From MikeE at ster.invalid  Wed Oct  1 01:29:49 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  1 01:30:04 2008
Subject: [Scspamcop] Re: Is the spammer trying for the most reports in one
	spam or something?
References: <gbu8hu$9mh$1@news.spamcop.net> <gbu9m9$fqh$1@news.spamcop.net>
	<gbubb6$le9$1@news.spamcop.net>
Message-ID: <gbv1sc$rmb$1@news.spamcop.net>

Geoffrey Hyde wrote:

> I really don't care how many notifies do or don't get sent as long as
> the spam when reported qualifies and generates the appropriate entry
> for the SpamCop blocklist/listing for the source IP.

In the current configuration, the most 'economical' (in terms of least
time/work for the reporter and least notifies being sent) way to report
and count toward the SCbl is Quick Reporting which notifies SC's best
stab/attempt at trying to notify the source provider only.



-- 
Mike Easter
kibitzer, not SC admin

From vr at nospam.myrealbox.com  Wed Oct  1 08:10:04 2008
From: vr at nospam.myrealbox.com (Vadim Rapp)
Date: Wed Oct  1 08:15:03 2008
Subject: [Scspamcop] SpamCop could not find your spam message in this email
Message-ID: <gbvpas$7u0$1@news.spamcop.net>

recently, there were several cases when "SpamCop could not find your spam 
message in this email:", although the email was submitted the same way as 
always, by sending spam email as attachment. One such response is attached. 


begin 666 [SpamCop] Errors encountered.eml
M4F5C96EV960Z(&9R;VT@<'-I<W!S+G!O;'ES8VEE;F-E+F-O;2 H6S$P+C0Y
M+C(T,BXQ-%TI(&)Y('!S:7-M+FEN=&5R+G!O;'ES8VEE;F-E+F-O;2!O=F5R
M(%1,4R!S96-U<F5D(&-H86YN96P@=VET:"!-:6-R;W-O9G0@4TU44%-60R@U
M+C N,C$Y-2XV-S$S*3L-"@D@5V5D+" Q($]C=" R,# X(# P.C(T.C(U("TP
M-3 P#0I296-E:79E9#H@9G)O;2!S8RUS;71P,BUB=6QK;7@N<V]M82YI<F]N
M<&]R="YC;VT@6S(P-"XQ-2XX,BXQ,C5=#0H)8GD@<'-I<W!S+G!O;'ES8VEE
M;F-E+F-O;0T*"7=I=&@@6%=A;&P@=C,N-#-A(#L-"@E7960L(#$@3V-T(#(P
M,#@@,# Z,C0Z,34@+3 U,# -"D1O;6%I;DME>2U3:6=N871U<F4Z(',]9&5V
M;G5L;#L@9#US<&%M8V]P+FYE=#L@8SUN;V9W<SL@<3UD;G,[#0H@(&@]4F5C
M96EV960Z1G)O;3I4;SI3=6)J96-T.D1A=&4Z365S<V%G92U)1#I#;VYT96YT
M+71Y<&4Z#0H@("!);BU297!L>2U4;SI2969E<F5N8V5S.PT*("!B/7%Q0T=)
M1'=7=T90,&9%.%1Y861A12\K339W:4I1>#5-9S)->#9U67-A>F%#6'1,9TYR
M+W%P<&)A#0H@("!18S!38W)7=6]/;D9'-V]40BM:154W=&M),$,V-7 K23-G
M-F59.&9*94\X4FU*4$Y5;#)M3G$T5B\-"B @($]V=B\U075';$1#,%)R,3L-
M"E)E8V5I=F5D.B!F<F]M('-C+6%P<#DN<W!A;6-O<"YN970@*%LR,#0N,34N
M.#(N.#A=*0T*("!B>2!S8RUS;71P+79I<"YS;VUA+FER;VYP;W)T+F-O;2!W
M:71H(%--5% [(#,P(%-E<" R,# X(#(R.C(T.C$R("TP-S P#0I&<F]M.B!3
M<&%M0V]P($%U=&]297-P;VYD97(@/'-P86UC;W! 9&5V;G5L;"YS<&%M8V]P
M+FYE=#X-"E1O.B!V<F%P<$!P;VQY<V-I96YC92YC;VT-"E-U8FIE8W0Z(%M3
M<&%M0V]P72!%<G)O<G,@96YC;W5N=&5R960-"D1A=&4Z(%=E9"P@,#$@3V-T
M(#(P,#@@,#4Z,C0Z,3(@1TU4#0I-97-S86=E+4E$.B \<W,T.&4S,#DW8V=D
M8SAE0&US9VED+G-P86UC;W N;F5T/@T*0V]N=&5N="UT>7!E.B!T97AT+W!L
M86EN#0I);BU297!L>2U4;SH@/#-$1#E%-D$U1C<P,C4T-#1"-D$X,D,Q0C9&
M,T1$,#@T,#(P-35%0'!S:7-M+FEN=&5R+G!O;'ES8VEE;F-E+F-O;3X-"E)E
M9F5R96YC97,Z(#PS1$0Y139!-48W,#(U-#0T0C9!.#)#,4(V1C-$1# X-# R
M,#4U14!P<VES;2YI;G1E<BYP;VQY<V-I96YC92YC;VT^#0I296-E:79E9"U3
M4$8Z('!A<W,@*&1O;6%I;B!O9B!S<&%M:60N,$!B;W5N8V5S+G-P86UC;W N
M;F5T(&1E<VEG;F%T97,@,C T+C$U+C@R+C$R-2!A<R!P97)M:71T960@<V5N
M9&5R*0T*6"U85V%L;"U%>&-L.B!A='0@#0I8+5A786QL+4AE=7)I<W1I8SH@
M-# -"E)E='5R;BU0871H.B!S<&%M:60N,$!B;W5N8V5S+G-P86UC;W N;F5T
M#0I8+4]R:6=I;F%L07)R:79A;%1I;64Z(# Q($]C=" R,# X(# U.C(T.C(U
M+C Q,#0@*%540RD@1DE,151)344]6T8W0S$V.3 P.C Q0SDR,S@U70T*#0I3
M<&%M0V]P(&5N8V]U;G1E<F5D(&5R<F]R<R!W:&EL92!S879I;F<@<W!A;2!F
M;W(@<')O8V5S<VEN9SH-"E-P86U#;W @8V]U;&0@;F]T(&9I;F0@>6]U<B!S
M<&%M(&UE<W-A9V4@:6X@=&AI<R!E;6%I;#H-"@T*4F5T=7)N+5!A=&@Z(#QV
M<F%P<$!P;VQY<V-I96YC92YC;VT^#0I296-E:79E9#H@9G)O;2!S8RUS;71P
M,BUB=6QK;7@N<V]M82YI<F]N<&]R="YC;VT@*'-C+7-M=' R+6)U;&MM>"YS
M;VUA+FER;VYP;W)T+F-O;2!;,C T+C$U+C@R+C$R-5TI#0H)8GD@<V,M87!P
M.2YS;VUA+FER;VYP;W)T+F-O;2 H4&]S=&9I>"D@=VET:"!%4TU44"!I9" Y
M-#!!1D$Y-#,-"@EF;W(@/'-U8FUI="YG24-Y:71L>DA";#EM-7=G0'-P86TN
M<W!A;6-O<"YN970^.R!4=64L(#,P(%-E<" R,# X(#(R.C(S.C$U("TP-S P
M("A01%0I#0I8+49O>GII92U/<FEG:6YA;"U4;SH@<W5B;6ET+F=)0WEI=&QZ
M2$)L.6TU=V= <W!A;2YS<&%M8V]P+FYE= T*4F5C96EV960Z(&9R;VT@=G!S
M:7-P<RYP;VQY<V-I96YC92YC;VT@*$A%3$\@<'-I<W!S+G!O;'ES8VEE;F-E
M+F-O;2D@*%LV,RXQ,SDN,30T+C$Y-UTI#0H@(&)Y('9M>#(N<W!A;6-O<"YN
M970@=VET:"!%4TU44#L@,S @4V5P(#(P,#@@,C(Z,C,Z,30@+3 W,# -"D-O
M;G1E;G0M8VQA<W,Z('5R;CIC;VYT96YT+6-L87-S97,Z;65S<V%G90T*34E-
M12U697)S:6]N.B Q+C -"D-O;G1E;G0M5'EP93H@;75L=&EP87)T+V%L=&5R
M;F%T:79E.PT*"6)O=6YD87)Y/2(M+2TM7SU?3F5X=%!A<G1?,# Q7S Q0SDR
M,S@U+D-#1C-$,CDX(@T*6"U-24U%3TQ%.B!0<F]D=6-E9"!">2!-:6-R;W-O
M9G0@17AC:&%N9V4@5C8N,"XV-C S+C -"E-U8FIE8W0Z($97.B!.965D(&$@
M0VAE8VMI;F<@06-C;W5N="!6(%)A<' _#0I$871E.B!7960L(#$@3V-T(#(P
M,#@@,# Z,C,Z,3,@+3 U,# -"DUE<W-A9V4M240Z(#PS1$0Y139!-48W,#(U
M-#0T0C9!.#)#,4(V1C-$1# X-# R,#4U14!P<VES;2YI;G1E<BYP;VQY<V-I
M96YC92YC;VT^#0I8+4U3+4AA<RU!='1A8V@Z( T*6"U-4RU43D5&+4-O<G)E
M;&%T;W(Z( T*5&AR96%D+51O<&EC.B!.965D(&$@0VAE8VMI;F<@06-C;W5N
M="!6(%)A<' _#0I4:')E860M26YD97@Z($%C:VIH8W)9>68X3G=K.&Y3<VU6
M=#-M>G5U4C189T%!04HP=PT*1G)O;3H@(E9A9&EM(%)A<' B(#QV<F%P<$!P
M;VQY<V-I96YC92YC;VT^#0I4;SH@/'-U8FUI="YG24-Y:71L>DA";#EM-7=G
M0'-P86TN<W!A;6-O<"YN970^#0I8+5A704Q,+4)#2U,Z(&%U=&\-"@T*5&AI
M<R!I<R!A(&UU;'1I+7!A<G0@;65S<V%G92!I;B!-24U%(&9O<FUA="X-"@T*
M+2TM+2TM7SU?3F5X=%!A<G1?,# Q7S Q0SDR,S@U+D-#1C-$,CDX#0I#;VYT
M96YT+51Y<&4Z('1E>'0O<&QA:6X[#0H)8VAA<G-E=#TB=7,M87-C:6DB#0I#
M;VYT96YT+51R86YS9F5R+45N8V]D:6YG.B!Q=6]T960M<')I;G1A8FQE#0H-
M"CTR, T*#0H@(%]?7U]?(#TR, T*#0I&<F]M.B!#:&5C:VEN9R!$97!O<VET
M#0I;;6%I;'1O.D-H96-K:6YG1&5P;W-I='-V0FUT3D!W;W)L9&-Y8F5R;VYL
M:6YE+F-O;5T],C -"E-E;G0Z($UO;F1A>2P@2F%N=6%R>2 Q."P@,C S." R
M,3HQ- T*5&\Z(%8@4F%P< T*4W5B:F5C=#H@3F5E9"!A($-H96-K:6YG($%C
M8V]U;G0@5B!287!P/PT*#0H-"E-E87)C:"!F;W(@82!N97<@0VAE8VMI;F<@
M06-C;W5N="!6(%)A<' -"CQH='1P.B\O86UA+G=O<FQD8WEB97)O;FQI;F4N
M8V]M+V-A<F0O/R9E/3-$=G)A<'! >6%H;V\N8V]M/B @)B!E;G1E<B ]#0IF
M;W(-"F$@8VAA;F-E('1O(&=E=" D,3 P,"!D97!O<VET960@:6YT;R!Y;W5R
M(&YE=R!A8V-O=6YT(3TR, T*(#QH='1P.B\O25!E62YW;W)L9&-Y8F5R;VYL
M:6YE+F-O;2]C87)D+S\F93TS1'9R87!P0'EA:&]O+F-O;3X@/3 Y#0H@/&AT
M=' Z+R]4:GA$+G=O<FQD8WEB97)O;FQI;F4N8V]M+V-A<F0O/R9E/3-$=G)A
M<'! >6%H;V\N8V]M/B ],#D-"@T*#0H-"@T*5&\@3W!T+4]U=#H-"E!R97-S
M($AE<F4-"CQH='1P.B\O14Q%:G51>D)P<W(N=V]R;&1C>6)E<F]N;&EN92YC
M;VTO=6YS=6(N<&AP/V4],T1V<F%P<$!Y86AO;RYC;VTF;3TS1#T-"CD-"C<R
M-3,T/CTR, T*#0I/<B!0;W-T86PM36%I;#H-"@T*250@4F5S;W5R8V4@4WES
M=&5M<PT*.2TS,34W($QA:V5S:&]R92!29"P@4W5I=&4@,C<T#0I+96QO=VYA
M($)##0I6,5<@,U,Y#0H-"@T*5&AA;FMS(&9O<B!B96EN9R!P87)T(&]F(&]U
M<B!C;VUM=6YI='DA/3(P#0H-"CPQ.S9W;&9U=4Y*9DPP,% W,&@[.3<R-3,T
M/@T*/&AT=' Z+R]W;W)L9&-Y8F5R;VYL:6YE+F-O;2]C;&EC:V]P96X_;7-G
M:60],T0Y-S(U,S0F96UA:6P],T0Y;6\R6EI91#(Y8CT-"F(W+@T*8DT^/3(P
M#0H-"BTM+2TM+5\]7TYE>'1087)T7S P,5\P,4,Y,C,X-2Y#0T8S1#(Y. T*
M0V]N=&5N="U4>7!E.B!T97AT+VAT;6P[#0H)8VAA<G-E=#TB=7,M87-C:6DB
M#0I#;VYT96YT+51R86YS9F5R+45N8V]D:6YG.B!Q=6]T960M<')I;G1A8FQE
M#0H-"CPA1$]#5%E012!(5$U,(%!50DQ)0R B+2\O5S-#+R]$5$0@2%1-3" T
M+C @5')A;G-I=&EO;F%L+R]%3B(^#0H\2%1-3#X\2$5!1#X-"CQ-151!(&AT
M=' M97%U:78],T1#;VYT96YT+51Y<&4@8V]N=&5N=#TS1")T97AT+VAT;6P[
M(#T-"F-H87)S970],T1U<RUA<V-I:2(^#0H\345402!C;VYT96YT/3-$(DU3
M2%1-3" V+C P+C(Y,# N,S$S,B(@;F%M93TS1$=%3D52051/4CX\+TA%040^
M#0H\0D]$62!B9T-O;&]R/3-$(V9F9F9F9B!L969T36%R9VEN/3-$,"!T;W!-
M87)G:6X],T0P(&UA<F=I;FAE:6=H=#TS1"(P(B ]#0IM87)G:6YW:61T:#TS
M1"(P(CX-"CQ$258^)FYB<W [/"]$258^/$)2/@T*/$1)5B!C;&%S<STS1$]U
M=&QO;VM-97-S86=E2&5A9&5R(&QA;F<],T1E;BUU<R!D:7(],T1L='(@86QI
M9VX],T1L969T/@T*/$A2('1A8DEN9&5X/3-$+3$^#0H\1D].5"!F86-E/3-$
M5&%H;VUA('-I>F4],T0R/CQ"/D9R;VTZ/"]"/B!#:&5C:VEN9R!$97!O<VET
M/3(P#0I;;6%I;'1O.D-H96-K:6YG1&5P;W-I='-V0FUT3D!W;W)L9&-Y8F5R
M;VYL:6YE+F-O;5T@/$)2/CQ"/E-E;G0Z/"]"/B ]#0I-;VYD87DL/3(P#0I*
M86YU87)Y(#$X+" R,#,X(#(Q.C$T/$)2/CQ"/E1O.CPO0CX@5B!287!P/$)2
M/CQ"/E-U8FIE8W0Z/"]"/B!.965D(&$@/0T*0VAE8VMI;F<],C -"D%C8V]U
M;G0@5B!287!P/SQ"4CX\+T9/3E0^/$)2/CPO1$E6/@T*/$1)5CX\+T1)5CX-
M"CQ404),12!C96QL4W!A8VEN9STS1# @8V5L;%!A9&1I;F<],T0P('=I9'1H
M/3-$-C X(&)O<F1E<CTS1# ^#0H@(#Q40D]$63X-"B @/%12/@T*(" @(#Q4
M1#X-"B @(" @(#Q#14Y415(^/$9/3E0@9F%C93TS1")!<FEA;"P@2&5L=F5T
M:6-A+"!S86YS+7-E<FEF(B!S:7IE/3-$,CX\03TR, T*(" @(" @/0T*:')E
M9CTS1")H='1P.B\O86UA+G=O<FQD8WEB97)O;FQI;F4N8V]M+V-A<F0O/R9A
M;7 [93TS1'9R87!P0'EA:&]O+F-O;2(^4ST-"F5A<F-H/3(P#0H@(" @("!F
M;W(@82!N97<@0VAE8VMI;F<@06-C;W5N="!6(%)A<' \+T$^("9A;7 [(&5N
M=&5R(&9O<B!A(&-H86YC92!T;R ]#0IG970],C -"B @(" @("0Q,# P(&1E
M<&]S:71E9"!I;G1O('EO=7(@;F5W(&%C8V]U;G0A/"]&3TY4/B \+T-%3E1%
M4CX\+U1$/CPO5%(^#0H@(#Q44CX-"B @(" \5$0^/$$],C -"B @(" @(#T-
M"FAR968],T0B:'1T<#HO+TE095DN=V]R;&1C>6)E<F]N;&EN92YC;VTO8V%R
M9"\_)F%M<#ME/3-$=G)A<'! >6%H;V\N8V]M(CX]#0H\24U'/3(P#0H@(" @
M("!S<F,],T0B:'1T<#HO+TI-82YW;W)L9&-Y8F5R;VYL:6YE+F-O;2]C87)D
M+S%A+F=I9B(@8F]R9&5R/3-$,#TR, T*(" @($Y/4T5.1#TS1"(Q(CX\+T$^
M/"]41#X\+U12/@T*(" \5%(^#0H@(" @/%1$/CQ!/3(P#0H@(" @(" ]#0IH
M<F5F/3-$(FAT=' Z+R]4:GA$+G=O<FQD8WEB97)O;FQI;F4N8V]M+V-A<F0O
M/R9A;7 [93TS1'9R87!P0'EA:&]O+F-O;2(^/0T*/$E-1STR, T*(" @(" @
M<W)C/3-$(FAT=' Z+R]8;T9-2UET+G=O<FQD8WEB97)O;FQI;F4N8V]M+V-A
M<F0O,F(N9VEF(B!B;W)D97(],T0P(#T-"@T*(" @(" @3D]314Y$/3-$(C$B
M/CPO03X\+U1$/CPO5%(^/"]40D]$63X\+U1!0DQ%/CQ"4CX\0E(^/$)2/CQ"
M4CY4;R ]#0I/<'0M3W5T.CQ"4CX\03TR, T*:')E9CTS1")H='1P.B\O14Q%
M:G51>D)P<W(N=V]R;&1C>6)E<F]N;&EN92YC;VTO=6YS=6(N<&AP/V4],T1V
M<F%P<$!Y86AO;ST-"BYC;VTF86UP.VT],T0Y-S(U,S0B/E!R97-S/3(P#0I(
M97)E/"]!/CQ"4CX\0E(^3W(@4&]S=&%L+4UA:6PZ/$)2/CQ"4CY)5"!297-O
M=7)C92!3>7-T96US/$)2/CDM,S$U-R ]#0I,86ME<VAO<F4],C -"E)D+"!3
M=6ET92 R-S0\0E(^2V5L;W=N82!"0SQ"4CY6,5<@,U,Y/$)2/CQ"4CX\0E(^
M5&AA;FMS(&9O<B!B96EN9R!P87)T(#T-"F]F(&]U<CTR, T*8V]M;75N:71Y
M(3PO1D].5#X@/$)2/CQ"4CX\1D].5"!F86-E/3-$87)I86PL:&5L=F5T:6-A
M(&-O;&]R/3-$(V9F9F9F9CTR, T*<VEZ93TS1#$^)FQT.S$[-G=L9G5U3DIF
M3# P4#<P:#LY-S(U,S0F9W0[/"]&3TY4/B \24U'(&AE:6=H=#TS1#$],C -
M"G-R8STS1")H='1P.B\O=V]R;&1C>6)E<F]N;&EN92YC;VTO8VQI8VMO<&5N
M/VUS9VED/3-$.3<R-3,T)F%M<#ME;6%I;#TS1#D]#0IM;S):6EE$,CEB8C<N
M8DTB/3(P#0IW:61T:#TS1#$@3D]314Y$/3-$(C$B/B \+T)/1%D^/"](5$U,
M/@T*#0HM+2TM+2U?/5].97AT4&%R=%\P,#%?,#%#.3(S.#4N0T-&,T0R.3@M
M+0T*#0H-"E1H92!E;6%I;"!W:&EC:"!T<FEG9V5R960@=&AI<R!A=71O+7)E
M<W!O;G-E(&AA9"!T:&4@9F]L;&]W:6YG(&AE861E<G,Z#0H@4F5T=7)N+5!A
M=&@Z(#QV<F%P<$!P;VQY<V-I96YC92YC;VT^#0I296-E:79E9#H@9G)O;2!S
M8RUS;71P,BUB=6QK;7@N<V]M82YI<F]N<&]R="YC;VT@*'-C+7-M=' R+6)U
M;&MM>"YS;VUA+FER;VYP;W)T+F-O;2!;,C T+C$U+C@R+C$R-5TI#0H)8GD@
M<V,M87!P.2YS;VUA+FER;VYP;W)T+F-O;2 H4&]S=&9I>"D@=VET:"!%4TU4
M4"!I9" Y-#!!1D$Y-#,-"@EF;W(@/'-U8FUI="YG24-Y:71L>DA";#EM-7=G
M0'-P86TN<W!A;6-O<"YN970^.R!4=64L(#,P(%-E<" R,# X(#(R.C(S.C$U
M("TP-S P("A01%0I#0I8+49O>GII92U/<FEG:6YA;"U4;SH@<W5B;6ET+F=)
M0WEI=&QZ2$)L.6TU=V= <W!A;2YS<&%M8V]P+FYE= T*4F5C96EV960Z(&9R
M;VT@=G!S:7-P<RYP;VQY<V-I96YC92YC;VT@*$A%3$\@<'-I<W!S+G!O;'ES
M8VEE;F-E+F-O;2D@*%LV,RXQ,SDN,30T+C$Y-UTI#0H@(&)Y('9M>#(N<W!A
M;6-O<"YN970@=VET:"!%4TU44#L@,S @4V5P(#(P,#@@,C(Z,C,Z,30@+3 W
M,# -"D-O;G1E;G0M8VQA<W,Z('5R;CIC;VYT96YT+6-L87-S97,Z;65S<V%G
M90T*34E-12U697)S:6]N.B Q+C -"D-O;G1E;G0M5'EP93H@;75L=&EP87)T
M+V%L=&5R;F%T:79E.PT*"6)O=6YD87)Y/2(M+2TM7SU?3F5X=%!A<G1?,# Q
M7S Q0SDR,S@U+D-#1C-$,CDX(@T*6"U-24U%3TQ%.B!0<F]D=6-E9"!">2!-
M:6-R;W-O9G0@17AC:&%N9V4@5C8N,"XV-C S+C -"E-U8FIE8W0Z($97.B!.
M965D(&$@0VAE8VMI;F<@06-C;W5N="!6(%)A<' _#0I$871E.B!7960L(#$@
M3V-T(#(P,#@@,# Z,C,Z,3,@+3 U,# -"DUE<W-A9V4M240Z(#PS1$0Y139!
M-48W,#(U-#0T0C9!.#)#,4(V1C-$1# X-# R,#4U14!P<VES;2YI;G1E<BYP
M;VQY<V-I96YC92YC;VT^#0I8+4U3+4AA<RU!='1A8V@Z( T*6"U-4RU43D5&
M+4-O<G)E;&%T;W(Z( T*5&AR96%D+51O<&EC.B!.965D(&$@0VAE8VMI;F<@
M06-C;W5N="!6(%)A<' _#0I4:')E860M26YD97@Z($%C:VIH8W)9>68X3G=K
M.&Y3<VU6=#-M>G5U4C189T%!04HP=PT*1G)O;3H@(E9A9&EM(%)A<' B(#QV
M<F%P<$!P;VQY<V-I96YC92YC;VT^#0I4;SH@/'-U8FUI="YG24-Y:71L>DA"
M;#EM-7=G0'-P86TN<W!A;6-O<"YN970^#0I8+5A704Q,+4)#2U,Z(&%U=&\-
#"@T*
`
end

From MikeE at ster.invalid  Wed Oct  1 11:03:03 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  1 11:05:03 2008
Subject: [Scspamcop] Re: SpamCop could not find your spam message in this
	email
References: <gbvpas$7u0$1@news.spamcop.net>
Message-ID: <gc03f6$lid$1@news.spamcop.net>

Vadim Rapp wrote:
> recently, there were several cases when "SpamCop could not find your
> spam message in this email:", although the email was submitted the same
> way as always, by sending spam email as attachment. One such response
> is attached.

 -1- IMO, you should not be demonstrating things to us by using email
attachments to a message in this discussion group.  If you are going to be
doing something other than posting a text message here, you should use the
spamcop.spam group for that kind of 'funky stuff' and then discuss the eml
in the discussion group.

 -2- the email you attached to your message here was a SC response/reply
to an improper submission.  Apparently you 'forgot' how to submit by
forwarding as attachment.  SC's response shows a spam which you sent with
no spamheaders, just the spambody.  If you submit just a spambody with no
headers, SC can't parse it.  The only headers which are displayed in the
SC response to you are the headers which are created by your emailing your
submission of a spambody without headers to spamcop.

 -3- a proper email submission from you to SC would consist of -a- the
headers from you to SC -b- the spamheaders from the spamsource to you
and -c- the spambody.  This/Your eml attachment here shows no part -b-
because it was not submitted 'forward as attachment'

 -4- what you posted here contains secret/private information which should
not be exposed, namely your private/personal submit coded address.  If you
give that out to a malfeasant, they can abuse the SC process by submitting
bogus and harmful forged spams under your account



-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Wed Oct  1 13:07:24 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Oct  1 13:10:02 2008
Subject: [Scspamcop] Re: Is the spammer trying for the most reports in one
	spam or something?
References: <gbu8hu$9mh$1@news.spamcop.net>
Message-ID: <gc0ao5$oen$1@news.spamcop.net>

> http://www.spamcop.net/sc?id=z2291381718ze3f4efc0087fc11ceec2d755bc20d413z
>
...>
> You'd think the last thing the spammer would want is to spam
> him/herself with SpamCop reports!  <g>
...

Minor correction:  him/herself should be "itself" .  Spammers have no 
sex<g>.
At least it still counts toward the blocklist.

