> See .spam, subject "SC parsing error remains unfixed - See
>>>
>>
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
>> "
>>
>> I don't know what is going on in this problem

The purpose of my post was not to clarify the parsing problem, the purpose
of my post was to suggest how to take it to the forum and why.


--
Mike Easter
kibitzer, not SC admin

From spamtrap at spamcop.net  Sat Aug  2 21:38:26 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 21:40:02 2008
Subject: [Scspamcop] Re: STILL A PROBLEM - SC parsing error remains - PLEASE
	can this be enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
	<esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
	<g7304v$f83$2@news.spamcop.net>
Message-ID: <5u2a9495q738ac17js70l78vrup671p5ib@4ax.com>

Em Sat, 02 Aug 2008 18:03:27 -0700, Lynn <no_not@never.tld> escreveu o
seguinte:

>Sam Trappe wrote:
>> Em Sat, 2 Aug 2008 12:27:08 -0700, "Mike Easter" <MikeE@ster.invalid>
>> escreveu o seguinte:
>>> Sam Trappe wrote:
>>>> See .spam, subject "SC parsing error remains unfixed - See
>>>>
>>> http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
>>> "
>>>
>>> I don't know what is going on in this problem
>> 
>> ... as you have amply demonstrated in your prior post on this issue.
>> If you have no idea, perhaps you could restrain yourself from posting
>> a response?
>
>He told you all you need to know: "The mailbox admin doesn't frequent 
>the newsgroups at all"

This only works if you assume that the problem is limited to email
received by the SC email system. As that is not the case, what he told
me had no value.

Thanks for your sincere concern,

--
Replies by posting preferred. All spam reported
From spamtrap at spamcop.net  Sat Aug  2 21:39:23 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sat Aug  2 21:40:03 2008
Subject: [Scspamcop] Re: STILL A PROBLEM - SC parsing error remains - PLEASE
	can this be enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
	<esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
	<g731p0$l1n$1@news.spamcop.net>
Message-ID: <m03a941tqefcjp5t195ka9kakgke4eqsm4@4ax.com>

Em Sat, 2 Aug 2008 18:31:19 -0700, "Mike Easter" <MikeE@ster.invalid>
escreveu o seguinte:

>Sam Trappe wrote:
>> "Mike Easter"
>>> Sam Trappe wrote:
>>>> See .spam, subject "SC parsing error remains unfixed - See
>>>>
>>>
>http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
>>> "
>>>
>>> I don't know what is going on in this problem
>
>The purpose of my post was not to clarify the parsing problem, the purpose
>of my post was to suggest how to take it to the forum and why.

This only works if you assume that the problem is limited to email
received by the SC email system. As that is not the case, what you
told me had no value.

Perhaps if you assumed less, you'd be less annoying, and you'd waste
less time of those who have lives.

--
Replies by posting preferred. All spam reported
From user at domain.invalid  Sat Aug  2 22:44:57 2008
From: user at domain.invalid (Farelf)
Date: Sat Aug  2 22:45:03 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
 enqueued for analysis and correction?
In-Reply-To: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
Message-ID: <g73632$tem$1@news.spamcop.net>

Sam Trappe wrote:

> See http://www.spamcop.net/mcgi?action=gettrack&reportid=3338712139
> for successful parse, performed by simply copy/pasting the original
> spam, as posted into .sightings, into SC.
> 

FWIW only you can access that link.  The data from 
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
does indeed 'reconstruct' into a successful parse as in 
http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
(Why does that first one, yours, expose all those other SC email account 
addresses, I wonder? They mightn't thank you but you weren't to know. 
That could be counted as a bug.)

There have been instances of non-printable characters causing parsing 
problems - see http://forum.spamcop.net/forums/index.php?showtopic=8897 
and other referenced from there. However your unsuccessful parse data 
does not trigger the curious Mozilla browser failure I experienced in 
that instance.

And, as we can see, other SC accounts are receiving the identical spam. 
I wonder if they are having the same results?  If they are quick/VER 
reporting it might be different, or they might not even be aware even if 
the odd case is not parsing.
From g.hyde at bigNOSPAMpond.net.au  Sat Aug  2 22:53:13 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Sat Aug  2 22:55:03 2008
Subject: [Scspamcop] Re: STILL A PROBLEM - SC parsing error remains - PLEASE
	can this be enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g72ce3$rdl$1@news.spamcop.net>
	<esu994951t2a0ni0sir1m7ci8krpoo5n1t@4ax.com>
	<g7304v$f83$2@news.spamcop.net>
	<5u2a9495q738ac17js70l78vrup671p5ib@4ax.com>
Message-ID: <g736j5$uob$1@news.spamcop.net>


"Sam Trappe" <spamtrap@spamcop.net> wrote in message 
news:5u2a9495q738ac17js70l78vrup671p5ib@4ax.com...

> This only works if you assume that the problem is limited to email
> received by the SC email system. As that is not the case, what he told
> me had no value.

You were asked by Mike Easter and others to go to the web forums, which are 
a completely different setup to the newsgroups which you have found, and 
post about your problem there.

You have to get the attention of the SC mailserver admins who do NOT post to 
or monitor these newsgroups.  They do occasionally post to and monitor the 
forums you have been directed to post your query in.

Kindly make your web forum post about your SC mailserver issues there, and 
perhaps you would get a response.

Alternatively, you could try emailing service AT spamcop DOT net and see if 
they will give you a response.  Also try deputies at spamcop dot net perhaps 
they will be able to tell you if there is an update on the status of your 
problem.

It is likely that they are working on the problem and will eventually post a 
fix, however, since they have a lot of administrative work to do they will 
likely not tell you if it has been fixed unless they have sufficient people 
complaining about the problem to warrant a public announcement of the fix.

Bugging the regular newsserver readers here for information they don't have 
access to is pointless.  Your replies appear to be indicating that your 
superiors want an answer from you on this problem.  You do not seem to be 
aware that SpamCop is not a part of your organization and therefore has no 
obligation to provide support, fixes, or answers to you, your superiors, or 
your organization.

Cheers ...

Geoffrey Hyde

I am NOT a SC admin, just someone who would like for you to sit back, relax, 
and go do something productive.



From user at domain.invalid  Sun Aug  3 01:58:10 2008
From: user at domain.invalid (Farelf)
Date: Sun Aug  3 02:00:03 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
 enqueued for analysis and correction?
In-Reply-To: <g73632$tem$1@news.spamcop.net>
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<g73632$tem$1@news.spamcop.net>
Message-ID: <g73hdj$oat$1@news.spamcop.net>

Farelf wrote:

> 
> FWIW only you can access that link.  The data from 
> http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
> does indeed 'reconstruct' into a successful parse as in 
> http://www.spamcop.net/sc?id=z2118749919z9308e43823c6cdd2ea4f7799a326938fz
> (Why does that first one, yours, expose all those other SC email account 
> addresses, I wonder? They mightn't thank you but you weren't to know. 
> That could be counted as a bug.)
> 

That 'reconstruction' should be 
http://www.spamcop.net/sc?id=z2119708728z56dee1f2dc75898ec616301309a2d568z
From nobody at nowhere.not  Sun Aug  3 14:10:19 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug  3 14:15:03 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>

On Sat, 2 Aug 2008 17:13:20 UTC, Sam Trappe <spamtrap@spamcop.net> 
wrote:

> Evidence available indicates the spammer (same as before, and as all
> samples I receive have been: the pharmacy botnet spammer)  are
> inserting some special character(s) at the end of the subject line
> that results in the extra line shown between that and the X-SpamCop
> headers added. Copy/paste of resulting text always results in
> successful parse, which is unsurprising.

If I had that kind of problem and thought it was special characters in
the subject line I would have found out what those characters were.  
You can not fix a problem without knowing what is causing the problem.

So far I have not seen the type of error you are receiving and I get a
lot of email with strange characters in the subject line.


-- 
Robert Blair
From jim at slaughter.org  Sun Aug  3 14:17:51 2008
From: jim at slaughter.org (Jim)
Date: Sun Aug  3 14:20:03 2008
Subject: [Scspamcop] Spamcop reporting email address
Message-ID: <g74sod$u7e$1@news.spamcop.net>

I recently had to restore my system and reinstall Mailwasher. When I did, 
the email link that you specify in the spamcop settings was lost. Can anyone 
help me with this? What do we enter as the spamcop email? 


From spamtrap at spamcop.net  Sun Aug  3 16:01:25 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sun Aug  3 16:05:03 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>
Message-ID: <6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com>

Em Sun, 3 Aug 2008 18:10:19 +0000 (UTC), "Robert Blair"
<nobody@nowhere.not> escreveu o seguinte:

>On Sat, 2 Aug 2008 17:13:20 UTC, Sam Trappe <spamtrap@spamcop.net> 
>wrote:
>
>> Evidence available indicates the spammer (same as before, and as all
>> samples I receive have been: the pharmacy botnet spammer)  are
>> inserting some special character(s) at the end of the subject line
>> that results in the extra line shown between that and the X-SpamCop
>> headers added. Copy/paste of resulting text always results in
>> successful parse, which is unsurprising.
>
>If I had that kind of problem and thought it was special characters in
>the subject line I would have found out what those characters were.  
>You can not fix a problem without knowing what is causing the problem.

Without access to the raw mailstream data as it flows into SpamCop, it
is impossible for me to determine. Someone at SC can do so, as they
have access. No one who is not an SC admin or deputy, no matter how
sincere their beliefs nor numerous their posts to this NG, have access
to the data to allow them to do so.

Once again, the "User Supported" model, as specified in the SpamCop
FAQ, shows its shortcomings.

--
Replies by posting preferred. All spam reported
From CBXXX at webtv.net  Sun Aug  3 15:51:44 2008
From: CBXXX at webtv.net (CBXXX@webtv.net)
Date: Sun Aug  3 16:10:04 2008
Subject: [Scspamcop] To old to report????
Message-ID: <15639-48960C50-1136@storefull-3253.bay.webtv.net>

I'm getting email today that I'm reporting right away and it's to old??? 

From nobody at devnull.spamcop.net  Sun Aug  3 16:49:26 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Sun Aug  3 16:50:04 2008
Subject: [Scspamcop] Re: Spamcop reporting email address
References: <g74sod$u7e$1@news.spamcop.net>
Message-ID: <g755kj$q3a$1@news.spamcop.net>

"Jim" <jim@slaughter.org> wrote in message 
news:g74sod$u7e$1@news.spamcop.net...
>I recently had to restore my system and reinstall Mailwasher. When 
>I did, the email link that you specify in the spamcop settings was 
>lost. Can anyone help me with this? What do we enter as the spamcop 
>email?

Log into "your" www.spamcop.net web-page.  Your 'submit' 
link/address will be displayed on that page. 


From nobody at devnull.spamcop.net  Sun Aug  3 17:06:23 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Sun Aug  3 17:10:04 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>
	<6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com>
Message-ID: <g756kd$ta8$1@news.spamcop.net>

"Sam Trappe" <spamtrap@spamcop.net> wrote in message 
news:6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com...
>
> Without access to the raw mailstream data as it flows into 
> SpamCop, it
> is impossible for me to determine. Someone at SC can do so, as 
> they
> have access. No one who is not an SC admin or deputy, no matter 
> how
> sincere their beliefs nor numerous their posts to this NG, have 
> access
> to the data to allow them to do so.
>
> Once again, the "User Supported" model, as specified in the 
> SpamCop
> FAQ, shows its shortcomings.

I'd rather point out that a certain user has issues.  Had this user 
actually tried to go to the suggested support point, this user could 
have found an entry titled "Not finding the Help you need?" which 
would take one to 
http://forum.spamcop.net/forums/index.php?showtopic=6473

Yet another possible response to your continued badmouthing of other 
users ... "Where to get Help" as found in the Wiki at 
http://forum.spamcop.net/scwik/SpamCopWhereToGetHelp

The point being that JT once talked about removing the newsgroups 
(in total), but specifically pointing to the function of SpamCop.net 
e-mail account support.  It's not like this happened yesterday, 
rather dating back a number of years.

In reply to some of your other comments, I'd rather you did not 
become a Forum contributor, as your wish for Moderator actions would 
be found to be a real action over there.  You would not be allowed 
to continue to waste everyone else's time and energy there as you 
have continued to do here. 


From notmyrealaddress at comcast.net  Sun Aug  3 17:15:29 2008
From: notmyrealaddress at comcast.net (Bitemespammerboy)
Date: Sun Aug  3 17:20:03 2008
Subject: [Scspamcop] Newbie question about scammer's email addresses
Message-ID: <g75758$v1n$1@news.spamcop.net>

I get a lot of email from scammers in Nigeria and elsewhere who'd like me to 
send them some money, and would like me to reply to them at their Yahoo.* / 
Live / Google / Hotmail / etc. email box.

It would make sense to me that SpamCop would have a feature where you could 
target the "Reply-To" email address and/or the email addresses found in the 
body text without having to cut and paste it into the User Comments box and 
target the appropriate ISP.

Am I missing something?  Why isn't this more automated?

-- Roger 


From nobody at spamcop.net  Sun Aug  3 17:23:21 2008
From: nobody at spamcop.net (bar0)
Date: Sun Aug  3 17:25:02 2008
Subject: [Scspamcop] Re: Newbie question about scammer's email addresses
References: <g75758$v1n$1@news.spamcop.net>
Message-ID: <g757kc$su$1@news.spamcop.net>


"Bitemespammerboy" <notmyrealaddress@comcast.net> wrote in message 
news:g75758$v1n$1@news.spamcop.net...
>I get a lot of email from scammers in Nigeria and elsewhere who'd like me 
>to send them some money, and would like me to reply to them at their 
>Yahoo.* / Live / Google / Hotmail / etc. email box.
>
> It would make sense to me that SpamCop would have a feature where you 
> could target the "Reply-To" email address and/or the email addresses found 
> in the body text without having to cut and paste it into the User Comments 
> box and target the appropriate ISP.
>
> Am I missing something?  Why isn't this more automated?


This was a feature at one time, between free services unwilling to recieve 
such notices, lack of action upon such notices and the volume of notices 
sent against innocent bystanders, the practice was discontinued.



From nobody at nowhere.not  Sun Aug  3 18:53:02 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug  3 18:55:03 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>
	<6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-xKdKQNFcmr8I@dsl-206-55-144-107.tstonramp.com>

On Sun, 3 Aug 2008 20:01:25 UTC, Sam Trappe <spamtrap@spamcop.net> 
wrote:

> Without access to the raw mailstream data as it flows into SpamCop, it
> is impossible for me to determine.

Yes you have access to the data.

Use your email client to retrieve the email that is causing you 
problems.


-- 
Robert Blair
From spamtrap at spamcop.net  Sun Aug  3 19:50:43 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sun Aug  3 19:55:04 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>
	<6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com>
	<g756kd$ta8$1@news.spamcop.net>
Message-ID: <kegc94tv9sknll6l2rejjk4ncmda6v09lf@4ax.com>

Em Sun, 3 Aug 2008 16:06:23 -0500, "Wazoo"
<nobody@devnull.spamcop.net> escreveu o seguinte:

>"Sam Trappe" <spamtrap@spamcop.net> wrote in message 
>news:6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com...
>>
>> Without access to the raw mailstream data as it flows into 
>> SpamCop, it
>> is impossible for me to determine. Someone at SC can do so, as 
>> they
>> have access. No one who is not an SC admin or deputy, no matter 
>> how
>> sincere their beliefs nor numerous their posts to this NG, have 
>> access
>> to the data to allow them to do so.
>>
>> Once again, the "User Supported" model, as specified in the 
>> SpamCop
>> FAQ, shows its shortcomings.
>
>I'd rather point out that a certain user has issues.

Gee, I love you too!
 
>  Had this user 
>actually tried to go to the suggested support point, this user could 
>have found an entry titled "Not finding the Help you need?" which 
>would take one to 
>http://forum.spamcop.net/forums/index.php?showtopic=6473

Passive tense is often a sign of pasive aggressiveness, and cowardice.
Do these apply to you?

>Yet another possible response to your continued badmouthing of other 
>users ... "Where to get Help" as found in the Wiki at 
>http://forum.spamcop.net/scwik/SpamCopWhereToGetHelp

I am so sorry if your feelings were hurt on behalf of others. How
wonderful that as others passed insults my way, you sat idly by, but
now choose to insult me. What a well balanced approach!

>The point being that JT once talked about removing the newsgroups 
>(in total), but specifically pointing to the function of SpamCop.net 
>e-mail account support.  It's not like this happened yesterday, 
>rather dating back a number of years.

If the newsgroups are not meant to be used for support, then a
sensible organization would remove them. Spamcop "support" is a
contradiction in terms, as currently setup and documented.

>In reply to some of your other comments, I'd rather you did not 
>become a Forum contributor, as your wish for Moderator actions would 
>be found to be a real action over there. 

At the same time, perhaps others would not feel so free to make their
commments... but you, too, seem to have encapsulated the herd
mentality too much to be balanced.

>  You would not be allowed 
>to continue to waste everyone else's time and energy there as you 
>have continued to do here. 

Well, certainly your comments and some others have wasted my time.
Perhaps you and they should learn to use your killfile, either for my
username or this thread. I'm awfully sorry I bothered to post it in
the first place - it has primarily resulted in uninformed and/or
hostile comments.

I offered early on to "take it to email" and leave the NG uncluttered.
I reiterate this offer. Anyone want to continue to flame me on this
topic? Email me, instead of posting. If your comment sufficiently
amuses me, I'll reply, otherwise I'll ignore or block you. This way,
the group-think hostility towards outsiders can have an outlet while
keeping the NGs on topic.

Cheers,

--
Replies by posting preferred. All spam reported
From spamtrap at spamcop.net  Sun Aug  3 19:52:35 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sun Aug  3 19:55:04 2008
Subject: [Scspamcop] Re: SC parsing error remains - PLEASE can this be
	enqueued for analysis and correction?
References: <rv49945vni1hseodcso0r1lh0o1u4ji8f4@4ax.com>
	<TECQXhvKj0FX-pn2-nM1uxBN65uNF@dsl-206-55-144-107.tstonramp.com>
	<6f3c9496n2u3vt9f3nc6mg7pat5car834q@4ax.com>
	<TECQXhvKj0FX-pn2-xKdKQNFcmr8I@dsl-206-55-144-107.tstonramp.com>
Message-ID: <f3hc945a0g6afosg1sr928g4r316a7trn4@4ax.com>

Em Sun, 3 Aug 2008 22:53:02 +0000 (UTC), "Robert Blair"
<nobody@nowhere.not> escreveu o seguinte:

>On Sun, 3 Aug 2008 20:01:25 UTC, Sam Trappe <spamtrap@spamcop.net> 
>wrote:
>
>> Without access to the raw mailstream data as it flows into SpamCop, it
>> is impossible for me to determine.
>
>Yes you have access to the data.

Um, no, I don't. 
>Use your email client to retrieve the email that is causing you 
>problems.

Rather than continue to offend the sensitive souls who post here, I'd
be happy to discuss why I believe this to be so via email.
Alternatively, you can drop the issue.  

Cheers,

--
Replies by posting preferred. All spam reported
From devnull at spamcop.net  Sun Aug  3 20:20:22 2008
From: devnull at spamcop.net (Miss Betsy)
Date: Sun Aug  3 20:20:02 2008
Subject: [Scspamcop] Re: multiple routing issues posted in .routing at end
	of June - status?
References: <p37894ddgo9csgkcnpa2bh74mi0nhsgd1o@4ax.com>
Message-ID: <g75hv1$tnb$1@news.spamcop.net>



"Sam Trappe" <spamtrap@spamcop.net> wrote in message 
news:p37894ddgo9csgkcnpa2bh74mi0nhsgd1o@4ax.com...
> There's been no response to any of the multiple routing issues I
> posted in .routing at end of June.
>
> What is the status of these reporting problems?
>
> If not adressed, when will they be addressed, if ever?

I don't know much about .routing because I don't have the expertise to 
submit a good post.  This is what I do know:  apparently, when the deputies 
have time, they (usually Ellen) try to take care of items.  Also, the items 
that don't have much information are sometimes ignored.

<snip> Will SC's NG 'admin' continue to
> selectively (if at all) enforce the NG guidelines?

There is no NG admin.  This is a self moderated ng.

<snip> Is an email address available to ask such status
> questions from the SC deputies? The .routing deputy did not reply to
> my single email. <snip>

If you have already sent an email, then you know the email address.  The 
more data that you supply in your email, the more likely it is to be 
answered.

The reason for the ngs (and now forum) for spamcop help is because Julian 
(the originator) believed that a user group was better than a help desk 
since there were lots of different viewpoints about a problem.  In general, 
it is true that if the questioner doesn't get an answer from one person, 
another person may be able to explain it better or have a more complete 
answer.  A person needs to be able to handle different personalities and not 
to expect to be treated as a customer in order to get full benefit, however.