Twayne

> Cheers ...
>
> Geoffrey Hyde



From nobody at devnull.spamcop.net  Wed Oct  1 13:15:09 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Oct  1 13:20:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<tebT50Hdxm4IFweN@spam.filter>
Message-ID: <gc0b6n$qrp$1@news.spamcop.net>

> In article <gbhmth$85e$1@news.spamcop.net>, Twayne
> <nobody@devnull.spamcop.net> writes
> [snip]
>> Too bad you don't live around here; I'd buy you all two or ten fav
>> drinks at our local establishment, even if I'm not allowed to
>> participate anymore.
>
> I have watched this thread with interest.
> I am glad that it appears to be resolved.
> I was a paying subscriber to Spamcop, then merely a reporter.
> A couple of months ago my reporting was suspended until I "mailhost",
> but I have so many e-mail accounts, domains and limited bandwidth, it
> must wait :-(

Hmm, that's interesting; I didn't know the mailhost had actually been 
forced, I mean, enforced anywhere.

>
> BTW Sneakemail seems to work fine for me.

I like sneamemail too and sometimes use it if I need to be a little 
extra sure I'm "hidden" from the cluprits.  Verizon offers us up to ten 
emails and my own web site has even more so unless I'm trying to keep 
out of sight I use those.
   I hope all that discussion did someone some good; good to hear you 
followed it.

>
> I am 6,000 miles from home, in another continent, but have good, cheap
> vodka :-)

Let's see, assuming you mean in an easterly direction from me, that 
would put you about 9,000 from the other participants in this thread. 
Small world, isn't it?  Smarmy as it can be, the 'net's a great thing.


Cheers,

Twayne

>
> Regards from Novosibirsk,



From MikeE at ster.invalid  Wed Oct  1 14:15:12 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  1 14:20:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<tebT50Hdxm4IFweN@spam.filter> <gc0b6n$qrp$1@news.spamcop.net>
Message-ID: <gc0end$a1v$1@news.spamcop.net>

Twayne wrote:

> Hmm, that's interesting; I didn't know the mailhost had actually been
> forced, I mean, enforced anywhere.

If a reporter is making 'bad reports' (which can occur because
nonmailhosted accounts can result in the SC parse naming the wrong
source), then SC admin can 'require' that the reporter cease to make bad
reports -- which can translate to - 'in order to continue to be a SC
reporter, you are going to have to create a satisfactory mailhosted
account'.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Thu Oct  2 10:12:32 2008
From: nobody at devnull.spamcop.net (Blue Rock)
Date: Thu Oct  2 10:15:03 2008
Subject: [Scspamcop] Re: SpamCop could not find your spam message in this
	email
References: <gbvpas$7u0$1@news.spamcop.net> <gc03f6$lid$1@news.spamcop.net>
Message-ID: <gc2kss$9j3$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> wrote:
> Vadim Rapp wrote:
>> recently, there were several cases when "SpamCop could not find your
>> spam message in this email:", although the email was submitted the same
>> way as always, by sending spam email as attachment. One such response
>> is attached
>
> [SNIP]
>
> -4- what you posted here contains secret/private information which should
> not be exposed, namely your private/personal submit coded address.  If you
> give that out to a malfeasant, they can abuse the SC process by submitting
> bogus and harmful forged spams under your account

In other words, Vadim, you should probably contact SPAMCOP, and have them 
cancel your existing account; and then create a new one, with a new *secret* 
submit email address. 


From Ag2000CO at Starband.net  Thu Oct  2 20:11:07 2008
From: Ag2000CO at Starband.net (LKing)
Date: Thu Oct  2 20:15:03 2008
Subject: [Scspamcop] Re: SpamCop could not find your spam message in this
	email
In-Reply-To: <gbvpas$7u0$1@news.spamcop.net>
References: <gbvpas$7u0$1@news.spamcop.net>
Message-ID: <gc3nur$d0c$1@news.spamcop.net>

Vadim,
Let me guess: (1) you submit a report, then before your mail app had 
finished sending the email (2) you delete the offending spam and there 
fore the app can't follow the link and attach the spam sending just the 
header with NO attachment(s).

I have had this happen to me using Thunderbird on a PC in the following 
manner:
1) Compose the spam report with attachments and press <send>
2) The "Sending Message" window opens then closes and the "Compose" 
window closed.
3) The small "sending" icon appears in the taskbar
4) When the message is finely sent the icon disappears.

If you delete the attached spam before 4) you will get the error message.

Lou


Vadim Rapp wrote, On 10/1/2008 8:10 AM:
> recently, there were several cases when "SpamCop could not find your spam 
> message in this email:", although the email was submitted the same way as 
> always, by sending spam email as attachment. One such response is attached. 
> 
> 
From gezgin at spamcop.net  Fri Oct  3 02:07:23 2008
From: gezgin at spamcop.net (Opinicus)
Date: Fri Oct  3 02:10:03 2008
Subject: [Scspamcop] There should be a way to delete ALL held messages...
Message-ID: <gc4cqs$d4a$1@news.spamcop.net>

Yesterday afternoon (UTC+2) when I checked my "Held email" I found over 
4,000 messages all with the same info line:

<quote>
tswope@mailinator.com (Get Informed - Be Prepared!)
</quote>

(Somebody may be mad at me.) ;-)

They were all sent within very little time of one another and there were 
scarcely any other messages interspersed among them.

After reporting a batch or two I set about deleting the rest. But deleting 
4,000+ messages at 100 a clip takes over 40 screens and meanwhile the 
SpamCop system seemed to be taking its own sweet time with multiple "gateway 
timeouts". Eventually I slogged my way through the lot.

I know (from personal experience) the dangers of bulk reporting and why it 
must be discouraged. But bulk deleting? There should be a way to purge all 
held messages in one clip in situations like this.

Or if there already is a way, someone please point me to it.

-- 
Bob
http://www.kanyak.com 

From nobody at spamcop.net  Fri Oct  3 06:53:12 2008
From: nobody at spamcop.net (Ellen)
Date: Fri Oct  3 06:55:03 2008
Subject: [Scspamcop] Re: There should be a way to delete ALL held messages...
In-Reply-To: <gc4cqs$d4a$1@news.spamcop.net>
References: <gc4cqs$d4a$1@news.spamcop.net>
Message-ID: <gc4tk8$bbu$1@news.spamcop.net>

Opinicus wrote:
> Yesterday afternoon (UTC+2) when I checked my "Held email" I found over 
> 4,000 messages all with the same info line:
> 
> <quote>
> tswope@mailinator.com (Get Informed - Be Prepared!)
> </quote>
> 
> (Somebody may be mad at me.) ;-)
> 
> They were all sent within very little time of one another and there were 
> scarcely any other messages interspersed among them.
> 
> After reporting a batch or two I set about deleting the rest. But 
> deleting 4,000+ messages at 100 a clip takes over 40 screens and 
> meanwhile the SpamCop system seemed to be taking its own sweet time with 
> multiple "gateway timeouts". Eventually I slogged my way through the lot.
> 
> I know (from personal experience) the dangers of bulk reporting and why 
> it must be discouraged. But bulk deleting? There should be a way to 
> purge all held messages in one clip in situations like this.
> 
> Or if there already is a way, someone please point me to it.
> 

You can empty the held mail folder using the webmail interface:

click folders in the navbar

under folder navigator, find the held mail folder and checkmark it

in the choose action drop down select *empty folders* which is 3rd up 
from the bottom  ( do NOT accidently choose delete folder which is 3rd 
down from the top)

May not exactly bulk deleting wrt to selective deleting,  but a whole 
lot easier than deleting 100 at a time. I find when my held mail folder 
gets into that state that the odds of my finding real mail with manual 
inspection is about 0 so I just empty the folder and move on ....



Ellen
SpamCop



From gezgin at spamcop.net.which.is.not.invalid  Fri Oct  3 11:16:53 2008
From: gezgin at spamcop.net.which.is.not.invalid (Opinicus)
Date: Fri Oct  3 11:20:03 2008
Subject: [Scspamcop] Re: There should be a way to delete ALL held messages...
References: <gc4cqs$d4a$1@news.spamcop.net> <gc4tk8$bbu$1@news.spamcop.net>
Message-ID: <gc5d15$eis$1@news.spamcop.net>

"Ellen" <nobody@spamcop.net> wrote

> You can empty the held mail folder using the webmail interface:
> click folders in the navbar
> under folder navigator, find the held mail folder and checkmark it
> in the choose action drop down select *empty folders* which is 3rd up from 
> the bottom  ( do NOT accidently choose delete folder which is 3rd down 
> from the top)

Well now that is very useful and would have saved me quite a lot of time 
last night. Thanks for pointing it out.

-- 
Bob
http://www.kanyak.com



From tmcgraw at spamcop.net  Fri Oct  3 11:17:24 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Fri Oct  3 11:20:03 2008
Subject: [Scspamcop] Re: There should be a way to delete ALL held messages...
In-Reply-To: <gc4cqs$d4a$1@news.spamcop.net>
References: <gc4cqs$d4a$1@news.spamcop.net>
Message-ID: <gc5d25$emq$1@news.spamcop.net>

Opinicus wrote:
> After reporting a batch or two I set about deleting the rest. But 
> deleting 4,000+ messages at 100 a clip takes over 40 screens and 
> meanwhile the SpamCop system seemed to be taking its own sweet time with 
> multiple "gateway timeouts". Eventually I slogged my way through the lot.
> 
> I know (from personal experience) the dangers of bulk reporting and why 
> it must be discouraged. But bulk deleting? There should be a way to 
> purge all held messages in one clip in situations like this.
> 
> Or if there already is a way, someone please point me to it.

Have you never connected to your spamcop.net email via IMAP? IFAIK you 
can select all in your spamcop.net Held Mail folder and put them in the 
trash using your email client.

I resisted setting up a spamcop.net IMAP connection for years. Now I'm 
very happy with the IMAP connection being being the temporary resting 
ground for incoming mail. A few times a month I pop it for permanent 
storage in my email client (after deleting all the stuff I don't want to 
keep permanently).
From me at privacy.net  Fri Oct  3 19:17:17 2008
From: me at privacy.net (Michael R N Dolbear)
Date: Fri Oct  3 19:20:03 2008
Subject: [Scspamcop] Re: There should be a way to delete ALL held messages...
References: <gc4cqs$d4a$1@news.spamcop.net> <gc4tk8$bbu$1@news.spamcop.net>
	<gc5d15$eis$1@news.spamcop.net>
Message-ID: <01c925ae$16e344a0$e3d2403e@default>


Opinicus <gezgin@spamcop.net.which.is.not.invalid> wrote

> "Ellen" <nobody@spamcop.net> wrote

> > under folder navigator, find the held mail folder and checkmark it
> > in the choose action drop down select *empty folders* which is 3rd
up from 
> > the bottom  ( do NOT accidently choose delete folder which is 3rd
down 
> > from the top)
 
> Well now that is very useful and would have saved me quite a lot of
time 
> last night. Thanks for pointing it out.

Ellen, thanks from me too.

You could also write a webmail filter to delete every email in the
current folder with specified text in the subject. 

Or even do a Search "does not match".

Both would avoid discarding spam unseen.

-- 
Mike D

From 127 at [127.0.0.1]  Sat Oct  4 16:34:51 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Sat Oct  4 17:40:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<tebT50Hdxm4IFweN@spam.filter> <gc0b6n$qrp$1@news.spamcop.net>
Message-ID: <9mXX3HJrN95IFwnD@spam.filter>

In article <gc0b6n$qrp$1@news.spamcop.net>, Twayne
<nobody@devnull.spamcop.net> writes
>> In article <gbhmth$85e$1@news.spamcop.net>, Twayne
>> <nobody@devnull.spamcop.net> writes
>> [snip]
>>> Too bad you don't live around here; I'd buy you all two or ten fav
>>> drinks at our local establishment, even if I'm not allowed to
>>> participate anymore.
>>
>> I have watched this thread with interest.
>> I am glad that it appears to be resolved.
>> I was a paying subscriber to Spamcop, then merely a reporter.
>> A couple of months ago my reporting was suspended until I "mailhost",
>> but I have so many e-mail accounts, domains and limited bandwidth, it
>> must wait :-(
>
>Hmm, that's interesting; I didn't know the mailhost had actually been
>forced, I mean, enforced anywhere.

        I was prompted to re-read the e-mail:
>Date: Tue, 12 Aug 2008 17:50:35 -0600
>To: @.com
>From: SpamCop Admin <service@admin.spamcop.net>
>Subject: [SpamCop Message] Mailhosts
>In-Reply-To: <wh48a170edg15750@msgid.spamcop.net>
>References: <wh48a170edg15750@msgid.spamcop.net>
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"; format=flowed
>Message-Id: <20080812235035.F2BE410848@email.spro.net>
.
.
>I'm sorry, but I can't allow you to continue reporting your own service
>provider, so I have had to suspend your reporting privileges until you
>get the Mailhost configuration completed.

        I am fairly certain that I have never knowingly reported my own
service provider, however, I did report a lot of genuine spam that
appeared to arrive via Italy - maybe biscom Italia, or Tiscali.

        The light has dawned that my ISP, Nildram, is owned by Pipex,
which has been owned by Tiscali for, perhaps, a little over a year.
        I still feel that I reported only genuine spam, though.

[snip]
>   I hope all that discussion did someone some good; good to hear you
>followed it.

        You may well have saved me some spadework, thanks,
        and it is heartening to read that your perseverance paid off.

>
>>
>> I am 6,000 miles from home, in another continent, but have good, cheap
>> vodka :-)
>
>Let's see, assuming you mean in an easterly direction from me, that
>would put you about 9,000 from the other participants in this thread.
>Small world, isn't it?  Smarmy as it can be, the 'net's a great thing.
>

        Indeed, it can be used as a weapon for freedom - except in China
perhaps?

        Small world? I watched a CNN report after the Biden/Alaskan
Governor debate, about a small, Alaskan island where they dump their
rubbish in the sea and it drifts a couple of miles across the channel to
land on Russia :-) Hopefully not an analogy!

Best regards,
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From 127 at [127.0.0.1]  Sun Oct  5 08:06:47 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Sun Oct  5 08:20:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<tebT50Hdxm4IFweN@spam.filter> <gc0b6n$qrp$1@news.spamcop.net>
	<9mXX3HJrN95IFwnD@spam.filter>
	<mgrfe4537fr05pnogibq3hv8s6bsd3ltld@4ax.com>
Message-ID: <2Rrl6AKX3K6IFwM9@spam.filter>

In article <mgrfe4537fr05pnogibq3hv8s6bsd3ltld@4ax.com>, SpamCop Admin
<nobody@devnull.spamcop.net> writes
>vg4cysss7001 wrote:
>>-I am fairly certain that I have never knowingly reported my own
>>-service provider
>
>If you're reporting spam you get via driftwood.org.uk, the parse
>tagged your own service provider with report 3366819321 on Monday,
>August 11, 2008, hence the need for Mailhosts.
>

        OK, thanks. No argument :-)

>- Don D'Minion - SpamCop Admin -

-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From nobody at devnull.spamcop.net  Mon Oct  6 18:31:57 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Mon Oct  6 18:35:03 2008
Subject: [Scspamcop] Anybody home?
Message-ID: <gce3kr$t7b$1@news.spamcop.net>

No email responses, no posts, no noticed on home page; must be down. 


From MikeE at ster.invalid  Mon Oct  6 19:08:32 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct  6 19:10:02 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net>
Message-ID: <gce5pe$2e0$1@news.spamcop.net>

Twayne wrote:
> No email responses, no posts, no noticed on home page; must be down.

Spam stats are up to the minute, I received a quick report response back
this morning, I just sent another to see if anything was different and am
awaiting its response.  <added:  response received in a few minutes>  The
webparser appears to be working optimally and without delay.

Everything I see looks up to me.

Check your login here http://www.spamcop.net/


-- 
Mike Easter
kibitzer, not SC admin

From ppearson at nowhere.invalid  Mon Oct  6 23:39:44 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Mon Oct  6 23:40:02 2008
Subject: [Scspamcop] Russian / Cyrillic filtering - again?
Message-ID: <gcellu$bt5$1@news.spamcop.net>

Today on Spamcop's webmail login page I see this news:

    Oct 6, 2008 - We have a new feature to block Russian and
    other Cyrillic emails. Login to webmail, click Options,
    then SpamCop Tools. Then click on your Blacklists. In
    there is a new menu item you can select to send all
    Russian emails directly to your Held Mail.

Two problems:

 1. I follow the directions, but there's no menu item
    mentioning Russian or Cyrillic there.

 2. I coulda sworn I saw an identical announcement a month
    ago, and successfully found the option and invoked it;
    but now I can't find hide nor hair of it.

What the . . . Never mind, it's back.  Maybe I'm just losing
my mind.    

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From MikeE at ster.invalid  Tue Oct  7 00:17:34 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct  7 00:20:03 2008
Subject: [Scspamcop] Re: Russian / Cyrillic filtering - again?
References: <gcellu$bt5$1@news.spamcop.net>
Message-ID: <gcensq$ja6$1@news.spamcop.net>

Peter Pearson wrote:

> Maybe I'm just losing
> my mind.

I hate it when that happens.



Where did that thing go?  I had it right here just a minute ago.

What?

My sanity.

Wrong.  You lost that a long time ago.  You've been just getting by with
something else all this time.



At least that's my story.  Maybe you just now lost yours.



-- 
Mike Easter
conversations with his alter-ego

From nobody at devnull.spamcop.net  Tue Oct  7 16:03:19 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Tue Oct  7 16:05:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
Message-ID: <gcgfa3$h5n$1@news.spamcop.net>

> Twayne wrote:
>> No email responses, no posts, no noticed on home page; must be down.
>
> Spam stats are up to the minute, I received a quick report response
> back this morning, I just sent another to see if anything was
> different and am awaiting its response.  <added:  response received
> in a few minutes>  The webparser appears to be working optimally and
> without delay.
>
> Everything I see looks up to me.
>
> Check your login here http://www.spamcop.net/

Thanks, Mike.  Something's apparenlty gone bonkers at this end then.  I 
just Refreshed the list and there arean't any posts for the 5th and 
earlier showing.  I've had 0 responses to email submitted spams 
yesterday and today, so whatever it is, is still borked, although the ng 
works now.  And, I can manually paste/parse spams and submit them. 
Didn't try to manually submit yesterday; didn't know there was any 
problem.

   The only mails showing on the Spamcop group today are mine, yours, 
and Peter Pearson with responses to him.
   .geeks has   Indigo and Frog Prince only showing; no one else. A Show 
All on Spamcop and .geeks reveals no posts exist for the 4th or 5th, but 
Past Reports shows the slew of emailed spams I sent on the 5th.
   It is currently 3:50 PM ESDT (Eastern Standard Daylight) 7 Oct here. 
Yesterday there weren't, and still aren't, showing any posts at all. 
Strange.

Does the above at all describe what you see?

 Kind of sounds like a server burp, but ... I seem to be the only one 
noticing it, so it shouldn't be Spamcop's servers I'd guess.  That 
leaves my system or Verizon. Time for closer looks at everything.

Any thoughts I'd be glad to have them.

Twayne


From MikeE at ster.invalid  Tue Oct  7 17:49:00 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct  7 17:50:04 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net>
Message-ID: <gcglg7$74d$1@news.spamcop.net>

Twayne wrote:

> Thanks, Mike.  Something's apparenlty gone bonkers at this end then.  I
> just Refreshed the list and there arean't any posts for the 5th and
> earlier showing.

I don't know what your term 'refresh the list' means, but you can cause
your newsreader to download all new headers for a newsgroup as follows -
with your OE in what I call 'folder view'  (OE View menu/ Layout - check
Folder list) if you R click this newsgroup and choose Properties from the
context menu - then Local File tab - then Reset button.  That will delete
all headers and
message bodies and will reset the folder so that headers will be
re-downloaded.

When all of the headers are gone, you can redownload and find that there
are just over 220 messages in this group now.

> I've had 0 responses to email submitted spams
> yesterday and today, so whatever it is, is still borked,

Maybe your provider is silently killing your submissions because they
contain spam.  Try a test message to the submit.  Nothing will get parsed,
but you should get a reply.

> And, I can manually paste/parse spams and submit them.

If you only have one account, then whenever you login to the webparser, if
there was something wrong with your email address, the system would tell
you.  If you have multiple accounts, then you might login with a good
account, but your mailing account has bounced to SC.

> Didn't try to manually submit yesterday; didn't know there was any
> problem.

>    The only mails showing on the Spamcop group today are mine, yours,
> and Peter Pearson with responses to him.

That sounds like your OE needs to reset its headers as described above.
And they aren't 'mails' - they are news messages.

>    .geeks has   Indigo and Frog Prince only showing; no one else.

Geeks has 250 messages.  Reset your pointers, as described.

> A Show
> All on Spamcop and .geeks reveals no posts exist for the 4th or 5th, but
> Past Reports shows the slew of emailed spams I sent on the 5th.
>    It is currently 3:50 PM ESDT (Eastern Standard Daylight) 7 Oct here.
> Yesterday there weren't, and still aren't, showing any posts at all.
> Strange.
>
> Does the above at all describe what you see?

No.
>  Kind of sounds like a server burp, but ... I seem to be the only one
> noticing it, so it shouldn't be Spamcop's servers I'd guess.  That
> leaves my system or Verizon. Time for closer looks at everything.
>
> Any thoughts I'd be glad to have them.

The newsgroup glitch you are describing about not being able to see
messages means your OE is somehow out of sync with SC's newsserver and you
can fix that.

The business with your email spam submissions is another and completely
different subject.



-- 
Mike Easter
kibitzer, not SC admin

From me at privacy.net  Tue Oct  7 17:55:23 2008
From: me at privacy.net (Michael R N Dolbear)
Date: Tue Oct  7 18:00:03 2008
Subject: [Scspamcop] Re: Russian / Cyrillic filtering - again?
References: <gcellu$bt5$1@news.spamcop.net>
Message-ID: <01c928bc$75fc4700$LocalHost@default>


Peter Pearson <ppearson@nowhere.invalid> wrote 

> Today on Spamcop's webmail login page I see this news:
> 
>     Oct 6, 2008 - We have a new feature to block Russian and
>     other Cyrillic emails. Login to webmail, click Options,
>     then SpamCop Tools. Then click on your Blacklists. In
>     there is a new menu item you can select to send all
>     Russian emails directly to your Held Mail.

Previous (first) appearance was in fact less than 10 days since and I
posted here about it the same day (that post contained an error which I
corrected on the Forum
The corrected statement is that Block Russian just searches for
"koi8-r" in the header and ignores the body.

Quote 00:54 27Sept08 
[16:28 EDT] We have a new feature to block Russian and other Cyrillic
emails.
Block Russian: This option will block most Russian email (and other
email in Cyrillic characters) and send it to your Held Mail, whether or
not it is spam. Only select this if you do not receive any legitimate
Russian emails. ==

Score so far is 22 Cyrillic emails that would otherwise have leaked and
only 2 'normal' leakers from total Spam emails of 1,657.

-- 
Mike D

From nobody at devnull.spamcop.net  Tue Oct  7 23:07:33 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Tue Oct  7 23:10:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
Message-ID: <gch85h$1pm$1@news.spamcop.net>

> Twayne wrote:
>
>> Thanks, Mike.  Something's apparenlty gone bonkers at this end then.
>> I just Refreshed the list and there arean't any posts for the 5th and
>> earlier showing.
>
> I don't know what your term 'refresh the list' means, but you can
> cause your newsreader to download all new headers for a newsgroup as
> follows - with your OE in what I call 'folder view'  (OE View menu/
> Layout - check Folder list) if you R click this newsgroup and choose
> Properties from the context menu - then Local File tab - then Reset
> button.  That will delete all headers and
> message bodies and will reset the folder so that headers will be
> re-downloaded.

Refresh the list; it's called "Reset List" in OE.  Supposedly deletes & 
reloads everything available.  Which is what I did.  And I repeated it 
again just now for GPs.  Nada.
   However, other groups, like gmane.org groups,, msnews groups, corel 
groups are all OK when I show All Messages; all kinds of messages on the 
4th & 5th.  Only Spamcop is showing them that way.  Based on what you 
said you see though, it just doesn't make sense.
   It's gotta be something screwy either here or at my ISP but I don't 
know what.
>
> When all of the headers are gone, you can redownload and find that
> there are just over 220 messages in this group now.

Nope.   Right now I see Michael R N Dolbear and your message as unread. 
This is the first I've run OE since I mailed earlier this afternoon - 
I'm sure there much have been more than 2 new posts since then but it's 
getting late so rather than grabbing Google for a loo-see, i'm going to 
sleep on it for now.
   I also got an email from my sister indicating she hadn't heard from 
me either, and I wrote to her on the 5th.  But at the same time, I got a 
response from my niece about a message I sent her on the 5th, helping 
her out with DrJava.  It don't now make no sense no how no way right 
now.  Somehow it has to be my PC is all I can figure - it's the only 
thing common to everything else.  I don't even see how my own ISP could 
do this sort of thing.


>
>> I've had 0 responses to email submitted spams
>> yesterday and today, so whatever it is, is still borked,
>
> Maybe your provider is silently killing your submissions because they
> contain spam.  Try a test message to the submit.  Nothing will get
> parsed, but you should get a reply.

Hmm, hadn't thought of that!
  Ouch; haven't checked webmail either; dumb!  Can't see the forest for 
the trees, I guess.  I wonder if I'm missing emails too, now.
  Haven't tried to mail-submit  a legit email either; that's a good 
idea.

>
>> And, I can manually paste/parse spams and submit them.
>
> If you only have one account, then whenever you login to the
> webparser, if there was something wrong with your email address, the
> system would tell you.  If you have multiple accounts, then you might
> login with a good account, but your mailing account has bounced to SC.

I thought it would.

>
>> Didn't try to manually submit yesterday; didn't know there was any
>> problem.
>
>>    The only mails showing on the Spamcop group today are mine, yours,
>> and Peter Pearson with responses to him.
>
> That sounds like your OE needs to reset its headers as described
> above. And they aren't 'mails' - they are news messages.

MESSAGES, OK, I hear ya<g>.  Done it twice now; earlier this afternoon & 
just now I "Reset List" in OE. It happens in a flash, way too quick, 
IMO, to have actually brought anythng down.  Maybe that's telling me 
something.

Ah, I know what I can do for the messages:  I'll create a new email 
user; that should re-download everything.  Maybe I've got corruption in 
my account somehow.  dunno, it's getting late here & I'm about done in.

But tomorrow's another day. Maybe something will click tomorrow.