I don't know whether Ironport or Cisco are particularly interested in 
complaints.  Nothing much has changed in years despite occasional grumblings 
about getting help.

Miss Betsy
an almost new internet user

 

From spamtrap at spamcop.net  Sun Aug  3 20:25:11 2008
From: spamtrap at spamcop.net (Sam Trappe)
Date: Sun Aug  3 20:30:02 2008
Subject: [Scspamcop] Unqualified apology
Message-ID: <soic94d573sqb90e1i8nt09enrb49vc8dj@4ax.com>

OK, enough's enough. I started it, so, allow me to attempt to finish
it.

I came to the SC NGs and, quite openly, acted like a jerk. 

Any reason or rationale for doing so is unimportant, compared to the
need to make amends.

So, in a sincere attempt to do so, and in a hopefully well accepted
attempt to lighten the mood, I offer the following:

"I offer a complete and utter retraction [of my prior comments]. The
imputations [were] totally without basis in fact, and [were] in no way
fair comment, and [were] motivated purely by malice, and I deeply
regret any distress that my comments may have caused you, or your
[friends], and I hereby undertake not to repeat any such slander at
any time in the future."

Sincerely,

P.S. Feel free to post in reply, reply by email, re-post, forward, or
ignore, as you see fit.

Cheers,
From nobody at devnull.spamcop.net  Sun Aug  3 21:59:22 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Sun Aug  3 22:00:03 2008
Subject: [Scspamcop] Can anyone follow SC's logic?
Message-ID: <g75npr$cl8$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2122047674ze84e2a28df03969b733579ec0135741cz

Spam URL is http://vgr.mobile-x.biz/ = 124.107.82.245 = 
124.107.82.245.pldt.net; then SC says

whois.apnic.net 124.107.82.245 = nctabernilla@pldt.com.ph, 
vrortiz@pldt.com.ph, rrdelavega@pldt.com.ph, ssmiguel@pldt.com.ph, 
riresurreccion@pldt.com.ph, jcgonzales@pldt.com.ph, royir143@hotmail.com

whois: 124.104.0.0 - 124.107.255.255 = nctabernilla@pldt.com.ph, 
vrortiz@pldt.com.ph, rrdelavega@pldt.com.ph, ssmiguel@pldt.com.ph, 
riresurreccion@pldt.com.ph, jcgonzales@pldt.com.ph, royir143@hotmail.com

And then: No reporting addresses found for 124.107.82.245, using devnull 
for tracking.

???
From g.hyde at bigNOSPAMpond.net.au  Sun Aug  3 23:30:03 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Sun Aug  3 23:35:04 2008
Subject: [Scspamcop] Re: Can anyone follow SC's logic?
References: <g75npr$cl8$1@news.spamcop.net>
Message-ID: <g75t3v$q1k$1@news.spamcop.net>


"Patto" <nobody@devnull.spamcop.net> wrote in message 
news:g75npr$cl8$1@news.spamcop.net...
> http://www.spamcop.net/sc?id=z2122047674ze84e2a28df03969b733579ec0135741cz
>
> Spam URL is http://vgr.mobile-x.biz/ = 124.107.82.245 = 
> 124.107.82.245.pldt.net; then SC says

Looking up pldt.net in abuse.net gives the following reporting addresses:

postmaster@pldt.net (for pldt.net)
riresurreccion@pldt.com.ph (for pldt.net)
customers@pldt.com.ph (for pldt.net)
abuse@vitro.epldt.net (for pldt.net)

Looks like you might have to do a manual LART of that IP address - at least 
until SC's lookup database is properly updated to find the contacts.

HTH

Cheers ...

Geoffrey Hyde


From MikeE at ster.invalid  Mon Aug  4 11:19:47 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Aug  4 11:20:02 2008
Subject: [Scspamcop] Re: Can anyone follow SC's logic?
References: <g75npr$cl8$1@news.spamcop.net>
Message-ID: <g776m8$qap$1@news.spamcop.net>

Patto wrote:
>
http://www.spamcop.net/sc?id=z2122047674ze84e2a28df03969b733579ec0135741cz

Presently this tracker sez that when reported the spamvertised provider
notify went to nomaster devnull, but it now offers the addresses you
found.

 Reportid: 3342181556 To: nomaster@devnull.spamcop.net

Re: http://vgr.mobile-x.biz/ (Administrator of network hosting website
referenced in spam)

nctabernilla@pldt.com.ph
vrortiz@pldt.com.ph
rrdelavega@pldt.com.ph
ssmiguel@pldt.com.ph
riresurreccion@pldt.com.ph
jcgonzales@pldt.com.ph
royir143@hotmail.com

> And then: No reporting addresses found for 124.107.82.245, using devnull
> for tracking.
>
> ???

The problem seems to have resolved itself.



--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Mon Aug  4 11:25:56 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Aug  4 11:30:05 2008
Subject: [Scspamcop] Re: Spamcop reporting email address
References: <g74sod$u7e$1@news.spamcop.net>
Message-ID: <g7771q$r5b$1@news.spamcop.net>

Jim wrote:
> I recently had to restore my system and reinstall Mailwasher. When I
> did, the email link that you specify in the spamcop settings was lost.
> Can anyone help me with this? What do we enter as the spamcop email?

Go to this page http://www.spamcop.net/

.. and login and you will see a line with the specific submit address for
your account

Forward your spam to: submit.16charANcodeNMBR@spam.spamcop.net

.. where the 16charANcodeNMBR is a 16 character alphanumeric case
sensitive code number which is uniquely specific for your account and
which is private/secret so that no one else can submit spams in your name.

--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Mon Aug  4 11:28:57 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Aug  4 11:30:05 2008
Subject: [Scspamcop] Re: To old to report????
References: <15639-48960C50-1136@storefull-3253.bay.webtv.net>
Message-ID: <g7777e$saf$1@news.spamcop.net>

CBXXX@webtv.net wrote:
> I'm getting email today that I'm reporting right away and it's to old???

It is possible that the mail was delayed somewhere along the way.

If you will post a tracking url here, we can take a look at the item.


How to make a tracker:

 1 select and obtain the complete spam
 2 privatize the header&body content
 3 webparse it & copy the tracking URL
 4 cancel the report & paste the tracker in here


1  ... in the manner described by the SC faq
http://www.spamcop.net/fom-serve/cache/19.html  How do I get my email
program to reveal the full, unmodified email?

2 ... by modestly and unambiguously mungeing any private information you
don't want to expose, such as your name or email address which might
appear anywhere in the header or body.  Avoid excessive or confusing
mungeing.

3 login to the SC webparser, paste in the spam, and click Process Spam
button;  then copy the tracking URL from the top 'Here is your TRACKING
URL' of the appearance
http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez

4 ... after parsing, the report is 'live' until the cancel button is
used.  After cancelling the tracker disappears;  the munged spam report
should be cancelled because it has been materially changed and because
you don't want to leave a tracker live.


--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Mon Aug  4 22:09:40 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Mon Aug  4 22:10:03 2008
Subject: [Scspamcop] Re: Can anyone follow SC's logic?
In-Reply-To: <g776m8$qap$1@news.spamcop.net>
References: <g75npr$cl8$1@news.spamcop.net> <g776m8$qap$1@news.spamcop.net>
Message-ID: <g78cp4$b3p$1@news.spamcop.net>

Mike Easter wrote:
> Patto wrote:
>> http://www.spamcop.net/sc?id=z2122047674ze84e2a28df03969b733579ec0135741cz
> 
> The problem seems to have resolved itself.

I always love it when problems solve themselves. If only it would happen 
more often... :)
From jim at slaughter.org  Tue Aug  5 18:32:44 2008
From: jim at slaughter.org (Jim)
Date: Tue Aug  5 18:35:02 2008
Subject: [Scspamcop] Re: Spamcop reporting email address
References: <g74sod$u7e$1@news.spamcop.net> <g7771q$r5b$1@news.spamcop.net>
Message-ID: <g7ake9$abr$1@news.spamcop.net>

Great! Thanks everybody!

"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:g7771q$r5b$1@news.spamcop.net...
> Jim wrote:
>> I recently had to restore my system and reinstall Mailwasher. When I
>> did, the email link that you specify in the spamcop settings was lost.
>> Can anyone help me with this? What do we enter as the spamcop email?
>
> Go to this page http://www.spamcop.net/
>
> .. and login and you will see a line with the specific submit address for
> your account
>
> Forward your spam to: submit.16charANcodeNMBR@spam.spamcop.net
>
> .. where the 16charANcodeNMBR is a 16 character alphanumeric case
> sensitive code number which is uniquely specific for your account and
> which is private/secret so that no one else can submit spams in your name.
>
> --
> Mike Easter
> kibitzer, not SC admin
> 


From nobody at devnull.spamcop.net  Thu Aug  7 23:33:47 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Thu Aug  7 23:35:03 2008
Subject: [Scspamcop] Here we have another one...
Message-ID: <g7geqr$veb$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2133338140z4ed330ec177a10cd7978b4a5fbfd1d51z

http://jive.to/b2Bl3 redirects to malware download site 
http://scan.power-antivirus-2009.com/ [91.208.0.233], then wants to send 
an abuse report to abuse@still

According to RIPE
abuse-mailbox:   abuse@still-trade.com
From notmyrealaddress at comcast.net  Fri Aug  8 00:48:19 2008
From: notmyrealaddress at comcast.net (Bitemespammerboy)
Date: Fri Aug  8 00:50:03 2008
Subject: [Scspamcop] Re: Newbie question about scammer's email addresses
References: <g75758$v1n$1@news.spamcop.net> <g757kc$su$1@news.spamcop.net>
Message-ID: <g7gj6i$hgd$1@news.spamcop.net>

Do you report these, or is just an utter waste of time?  It would just take 
a moment for the free services to kill these drop-boxes.

"bar0" <nobody@spamcop.net> wrote in message 
news:g757kc$su$1@news.spamcop.net...
>
> "Bitemespammerboy" <notmyrealaddress@comcast.net> wrote in message 
> news:g75758$v1n$1@news.spamcop.net...
>>I get a lot of email from scammers in Nigeria and elsewhere who'd like me 
>>to send them some money, and would like me to reply to them at their 
>>Yahoo.* / Live / Google / Hotmail / etc. email box.
>>
>> It would make sense to me that SpamCop would have a feature where you 
>> could target the "Reply-To" email address and/or the email addresses 
>> found in the body text without having to cut and paste it into the User 
>> Comments box and target the appropriate ISP.
>>
>> Am I missing something?  Why isn't this more automated?
>
>
> This was a feature at one time, between free services unwilling to recieve 
> such notices, lack of action upon such notices and the volume of notices 
> sent against innocent bystanders, the practice was discontinued.
>
>
> 


From nobody at devnull.spamcop.net  Fri Aug  8 05:36:37 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Fri Aug  8 05:40:02 2008
Subject: [Scspamcop] Re: Newbie question about scammer's email addresses
In-Reply-To: <g7gj6i$hgd$1@news.spamcop.net>
References: <g75758$v1n$1@news.spamcop.net> <g757kc$su$1@news.spamcop.net>
	<g7gj6i$hgd$1@news.spamcop.net>
Message-ID: <g7h435$i2t$1@news.spamcop.net>

Bitemespammerboy wrote:
> Do you report these, or is just an utter waste of time?  It would just take 
> a moment for the free services to kill these drop-boxes.
> 
> "bar0" <nobody@spamcop.net> wrote in message 
> news:g757kc$su$1@news.spamcop.net...
>> "Bitemespammerboy" <notmyrealaddress@comcast.net> wrote in message 
>> news:g75758$v1n$1@news.spamcop.net...
>>> I get a lot of email from scammers in Nigeria and elsewhere who'd like me 
>>> to send them some money, and would like me to reply to them at their 
>>> Yahoo.* / Live / Google / Hotmail / etc. email box.
>>>
>>> It would make sense to me that SpamCop would have a feature where you 
>>> could target the "Reply-To" email address and/or the email addresses 
>>> found in the body text without having to cut and paste it into the User 
>>> Comments box and target the appropriate ISP.
>>>
>>> Am I missing something?  Why isn't this more automated?
>>
>> This was a feature at one time, between free services unwilling to recieve 
>> such notices, lack of action upon such notices and the volume of notices 
>> sent against innocent bystanders, the practice was discontinued.

Yahoo does take (some) action if they are notified, but it appears that 
they make it as difficult as possible to report abuse. They have several 
online forms for reporting, but they keep moving them around all the 
time. I have about a dozen in my bookmarks, but most of them are no 
longer valid.

Yahoo US:
http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse.html

Yahoo UK:
http://help.yahoo.com/l/uk/yahoo/abuse/general.html
From nobody at spamcop.net  Fri Aug  8 10:41:15 2008
From: nobody at spamcop.net (Bar0)
Date: Fri Aug  8 10:45:03 2008
Subject: [Scspamcop] Re: Here we have another one...
References: <g7geqr$veb$1@news.spamcop.net>
Message-ID: <g7hluc$vak$1@news.spamcop.net>


"Patto" <nobody@devnull.spamcop.net> wrote in message 
news:g7geqr$veb$1@news.spamcop.net...
> http://www.spamcop.net/sc?id=z2133338140z4ed330ec177a10cd7978b4a5fbfd1d51z
>
> http://jive.to/b2Bl3 redirects to malware download site 
> http://scan.power-antivirus-2009.com/ [91.208.0.233], then wants to send 
> an abuse report to abuse@still
>
> According to RIPE
> abuse-mailbox:   abuse@still-trade.com

and "A/V" site is happily hosted by Schlund and henchmen 

From mgolden at bkbusa.com  Sat Aug  9 09:38:36 2008
From: mgolden at bkbusa.com (Michael Golden)
Date: Sat Aug  9 09:40:03 2008
Subject: [Scspamcop] Re: Slow response after clicking Process Spam
References: <xn0fszbng12mhcg000@news.spamcop.net>
Message-ID: <xn0ftpx3o5oxqr000@news.spamcop.net>

Michael Golden wrote:

> Since upgrading from FireFox 2.0.0.16 to 3.0.1 it takes 5 minutes or
> better for the "Send Spam Reports Now" screen to appear.
> 
> Is anyone else having this problem?

I gave up on FireFox 3.0.1 today and added SpamCop to IE tab options.

SpamCop reporting immediately began working correctly.

-- 
From mgolden at bkbusa.com  Sat Aug  9 09:43:01 2008
From: mgolden at bkbusa.com (Michael Golden)
Date: Sat Aug  9 09:45:03 2008
Subject: [Scspamcop] Re: Slow response after clicking Process Spam
References: <xn0fszbng12mhcg000@news.spamcop.net>
	<xn0ftpx3o5oxqr000@news.spamcop.net>
Message-ID: <xn0ftpx7n5um9s001@news.spamcop.net>

Michael Golden wrote:

> Michael Golden wrote:
> 
> > Since upgrading from FireFox 2.0.0.16 to 3.0.1 it takes 5 minutes or
> > better for the "Send Spam Reports Now" screen to appear.
> > 
> > Is anyone else having this problem?
> 
> I gave up on FireFox 3.0.1 today and added SpamCop to IE tab options.
> 
> SpamCop reporting immediately began working correctly.

Oh, heck no.  Doing that causes SpamCop mail to come up in IE also.
<shudder>

-- 
From nobody at devnull.spamcop.net  Sun Aug 10 21:45:57 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Sun Aug 10 21:50:03 2008
Subject: [Scspamcop] Re: Here we have another one...
In-Reply-To: <g7hluc$vak$1@news.spamcop.net>
References: <g7geqr$veb$1@news.spamcop.net> <g7hluc$vak$1@news.spamcop.net>
Message-ID: <g7o5kl$sgb$1@news.spamcop.net>

Bar0 wrote:
> "Patto" <nobody@devnull.spamcop.net> wrote in message 
> news:g7geqr$veb$1@news.spamcop.net...
>> http://www.spamcop.net/sc?id=z2133338140z4ed330ec177a10cd7978b4a5fbfd1d51z
>>
>> http://jive.to/b2Bl3 redirects to malware download site 
>> http://scan.power-antivirus-2009.com/ [91.208.0.233], then wants to send 
>> an abuse report to abuse@still
>>
>> According to RIPE
>> abuse-mailbox:   abuse@still-trade.com
> 
> and "A/V" site is happily hosted by Schlund and henchmen

... but unhappily registered with EstDomains; it took only a few minutes 
after my complaint for the domain to be removed.
From nobody at devnull.spamcop.net  Mon Aug 11 03:27:17 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Mon Aug 11 03:30:02 2008
Subject: [Scspamcop] Re: Slow response after clicking Process Spam
In-Reply-To: <xn0fszbng12mhcg000@news.spamcop.net>
References: <xn0fszbng12mhcg000@news.spamcop.net>
Message-ID: <g7opkl$4v7$1@news.spamcop.net>

I have no such problems with FF3.

Michael Golden wrote:
> Since upgrading from FireFox 2.0.0.16 to 3.0.1 it takes 5 minutes or
> better for the "Send Spam Reports Now" screen to appear.
> 
> Is anyone else having this problem?
From nobody at devnull.spamcop.net  Mon Aug 11 19:59:32 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Mon Aug 11 20:00:03 2008
Subject: [Scspamcop] Re: Slow response after clicking Process Spam
References: <xn0fszbng12mhcg000@news.spamcop.net>
	<g7opkl$4v7$1@news.spamcop.net>
Message-ID: <g7qjoq$66f$1@news.spamcop.net>

> I have no such problems with FF3.
>
> Michael Golden wrote:
>> Since upgrading from FireFox 2.0.0.16 to 3.0.1 it takes 5 minutes or
>> better for the "Send Spam Reports Now" screen to appear.
>>
>> Is anyone else having this problem?

Seems OK here.  Maybe a backbone problem somewhere.  Upsate NY. 


From dorian.nagel at padse.de  Tue Aug 12 11:59:09 2008
From: dorian.nagel at padse.de (Dorian)
Date: Tue Aug 12 12:00:04 2008
Subject: [Scspamcop] What kind of spam is this?
Message-ID: <g7sbv0$sqd$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2146222088z848a462fa328ee2954a12e8d89e296c8z

greets,
Dorian
From blacklist-me at davjam.org  Tue Aug 12 14:03:52 2008
From: blacklist-me at davjam.org (David Bolt)
Date: Tue Aug 12 14:05:03 2008
Subject: [Scspamcop] Re: What kind of spam is this?
References: <g7sbv0$sqd$1@news.spamcop.net>
Message-ID: <WUPFWUmICdoIFwJX@dev.null.davjam.org>

On Tue, 12 Aug 2008, Dorian wrote:-

>http://www.spamcop.net/sc?id=z2146222088z848a462fa328ee2954a12e8d89e296c8z

It's a bounce. The message that appears to have bounced is faked to look
like it's something to do with Microsoft but is in reality one that
points to a piece of malware, namely the supposed "XXX Video".
Unfortunately, it's not yet identified very many anti-virus products:

<URL:http://www.virustotal.com/analisis/f72639b45247d5878ce1c504a0cc60df>

shows it's identified by only 6 out of 35 anti-virus products at the
moment.


Regards,
        David Bolt

-- 
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
SUSE 10.1 32 |                   | openSUSE 10.3 32b | openSUSE 11.0 32b
             | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b
RISC OS 3.6  | TOS 4.02          | openSUSE 10.3 PPC | RISC OS 3.11
From user at domain.invalid  Tue Aug 12 14:13:33 2008
From: user at domain.invalid (Farelf)
Date: Tue Aug 12 14:15:03 2008
Subject: [Scspamcop] Re: What kind of spam is this?
In-Reply-To: <g7sbv0$sqd$1@news.spamcop.net>
References: <g7sbv0$sqd$1@news.spamcop.net>
Message-ID: <g7sjsd$2k2$1@news.spamcop.net>

Dorian wrote:
> http://www.spamcop.net/sc?id=z2146222088z848a462fa328ee2954a12e8d89e296c8z
> 
> greets,
> Dorian

That's the clueless evanzo-server.de saying it couldn't deliver the 
virus/trojan someone sent to their network using your email address 
spoofed as the sender.  SC's 'bounce' reports include a link to 
http://www.spamcop.net/fom-serve/cache/329.html#bounces trying to point 
out they shouldn't do that.

If it was not rejected by them at the SMTP transaction stage it should 
not be 'returned' by them because their remote server no longer knows 
where it came from.  But some believe they have an obligation under rfcs 
to try.  That was only ever a good idea when the majority of messages 
were real eMail.  Now the majority is spam with fake sender addresses.

It takes a very long time for the realization to sink in with some ISPs. 
  Your reports might help educate a small proportion of those who 
receive them.  You must have received a lot of these, often/usually many 
thousands of the original spam would have gone out with your spoofed 
address on them.
From rainbowl at tomassoni.eu  Tue Aug 12 15:54:13 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Tue Aug 12 15:55:03 2008
Subject: [Scspamcop] Occasional QR not reporting?
Message-ID: <g7spp4$vr$1@news.spamcop.net>

Today @ 18.38.02 +0200 one of my MXes have sent a QR about a virus mail.