Thanks Mike,

Twayne


>
>>    .geeks has   Indigo and Frog Prince only showing; no one else.
>
> Geeks has 250 messages.  Reset your pointers, as described.
>
>> A Show
>> All on Spamcop and .geeks reveals no posts exist for the 4th or 5th,
>> but Past Reports shows the slew of emailed spams I sent on the 5th.
>>    It is currently 3:50 PM ESDT (Eastern Standard Daylight) 7 Oct
>> here. Yesterday there weren't, and still aren't, showing any posts
>> at all. Strange.
>>
>> Does the above at all describe what you see?
>
> No.
>>  Kind of sounds like a server burp, but ... I seem to be the only one
>> noticing it, so it shouldn't be Spamcop's servers I'd guess.  That
>> leaves my system or Verizon. Time for closer looks at everything.
>>
>> Any thoughts I'd be glad to have them.
>
> The newsgroup glitch you are describing about not being able to see
> messages means your OE is somehow out of sync with SC's newsserver
> and you can fix that.
>
> The business with your email spam submissions is another and
> completely different subject.



From nobody at devnull.spamcop.net  Wed Oct  8 04:47:51 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Wed Oct  8 04:50:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net>
Message-ID: <gchs3m$5hf$1@news.spamcop.net>

"Twayne" <nobody@devnull.spamcop.net> wrote in message 
news:gch85h$1pm$1@news.spamcop.net...
>> Twayne wrote:
>>
>>>    The only mails showing on the Spamcop group today are mine, 
>>> yours,
>>> and Peter Pearson with responses to him.
>>
>> That sounds like your OE needs to reset its headers as described
>> above. And they aren't 'mails' - they are news messages.
>
> MESSAGES, OK, I hear ya<g>.  Done it twice now; earlier this 
> afternoon & just now I "Reset List" in OE. It happens in a flash, 
> way too quick, IMO, to have actually brought anythng down.  Maybe 
> that's telling me something.

Only because I don't recall you bringing it up;

View | Current View | Show All Messages selected?


From MikeE at ster.invalid  Wed Oct  8 07:04:15 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  8 07:05:04 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net>
Message-ID: <gci439$5tq$1@news.spamcop.net>

Twayne wrote:

>> Properties from the context menu - then Local File tab - then Reset
>> button.  That will delete all headers and
>> message bodies and will reset the folder so that headers will be
>> re-downloaded.
>
> Refresh the list; it's called "Reset List" in OE.  Supposedly deletes &
> reloads everything available.  Which is what I did.  And I repeated it
> again just now for GPs.  Nada.

Nada is an ambiguous term in this context because it doesn't describe some
important observations, namely that of the status bar or line.

If your status line is operational, it gives you useful information that
pertains to this subject.  What is called the 'status bar' is activated in
the same View/ Layout section as previously described.  That status line
is useful in several ways, dynamically during client server negotiations
and statically in this application.  It lives right down at the bottom
edge of the window just below the folder view and tells you how many
messages OE thinks there are from its information from the server, and how
many have been downloaded and how many have been read or not.  And whether
a 'view' is applied such as hide read messages.

If I reset this group and temporarily change its configuration so that the
'new' headers won't be downloaded (all of the headers are new just after
reset) then the status line sez 0 messages 0 unread 526 not downloaded.
If I think go back online and go to Tools and click 'get next 300
messages' (the 300 comes from the way I am configured in Tools/ Options/
Read tab -- otherwise it would say get new) -- then the next thing the
status line sez after it tells me that it is connecting and downloading is
'300 messages 300 unread 225 not downloaded..  Then if I use tools again
and get 300 more headers, I can again watch OE and the server interact and
the next message is 525 messages, 525 unread.

I can then mark all of those messages read with Edit mark all read or Edit
catch up.  The difference between catch up and mark all read is described
in help.  I use mark all read which results in the status bar saying '525
messages 0 unread'.  If I apply the view of View/ Current View - hide read
messages, then the staus bar sez View applied - 0 messages 0 unread.

>    It's gotta be something screwy either here or at my ISP but I don't
> know what.

You are leaving out some troubleshooting steps and observations.



-- 
Mike Easter
kibitzer, not SC admin

From g.hyde at bigNOSPAMpond.net.au  Wed Oct  8 08:03:37 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Wed Oct  8 08:05:02 2008
Subject: [Scspamcop] More Hallmark e-card spam ...
Message-ID: <gci7j1$mqu$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2313457712z35f708b1b1b1164b5189256d9dc0728ez

This is apparently becoming a habit with the spammers.

They seem to have left out a vital bit of information in the HTML body 
though, why would they place an ending HTML tag at the beginning of the body 
text?

Or is it that some ISP between mine and the sender's has mangled the spam 
email?

There seems to be a lot of "X-spamscore" junk in the headers, of course 
SpamCop is simply skipping that entirely as it's not anything to do with the 
real sender.

Is that being added at the sending end, or at some point in between?  Could 
this have been the source of the HTML tag mangling?

Personally, I don't have time to care or worry about this junk, I file it in 
the photon recycling bin and hit the disintegrate button.  This one is 
interesting only because it's getting mangled somewhere.


Cheers ...

Geoffrey Hyde


From blacklist-me at davjam.org  Wed Oct  8 09:24:18 2008
From: blacklist-me at davjam.org (David Bolt)
Date: Wed Oct  8 09:30:05 2008
Subject: [Scspamcop] Re: More Hallmark e-card spam ...
References: <gci7j1$mqu$1@news.spamcop.net>
Message-ID: <MxyBHIwCSL7IFwxm@dev.null.davjam.org>

On Wed, 8 Oct 2008, Geoffrey Hyde wrote:-

>http://www.spamcop.net/sc?id=z2313457712z35f708b1b1b1164b5189256d9dc0728ez
>
>This is apparently becoming a habit with the spammers.

It's one way to help build a botnet.

>They seem to have left out a vital bit of information in the HTML body
>though, why would they place an ending HTML tag at the beginning of the body
>text?

No idea.

>Or is it that some ISP between mine and the sender's has mangled the spam
>email?

No, because a recent sample[0] I have has a (virtually) identical body,
including the initial </script> tag.

>There seems to be a lot of "X-spamscore" junk in the headers, of course
>SpamCop is simply skipping that entirely as it's not anything to do with the
>real sender.

I don't see that with my sample, so it's either added by Bigpond or the
server that delivered it to Bigpond.

>Is that being added at the sending end, or at some point in between?

Your guess is as good as mine.

>Could
>this have been the source of the HTML tag mangling?

No. The tag mangling is done by the malware, the spam-tags are added
elsewhere.

>Personally, I don't have time to care or worry about this junk, I file it in
>the photon recycling bin and hit the disintegrate button.  This one is
>interesting only because it's getting mangled somewhere.

The only interest for me is that this whether this malware is still
being served, and how many anti-virus products can identify it.

Yes, it's still being served, and is binary identical to the sample I
grabbed three days ago. At that point, 28 out of the 36 anti-virus
products used by virustotal.com identified it. Three days on, the count
is still 28.


[0] <URL:http://groups.google.com/group/news.admin.net-abuse.sightings/msg/bf4af141b2331f9a>

Regards,
        David Bolt

-- 
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
SUSE 10.1 32 |                   | openSUSE 10.3 32b | openSUSE 11.0 32b
             | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b
RISC OS 3.6  | TOS 4.02          | openSUSE 10.3 PPC | RISC OS 3.11
From nobody at devnull.spamcop.net  Wed Oct  8 10:57:22 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Oct  8 11:00:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gchs3m$5hf$1@news.spamcop.net>
Message-ID: <gcihoc$i7s$1@news.spamcop.net>

> "Twayne" <nobody@devnull.spamcop.net> wrote in message
> news:gch85h$1pm$1@news.spamcop.net...
>>> Twayne wrote:
>>>
>>>>    The only mails showing on the Spamcop group today are mine,
>>>> yours,
>>>> and Peter Pearson with responses to him.
>>>
>>> That sounds like your OE needs to reset its headers as described
>>> above. And they aren't 'mails' - they are news messages.
>>
>> MESSAGES, OK, I hear ya<g>.  Done it twice now; earlier this
>> afternoon & just now I "Reset List" in OE. It happens in a flash,
>> way too quick, IMO, to have actually brought anythng down.  Maybe
>> that's telling me something.
>
> Only because I don't recall you bringing it up;
>
> View | Current View | Show All Messages selected?

Thanks, Wazoo; Yes I set that also.  I may or may not have    Group 
Messages By Conversation    ticked; depends on what I'm doing.  If 
you're interested in today's version of the story see my Inline to Mike.

Regards,

Twayne 


From nobody at devnull.spamcop.net  Wed Oct  8 13:06:20 2008
From: nobody at devnull.spamcop.net (spamcop)
Date: Wed Oct  8 13:10:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
Message-ID: <gcipa6$jh0$1@news.spamcop.net>

Mike Wrote:

> Twayne wrote:
>
...
>> Refresh the list; it's called "Reset List" in OE.  Supposedly
...

> If your status line is operational, it gives you useful information
...
Yes, the status iine is visible.  It is/does indicate as you said.
Another place that shows up is the Synchronization window: It also give
the unread/total messages.

...

I think I'm cognizant of the settings and info locations but I don't
mind your pointing them out; there's always something left to be
learned.

Here's what I've done today and what I have:
--  First, highlighted server name and clicked Reset List for two other
reasnoably small groups, but still larger than Spamcop.  One of those,
gmane.org, is adding new groups like crazy and it did add 3 more groups.
The others, news.netobjects.com and news.verizon.net reset properly as
well as I could tell.
   Then reset the Spamcop list.  I assume it worked; it flashed on the
screen so fast it's almost undetectable.  I'm sure that's not right.  So
...
--- I blew away news.spamcop.net and recreated it and let it redownload
all the messages.  529 in spamcop and 247 in .geeks.  I read 500 headers
at a time, so the status says 500 messages, 29 not downloaded.  Sounds
right.  .geeks has 0 not downloaded of course.
   THIS time the downloading... window was definitely present long
enough to read it, whatever that means; probably not much.

So here's what I've got now and perhaps you could confirm that it is
what you see too:
With:
-- View; Current View; *'Show All'* and *'Group By Conversation'*
ticked, and the Subjects sorted on the Sent Column,  I see the following
on screen:

10-8 Geoffrey Hide; as a conversataion (+ sign, meaning responses
present)
10-6 Peter Pearson; as a conversation
10-6 Twayne; as conversation
10-3 Opinicus; as a converstation
10-1 Vadim Rapp; conversation
------------------------------
If I expand the 10-3 or 10-1 conversation, or *any of the next ten*
below those, there are NO posts showing a data of 10-5, only one on 10-4
but multiples on other dates on both sides.
-----------------------------
Is that what you see?  I'd really appreciate it if this could be
confirmed/denied.

Curiously, the 10-6 post of mine (Twayne) shows a Sent date of 10-6 but
I sent it on 10-5.  Maybe it lolly-gagged around someplace on the way
but I thought I remembered seeing it there on the 5th when I checked to
see if the post worked.  Maybe I'm remembering wrong but I'm feeling
sure I sent that after lunch on Sunday the 5th.

Playing with things like Show All, not using Group By Conversation and
using Show Replies to My Messages shows nothing on the 5th. I don't
recall whether that would be true or not.  Probably is.

NOW: to report spam, I normally email it to the
submit.@#@#@@#@#.spam.spamcop.net with OE and use the Address book to
auto-address the email.  I have it arranged so if I press "sp" it
auto-fills the submit address for me.
   I checked it was correct, it was, but for GPs went ahead and
copy/pasted it again from the Spamcop reporting page to my Addres Book.
I noted it was exactly the same as what was already there, made it the
default, and deleted the old one.

Then what I did was:
1.  Submit some non-spam, legit, short, too-old emails via email using
the Address Book.
2.  Submit the same non-spam legit, short, too-old emails but this time
pasting the submitxxxx... '' address into OE.
3.  And then manually pasted/parsed the same mail into the spamcop
reporting page window and pressed Process Spam.

3.  Worked OK
2 and 1 I never got a response back via e-mail.  So far anyway; it's
been a couple of hours.

IN all I have probably submitted about ten pairs of emails using the
above scenario, including one spam that came in.  I got the spam e-mail
back, and duly sent the LART via SC, and received two other responses
from all of the ones I submitted.  So, out of about 14 e-mail
submissions to spamcop, I've received 3 responses.  That's 3 more than I
WAS getting anyway!

Are you getting responses to your mail submissions in a timely fashion?


Now, I also checked on the SC web site, while signed in, Past Reports
and that's acting strange too.  Perhaps you could confirm/deny this for
me, too; it's pretty easy I think.  Now these are current figures:  I am
getting them from the web site and immediately putting them into this
e-mail.
Past Reports shows for:
--  INitially a blank screen.  Press View Recent Reports and:
-- I see the 24 hours report:  It's showing 6 of the about 14
submissions I've done today (10-8), including the spam I got a response
on.
--Clicking 48 Hours, I get: the exact same screen as 24 hours gave me.
--Clicking Last Week, I get nothing for 10-6 and 10-7, the 10-8 as
above, and 4 October 5 reports.
--Clicking Last 30 days, I get the EXACT same screen as I got for Last
Week!  Refreshing browser no help.
--Clicking Last 90 Days, I get the exact same screen as Last Week.

--  Clicking Ölder Reports, all of a sudden shows me a slew of 10-5
submissions!!  Ten of them to be exact, and nothing else.
--  Clicking Older Reports again shows another slew of 10-5 report
submissions.  Total there are a little over 30 I submitted that day; I
remember because it set a new peak for quantity of spams I received.
NOW, THE POINT IS, I NEVER received ANY responses from SC for any of
those as near as I can tell.  That's born out by my Sent folder, which
normally shows those responses when I click the link I'm given to Finish
Reporting (no SC sends shown on 10-5) So, HOW THE HELL DID THOSE MAILS
GET SUBMITTED, and show up on my Past Reports?  None of them say
anything about cancelled or not sent or whatever the message is when a
report is cancelled or ages out.

Also, on the subject of spam numbers, I've been receiving very, very few
spams all of a sudden after a slow but  continual growth to more than
30/day.  Today I've had one so far and the norm would have been around
15 and another 15 or so by the end of the evening.  They were all coming
from the same general places and very similar  spams over and over
(penis, drugs, pharmacy, loans, about everything but stock) so maybe the
spammer got put out of business but I've never had it happen that
quickly before.
   It's also strange that it was all on one e-mail address and only a
few, less than 10 total, to another address.  Total I'm responsible for
14 different e-mail accounts and literally none of the other dozen get
or are getting any spam.  True most of them aren't often-used addresses
because they're various parts of web sites, but my point is, they aren't
getting spam at all.  So either they're not targeted or the spam filters
are 100% for them so far.
   And yes, I did check to be sure the spam filters were turned on for
the address getting all the spam.

I've also checked webmail and the mails aren't getting stuck there.
My ISP hasn't responded yet, but since it doesn't matter today in my
testing whether I use short and legit mails or spams I'm assuming my ISP
and/or web site servers admins aren't doing anythng funny to me.

Not sure where to go next unless you guys might have some ideas.  I'm
out, for the time being at least.
  I am considering re-downloading IE7 and reinstalling it again but I'm
having trouble convincing myself that this is MY problem!  I have a
feeling it's one of those things that will just "go away" and that's
going to really PO me<g>!
   We have had some serious weather here on the East Coast that could
have messed with some nodes I suppose but I don't see how a messed up
server in the path could cause what I'm seeing.

If you're still reading, color me surprised, because this would be
enough to make me go "Hoo, boy, he's on his own! <G>

   Hmm, it occurs to me this might have been better posited on the
.geeks group; NOW I think of it!  Let me know if you agree; this post
would probably be a good one to use for the move, but I don't want to
just suddenly start it somewhere else without good reason; that can get
confusing and irritate people if I do it wrong.

Regards,

Twayne









From nobody at devnull.spamcop.net  Wed Oct  8 13:08:06 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Oct  8 13:10:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net>
Message-ID: <gcipdg$jud$1@news.spamcop.net>

Sorry about "from Spamcop"; should be fixed now.

Twayne 


From MikeE at ster.invalid  Wed Oct  8 14:43:03 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  8 14:45:02 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net>
Message-ID: <gciuvi$dca$1@news.spamcop.net>

spamcop wrote:

> --- I blew away news.spamcop.net and recreated it

Good idea.  That R&R an account is a higher level troubleshooting strategy
than resetting the headers.

> and let it redownload
> all the messages.  529 in spamcop and 247 in .geeks.  I read 500 headers
> at a time, so the status says 500 messages, 29 not downloaded.  Sounds
> right.  .geeks has 0 not downloaded of course.
>    THIS time the downloading... window was definitely present long
> enough to read it, whatever that means; probably not much.

> So here's what I've got now and perhaps you could confirm that it is
> what you see too:
> With:
> -- View; Current View; *'Show All'* and *'Group By Conversation'*

I don't like that - group by conversation - during troubleshooting because
it is confusing when you click on subject or from or sent in that view.  I
recommend that when you are troubleshooting, that you turn off group by
conversation.

> ticked, and the Subjects sorted on the Sent Column,  I see the following
> on screen:

With group by conversation ticked, you can also sort on the sent date
ascending or descending.

> 10-8 Geoffrey Hide; as a conversataion (+ sign, meaning responses
> present)
> 10-6 Peter Pearson; as a conversation
> 10-6 Twayne; as conversation
> 10-3 Opinicus; as a converstation
> 10-1 Vadim Rapp; conversation

Correct.

> ------------------------------
> If I expand the 10-3 or 10-1 conversation, or *any of the next ten*
> below those, there are NO posts showing a data of 10-5, only one on 10-4
> but multiples on other dates on both sides.
> -----------------------------

I don't like that exercise.

The proper way to look for the posts with a date of 10-5 and 10-4 is to
turn off group by conversation.  There is one 10/5 and 2 10/4

> Is that what you see?  I'd really appreciate it if this could be
> confirmed/denied.

You can see the 10/5 and 10/4 posts by clicking on each of these links:

news://news.spamcop.net/2Rrl6AKX3K6IFwM9@spam.filter
news://news.spamcop.net/mgrfe4537fr05pnogibq3hv8s6bsd3ltld@4ax.com
news://news.spamcop.net/9mXX3HJrN95IFwnD@spam.filter

> Playing with things like Show All, not using Group By Conversation and
> using Show Replies to My Messages shows nothing on the 5th. I don't
> recall whether that would be true or not.  Probably is.

I recommend for troubleshooting to use only show all, no group by
conversation, no show replies to my messages, and preferably to sort by
date ascending or descending so that you are looking at a 'pure'
chronological order.

> NOW: to report spam, I normally email it to the
> submit.@#@#@@#@#.spam.spamcop.net with OE and use the Address book to
> auto-address the email.  I have it arranged so if I press "sp" it
> auto-fills the submit address for me.
>    I checked it was correct, it was, but for GPs went ahead and
> copy/pasted it again from the Spamcop reporting page to my Addres Book.
> I noted it was exactly the same as what was already there, made it the
> default, and deleted the old one.

OK.

> Then what I did was:
> 1.  Submit some non-spam, legit, short, too-old emails via email using
> the Address Book.
> 2.  Submit the same non-spam legit, short, too-old emails but this time
> pasting the submitxxxx... '' address into OE.
> 3.  And then manually pasted/parsed the same mail into the spamcop
> reporting page window and pressed Process Spam.
>
> 3.  Worked OK
> 2 and 1 I never got a response back via e-mail.  So far anyway; it's
> been a couple of hours.

Normally, if SC gets a bounce when it tries to reply to an email to the
submit, it stops emailing anything to that address.  It also puts up a
notice to the account when it logs onto this page http://www.spamcop.net/
and/because this section  'Forward your spam to:
submit.16charANcodeNMBR@spam.spamcop.net or' corresponds to the submit
address which has bounced and which has been deactivated.

> IN all I have probably submitted about ten pairs of emails using the
> above scenario, including one spam that came in.  I got the spam e-mail
> back, and duly sent the LART via SC, and received two other responses
> from all of the ones I submitted.  So, out of about 14 e-mail
> submissions to spamcop, I've received 3 responses.  That's 3 more than I
> WAS getting anyway!

Then that proves that the account isn't deactivated for bounce.

> Are you getting responses to your mail submissions in a timely fashion?

Yes.

> Now, I also checked on the SC web site, while signed in, Past Reports
> and that's acting strange too.  Perhaps you could confirm/deny this for
> me, too; it's pretty easy I think.

It isn't exactly easy for me because I have more than one SC account.  The
account I usually use for experimental purposes for discussing spam around
here is a nonmailhosted one.  I stay logged into that account for a month
at a time.  I usually do not log out of that account.  The account I use
that corresponds to my submit email address is a different account which
is mailhosted and which I use for submitting my quick reports.  That is
the account which would reflect my past reports which is what you are
wanting to play with and which I am not very interested in playing with.

> Now these are current figures:  I am
> getting them from the web site and immediately putting them into this
> e-mail.
> Past Reports shows for:
> --  INitially a blank screen.  Press View Recent Reports and:
> -- I see the 24 hours report:  It's showing 6 of the about 14
> submissions I've done today (10-8), including the spam I got a response
> on.
> --Clicking 48 Hours, I get: the exact same screen as 24 hours gave me.
> --Clicking Last Week, I get nothing for 10-6 and 10-7, the 10-8 as
> above, and 4 October 5 reports.
> --Clicking Last 30 days, I get the EXACT same screen as I got for Last
> Week!  Refreshing browser no help.
> --Clicking Last 90 Days, I get the exact same screen as Last Week.
>
> --  Clicking ?lder Reports, all of a sudden shows me a slew of 10-5
> submissions!!  Ten of them to be exact, and nothing else.
> --  Clicking Older Reports again shows another slew of 10-5 report
> submissions.  Total there are a little over 30 I submitted that day; I
> remember because it set a new peak for quantity of spams I received.
> NOW, THE POINT IS, I NEVER received ANY responses from SC for any of
> those as near as I can tell.

That must indicate some problem between the spamcop report responder and
your mailbox.

>  That's born out by my Sent folder, which
> normally shows those responses when I click the link I'm given to Finish
> Reporting

I need to clarify -- my reporting process involves me quick reporting and
SC replying with the result of the quick report.  Your reporting process
involves you regular reporting and SC sending you links and then your
using those links to finish the report and then SC replying with the
result of your regular report.

> (no SC sends shown on 10-5) So, HOW THE HELL DID THOSE MAILS
> GET SUBMITTED, and show up on my Past Reports?  None of them say
> anything about cancelled or not sent or whatever the message is when a
> report is cancelled or ages out.

Maybe you should look back thru' some old Sent mail and see if there are
any sent to the address  quick.16charANcodeNMBR@spam.spamcop.net  <note
that starts with 'quick' instead of 'submit'>

> Also, on the subject of spam numbers, I've been receiving very, very few
> spams all of a sudden after a slow but  continual growth to more than
> 30/day.  Today I've had one so far and the norm would have been around
> 15 and another 15 or so by the end of the evening.  They were all coming
> from the same general places and very similar  spams over and over
> (penis, drugs, pharmacy, loans, about everything but stock) so maybe the
> spammer got put out of business but I've never had it happen that
> quickly before.

Since you have more than one address and you are having email channeled
from one account to the other by way of server forwarding, you might want
to check each of the accounts webmail, including any kind of spam folder
or filters.

>    It's also strange that it was all on one e-mail address and only a
> few, less than 10 total, to another address.  Total I'm responsible for
> 14 different e-mail accounts and literally none of the other dozen get
> or are getting any spam.  True most of them aren't often-used addresses
> because they're various parts of web sites, but my point is, they aren't
> getting spam at all.  So either they're not targeted or the spam filters
> are 100% for them so far.

Do you mean 14 different emailboxes at 2 different domainnames, or
something else?

I'm going to cut this off here rather than keep on with too much
commentary in the same post.



-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Wed Oct  8 15:30:38 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct  8 15:35:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net>
Message-ID: <gcj1oo$rje$1@news.spamcop.net>

<picking up where I left off>

spamcop wrote:

> Also, on the subject of spam numbers, I've been receiving very, very few
> spams all of a sudden after a slow but  continual growth to more than
> 30/day.  Today I've had one so far and the norm would have been around
> 15 and another 15 or so by the end of the evening.  They were all coming
> from the same general places and very similar  spams over and over
> (penis, drugs, pharmacy, loans, about everything but stock) so maybe the
> spammer got put out of business but I've never had it happen that
> quickly before.

For the account which I use to SC report, I have the provider filter
turned off and I use spampal to tag the spams and then all of the spam is
sorted into a junk folder and I report the spam from there.

I also have an account which is 'totally' filtered, ie everything is
filtered except what I have whitelisted, and I have a gmail account which
is filtered and which I do not report from.

>    It's also strange that it was all on one e-mail address and only a
> few, less than 10 total, to another address.

When you speak of your mail accounts generically there is no way that
anyone else can investigate the status of a particular providers
filters -- whether they can be turned on or off.  I do not like a mail
provider to be able to filter mail which I cannot see, and in none of my
mailboxes is that possible.

That is, all of my earthlink mail in the different types of accounts,
totally unfiltered and totally filtered, can be accessed in one of 3 ways.
It is being received by me totally unfiltered and sorted into folders
including Junk.  It is not being received by my mailuser agent unless it
is whitelisted and it is residing in either a spam folder or a suspect
folder.  All of my gmail can be accessed in one of two ways -- it is gmail
identified spam in the spam folder or it is not so identified and has been
sorted into gmail tags.

> Total I'm responsible for
> 14 different e-mail accounts and literally none of the other dozen get
> or are getting any spam.  True most of them aren't often-used addresses
> because they're various parts of web sites, but my point is, they aren't
> getting spam at all.  So either they're not targeted or the spam filters
> are 100% for them so far.

So that means that you /can/ or you /cannot/ access what that provider has
identified as spam?

>    And yes, I did check to be sure the spam filters were turned on for
> the address getting all the spam.

Why not turn the filters off and sort the spam on your end?

> I've also checked webmail and the mails aren't getting stuck there.
> My ISP hasn't responded yet, but since it doesn't matter today in my
> testing whether I use short and legit mails or spams I'm assuming my ISP
> and/or web site servers admins aren't doing anythng funny to me.

I'm glad that I don't have any need to communicate with any of my
providers.  I've never known any provider which was any good at
communicating or troubleshooting or following up anything for which they
have been notified.  It seems that you have need to communicate with your
provider for one thing or another.  That would not work for me at all.

> Not sure where to go next unless you guys might have some ideas.  I'm
> out, for the time being at least.
>   I am considering re-downloading IE7 and reinstalling it again but I'm
> having trouble convincing myself that this is MY problem!  I have a
> feeling it's one of those things that will just "go away" and that's
> going to really PO me<g>!