I had a look at my folder with the "Quick reporting data" messages from SC 
in order to see the source of that message, but I couldn't find any 
"report's report" about it.

Then, I went to my SC panel and looked for any report about that message. I 
found its entry, but it was:

    Submitted: martedì 12 agosto 2008 18.30.55 +0200:
    Tracking N_ 4033334792
    No reports filed

Ok. Maybe the message wasn't reported because SC couldn't find any report 
address for it. I tried sending to SC the very same copy of that message, 
and I found that it can be reported: 
http://www.spamcop.net/sc?id=z2146728883zd4e4b423931b82fefc0609a36d00e5ffz .

Now the question: since the message triggering the "No reports filed" entry 
was meant to be exactly the same message of the above link, is there any way 
for an SC admin to see the reason of the "No reports filed"? I would like to 
know if my automatic reporting script did messed the message up or if, say, 
SC didn't yet know a report address for it at the age of its submission.

Many thanks,

Giampaolo 


From nobody at devnull.spamcop.net  Tue Aug 12 16:58:44 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Tue Aug 12 17:05:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
Message-ID: <g7stm8$kcu$1@news.spamcop.net>

"Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
news:g7spp4$vr$1@news.spamcop.net...
> Today @ 18.38.02 +0200 one of my MXes have sent a QR about a virus mail.
>
> I had a look at my folder with the "Quick reporting data" messages from SC 
> in order to see the source of that message, but I couldn't find any 
> "report's report" about it.
>
> Then, I went to my SC panel and looked for any report about that message. 
> I found its entry, but it was:
>
>    Submitted: martedì 12 agosto 2008 18.30.55 +0200:
>    Tracking N_ 4033334792
>    No reports filed
>
> Ok. Maybe the message wasn't reported because SC couldn't find any report 
> address for it. I tried sending to SC the very same copy of that message, 
> and I found that it can be reported: 
> http://www.spamcop.net/sc?id=z2146728883zd4e4b423931b82fefc0609a36d00e5ffz 
> .
>
> Now the question: since the message triggering the "No reports filed" 
> entry was meant to be exactly the same message of the above link, is there 
> any way for an SC admin to see the reason of the "No reports filed"? I 
> would like to know if my automatic reporting script did messed the message 
> up or if, say, SC didn't yet know a report address for it at the age of 
> its submission.
>
> Many thanks,
>
> Giampaolo
>

I reported the same issue with Quick Reporting quite a long time ago. 
Sometimes, if I submit one or more spam in a single email message to my 
Quick Reporting address, I will receive no "Quick Reporting Data" email, and 
if I log-in and check my reporting history, I find that all but one of the 
spam in that submission were parsed.  There is no way to get a tracker for 
the single spam that was not parsed (other than to contact an administrator, 
or just re-submit it individually, as you did).

When I reported this problem, an administrator at SpamCop was able to find 
the un-parsed spam, and determined that it was intact and valid.  He was 
unable to determine why it was not parsed.  At the time, I was the only one 
reporting the problem, so nothing further was done to fix it.  Since then, a 
few others have reported the same problem, but I guess the percentage of 
reporters having this particular problem is low, so it is not considered 
worth pursuing.

The problem continues to happen to this day.  If I really care, I simply 
re-submit the missing spam message - but mostly I just ignore it when it 
happens.


From rainbowl at tomassoni.eu  Tue Aug 12 20:17:36 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Tue Aug 12 20:20:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
Message-ID: <g7t96u$upn$1@news.spamcop.net>


"Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:g7stm8$kcu$1@news.spamcop.net...
> "Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
> news:g7spp4$vr$1@news.spamcop.net...
>> Today @ 18.38.02 +0200 one of my MXes have sent a QR about a virus mail.
>>
>> I had a look at my folder with the "Quick reporting data" messages from 
>> SC in order to see the source of that message, but I couldn't find any 
>> "report's report" about it.
>>
>> Then, I went to my SC panel and looked for any report about that message. 
>> I found its entry, but it was:
>>
>>    Submitted: martedì 12 agosto 2008 18.30.55 +0200:
>>    Tracking N_ 4033334792
>>    No reports filed
>>
>> Ok. Maybe the message wasn't reported because SC couldn't find any report 
>> address for it. I tried sending to SC the very same copy of that message, 
>> and I found that it can be reported: 
>> http://www.spamcop.net/sc?id=z2146728883zd4e4b423931b82fefc0609a36d00e5ffz .
>>
>> Now the question: since the message triggering the "No reports filed" 
>> entry was meant to be exactly the same message of the above link, is 
>> there any way for an SC admin to see the reason of the "No reports 
>> filed"? I would like to know if my automatic reporting script did messed 
>> the message up or if, say, SC didn't yet know a report address for it at 
>> the age of its submission.
>>
>> Many thanks,
>>
>> Giampaolo
>>
>
> I reported the same issue with Quick Reporting quite a long time ago. 
> Sometimes, if I submit one or more spam in a single email message to my 
> Quick Reporting address, I will receive no "Quick Reporting Data" email, 
> and if I log-in and check my reporting history, I find that all but one of 
> the spam in that submission were parsed.  There is no way to get a tracker 
> for the single spam that was not parsed (other than to contact an 
> administrator, or just re-submit it individually, as you did).

That's exactly what I'm experiencing.


> When I reported this problem, an administrator at SpamCop was able to find 
> the un-parsed spam, and determined that it was intact and valid.  He was 
> unable to determine why it was not parsed.  At the time, I was the only 
> one reporting the problem, so nothing further was done to fix it.  Since 
> then, a few others have reported the same problem, but I guess the 
> percentage of reporters having this particular problem is low, so it is 
> not considered worth pursuing.
>
> The problem continues to happen to this day.  If I really care, I simply 
> re-submit the missing spam message - but mostly I just ignore it when it 
> happens.

Ok, I see.

Well, I vote to pursue and fix this problem... :)

I guess many people are actually using the QR way, after all. The fact that 
most of us tend to "ignore the unreported reports" may be why this problem 
is regarded as a marginal one.

Giampaolo 


From nobody at devnull.spamcop.net  Tue Aug 12 23:53:52 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Wed Aug 13 00:00:02 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net>
Message-ID: <g7tm0j$4l8$1@news.spamcop.net>

"Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
news:g7t96u$upn$1@news.spamcop.net...
>
> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
> news:g7stm8$kcu$1@news.spamcop.net...
>> "Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
>> news:g7spp4$vr$1@news.spamcop.net...
>>> Today @ 18.38.02 +0200 one of my MXes have sent a QR about a virus mail.
>>>
>>> I had a look at my folder with the "Quick reporting data" messages from 
>>> SC in order to see the source of that message, but I couldn't find any 
>>> "report's report" about it.
>>>
>>> Then, I went to my SC panel and looked for any report about that 
>>> message. I found its entry, but it was:
>>>
>>>    Submitted: martedì 12 agosto 2008 18.30.55 +0200:
>>>    Tracking N_ 4033334792
>>>    No reports filed
>>>
>>> Ok. Maybe the message wasn't reported because SC couldn't find any 
>>> report address for it. I tried sending to SC the very same copy of that 
>>> message, and I found that it can be reported: 
>>> http://www.spamcop.net/sc?id=z2146728883zd4e4b423931b82fefc0609a36d00e5ffz .
>>>
>>> Now the question: since the message triggering the "No reports filed" 
>>> entry was meant to be exactly the same message of the above link, is 
>>> there any way for an SC admin to see the reason of the "No reports 
>>> filed"? I would like to know if my automatic reporting script did messed 
>>> the message up or if, say, SC didn't yet know a report address for it at 
>>> the age of its submission.
>>>
>>> Many thanks,
>>>
>>> Giampaolo
>>>
>>
>> I reported the same issue with Quick Reporting quite a long time ago. 
>> Sometimes, if I submit one or more spam in a single email message to my 
>> Quick Reporting address, I will receive no "Quick Reporting Data" email, 
>> and if I log-in and check my reporting history, I find that all but one 
>> of the spam in that submission were parsed.  There is no way to get a 
>> tracker for the single spam that was not parsed (other than to contact an 
>> administrator, or just re-submit it individually, as you did).
>
> That's exactly what I'm experiencing.
>
>
>> When I reported this problem, an administrator at SpamCop was able to 
>> find the un-parsed spam, and determined that it was intact and valid.  He 
>> was unable to determine why it was not parsed.  At the time, I was the 
>> only one reporting the problem, so nothing further was done to fix it. 
>> Since then, a few others have reported the same problem, but I guess the 
>> percentage of reporters having this particular problem is low, so it is 
>> not considered worth pursuing.
>>
>> The problem continues to happen to this day.  If I really care, I simply 
>> re-submit the missing spam message - but mostly I just ignore it when it 
>> happens.
>
> Ok, I see.
>
> Well, I vote to pursue and fix this problem... :)
>
> I guess many people are actually using the QR way, after all. The fact 
> that most of us tend to "ignore the unreported reports" may be why this 
> problem is regarded as a marginal one.
>
> Giampaolo

Just to be clear - it was not my decision to *not* pursue the problem.  I 
would prefer it be fixed.  I reported the issue to SPAMCOP admins, and asked 
that it be fixed.  In the end, I understood that they would not take further 
action, unless they received many more reports of that same issue.  Since 
that time, I have only seen a few people mention the problem (or something 
like it) here, or in the forums.  Since the problem affects probably fewer 
than 1% of Quick Reported spam, it is probably not high on the priority 
list.

Also, it may be difficult for them to track.  I see it happen maybe once a 
month (reporting spam at least once a day).  It is random and unpredictable 
and cannot easily be repeated.  This behavior makes it very difficult for 
SPAMCOP to troubleshoot.  The admin I communicated with could only see that 
the spam had not been parsed.  He could not tell what happened, several 
hours after the fact, that caused the parser to ignore the spam.  When I 
would repeat the submission, the spam would be handled correctly the second 
time.  In order to figure it out, he might have to be monitoring the parser 
at the exact moment when I make a submission, and the error occurs.

If you wish to take a shot at getting it fixed, I will be glad to help, by 
reminding SPAMCOP that I have been seeing the same issue.  Or, if you choose 
to contact SPAMCOP, you can reference this post.  When I reported the 
problem the first time, I used the SPAMCOP forums, and I think Wazoo read my 
post, and contacted the admins. 


From rainbowl at tomassoni.eu  Wed Aug 13 05:15:39 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Wed Aug 13 05:20:04 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
Message-ID: <g7u8np$egu$1@news.spamcop.net>

"Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:g7tm0j$4l8$1@news.spamcop.net...
>
> ...omissis...
>
>> Well, I vote to pursue and fix this problem... :)
>>
>> I guess many people are actually using the QR way, after all. The fact 
>> that most of us tend to "ignore the unreported reports" may be why this 
>> problem is regarded as a marginal one.
>>
>> Giampaolo
>
> Just to be clear - it was not my decision to *not* pursue the problem.

I got it. It was an SC decision.


> I would prefer it be fixed.  I reported the issue to SPAMCOP admins, and 
> asked that it be fixed.  In the end, I understood that they would not take 
> further action, unless they received many more reports of that same issue. 
> Since that time, I have only seen a few people mention the problem (or 
> something like it) here, or in the forums.  Since the problem affects 
> probably fewer than 1% of Quick Reported spam, it is probably not high on 
> the priority list.

It may be, and there are many other reasons a QC results in a "No reports 
filed" item. In example, the SC parser could not have a destinating e-mail 
for the report handy.

Nevertheless, this is my actual panel:

7 reports, then

Submitted: mercoledì 13 agosto 2008 10.20.22 +0200:
Last news for Randell William
No reports filed

1 further report, then

Submitted: mercoledì 13 agosto 2008 9.46.21 +0200:
We let you be more a man
No reports filed

1 more report, then

Submitted: mercoledì 13 agosto 2008 9.46.21 +0200:
We let you be more a man
No reports filed

15 more reports, then

Submitted: mercoledì 13 agosto 2008 8.46.07 +0200:
You have 24 hours to confirm your PayPal personal information
No reports filed

and

Submitted: mercoledì 13 agosto 2008 8.31.15 +0200:
Virgie, do you wanna win 8576.- US$
No reports filed

So, MAYBE your guess about the "fewer than 1% reports afffected" is too 
optimistic.


> Also, it may be difficult for them to track.  I see it happen maybe once a 
> month (reporting spam at least once a day).  It is random and 
> unpredictable and cannot easily be repeated.  This behavior makes it very 
> difficult for SPAMCOP to troubleshoot.

I don't see the numbers you see: 5 NRFs over 30 QRs posted in few minutes.

Besides, I'm used to send multiple QRs in a single message. Maybe my numbers 
are related to this.


> The admin I communicated with could only see that the spam had not been 
> parsed.  He could not tell what happened, several hours after the fact, 
> that caused the parser to ignore the spam.  When I would repeat the 
> submission, the spam would be handled correctly the second time.  In order 
> to figure it out, he might have to be monitoring the parser at the exact 
> moment when I make a submission, and the error occurs.

Well, if they have a stage system with a parser, I could eventually send my 
QRs to it in order to allow detect any problem.


> If you wish to take a shot at getting it fixed, I will be glad to help, by 
> reminding SPAMCOP that I have been seeing the same issue.  Or, if you 
> choose to contact SPAMCOP, you can reference this post.  When I reported 
> the problem the first time, I used the SPAMCOP forums, and I think Wazoo 
> read my post, and contacted the admins.

Ok, I see that people close to SC admins (Wazoo as well as Mike) are often 
in this list.

I wouldn't knock to admins right now, but I hope that Wazoo and/or Mike are 
reading this.

Wazoo and Mike, there are at least 2 votes to have a check about this 
issue... :)

Ciao,

Giampaolo 


From nobody at devnull.spamcop.net  Wed Aug 13 16:24:06 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Wed Aug 13 16:30:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
	<g7u8np$egu$1@news.spamcop.net>
Message-ID: <g7vg1d$ahg$1@news.spamcop.net>

"Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
news:g7u8np$egu$1@news.spamcop.net...
> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio
> [Snip]
>
>> I would prefer it be fixed.  I reported the issue to SPAMCOP admins, and 
>> asked that it be fixed.  In the end, I understood that they would not 
>> take further action, unless they received many more reports of that same 
>> issue. Since that time, I have only seen a few people mention the problem 
>> (or something like it) here, or in the forums.  Since the problem affects 
>> probably fewer than 1% of Quick Reported spam, it is probably not high on 
>> the priority list.
>
> It may be, and there are many other reasons a QC results in a "No reports 
> filed" item. In example, the SC parser could not have a destinating e-mail 
> for the report handy.

This problem results in "No reports filed" in your Reporting History AND no 
"Quick reporting data" email received for the entire submission (regardless 
of how many spam were reported in that submission).  Plus, when I 
immediately re-submit the un-processed spam message, it does result in 
reports being filed.

I think if there is no destination email for a spam, it still shows as being 
sent to XXXXXXX@devnull.spamcop.net (when only bad email addresses are 
listed), or nomasater@devnull.spamcop.net (for IP addresses with no owner 
listed).  The only legitimate reason I see "No reports filed" in my 
reporting history is when I have waited too long (more than two days) before 
reporting spam.  When this happens, though, I still get a "Quick reporting 
data" email message.  There may be other reasons for "No reports filed", but 
if there are, I haven't encountered them.

>
> Nevertheless, this is my actual panel:
>
> 7 reports, then
>
> Submitted: mercoledì 13 agosto 2008 10.20.22 +0200:
> Last news for Randell William
> No reports filed
>
> [SNIP]
>
>
> So, MAYBE your guess about the "fewer than 1% reports afffected" is too 
> optimistic.
>

I checked through my Reporting History as well.  You are right, it appears 
that this problem is happening more often than I estimated.  But looking in 
my 90 day history, I still find long periods of about 100 reports, without a 
"No reports filed" being listed.  More recently, though, it looks like the 
problem has been happening about once or twice a week.  For me, the last 
time it happened was this past Saturday.

My original point was that it would still be hard for SpamCop to track a 
problem that occurs so infrequently.

>
>> Also, it may be difficult for them to track.  I see it happen maybe once 
>> a month (reporting spam at least once a day).  It is random and 
>> unpredictable and cannot easily be repeated.  This behavior makes it very 
>> difficult for SPAMCOP to troubleshoot.
>
> I don't see the numbers you see: 5 NRFs over 30 QRs posted in few minutes.
>
> Besides, I'm used to send multiple QRs in a single message. Maybe my 
> numbers are related to this.
>

I do as well.  Almost every time this problem happens, the LAST spam 
submitted in a single Quick Report email message is the one with "No reports 
filed".

>
>> The admin I communicated with could only see that the spam had not been 
>> parsed.  He could not tell what happened, several hours after the fact, 
>> that caused the parser to ignore the spam.  When I would repeat the 
>> submission, the spam would be handled correctly the second time.  In 
>> order to figure it out, he might have to be monitoring the parser at the 
>> exact moment when I make a submission, and the error occurs.
>
> Well, if they have a stage system with a parser, I could eventually send 
> my QRs to it in order to allow detect any problem.
>

I am not sure what you are suggesting here, but in my experience, if you 
re-submit a message that has failed in this way, it generally works 
correctly the second time.

>
>> If you wish to take a shot at getting it fixed, I will be glad to help, 
>> by reminding SPAMCOP that I have been seeing the same issue.  Or, if you 
>> choose to contact SPAMCOP, you can reference this post.  When I reported 
>> the problem the first time, I used the SPAMCOP forums, and I think Wazoo 
>> read my post, and contacted the admins.
>
> Ok, I see that people close to SC admins (Wazoo as well as Mike) are often 
> in this list.
>
> I wouldn't knock to admins right now, but I hope that Wazoo and/or Mike 
> are reading this.
>
> Wazoo and Mike, there are at least 2 votes to have a check about this 
> issue... :)
>

To my knowledge, Wazoo is a volunteer who helps out on the forums.  Mike 
Easter is a kibitzer, and not a SpamCop admin (according to his sig).  They 
are both very knowledgeable and helpful.  Either of them may be able to 
suggest more reasons this might happen, but neither of them can actually 
implement changes to SpamCop.  I think you must contact deputies [at] 
spamcop.net if you really want to have a chance to get this fixed.  Or, I 
think admins monitor the forums more than this newsgroup, so you could try 
mentioning it there.

But, from what I have read in other posts here (and in the forums), SpamCop 
is not likely to make changes to the reporting system - which is why I sort 
of gave up on complaining about this issue.

Again, when I went through this, SpamCop seemed willing to admit that there 
was something unusual happening here, and that it was something in their 
system.  However, I think it would take several people complaining, all at 
once, in order for there to be a chance that they would do something about 
this.

At the time, I suggested a change to the Reporting History screen - that 
they should show the tracking URL for each spam listed in Reporting History. 
That would make it easier to find a spam that had "No reports filed", and 
see if there was any reason for it.  It would also help if the "Quick 
reporting data" email is not sent (which is another aspect of this problem). 
Unfortunately, that suggestion was never implemented.


From nobody at devnull.spamcop.net  Thu Aug 14 16:46:48 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Thu Aug 14 16:50:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
Message-ID: <g825js$3p2$1@news.spamcop.net>

"SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
news:p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com...
> We know that the occasional spam goes unreported when it is submitted
> via the "quick" or "VER" method.  Don't know why.  I suspect (key word
> 'suspect') that the submission is somehow getting flagged as parsed.
> Maybe.
>
> If it is truly unreported, you may be able to log into your account at
> http://www.spamcop.net/ and use the "Unreported Spam Saved" link to
> process it.  If the spam has been flagged as parsed, you won't be able
> to see it with the "Unreported Spam Saved" link.  I think.

There is no "Unreported Spam Saved" link available when this happens to me. 
I guess this supports your theory that the spam is getting flagged as 
parsed.

> Some spam goes unreported because the ISP has flagged the source IP
> address in the last 24 hours as "being fixed."  In those cases, you
> will see this in the technical details of the parse:
>
> ISP has indicated spam will cease; ISP resolved this issue sometime
> after Thursday, August 14, 2008 07:13:00 -0600

I get this response from time to time.  It appears in the Quick Reporting 
Data email that I get (most times) after making a submission.  However when 
this particular problem happens, there is no Quick Reporting Data email. 
Plus, if I re-submit the spam that failed, it is normally handled correctly 
and reported (without an "ISP has indicated spam will cease" response).  So, 
this is not the reason for the "No reports filed" status, in this particular 
case.

> Yes, it usually takes more than one person complaining to get any
> action.  One person reporting is not a pattern.  Unless we can
> duplicate the problem with our own accounts, and we appreciate the
> seriousness of the problem.
>
> SpamCop does everything live and in real time.  There is no way to go
> back to see what happened.  All we can do is re-parse the spam to see
> what happens now.
>
> Getting things fixed is a challenge.  The days are gone when we could
> just call Julian and whine around for a minute and then he would
> disappear into his cave for a couple of days and come out with new
> code and everything would be better.
>
> Now we have committees, and supervisors, and Vice Presidents, and
> such, and we have to submit a request to our engineering guys.  Their
> plate is *very* full.  If the priority isn't "Now! Now! Now! SpamCop
> is Broken" it can take months to get their attention.
>
> Plus, there needs to be some reasonable expectation that the problem
> can be identified and fixed, or we won't even submit the request.
>
> I just reported 1,768 spams in batches of 250.  Everything went fine.
>
> That's probably what will happen to the engineer who tries to
> duplicate the problem you folks are seeing.  He's going to try two or
> three times, not see the problem, and he's going to close out the
> ticket with no action, and report:  "Works for me."
>
> That can be a death knell.  It will take some fairly fancy dancing to
> get a ticket like that opened again.


Understood.  Speaking as an engineer who must frequently handle customer 
complaints, if I understand that one of the symptoms of a problem is that it 
happens infrequently (once a week, in this case) I make sure that my testing 
goes at least twice as long.  Like your engineers, I am also busy with other 
on-going projects, so I would set up the test so that I can just check in on 
it periodically, to see if a failure has occurred, with minimal impact on my 
other work.  I would use log files, or other methods that can store 
pretinent information during the test, to help with diagnosis if the problem 
can be reproduced.

I say this in the spirit of a suggestion, and don't mean to be critical.  I 
have no knowledge on how your system is setup, or what sort of software 
diagnostics you have access to.  I have no idea how easy it would be for 
someone to log all activity on a particular account (for example).  However, 
SPAMCOP works quite well as it is, so I also understand that it is not worth 
spending engineering resources on at this time.

> So, with something like this, we don't take any action because, in the
> bigger scheme of things, a few spams that go unreported are completely
> insignificant.  Not only will somebody else likely get and report the
> same spam, it will probably hit our traps, too.
>
> My advice would be to not worry about this.  Submit them and forget
> them.
>
> - Don D'Minion - SpamCop Admin -

Thanks, Don, for your informative reply.


From me at privacy.net  Thu Aug 14 21:16:49 2008
From: me at privacy.net (Michael R N Dolbear)
Date: Thu Aug 14 21:20:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
	<g825js$3p2$1@news.spamcop.net>
Message-ID: <01c8fe72$1936ae80$LocalHost@default>


Blue Rock <nobody@devnull.spamcop.net> wrote 
> "SpamCop Admin" <nobody@devnull.spamcop.net> wrote

> > We know that the occasional spam goes unreported when it is
submitted
> > via the "quick" or "VER" method.  Don't know why.  I suspect (key
word
> > 'suspect') that the submission is somehow getting flagged as
parsed.
> > Maybe.
> >
> > If it is truly unreported, you may be able to log into your account
at
> > http://www.spamcop.net/ and use the "Unreported Spam Saved" link to
> > process it.  If the spam has been flagged as parsed, you won't be
able
> > to see it with the "Unreported Spam Saved" link.  I think.
> 
> There is no "Unreported Spam Saved" link available when this happens
to me. 
> I guess this supports your theory that the spam is getting flagged as

> parsed.

Um, I have never seen an "Unreported Spam Saved" link from a quick
report and that's what I would expect since quick reporting is designed
to skip the "process Spam" step.

There are three ways of submitting Spam for quick reporting.

(a) Via email to the Quick.magicnumber address as Blue Rock is doing
(b) Using VER 
(c) Using "report as Spam" from webmail.

These may give different results in unusual cases, thus I think (c)
accepts a Spam with no body but with (b) such Spam stays in "no reports
filed" forever.

Another case where "no reports filed forever" happens is when the
parser objects to the spam having some items missing from its headers,
eg no From:  .

This results in a parser reject when a direct paste is done.


-- 
Mike D

From nobody at devnull.spamcop.net  Fri Aug 15 10:39:10 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Fri Aug 15 10:40:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
	<g825js$3p2$1@news.spamcop.net>
	<01c8fe72$1936ae80$LocalHost@default>
Message-ID: <g844eg$4g3$1@news.spamcop.net>

"Michael R N Dolbear" <me@privacy.net> wrote in message 
news:01c8fe72$1936ae80$LocalHost@default...
>
> Blue Rock <nobody@devnull.spamcop.net> wrote
>> "SpamCop Admin" <nobody@devnull.spamcop.net> wrote
>
>> > We know that the occasional spam goes unreported when it is
> submitted
>> > via the "quick" or "VER" method.  Don't know why.  I suspect (key
> word
>> > 'suspect') that the submission is somehow getting flagged as
> parsed.
>> > Maybe.
>> >
>> > If it is truly unreported, you may be able to log into your account
> at
>> > http://www.spamcop.net/ and use the "Unreported Spam Saved" link to
>> > process it.  If the spam has been flagged as parsed, you won't be
> able
>> > to see it with the "Unreported Spam Saved" link.  I think.
>>
>> There is no "Unreported Spam Saved" link available when this happens
> to me.
>> I guess this supports your theory that the spam is getting flagged as
>
>> parsed.
>
> Um, I have never seen an "Unreported Spam Saved" link from a quick
> report and that's what I would expect since quick reporting is designed
> to skip the "process Spam" step.

Agreed.  But, we are discussing a problem where spam submitted by the Quick 
Reporting method isn't processed for some reason.  Don, a SPAMCOP admin, 
stated that there is a flag indicating that a particular spam had been 
parsed, and suggested that the problem might be caused by that flag being 
prematurely set.  He thought if the flag was NOT set, then there would be an 
"Unreported Spam Saved" link, for the spam item that was "stuck".

I don't know whether this is true or not.  I figured that a SPAMCOP admin 
would have a better understanding of how the system works that I do.  I 
merely stated that if Don's theory is correct, then the fact that I don't 
see an "Unreported Spam Saved" link supports his theory that the spam is 
flagged as parsed, when it actually had not been.

"Michael R N Dolbear" <me@privacy.net> wrote:
>
> There are three ways of submitting Spam for quick reporting.
>
> (a) Via email to the Quick.magicnumber address as Blue Rock is doing
> (b) Using VER
> (c) Using "report as Spam" from webmail.
>
> These may give different results in unusual cases, thus I think (c)
> accepts a Spam with no body but with (b) such Spam stays in "no reports
> filed" forever.
>
> Another case where "no reports filed forever" happens is when the
> parser objects to the spam having some items missing from its headers,
> eg no From:  .
>

In this case, the spam in question has complete headers, and, in fact, is 
correctly handled if re-submitted.  Also, on the one occasion in the past, 
when Don was able to retrieve one of my spam items that was stuck in this 
manner, the retrieved spam had all headers intact, and was identical in 
every way to the original spam item I had submitted.

So, missing or mal-formed headers is not the cause of the problem we are 
discussing here.


From rainbowl at tomassoni.eu  Fri Aug 15 18:56:36 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Fri Aug 15 19:00:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
	<g7u8np$egu$1@news.spamcop.net> <g7vg1d$ahg$1@news.spamcop.net>
Message-ID: <g851is$uqk$1@news.spamcop.net>

"Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:g7vg1d$ahg$1@news.spamcop.net...
> "Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
> news:g7u8np$egu$1@news.spamcop.net...
>> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio
>> [Snip]
>>
>>> I would prefer it be fixed.  I reported the issue to SPAMCOP admins, and 
>>> asked that it be fixed.  In the end, I understood that they would not 
>>> take further action, unless they received many more reports of that same 
>>> issue. Since that time, I have only seen a few people mention the 
>>> problem (or something like it) here, or in the forums.  Since the 
>>> problem affects probably fewer than 1% of Quick Reported spam, it is 
>>> probably not high on the priority list.
>>
>> It may be, and there are many other reasons a QC results in a "No reports 
>> filed" item. In example, the SC parser could not have a destinating 
>> e-mail for the report handy.
>
> This problem results in "No reports filed" in your Reporting History AND 
> no "Quick reporting data" email received for the entire submission 
> (regardless of how many spam were reported in that submission).

Oh, yes: you're right. I too don't get any "quick reporting data" from SC 
about any dead QRs.


> Plus, when I immediately re-submit the un-processed spam message, it does 
> result in reports being filed.

You mean, even the dead one? I'm not sure about it, I have to check this 
out.


> I think if there is no destination email for a spam, it still shows as 
> being sent to XXXXXXX@devnull.spamcop.net (when only bad email addresses 
> are listed), or nomasater@devnull.spamcop.net (for IP addresses with no 
> owner listed).  The only legitimate reason I see "No reports filed" in my 
> reporting history is when I have waited too long (more than two days) 
> before reporting spam.  When this happens, though, I still get a "Quick 
> reporting data" email message.  There may be other reasons for "No reports 
> filed", but if there are, I haven't encountered them.

Right.


>> Nevertheless, this is my actual panel:
>>
>> 7 reports, then
>>
>> Submitted: mercoledì 13 agosto 2008 10.20.22 +0200:
>> Last news for Randell William
>> No reports filed
>>
>> [SNIP]
>>
>>
>> So, MAYBE your guess about the "fewer than 1% reports afffected" is too 
>> optimistic.
>>
>
> I checked through my Reporting History as well.  You are right, it appears 
> that this problem is happening more often than I estimated.  But looking 
> in my 90 day history, I still find long periods of about 100 reports, 
> without a "No reports filed" being listed.  More recently, though, it 
> looks like the problem has been happening about once or twice a week.  For 
> me, the last time it happened was this past Saturday.
>
> My original point was that it would still be hard for SpamCop to track a 
> problem that occurs so infrequently.
>
>>
>>> Also, it may be difficult for them to track.  I see it happen maybe once 
>>> a month (reporting spam at least once a day).  It is random and 
>>> unpredictable and cannot easily be repeated.  This behavior makes it 
>>> very difficult for SPAMCOP to troubleshoot.
>>
>> I don't see the numbers you see: 5 NRFs over 30 QRs posted in few 
>> minutes.
>>
>> Besides, I'm used to send multiple QRs in a single message. Maybe my 
>> numbers are related to this.
>>
>
> I do as well.  Almost every time this problem happens, the LAST spam 
> submitted in a single Quick Report email message is the one with "No 
> reports filed".

Oh, well. I didn't go that deep in analizing the problem... :)

Nice to know.


>>> The admin I communicated with could only see that the spam had not been 
>>> parsed.  He could not tell what happened, several hours after the fact, 
>>> that caused the parser to ignore the spam.  When I would repeat the 
>>> submission, the spam would be handled correctly the second time.  In 
>>> order to figure it out, he might have to be monitoring the parser at the 
>>> exact moment when I make a submission, and the error occurs.
>>
>> Well, if they have a stage system with a parser, I could eventually send 
>> my QRs to it in order to allow detect any problem.
>>
>
> I am not sure what you are suggesting here, but in my experience, if you 
> re-submit a message that has failed in this way, it generally works 
> correctly the second time.

I was meaning that, if SC people have a full-log-on testing system and they 
need real-case submissions in order to discover and fix this problem, I 
could eventually provide the real-case submissions.

Of course, I think they have many other ways to obtain real-case 
submissions.


>>
>>> If you wish to take a shot at getting it fixed, I will be glad to help, 
>>> by reminding SPAMCOP that I have been seeing the same issue.  Or, if you 
>>> choose to contact SPAMCOP, you can reference this post.  When I reported 
>>> the problem the first time, I used the SPAMCOP forums, and I think Wazoo 
>>> read my post, and contacted the admins.
>>
>> Ok, I see that people close to SC admins (Wazoo as well as Mike) are 
>> often in this list.
>>
>> I wouldn't knock to admins right now, but I hope that Wazoo and/or Mike 
>> are reading this.
>>
>> Wazoo and Mike, there are at least 2 votes to have a check about this 
>> issue... :)
>>
>
> To my knowledge, Wazoo is a volunteer who helps out on the forums.  Mike 
> Easter is a kibitzer, and not a SpamCop admin (according to his sig). 
> They are both very knowledgeable and helpful.  Either of them may be able 
> to suggest more reasons this might happen, but neither of them can 
> actually implement changes to SpamCop.  I think you must contact deputies 
> [at] spamcop.net if you really want to have a chance to get this fixed. 
> Or, I think admins monitor the forums more than this newsgroup, so you 
> could try mentioning it there.
>
> But, from what I have read in other posts here (and in the forums), 
> SpamCop is not likely to make changes to the reporting system - which is 
> why I sort of gave up on complaining about this issue.
>
> Again, when I went through this, SpamCop seemed willing to admit that 
> there was something unusual happening here, and that it was something in 
> their system.  However, I think it would take several people complaining, 
> all at once, in order for there to be a chance that they would do 
> something about this.
>
> At the time, I suggested a change to the Reporting History screen - that 
> they should show the tracking URL for each spam listed in Reporting 
> History. That would make it easier to find a spam that had "No reports 
> filed", and see if there was any reason for it.  It would also help if the 
> "Quick reporting data" email is not sent (which is another aspect of this 
> problem). Unfortunately, that suggestion was never implemented.

I endorse your suggestion.

Giampaolo 


From rainbowl at tomassoni.eu  Fri Aug 15 19:09:06 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Fri Aug 15 19:10:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
Message-ID: <g852a8$1jq$1@news.spamcop.net>

"SpamCop Admin" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com...
> We know that the occasional spam goes unreported when it is submitted
> via the "quick" or "VER" method.  Don't know why.  I suspect (key word
> 'suspect') that the submission is somehow getting flagged as parsed.
> Maybe.
>
> If it is truly unreported, you may be able to log into your account at
> http://www.spamcop.net/ and use the "Unreported Spam Saved" link to
> process it.  If the spam has been flagged as parsed, you won't be able
> to see it with the "Unreported Spam Saved" link.  I think.

It is flagged as parsed, then: I don't see any "Unreported Spam Saved" link 
when a QR "gets lost".


> Some spam goes unreported because the ISP has flagged the source IP
> address in the last 24 hours as "being fixed."  In those cases, you
> will see this in the technical details of the parse:
>
> ISP has indicated spam will cease; ISP resolved this issue sometime
> after Thursday, August 14, 2008 07:13:00 -0600
>
> Yes, it usually takes more than one person complaining to get any
> action.  One person reporting is not a pattern.  Unless we can
> duplicate the problem with our own accounts, and we appreciate the
> seriousness of the problem.
>
> SpamCop does everything live and in real time.  There is no way to go
> back to see what happened.  All we can do is re-parse the spam to see
> what happens now.
>
> Getting things fixed is a challenge.  The days are gone when we could
> just call Julian and whine around for a minute and then he would
> disappear into his cave for a couple of days and come out with new
> code and everything would be better.
>
> Now we have committees, and supervisors, and Vice Presidents, and
> such, and we have to submit a request to our engineering guys.  Their
> plate is *very* full.  If the priority isn't "Now! Now! Now! SpamCop
> is Broken" it can take months to get their attention.
>
> Plus, there needs to be some reasonable expectation that the problem
> can be identified and fixed, or we won't even submit the request.
>
> I just reported 1,768 spams in batches of 250.  Everything went fine.
>
> That's probably what will happen to the engineer who tries to
> duplicate the problem you folks are seeing.  He's going to try two or
> three times, not see the problem, and he's going to close out the
> ticket with no action, and report:  "Works for me."
>
> That can be a death knell.  It will take some fairly fancy dancing to
> get a ticket like that opened again.
>
> So, with something like this, we don't take any action because, in the
> bigger scheme of things, a few spams that go unreported are completely
> insignificant.  Not only will somebody else likely get and report the
> same spam, it will probably hit our traps, too.
>
> My advice would be to not worry about this.  Submit them and forget
> them.

I can't speak for Blue Rock, but my point is that an occasional failure may 
be seen as a weakness in the SC system, which may impair its reputability. 
Submit and forget is more or less what I already do. Infact, it took a 
couple of years to me to step into this.

Giampaolo


>
> - Don D'Minion - SpamCop Admin - 


From nobody at devnull.spamcop.net  Sat Aug 16 09:06:18 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Sat Aug 16 09:10:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
	<g7u8np$egu$1@news.spamcop.net> <g7vg1d$ahg$1@news.spamcop.net>
	<g851is$uqk$1@news.spamcop.net>
Message-ID: <g86jce$7m6$1@news.spamcop.net>

"Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote:
> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio
>> Plus, when I immediately re-submit the un-processed spam message, it does 
>> result in reports being filed.
>
> You mean, even the dead one? I'm not sure about it, I have to check this 
> out.

Yes.  On many occasions, I have re-submitted individual messages that have 
failed in this way.  Everytime I have tried, the spam has parsed correctly, 
reports have been sent (unless it was more than two days later), and I 
received a "Quick reporting data" email message for the submission.

I just tried it again yesterday, with the spam message I found that had 
failed on Saturday.  Obviously, no reports were actually sent, because it 
has been more than two days.  But, everything else worked correctly the 
second time.


From rainbowl at tomassoni.eu  Sat Aug 16 13:37:26 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Sat Aug 16 13:40:04 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
	<g7u8np$egu$1@news.spamcop.net> <g7vg1d$ahg$1@news.spamcop.net>
	<g851is$uqk$1@news.spamcop.net> <g86jce$7m6$1@news.spamcop.net>
Message-ID: <g8738b$cgj$1@news.spamcop.net>


"Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:g86jce$7m6$1@news.spamcop.net...
> "Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote:
>> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio
>>> Plus, when I immediately re-submit the un-processed spam message, it 
>>> does result in reports being filed.
>>
>> You mean, even the dead one? I'm not sure about it, I have to check this 
>> out.
>
> Yes.  On many occasions, I have re-submitted individual messages that have 
> failed in this way.  Everytime I have tried, the spam has parsed 
> correctly, reports have been sent (unless it was more than two days 
> later), and I received a "Quick reporting data" email message for the 
> submission.
>
> I just tried it again yesterday, with the spam message I found that had 
> failed on Saturday.  Obviously, no reports were actually sent, because it 
> has been more than two days.  But, everything else worked correctly the 
> second time.

Ah, ok. You mean that only the new post was successful. I had got that by 
re-posting that message even the dead QR went back to life...

No zombie QRs, right?

Giampaolo 


From tmcgraw at spamcop.net  Sat Aug 16 16:32:59 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Sat Aug 16 16:35:04 2008
Subject: [Scspamcop] spamcop memories
Message-ID: <g87dhr$sdp$1@news.spamcop.net>

In another thread, SpamCop Admin wrote:
> The days are gone when we could just call Julian and whine around for a minute and then he would disappear into his cave for a couple of days and come out with new code and everything would be better.  

Thanks for that trip down memory lane.

Late in the last millennium, I had an sc problem and wasn't getting a 
response from Julian. I looked up the whois and called the number there, 
and Julian answered only to tell me, "This isn't customer service."

To which I replied, "If it's not, then what is?"

There was a long silence. I don't recall the problem or how it was 
resolved, but I do remember that moment. And in my tiny little brain, I 
consider JH something of a mad genius.

I think his biggest mistake might have been letting spamcop.com slip 
away. I wonder if that would have had an impact on the final sale price 
of sc to Ironport?
From avoozl at spamcop.net  Sun Aug 17 00:27:37 2008
From: avoozl at spamcop.net (Chris F. Willoughby)
Date: Sun Aug 17 00:30:03 2008
Subject: [Scspamcop] Re: spamcop memories
References: <g87dhr$sdp$1@news.spamcop.net>
Message-ID: <g889ba$ruj$1@news.spamcop.net>

"Tim McGraw" <tmcgraw@spamcop.net> wrote in message 
news:g87dhr$sdp$1@news.spamcop.net...
> Thanks for that trip down memory lane.
>
> Late in the last millennium, I had an sc problem and wasn't getting a 
> response from Julian. I looked up the whois and called the number there, 
> and Julian answered only to tell me, "This isn't customer service."
>
> To which I replied, "If it's not, then what is?"
>
> There was a long silence. I don't recall the problem or how it was 
> resolved, but I do remember that moment. And in my tiny little brain, I 
> consider JH something of a mad genius.

Another thing I just noticed.. Cisco now owns Ironport.  I don't imagine 
Cisco could give a toss if spamcop itself went bye bye. :(  I tried to find 
some contact info on either Ironport or Cisco's website that's farther up 
the chain and might be useful for helping spamcop.. No such luck. 


From tmcgraw at spamcop.net  Sun Aug 17 03:55:09 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Sun Aug 17 04:00:03 2008
Subject: [Scspamcop] Re: spamcop memories
In-Reply-To: <g889ba$ruj$1@news.spamcop.net>
References: <g87dhr$sdp$1@news.spamcop.net> <g889ba$ruj$1@news.spamcop.net>
Message-ID: <g88lgt$25e$1@news.spamcop.net>

Chris F. Willoughby wrote:
> Another thing I just noticed.. Cisco now owns Ironport.  I don't imagine Cisco could give a toss if spamcop itself went bye bye.