I don't know what a browser would have to do with any of this.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Thu Oct  9 13:45:52 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Oct  9 13:50:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net> <gcj1oo$rje$1@news.spamcop.net>
Message-ID: <gclg08$644$1@news.spamcop.net>

Mike said:
> <picking up where I left off>
>
> spamcop wrote:
>
>> Also, on the subject of spam numbers, I've been receiving very, very
>> few spams all of a sudden after a slow but  continual growth to more
>> than 30/day.  Today I've had one so far and the norm would have been
>> around 15 and another 15 or so by the end of the evening.  They were
>> all coming from the same general places and very similar  spams over
>> and over (penis, drugs, pharmacy, loans, about everything but stock)
>> so maybe the spammer got put out of business but I've never had it
>> happen that quickly before.
>
> For the account which I use to SC report, I have the provider filter
> turned off and I use spampal to tag the spams and then all of the
> spam is sorted into a junk folder and I report the spam from there.

I got a few of my past-submitted, not many, SC report notifies back last 
night; 13 of them IIRC.  2 were test submissions I made but all the rest 
were "too old" to report, some by several days.  I will probably just 
delete them; no future in keeping old spams - I looked at them and 
apparently there was a delay in getting them to SC, I'm guessing, from 
looking at the headers.  I looked online and there are no Saved Reports 
so if there are more to come SC doesn't know about them yet.  So 
somewhere along the line they were waylaid.

Today the spam is back in my Inbox, so that's indicative of something. 
I had 19 spams waiting for me when I fired up OE today.  Still all on 
the same Netfirms e-mail address I use for my trusted sources so to 
speak, so no changes there.

Just a few second ago I got email so looking to see if it was more SC 
returns, I checked and it turned out to be a ZDNet newsletter.  It's a 
huge coincidence, but if you take a look at 
http://blogs.zdnet.com/security/?p=2006  , it's:  A short excerpt from 
the beginning says:

<quote>
After years of operation, California based ISP Atrivo/Intercage, a well 
known Russian Business Network darling, faced the music and was 
disconnected from the Internet by its upstream provider at the end of 
September. What happened according to MessageLabs's latest intelligence 
report, After years of operation, California based ISP Atrivo/Intercage, 
a well known Russian Business Network darling, faced the music and was 
disconnected from the Internet by its upstream provider at the end of 
September. What happened according to MessageLabs's latest intelligence 
report, After years of operation, California based ISP Atrivo/Intercage, 
a well known Russian Business Network darling, faced the music and was 
disconnected from the Internet by its upstream provider at the end of 
September. What happened according to MessageLabs's latest intelligence 
report,
</quote>

On first read the article seems to contradict itself on how quickly they 
got back to SOP but it's interesting.  Since my current spam load is all 
very similar in nature and with repetitive sources, it's possible 
something like that is the reason for my suddenly not getting spams and 
having them back today, all of a sudden like, with a short spurt last 
night.
   Although, I don't see how those two companies could waylay spam 
reports, etc., unless more went on in the "network" or in the larger 
upstreams than we know about.  Aren't SC servers located on the West 
Coast?  Maybe my mails were caught in some sort of redirection or 
something.  No idea; I'm aware I'm rationalizing now because it seems to 
sort of maybe in some way kind of could possibly point at something<g>.

>
> I also have an account which is 'totally' filtered, ie everything is
> filtered except what I have whitelisted, and I have a gmail account
> which is filtered and which I do not report from.

I've thought about trying that myself with this address getting the 
spam.  If it becomes unmanageable I might do it but right now that's the 
only source I'm getting spam on.
  NO, do not explain to me about how to get spam<G>!!
  I submit for the scbl purposes and what tiny coincidences of 
controlling spam it may provide.  Empirically in some cases the 
reporting does seem to have an impact and my own spam load and to a 
degree I like being one of those who helped get them at least accused of 
having bought a dirty spam list or whatever.  Ain't having no effect 
this time though, that's for sure!  Well, unless I helped "get" someone 
like referred to in that article at ZDNet.
>
>>    It's also strange that it was all on one e-mail address and only a
>> few, less than 10 total, to another address.
>
> When you speak of your mail accounts generically there is no way that
> anyone else can investigate the status of a particular providers
> filters -- whether they can be turned on or off.  I do not like a mail
> provider *to be able to filter mail which I cannot see, and in none of
> my mailboxes is that possible.* [  emphasis mine  ]

Not sure I understand that, unless you mean EL won't show you the spam?

...

> So that means that you /can/ or you /cannot/ access what that
> provider has identified as spam?

Yes, I can.  It drops into a spam folder if I want it to.  I can also 
tick "is" or "is not" spam on misidentified spams/good mail.  Seems to 
work well; I almost never see a goodmail in the spam folder anymore.  In 
fact if I have a few extra minutes I'll sometimes look to see if it has 
any recent spam I can submit in the spam folder, but that's not very 
often.  I try to keep it at a level that I'll not get frustrated with.

>
>>    And yes, I did check to be sure the spam filters were turned on
>> for the address getting all the spam.
>
> Why not turn the filters off and sort the spam on your end?

I used webmail to see what was up with the total spam situation.

Mmm, mainly because I decided submitting spam that got past the filters 
as what I'd like to target as opposed to all of it.  On that particular 
account:  Most other accounts, which don't get spam, have it turned off 
so I will know if they begin to get spammed. So unless they get spam I 
don't turn the filter on and I know then there is less maintenance to do 
there.
   Plus, only 14, not all, of the existing accounts are mine; some are 
accounts given to other people, like the SPCA officers & staff for that 
site; they manage their own end of things and I only get involved if 
they have problems.  I only monitor the info@ et al accounts.  My issues 
are confined solely to 1 of my own accounts and 1 only.

...
> I'm glad that I don't have any need to communicate with any of my
> providers.  I've never known any provider which was any good at
> communicating or troubleshooting or following up anything for which
> they have been notified.  It seems that you have need to communicate
> with your provider for one thing or another.  That would not work for
> me at all.

Not so much.  They're just as hard as most are to get human attention 
but once you do get human attention, as long as you don't mistreat it, 
they are pretty decent about being responsive.  And, I know the sequence 
of Help pages you need to get an offer to speak to a real person, which 
still takes 2 more emails, one to convince them the FAQs don't cover it 
(which gets another auto-reponse with another set of FAQs), and the last 
to restate the problem.  I just happen to know where that point is so I 
make it in two emails.  They also seem to keep a pretty good record of 
their client's actions; whenever I contact them they always know my 
complete history.  What they do NOT do, which I'm grateful for, is 
blackhole requests - even if it is automated boileplate and FAQs, they 
still answer within two days, usually 1.

>
>> Not sure where to go next unless you guys might have some ideas.  I'm
>> out, for the time being at least.
>>   I am considering re-downloading IE7 and reinstalling it again but
>> I'm having trouble convincing myself that this is MY problem!  I
>> have a feeling it's one of those things that will just "go away" and
>> that's going to really PO me<g>!
>
> I don't know what a browser would have to do with any of this.

lol, me neither!  It was "browser" because that's what you need to get 
the mail cient!

As for the SC inconsistancies, I think I've been mountain-making there. 
I'm not sure things like Past Reports were of any use at all without 
knowing first what I should specifically see before going there. And it 
doesn't seem to work quite right.

  It does appear that two e-mails were "lost" somehow, but ... I'm not 
sure whether it has any relationship to the SC reports or not now, but 
it seems possible.  I HATE it when things just seem to start working 
again, and apparently they are.  I made up excuses to contact the 
majority of my trusted sources and they each responded, SC has 
responded, twice so far today, with notifies for every spam I've 
e-mailed in.  I guess the only thing to do now is to see if it keeps on 
working.  No idea how I'll write it up in my history file, but ... I'll 
think of something that makes it sound good<g>.

Cheers,

Twayne




From MikeE at ster.invalid  Thu Oct  9 17:49:53 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Oct  9 17:50:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net> <gcj1oo$rje$1@news.spamcop.net>
	<gclg08$644$1@news.spamcop.net>
Message-ID: <gclu9q$2ps$1@news.spamcop.net>

Twayne wrote:
> Mike said:

>> I do not like a mail
>> provider *to be able to filter mail which I cannot see, and in none of
>> my mailboxes is that possible.* [  emphasis mine  ]
>
> Not sure I understand that, unless you mean EL won't show you the spam?

No.  Every account gives me access to the spam.  Account1 - unfiltered,
all spam segregated by spampal.  Account2 - totally filtered, all spam in
EL's spam & suspect folders  Account3 - filtered, spam in gmail spam
folder.

I believe that it is imperative that if you have any account which is
going to receive any goodmail which is not whitelisted, that you have a
powerful and personally configured filter working on it, so that it is
*impossible* for any goodmail to get into a spam folder.  (IMO) You must
*not* have to dumpster dive into the spam folder to find goodmail, or it
will get lost.  You won't be able to find every single goodmail in all
that busy-ness of spam -- and you will spend way way way too much time
running your fingers and your eyeballs thru' all of that spam's ugliness.

> I almost never see a goodmail in the spam folder anymore.

I consider that 'ever' (almost never) part to be a big problem that
deserves to be fixed.

>> Why not turn the filters off and sort the spam on your end?

> Mmm, mainly because I decided submitting spam that got past the filters
> as what I'd like to target as opposed to all of it.

My philosophy is different.  I believe that I should/ I know I will/
submit all of the spam that comes to the account which I protect with the
strongest and most specific spamfilter;  namely the Account1 above.  And I
further believe that the source reporting is absolutely the important
part, because my filter uses the SCbl as part of its filtering process.
And I further believe that I shouldn't have to spend a lot of time working
on the problem -- ergo I use quickreporting.  I know that I can
quickreport 100% of the totalspam in a tiny fraction of the time you can
regular report leaked filtered spam.

IMO you are spending too much time doing regular reporting and not
accomplishing the reporting of all of the spam which is coming to that
account.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Thu Oct  9 18:47:10 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Oct  9 18:50:03 2008
Subject: [Scspamcop] Re: Anybody home?
References: <gce3kr$t7b$1@news.spamcop.net> <gce5pe$2e0$1@news.spamcop.net>
	<gcgfa3$h5n$1@news.spamcop.net> <gcglg7$74d$1@news.spamcop.net>
	<gch85h$1pm$1@news.spamcop.net> <gci439$5tq$1@news.spamcop.net>
	<gcipa6$jh0$1@news.spamcop.net> <gcj1oo$rje$1@news.spamcop.net>
	<gclg08$644$1@news.spamcop.net> <gclu9q$2ps$1@news.spamcop.net>
Message-ID: <gcm1l6$b4m$1@news.spamcop.net>

Mike said:
> Twayne wrote:
>> Mike said:
>
...
> *impossible* for any goodmail to get into a spam folder.  (IMO) You
> must
> *not* have to dumpster dive into the spam folder to find goodmail, or
> it will get lost.  You won't be able to find every single goodmail in
> all that busy-ness of spam -- and you will spend way way way too much
> time running your fingers and your eyeballs thru' all of that spam's
> ugliness.

I think I'd have to agree with your opinion on that one.  It's been so 
long since my spam folder had more than a page worth of entries it's 
never needed much more than a glance so I've become complacent.  It's 
past that now though and I am beginning t spend noticeable time on 
reporting spam, so I may have to do something different.
    Since it's a main account, I don't want to mess around with changing 
it or anything so that leaves me considering something akin to your 
suggestion/s.
    I've used MailWasher before and probably will again, at least for it 
tagging and blocklist abilities.
    Quick Reporting I'll have to go take a readup on again to see if I 
think it's useful or not.  It's not really that time consuming (yet) to 
report spams but it's becoming noticeable to me.  I watched the clock 
just now when I responded to the spam notifications to finish reporting 
spam, and (assuming the 'net's/SC's moving data efficiently) it come out 
to about a second per spam to report them.  I start clicking and looking 
at the top reply to and report to lines, and just keep clicking.  As 
long as I keep hearing "Navigation Started" with each click I know it's 
going along well.  As long as I don't see my own ISP or someone I know 
it goes along fine.  Most of them are so obvious with spams it's no 
problem.  These right now all seem to be either .ru or br with the 
occasional Comcast tossed into the mix.  I keep expecting the scope to 
widen but it hasn't so far.

>
>> I almost never see a goodmail in the spam folder anymore.
>
> I consider that 'ever' (almost never) part to be a big problem that
> deserves to be fixed.

lol, actually, the word "almost" there was an afterthought.  I literally 
never see a good mail in my spam folders anymore and have not for many, 
many months.  But it seems like the second I ever use the word 'never' I 
get turned into an inadvertent liar somehow, so I try hard to *always* 
be sure to *never* use words like *always* and *never * in any kind of 
possible variable circumstance<g>.

>
>>> Why not turn the filters off and sort the spam on your end?
>
>> Mmm, mainly because I decided submitting spam that got past the
>> filters as what I'd like to target as opposed to all of it.
>
> My philosophy is different.  I believe that I should/ I know I will/
> submit all of the spam that comes to the account which I protect with
> the strongest and most specific spamfilter;  namely the Account1
> above.  And I further believe that the source reporting is absolutely
> the important part, because my filter uses the SCbl as part of its
> filtering process. And I further believe that I shouldn't have to
> spend a lot of time working on the problem -- ergo I use
> quickreporting.  I know that I can quickreport 100% of the totalspam
> in a tiny fraction of the time you can regular report leaked filtered
> spam.

Probably so; never having used it, I can not comment on it.  It might be 
time to get some experience with it though.

>
> IMO you are spending too much time doing regular reporting and not
> accomplishing the reporting of all of the spam which is coming to that
> account.

Mmm, it's getting there.  It occurs to me that quickreporting, assuming 
I got along with it well, would add a lot more to the scbl.  Truth be 
known,  I was convinced until just recently that I was going to be 
kicked off SC for not using the mailhost setup anyway, so nothing much 
beyond status-quo came up; didn't see any future in working at something 
that would be taken away anyway.
   Now that mailhost finally works for my situation though, I do have a 
renewed interest other spam reporting possibilities.  Otherwise I would 
never have bothered to start a thread such as this one; wouldn't have 
been any future in it.  IMO SC has done a rather p-poor presentation and 
communication of the mailhost setups and allowed a lot of WAGs and SWAGs 
to happen that could have been avoided.  NO Wazoo, that's NOT a shot at 
you<g>!  Ah, but that's a soapbox; nuffa that.

Mike, I thank you for your time and opinions through this thread.  It's 
been good to have the clarification/verification/redirection you've 
provided.  You're a good detail-man and that's always handy with vague, 
gaseous problems like this one.  Other than I still don't know what the 
root cause was, at least it's over with and things are back to normal, 
whatever "normal" means.

Cheers,

Twayne







From nobody at spamcop.net  Thu Oct  9 19:19:33 2008
From: nobody at spamcop.net (RandallW)
Date: Thu Oct  9 19:20:03 2008
Subject: [Scspamcop] spam with odd Yahoo setup
Message-ID: <gcm3hu$hgr$1@news.spamcop.net>

I receive spam that has a Yahoo url with lots of periods and slashes in it, 
back to back a bunch of times.  Does it actually resolve?

Example: 
http://www.spamcop.net/sc?id=z2317894311zc7d23c2757243185904f955fcc424bf6z

The parser offers to send a complaint to Yahoo; does it make sense to do it? 
Is the 'hartjade' part of the URL worth investigating for a manual 
complaint? 


From MikeE at ster.invalid  Thu Oct  9 19:46:05 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Oct  9 19:50:03 2008
Subject: [Scspamcop] Re: spam with odd Yahoo setup
References: <gcm3hu$hgr$1@news.spamcop.net>
Message-ID: <gcm53l$lt0$1@news.spamcop.net>

RandallW wrote:
> I receive spam that has a Yahoo url with lots of periods and slashes in
> it, back to back a bunch of times.  Does it actually resolve?

Yes it resolves, because the front end is simple/normal.  What makes it
funky is the path after the domainname.  And what makes that funkier is
that the webserver redirects and redirects and redirects and redirects
some more.

> Example:
>
http://www.spamcop.net/sc?id=z2317894311zc7d23c2757243185904f955fcc424bf6z
>
> The parser offers to send a complaint to Yahoo; does it make sense to
> do it? Is the 'hartjade' part of the URL worth investigating for a
> manual complaint?

Some antispammers are motivated to track down the (ultimate) payload page
of a spam no matter how much redirection is involved nor how much decoding
of scripts is involved.  The persona spamless who hangs out in a few
antispam ng/s such as nanae and occasionally alt.spam is quite adept at
it.

Most people are not motivated to do anything meaningful with what they
find -- so being curious about it means that someone else like spamless
has to do the actual work.

>From the perspective of who is the provider for the spamvertiser of the
payload, the answer is yahoo, and all of the rest is immaterial from the
perspective of who should be notified about the issue from a spamcop
reporter's perspective.  It never goes anywhere else.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Sat Oct 11 06:32:14 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 11 06:35:02 2008
Subject: [Scspamcop] Mailhost problem?
Message-ID: <gcpvau$ahu$1@news.spamcop.net>

Dears,

these:

    http://www.spamcop.net/sc?id=z2322503852za84dc6d03e4b66e0ca77f47fe7aea55bz
    http://www.spamcop.net/sc?id=z2322505135z1a2c38b39c3e0b249458feac344d8871z

are parsed as being received from libero.it (222.253.21.64), but the problem 
is that I can't find an address such this in my mailhost conf for Libero.

Why is the parser believing they are from Libero?

Besides, this makes the parser "trust" the date stamp of the wrong header, 
thereby it refuses the report because "too old"...

Regards,

Giampaolo 


From MikeE at ster.invalid  Sat Oct 11 07:03:00 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Oct 11 07:05:04 2008
Subject: [Scspamcop] Re: Mailhost problem?
References: <gcpvau$ahu$1@news.spamcop.net>
Message-ID: <gcq14q$hnt$1@news.spamcop.net>

Giampaolo Tomassoni wrote:

>
http://www.spamcop.net/sc?id=z2322503852za84dc6d03e4b66e0ca77f47fe7aea55bz
>
http://www.spamcop.net/sc?id=z2322505135z1a2c38b39c3e0b249458feac344d8871z
>
> are parsed as being received from libero.it (222.253.21.64), but the
> problem is that I can't find an address such this in my mailhost conf
> for Libero.

Those items do not look like the mailhost you posted before

http://www.spamcop.net/sc?id=z2248807117z48d381f94fa0ccdf42f85b603875d889z

> Why is the parser believing they are from Libero?

If you ask me, the parser is crazy if it thinks those are your mailhost
(or from libero) unless you have a very strange mailhost in addition to
the one above.

> Besides, this makes the parser "trust" the date stamp of the wrong
> header, thereby it refuses the report because "too old"...

  Abbreviated Received tracelines *comment
  from localhost (localhost [127.0.0.1]) by s0.edlui.it *serves recipient
  from advbiol.com (unknown [222.253.21.64]) by s0.edlui.it *sourceline
  from 24.97.9.242 (HELO gwmail.abacusinfo.com) by tomassoni.biz
*bogusline, severe timestamp anomaly

The parser is (appears to be) trusting 222.253.21.64 as if it were your
mailhost and misidentifying it as libero.it, when it is a bigtime .vn
VietNam spamsource on numerous blocklists.

<snip>
No unique hostname found for source: 222.253.21.64
edlui.it received mail from libero.it ( 222.253.21.64 )
</snip>

That looks pretty whacky to me.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Sat Oct 11 08:49:31 2008
From: nobody at spamcop.net (Ellen)
Date: Sat Oct 11 08:50:03 2008
Subject: [Scspamcop] Re: Mailhost problem?
In-Reply-To: <gcq14q$hnt$1@news.spamcop.net>
References: <gcpvau$ahu$1@news.spamcop.net> <gcq14q$hnt$1@news.spamcop.net>
Message-ID: <48F0A0DB.2090209@spamcop.net>

Mike Easter wrote:
> Giampaolo Tomassoni wrote:
> 
> http://www.spamcop.net/sc?id=z2322503852za84dc6d03e4b66e0ca77f47fe7aea55bz
> http://www.spamcop.net/sc?id=z2322505135z1a2c38b39c3e0b249458feac344d8871z
>> are parsed as being received from libero.it (222.253.21.64), but the
>> problem is that I can't find an address such this in my mailhost conf
>> for Libero.
> 
> Those items do not look like the mailhost you posted before
> 

Makes no sense to me. 222.253.21.64 is not part of the libero.it
mailhost. It may have something to do with localhost being part of the
libero.it mailhost and the rDNS for the IP being localhost..

In any case I marked 222.253.21.64 as untrusted. After a moment of
reflection I marked the whole /24 as untrusted -- it is pretty ugly.

Well damn, that solved one problem and created a new one -- now the MH 
parser says incomplete headers. Still going to leave the /24 flagged as 
untrusted.


Bcc'ed to Don to look at.


Ellen
SpamCop



From nobody at devnull.spamcop.net  Sat Oct 11 11:13:35 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 11 11:15:03 2008
Subject: [Scspamcop] Re: Mailhost problem?
References: <gcpvau$ahu$1@news.spamcop.net> <gcq14q$hnt$1@news.spamcop.net>
	<48F0A0DB.2090209@spamcop.net>
	<2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com>
Message-ID: <gcqfqf$bbi$1@news.spamcop.net>


"SpamCop Admin" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com...
> Ellen wrote:
>>-It may have something to do with localhost being part of the
>>-libero.it mailhost and the rDNS for the IP being localhost..
>
> You hit the nail on the head.
>
> I removed "localhost" from the libero host and the parse is working
> correctly now.
>
> - Don D'Minion - SpamCop Admin -

Thank you Ellen and Don to fix this.

As everytime, I couldn't have a look to your replies in the meantime. I see 
this luckly wasn't an issue to you both...

Don, was the "localhost" stuff in my MH conf or you speak about some SC-wide 
setup? In the first case, it could be better to have a check to the MH 
training system, since I used it to train the parser against Libero entries. 
Probably di 127.0.0.1 was from my own MX...

Thanks,

Giampaolo 


From tmcgraw at spamcop.net  Sat Oct 11 13:54:49 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Sat Oct 11 13:55:03 2008
Subject: [Scspamcop] Re: Mailhost problem?
In-Reply-To: <sfp1f45c2ihia3plkia9vcb5s7nvhvabku@4ax.com>
References: <gcpvau$ahu$1@news.spamcop.net> <gcq14q$hnt$1@news.spamcop.net>
	<48F0A0DB.2090209@spamcop.net>
	<2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com>
	<gcqfqf$bbi$1@news.spamcop.net>
	<sfp1f45c2ihia3plkia9vcb5s7nvhvabku@4ax.com>
Message-ID: <gcqp99$f45$1@news.spamcop.net>

SpamCop Admin wrote:
> Giampaolo Tomassoni wrote:
>> Don, was the "localhost" stuff in my MH conf or you speak about some SC-wide 
>> setup? 
> 
> All hosts are global.  The Libero.it host applies to all SpamCop users
> who get service from Libero.

<tongue in cheek> I never considered spam a 'service'! </tongue in cheek>
From nobody at devnull.spamcop.net  Sat Oct 11 14:51:15 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 11 14:55:03 2008
Subject: [Scspamcop] Re: Mailhost problem?
References: <gcpvau$ahu$1@news.spamcop.net> <gcq14q$hnt$1@news.spamcop.net>
	<48F0A0DB.2090209@spamcop.net>
	<2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com>
	<gcqfqf$bbi$1@news.spamcop.net>
	<sfp1f45c2ihia3plkia9vcb5s7nvhvabku@4ax.com>
	<gcqp99$f45$1@news.spamcop.net>
Message-ID: <gcqsil$j6$1@news.spamcop.net>

"Tim McGraw" <tmcgraw@spamcop.net> ha scritto nel messaggio 
news:gcqp99$f45$1@news.spamcop.net...
> SpamCop Admin wrote:
>> Giampaolo Tomassoni wrote:
>>> Don, was the "localhost" stuff in my MH conf or you speak about some 
>>> SC-wide setup?
>>
>> All hosts are global.  The Libero.it host applies to all SpamCop users
>> who get service from Libero.
>
> <tongue in cheek> I never considered spam a 'service'! </tongue in cheek>

Libero.it is a free mail service quite common here in Italy. This may be why 
some spam cames from it.

Giampaolo 


From nobody at devnull.spamcop.net  Sat Oct 11 16:54:52 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 11 16:55:02 2008
Subject: [Scspamcop] Re: Mailhost problem?
References: <gcpvau$ahu$1@news.spamcop.net> <gcq14q$hnt$1@news.spamcop.net>
	<48F0A0DB.2090209@spamcop.net>
	<2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com>
	<gcqfqf$bbi$1@news.spamcop.net>
Message-ID: <gcr3qe$vpu$1@news.spamcop.net>

"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:gcqfqf$bbi$1@news.spamcop.net...
>
> "SpamCop Admin" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
> news:2fb1f4t4j3aspp2mr3711t0ibod92p3dih@4ax.com...
>> Ellen wrote:
>>>-It may have something to do with localhost being part of the
>>>-libero.it mailhost and the rDNS for the IP being localhost..
>>
>> You hit the nail on the head.
>>
>> I removed "localhost" from the libero host and the parse is working
>> correctly now.
>>
>> - Don D'Minion - SpamCop Admin -
>
> Thank you Ellen and Don to fix this.

Well, I forgot to mention Mike here... Sorry Mike and thank you too!

Giampaolo


>
> As everytime, I couldn't have a look to your replies in the meantime. I 
> see this luckly wasn't an issue to you both...
>
> Don, was the "localhost" stuff in my MH conf or you speak about some 
> SC-wide setup? In the first case, it could be better to have a check to 
> the MH training system, since I used it to train the parser against Libero 
> entries. Probably di 127.0.0.1 was from my own MX...
>
> Thanks,
>
> Giampaolo
> 


From nobody at spamcop.net  Mon Oct 13 10:26:15 2008
From: nobody at spamcop.net (Bar0)
Date: Mon Oct 13 10:30:04 2008
Subject: [Scspamcop] What's up with Castle Cops?
Message-ID: <gcvlq7$p0k$1@news.spamcop.net>

Castle Cops has been working great the last couple of weeks, until 
yesterday, now I can only get to the German Fora which say nothing of any 
problems at the main site. Anyone else having any trouble reporting stuff 
with Castle Cops? 

From MikeE at ster.invalid  Mon Oct 13 11:28:19 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct 13 11:30:02 2008
Subject: [Scspamcop] Re: What's up with Castle Cops?
References: <gcvlq7$p0k$1@news.spamcop.net>
Message-ID: <gcvpej$8lh$1@news.spamcop.net>

Bar0 wrote:
> Castle Cops has been working great the last couple of weeks, until
> yesterday, now I can only get to the German Fora which say nothing of
> any problems at the main site. Anyone else having any trouble reporting
> stuff with Castle Cops?

The regular castlecops is at a different IP than the de.castlecops.  There
is nothing at castlecops IP that shows a port 80, but the nameservice
seems to be OK.  wiki.castlecops which is at the de.castlecops IP works.