Though spamcop isn't mentioned anywhere on Cisco's site, the Ironport 
site is still up and running. There are news stories from this year 
stating that Cisco wants to incorporate Ironport's reputation and 
monitoring gear into security gear under the direction of the former CEO 
of Ironport.

> I tried to find some contact info on either Ironport or Cisco's website that's farther up the chain and might be useful for helping spamcop.. No such luck.

Did you look at http://www.ironport.com/support/contact_support.html?

That's a two-way street: if you can find a contact, so can some 
corporate fat cat with an "in" at Cisco whose machine got pwned and just 
wants "off that list." Ironport pretty much had a firewall between its 
corporate drones and sc, possibly just for that reason.

Several months ago a friend started a new job. Soon after he started, 
his company's server was compromised. The clueless IT director *did not 
even want to hear* how his machine was sending spam; all he wanted was 
to get off the sc list. As far as this IT director was concerned, being 
on the blocklist was his ONLY problem.
From rainbowl at tomassoni.eu  Sun Aug 17 03:58:54 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Sun Aug 17 04:00:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
	<g825js$3p2$1@news.spamcop.net>
	<01c8fe72$1936ae80$LocalHost@default>
	<g844eg$4g3$1@news.spamcop.net>
	<l64ea41lqk4cakl4v645qmf9hqk16ht2i3@4ax.com>
Message-ID: <g88lnh$2qn$1@news.spamcop.net>


"SpamCop Admin" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:l64ea41lqk4cakl4v645qmf9hqk16ht2i3@4ax.com...
> >-Don, a SPAMCOP admin, stated that there is a flag indicating
>>-that a particular spam had been parsed
>
> What I said was... "I suspect (key word 'suspect') that the submission
> is somehow getting flagged as parsed.  Maybe."
>
> That's not a statement of fact.  That's a suspicion I shared.  Please
> notice the words "suspect," "somehow," and "maybe."
>
>
>>-I was meaning that, if SC people have a full-log-on testing
>>-system and they need real-case submissions in order to discover
>>-and fix this problem, I could eventually provide the real-case
>>-submissions.
>
> They have exactly that.  They can watch the details of the parse in
> real time, and they have logs.
>
> The problem is that they can't use you data.  What you would donate
> has already been processed by your system.  They need to see spam that
> is coming into *their* test account so that they know everything is
> original and raw.

I was meaning "future submissions", not bunches of old ones. I of course 
understand that you at SC have plenty of ways to get tons of current 
submissions, but maybe the problem is, say, somehow triggered by some 
specific way of packing QRs in a mail for shipment to SC. (just guessing)

Anyway, I agree with you that "the problem" is not much important from a 
statistical point of view.

Thanks Don,

Giampaolo


>
> - Don - 


From nobody at devnull.spamcop.net  Sun Aug 17 11:23:11 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Sun Aug 17 11:25:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net>
	<p1t8a4dhh5a7oncft6na22lg3m6ovv6oir@4ax.com>
	<g825js$3p2$1@news.spamcop.net>
	<01c8fe72$1936ae80$LocalHost@default>
	<g844eg$4g3$1@news.spamcop.net>
	<l64ea41lqk4cakl4v645qmf9hqk16ht2i3@4ax.com>
Message-ID: <g89fph$oum$1@news.spamcop.net>


"SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
news:l64ea41lqk4cakl4v645qmf9hqk16ht2i3@4ax.com...
> >-Don, a SPAMCOP admin, stated that there is a flag indicating
>>-that a particular spam had been parsed
>
> What I said was... "I suspect (key word 'suspect') that the submission
> is somehow getting flagged as parsed.  Maybe."
>
> That's not a statement of fact.  That's a suspicion I shared.  Please
> notice the words "suspect," "somehow," and "maybe."

I apologize for not paraphrasing your statement accurately.  I did 
understand that you were just proposing a theory.


From nobody at devnull.spamcop.net  Sun Aug 17 11:28:19 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Sun Aug 17 11:30:03 2008
Subject: [Scspamcop] Re: Occasional QR not reporting?
References: <g7spp4$vr$1@news.spamcop.net> <g7stm8$kcu$1@news.spamcop.net>
	<g7t96u$upn$1@news.spamcop.net> <g7tm0j$4l8$1@news.spamcop.net>
	<g7u8np$egu$1@news.spamcop.net> <g7vg1d$ahg$1@news.spamcop.net>
	<g851is$uqk$1@news.spamcop.net> <g86jce$7m6$1@news.spamcop.net>
	<g8738b$cgj$1@news.spamcop.net>
Message-ID: <g89g2n$qc7$1@news.spamcop.net>


"Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote in message 
news:g8738b$cgj$1@news.spamcop.net...
>
> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
> news:g86jce$7m6$1@news.spamcop.net...
>> "Giampaolo Tomassoni" <rainbowl@tomassoni.eu> wrote:
>>> "Blue Rock" <nobody@devnull.spamcop.net> ha scritto nel messaggio
>>>> Plus, when I immediately re-submit the un-processed spam message, it 
>>>> does result in reports being filed.
>>>
>>> You mean, even the dead one? I'm not sure about it, I have to check this 
>>> out.
>>
>> Yes.  On many occasions, I have re-submitted individual messages that 
>> have failed in this way.  Everytime I have tried, the spam has parsed 
>> correctly, reports have been sent (unless it was more than two days 
>> later), and I received a "Quick reporting data" email message for the 
>> submission.
>>
>> I just tried it again yesterday, with the spam message I found that had 
>> failed on Saturday.  Obviously, no reports were actually sent, because it 
>> has been more than two days.  But, everything else worked correctly the 
>> second time.
>
> Ah, ok. You mean that only the new post was successful. I had got that by 
> re-posting that message even the dead QR went back to life...
>
> No zombie QRs, right?
>
> Giampaolo

No, the original "posting" remains listed as "No reports filed".  However, 
the second submission of the same spam item is handled correctly, thus 
proving that it is not some characteristic of the spam message that is 
causing the problem.


From nobody at devnull.spamcop.net  Sun Aug 24 17:43:15 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Aug 24 17:45:04 2008
Subject: [Scspamcop] Curious:  Verizon spam
Message-ID: <g8sklc$h2r$1@news.spamcop.net>

Just curious:  Are you folks seeing a lot of Verizon sourced spam 
recently?  Yesterday I had a couple and today they're all tracing to 
Verizon and .ar, .cn, crazy locations like that in addition to VZ.
   I checked a couple of them manually and VZ seems to be a good parse.



From nobody at nowhere.not  Sun Aug 24 22:23:12 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug 24 22:25:04 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-s4oOoXtH9pCx@localhost>

On Sun, 24 Aug 2008 21:43:15 UTC, "Twayne" 
<nobody@devnull.spamcop.net> wrote:

> Just curious:  Are you folks seeing a lot of Verizon sourced spam 
> recently?  Yesterday I had a couple and today they're all tracing to 
> Verizon and .ar, .cn, crazy locations like that in addition to VZ.
>    I checked a couple of them manually and VZ seems to be a good parse.

I get some Verizon spam.  I also get spam from most large US ISPs.  It
seems to me that most US ISPs do a lot less to stop spam than they 
could.


-- 
Robert Blair
From nobody at devnull.spamcop.net  Mon Aug 25 04:19:42 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Mon Aug 25 04:20:03 2008
Subject: [Scspamcop] Again - truncated reporting address
Message-ID: <g8tpuu$ao$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2184524298z4af9dfcf5f5436ca5a3cbdc8b82f0327z

The spamvertized site http://edyws.probablewide.com resolves to several 
dozen IP addresses, of which SC picked 91.127.61.64, then decided on the 
reporting address

	abuse@ip.t

According to RIPE whois, the reporting address [for 91.127.0.0 - 
91.127.127.255] should be

	abuse@ip.t-com.sk
From nobody at spamcop.net  Mon Aug 25 21:25:28 2008
From: nobody at spamcop.net (N. Miller)
Date: Mon Aug 25 21:30:02 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-s4oOoXtH9pCx@localhost>
Message-ID: <1qxatid7hx4g4$.dlg@nobody.spamcop.net>

On Mon, 25 Aug 2008 02:23:12 +0000 (UTC), Robert Blair from SpamCop wrote:

> On Sun, 24 Aug 2008 21:43:15 UTC, "Twayne" 
> <nobody@devnull.spamcop.net> wrote:

>> Just curious:  Are you folks seeing a lot of Verizon sourced spam 
>> recently?  Yesterday I had a couple and today they're all tracing to 
>> Verizon and .ar, .cn, crazy locations like that in addition to VZ.
>>    I checked a couple of them manually and VZ seems to be a good parse.

> I get some Verizon spam.  I also get spam from most large US ISPs.  It
> seems to me that most US ISPs do a lot less to stop spam than they 
> could.

Verizon is my No.1 source of dubious connections to my MTA, from U.S.
residential hosts. Road Runner is No.2. Neither does as much as AT&T, or
Comcast, to prevent abuse of their networks by spammers.

-- 
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
From nobody at devnull.spamcop.net  Mon Aug 25 21:57:12 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Mon Aug 25 22:00:03 2008
Subject: [Scspamcop] Cannot login
Message-ID: <g8vnto$1i5$1@news.spamcop.net>

http://mailsc.spamcop.net/ - when going to the site I get an 
Authentication Required pop-up, with my username (email address) and 
password in it. Hitting Enter or clicking OK will just bring the pop-up 
back, again and again. I can only click Cancel, in which case I get a 
401 error.

What happened - has my account been suspended (again), or does anyone 
else experience the same problem?
From nobody at spamcop.net  Tue Aug 26 07:59:50 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Tue Aug 26 08:00:03 2008
Subject: [Scspamcop] Re: Cannot login
In-Reply-To: <g8vnto$1i5$1@news.spamcop.net>
References: <g8vnto$1i5$1@news.spamcop.net>
Message-ID: <g90r7s$8tv$1@news.spamcop.net>

"Patto" <nobody@devnull.spamcop.net> wrote in message 
news:g8vnto$1i5$1@news.spamcop.net...
> http://mailsc.spamcop.net/ - when going to the site I get an 
> Authentication Required pop-up, with my username (email address) and 
> password in it. Hitting Enter or clicking OK will just bring the pop-up 
> back, again and again. I can only click Cancel, in which case I get a 401 
> error.
>
> What happened - has my account been suspended (again), or does anyone else 
> experience the same problem?

It is working for me at this hour.  Was not using it last night.  Also, no 
reports of problems in the forums. 

From me at privacy.net  Tue Aug 26 18:59:44 2008
From: me at privacy.net (Michael R N Dolbear)
Date: Tue Aug 26 19:00:04 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
Message-ID: <01c907c8$27d08380$LocalHost@default>


Twayne <nobody@devnull.spamcop.net> wrote in article
<g8sklc$h2r$1@news.spamcop.net>...
> Just curious:  Are you folks seeing a lot of Verizon sourced spam 
> recently?  Yesterday I had a couple and today they're all tracing to 
> Verizon and .ar, .cn, crazy locations like that in addition to VZ.
>    I checked a couple of them manually and VZ seems to be a good
parse.

Verizon no, "crazy locations" yes.

I have always had a fair sprinkling of far off sources :-

ru,kz,do,hr,de      pl,2it,de,gr,2ru,mx,my,sg

Botnets, or so I suppose.

-- 
Mike D

From nobody at devnull.spamcop.net  Tue Aug 26 22:58:50 2008
From: nobody at devnull.spamcop.net (Patto)
Date: Tue Aug 26 23:00:04 2008
Subject: [Scspamcop] Re: Cannot login
In-Reply-To: <g90r7s$8tv$1@news.spamcop.net>
References: <g8vnto$1i5$1@news.spamcop.net> <g90r7s$8tv$1@news.spamcop.net>
Message-ID: <g92fta$bgq$1@news.spamcop.net>

Steven Underwood wrote:
> "Patto" <nobody@devnull.spamcop.net> wrote in message 
> news:g8vnto$1i5$1@news.spamcop.net...
>> http://mailsc.spamcop.net/ - when going to the site I get an 
>> Authentication Required pop-up, with my username (email address) and 
>> password in it. Hitting Enter or clicking OK will just bring the pop-up 
>> back, again and again. I can only click Cancel, in which case I get a 401 
>> error.
>>
>> What happened - has my account been suspended (again), or does anyone else 
>> experience the same problem?
> 
> It is working for me at this hour.  Was not using it last night.  Also, no 
> reports of problems in the forums.

Thank you for your reply. I have been told by an admin that my account 
has expired. I don't know how this is possible, as I have been using the 
free version of SC for quite a while now. ???
From MikeE at ster.invalid  Wed Aug 27 00:52:56 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Aug 27 00:55:03 2008
Subject: [Scspamcop] Re: Cannot login
References: <g8vnto$1i5$1@news.spamcop.net> <g90r7s$8tv$1@news.spamcop.net>
	<g92fta$bgq$1@news.spamcop.net>
Message-ID: <g92mj8$4bb$1@news.spamcop.net>

Patto wrote:

> Thank you for your reply. I have been told by an admin that my account
> has expired. I don't know how this is possible, as I have been using the
> free version of SC for quite a while now. ???

I don't know what can make a free account expire, but all you have to do
to get a 'new' unexpired one is go here:

http://spamcop.net/anonsignup.shtml  Register for the Free Reporting
Service - Please provide a primary email address for SpamCop to send you
your initial password and report replies.



--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Wed Aug 27 11:34:34 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Aug 27 11:35:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
Message-ID: <g93s68$5kd$1@news.spamcop.net>

> Twayne <nobody@devnull.spamcop.net> wrote in article
> <g8sklc$h2r$1@news.spamcop.net>...
>> Just curious:  Are you folks seeing a lot of Verizon sourced spam
>> recently?  Yesterday I had a couple and today they're all tracing to
>> Verizon and .ar, .cn, crazy locations like that in addition to VZ.
>>    I checked a couple of them manually and VZ seems to be a good
>> parse.
>
> Verizon no, "crazy locations" yes.
>
> I have always had a fair sprinkling of far off sources :-
>
> ru,kz,do,hr,de      pl,2it,de,gr,2ru,mx,my,sg
>
> Botnets, or so I suppose.

I imagine a lot of netbots.  The Verizon stuff continues interestingly 
enough and is even escalating.  I seldom get more than a few spams a 
week and suddenly I'm getting around ten+ a day and climbing.  Over half 
parse to Verizon.  No, they aren't rejects or complaints sent to me. 
That thought has caused me to write a quick script to look for my 
addresses in them before I parse them though so I don't end up reporting 
myself.  Adds a couple seconds per, but no big deal.
   Most of the other stuff is .ru and .cn with a few Comcasts thrown in 
for good measure.  I wondered if my headers had become borked and was 
misleading SC, but they look like they always did to me.

Trivial at these numbers, I admit, but also unusual for me.  If I'm not 
mistaken, they started out being a mess of several phone companies and 
then settled into Verizon.  Suppose I could be on someone's radar; guess 
we'll find out.





From nobody at nowhere.not  Wed Aug 27 12:51:51 2008
From: nobody at nowhere.not (Robert Blair)
Date: Wed Aug 27 12:55:04 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>

On Wed, 27 Aug 2008 15:34:34 UTC, "Twayne" 
<nobody@devnull.spamcop.net> wrote:

> I imagine a lot of netbots.  The Verizon stuff continues interestingly 
> enough and is even escalating.  I seldom get more than a few spams a 
> week and suddenly I'm getting around ten+ a day and climbing.

Sounds like your ISP is filtering your spam and the new spam run is 
different enough to bypass the filters.

I do not let my ISP filter my spam because too much good email gets 
caught in their filters.  I am currently getting about 200 spams a day
which I filter in my email client.


>  Over half 
> parse to Verizon.  No, they aren't rejects or complaints sent to me. 
> That thought has caused me to write a quick script to look for my 
> addresses in them before I parse them though so I don't end up reporting 
> myself.  Adds a couple seconds per, but no big deal.

Filtering for your email address does not do anything effective.  
Spamcop will not report your email address unless it actually comes 
from you.


>    Most of the other stuff is .ru and .cn with a few Comcasts thrown in 
> for good measure.  I wondered if my headers had become borked and was 
> misleading SC, but they look like they always did to me.
>  
> Trivial at these numbers, I admit, but also unusual for me.  If I'm not 
> mistaken, they started out being a mess of several phone companies and 
> then settled into Verizon.  Suppose I could be on someone's radar; guess 
> we'll find out.

I doubt they are targeting you.  Spammers will spam any email address 
they can find.


-- 
Robert Blair
From nobody at devnull.spamcop.net  Wed Aug 27 17:53:42 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Aug 27 17:55:04 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g94id4$jbe$1@news.spamcop.net>

> On Wed, 27 Aug 2008 15:34:34 UTC, "Twayne"
> <nobody@devnull.spamcop.net> wrote:
>
>> I imagine a lot of netbots.  The Verizon stuff continues
>> interestingly enough and is even escalating.  I seldom get more than
>> a few spams a week and suddenly I'm getting around ten+ a day and
>> climbing.
>
> Sounds like your ISP is filtering your spam and the new spam run is
> different enough to bypass the filters.
>
> I do not let my ISP filter my spam because too much good email gets
> caught in their filters.  I am currently getting about 200 spams a day
> which I filter in my email client.

No, the spam's not being filtered.

>
>
>>  Over half
>> parse to Verizon.  No, they aren't rejects or complaints sent to me.
>> That thought has caused me to write a quick script to look for my
>> addresses in them before I parse them though so I don't end up
>> reporting myself.  Adds a couple seconds per, but no big deal.
>
> Filtering for your email address does not do anything effective.
> Spamcop will not report your email address unless it actually comes
> from you.

Well, that's a pretty good reason to check for some forgeries, don't you 
think?  If it shows as being from me, I don't want to use the regular 
reporting channels!  It's not unusual to have your own address as the 
spam source so I'm careful of it.  Why take a chance on reporting myself 
and the grief it might take to straighten it out?

>
>
>>    Most of the other stuff is .ru and .cn with a few Comcasts thrown
>> in for good measure.  I wondered if my headers had become borked and
>> was misleading SC, but they look like they always did to me.
>>
>> Trivial at these numbers, I admit, but also unusual for me.  If I'm
>> not mistaken, they started out being a mess of several phone
>> companies and then settled into Verizon.  Suppose I could be on
>> someone's radar; guess we'll find out.
>
> I doubt they are targeting you.  Spammers will spam any email address
> they can find.

True.  That's why I said "suppose".  But don't be too comfortable about 
not being targeted; all it takes is to rile up the right kiddie and you 
can have some interesting times.  I've had it happen once, a long time 
ago now,  although it was rather easy to stop.

Cheers,





From tmcgraw at spamcop.net  Wed Aug 27 18:54:00 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Aug 27 18:55:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
In-Reply-To: <g94id4$jbe$1@news.spamcop.net>
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>
	<g94id4$jbe$1@news.spamcop.net>
Message-ID: <g94lu9$1e5$1@news.spamcop.net>

Twayne wrote:
>> Twayne wrote:
>> Filtering for your email address does not do anything effective.
>> Spamcop will not report your email address unless it actually comes
>> from you.
> 
> Well, that's a pretty good reason to check for some forgeries, don't you 
> think?  If it shows as being from me, I don't want to use the regular 
> reporting channels!  It's not unusual to have your own address as the 
> spam source so I'm careful of it.  Why take a chance on reporting myself 
> and the grief it might take to straighten it out?

sc does not report based on the FROM field; it reports based on the 
sender's IP#.

I report spam sent with tmcgraw forged as the FROM email addy all the 
ding-dang day.
From skiwi at spamcop.net  Thu Aug 28 00:04:17 2008
From: skiwi at spamcop.net (Skiwi)
Date: Thu Aug 28 00:05:03 2008
Subject: [Scspamcop] What to adjust / can I adjust spams like these to get
	them to parse?
Message-ID: <g95847$2n1$1@news.spamcop.net>

Hi Ya,

See .spam with the same subject line...

What to adjust / can I adjust spams like these to get them to parse? 
Interestingly removing all but one of the blank lines between the header 
and the body allows the parser to parse (seemingly) the header but not 
the body...

TIA
Greg...
From nobody at nowhere.not  Thu Aug 28 02:28:04 2008
From: nobody at nowhere.not (Robert Blair)
Date: Thu Aug 28 02:30:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>
	<g94id4$jbe$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-hnWjLQBLoFiO@dsl-206-55-144-107.tstonramp.com>

On Wed, 27 Aug 2008 21:53:42 UTC, "Twayne" 
<nobody@devnull.spamcop.net> wrote:

> >> I imagine a lot of netbots.  The Verizon stuff continues
> >> interestingly enough and is even escalating.  I seldom get more than
> >> a few spams a week and suddenly I'm getting around ten+ a day and
> >> climbing.
> >
> > Sounds like your ISP is filtering your spam and the new spam run is
> > different enough to bypass the filters.
> >
> > I do not let my ISP filter my spam because too much good email gets
> > caught in their filters.  I am currently getting about 200 spams a day
> > which I filter in my email client.
>  
> No, the spam's not being filtered.