I would say that the machine which is located at 204.152.184.144 rDNS
isc.castlecops.com has a b0rken webserver or may be down altogether.  It
doesn't answer any pings or show any of the common server ports.  I didn't
scan it otherwise.


-- 
Mike Easter
kibitzer, not SC admin

From joegill at removethis  Tue Oct 14 23:07:37 2008
From: joegill at removethis (Joe Gill)
Date: Tue Oct 14 23:10:03 2008
Subject: [Scspamcop] No mail is POPing in SPAMCOP
Message-ID: <gd3mpm$jvu$1@news.spamcop.net>

I am an webmail spamcop user.

I notice no mail coming in.

I have 5 different servers that I 'pop'
 - 3 are popgate2.cesmail.com
 - 1 is pop.att.yahoo.com
 - 1 is pop.gmail.com

All show the 'last error' as 'cannot contact server'.
All were working earlier today.

Anyone else seeing this problem?

From nobody at spamcop.net  Tue Oct 14 23:27:05 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Tue Oct 14 23:30:03 2008
Subject: [Scspamcop] Re: No mail is POPing in SPAMCOP
In-Reply-To: <gd3mpm$jvu$1@news.spamcop.net>
References: <gd3mpm$jvu$1@news.spamcop.net>
Message-ID: <gd3nub$ml9$1@news.spamcop.net>

"Joe Gill" <joegill@removethis@prodigy.net> wrote in message 
news:gd3mpm$jvu$1@news.spamcop.net...
>I am an webmail spamcop user.
>
> I notice no mail coming in.
>
> I have 5 different servers that I 'pop'
> - 3 are popgate2.cesmail.com
> - 1 is pop.att.yahoo.com
> - 1 is pop.gmail.com
>
> All show the 'last error' as 'cannot contact server'.
> All were working earlier today.
>
> Anyone else seeing this problem?
>

There may be an issue as this post in the Forums came a short while ago. 
http://forum.spamcop.net/forums/index.php?s=&showtopic=8645&view=findpost&p=67288

As I posted there, I do not use popgate2 any more.  I have no errors in my 
gmail account, but I also rarely have email in that account. 

From joegill at removethis  Tue Oct 14 23:45:25 2008
From: joegill at removethis (Joe Gill)
Date: Tue Oct 14 23:50:04 2008
Subject: [Scspamcop] Re: No mail is POPing in SPAMCOP
References: <gd3mpm$jvu$1@news.spamcop.net>
Message-ID: <gd3p7h$qr0$1@news.spamcop.net>


"Joe Gill" <joegill@removethis@prodigy.net> wrote in message 
news:gd3mpm$jvu$1@news.spamcop.net...
>I am an webmail spamcop user.
>
> I notice no mail coming in.
>
> I have 5 different servers that I 'pop'
> - 3 are popgate2.cesmail.com
> - 1 is pop.att.yahoo.com
> - 1 is pop.gmail.com
>
> All show the 'last error' as 'cannot contact server'.
> All were working earlier today.
>
> Anyone else seeing this problem?
>

Popping seems to be back now...
Thanks to whomever corrected it!! 

From anonymouse at dev.null  Wed Oct 15 01:32:06 2008
From: anonymouse at dev.null (Anonymouse)
Date: Wed Oct 15 01:35:02 2008
Subject: [Scspamcop] Shane Atkinson
Message-ID: <gd3va5$elf$1@news.spamcop.net>

Spammer faces civil action under NZ spam act.


http://www.stuff.co.nz/4727923a6530.html

http://www.geekzone.co.nz/juha/2212

Anony Mouse
Court trollmeister.
Order of merit of the great ICANN wars.
Slayer of the great Dragon Atkinus.
Conquest of 2003. Lord Van Essen of Pillpenus.
Sayer to the senate inquisitions. Netsol.
Decorated Legion of honor of the great spam wars.
Chief tormentor of registrarus horribalus.
Keeper of the faith. Brethran of the Lart.
Holder of the key of the mighty Debian Linux gateway.
Follower of the great Sassenach Warrior Stiff Linefeed.
Expert translator of foul mouthed troll tongue.
House of Nanae. Land of the long white cloud.
From nospam at sbcglobal.net  Wed Oct 15 08:44:50 2008
From: nospam at sbcglobal.net (Vadim Rapp)
Date: Wed Oct 15 08:45:03 2008
Subject: [Scspamcop] What's the catch?
Message-ID: <gd4ok2$kra$1@news.spamcop.net>

Hello,

I do have the feeling that the below email is some new form of Nigerian 
scam, but can't figure out, what's their trick?

regards

=============================================================
GLORIOUS CONSULTANT LTD.
IMPORT-EXPORT-COMMERCE GENERAL
25 CANNON STR.EC4M LONDON,
UNITED KINGDOM.
DEAR SIR/MADAM,
YOUR GOOD NAME AND ADDRESS HAVE BEEN RECOMMENDED TO US AS AN AUTHORISED 
EXPORTERS OF VARIOUS ITEMS FROM YOUR COUNTRY.TO INTRODUCING OUR SELVES TO 
YOU,WE ARE INTERNATIONAL REPUTABLE COMMERCIAL ORGANISATION MARKETING FOREIGN 
SALES FACTORS,WHOLESALE DISTRIBUTORS,MANUFACTURERS REPRESENTATIVE 
IMPORTATION GENERAL.
PRESENTLY WE ARE ACTIVELY ENGAGED IN SOURCING OF THE UNDER LISTED ITEMS FOR 
AN URGENT SUPPLY TO OUR NUMROUS CUSTOMERS AND OUR HOME GOVERNMANT, WE HAVE 
BEEN IN THIS LINE OF BUSINESS FOR MANY SUCCESSFUL YEARS SATISFYING OUR 
NUMEROUS CUSTOMERS AND GOVERNMENT WITH ALL THEIR NEEDS.OUR RECENT EXPANSION 
AND DESIRE TO PROMOTE TRADE AND INDUSTRY IN YOUR COUNTRY HAS OFFORDED US THE 
OPPORTUNITY TO CONTACT YOUR ESTEEM COMPANY FOR AN URGENT SUPPLY OF THE UNDER 
LISTED ITEMS
RE;EXERCISE BOOKS,SCHOOL BARRETS,SCHOOL BAGS,DRAWING MATERIALS,T-SQUARE 
BOAD,MATHMATICAL SETS,ELECTRONICS/MANUAL BLACK BOARD,BUILDING 
MATERIALS,FIREPROOFING,MOTOR WASTE BIN,CEMENTS,PHARMACEUTICAL 
PRODUCTS,ULTRASOUND MECHINES,SURGICAL/DENTAL EQIPMENTS, T-SHIRTS,HOSPITAL 
BED SHEETS,INDUSTRIAL MACHINES,RAW FOOD ITEMS,AND GENERAL GOODS FROM YOUR 
COUNTRY.
PLEASE IF YOU CAN SUPPLY US WITH ANY OF THE ABOVE LISTED ITEMS,DO NOT 
HESITATE TO INFORM US BY MAIL SO THAT WE CAN STOP FURTHER NEGOTIATIONS WITH 
OTHER FOREIGN COMPANIES FOR AN URGENT SUPPLY OF THE CAPTIONED ITEMS.
LOOKING FORWARD HEARING FROM YOU.
BEST REGARDS,
RICHARD EDMOND. 


From nobody at devnull.spamcop.net  Wed Oct 15 09:54:30 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Oct 15 09:55:04 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd4sme$4qg$1@news.spamcop.net>

> Hello,
>
> I do have the feeling that the below email is some new form of
> Nigerian scam, but can't figure out, what's their trick?
>
> regards
>
> =============================================================
> GLORIOUS CONSULTANT LTD.
> IMPORT-EXPORT-COMMERCE GENERAL
> 25 CANNON STR.EC4M LONDON,
> UNITED KINGDOM.
> DEAR SIR/MADAM,
> YOUR GOOD NAME AND ADDRESS HAVE BEEN RECOMMENDED TO US AS AN
> AUTHORISED EXPORTERS OF VARIOUS ITEMS FROM YOUR COUNTRY.TO
> INTRODUCING OUR SELVES TO YOU,WE ARE INTERNATIONAL REPUTABLE
> COMMERCIAL ORGANISATION MARKETING FOREIGN SALES FACTORS,WHOLESALE
> DISTRIBUTORS,MANUFACTURERS REPRESENTATIVE IMPORTATION GENERAL.
> PRESENTLY WE ARE ACTIVELY ENGAGED IN SOURCING OF THE UNDER LISTED
> ITEMS FOR AN URGENT SUPPLY TO OUR NUMROUS CUSTOMERS AND OUR HOME
> GOVERNMANT, WE HAVE BEEN IN THIS LINE OF BUSINESS FOR MANY SUCCESSFUL
> YEARS SATISFYING OUR NUMEROUS CUSTOMERS AND GOVERNMENT WITH ALL THEIR
> NEEDS.OUR RECENT EXPANSION AND DESIRE TO PROMOTE TRADE AND INDUSTRY
> IN YOUR COUNTRY HAS OFFORDED US THE OPPORTUNITY TO CONTACT YOUR
> ESTEEM COMPANY FOR AN URGENT SUPPLY OF THE UNDER LISTED ITEMS
> RE;EXERCISE BOOKS,SCHOOL BARRETS,SCHOOL BAGS,DRAWING
> MATERIALS,T-SQUARE BOAD,MATHMATICAL SETS,ELECTRONICS/MANUAL BLACK
> BOARD,BUILDING MATERIALS,FIREPROOFING,MOTOR WASTE
> BIN,CEMENTS,PHARMACEUTICAL PRODUCTS,ULTRASOUND
> MECHINES,SURGICAL/DENTAL EQIPMENTS, T-SHIRTS,HOSPITAL BED
> SHEETS,INDUSTRIAL MACHINES,RAW FOOD ITEMS,AND GENERAL GOODS FROM YOUR
> COUNTRY. PLEASE IF YOU CAN SUPPLY US WITH ANY OF THE ABOVE LISTED 
> ITEMS,DO NOT
> HESITATE TO INFORM US BY MAIL SO THAT WE CAN STOP FURTHER
> NEGOTIATIONS WITH OTHER FOREIGN COMPANIES FOR AN URGENT SUPPLY OF THE
> CAPTIONED ITEMS. LOOKING FORWARD HEARING FROM YOU.
> BEST REGARDS,
> RICHARD EDMOND.

The catch is they want your money; quit reading spams; waste of time. 


From news0807REMOVECAPS at orrery.e4ward.com  Wed Oct 15 10:05:26 2008
From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith)
Date: Wed Oct 15 10:10:02 2008
Subject: [Scspamcop] Re: What's the catch?
In-Reply-To: <gd4ok2$kra$1@news.spamcop.net>
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd4tb9$86j$1@news.spamcop.net>

Vadim Rapp wrote:
> Hello,
> 
> I do have the feeling that the below email is some new form of Nigerian 
> scam, but can't figure out, what's their trick?
> 
> regards
> 
> =============================================================
> GLORIOUS CONSULTANT LTD.
> IMPORT-EXPORT-COMMERCE GENERAL
> 25 CANNON STR.EC4M LONDON,
> UNITED KINGDOM.
> DEAR SIR/MADAM,
> YOUR GOOD NAME AND ADDRESS HAVE BEEN RECOMMENDED TO US AS AN AUTHORISED 
> EXPORTERS OF VARIOUS ITEMS FROM YOUR COUNTRY.TO INTRODUCING OUR SELVES TO 
> YOU,WE ARE INTERNATIONAL REPUTABLE COMMERCIAL ORGANISATION MARKETING FOREIGN 
> SALES FACTORS,WHOLESALE DISTRIBUTORS,MANUFACTURERS REPRESENTATIVE 
> IMPORTATION GENERAL.
> PRESENTLY WE ARE ACTIVELY ENGAGED IN SOURCING OF THE UNDER LISTED ITEMS FOR 
> AN URGENT SUPPLY TO OUR NUMROUS CUSTOMERS AND OUR HOME GOVERNMANT, WE HAVE 
> BEEN IN THIS LINE OF BUSINESS FOR MANY SUCCESSFUL YEARS SATISFYING OUR 
> NUMEROUS CUSTOMERS AND GOVERNMENT WITH ALL THEIR NEEDS.OUR RECENT EXPANSION 
> AND DESIRE TO PROMOTE TRADE AND INDUSTRY IN YOUR COUNTRY HAS OFFORDED US THE 
> OPPORTUNITY TO CONTACT YOUR ESTEEM COMPANY FOR AN URGENT SUPPLY OF THE UNDER 
> LISTED ITEMS
> RE;EXERCISE BOOKS,SCHOOL BARRETS,SCHOOL BAGS,DRAWING MATERIALS,T-SQUARE 
> BOAD,MATHMATICAL SETS,ELECTRONICS/MANUAL BLACK BOARD,BUILDING 
> MATERIALS,FIREPROOFING,MOTOR WASTE BIN,CEMENTS,PHARMACEUTICAL 
> PRODUCTS,ULTRASOUND MECHINES,SURGICAL/DENTAL EQIPMENTS, T-SHIRTS,HOSPITAL 
> BED SHEETS,INDUSTRIAL MACHINES,RAW FOOD ITEMS,AND GENERAL GOODS FROM YOUR 
> COUNTRY.
> PLEASE IF YOU CAN SUPPLY US WITH ANY OF THE ABOVE LISTED ITEMS,DO NOT 
> HESITATE TO INFORM US BY MAIL SO THAT WE CAN STOP FURTHER NEGOTIATIONS WITH 
> OTHER FOREIGN COMPANIES FOR AN URGENT SUPPLY OF THE CAPTIONED ITEMS.
> LOOKING FORWARD HEARING FROM YOU.
> BEST REGARDS,
> RICHARD EDMOND. 

The English is too quirky to have come from a guy called Richard 
Edmond, not to mention the spelling.

I'd guess that they want your bank details and then will either need 
some advance to oil the wheels of their importer in Bongo-Bongo Land 
or will request that you cash a cheque for a much larger amount than 
they owe you and then forward the surplus cash to them. You'll find 
at some future date that the cheque was forged and that the amount 
has been debited back from your account or that you have been used 
as a money mule to move the proceeds of crime out of the country.

The story is just a front to engage you in a commercial transaction.

regards, Ian
From MikeE at ster.invalid  Wed Oct 15 10:07:09 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct 15 10:10:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd4te9$8ri$1@news.spamcop.net>

Vadim Rapp wrote:

> I do have the feeling that the below email is some new form of Nigerian
> scam, but can't figure out, what's their trick?

Do not post spam content in discussion groups.  It is only allowed^1 in
spamcop.spam which is not a discussion group.

As a general rule, posting spambody content is worth less than posting
access to the entire message source which includes complete headers.  If
you don't know how to make a tracker, see below^2

As another general rule, reading spambodies for entertainment or alleged
"research" value is a behavior for better suited for spamreading
spam-aiding spam-responding spammees rather than spam reporters.  It is
not necessary to read your spam to report it.  I don't read my spam and
I'm not inclined to want to read yours either.

^1 http://www.spamcop.net/help.shtml#nntp  Newsgroup Posting Rules  - No
spam. Please do not post copies of spam or other commercials except in the
spamcop.spam group specifically designated for it. SpamCop provides
"tracking URL"s for posting spam samples. Please use them.

^2 How to make a tracker:

 1 select and obtain the complete spam
 2 privatize the header&body content
 3 webparse it & copy the tracking URL
 4 cancel the report & paste the tracker in here


1  ... in the manner described by the SC faq
http://www.spamcop.net/fom-serve/cache/19.html  How do I get my email
program to reveal the full, unmodified email?

2 ... by modestly and unambiguously mungeing any private information you
don't want to expose, such as your name or email address which might
appear anywhere in the header or body.  Avoid excessive or confusing
mungeing.

3 login to the SC webparser, paste in the spam, and click Process Spam
button;  then copy the tracking URL from the top 'Here is your TRACKING
URL' of the appearance
http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez

4 ... after parsing, the report is 'live' until the cancel button is
used.  After cancelling the tracker disappears;  the munged spam report
should be cancelled because it has been materially changed and because
you don't want to leave a tracker live.




-- 
Mike Easter
kibitzer, not SC admin

From joegill at removethis  Wed Oct 15 10:31:34 2008
From: joegill at removethis (Joe Gill)
Date: Wed Oct 15 10:40:03 2008
Subject: [Scspamcop] Re: No mail is POPing in SPAMCOP
References: <gd3mpm$jvu$1@news.spamcop.net> <gd3p7h$qr0$1@news.spamcop.net>
Message-ID: <gd4v3k$i83$1@news.spamcop.net>


"Joe Gill" <joegill@removethis@prodigy.net> wrote in message 
news:gd3p7h$qr0$1@news.spamcop.net...
>
> "Joe Gill" <joegill@removethis@prodigy.net> wrote in message 
> news:gd3mpm$jvu$1@news.spamcop.net...
>>I am an webmail spamcop user.
>>
>> I notice no mail coming in.
>>
>> I have 5 different servers that I 'pop'
>> - 3 are popgate2.cesmail.com
>> - 1 is pop.att.yahoo.com
>> - 1 is pop.gmail.com
>>
>> All show the 'last error' as 'cannot contact server'.
>> All were working earlier today.
>>
>> Anyone else seeing this problem?
>>
>
> Popping seems to be back now...
> Thanks to whomever corrected it!!

Ooops problem is back.. No mail has popped in from any of my services since 
about 3:40AM
All servers giving message "Cannot contact server" 

From ppearson at nowhere.invalid  Wed Oct 15 11:22:43 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Wed Oct 15 11:25:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd51s3$trm$1@news.spamcop.net>

On Wed, 15 Oct 2008 07:44:50 -0500, Vadim Rapp <nospam@sbcglobal.net> wrote:
> Hello,
>
> I do have the feeling that the below email is some new form of Nigerian 
> scam, but can't figure out, what's their trick?
>
> regards
>
>=============================================================
> GLORIOUS CONSULTANT LTD.
> IMPORT-EXPORT-COMMERCE GENERAL
> 25 CANNON STR.EC4M LONDON,
> UNITED KINGDOM.
> DEAR SIR/MADAM,
[snip]
> BEST REGARDS,
> RICHARD EDMOND. 

I don't know what Richard's business is, but if you reply to
him, please call his attention to his CapsLock key.  All this
shouting is upsetting my dog.

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From tmcgraw at spamcop.net  Wed Oct 15 12:10:33 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Oct 15 12:15:03 2008
Subject: [Scspamcop] Re: No mail is POPing in SPAMCOP
In-Reply-To: <gd3mpm$jvu$1@news.spamcop.net>
References: <gd3mpm$jvu$1@news.spamcop.net>
Message-ID: <gd54lq$ad2$1@news.spamcop.net>

Joe Gill wrote:
> I am an webmail spamcop user.
> 
> I notice no mail coming in.
> 
> I have 5 different servers that I 'pop'
> - 3 are popgate2.cesmail.com
> - 1 is pop.att.yahoo.com
> - 1 is pop.gmail.com
> 
> All show the 'last error' as 'cannot contact server'.
> All were working earlier today.
> 
> Anyone else seeing this problem?

Same here, since yesterday afternoon POP hasn't worked. I only POP one 
server, mail.comcast.net, and sc has been reporting that it can't 
contact the server. Since others who are on other ISPs are having the 
same problem, it's clearly an sc issue.

My biggest complaint at the moment is there seems to be no 
acknowledgment either here or in the forums that it's being looked at.
From nobody at spamcop.net  Wed Oct 15 12:58:56 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Oct 15 13:00:04 2008
Subject: [Scspamcop] Update:  Re: No mail is POPing in SPAMCOP
In-Reply-To: <gd3mpm$jvu$1@news.spamcop.net>
References: <gd3mpm$jvu$1@news.spamcop.net>
Message-ID: <gd57gk$kmr$1@news.spamcop.net>

Joe Gill wrote:
> I am an webmail spamcop user.
> 
> I notice no mail coming in.
> 
> I have 5 different servers that I 'pop'
> - 3 are popgate2.cesmail.com
> - 1 is pop.att.yahoo.com
> - 1 is pop.gmail.com
> 
> All show the 'last error' as 'cannot contact server'.
> All were working earlier today.
> 
> Anyone else seeing this problem?


Jeff is working on the pop problem. It appears that it is not consistent 
across all the users and some people are not having problems. I do not 
have an ETA for a fix but be assured the problem is not being ignored.

Thanks for your patience!


Ellen
SpamCop
From tmcgraw at spamcop.net  Wed Oct 15 13:03:49 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Oct 15 13:05:03 2008
Subject: [Scspamcop] Re: Update:  Re: No mail is POPing in SPAMCOP
In-Reply-To: <gd57gk$kmr$1@news.spamcop.net>
References: <gd3mpm$jvu$1@news.spamcop.net> <gd57gk$kmr$1@news.spamcop.net>
Message-ID: <gd57pl$l65$1@news.spamcop.net>

Ellen wrote:
> Joe Gill wrote:
>> Anyone else seeing this problem?
> 
> Jeff is working on the pop problem. It appears that it is not consistent 
> across all the users and some people are not having problems. I do not 
> have an ETA for a fix but be assured the problem is not being ignored.
> 
> Thanks for your patience!

Thank you. It looks like the server/process that POPs might be offline 
for "repairs" at this moment, as my POP config screen continues to show 
no errors, and the following was posted to the Webmail login page and 
distributed by Don to the spamcop list:

Oct 15, 2008
* [12:04 EDT] We are experiencing problems POPping from some external 
accounts. We're currently working on the problem. In the meantime, most 
mail systems can be set to forward mail and it is always faster and more 
reliable to forward your mail to your spamcop.net account for filtering 
instead of having us POP it.
From nobody at spamcop.net  Wed Oct 15 13:52:35 2008
From: nobody at spamcop.net (Bar0)
Date: Wed Oct 15 13:55:04 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd5al4$4cj$1@news.spamcop.net>


"Vadim Rapp" <nospam@sbcglobal.net> wrote in message 
news:gd4ok2$kra$1@news.spamcop.net...
> Hello,
>
> I do have the feeling that the below email is some new form of Nigerian 
> scam, but can't figure out, what's their trick?
>
> regards
>
> =============================================================
> GLORIOUS CONSULTANT LTD.....
.....

No one will ever know, it's unreadable. It looks like someone's Caps-Lock 
was stuck 

From joegill at removethis  Wed Oct 15 14:10:02 2008
From: joegill at removethis (Joe Gill)
Date: Wed Oct 15 14:15:03 2008
Subject: [Scspamcop] Re: Update:  Re: No mail is POPing in SPAMCOP
References: <gd3mpm$jvu$1@news.spamcop.net> <gd57gk$kmr$1@news.spamcop.net>
	<gd57pl$l65$1@news.spamcop.net>
Message-ID: <gd5brr$85h$1@news.spamcop.net>


"Tim McGraw" <tmcgraw@spamcop.net> wrote in message 
news:gd57pl$l65$1@news.spamcop.net...
> Ellen wrote:
>> Joe Gill wrote:
>>> Anyone else seeing this problem?
>>
>> Jeff is working on the pop problem. It appears that it is not consistent 
>> across all the users and some people are not having problems. I do not 
>> have an ETA for a fix but be assured the problem is not being ignored.
>>
>> Thanks for your patience!
>
> Thank you. It looks like the server/process that POPs might be offline for 
> "repairs" at this moment, as my POP config screen continues to show no 
> errors, and the following was posted to the Webmail login page and 
> distributed by Don to the spamcop list:
>
> Oct 15, 2008
> * [12:04 EDT] We are experiencing problems POPping from some external 
> accounts. We're currently working on the problem. In the meantime, most 
> mail systems can be set to forward mail and it is always faster and more 
> reliable to forward your mail to your spamcop.net account for filtering 
> instead of having us POP it.

Curious... If MAILHOSTS is setup correctly and you are POPing mail, do you 
have to go back and redo MAILHOSTS before setting to FORWARD.
Also if I use the 'forward' option, do I loose the ability to 'reply all' 
when in a distribution list?

TUA 

From svcdude at ix.netcom.com  Wed Oct 15 14:15:09 2008
From: svcdude at ix.netcom.com (Russ Gangloff)
Date: Wed Oct 15 14:20:03 2008
Subject: [Scspamcop] Re: No mail is POPing in SPAMCOP
References: <gd3mpm$jvu$1@news.spamcop.net> <gd54lq$ad2$1@news.spamcop.net>
Message-ID: <gd5bvk$8gv$1@news.spamcop.net>

I've been having the same problem since yesterday on 5 different email 
services.  I submitted it via the "Problem" button in Webmail, but have had 
no response.

However, I've figured out that if I recreate a POP setting, then delete the 
original, all of the error counts go back to zero, and all services get 
POP'd - but only once.  So, I've been going in and copying the info from the 
top entry in my POP servers into a new one at the bottom, then deleting the 
one at the top every couple of hours.  It's a pain in the a--, but it's been 
working.

R

"Tim McGraw" <tmcgraw@spamcop.net> wrote in message 
news:gd54lq$ad2$1@news.spamcop.net...
> Joe Gill wrote:
>> I am an webmail spamcop user.
>>
>> I notice no mail coming in.
>>
>> I have 5 different servers that I 'pop'
>> - 3 are popgate2.cesmail.com
>> - 1 is pop.att.yahoo.com
>> - 1 is pop.gmail.com
>>
>> All show the 'last error' as 'cannot contact server'.
>> All were working earlier today.
>>
>> Anyone else seeing this problem?
>
> Same here, since yesterday afternoon POP hasn't worked. I only POP one 
> server, mail.comcast.net, and sc has been reporting that it can't contact 
> the server. Since others who are on other ISPs are having the same 
> problem, it's clearly an sc issue.
>
> My biggest complaint at the moment is there seems to be no acknowledgment 
> either here or in the forums that it's being looked at. 


From svcdude at ix.netcom.com  Wed Oct 15 14:18:49 2008
From: svcdude at ix.netcom.com (Russ Gangloff)
Date: Wed Oct 15 14:20:04 2008
Subject: [Scspamcop] Re: Update:  Re: No mail is POPing in SPAMCOP
References: <gd3mpm$jvu$1@news.spamcop.net> <gd57gk$kmr$1@news.spamcop.net>
	<gd57pl$l65$1@news.spamcop.net> <gd5brr$85h$1@news.spamcop.net>
Message-ID: <gd5c6f$9j4$1@news.spamcop.net>

Repost from another thread:

I've been having the same problem since yesterday on 5 different email 
services.  I submitted it via the "Problem" button in Webmail, but have had 
no response.

However, I've figured out that if I recreate a POP setting, then delete the 
original, all of the error counts go back to zero, and all services get 
POP'd - but only once.  So, I've been going in and copying the info from the 
top entry in my POP servers into a new one at the bottom, then deleting the 
one at the top every couple of hours.  It's a pain in the a--, but it's been 
working.

R

"Joe Gill" <joegill@removethis@prodigy.net> wrote in message 
news:gd5brr$85h$1@news.spamcop.net...
>
> "Tim McGraw" <tmcgraw@spamcop.net> wrote in message 
> news:gd57pl$l65$1@news.spamcop.net...
>> Ellen wrote:
>>> Joe Gill wrote:
>>>> Anyone else seeing this problem?
>>>
>>> Jeff is working on the pop problem. It appears that it is not consistent 
>>> across all the users and some people are not having problems. I do not 
>>> have an ETA for a fix but be assured the problem is not being ignored.
>>>
>>> Thanks for your patience!
>>
>> Thank you. It looks like the server/process that POPs might be offline 
>> for "repairs" at this moment, as my POP config screen continues to show 
>> no errors, and the following was posted to the Webmail login page and 
>> distributed by Don to the spamcop list:
>>
>> Oct 15, 2008
>> * [12:04 EDT] We are experiencing problems POPping from some external 
>> accounts. We're currently working on the problem. In the meantime, most 
>> mail systems can be set to forward mail and it is always faster and more 
>> reliable to forward your mail to your spamcop.net account for filtering 
>> instead of having us POP it.
>
> Curious... If MAILHOSTS is setup correctly and you are POPing mail, do you 
> have to go back and redo MAILHOSTS before setting to FORWARD.
> Also if I use the 'forward' option, do I loose the ability to 'reply all' 
> when in a distribution list?
>
> TUA 


From ppearson at nowhere.invalid  Wed Oct 15 16:27:46 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Wed Oct 15 16:30:03 2008
Subject: [Scspamcop] Server certificate verification error
Message-ID: <gd5jo2$cj6$1@news.spamcop.net>

Beginning September 10th, about one time in four when
fetchmail attempts to retrieve my email from pop.spamcop.net
(POP3), it logs these three messages:

 Server certificate verification error: unable to get local issuer certificate
 Server certificate verification error: certificate not trusted
 Server certificate verification error: unable to verify the first certificate

Those look like SSL messages to me, but I'm not asking for SSL,
as far as I can tell: my .fetchmailrc file doesn't contain "ssl".

Does anybody have any idea why this is happening?



(Originally posted to spamcop.mail several weeks ago; got no
nibbles, and the problem is still happening.)

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From nobody at spamcop.net  Wed Oct 15 18:13:47 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Oct 15 18:15:04 2008
Subject: [Scspamcop] Re: Server certificate verification error
In-Reply-To: <gd5jo2$cj6$1@news.spamcop.net>
References: <gd5jo2$cj6$1@news.spamcop.net>
Message-ID: <gd5q08$2so$1@news.spamcop.net>

Peter Pearson wrote:
> Beginning September 10th, about one time in four when
> fetchmail attempts to retrieve my email from pop.spamcop.net
> (POP3), it logs these three messages:
> 
>  Server certificate verification error: unable to get local issuer certificate
>  Server certificate verification error: certificate not trusted
>  Server certificate verification error: unable to verify the first certificate
> 
> Those look like SSL messages to me, but I'm not asking for SSL,
> as far as I can tell: my .fetchmailrc file doesn't contain "ssl".
> 
> Does anybody have any idea why this is happening?
> 
> 
> 
> (Originally posted to spamcop.mail several weeks ago; got no
> nibbles, and the problem is still happening.)
> 

I forwarded this over to the email side ....


Ellen
SpamCop
From g.hyde at bigNOSPAMpond.net.au  Wed Oct 15 20:42:35 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Wed Oct 15 20:45:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net>
Message-ID: <gd62m3$qe3$1@news.spamcop.net>


"Vadim Rapp" <nospam@sbcglobal.net> wrote in message 
news:gd4ok2$kra$1@news.spamcop.net...
> Hello,
>
> I do have the feeling that the below email is some new form of Nigerian 
> scam, but can't figure out, what's their trick?
>
> regards
>
> =============================================================
> GLORIOUS CONSULTANT LTD.

[snip]

They're shouting out to all and sundry that they're a new, improved, form of 
idiot.  ALL CAPS = shouting = idiot.

Other than that they're trying to sucker you into being a mule for 
ill-gotten gains.  Best to avoid them at all costs and file them in your 
preferred twit filter.


Cheers ...

Geoffrey Hyde



From jay at spam-block.net  Thu Oct 16 08:49:04 2008
From: jay at spam-block.net (Jay Teutenberg)
Date: Thu Oct 16 08:50:03 2008
Subject: [Scspamcop] is yahoo dense or me?
Message-ID: <gd7d83$p6$1@news.spamcop.net>

I send them copies of spam with full headers,
the ip sure looks like theirs,
all they give me is an autoresponse saying it isnt their problem.

Looks like an att/sbc (probably a dsl customer) is sending thru
the yahoo web mail at web807.biz.mail.mud.yahoo.com ,

but there is no ip for their web mail, just the name.


-------------------------------------------------------------------------
Hello,

Thank you for writing to Yahoo! Mail.

I understand your frustration in receiving unsolicited email. While we
investigate all reported violations against the Yahoo! Terms of Service
(TOS), in this particular case the message you received was not sent
through the Yahoo! Mail system.

Yahoo! has no control over activities outside its service, and therefore
we cannot take action. You may try contacting the sender's email
provider, by identifying the sender's domain and contacting the
administrator of that domain. The sender's provider should be in a
better position to take appropriate action against the sender's account.

The email message itself does contain some information relating to the
sender's identity. Yahoo! includes the originating Internet Protocol
(IP) address in the full Internet headers of all messages sent through
Yahoo! Mail, so that we will have information regarding the origin of
messages sent through our system. The originating IP address should be
located in the very last "Received" line of the full Internet headers
and corresponds to the sender's Internet Service Provider (ISP).

Please see the following URL for more assistance:

   http://help.yahoo.com/help/us/mail/spam/spam-05.html

Once you have identified the IP address, you can conduct an IP lookup to
determine which ISP provides this person with Internet access. One such
lookup tool you may want to try is:

   http://www.arin.net/whois/

You can then attempt to contact that ISP to report any abuse activities
occurring within their service.

In addition, please visit the following website for useful tools to
combat spam:

   http://antispam.yahoo.com/

Please let me know if you still need assistance so I may assist you
further.

Your patience during this process is greatly appreciated.

Thank you again for contacting Yahoo! Mail.

Regards,

Ravy

Yahoo! Customer Care

54118159

For assistance with all Yahoo! services please visit:

   http://help.yahoo.com/




Original Message Follows:
-------------------------

>>REDFRMADV Case ID: 54118159


----- Original Message ----- 
From: "Yahoo!Mail" <abuse@yahoo.com>
To: "Jay Teutenberg" <jay@spam-block.net>
Sent: Tuesday, October 14, 2008 11:12 PM
Subject: Re: spam complaint 3----Fw: Web Design (KMM79564006V43913L0KM)


> Hello,
>
> Thank you for writing to Yahoo! Mail.
>
> I understand your frustration in receiving unsolicited email. While we
> investigate all reported violations against the Yahoo! Terms of
Service
> (TOS), in this particular case the message you received was not sent
> through the Yahoo! Mail system.
>
> Yahoo! has no control over activities outside its service, and
therefore
> we cannot take action. You may try contacting the sender's email
> provider, by identifying the sender's domain and contacting the
> administrator of that domain. The sender's provider should be in a
> better position to take appropriate action against the sender's
account.
>
> The email message itself does contain some information relating to the
> sender's identity. Yahoo! includes the originating Internet Protocol
> (IP) address in the full Internet headers of all messages sent through
> Yahoo! Mail, so that we will have information regarding the origin of
> messages sent through our system. The originating IP address should be
> located in the very last "Received" line of the full Internet headers
> and corresponds to the sender's Internet Service Provider (ISP).
>
> Please see the following URL for more assistance:
>
>   http://help.yahoo.com/help/us/mail/spam/spam-05.html
>
> Once you have identified the IP address, you can conduct an IP lookup
to
> determine which ISP provides this person with Internet access. One
such
> lookup tool you may want to try is:
>
>   http://www.arin.net/whois/
>
> You can then attempt to contact that ISP to report any abuse
activities
> occurring within their service.
>
> In addition, please visit the following website for useful tools to
> combat spam:
>
>   http://antispam.yahoo.com/
>
> Please let me know if you still need assistance so I may assist you
> further.
>
> Your patience during this process is greatly appreciated.
>
> Thank you again for contacting Yahoo! Mail.
>
> Regards,
>
> Sherry
>
> Yahoo! Customer Care
>
> 54118159
>
> For assistance with all Yahoo! services please visit:
>
>   http://help.yahoo.com/
>
>
>
>
> Original Message Follows:
> -------------------------
>
> Received: from 5of4.advertisnet.com (5of4.advertisnet.com
[12.174.25.5])
> by spam-block.net (8.13.6/8.13.6) with ESMTP id m9E5nVGF066599
> for <jay@spam-block.net>; Tue, 14 Oct 2008 00:49:31 -0500 (CDT)
> Received: from web807.biz.mail.mud.yahoo.com
> (web807.biz.mail.mud.yahoo.com [209.191.90.80])
> by 5of4.advertisnet.com (8.13.6/8.13.6) with SMTP id m9E6Pf3q029993
> for <reservations@thelake.net>; Tue, 14 Oct 2008 01:25:42 -0500 (CDT)
> Received: (qmail 64126 invoked by uid 60001); 14 Oct 2008 05:46:07
-0000
> X-YMail-OSG:
>
LvAenzcVM1lKr2iiOHyDBOtyagqSlKPuDe2saXS4yWjH96Uk7lLk1BXooRHmtlJXuJDcdZ7s
>
7AeXXd4ATs3H5_VhJHIkjpDth_XflOMDfFNhOe.BYVfHTqTY_FMPwhu6CcBezq_K5o1ZhxY7
> W.vYiITl3gljt1tPGlaeFcc9I_oWgok8z_9673wDxg--
> Received: from [70.130.204.194] by web807.biz.mail.mud.yahoo.com via
> HTTP; Mon, 13 Oct 2008 22:46:06 PDT
> Date: Mon, 13 Oct 2008 22:46:06 -0700 (PDT)
> From: KellyCalton<info@elitevirtualdisplay.com>
> Subject: Web Design
> To: 4 seasons raquet country club <rubyred@socket.net>,
>        al elam co <rentals@alelam.com>, royal arts
> <royalart@advertisnet.com>,
>        branson <reservations@grandcountry.com>,
>        camp/rv <redbeard@redbeardsranch.com>,
>        camp/rv <reservations@sundermeierrvpark.com>,
>        camp/rv <ppprvpark@aol.com>, camp/rv <randy@kpcsys.com>,
>        eagle knolls golf <rkosmatka@eagleknoll.com>,
>        eminence canoes <resort@socket.net>,
>        Richland Mirror <rmirror@richlandmirror.com>,
>        powersoverheaddoors@yahoo.com, proboat@charter.net,
>        promotions@unionstation.org, ptodd@4seasonsresort.com,
>        rebeldocks@rebeldocks.com, Judy & Jerry Reinhold
> <redoakrv@aol.com>,
>        remaxportside@yahoo.com, renee_opera@yahoo.com,
>        Replay <replayllc@hotmail.com>,
> reservations@adventureboatrentals.com,
>        reservations@knollsresort.com, reservations@thelake.net,
>        resort <rebectuck@cs.com>, resort <rentals@trendwest.com>,
>        Restuarant <robt-young@sbcglobal.net>,
>        Restuarant <relax@lakeozark.net>,
>        Restuarant <sales@dogwoodhillsresort.com>,
>        Restuarant <rollisland@socket.net>, rob@soundadvantage.net,
>        robyn.pass@grandprixspeedways.com, rockwood
> <rockwood@socket.net>,
>        rodger&theilaluetjen@embarqmail.com,
>        rodney <rodney@airwatersolutions.com>,
>        "Roger @ HT" <roger@toadcove.com>, rollinghills@yhti.net,
>        ron@shephills.com, rosenbach@charter.net,
>        rough water dock <roughwaterdock@msn.com>,
> rplott@choicemarketing.biz,
>        rsteinman3@comcast.net, rwhite@viatechpub.com,
> rwk@kellysport.com,
>        ryan@ryansells.com,
>        "Raymond's Boat and Motor Sales" <reta@raymondsboats.com>,
>        sales@amegasales.com, sales@dockrealty.com,
>        Russ Sanders <russmidamerica@valornet.com>,
>        Don Welch <qbird@quailsnest.com>,
>        sandy reardon worldsoffun <reardon@worldsoffun.com>
> MIME-Version: 1.0
> Message-ID: <20621.61458.qm@web807.biz.mail.mud.yahoo.com>
> X-UIDL: %j]"!9%o"!Y'*#!Jbi!!
> X-Antivirus: AVG for E-mail 8.0.173 [270.8.0/1723]
> Content-Type: multipart/mixed;
> boundary="=======AVGMAIL-48F4359C0000======="
> ----- Original Message ----- 
> From: KellyCalton
> To: 4 seasons raquet country club ; al elam co ; royal arts ; branson
;
> camp/rv ; camp/rv ; camp/rv ; camp/rv ; eagle knolls golf ; eminence
> canoes ; Richland Mirror ; powersoverheaddoors@yahoo.com ;
> proboat@charter.net ; promotions@unionstation.org ;
> ptodd@4seasonsresort.com ; rebeldocks@rebeldocks.com ; Judy & Jerry
> Reinhold ; remaxportside@yahoo.com ; renee_opera@yahoo.com ; Replay ;
> reservations@adventureboatrentals.com ; reservations@knollsresort.com
;
> reservations@thelake.net ; resort ; resort ; Restuarant ; Restuarant ;
> Restuarant ; Restuarant ; rob@soundadvantage.net ;
> robyn.pass@grandprixspeedways.com ; rockwood ;
> rodger&theilaluetjen@embarqmail.com ; rodney ; Roger @ HT ;
> rollinghills@yhti.net ; ron@shephills.com ; rosenbach@charter.net ;
> rough water dock ; rplott@choicemarketing.biz ; rsteinman3@comcast.net
;
> rwhite@viatechpub.com ; rwk@kellysport.com ; ryan@ryansells.com ;
> Raymond's Boat and Motor Sales ; sales@amegasales.com ;
> sales@dockrealty.com ; Russ Sanders ; Don Welch ; sandy reardon
> worldsoffun
> Sent: Tuesday, October 14, 2008 12:46 AM
> Subject: Web Design
> Need a website? or a re-vamp? Check us out.
> http://elitelakeozarks.com/Webdesign.html
>
>



From jay at spam-block.net  Thu Oct 16 08:53:35 2008
From: jay at spam-block.net (Jay Teutenberg)
Date: Thu Oct 16 08:55:03 2008
Subject: [Scspamcop] another yahoo spam example
Message-ID: <gd7dgh$1k1$1@news.spamcop.net>

This one does show the ip of the yahoo web mail server.
but they still dont admit its a yahoo issue?


-----------------------------------------------------------------

Hello,

Thank you for writing to Yahoo! Mail.

I understand your frustration in receiving unsolicited email. While we
investigate all reported violations against the Yahoo! Terms of Service
(TOS), in this particular case the message you received was not sent
through the Yahoo! Mail system.

Yahoo! has no control over activities outside its service, and therefore
we cannot take action. You may try contacting the sender's email
provider, by identifying the sender's domain and contacting the
administrator of that domain. The sender's provider should be in a
better position to take appropriate action against the sender's account.

The email message itself does contain some information relating to the
sender's identity. Yahoo! includes the originating Internet Protocol
(IP) address in the full Internet headers of all messages sent through
Yahoo! Mail, so that we will have information regarding the origin of
messages sent through our system. The originating IP address should be
located in the very last "Received" line of the full Internet headers
and corresponds to the sender's Internet Service Provider (ISP).

Please see the following URL for more assistance:

   http://help.yahoo.com/help/us/mail/spam/spam-05.html

Once you have identified the IP address, you can conduct an IP lookup to
determine which ISP provides this person with Internet access. One such
lookup tool you may want to try is:

   http://www.arin.net/whois/

You can then attempt to contact that ISP to report any abuse activities
occurring within their service.

In addition, please visit the following website for useful tools to
combat spam:

   http://antispam.yahoo.com/

Please let me know if you still need assistance so I may assist you
further.

Your patience during this process is greatly appreciated.

Thank you again for contacting Yahoo! Mail.

Regards,

Ravy

Yahoo! Customer Care

54118174

For assistance with all Yahoo! services please visit:

   http://help.yahoo.com/




Original Message Follows:
-------------------------

>>REDFRMADV Case ID: 54118174


----- Original Message ----- 
From: "Yahoo!Mail" <abuse@yahoo.com>
To: "Jay Teutenberg" <jay@spam-block.net>
Sent: Tuesday, October 14, 2008 10:28 PM
Subject: Re: spam complaint from yahoo-----Fw: Web Design
(KMM79562582V41239L0KM)


> Hello,
>
> Thank you for writing to Yahoo! Mail.
>
> I understand your frustration in receiving unsolicited email. While we
> investigate all reported violations against the Yahoo! Terms of
Service
> (TOS), in this particular case the message you received was not sent
> through the Yahoo! Mail system.
>
> Yahoo! has no control over activities outside its service, and
therefore
> we cannot take action. You may try contacting the sender's email
> provider, by identifying the sender's domain and contacting the
> administrator of that domain. The sender's provider should be in a
> better position to take appropriate action against the sender's
account.
>
> The email message itself does contain some information relating to the
> sender's identity. Yahoo! includes the originating Internet Protocol
> (IP) address in the full Internet headers of all messages sent through
> Yahoo! Mail, so that we will have information regarding the origin of
> messages sent through our system. The originating IP address should be
> located in the very last "Received" line of the full Internet headers
> and corresponds to the sender's Internet Service Provider (ISP).
>
> Please see the following URL for more assistance:
>
>   http://help.yahoo.com/help/us/mail/spam/spam-05.html
>
> Once you have identified the IP address, you can conduct an IP lookup
to
> determine which ISP provides this person with Internet access. One
such
> lookup tool you may want to try is:
>
>   http://www.arin.net/whois/
>
> You can then attempt to contact that ISP to report any abuse
activities
> occurring within their service.
>
> In addition, please visit the following website for useful tools to
> combat spam:
>
>   http://antispam.yahoo.com/
>
> Please let me know if you still need assistance so I may assist you
> further.
>
> Your patience during this process is greatly appreciated.
>
> Thank you again for contacting Yahoo! Mail.
>
> Regards,
>
> Benson
>
> Yahoo! Customer Care
>
> 54118174
>
> For assistance with all Yahoo! services please visit:
>
>   http://help.yahoo.com/
>
>
>
>
> Original Message Follows:
> -------------------------
>
> Received: from 5of4.advertisnet.com (5of4.advertisnet.com
[12.174.25.5])
> by spam-block.net (8.13.6/8.13.6) with ESMTP id m9E3uhDo013221
> for <jay@spam-block.net>; Mon, 13 Oct 2008 22:56:43 -0500 (CDT)
> Received: from spam-block.net (spam-block.net [12.174.25.10])
> by 5of4.advertisnet.com (8.13.6/8.13.6) with ESMTP id m9E4Wj6a022435
> for <reservations@thelake.net>; Mon, 13 Oct 2008 23:32:45 -0500 (CDT)
> Received: from web803.biz.mail.mud.yahoo.com
> (web803.biz.mail.mud.yahoo.com [209.191.90.76])
> by spam-block.net (8.13.6/8.13.6) with SMTP id m9E3uUNg012814
> for <info@jtrentals.com>; Mon, 13 Oct 2008 22:56:30 -0500 (CDT)
> Received: (qmail 98361 invoked by uid 60001); 14 Oct 2008 03:53:05
-0000
> Received: from [70.130.204.194] by web803.biz.mail.mud.yahoo.com via
> HTTP; Mon, 13 Oct 2008 20:53:05 PDT
> Date: Mon, 13 Oct 2008 20:53:05 -0700 (PDT)
> From: KellyCalton<info@elitevirtualdisplay.com>
> Subject: Web Design
> To: arch <info@gatewayarch.com>, barney benton <info@cbobanker.com>,
>        branson <info@bransonvarietytheater.com>,
>        branson <info@circlebchuckwagon.com>,
>        camp/rv <info@bransonstagecoachrv.com>,
>        camp/rv <info@basswoodresort.com>,
>        Lakewood Health & Fitness Center <info@lakewoodfitness.net>,
>        Lake West Chamber <info@lakewestchamber.com>,
>        Clinton CVB <info@clintonmo.com>,
>        deer valley park <info@deervalleypark.com>,
>        jake drake <info@lakeview-resort.com>,
>        Mike Eldon Country Club <info@eldoncountryclub.com>,
>        bob forbes <info@exxtrememotorsports.com>,
>        golden door motel <info@goldendoormotel.com>,
>        hermannhill vineyard <info@hermannhill.com>,
>        indian rock golf <indianrock@charterinternet.com>,
>        info@bluemoonmarina.com, info@breezypointresortozarks.com,
>        info@brokengaittrailrides.com, info@casadelocowinery.com,
>        info@cottageresort.us, info@crystalwatervillas.com,
>        info@davisdocks.com, info@dickersonparkzoo.org,
> info@farmerfoster.com,
>        info@gardengateestates.com, info@gocolumbiamo.com,
>        info@gorvcamping.com, info@gowhiteknight.com,
> info@harbourridgeinn.com,
>        info@indiansummerpool.com, info@jtrentals.com,
> info@lakebreeze.com,
>        info@lakeozarkspeedway.com, info@lakeshoretram.com,
>        info@lakesunrooms.com, info@landsendproperties.com,
> info@maddenmo.com,
>        info@missouritravel.com, info@modulardocks.com,
>        info@mynextdoorneighboronline.com, Jerry <info@boatcrazy.com>,
>        kirkwood lodge <info@kirkwoodlodge.com>,
>        merimac caverns <info@americascave.com>, realty
> <info@lakerentals.com>,
>        resort <indiantrailsresort@yahoo.com>, resort
> <info@aquafinresort.com>,
>        Memoryville Rolla <info@memoryvilleusa.com>,
>        stl <info@discoverthedistrict.com>,
>        david thompson <info@bridalcave.com>
> MIME-Version: 1.0
> Message-ID: <502919.91660.qm@web803.biz.mail.mud.yahoo.com>
> X-UIDL: HGB"!k$H"!Q;a"!;n>!!
> X-Antivirus: AVG for E-mail 8.0.173 [270.8.0/1723]
> Content-Type: multipart/mixed;
> boundary="=======AVGMAIL-48F435900000======="
> ----- Original Message ----- 
> From: KellyCalton
> To: arch ; barney benton ; branson ; branson ; camp/rv ; camp/rv ;
> Lakewood Health & Fitness Center ; Lake West Chamber ; Clinton CVB ;
> deer valley park ; jake drake ; Mike Eldon Country Club ; bob forbes ;
> golden door motel ; hermannhill vineyard ; indian rock golf ;
> info@bluemoonmarina.com ; info@breezypointresortozarks.com ;
> info@brokengaittrailrides.com ; info@casadelocowinery.com ;
> info@cottageresort.us ; info@crystalwatervillas.com ;
> info@davisdocks.com ; info@dickersonparkzoo.org ;
info@farmerfoster.com
> ; info@gardengateestates.com ; info@gocolumbiamo.com ;
> info@gorvcamping.com ; info@gowhiteknight.com ;
info@harbourridgeinn.com
> ; info@indiansummerpool.com ; info@jtrentals.com ; info@lakebreeze.com
;
> info@lakeozarkspeedway.com ; info@lakeshoretram.com ;
> info@lakesunrooms.com ; info@landsendproperties.com ;
info@maddenmo.com
> ; info@missouritravel.com ; info@modulardocks.com ;
> info@mynextdoorneighboronline.com ; Jerry ; kirkwood lodge ; merimac
> caverns ; realty ; resort ; resort ; Memoryville Rolla ; stl ; david
> thompson
> Sent: Monday, October 13, 2008 10:53 PM
> Subject: Web Design
> Need a website? or a re-vamp? Check us out.
> http://elitelakeozarks.com/Webdesign.html
>


From MikeE at ster.invalid  Thu Oct 16 11:31:03 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Oct 16 11:35:03 2008
Subject: [Scspamcop] Re: is yahoo dense or me?
References: <gd7d83$p6$1@news.spamcop.net>
Message-ID: <gd7mnh$6sr$1@news.spamcop.net>

Jay Teutenberg wrote:
> I send them copies of spam with full headers,
> the ip sure looks like theirs,
> all they give me is an autoresponse saying it isnt their problem.
>
> Looks like an att/sbc (probably a dsl customer) is sending thru
> the yahoo web mail at web807.biz.mail.mud.yahoo.com ,
>
> but there is no ip for their web mail, just the name.

Please don't post spam or spam headers into discussion groups^1.  The best
way to show others a spam is with a tracker.

There's nothing unusual about a provider giving an autoack which denies
sourcing a mail even when they are the source rather than just a webmail
output rather than the originating IP using the webmail.  Another problem
is that yahoo is unfamiliar with your own mail host.

Are you a spamcop reporter?  If so you can notify sources with spamcop's
notify process.  If you are a reporter, you can make a tracker.  If you
are not a reporter, you can post spam and/or spam headers in the newsgroup
spamcop.spam.

^1 http://www.spamcop.net/help.shtml#nntp  Newsgroup Posting Rules - No
spam. Please do not post copies of spam or other commercials except in the
spamcop.spam group specifically designated for it. SpamCop provides
"tracking URL"s for posting spam samples. Please use them.


-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Thu Oct 16 12:08:51 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Oct 16 12:10:03 2008
Subject: [Scspamcop] Re: another yahoo spam example
References: <gd7dgh$1k1$1@news.spamcop.net>
Message-ID: <gd7oud$fc2$1@news.spamcop.net>

Jay Teutenberg wrote:
> This one does show the ip of the yahoo web mail server.
> but they still dont admit its a yahoo issue?

Both of the examples you provided show the yahoo webmail server IP.

The situation is that the sender is actually *sourced* from 70.130.204.194
rDNS adsl-70-130-204-194.dsl.stlsmo.swbell.net of AT&T Internet Services
70.128.0.0/12  notify abuse@swbell.net (also abuse.net sez
abuse@sbcglobal.net & postmaster@swbell.net) & SC sez abuse@sbcglobal.net

That mailer is a yahoo .biz client for the domains elitelakeozarks.com and
elitevirtualdisplay.com and the spamvertised website

The spam reaches you by the yahoo webmailer relaying for their client
whose connectivity provider is the att/swbell.

att/swbell > yahoo webmailer > your providers 5of4.advertisnet.com &
spam-block.net

If you were a regular spamcop reporter, spamcop would recognize the
5of4.advertisnet instead of being (temporarily) unfamiliar with it as a
relay, which currently causes SC to think 5of4 is a source.

If you were a mailhosted spamcop reporter, the process of becoming
mailhosted would satisfy the recognition of the hailhost.