If your ISP is not filtering then you must be very lucky.  I can not 
remember when my spam was that light.


> >>  Over half
> >> parse to Verizon.  No, they aren't rejects or complaints sent to me.
> >> That thought has caused me to write a quick script to look for my
> >> addresses in them before I parse them though so I don't end up
> >> reporting myself.  Adds a couple seconds per, but no big deal.
> >
> > Filtering for your email address does not do anything effective.
> > Spamcop will not report your email address unless it actually comes
> > from you.
>  
> Well, that's a pretty good reason to check for some forgeries, don't you 
> think?  If it shows as being from me, I don't want to use the regular 
> reporting channels!  It's not unusual to have your own address as the 
> spam source so I'm careful of it.  Why take a chance on reporting myself 
> and the grief it might take to straighten it out?

Faking the receive headers so that you get reported is hard 
(impossible?) to do.  I have seen many receive headers added to point 
to me but spamcop has always identified the forgery, but then spammers
are not very good at forging receive headers.


> >>    Most of the other stuff is .ru and .cn with a few Comcasts thrown
> >> in for good measure.  I wondered if my headers had become borked and
> >> was misleading SC, but they look like they always did to me.
> >>
> >> Trivial at these numbers, I admit, but also unusual for me.  If I'm
> >> not mistaken, they started out being a mess of several phone
> >> companies and then settled into Verizon.  Suppose I could be on
> >> someone's radar; guess we'll find out.
> >
> > I doubt they are targeting you.  Spammers will spam any email address
> > they can find.
>  
> True.  That's why I said "suppose".  But don't be too comfortable about 
> not being targeted; all it takes is to rile up the right kiddie and you 
> can have some interesting times.  I've had it happen once, a long time 
> ago now,  although it was rather easy to stop.

I have had my email address used as the FROM in a spam run and I was 
getting a thousand spam bounce messages a day.  I doubt I was 
targeted, just unlucky to have my address picked for that spam run.


-- 
Robert Blair
From nobody at nowhere.not  Thu Aug 28 02:35:12 2008
From: nobody at nowhere.not (Robert Blair)
Date: Thu Aug 28 02:40:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-JfTJdIdYU6Bd@dsl-206-55-144-107.tstonramp.com>

On Thu, 28 Aug 2008 04:04:17 UTC, Skiwi <skiwi@spamcop.net> wrote:

> What to adjust / can I adjust spams like these to get them to parse? 

As I understand the Spamcop terms and conditions modifying a spam so 
that spamcop will report it, or report differently it, is not allowed.


> Interestingly removing all but one of the blank lines between the header 
> and the body allows the parser to parse (seemingly) the header but not 
> the body...

Not having looked at the spam I do not understand why that would make 
a difference in the way spamcop would parse the spam.


-- 
Robert Blair
From MikeE at ster.invalid  Thu Aug 28 09:36:13 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Aug 28 09:40:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
Message-ID: <g969k8$287$1@news.spamcop.net>

Skiwi wrote:
> See .spam with the same subject line...

b0rken spam

> What to adjust /

See below.

> can I adjust spams like these to get them to parse?

That's a nono, see below.

> Interestingly removing all but one of the blank lines between the header
> and the body allows the parser to parse (seemingly) the header but not
> the body...

It is more complicated than that.

There are a lot of things 'wrong with' the spamitem which you pasted into
.spam, and it is not possible for us to see the item as originally sent
before it was -1- munched on by SC's SpamAssassin filter -2- handled by
the submission process -3- changed by spurious linewraps from being pasted
into .spam

The purpose of some of us forging an experimental spam by correcting a
spam's 'construction' errors and submitting that reconstructed spam to the
parser to see how it is handled is to understand certain aspects of spam
misconstruction or parser errors -- not to 'fix' the spam for purposes of
reporting it.

Even tho' the group .spam was originally created for purposes of posting
spam for discussion, pasting a spam into a newsmessage body and submitting
it with a newsagent is not the best way to show others a spam, because
such pasting introduces spurious linewraps into the headers and the body
which then need to be removed by an experimenter in order to check out
parsing questions.  A .spam pasted spam is not 'fit for' experimental
parsing.

The things wrong with this item which I corrected in the process of
looking at it and reconstructing it to make it be more like a normal MIME
construction are the following:

 - spurious linewraps in the headers, assumed to be introduced by .spam
news posting
 - 'broken' and misplaced spamcop X-headerlines, assumed to be introduced
by something on your/spamcop's end
 - improper construction of the 'next_part' MIME delimiter lines
 - missing payload website link from the plaintext part of the item
 - 'extra' content-type lines introduced by something
 - failure of the parser to find the website payload in the html part of
the item, partly because of improper html construction and also because of
the mime construction problems

If I remove and replace all of those misconstructions to make it look like
a normal multipart alternative which has been filtered by SC's SA
spamfilter and then parsed the parser, I get this result.

http://www.spamcop.net/sc?id=z2194841426z0a58fcf35dd9baf0bb969b2bd100746cz

Cannot resolve http://duringfell.com/
<duringfell.com is a reg'd domainname with nameservers, but it doesn't
currently resolve for SC or for me.>

Report Spam to:

Re: 88.246.185.47 (Administrator of network where email originates)
 To: Internal spamcop handling: (level3) (Notes)
 To: kayit@turkline.com (Notes)
 To: abuse@turktelekom.com.tr (Notes)
 To: abuse@ttnet.net.tr (Notes)
 To: iletisim@turktelekom.com.tr (Notes)
 To: postmaster#ttnet.net.tr@devnull.spamcop.net (Notes)
<cancelled>

That result comes from the correction of most of the construction errors.
There are still some html construction errors in the html portion of the
multipart, which were either introduced by the original spam construction,
the spamcop processing which mangled this item, or the newsposting
mangling.

Headers are supposed to be of a proper construction in terms of fieldnames
and fieldvalues and their syntax and folding and have only
sensible/correct content-type information, followed by an empty line to
denote the beginning of the body.  In this case the body is supposed to
have correct syntax and construction for the multipart delimiters, this
example with plaintext quotedprintable and html quotedprintable.


--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Thu Aug 28 09:54:08 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Aug 28 09:55:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
Message-ID: <g96als$9ss$1@news.spamcop.net>

Mike Easter wrote:
> Skiwi wrote:

>> See .spam with the same subject line...
>
> b0rken spam
>
>> What to adjust /
>
> See below.

I used the .spam posting for a place to reply inline about the
misconstruction.

> There are a lot of things 'wrong with' the spamitem


--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Thu Aug 28 11:49:46 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Thu Aug 28 11:50:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
Message-ID: <g96hem$isp$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:g969k8$287$1@news.spamcop.net...
> Skiwi wrote:
>> See .spam with the same subject line...
>
> b0rken spam

It was hoped that you would come up with something else <g>
http://forum.spamcop.net/forums/index.php?showtopic=9692


From newspost at deletethispart.hypercreations.com  Thu Aug 28 12:01:18 2008
From: newspost at deletethispart.hypercreations.com (D. T.)
Date: Thu Aug 28 12:05:04 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
Message-ID: <Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>

This topic actually got started over in the forums, and I posted an answer 
that the OP doesn't seem to have been back to read:

http://forum.spamcop.net/forums/index.php?s=&showtopic=9692
&view=findpost&p=66361

The headers and the body seem to have gotten commingled somehow, and I'm 
suspecting that it's something happening on the OP's pc.

DT
From MikeE at ster.invalid  Thu Aug 28 12:08:39 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Aug 28 12:10:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96hem$isp$1@news.spamcop.net>
Message-ID: <g96ii4$n9f$1@news.spamcop.net>

Wazoo wrote:
> "Mike Easter"
>> Skiwi wrote:
>>> See .spam with the same subject line...
>>
>> b0rken spam
>
> It was hoped that you would come up with something else <g>

I did come up with /something/ else besides the spam originating as
b0rken.  I think something on the SC receiving end is screwing up.

> http://forum.spamcop.net/forums/index.php?showtopic=9692

This is a discussion about this item
http://www.spamcop.net/sc?id=z2187243858z59854ce4abc84558676a8b55309b08ddz

... which demonstrates the same kinds problems, namely:

body squished into the header, SC header xlines detached and insinuated
into the body which isn't properly 'delineated' in terms of header-body
separation or MIME boundary delimiter configuration.

I can't yet imagine how the spam could be improperly constructed in such a
manner as to cause the SC SA filter to 'jumble' its xlines into the
spambody.

The spam discussed in the forum at the tracker above is 'identical' in
misconstruction to the spam being discussed here, but the payload site is
intuitionway.com -- but it doesn't resolve any better than its cousin
duringfell.com under the same registrar and nameservers.




--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Thu Aug 28 14:10:08 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Aug 28 14:15:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
Message-ID: <g96plt$si5$1@news.spamcop.net>

D. T. wrote:
> This topic actually got started over in the forums, and I posted an
> answer that the OP doesn't seem to have been back to read:
>
> http://forum.spamcop.net/forums/index.php?s=&showtopic=9692
> &view=findpost&p=66361
>
> The headers and the body seem to have gotten commingled somehow, and I'm
> suspecting that it's something happening on the OP's pc.

It looks to me like something which is happening in the spamcop system.

The spamitem sources 93.186.60.58 > mx71.cesmail.net > blade6.cesmail.net

... and it is handled and stamped by spamcop stamping Xheaders about
Spam-Checker-Version, Spam-Level, Spam-Status, SpamCop-Checked, and
SpamCop-Disposition

... and 2 of those Xlines are inserted into the body of the spam surely by
the spamcop mailhandling.

I don't doubt that the spam is misconstructed, but I also believe that it
is mishandled and mistreated and mangled by spamcop's processes before the
recipient ever gets his hands on it.



--
Mike Easter
kibitzer, not SC admin

From rainbowl at tomassoni.eu  Thu Aug 28 16:52:29 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Thu Aug 28 16:55:04 2008
Subject: [Scspamcop] Any hint about "pingeries"?
Message-ID: <g97364$b3e$1@news.spamcop.net>

Would you report a "ping mail"?

This is an example:

    http://www.spamcop.net/sc?id=z2195799760z995dcad81b83b466c3321cf1dfb0201ez

I just cancelled this, since I'm getting some "ping mail" like this and I 
*think* they are meant to discover spamtraps and users reporting to SpamCop, 
thereby I preferred not disclose any mailbox or owner capability.

Do you think the same or your hint is to report even this stuff?

Thanks,

Giampaolo 


From nobody at devnull.spamcop.net  Thu Aug 28 18:33:03 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Aug 28 18:35:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>
	<g94id4$jbe$1@news.spamcop.net> <g94lu9$1e5$1@news.spamcop.net>
Message-ID: <g9792s$474$1@news.spamcop.net>

> Twayne wrote:
>>> Twayne wrote:
>>> Filtering for your email address does not do anything effective.
>>> Spamcop will not report your email address unless it actually comes
>>> from you.
>>
>> Well, that's a pretty good reason to check for some forgeries, don't
>> you think?  If it shows as being from me, I don't want to use the
>> regular reporting channels!  It's not unusual to have your own
>> address as the spam source so I'm careful of it.  Why take a chance
>> on reporting myself and the grief it might take to straighten it out?
>
> sc does not report based on the FROM field; it reports based on the
> sender's IP#.
>
> I report spam sent with tmcgraw forged as the FROM email addy all the
> ding-dang day.

Ummm, ok?  I didn't say that.  I think you're assuming a level of 
non-experience that doesn't exist.  It's not necessary to explain the 
whole envelope contents to me, although I appreciate your good 
intentions.  I think you've simply missed my point.

cheers,


From nobody at devnull.spamcop.net  Thu Aug 28 18:42:50 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Aug 28 18:45:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-HckfOpnY3bCM@dsl-206-55-144-107.tstonramp.com>
	<g94id4$jbe$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-hnWjLQBLoFiO@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g979l7$5hg$1@news.spamcop.net>

> On Wed, 27 Aug 2008 21:53:42 UTC, "Twayne"
> <nobody@devnull.spamcop.net> wrote:
>
>>>> I imagine a lot of netbots.  The Verizon stuff continues
>>>> interestingly enough and is even escalating.  I seldom get more
>>>> than a few spams a week and suddenly I'm getting around ten+ a day
>>>> and climbing.
>>>
>>> Sounds like your ISP is filtering your spam and the new spam run is
>>> different enough to bypass the filters.
>>>
>>> I do not let my ISP filter my spam because too much good email gets
>>> caught in their filters.  I am currently getting about 200 spams a
>>> day which I filter in my email client.
>>
>> No, the spam's not being filtered.
>
> If your ISP is not filtering then you must be very lucky.  I can not
> remember when my spam was that light.

It comes and goes, wanes and waxes.  And it's not easy to maintain 
either, but judicious use of email addresses, plus being able to create 
my own goes a long ways, not to mention a lot of other things that go 
on.  For instance, I've never once used my signup account for anything, 
instead creating trusted, untrusted, special accounts etc., even using 
Sneakemail when it's called for.  Since I'm not into games, videos or 
art/music stuff with a few exceptions, I don't go to a lot of sites or 
communicate/leave behind anything useful for them.  Mostly I use the 
'net for research not entertainment and my e-mail list is carefully 
maintained.
   I do admit to going through a few user names before i got to this 
point<G>.  NO idea how long it's going to last either, but ... I'm 
enjoying it while it does - over two years and counting.  KNock on 
formica.  Naturally it doesn't hurt to have a few countries blocked 
either.  It's possible if you're faithful to the cause.  I'm firmly 
convinced that spamcop has some small part in my "luck" also.

Cheers,

Twayne

>
>
>>>>  Over half
>>>> parse to Verizon.  No, they aren't rejects or complaints sent to
>>>> me. That thought has caused me to write a quick script to look for
>>>> my addresses in them before I parse them though so I don't end up
>>>> reporting myself.  Adds a couple seconds per, but no big deal.
>>>
>>> Filtering for your email address does not do anything effective.
>>> Spamcop will not report your email address unless it actually comes
>>> from you.
>>
>> Well, that's a pretty good reason to check for some forgeries, don't
>> you think?  If it shows as being from me, I don't want to use the
>> regular reporting channels!  It's not unusual to have your own
>> address as the spam source so I'm careful of it.  Why take a chance
>> on reporting myself and the grief it might take to straighten it out?
>
> Faking the receive headers so that you get reported is hard
> (impossible?) to do.  I have seen many receive headers added to point
> to me but spamcop has always identified the forgery, but then spammers
> are not very good at forging receive headers.
>
>
>>>>    Most of the other stuff is .ru and .cn with a few Comcasts
>>>> thrown in for good measure.  I wondered if my headers had become
>>>> borked and was misleading SC, but they look like they always did
>>>> to me.
>>>>
>>>> Trivial at these numbers, I admit, but also unusual for me.  If I'm
>>>> not mistaken, they started out being a mess of several phone
>>>> companies and then settled into Verizon.  Suppose I could be on
>>>> someone's radar; guess we'll find out.
>>>
>>> I doubt they are targeting you.  Spammers will spam any email
>>> address they can find.
>>
>> True.  That's why I said "suppose".  But don't be too comfortable
>> about not being targeted; all it takes is to rile up the right
>> kiddie and you can have some interesting times.  I've had it happen
>> once, a long time ago now,  although it was rather easy to stop.
>
> I have had my email address used as the FROM in a spam run and I was
> getting a thousand spam bounce messages a day.  I doubt I was
> targeted, just unlucky to have my address picked for that spam run.



From newspost at deletethispart.hypercreations.com  Thu Aug 28 23:22:25 2008
From: newspost at deletethispart.hypercreations.com (D. T.)
Date: Thu Aug 28 23:25:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
Message-ID: <Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>

"Mike Easter" <MikeE@ster.invalid> wrote in
news:g96plt$si5$1@news.spamcop.net: 

> It looks to me like something which is happening in the spamcop
> system. 
> 
> The spamitem sources 93.186.60.58 > mx71.cesmail.net >
> blade6.cesmail.net 

That's a server for those who are Corporate Email Systems 
customers....those of us who have SpamCop email accounts. That's not the 
parsing system.

> ... and it is handled and stamped by spamcop stamping Xheaders about
> Spam-Checker-Version, Spam-Level, Spam-Status, SpamCop-Checked, and
> SpamCop-Disposition
> 
> ... and 2 of those Xlines are inserted into the body of the spam
> surely by the spamcop mailhandling.

No, I don't think so. I went through a bunch of my own "multipart" email 
messages (I've got thousands of them here) that flowed through the same 
system, and *none* of them exhibit the commingling that the OP's headers 
had.

We're wasting our time, as are those in the forums, because there are 
questions that have been asked of the OP and he's nowhere to be found. Time 
to move on, I think.

DT
From skiwi at spamcop.net  Fri Aug 29 01:41:46 2008
From: skiwi at spamcop.net (Skiwi)
Date: Fri Aug 29 01:45:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <g96als$9ss$1@news.spamcop.net>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net>
Message-ID: <g9827g$ehm$1@news.spamcop.net>

Mike Easter wrote:
> Mike Easter wrote:
>> Skiwi wrote:
> 
>>> See .spam with the same subject line...
>> b0rken spam
>>
>>> What to adjust /
>> See below.
> 
> I used the .spam posting for a place to reply inline about the
> misconstruction.
> 
>> There are a lot of things 'wrong with' the spamitem

Thanks guys - there is a steep learning curve in all of the semantics 
and finer points of all this - and as I course don't do this for a 
living it is hard to find time to get enough into this - so thank you to 
you propeller heads [a compliment!  :-)  ] for being the go to people!

Anyway... I have been 'full' reporting all of my spam this evening 
rather than 'Quick' reporting so that I can get a tracking URL that is 
not specific to my logon - I believe this is one of what you need:

http://www.spamcop.net/sc?id=z2196747351z6ba68eb26809c77d606d0bd53e487873z;action=display

Which gives, as you likely saw / guessed:

     This header is incomplete. Please supply the full headers of the
     spam you're trying to report.
     No source IP address found, cannot proceed.

Although I recognise that the finer points mean a lot, bottom line is do 
I have any regular, 'legal' option to get spams of this type of format 
reported and potentially on the SCBL so others might be saved getting 
them in their In Boxes? It seems such a pity for them to sneak by!

Now, off to read and try and understand Mike's full posts!   :-)
From nobody at nowhere.not  Fri Aug 29 03:16:43 2008
From: nobody at nowhere.not (Robert Blair)
Date: Fri Aug 29 03:20:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>

On Fri, 29 Aug 2008 05:41:46 UTC, Skiwi <skiwi@spamcop.net> wrote:

> Anyway... I have been 'full' reporting all of my spam this evening 
> rather than 'Quick' reporting so that I can get a tracking URL that is 
> not specific to my logon - I believe this is one of what you need:

The last line for each quick-report response is a tracking URL that 
can be used by anyone.


-- 
Robert Blair
From nobody at nowhere.not  Fri Aug 29 03:23:19 2008
From: nobody at nowhere.not (Robert Blair)
Date: Fri Aug 29 03:25:03 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-fKVGpCypIJVb@dsl-206-55-144-107.tstonramp.com>

On Thu, 28 Aug 2008 20:52:29 UTC, "Giampaolo Tomassoni" 
<rainbowl@tomassoni.eu> wrote:

> Would you report a "ping mail"?
>  
> This is an example:
>  
>     http://www.spamcop.net/sc?id=z2195799760z995dcad81b83b466c3321cf1dfb0201ez
>  
> I just cancelled this, since I'm getting some "ping mail" like this and I 
> *think* they are meant to discover spamtraps and users reporting to SpamCop, 
> thereby I preferred not disclose any mailbox or owner capability.
>  
> Do you think the same or your hint is to report even this stuff?

I just report it.


-- 
Robert Blair
From nobody at devnull.spamcop.net  Fri Aug 29 11:35:43 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Aug 29 11:40:03 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fKVGpCypIJVb@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9950a$n6d$1@news.spamcop.net>

> On Thu, 28 Aug 2008 20:52:29 UTC, "Giampaolo Tomassoni"
> <rainbowl@tomassoni.eu> wrote:
>
>> Would you report a "ping mail"?
>>
>> This is an example:
>>
>>
>> http://www.spamcop.net/sc?id=z2195799760z995dcad81b83b466c3321cf1dfb0201ez
>>
>> I just cancelled this, since I'm getting some "ping mail" like this
>> and I *think* they are meant to discover spamtraps and users
>> reporting to SpamCop, thereby I preferred not disclose any mailbox
>> or owner capability.
>>
>> Do you think the same or your hint is to report even this stuff?
>
> I just report it.

What is    "ping mail"    anyway?  I've been waiting, thinking a post 
context might make it clear but apparently not happening. I looked at 
the tracker, even the whole mail; no help.