In either case, SC's parse of those headers would name the att/swbell IP
as source, and not the yahoo webmailer.

The condition of blaming the webmailer is a topic which has been
discussed.  Yahoo should not abide its mail clients spamming from its
webmailer.  Yahoo provides the mailservice for the spammer domains.


-- 
Mike Easter
kibitzer, not SC admin

From snowbat at geocities.com  Thu Oct 16 14:12:41 2008
From: snowbat at geocities.com (Snowbat)
Date: Thu Oct 16 14:15:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
	<g9ooem$ft2$1@news.spamcop.net> <ga1079$5d4$1@news.spamcop.net>
Message-ID: <gd806p$jma$1@news.spamcop.net>

Problem with abuse@sd.uni-lj.si

http://www.spamcop.net/sc?action=rcache;ip=212.235.174.88
"whois 212.235.174.88@whois.ripe.net" (Getting contact from 
whois.ripe.net)
whois.ripe.net found abuse contacts for 212.235.174.88 = abuse@sd.uni
whois: 212.235.170.160 - 212.235.180.255 = abuse@sd.uni
Routing details for 212.235.174.88
Using abuse net on abuse@sd.uni
No abuse net record for sd.uni
Using best contacts abuse@sd.uni  <<<<<<<

$ whois -h whois.ripe.net 212.235.174.88
..
abuse-mailbox:  abuse@sd.uni-lj.si
..
From nobody at spamcop.net  Thu Oct 16 16:14:48 2008
From: nobody at spamcop.net (Ellen)
Date: Thu Oct 16 16:15:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
In-Reply-To: <gd806p$jma$1@news.spamcop.net>
References: <g8tpuu$ao$1@news.spamcop.net>	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>	<g9ooem$ft2$1@news.spamcop.net>
	<ga1079$5d4$1@news.spamcop.net> <gd806p$jma$1@news.spamcop.net>
Message-ID: <gd87bu$9fn$1@news.spamcop.net>

Snowbat wrote:
> Problem with abuse@sd.uni-lj.si
> 
> http://www.spamcop.net/sc?action=rcache;ip=212.235.174.88
> "whois 212.235.174.88@whois.ripe.net" (Getting contact from 
> whois.ripe.net)
> whois.ripe.net found abuse contacts for 212.235.174.88 = abuse@sd.uni
> whois: 212.235.170.160 - 212.235.180.255 = abuse@sd.uni
> Routing details for 212.235.174.88
> Using abuse net on abuse@sd.uni
> No abuse net record for sd.uni
> Using best contacts abuse@sd.uni  <<<<<<<
> 
> $ whois -h whois.ripe.net 212.235.174.88
> ..
> abuse-mailbox:  abuse@sd.uni-lj.si
> ..

Thanks


Ellen
SpamCop
From snowbat at geocities.com  Thu Oct 16 20:43:57 2008
From: snowbat at geocities.com (Snowbat)
Date: Thu Oct 16 20:45:02 2008
Subject: [Scspamcop] Re: Server certificate verification error
References: <gd5jo2$cj6$1@news.spamcop.net>
Message-ID: <gd8n4c$jma$2@news.spamcop.net>

On Wed, 15 Oct 2008 20:27:46 +0000, Peter Pearson wrote:

> Beginning September 10th, about one time in four when fetchmail attempts
> to retrieve my email from pop.spamcop.net (POP3), it logs these three
> messages:
> 
>  Server certificate verification error: unable to get local issuer
>  certificate Server certificate verification error: certificate not
>  trusted Server certificate verification error: unable to verify the
>  first certificate
> 
> Those look like SSL messages to me, but I'm not asking for SSL, as far
> as I can tell: my .fetchmailrc file doesn't contain "ssl".

pop.spamcop.net advertises STLS capability.  Fetchmail tries to use it.

$ telnet pop.spamcop.net 110
Trying 216.154.195.50...
Connected to pop.spamcop.net (216.154.195.50).
Escape character is '^]'.
+OK Hello there.
CAPA
+OK Here's what I can do:
STLS <<<<<
TOP
USER
LOGIN-DELAY 10
PIPELINING
UIDL

http://fetchmail.berlios.de/fetchmail-FAQ.html
| K6. How can I tell fetchmail not to use TLS if the server advertises it?
| Why does fetchmail use SSL even though not configured?
|
| Some servers advertise STLS (POP3) or STARTTLS (IMAP), and fetchmail will
| automatically attempt TLS negotiation if SSL was enabled at compile time.
| This can however cause problems if the upstream didn't configure his
| certificates properly.
|
| In order to prevent fetchmail from trying TLS (STLS, STARTTLS) negotiation,
| add this option:
|
| sslproto ssl23
|
| This restricts fetchmail's SSL/TLS protocol choice from the default "SSLv2,
| SSLv3, TLSv1" to the two SSL variants, disabling TLSv1. Note however that
| this causes the connection to be unencrypted unless an encrypting "plugin"
| is used or SSL is requested explicitly.
From 127 at [127.0.0.1]  Thu Oct 16 21:15:48 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Thu Oct 16 21:40:02 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd4tb9$86j$1@news.spamcop.net>
Message-ID: <16VdL8EEd+9IFw3S@spam.filter>

In article <gd4tb9$86j$1@news.spamcop.net>, Ian Smith
<news0807REMOVECAPS@orrery.e4ward.com> writes
>Vadim Rapp wrote:
>> Hello,
>>  I do have the feeling that the below email is some new form of
>>Nigerian  scam, but can't figure out, what's their trick?
>>  regards
>>
>> =============================================================
>> GLORIOUS CONSULTANT LTD.
>> IMPORT-EXPORT-COMMERCE GENERAL
>> 25 CANNON STR.EC4M LONDON,
>> UNITED KINGDOM.
[snip]
>
>The English is too quirky to have come from a guy called Richard
>Edmond, not to mention the spelling.
>
[snip]

        Not to mention that "CANNON STR." should be "Cannon St."
        and the post(zip)-code, "EC4M", is incomplete.

        What idiot would write all in capital letters?

        Which e-mail client was it posted with?
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From nobody at spamcop.net  Thu Oct 16 23:06:48 2008
From: nobody at spamcop.net (bar0)
Date: Thu Oct 16 23:10:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd4tb9$86j$1@news.spamcop.net>
	<16VdL8EEd+9IFw3S@spam.filter>
Message-ID: <gd8vg9$f3o$1@news.spamcop.net>


"vg4cysss7001" <127@[127.0.0.1]> wrote in message 
news:16VdL8EEd+9IFw3S@spam.filter...
> In article <gd4tb9$86j$1@news.spamcop.net>, Ian Smith
> <news0807REMOVECAPS@orrery.e4ward.com> writes
>>Vadim Rapp wrote:
>>> Hello,
>>>  I do have the feeling that the below email is some new form of
>>>Nigerian  scam, but can't figure out, what's their trick?
>>>  regards
>>>
>>> =============================================================
>>> GLORIOUS CONSULTANT LTD.
>>> IMPORT-EXPORT-COMMERCE GENERAL
>>> 25 CANNON STR.EC4M LONDON,
>>> UNITED KINGDOM.
> [snip]
>>
>>The English is too quirky to have come from a guy called Richard
>>Edmond, not to mention the spelling.
>>
> [snip]
>
>        Not to mention that "CANNON STR." should be "Cannon St."
>        and the post(zip)-code, "EC4M", is incomplete.
>
>        What idiot would write all in capital letters?
>
>        Which e-mail client was it posted with?
> -- 
> Misha
> Free on-line, off-site backups?
> <https://mozy.com/?ref=UK45Y5>

It was a year 4 exercise in writing a business letter at a primary in Warri. 
Composing and elementary computing are taught together. The use of the shift 
key is not covered until more advanced punctuation and capitalization is 
taught in year 5. 


From nobody at devnull.spamcop.net  Fri Oct 17 06:16:25 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Oct 17 06:20:03 2008
Subject: [Scspamcop] Today's problems
Message-ID: <gd9oks$52e$1@news.spamcop.net>

Dears,

today I'm getting tons of this in reply to my QR:

Here are the results of your submission:

   Processing spam:

   From:
   Subject:

   error:No IP found


Of course I can't see why no IP was found, since I have no clue in see or 
even identify the source message.

Is anybody else experiencing the same?

Thanks,

Giampaolo 


From nobody at devnull.spamcop.net  Fri Oct 17 06:46:06 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Oct 17 06:50:04 2008
Subject: [Scspamcop] Re: Today's problems
References: <gd9oks$52e$1@news.spamcop.net>
Message-ID: <gd9qcg$cqp$1@news.spamcop.net>

"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:gd9oks$52e$1@news.spamcop.net...
> Dears,
>
> today I'm getting tons of this in reply to my QR:
>
> Here are the results of your submission:
>
>   Processing spam:
>
>   From:
>   Subject:
>
>   error:No IP found
>
>
> Of course I can't see why no IP was found, since I have no clue in see or 
> even identify the source message.
>
> Is anybody else experiencing the same?
>
> Thanks,
>
> Giampaolo
>

Also found that one of the *probable* messages that resulted in the "No IP 
found" parses well on manual submission.

    http://www.spamcop.net/sc?id=z2339801210z5c58bee6f2f5690a657d426f2f613583z

Is this a QR problem?

Giampaolo 


From nobody at devnull.spamcop.net  Fri Oct 17 08:16:13 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Oct 17 08:20:03 2008
Subject: [Scspamcop] Re: Today's problems
References: <gd9oks$52e$1@news.spamcop.net>
Message-ID: <gd9vle$j0$1@news.spamcop.net>

"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:gd9oks$52e$1@news.spamcop.net...
> Dears,
>
> today I'm getting tons of this in reply to my QR:
>
> Here are the results of your submission:
>
>   Processing spam:
>
>   From:
>   Subject:
>
>   error:No IP found
>
>
> Of course I can't see why no IP was found, since I have no clue in see or 
> even identify the source message.
>
> Is anybody else experiencing the same?
>
> Thanks,
>
> Giampaolo

I don't know why, but now my QR results seem back to normal.

Thanks (if applaiable :) ),

Giampaolo 


From nobody at devnull.spamcop.net  Fri Oct 17 09:53:09 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Oct 17 09:55:03 2008
Subject: [Scspamcop] Re: Today's problems
References: <gd9oks$52e$1@news.spamcop.net> <gd9vle$j0$1@news.spamcop.net>
Message-ID: <gda5b6$l4n$1@news.spamcop.net>

"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:gd9vle$j0$1@news.spamcop.net...
> "Giampaolo Tomassoni" <nobody@devnull.spamcop.net> ha scritto nel 
> messaggio news:gd9oks$52e$1@news.spamcop.net...
>> Dears,
>>
>> today I'm getting tons of this in reply to my QR:
>>
>> Here are the results of your submission:
>>
>>   Processing spam:
>>
>>   From:
>>   Subject:
>>
>>   error:No IP found
>>
>>
>> Of course I can't see why no IP was found, since I have no clue in see or 
>> even identify the source message.
>>
>> Is anybody else experiencing the same?
>>
>> Thanks,
>>
>> Giampaolo
>
> I don't know why, but now my QR results seem back to normal.
>
> Thanks (if applaiable :) ),
>
> Giampaolo

Never mind: they're back! (brr...)

Giampaolo


>
> 


From MikeE at ster.invalid  Fri Oct 17 10:41:42 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Oct 17 10:45:04 2008
Subject: [Scspamcop] Re: Today's problems
References: <gd9oks$52e$1@news.spamcop.net>
Message-ID: <gda86u$2q5$1@news.spamcop.net>

Giampaolo Tomassoni wrote:

> Is anybody else experiencing the same?

I sent a QR over 2.5 hours ago which hasn't returned anything yet.


-- 
Mike Easter
kibitzer, not SC admin
From nobody at devnull.spamcop.net  Fri Oct 17 11:00:09 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Oct 17 11:00:03 2008
Subject: [Scspamcop] Re: Today's problems
References: <gd9oks$52e$1@news.spamcop.net> <gda86u$2q5$1@news.spamcop.net>
Message-ID: <gda98q$6f4$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> ha scritto nel messaggio 
news:gda86u$2q5$1@news.spamcop.net...
> Giampaolo Tomassoni wrote:
>
>> Is anybody else experiencing the same?
>
> I sent a QR over 2.5 hours ago which hasn't returned anything yet.

It could be some facility in SC is under stress, then. Besides, I have 
plenty of "No reports filed" rows in my panel: maybe some of them result in 
the "error:No IP found" result messages I get. Or maybe the SC staff is 
trying to relief some server under stress by allowing it to discard some 
reports with.

Anybody knows?

Giampaolo

>
>
> -- 
> Mike Easter
> kibitzer, not SC admin 


From nobody at spamcop.net  Fri Oct 17 20:39:38 2008
From: nobody at spamcop.net (Ellen)
Date: Fri Oct 17 20:40:03 2008
Subject: [Scspamcop] RFC 5321 and 5322
Message-ID: <gdbb8g$517$1@news.spamcop.net>

A couple of new RFCs are available for those of you who like to read 
RFCs :-)

RFC5322: This specification is an
    update to [RFC2822], which itself superseded [RFC0822], updating it
    to reflect current practice and incorporating incremental changes
    that were specified in other RFCs such as [RFC1123].


RFC5321: It consolidates, updates and
    clarifies, but does not add new or change existing functionality of
    the following:

    o  the original SMTP (Simple Mail Transfer Protocol) specification of
       RFC 821 [1], <snip>




Ellen
SpamCop
From nobody at devnull.spamcop.net  Sat Oct 18 04:14:04 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 18 04:15:03 2008
Subject: [Scspamcop] Re: RFC 5321 and 5322
References: <gdbb8g$517$1@news.spamcop.net>
Message-ID: <gdc5rd$hac$1@news.spamcop.net>


"Ellen" <nobody@spamcop.net> ha scritto nel messaggio 
news:gdbb8g$517$1@news.spamcop.net...
>A couple of new RFCs are available for those of you who like to read RFCs 
>:-)
>
> RFC5322: This specification is an
>    update to [RFC2822], which itself superseded [RFC0822], updating it
>    to reflect current practice and incorporating incremental changes
>    that were specified in other RFCs such as [RFC1123].
>
>
> RFC5321: It consolidates, updates and
>    clarifies, but does not add new or change existing functionality of
>    the following:
>
>    o  the original SMTP (Simple Mail Transfer Protocol) specification of
>       RFC 821 [1], <snip>

Really sad that RFC-5322 misses the chance to define the "HTTP" keyword (or 
something like that) as a well-known "via" token in the "received" header: 
it still forwards to RFC-3848 and 
http://www.iana.org/assignments/mail-parameters for this.

This way we can't rely on a standard to identify the real source of 
web-submitted mail...

Giampaolo


> Ellen
> SpamCop 


From nobody at devnull.spamcop.net  Sat Oct 18 04:16:40 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Sat Oct 18 04:20:03 2008
Subject: [Scspamcop] Re: RFC 5321 and 5322
References: <gdbb8g$517$1@news.spamcop.net> <gdc5rd$hac$1@news.spamcop.net>
Message-ID: <gdc609$hnr$1@news.spamcop.net>

> Really sad that RFC-5322 misses the chance to define the "HTTP" keyword 
> (or something like that) as a well-known "via" token in the "received" 
> header: it still forwards to RFC-3848 and 
> http://www.iana.org/assignments/mail-parameters for this.

I meant the "with" token, not the "via" one.

Giampaolo 


From not at home.today  Sat Oct 18 05:47:28 2008
From: not at home.today (Ant)
Date: Sat Oct 18 05:50:03 2008
Subject: [Scspamcop] Re: RFC 5321 and 5322
References: <gdbb8g$517$1@news.spamcop.net>
Message-ID: <gdcbcj$570$1@news.spamcop.net>

"Ellen" wrote:
> A couple of new RFCs are available for those of you who like to read
> RFCs :-)

Summary of the changes here:
http://blog.mailchannels.com/2008/10/update-to-email-standards.html

Note the new section (6.2) in RFC 5321 -- "don't bounce spam".


From nobody at devnull.spamcop.net  Sun Oct 19 11:39:04 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 11:40:03 2008
Subject: [Scspamcop] Think I reported a response about a spam; have Q
Message-ID: <gdfkab$hfb$2@news.spamcop.net>

Hi,

I received an "interesting" email today; it looks like I may have
reported a response to a spamcop report.  The mail is as folows:
---------------------
Hello SpamCop user,

I was trying to respond to a person who was calling our business a
blackhat operation, apparently he did not like my response and reported
it to spamcop. I am confused as to why this was considered spam, I dont
see anything in the email that promotes a product, or encourages a link
to a website promotion. Please read the email and see for yourself if
you think this is spam or not, obviously this went to one person and I
took some time in writing this.

Please use the link below to review the report in question:
[* I removed the link; not sure whether it's OK to post it in the clear
but can do so if asked for it *]
----------------------------------

At first I thought nothing of it because clicking the link, after I
signed in, results in
-------------
Authorization failure, no username provided by server; action =
showhistory
------------
from SC.  But the link looked like it should work with a sign-in, so 
just in case, I
went to my Past Reports and that report ID was indeed there, and it was
indeed what the author of the e-mail said it was.  Since it's munged and
I don't keep records of spam once it's been reported, I can't prove I
sent it, but I HAD signed into my account to see it, so ... .  And I do
recall seeing the domain colostore.com; I always watch two parts of
the parse to be súre it's spam but I guess I didn't catch that it was a
response to a report for whatever reason.  I'll have to start looking
closer.

ANYway, since this person is still lucid and trying to "educate" me
rather than slay me,I thought an apology was in order.  The mistaken
"spam" says they took down the server that sent my spam and another one
they discovered doing "bad" things during the same excursion.

I'm really looking for a sanity check here:  Unless anyones sees
anything wrong with it, I intend to do some feather smoothing and
apologies to this person at colostore.com.  At least with Robtex, they
look clean (no listings)  so I would like to try to make things right.

Anyone disagree?

TIA

Twayne 


From nobody at devnull.spamcop.net  Sun Oct 19 11:44:52 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 11:45:03 2008
Subject: [Scspamcop] Reported response to a spam report; Q?
Message-ID: <gdfkl6$ioj$1@news.spamcop.net>

Hi,

I received an "interesting" email today; it looks like I may have
reported a response to a spamcop report.  The mail is as folows:
---------------------
Hello SpamCop user,

I was trying to respond to a person who was calling our business a
blackhat operation, apparently he did not like my response and reported
it to spamcop. I am confused as to why this was considered spam, I dont
see anything in the email that promotes a product, or encourages a link
to a website promotion. Please read the email and see for yourself if
you think this is spam or not, obviously this went to one person and I
took some time in writing this.

Please use the link below to review the report in question:
[* I removed the link; not sure whether it's OK to post it in the clear
but can do so if asked for it *]
----------------------------------

At first I thought nothing of it because clicking the link, after I
signed in, result in
-------------
Authorization failure, no username provided by server; action =
showhistory
------------
from SC.

The "blackhat" comment would not have come from me though; I don't 
usually put much in the comments areas of spams and that isn't one of 
the words I'd use either.  IF I do include anything, it's just further 
lookup results, URLs, no opinions or statements.  I try to keep comments 
very, very short and clear.

 But the link looked like it should work, so just in case, I
went to my Past Reports and that report ID was indeed there, and it was
indeed what the author of the e-mail said it was.  Since it's munged and
I don't keep records of spam once it's been reported, I can't prove I
sent it, but I HAD signed into my account to see it, so ... .  And I do
recall hearing of the domain colostore.com; I always watch two parts of
the parse to be súre it's spam but I guess I didn't catch that it was a
response to a report for whatever reason.  I'll have to start looking
closer.

ANYway, since this person is still lucid and trying to "educate" me
rather than slay me,I thought an apology was in order.  The mistaken
"spam" says they took down the server that sent my spam and another one
they discovered doing "bad" things during the same excursion.

I'm really looking for a sanity check here:  Unless anyones sees
anything wrong with it, I intend to do some feather smoothing and
apologies to this person at colostore.com.  At least at Robtex, they
look clean so I would like to try to make things right.

Anyone disagree?

TIA

Twayne



From MikeE at ster.invalid  Sun Oct 19 11:56:18 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Oct 19 12:00:02 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net>
Message-ID: <gdflam$kdt$1@news.spamcop.net>

Twayne wrote:

> I'm really looking for a sanity check here:

I have a hard time understanding a 'thing' based on its verbose
description.


-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Sun Oct 19 12:14:03 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Oct 19 12:15:02 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
Message-ID: <gdfmc0$po6$1@news.spamcop.net>

Mike Easter wrote:
> Twayne wrote:
>
>> I'm really looking for a sanity check here:
>
> I have a hard time understanding a 'thing' based on its verbose
> description.

That is, I would not base my interpretation of a 'thing' based on what
someone else says about it -- based on what someone is interpreting _for_
me.

Here you have provided someone else's description of what they say is
happening/ has happened -- and you are trying to supplement or improve on
that with what you are /thinking/ _maybe_ might have happened -- but you
aren't actually showing/proving what (really) happened -- so, we/I are/am
left to interpret what you _say_ (or think) might've happened and the only
hard documentation you are providing is those words of someone else's
interpretation -- which someone else is apparently at least initially
involved with spam.   And the rest of which description involves your
trying to describe something which I/we can't see happening.

If you have a (an initial) reportid, turn that into a real tracker.  If
you have a (secondary) reportid, turn that into another real tracker.
Post said trackers.  Or not.



-- 
Mike Easter
kibitzer, not SC admin

From ppearson at nowhere.invalid  Sun Oct 19 13:24:57 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Sun Oct 19 13:25:03 2008
Subject: [Scspamcop] Re: Reported response to a spam report; Q?
References: <gdfkl6$ioj$1@news.spamcop.net>
Message-ID: <gdfqh9$a8k$1@news.spamcop.net>

On Sun, 19 Oct 2008 11:44:52 -0400, Twayne <nobody@devnull.spamcop.net> wrote:
[snip]
> I'm really looking for a sanity check here:  Unless anyones sees
> anything wrong with it, I intend to do some feather smoothing and
> apologies to this person at colostore.com.

Maybe it's just me . . . being well on in years . . . but I
think your correspondent's energies would be best deployed
thinking up a new domain name.  I mean . . . ugh!

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From 127 at [127.0.0.1]  Sun Oct 19 14:59:02 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Sun Oct 19 16:20:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd4tb9$86j$1@news.spamcop.net>
	<16VdL8EEd+9IFw3S@spam.filter> <gd8vg9$f3o$1@news.spamcop.net>
Message-ID: <sR0hyDC2N4+IFwPx@spam.filter>

In article <gd8vg9$f3o$1@news.spamcop.net>, bar0 <nobody@spamcop.net>
writes
>
>"vg4cysss7001" <127@[127.0.0.1]> wrote in message
>news:16VdL8EEd+9IFw3S@spam.filter...
>>>
>> [snip]
>>
>>        Not to mention that "CANNON STR." should be "Cannon St."
>>        and the post(zip)-code, "EC4M", is incomplete.
>>
>>        What idiot would write all in capital letters?
>>
>>        Which e-mail client was it posted with?
>> --
>> Misha
>> Free on-line, off-site backups?
>> <https://mozy.com/?ref=UK45Y5>
>
>It was a year 4 exercise in writing a business letter at a primary in Warri.
>Composing and elementary computing are taught together. The use of the shift
>key is not covered until more advanced punctuation and capitalization is
>taught in year 5.
>
>

        Do I detect irony/sarcasm? :-)

        Please note that I am on a very slow GPRS net connection,
        so do not have the bandwidth to research Warri and that
        "year 4" and "year 5" are meaningless in an international
        context :-(

        Also, your Outhouse Distress failed to strip my .sig.
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From nobody at devnull.spamcop.net  Sun Oct 19 16:49:31 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 16:50:03 2008
Subject: [Scspamcop] Re: Reported response to a spam report; Q?
References: <gdfkl6$ioj$1@news.spamcop.net> <gdfqh9$a8k$1@news.spamcop.net>
Message-ID: <gdg6gu$n8o$1@news.spamcop.net>

> On Sun, 19 Oct 2008 11:44:52 -0400, Twayne
> <nobody@devnull.spamcop.net> wrote: [snip]
>> I'm really looking for a sanity check here:  Unless anyones sees
>> anything wrong with it, I intend to do some feather smoothing and
>> apologies to this person at colostore.com.
>
> Maybe it's just me . . . being well on in years . . . but I
> think your correspondent's energies would be best deployed
> thinking up a new domain name.  I mean . . . ugh!

lol, I hadn't noticed but I see what you mean now! 


From nobody at devnull.spamcop.net  Sun Oct 19 17:00:58 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 17:05:04 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
	<gdfmc0$po6$1@news.spamcop.net>
Message-ID: <gdg76a$p62$1@news.spamcop.net>

> Mike Easter wrote:
>> Twayne wrote:
>>
>>> I'm really looking for a sanity check here:
>>
>> I have a hard time understanding a 'thing' based on its verbose
>> description.
>
> That is, I would not base my interpretation of a 'thing' based on what
> someone else says about it -- based on what someone is interpreting
> _for_ me.
...


lol, I would suggest then that next time, simply take a pass on 
responding, especially twice, since you apparently cannot respond to a 
situational case with an opinion.  Simply responding with what you 
cannot do and a tad of why you can't do it is a little trivial, don't 
you think?  I can see no purpose in either response; only bitching, 
really, but I will admit to not reading very closely after the first 
para.

Thought you should know

Twayne
 


From nobody at spamcop.net  Sun Oct 19 17:03:28 2008
From: nobody at spamcop.net (bar0)
Date: Sun Oct 19 17:05:04 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
	<gdfmc0$po6$1@news.spamcop.net> <gdg76a$p62$1@news.spamcop.net>
Message-ID: <gdg7b2$pe0$1@news.spamcop.net>


"Twayne" <nobody@devnull.spamcop.net> wrote in message 
news:gdg76a$p62$1@news.spamcop.net...
>> Mike Easter wrote:
>>> Twayne wrote:
>>>
>>>> I'm really looking for a sanity check here:
>>>
>>> I have a hard time understanding a 'thing' based on its verbose
>>> description.
>>
>> That is, I would not base my interpretation of a 'thing' based on what
>> someone else says about it -- based on what someone is interpreting
>> _for_ me.
> ...
>
>
> lol, I would suggest then that next time, simply take a pass on 
> responding, especially twice, since you apparently cannot respond to a 
> situational case with an opinion.  Simply responding with what you cannot 
> do and a tad of why you can't do it is a little trivial, don't you think? 
> I can see no purpose in either response; only bitching, really, but I will 
> admit to not reading very closely after the first para.
>
> Thought you should know

Well sometimes ME can be a bit pedantic, but in the case of your OP, I agree 
completely. 