Seems like if it meets the spam defs, it's spam and should be reported.

TIA
Twayne 


From MikeE at ster.invalid  Fri Aug 29 12:10:02 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Aug 29 12:10:05 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
Message-ID: <g9970r$vfc$1@news.spamcop.net>

D. T. wrote:
> "Mike Easter"

>> It looks to me like something which is happening in the spamcop
>> system.
>>
>> The spamitem sources 93.186.60.58 > mx71.cesmail.net >
>> blade6.cesmail.net
>
> That's a server for those who are Corporate Email Systems
> customers....those of us who have SpamCop email accounts. That's not the
> parsing system.

My point is that the recipient's mail provider, filterer, and
parsing-reporting system is spamcop.  2 lines which belong in the header
were put in/ written into/ stamped in/ 'the wrong place' by the spamcop
filtering system.

>> ... and it is handled and stamped by spamcop stamping Xheaders about
>> Spam-Checker-Version, Spam-Level, Spam-Status, SpamCop-Checked, and
>> SpamCop-Disposition
>>
>> ... and 2 of those Xlines are inserted into the body of the spam
>> surely by the spamcop mailhandling.
>
> No, I don't think so.

You don't think 'so' what?  You don't think the lines were put into the
spambody by the process that stamped all of the spamcop xlines?  How do
you think they got in there?

> I went through a bunch of my own "multipart" email
> messages (I've got thousands of them here) that flowed through the same
> system, and *none* of them exhibit the commingling that the OP's headers
> had.

That doesn't convince me that it didn't happen in these instances which
have been/ arebeing/ discussed in both the forum and the newsgroup.

> We're wasting our time, as are those in the forums, because there are
> questions that have been asked of the OP and he's nowhere to be found.
> Time to move on, I think.

We may not be fixing anything, but we are discussing it.


--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Fri Aug 29 12:20:58 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Aug 29 12:25:02 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net>
Message-ID: <g997lb$1o2$1@news.spamcop.net>

Giampaolo Tomassoni wrote:
> Would you report a "ping mail"?

I would quickreport an unsolicted mail whether it contained a meaningful
message body or a payload or not.

> I *think* they are meant to discover spamtraps and users reporting to
> SpamCop,

I don't spend much time pondering the 'thought processes' of the process
by which spam is created and generated.

> Do you think the same or your hint is to report even this stuff?

That item is sourced from 163.117.134.64 rDNS pc-134-64.uc3m.es which is
not on any blocklists.  Senderbase queries is not currently available, so
I don't know what its output profile looks like, but presumably it is an
unlisted bot.

Reporting small output IPs helps to get them blocklisted on such as the
SCbl which is of more benefit to those using the blocklists than those
generating the spam.


--
Mike Easter
kibitzer, not SC admin

From rainbowl at tomassoni.eu  Fri Aug 29 13:45:57 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Fri Aug 29 13:50:02 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fKVGpCypIJVb@dsl-206-55-144-107.tstonramp.com>
	<g9950a$n6d$1@news.spamcop.net>
Message-ID: <g99ckc$pm2$1@news.spamcop.net>

"Twayne" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:g9950a$n6d$1@news.spamcop.net...
>> On Thu, 28 Aug 2008 20:52:29 UTC, "Giampaolo Tomassoni"
>> <rainbowl@tomassoni.eu> wrote:
>>
>>> Would you report a "ping mail"?
>>>
>>> This is an example:
>>>
>>>
>>> http://www.spamcop.net/sc?id=z2195799760z995dcad81b83b466c3321cf1dfb0201ez
>>>
>>> I just cancelled this, since I'm getting some "ping mail" like this
>>> and I *think* they are meant to discover spamtraps and users
>>> reporting to SpamCop, thereby I preferred not disclose any mailbox
>>> or owner capability.
>>>
>>> Do you think the same or your hint is to report even this stuff?
>>
>> I just report it.
>
> What is    "ping mail"    anyway?  I've been waiting, thinking a post 
> context might make it clear but apparently not happening. I looked at the 
> tracker, even the whole mail; no help.
>
> Seems like if it meets the spam defs, it's spam and should be reported.

I own the copyright of the "ping mail" term. :)

To me a "ping mail" is a message not meant to carry any meaning at all. Il 
looks like test mail you send to check a mail route, not "classical" spam.

It is not even a bayes poisoning mail, since the words in it are not in any 
language. Apart maybe Martian, of course.

Giampaolo

> TIA
> Twayne
> 


From rainbowl at tomassoni.eu  Fri Aug 29 13:47:02 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Fri Aug 29 13:50:03 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
Message-ID: <g99cmc$ps2$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> ha scritto nel messaggio 
news:g997lb$1o2$1@news.spamcop.net...
> Giampaolo Tomassoni wrote:
>> Would you report a "ping mail"?
>
> I would quickreport an unsolicted mail whether it contained a meaningful
> message body or a payload or not.
>
>> I *think* they are meant to discover spamtraps and users reporting to
>> SpamCop,
>
> I don't spend much time pondering the 'thought processes' of the process
> by which spam is created and generated.
>
>> Do you think the same or your hint is to report even this stuff?
>
> That item is sourced from 163.117.134.64 rDNS pc-134-64.uc3m.es which is
> not on any blocklists.  Senderbase queries is not currently available, so
> I don't know what its output profile looks like, but presumably it is an
> unlisted bot.
>
> Reporting small output IPs helps to get them blocklisted on such as the
> SCbl which is of more benefit to those using the blocklists than those
> generating the spam.

Oh, I see.

You're right, Mike: I should have report it.

Thank you,

Giampaolo


> --
> Mike Easter
> kibitzer, not SC admin
> 


From nobody at spamcop.net  Fri Aug 29 18:12:43 2008
From: nobody at spamcop.net (RandallW)
Date: Fri Aug 29 18:15:03 2008
Subject: [Scspamcop] Re: Curious:  Verizon spam
References: <g8sklc$h2r$1@news.spamcop.net>
	<01c907c8$27d08380$LocalHost@default>
	<g93s68$5kd$1@news.spamcop.net>
Message-ID: <g99s8p$plv$1@news.spamcop.net>

Much of my spam is coming from an infested Russian ISP.

Bits like this for example:
http://www.spamcop.net/sc?id=z2199620711z8acc68428ff796d553d38098d07f829bz



From MikeE at ster.invalid  Fri Aug 29 18:16:19 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Aug 29 18:20:03 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
Message-ID: <g99sfp$q93$1@news.spamcop.net>

Larry in AZ wrote:
> "Mike Easter"

>> I don't spend much time pondering the 'thought processes' of the
>> process by which spam is created and generated.
>
> Ever hear, "Know your enemy"..?

If there were a process by which pondering the thought processes,
hypothesizing a solution, and then being provided an accurate 'answer' to
the pondering and the hypothesis by the spam generator -- so that
pondering resulted in a better and more accurate understanding -- such
pondering might be of some value.

Since there isn't such a feedback loop, the pondering turns out to be a
form of useless mental masturbation.

I'm a big fan of many kinds of masturbation, mental and otherwise, but
that particular variety of puzzle manipulating just doesn't appeal to me.
I have lots of other puzzles I like to work which are more rewarding,
because in those you can actually determine how well you perform the
puzzle.

Puzzling spamreading doesn't result in knowing your enemy the spamprocess
any better than not puzzling such reading.



--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Fri Aug 29 18:53:41 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Aug 29 18:55:02 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fKVGpCypIJVb@dsl-206-55-144-107.tstonramp.com>
	<g9950a$n6d$1@news.spamcop.net> <g99ckc$pm2$1@news.spamcop.net>
Message-ID: <g99ulg$jl$1@news.spamcop.net>

> "Twayne" <nobody@devnull.spamcop.net> ha scritto nel messaggio
> news:g9950a$n6d$1@news.spamcop.net...
>>> On Thu, 28 Aug 2008 20:52:29 UTC, "Giampaolo Tomassoni"
>>> <rainbowl@tomassoni.eu> wrote:
>>>
>>>> Would you report a "ping mail"?
>>>>
>>>> This is an example:
>>>>
>>>>
>>>> http://www.spamcop.net/sc?id=z2195799760z995dcad81b83b466c3321cf1dfb0201ez
>>>>
>>>> I just cancelled this, since I'm getting some "ping mail" like this
>>>> and I *think* they are meant to discover spamtraps and users
>>>> reporting to SpamCop, thereby I preferred not disclose any mailbox
>>>> or owner capability.
>>>>
>>>> Do you think the same or your hint is to report even this stuff?
>>>
>>> I just report it.
>>
>> What is    "ping mail"    anyway?  I've been waiting, thinking a post
>> context might make it clear but apparently not happening. I looked
>> at the tracker, even the whole mail; no help.
>>
>> Seems like if it meets the spam defs, it's spam and should be
>> reported.
>
> I own the copyright of the "ping mail" term. :)
>
> To me a "ping mail" is a message not meant to carry any meaning at
> all. Il looks like test mail you send to check a mail route, not
> "classical" spam.
> It is not even a bayes poisoning mail, since the words in it are not
> in any language. Apart maybe Martian, of course.
>
> Giampaolo
>
>> TIA
>> Twayne

Aha, a new word to add to my lexicons<g>.  And I thought it was going to 
be some tricky nefarious
pingie thingie.  OH well; thanks for the comeback!

Twayne 


From connyank at cox.net  Fri Aug 29 21:23:39 2008
From: connyank at cox.net (jg)
Date: Fri Aug 29 21:25:03 2008
Subject: [Scspamcop] Re: Any hint about "pingeries"?
In-Reply-To: <g99sfp$q93$1@news.spamcop.net>
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net>
Message-ID: <g9a7er$nna$1@news.spamcop.net>

On 08/29/2008 03:16 PM Mike Easter scribbled:

useless mental masturbation.

ob quirk
From newspost at deletethispart.hypercreations.com  Sat Aug 30 09:22:34 2008
From: newspost at deletethispart.hypercreations.com (D. T.)
Date: Sat Aug 30 09:25:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
Message-ID: <Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>

"Mike Easter" <MikeE@ster.invalid> wrote in
news:g9970r$vfc$1@news.spamcop.net: 

> My point is that the recipient's mail provider, filterer, and
> parsing-reporting system is spamcop.  

There's not just one SpamCop...there are two. The parsing/reporting
system is entirely separate, different and distinct from the mail
provider, and they're even separated by thousands of miles. 

> 2 lines which belong in the header
> were put in/ written into/ stamped in/ 'the wrong place' by the 
> spamcop filtering system.

Or maybe not, which is *my* point. I contend that it's quite possible
that something is happening at the user's end, *after* the receipt of
the mail, but *before* he submits for parsing/reporting. This would be
possible if he were doing the submissions manually, by pasting the raw
email source into the web-based reporting form. 

>>> ... and 2 of those Xlines are inserted into the body of the spam
>>> surely by the spamcop mailhandling.
>>
>> No, I don't think so.
> 
> You don't think 'so' what?  You don't think the lines were put into
> the spambody by the process that stamped all of the spamcop xlines? 
> How do you think they got in there?

I guess I wasn't quite as clear as I thought I was being. Of course the
"Xlines" come from the SpamCop Email System, but as for their
misplacement into the body, I content that's happening through something
going on at the user's PC, which points either to a problem with their
mail client, or even incompetence in handling the raw source. 

>> We're wasting our time, as are those in the forums, because there are
>> questions that have been asked of the OP and he's nowhere to be
>> found. Time to move on, I think.
> 
> We may not be fixing anything, but we are discussing it.

Sure, but as they say "life is too short" and my ToDo list is too long,
Mike. This really is a waste of time. 

Bye now,
DT
From MikeE at ster.invalid  Sat Aug 30 10:21:29 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug 30 10:25:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
	<Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>
Message-ID: <g9bl14$6c7$1@news.spamcop.net>

D. T. wrote:
> "Mike Easter"

>> My point is that the recipient's mail provider, filterer, and
>> parsing-reporting system is spamcop.
>
> There's not just one SpamCop...there are two. The parsing/reporting
> system is entirely separate, different and distinct from the mail
> provider, and they're even separated by thousands of miles.

Disclaimer:  I am not a spamcop mail user.

There are two different ways a spamcop mailuser can have their spam
parsed.  The identified and held spam can be submitted directly to the
parsing system from that held mail condition almost untouched by the
mailuser -- certainly untouched by any mailuser agent of the 'client'.

Alternatively, the spamcop mailuser can pop their mail from their 'inbox'
which inbox is *not* held mail and can find missed spam in the popped mail
and then submit that missed spam via email or via pasting into the
webparser.

The two different items which I/we are talking about in this thread
http://www.spamcop.net/sc?id=z2194841426z0a58fcf35dd9baf0bb969b2bd100746cz
and
http://www.spamcop.net/sc?id=z2187243858z59854ce4abc84558676a8b55309b08ddz

... each/both show a similar line as to their recognition by the spamcop
filtering system

X-SpamCop-Disposition: Blocked SpamAssassin

... meaning that the mail was received by the spamcop system, identified
as spam by the spamcop filtering mechanism, and I presume 'transferred'
into the spamcop parsing system directly from held mail without being
touched by any mailuser agent or the 'hands' of the recipient.


>> 2 lines which belong in the header
>> were put in/ written into/ stamped in/ 'the wrong place' by the
>> spamcop filtering system.
>
> Or maybe not, which is *my* point. I contend that it's quite possible
> that something is happening at the user's end, *after* the receipt of
> the mail, but *before* he submits for parsing/reporting. This would be
> possible if he were doing the submissions manually, by pasting the raw
> email source into the web-based reporting form.

Then you would need to be making a description of how that would/might
happen in contradistinction to what I'm saying above.

>>>> ... and 2 of those Xlines are inserted into the body of the spam
>>>> surely by the spamcop mailhandling.
>>>
>>> No, I don't think so.
>>
>> You don't think 'so' what?  You don't think the lines were put into
>> the spambody by the process that stamped all of the spamcop xlines?
>> How do you think they got in there?
>
> I guess I wasn't quite as clear as I thought I was being. Of course the
> "Xlines" come from the SpamCop Email System, but as for their
> misplacement into the body, I content that's happening through something
> going on at the user's PC, which points either to a problem with their
> mail client, or even incompetence in handling the raw source.

That wouldn't fit with my conjecture as described above.

>>> We're wasting our time, as are those in the forums, because there are
>>> questions that have been asked of the OP and he's nowhere to be
>>> found. Time to move on, I think.
>>
>> We may not be fixing anything, but we are discussing it.
>
> Sure, but as they say "life is too short" and my ToDo list is too long,
> Mike. This really is a waste of time.
>
> Bye now,

This is a strange discussion in which you keep saying 'time to move on'
and 'bye now' as if to imply the conversation is over and I should stop
discussing it with you, but you keep talking and presenting an 'opposing'
point of view.  You can either quite saying bye now or you can quit typing
or you can do whatever else you wish, such as continuing to support your
point of view.




--
Mike Easter
kibitzer, not SC admin

From newspost at deletethispart.hypercreations.com  Sat Aug 30 12:25:24 2008
From: newspost at deletethispart.hypercreations.com (D. T.)
Date: Sat Aug 30 12:30:04 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
	<Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>
	<g9bl14$6c7$1@news.spamcop.net>
Message-ID: <Xns9B0A5FDB4CA2Cnewsaddresshypercrea@216.154.195.61>

Darn....I had indeed "left the building," but then you keep going....and 
with faulty logic, so maybe I can put this to bed with the following:

"Mike Easter" <MikeE@ster.invalid> wrote in
news:g9bl14$6c7$1@news.spamcop.net: 

> Disclaimer:  I am not a spamcop mail user.

...and I *am* so I have just a little bit more insight into this 
particular situation, in that I've been interacting with the SpamCop 
email system for years and have thousands and thousands of exemplar 
emails.

> There are two different ways a spamcop mailuser can have their spam
> parsed.  

Bzzzztt...wrong. Sorry...there are more than two. This just isn't fun 
any more. I can think of three or four, but this really is a waste of my 
time. They're probably all described in the FAQs at the forum site, so I 
refer people there to become properly informed.

> ... each/both show a similar line as to their recognition by the
> spamcop filtering system
> 
> X-SpamCop-Disposition: Blocked SpamAssassin
> 
> ... meaning that the mail was received by the spamcop system,

Yes, that statement is correct.

> identified as spam by the spamcop filtering mechanism, and I presume
> 'transferred' into the spamcop parsing system directly from held mail
> without being touched by any mailuser agent or the 'hands' of the
> recipient. 

Whoa there....presumed fact is NOT in evidence yet. The user could very 
easily have interfered with the process. I don't think we have proof 
that it was a direct, and unmolested handoff from the CES system to the 
parsing/reporting system. So this is where your theory starts leaking.

>> Or maybe not, which is *my* point. I contend that it's quite possible
>> that something is happening at the user's end, *after* the receipt of
>> the mail, but *before* he submits for parsing/reporting. This would
>> be possible if he were doing the submissions manually, by pasting the
>> raw email source into the web-based reporting form.
> 
> Then you would need to be making a description of how that would/might
> happen in contradistinction to what I'm saying above.

No...the OP really needs to come back and obviate the need for pointless 
speculation. But this time (and I promise), I really "outta here." This 
isn't my normal venue and I really do have way too much to do. Maybe 
Wazoo will drop by and finish this off....maybe not....whatever.

DT
From nobody at spamcop.net  Sat Aug 30 12:58:12 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Sat Aug 30 13:00:02 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
In-Reply-To: <Xns9B0A5FDB4CA2Cnewsaddresshypercrea@216.154.195.61>
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
	<Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>
	<g9bl14$6c7$1@news.spamcop.net>
	<Xns9B0A5FDB4CA2Cnewsaddresshypercrea@216.154.195.61>
Message-ID: <g9bu78$goq$1@news.spamcop.net>

There is also no evidence to suggest that the OP modified the spams other 
than during his testing.

I too am a long time spamcop email account user and while very rare in my 
experience, I have had messages that showed similar issues (headers merged 
onto a single line) while only being handled by the spamcop systems (direct 
from webmail to the reporting system).  I usually assumed the data stream 
from the spammers system was malformed as the headers I have seen with 
issues would always be data that would have been passed through, but it is 
also possible the spamcop system is corrupting it.


From MikeE at ster.invalid  Sat Aug 30 14:19:34 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug 30 14:20:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
	<Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>
	<g9bl14$6c7$1@news.spamcop.net>
	<Xns9B0A5FDB4CA2Cnewsaddresshypercrea@216.154.195.61>
	<g9bu78$goq$1@news.spamcop.net>
Message-ID: <g9c2vh$8a5$1@news.spamcop.net>

Steven Underwood wrote:

> I too am a long time spamcop email account user and while very rare in
> my experience, I have had messages that showed similar issues (headers
> merged onto a single line) while only being handled by the spamcop
> systems (direct from webmail to the reporting system).

It looks/seems to me like that is what happened here.

>  I usually
> assumed the data stream from the spammers system was malformed as the
> headers I have seen with issues would always be data that would have
> been passed through, but it is also possible the spamcop system is
> corrupting it.

I'm thinking that there is something 'funky' in the spams' original
construction/s, as mentioned in a much earlier post in this thread, and
something about that construction funkiness is 'triggering' the spamcop
processing corruption, which much exaggerates the result.

Funky + SCmailfilter = REALfunky => parse problem

I wonder if I can rat around a little bit and try to find such an item of
some kind of similarity which has not been processed by the spamcop
filter-parser apparatus.



--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Sat Aug 30 16:57:26 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Aug 30 17:00:04 2008
Subject: [Scspamcop] Q about reporting address
Message-ID: <g9cc7g$j06$1@news.spamcop.net>

Hi,

Haven't noticed this before but just saw this in a parse:
"Reporting addresses:
spamcop@servepath.com "

Is there any significance to them using such an address?  Or are they 
simply keeping track of where complaints come from?



TIA,



Twayne


From MikeE at ster.invalid  Sat Aug 30 17:13:43 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Aug 30 17:15:03 2008
Subject: [Scspamcop] Re: Q about reporting address
References: <g9cc7g$j06$1@news.spamcop.net>
Message-ID: <g9cd62$l52$1@news.spamcop.net>

Twayne wrote:

> Haven't noticed this before but just saw this in a parse:
> "Reporting addresses:
> spamcop@servepath.com "
>
> Is there any significance to them using such an address?  Or are they
> simply keeping track of where complaints come from?

It seems perfectly logical to me for a provider to want to have its
spamcop notifies be directed to a specific address.

One provider might want to give such notifies extra attention while
another might want to devnull them and not let the numerous SC
'complaints' get into its goodmail - harkening back to my issue about
spamcop notifies not only being unsolicited but also potentially falling
into the unwanted category -- the management of which unsolicited and
unwanted mail requires going to the SC website and jumping thru' some
hoops to try to effect some kind of change in the problem of numerous SC
notifies.

SC also uses a challenge system in its communication hoops (sentient
people test) for providers who would try to communicate.


--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Sat Aug 30 18:33:40 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Aug 30 18:35:03 2008
Subject: [Scspamcop] OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
Message-ID: <g9chru$9nq$1@news.spamcop.net>

> On 08/29/2008 03:16 PM Mike Easter scribbled:
>
> useless mental masturbation.
>
> ob quirk

You got a problem?  Or just trying to get your inflated ego noticed?

Twayne 


From nobody at devnull.spamcop.net  Sat Aug 30 18:45:44 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Aug 30 18:50:04 2008
Subject: [Scspamcop] Re: Q about reporting address
References: <g9cc7g$j06$1@news.spamcop.net> <g9cd62$l52$1@news.spamcop.net>
Message-ID: <g9ciii$bf3$1@news.spamcop.net>

> Twayne wrote:
>
>> Haven't noticed this before but just saw this in a parse:
>> "Reporting addresses:
>> spamcop@servepath.com "
>>
>> Is there any significance to them using such an address?  Or are they
>> simply keeping track of where complaints come from?
>
> It seems perfectly logical to me for a provider to want to have its
> spamcop notifies be directed to a specific address.

Same here; but I haven't noticed it before so was curious whether there 
might be more to it, that's all.

>
> One provider might want to give such notifies extra attention while
> another might want to devnull them and not let the numerous SC
> 'complaints' get into its goodmail - harkening back to my issue about
> spamcop notifies not only being unsolicited but also potentially
> falling into the unwanted category -- the management of which
> unsolicited and unwanted mail requires going to the SC website and
> jumping thru' some hoops to try to effect some kind of change in the
> problem of numerous SC notifies.

OK, no problem.  And I happen to agree, but ... no big deal.
>
> SC also uses a challenge system in its communication hoops (sentient
> people test) for providers who would try to communicate.

No idea what that's about. It's more or less an unfortunate necessity 
for something like that.

Cheers,

Twayne



From user at domain.invalid  Sat Aug 30 21:30:30 2008
From: user at domain.invalid (Farelf)
Date: Sat Aug 30 21:35:03 2008
Subject: [Scspamcop] Re: Q about reporting address
In-Reply-To: <g9ciii$bf3$1@news.spamcop.net>
References: <g9cc7g$j06$1@news.spamcop.net> <g9cd62$l52$1@news.spamcop.net>
	<g9ciii$bf3$1@news.spamcop.net>
Message-ID: <g9cs7k$a7f$1@news.spamcop.net>

Twayne wrote:
>>Twayne wrote:
>>
>>
>>>Haven't noticed this before but just saw this in a parse:
>>>"Reporting addresses:
>>>spamcop@servepath.com "
>>>
>>>Is there any significance to them using such an address?  Or are they
>>>simply keeping track of where complaints come from?
>>
>>It seems perfectly logical to me for a provider to want to have its
>>spamcop notifies be directed to a specific address.
> 
> 
> Same here; but I haven't noticed it before so was curious whether there 
> might be more to it, that's all.
> 

Some more, courtesy of the Robtex "other domains beginning with ...":

spamcop.aarauinvest.ch
spamcop.accessus.net
spamcop.armar-chemicals.com
spamcop.bcsnet.co.za
spamcop.bl.xs4all.nl
spamcop.bluebox.co.za
spamcop.bora.net
spamcop.broadnet-mediascape.de
spamcop.broadnet.de
spamcop.bwave.com
spamcop.caret.net
spamcop.chatham.edu
spamcop.com
spamcop.com.br
spamcop.euroweb.cz
spamcop.greenofficesupplies.com
spamcop.i12.de
spamcop.integrity.hu
spamcop.ion.co.za
spamcop.iquest.net
spamcop.lcd-lasercut.com
spamcop.lcsd2.org
spamcop.levira.ee
spamcop.load.com
spamcop.main.ch
spamcop.mathys.ch
spamcop.mc-mc.com
spamcop.neobee.net
spamcop.net
spamcop.net-bl.sh
spamcop.net2fbl.shtml3f200.136.83.228235.7.12929
spamcop.netbl.sh
spamcop.opel-fanclub-oase.ch
spamcop.pamo.ch
spamcop.powweb.com
spamcop.prismnet.com
spamcop.reefsolutions.com
spamcop.se
spamcop.sentechsa.net
spamcop.sify.net
spamcop.static.dimenoc.com
spamcop.statron.com
spamcop.stormer.net
spamcop.su-matic.com
spamcop.suhner.ch
spamcop.suhner.com
spamcop.suhnerusa.com
spamcop.surfnet.nl
spamcop.uniconstruct.com
spamcop.unipress-ag.com
spamcop.velocitus.net

From user at domain.invalid  Sat Aug 30 21:54:12 2008
From: user at domain.invalid (Farelf)
Date: Sat Aug 30 21:55:02 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <g9c2vh$8a5$1@news.spamcop.net>
References: <g95847$2n1$1@news.spamcop.net>
	<Xns9B085BC0129BDnewsaddresshypercrea@216.154.195.61>
	<g96plt$si5$1@news.spamcop.net>
	<Xns9B08CF39FBC9Dnewsaddresshypercrea@216.154.195.61>
	<g9970r$vfc$1@news.spamcop.net>
	<Xns9B0A40DC33763newsaddresshypercrea@216.154.195.61>
	<g9bl14$6c7$1@news.spamcop.net>
	<Xns9B0A5FDB4CA2Cnewsaddresshypercrea@216.154.195.61>
	<g9bu78$goq$1@news.spamcop.net> <g9c2vh$8a5$1@news.spamcop.net>
Message-ID: <g9ctk2$dql$1@news.spamcop.net>

Mike Easter wrote:

> Steven Underwood wrote:
> 
> 
>>I too am a long time spamcop email account user and while very rare in
>>my experience, I have had messages that showed similar issues (headers
>>merged onto a single line) while only being handled by the spamcop
>>systems (direct from webmail to the reporting system).
> 
> 
> It looks/seems to me like that is what happened here.
> 
> 
>> I usually
>>assumed the data stream from the spammers system was malformed as the
>>headers I have seen with issues would always be data that would have
>>been passed through, but it is also possible the spamcop system is
>>corrupting it.
> 
> 
> I'm thinking that there is something 'funky' in the spams' original
> construction/s, as mentioned in a much earlier post in this thread, and
> something about that construction funkiness is 'triggering' the spamcop
> processing corruption, which much exaggerates the result.
> 
> Funky + SCmailfilter = REALfunky => parse problem
> 
> I wonder if I can rat around a little bit and try to find such an item of
> some kind of similarity which has not been processed by the spamcop
> filter-parser apparatus.
> 
> 
> 
> --
> Mike Easter
> kibitzer, not SC admin
> 

The spam is not uncommon - Googling the subject 
"=?windows-1251?B?U29sdXRpb24gZm9yIHlvdXIgc2V4dWFsIGxpZmU=?=" I found 
several other instances outside of SC, including the 'raw' text in its 
entirety.  I saw some slight inconsistencies between the declaration of 
the mime boundaries and their expression in the 'body'.  I don't know 
enough to know if that would cause problems of the exact kind reported 
by the OP.  That declaration-expression thing seems fragile and a little 
unpredictable 'in the hands of the parser' using the paste-in method. 
Never-the-less, I formed the opinion that the OP had modified the data 
in the first example he presented.  That is probably a worthless 
assumption because I have no way to replicate the results.

The discussion is probably hampered by the lack of participation by the 
OP (the only possible source of 'his' real, original, untouched text) 
but it has certain points of 'academic' interest.

FWIW
From gezgin at spamcop.net  Sun Aug 31 02:20:52 2008
From: gezgin at spamcop.net (Opinicus)
Date: Sun Aug 31 02:25:03 2008
Subject: [Scspamcop] "delete some to see more of the 0 remaining"
Message-ID: <g9dd86$p8a$1@news.spamcop.net>

When you have exactly held 100 emails, mailsc.spamcop.net says:

<quote>
(Displaying 100 emails, delete some to see more of the 0 remaining)
</quote>

I don't think I ever noticed that before...

-- 
Bob
http://www.kanyak.com 


From nobody at nowhere.not  Sun Aug 31 02:39:24 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug 31 02:40:02 2008
Subject: [Scspamcop] colocentral.com
Message-ID: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>

Is colocentral.com a black hat?  I have been receiving spam that would
report to them except it seems they have said they do not want spam 
reports.  Some of the spam looks like it is straight up spam.  For me 
it started the first part of August and has been getting worse as time
goes on.


-- 
Robert Blair
From connyank at cox.net  Sun Aug 31 11:41:29 2008
From: connyank at cox.net (jg)
Date: Sun Aug 31 11:45:04 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
In-Reply-To: <g9chru$9nq$1@news.spamcop.net>
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net>
Message-ID: <g9ee39$3ap$1@news.spamcop.net>

On 08/30/2008 03:33 PM Twayne scribbled:

>> On 08/29/2008 03:16 PM Mike Easter scribbled:
>><snip>

>> "...useless mental masturbation."

>><snip>

>> ob quirk
> 
> You got a problem?  Or just trying to get your inflated ego noticed?
> 
> Twayne 
> 
> 
er, no - I should have noted snippage and put above in quotes, as
corrected above.  I found Mike's word usage amusing.

HAND
From nobody at nowhere.not  Sun Aug 31 12:46:38 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug 31 12:50:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>

On Sun, 31 Aug 2008 15:18:41 UTC, SpamCop Admin 
<nobody@devnull.spamcop.net> wrote:

> Robert Blair wrote:
> >-report to them except it seems they have said they do not want spam 
> >-reports.
> 
> What abuse address are you talking about?
> 
> I'll look into why we're not sending reports.

This is from a quick-reporting response

"
   Tracking message source:69.42.174.238:   Cached whois for 
69.42.174.238 : spam@colocentral.com
   Using abuse net on spam@colocentral.com
   abuse net colocentral.com = postmaster@colocentral.com, 
spam@colocentral.com
   Using best contacts postmaster@colocentral.com spam@colocentral.com
   Reports disabled for postmaster@colocentral.com
   warning:Using postmaster#colocentral.com@devnull.spamcop.net for 
statistical tracking.   Reports disabled for spam@colocentral.com
   warning:Using spam#colocentral.com@devnull.spamcop.net for 
statistical tracking.
"


-- 
Robert Blair
From skiwi at spamcop.net  Sun Aug 31 12:52:44 2008
From: skiwi at spamcop.net (Skiwi)
Date: Sun Aug 31 12:55:02 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9ei97$m5s$1@news.spamcop.net>

Robert Blair wrote:
> On Fri, 29 Aug 2008 05:41:46 UTC, Skiwi <skiwi@spamcop.net> wrote:
> 
>> Anyway... I have been 'full' reporting all of my spam this evening 
>> rather than 'Quick' reporting so that I can get a tracking URL that is 
>> not specific to my logon - I believe this is one of what you need:
> 
> The last line for each quick-report response is a tracking URL that 
> can be used by anyone.
> 
> 

Robert - thank you for your reply...

This URL was an attempt to do full reporting - the spam does not parse 
and the 'system' says that the header can not be found. So no reporting 
is done.

In reply to other texts, this is how the spam arrives at my 
"spamcop.net" In Box - no changes are made as part of the reporting 
process. SpamCop catches these spams, I go to mailsc.spamcop.net, Held 
Mail, and IF I decide that day to do full reporting this is what I see 
for these spams (I full report (sic) every few days a number of emails 
to try and ensure that the mailhosts are still "set right", etc.)

Otherwise I Quick Report from Web Mail - and would not see these emails 
not being parsed of course (and to be frank, I only cursorily scan the 
Quick Report emails that the SpamCop sends me.)

To reiterate, clicking the link I provided above (
http://www.spamcop.net/sc?id=z2196747351z6ba68eb26809c77d606d0bd53e487873z;action=display
) shows the spam EXACTLY how the email is presented to me by the SpamCop 
  system - no cutting and pasting as no need of course. Presumably this 
is an email sent to my InBox that SpamCop (validly) intercepts and 
sticks in my Held Mail for me to process using the provided tools. This 
is all "teaching my grandmother how to suck eggs" to you all, but I just 
wanted to confirm that I have no reason to work outside the tools provided.

The only time I have adjusted the spam is to see how it *might* parse if 
some of the 'extra' blanks lines between the header and the body are 
removed... Doing so APPEARS to allow the header to parse... much some 
have mentioned (and I respect) this should NOT make a difference, it 
does - you might like to drop this spam in the parser yourself to 
confirm this?   :-)

Cheers:
GREG...
From nobody at devnull.spamcop.net  Sun Aug 31 12:55:33 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Aug 31 13:00:03 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net> <g9ee39$3ap$1@news.spamcop.net>
Message-ID: <g9eidt$mi4$1@news.spamcop.net>

> On 08/30/2008 03:33 PM Twayne scribbled:
>
>>> On 08/29/2008 03:16 PM Mike Easter scribbled:
>>> <snip>
>
>>> "...useless mental masturbation."
>
>>> <snip>
>
>>> ob quirk
>>
>> You got a problem?  Or just trying to get your inflated ego noticed?
>>
>> Twayne
>>
>>
> er, no - I should have noted snippage and put above in quotes, as
> corrected above.  I found Mike's word usage amusing.
>
> HAND

Ah, Mike's an interesting guy<g>.  You sure can't say he isn't thorough! 
I've even caught myself picking up some of his words:  verbosity, 
goodmail, badmail, is/are, etc..  It sneaks in unnoticed somehow.

Regards,

Twayne


From nobody at devnull.spamcop.net  Sun Aug 31 12:58:07 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Aug 31 13:00:04 2008
Subject: [Scspamcop] Re: Q about reporting address
References: <g9cc7g$j06$1@news.spamcop.net> <g9cd62$l52$1@news.spamcop.net>
	<8vclb41b3ikgn9kbid3jl630o65dk5i0i2@4ax.com>
Message-ID: <g9eiin$mvb$1@news.spamcop.net>

>> -SC also uses a challenge system in its communication hoops (sentient
>> -people test) for providers who would try to communicate.
>
> That's a defense against autoresponders, which are mostly filtered out
> so the user doesn't see them.
>
> When someone replies to a SpamCop report, we let that email go
> through, and flag the address as an autoresponder, and then we send a
> challenge to see if it is a person writing to the user or an
> autoresponder.
>
> The idea being that an autoresponder won't answer the challenge, where
> a person might.
>
> The users can decide for themselves if they want all responses, or
> just the ones from actual people.
>
> - Don D'Minion - SpamCop Admin -

Makes sense to me. 


From MikeE at ster.invalid  Sun Aug 31 13:23:39 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Aug 31 13:25:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net>
Message-ID: <g9ek2l$rcc$1@news.spamcop.net>

Skiwi wrote:

> In reply to other texts, this is how the spam arrives at my
> "spamcop.net" In Box - no changes are made as part of the reporting
> process. SpamCop catches these spams, I go to mailsc.spamcop.net, Held
> Mail, and IF I decide that day to do full reporting this is what I see
> for these spams (I full report (sic) every few days a number of emails
> to try and ensure that the mailhosts are still "set right", etc.)

Thanks for that explanation.

> Otherwise I Quick Report from Web Mail - and would not see these emails
> not being parsed of course (and to be frank, I only cursorily scan the
> Quick Report emails that the SpamCop sends me.)

When I QuickReport by email from my mailuser agent, I get a report of my
QR, snippages below.

From: SpamCop <spamcop@devnull.spamcop.net>
Subject: [SpamCop] Quick reporting data

... containing the line

Here are the results of your submission:


> id=z2196747351z6ba68eb26809c77d606d0bd53e487873z

>  shows the spam EXACTLY how the email is presented to me by the SpamCop
>   system - no cutting and pasting as no need of course. Presumably this
> is an email sent to my InBox that SpamCop (validly) intercepts and
> sticks in my Held Mail for me to process using the provided tools. This
> is all "teaching my grandmother how to suck eggs" to you all, but I just
> wanted to confirm that I have no reason to work outside the tools
> provided.

If I copy that item, introduce some missing empty lines, and move the 2
displaced spamcop filter's xlines back into the header where they belong,
I get this satisfactory experimental parse:

http://www.spamcop.net/sc?id=z2204381662z81caadb0d75e37d09d6e17ab43540c0az
this email is too old
If reported today, reports would be sent to:
  Re: 210.101.195.35 (Administrator of IP block - statistics only)
cglee@primeit.com
  Re: http://independencehelp.com/ (Administrator of network hosting
website referenced in spam)
abuse@comhem.com

<too old relieves the need to cancel.>

> - you might like to drop this spam in the parser yourself to
> confirm this?   :-)

I'm still accepting the veracity of your description and I'm still saying
the original spam is slightly flawed and something about its flaw results
in the spamcop filter mishandling the header/body relationship which
aggravates the original flaw into a worse one.  The combination of the
original flaw and its aggravation by the headerline placement of the
filtering header stamping process results in a suboptimal parse.

I'm still accepting that your handling is not what is mangling the
placement of the filter's xlines into the spambody.


--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Sun Aug 31 14:00:16 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Aug 31 14:05:04 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net> <g9ee39$3ap$1@news.spamcop.net>
	<g9eidt$mi4$1@news.spamcop.net>
Message-ID: <g9em79$3lj$1@news.spamcop.net>

Twayne:
> <jg cite>
>>> <jg cite>
>>>> Mike Easter

>>>> "...useless mental masturbation."

>>>> ob quirk

>>  found Mike's word usage amusing.

> I've even caught myself picking up some of his words:  verbosity,
> goodmail, badmail, is/are, etc..  It sneaks in unnoticed somehow.

heh;  I am prone to some neologistics <oops there's another one, where
neologistics is (now) the coining of neologisms>

For those who are unfamiliar with the usage 'ob quirk', it is a neologism
for 'Objection!  Quirk.' or 'Quirk Objection' which is a usenetism for a
popular post of Captain Gym Z. Quirk and those who would emulate hir.  The
usage and background is described in the wiki nanae article and other
places http://en.wikipedia.org/wiki/News.admin.net-abuse.email  Quirk
Objection

I would interpret ob quirk as meaning/ transliterating into/ - either -
'assumes facts not in evidence' or such as 'you are singular in your
objection - please discontinue speaking for others'

--
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Sun Aug 31 15:31:16 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Sun Aug 31 15:35:03 2008
Subject: [Scspamcop] Re: colocentral.com
In-Reply-To: <69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
Message-ID: <g9eri4$mc3$1@news.spamcop.net>

"SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
news:69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com...
> Reports sent to those addresses go to the trash, but they count
> against the IP for blocking purposes.  It doesn't matter where the
> report goes, it's the act of sending it that feeds our database.
>
> - Don D'Minion - SpamCop Admin -

Is it fair to say that if someone submitted a spam and unchecked everything 
but then added their own address to the 3rd party reports that this report 
would feed the database?  This question came up recently in the forums, 
someone did this rather than cancelling a questionable report. 

From Ag2000CO at Starband.net  Sun Aug 31 16:49:14 2008
From: Ag2000CO at Starband.net (LKing)
Date: Sun Aug 31 16:50:02 2008
Subject: [Scspamcop] Re: colocentral.com
In-Reply-To: <g9eri4$mc3$1@news.spamcop.net>
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<g9eri4$mc3$1@news.spamcop.net>
Message-ID: <g9f04b$98j$1@news.spamcop.net>

Steven Underwood wrote, On 8/31/2008 3:31 PM:
> "SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
> news:69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com...
>> Reports sent to those addresses go to the trash, but they count
>> against the IP for blocking purposes.  It doesn't matter where the
>> report goes, it's the act of sending it that feeds our database.
>>
>> - Don D'Minion - SpamCop Admin -
> 
> Is it fair to say that if someone submitted a spam and unchecked 
> everything but then added their own address to the 3rd party reports 
> that this report would feed the database?  This question came up 
> recently in the forums, someone did this rather than cancelling a 
> questionable report.

Steven, I hadn't though about that kind of "leakage."  I had assumed (I 
know, I know) that a <Cancel> would delete everything from the db as 
<Clear Form> would making the reference URL a broken link.
From nobody at nowhere.not  Sun Aug 31 17:17:51 2008
From: nobody at nowhere.not (Robert Blair)
Date: Sun Aug 31 17:20:02 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-eouQHwoINOUs@dsl-206-55-144-107.tstonramp.com>

On Sun, 31 Aug 2008 18:09:20 UTC, SpamCop Admin 
<nobody@devnull.spamcop.net> wrote:

> >-   Tracking message source:69.42.174.238:   Cached whois for 
> >-   69.42.174.238 : spam@colocentral.com
> >-   postmaster@colocentral.com,
>  
> We disabled reports to them because they appear to be a spam-friendly
> hosting service.  We don't want our reports going to the spammer.

Thanks for the information.

The reason for my original question was because I was thinking of 
sending manual LARTS.  I will ignore colocentral as a black hat.


-- 
Robert Blair