From nobody at spamcop.net  Sun Oct 19 17:10:15 2008
From: nobody at spamcop.net (bar0)
Date: Sun Oct 19 17:15:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd4tb9$86j$1@news.spamcop.net>
	<16VdL8EEd+9IFw3S@spam.filter> <gd8vg9$f3o$1@news.spamcop.net>
	<sR0hyDC2N4+IFwPx@spam.filter>
Message-ID: <gdg7np$qgs$1@news.spamcop.net>


"vg4cysss7001" <127@[127.0.0.1]> wrote in message 
news:sR0hyDC2N4+IFwPx@spam.filter...
.....
>        Do I detect irony/sarcasm? :-)
>
>        Please note that I am on a very slow GPRS net connection,
>        so do not have the bandwidth to research Warri and that
>        "year 4" and "year 5" are meaningless in an international
>        context :-(
>
>        Also, your Outhouse Distress failed to strip my .sig.

Warri is a large city (~10E6 people) South of Lagos, "year number" is how 
school Primary school years are named in the British School system. Forms 
are in the "public" (British meaning) school system which is essentially 
Secondary. Years 4 & 5 would roughly be 4th and 5th grade US/Canada etc.

O-Distress has some failings, sorry

I can't imagine reading NG's through GPRS that must cost.

Yes it was sarcasm/humour.


From MikeE at ster.invalid  Sun Oct 19 21:19:57 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Oct 19 21:20:03 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
	<gdfmc0$po6$1@news.spamcop.net> <gdg76a$p62$1@news.spamcop.net>
Message-ID: <gdgmbh$1fb$1@news.spamcop.net>

Twayne wrote:
>> Mike Easter wrote:
>>> Twayne wrote:
>>>
>>>> I'm really looking for a sanity check here:
>>>
>>> I have a hard time understanding a 'thing' based on its verbose
>>> description.

> lol, I would suggest then that next time, simply take a pass on
> responding, especially twice, since you apparently cannot respond to a
> situational case with an opinion.  Simply responding with what you
> cannot do and a tad of why you can't do it is a little trivial, don't
> you think?  I can see no purpose in either response; only bitching,
> really, but I will admit to not reading very closely after the first
> para.

I was giving you a chance to make/create a useful question in just two
lines instead of something else in 62 lines X2.

Or not.

That is, I'm suggesting to you how you could have asked your question
while it appears to me that you are suggesting to me how I should go about
not answering  an insufficiently posed question instead of recommending a
better form of your OP.

Or, in terse/succinct format:

You:  bad question content.  (and verbose)
Me:  'That doesn't work.  I suggest a better question form.'
You:  'In the future don't even answer.'
Me:  'In the future ask your question better in 2 lines.'

I'm putting the executive summary down near the bottom here instead of at
the top in spite of the fact that some executives can't read all the way
to the bottom.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Sun Oct 19 22:48:29 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 22:50:03 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
	<gdfmc0$po6$1@news.spamcop.net> <gdg76a$p62$1@news.spamcop.net>
	<gdgmbh$1fb$1@news.spamcop.net>
Message-ID: <gdgrht$e03$1@news.spamcop.net>

> Twayne wrote:
>>> Mike Easter wrote:
>>>> Twayne wrote:
>>>>
>>>>> I'm really looking for a sanity check here:
>>>>
>>>> I have a hard time understanding a 'thing' based on its verbose
>>>> description.
>
>> lol, I would suggest then that next time, simply take a pass on
>> responding, especially twice, since you apparently cannot respond to
>> a situational case with an opinion.  Simply responding with what you
>> cannot do and a tad of why you can't do it is a little trivial, don't
>> you think?  I can see no purpose in either response; only bitching,
>> really, but I will admit to not reading very closely after the first
>> para.
>
> I was giving you a chance to make/create a useful question in just two
> lines instead of something else in 62 lines X2.
>
> Or not.
>
> That is, I'm suggesting to you how you could have asked your question
> while it appears to me that you are suggesting to me how I should go
> about not answering  an insufficiently posed question instead of
> recommending a better form of your OP.
>
> Or, in terse/succinct format:
>
> You:  bad question content.  (and verbose)
> Me:  'That doesn't work.  I suggest a better question form.'
> You:  'In the future don't even answer.'
> Me:  'In the future ask your question better in 2 lines.'
>
> I'm putting the executive summary down near the bottom here instead
> of at the top in spite of the fact that some executives can't read
> all the way to the bottom.

lol, Mike, you're quite an enigma at times.  I was tempted to continue 
this. especially the I said/you said, because it might be fun but ... 
it's too easy to get serious about non-serious things and my tendency to 
say what I think doesn't go over well with you.  NBD.
   Someday you will understand, believe me.

Cheers,

Twayne 


From nobody at devnull.spamcop.net  Sun Oct 19 22:53:24 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Oct 19 22:55:03 2008
Subject: [Scspamcop] Re: Think I reported a response about a spam; have Q
References: <gdfkab$hfb$2@news.spamcop.net> <gdflam$kdt$1@news.spamcop.net>
	<gdfmc0$po6$1@news.spamcop.net> <gdg76a$p62$1@news.spamcop.net>
	<gdg7b2$pe0$1@news.spamcop.net>
Message-ID: <gdgrr5$ek4$1@news.spamcop.net>

> "Twayne" <nobody@devnull.spamcop.net> wrote in message
> news:gdg76a$p62$1@news.spamcop.net...
>>> Mike Easter wrote:
>>>> Twayne wrote:
>>>>
>>>>> I'm really looking for a sanity check here:
>>>>
>>>> I have a hard time understanding a 'thing' based on its verbose
>>>> description.
>>>
>>> That is, I would not base my interpretation of a 'thing' based on
>>> what someone else says about it -- based on what someone is
>>> interpreting _for_ me.
>> ...
>>
>>
>> lol, I would suggest then that next time, simply take a pass on
>> responding, especially twice, since you apparently cannot respond to
>> a situational case with an opinion.  Simply responding with what you
>> cannot do and a tad of why you can't do it is a little trivial,
>> don't you think? I can see no purpose in either response; only
>> bitching, really, but I will admit to not reading very closely after
>> the first para. Thought you should know
>
> Well sometimes ME can be a bit pedantic, but in the case of your OP,
> I agree completely.

Oh, Mike's fine; he's just like the rest of us (that'll raise his 
eyebrows!).  But I mean in that he has his own quirks and talents, same 
as we all do.  Life's too short to be anything but what we all are.  His 
contributions here cannot be disputed just as his "verbosity" is 
occasionally noted for its conciseness<g>.

Cheers,


From nobody at devnull.spamcop.net  Mon Oct 20 05:47:46 2008
From: nobody at devnull.spamcop.net (MB)
Date: Mon Oct 20 05:50:03 2008
Subject: [Scspamcop] What's the fuck going on?
Message-ID: <gdhk42$u9r$1@news.spamcop.net>

I need send urgnet mail to my client.
Have a private domain with no any users except me. Use Linux, so don't 
have viruses.
WHY I'M BLACKLISTED!!!??!?

MB
From user at domain.invalid  Mon Oct 20 07:36:46 2008
From: user at domain.invalid (Farelf)
Date: Mon Oct 20 07:40:04 2008
Subject: [Scspamcop] Re: What's the fuck going on?
In-Reply-To: <gdhk42$u9r$1@news.spamcop.net>
References: <gdhk42$u9r$1@news.spamcop.net>
Message-ID: <gdhqgf$m7o$1@news.spamcop.net>

MB wrote:
> I need send urgnet mail to my client.
> Have a private domain with no any users except me. Use Linux, so don't 
> have viruses.
> WHY I'M BLACKLISTED!!!??!?
> 
> MB

Don't know without some clues.  You do know it is mostly just users 
here, don't you?  Is it really a SC listing that is causing problems 
with your client's provider?  Paste in your IP address at 
http://www.spamcop.net/bl.shtml if you're not sure.  SC doesn't list 
domains for the blocklist - it lists IP addresses.



From nobody at devnull.spamcop.net  Mon Oct 20 08:23:52 2008
From: nobody at devnull.spamcop.net (MB)
Date: Mon Oct 20 08:25:04 2008
Subject: [Scspamcop] Re: What's the fuck going on?
In-Reply-To: <gdhqgf$m7o$1@news.spamcop.net>
References: <gdhk42$u9r$1@news.spamcop.net> <gdhqgf$m7o$1@news.spamcop.net>
Message-ID: <gdht8s$vco$1@news.spamcop.net>

Farelf wrote:
> Don't know without some clues.  You do know it is mostly just users 
> here, don't you? 
Yes - it is my private domain and the only mailbox is configured only on 
my notebook, so I have full control.

> Is it really a SC listing that is causing problems 
> with your client's provider?  Paste in your IP address at 
> http://www.spamcop.net/bl.shtml if you're not sure.  SC doesn't list 
> domains for the blocklist - it lists IP addresses.
Yes - the server of my provider is blacklisted.
It is VERY bad: my mailbox provider has hundried of domains of his 
clients configured on it. If one of them would have a virus sending 
spam, ALL the rest would be blacklisted, even beeing not responsible for 
the spam?

MB
From MikeE at ster.invalid  Mon Oct 20 08:46:53 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct 20 08:50:03 2008
Subject: [Scspamcop] Re: What's the fuck going on?
References: <gdhk42$u9r$1@news.spamcop.net> <gdhqgf$m7o$1@news.spamcop.net>
	<gdht8s$vco$1@news.spamcop.net>
Message-ID: <gdhujg$6ji$1@news.spamcop.net>

MB wrote:
> Farelf wrote:
>> Don't know without some clues.  You do know it is mostly just users
>> here, don't you?
> Yes - it is my private domain and the only mailbox is configured only on
> my notebook, so I have full control.
>
>> Is it really a SC listing that is causing problems
>> with your client's provider?  Paste in your IP address at
>> http://www.spamcop.net/bl.shtml if you're not sure.  SC doesn't list
>> domains for the blocklist - it lists IP addresses.
> Yes - the server of my provider is blacklisted.
> It is VERY bad: my mailbox provider has hundried of domains of his
> clients configured on it. If one of them would have a virus sending
> spam, ALL the rest would be blacklisted, even beeing not responsible for
> the spam?

If you are using an output server for your outgoing mail which is getting
itself blocklisted on spamcop and/or other blocklists, then those
receiving servers which use blocklists to aid them in rejecting spam are
going to block your mail because it is coming from a blocklisted IP.

Typically when there is a spam output problem from an IP which causes it
to get blocklisted on spamcop's SCbl list, it also will have problems
getting itself listed on other lists which can be even more problematic
than SC's.

SC's list is very dynamic, listing quickly and also automatically
delisting if/when the spam stops.  SC's system is also designed to provide
a notification to the provider for sourcing spam items which are reported
by spamcop reporters - but does not provide a notification to the provider
for spam items which are hitting spamtraps.

Besides the SC blocklist checking page above, you can also check the IP of
the output server at a site which shows multiple blocklists such as
http://www.mxtoolbox.com/blacklists.aspx  This test will check a mail
server IP address against 147 DNS based email blacklists.

The other thing you may want to research at mxtoolbox is the type of
services offered.  If you are currently using an output server which is
getting itself blocklisted, you need to consider using a server for your
outgoing mail which does _not_ get itself blocklisted.  There are many
such hosts available.



-- 
Mike Easter
kibitzer, not SC admin

From user at domain.invalid  Mon Oct 20 09:07:52 2008
From: user at domain.invalid (Farelf)
Date: Mon Oct 20 09:10:04 2008
Subject: [Scspamcop] Re: What's the fuck going on?
In-Reply-To: <gdht8s$vco$1@news.spamcop.net>
References: <gdhk42$u9r$1@news.spamcop.net> <gdhqgf$m7o$1@news.spamcop.net>
	<gdht8s$vco$1@news.spamcop.net>
Message-ID: <gdhvr9$b6u$1@news.spamcop.net>

MB wrote:

> Yes - the server of my provider is blacklisted.
> It is VERY bad: my mailbox provider has hundried of domains of his 
> clients configured on it. If one of them would have a virus sending 
> spam, ALL the rest would be blacklisted, even beeing not responsible for 
> the spam?
> 
> MB

Yes, that is the way DNSBLs work - that IP address is the only reliably 
identified source that the internet can 'see' (domains are routinely 
forged in spam), only the provider might have logs to look deeper.  Some 
other BLs are stricter, 'escalating' to whole blocks of addresses.

SC only lists while spam is being sent and up to 24 hours after 
(delisting is automatic - not many others are - and it can be quicker if 
your provider cuts off the source and manually delists from the SCBL but 
they have to be sure it is stopped).  SC is meant to provide early 
warning (before stricter BLs take notice) and it is not recommended for 
use to block.

It would be your client's incoming server doing the blocking (SC itself 
can't do that).  Maybe they/their provider can whitelist you?  I keep 
Yahoo and Hotmail accounts for when my main address is blocked.  That is 
another short-term solution maybe.
From nobody at spamcop.net  Mon Oct 20 18:26:18 2008
From: nobody at spamcop.net (RandallW)
Date: Mon Oct 20 18:30:03 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd5al4$4cj$1@news.spamcop.net>
Message-ID: <gdj0ic$er3$1@news.spamcop.net>

Spammers want one or both of these things:

#1: Your money
#2: Your personal information, so they can steal your money 


From 127 at [127.0.0.1]  Mon Oct 20 18:49:57 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Mon Oct 20 20:55:04 2008
Subject: [Scspamcop] Re: What's the catch?
References: <gd4ok2$kra$1@news.spamcop.net> <gd4tb9$86j$1@news.spamcop.net>
	<16VdL8EEd+9IFw3S@spam.filter> <gd8vg9$f3o$1@news.spamcop.net>
	<sR0hyDC2N4+IFwPx@spam.filter> <gdg7np$qgs$1@news.spamcop.net>
Message-ID: <YI98kVHVsQ$IFwga@spam.filter>

In article <gdg7np$qgs$1@news.spamcop.net>, bar0 <nobody@spamcop.net>
writes
>
>"vg4cysss7001" <127@[127.0.0.1]> wrote in message
>news:sR0hyDC2N4+IFwPx@spam.filter...
>.....
>>        Do I detect irony/sarcasm? :-)
>>
>>        Please note that I am on a very slow GPRS net connection,
>>        so do not have the bandwidth to research Warri and that
>>        "year 4" and "year 5" are meaningless in an international
>>        context :-(
>>
>>        Also, your Outhouse Distress failed to strip my .sig.
>
>Warri is a large city (~10E6 people) South of Lagos,

        Lagos - in Africa?

>"year number" is how
>school Primary school years are named in the British School system.

        I had a stepchild in UK school a few years ago: Key stage 1, key
stage 2, etc., and SATs.

>Forms
>are in the "public" (British meaning) school system which is essentially
>Secondary.

        I recently taught one of my classes about the UK educational
system by age of attendee, from creche through to Open University.

        "Form" is (was?) also used in Grammar schools.
        Also "sixth-form college".

>Years 4 & 5 would roughly be 4th and 5th grade US/Canada etc.
>

        Here in Russia, children do not start school until age 7.

>O-Distress has some failings, sorry
>

        When I used it, I added OE-Quotefix to it.
        Sorry, URL is on another computer 6,000 miles away,
        but you could easily find it.

>I can't imagine reading NG's through GPRS that must cost.

        550 RUR in 48 hours :-(
        I am told that university lecturers are paid 2,000 per month,
        about ?40-45 GBP.
        I should have bought 2 and a half litres of vodka instead :-)
        OK, I'm a Masochist - I try to BitTorrent as well! :-)

        Imagine how much trawling through web fora would cost.
        Another reason to avoid them!

>
>Yes it was sarcasm/humour.
>

        I guessed, but without body language sometimes it's hard to
tell.
>

Best,
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From ppearson at nowhere.invalid  Wed Oct 22 17:40:10 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Wed Oct 22 17:45:03 2008
Subject: [Scspamcop] MillerSmiles off the air?
Message-ID: <gdo6jq$k7e$1@news.spamcop.net>

I apologize for being a bit off-topic.

My favorite anti-phishing site, millersmiles.co.uk, appears
to have gone off the air sometime between 05:31 GMT and now
(21:36 GMT).  Attempts to browse there get this:

               This Account Has Been Suspended
  Please contact the billing/support department as soon as possible. 

Does anybody here know what's going on?  Of course, maybe
someone just forgot to pay a bill, but given how many enemies
millersmiles has probably made, . . .

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From MikeE at ster.invalid  Wed Oct 22 18:38:53 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Oct 22 18:40:02 2008
Subject: [Scspamcop] Re: MillerSmiles off the air?
References: <gdo6jq$k7e$1@news.spamcop.net>
Message-ID: <gdoa1s$20h$1@news.spamcop.net>

Peter Pearson wrote:
> I apologize for being a bit off-topic.
>
> My favorite anti-phishing site, millersmiles.co.uk, appears
> to have gone off the air sometime between 05:31 GMT and now
> (21:36 GMT).  Attempts to browse there get this:
>
>                This Account Has Been Suspended
>   Please contact the billing/support department as soon as possible.

This is just my guess.  Google's cache sez that the site was alive as
recently as Oct 22, 2008 05:31:40 GMT

> Does anybody here know what's going on?  Of course, maybe
> someone just forgot to pay a bill, but given how many enemies
> millersmiles has probably made, . . .

millersmiles webservice is provided by Poundhost which poundhost's plans
are all based on a maximum of transfer G's per month, from 2000 to 10000.
http://www.poundhost.com/

I suspect that the site is so busy that they exceeded their gig
arrangement limit, and they didn't have an arrangement in place to
accommodate excesses -- or the arrangement was insufficient.

Or, that they didn't get their bill paid in a timely fashion.



-- 
Mike Easter
kibitzer, not SC admin

From ppearson at nowhere.invalid  Wed Oct 22 23:32:53 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Wed Oct 22 23:35:02 2008
Subject: [Scspamcop] Re: MillerSmiles off the air?
References: <gdo6jq$k7e$1@news.spamcop.net> <gdoa1s$20h$1@news.spamcop.net>
Message-ID: <gdor95$dib$1@news.spamcop.net>

On Wed, 22 Oct 2008 15:38:53 -0700, Mike Easter <MikeE@ster.invalid> wrote:
> Peter Pearson wrote:
[snip]
>>
>> My favorite anti-phishing site, millersmiles.co.uk, appears
>> to have gone off the air sometime between 05:31 GMT and now
>> (21:36 GMT).  Attempts to browse there get this:
>>
>>                This Account Has Been Suspended
>>   Please contact the billing/support department as soon as possible.
[snip]
> millersmiles webservice is provided by Poundhost which poundhost's plans
> are all based on a maximum of transfer G's per month, from 2000 to 10000.
> http://www.poundhost.com/
>
> I suspect that the site is so busy that they exceeded their gig
> arrangement limit, and they didn't have an arrangement in place to
> accommodate excesses -- or the arrangement was insufficient.
>
> Or, that they didn't get their bill paid in a timely fashion.

Thanks for the background info.  I hope they'll be back soon.

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From nobody at devnull.spamcop.net  Thu Oct 23 12:19:20 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Thu Oct 23 12:20:03 2008
Subject: [Scspamcop] A QR of mines just bounced back
Message-ID: <gdq84r$qgh$1@news.spamcop.net>

Dears,

A QR I sent @ 23 Oct 2008 08:19:41 -0700 bounced back with message:

    5.1.0 - Unknown address error 550-'#5.1.0 Address rejected.'

I'm not giving an SC-parsed URL of the bounce here because I want of course 
avoid to disclose my QR mail address, but I would like to know if this kind 
of bounces may occasionally happen (say, as the result of restarting a 
server in SC or whatever).

Giampaolo 


From nobody at devnull.spamcop.net  Thu Oct 23 20:41:44 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Oct 23 20:45:04 2008
Subject: [Scspamcop] Undeliverable mail to spam submit?
Message-ID: <gdr5k1$ocr$1@news.spamcop.net>

Hi,

Is this of any consequence to anyone?  It was temporary because I 
submitted mails both before and after this one and all have been sent 
back for me to finish the reporting on.

Although it shows a received time of 2:03 PM I just recieved this about 
8:25 PM.
I carefully compared the address to that on the web site and it's 
exactly the same so technically I don't believe there was any reason for 
the failure.  It contained two spams, short ones, much less than 50k.

---------------------
The following message to 
<submit.xxxxxxxxxxxxxxxxxxxxxxxx@spam.spamcop.net> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'#5.1.0 Address rejected.'
-------------------

Tracker: 
http://www.spamcop.net/sc?id=z2358857919z23dc6a8849a4b8535b820eff352f8097z
FWIW, which probably isn't much.

Not a real problem here; but I thought I'd post it in case it fits with 
anything else going on.

Cheers,

Twayne
--
Nothing in the world is more dangerous
 than sincere ignorance and
conscientious stupidity..
                                        - ML King


From nobody at no.no  Fri Oct 24 06:57:31 2008
From: nobody at no.no (helge)
Date: Fri Oct 24 07:00:03 2008
Subject: [Scspamcop] taken for  a redirecting ride
Message-ID: <gds9o7$4rh$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2359823129zfa76772cc0ad24e6b94201aa2b07b495z

says:
    ct-abuse@sprint.net redirects to ct-abuse@abuse.sprint.net
    ct-abuse@abuse.sprint.net redirects to ct-abuse@sprint.net
    ct-abuse@sprint.net redirects to ct-abuse@abuse.sprint.net

which probably means that sprint doesn't want to be notified. Good to 
know then, that the report goes to seven Chinese mailboxes.

helge
From nobody at devnull.spamcop.net  Fri Oct 24 11:49:00 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Oct 24 11:50:03 2008
Subject: [Scspamcop] Re: Undeliverable mail to spam submit?
References: <gdr5k1$ocr$1@news.spamcop.net>
	<rjt2g492tmf4qh97tmdo7ffmghf22kfpft@4ax.com>
Message-ID: <gdsqp3$osp$1@news.spamcop.net>

> Twayne wrote:
>> - '#5.1.0 Address rejected.'
>
> That tells the tale.  For some reason, the system is rejecting some
> emails to valid addresses.  I'm looking into it.
>
>> -http://www.spamcop.net/sc?id=z2358857919z23dc6a8849a4b8535b820eff352f8097z
>
> How did you get a Tracking URL from a spam submission that was
> rejected?
>
> - Don D'Minion - SpamCop Admin -

Sorry; that's just the tracker from the failure notice; to prove it came 
from SC more than anything else and wasn't junk or made up. Was Canceled 
of course.

Twayne


From MikeE at ster.invalid  Fri Oct 24 11:52:23 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Oct 24 11:55:03 2008
Subject: [Scspamcop] Re: Undeliverable mail to spam submit?
References: <gdr5k1$ocr$1@news.spamcop.net>
	<rjt2g492tmf4qh97tmdo7ffmghf22kfpft@4ax.com>
Message-ID: <gdsqvk$pns$1@news.spamcop.net>

SpamCop Admin wrote:
> Twayne wrote:
>> - '#5.1.0 Address rejected.'
>
> That tells the tale.  For some reason, the system is rejecting some
> emails to valid addresses.  I'm looking into it.
>
>> -http://www.spamcop.net/sc?id=z2358857919z23dc6a8849a4b8535b820eff352f8
097z
>
> How did you get a Tracking URL from a spam submission that was
> rejected?

He was using the tracker to illustrate to (all of) us the bounce & what
bounced..

The tracker shows the elements (from the top down) -1- bounce -2- Twayne
submit to SC -3- 2 spams submitted



-- 
Mike Easter
kibitzer, not SC admin

From gary-sc at invalid.com  Sun Oct 26 11:19:15 2008
From: gary-sc at invalid.com (Gary)
Date: Sun Oct 26 11:20:03 2008
Subject: [Scspamcop] header parsing errors
Message-ID: <ge21pk$tge$1@news.spamcop.net>

Hello,

I have been unable to report the last several spam emails that I have 
received as SpamCop is unable to parse the headers.

Here is the most recent tracking URL
http://www.spamcop.net/sc?id=z2365292266z33155afd12d663b93401c3b4c34510e8z.

I have attempted to report the spam manually by just including the 
headers and a blank line. But the result is the same.

Regards,
Gary
From MikeE at ster.invalid  Sun Oct 26 13:10:20 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Oct 26 12:15:03 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net>
Message-ID: <ge24pn$bmo$1@news.spamcop.net>

Gary wrote:

> I have been unable to report the last several spam emails that I have
> received as SpamCop is unable to parse the headers.
>
> Here is the most recent tracking URL
>
http://www.spamcop.net/sc?id=z2365292266z33155afd12d663b93401c3b4c34510e8z
.
>
> I have attempted to report the spam manually by just including the
> headers and a blank line. But the result is the same.

The parsing algorithm requires that there be a 'sufficient' number of
elements in the header or the algo won't parse, presumably assuming that
'something must be wrong' with the submission.  Typical elements in an
email besides the Received tracelines are such as Subject, From, To.  This
item has none of those and cannot be reported.

For demonstration/experimental purposes, I sometimes 'forge' an artificial
spam to get a parse, then cancel the report.

http://www.spamcop.net/sc?id=z2365359723z662e3e0d6fb9439430b794add94bf338z
mod:  Subject: <none>

Report Spam to:

Re: 70.38.45.193 (Administrator of network where email originates)
 To: abuse@privatedns.com (Notes)

Re: http://thebatcomputer.com/ekeozwtdogyglyztf/ (Administrator of network
hosting website referenced in spam)
 To: abuse@privatedns.com (Notes)

Re: http://thebatcomputer.com/kkkojdoftvpglyhtz/ (Administrator of network
hosting website referenced in spam)
 To: abuse@privatedns.com (Notes)
<cancelled>

http://www.spamcop.net/sc?id=z2365364696zdc270249dca3698946460152392abfe7z
mod:  To: <none>

result, parsed, reports same as above, also cancelled

http://www.spamcop.net/sc?id=z2365367852z0b423190e7f5e6408ae0926eb51c2463z
mod:  From: <none>

result, parsed, reports same as above, also cancelled

BTW, none of those reports derived from the 'mild' forgeries are the way I
would 'manually' report that spam.



-- 
Mike Easter
kibitzer, not SC admin

From MaPoubelle200810 at orange.fr  Mon Oct 27 07:21:54 2008
From: MaPoubelle200810 at orange.fr (le teuton)
Date: Mon Oct 27 07:25:04 2008
Subject: [Scspamcop] BCC in Header not munged
Message-ID: <ge486v$mn6$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2367396578z1fe5b8cc7c706c099c3b521261ebed1cz

Lately, I received several spam mails where To and X-Bcc where the same, 
but SC did not munge the email address in the X-Bcc part. Thus, sending 
the reports would reveal the email address to the spammer.

Kind regards,
Michel
From MikeE at ster.invalid  Mon Oct 27 09:16:30 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct 27 08:20:03 2008
Subject: [Scspamcop] Re: BCC in Header not munged
References: <ge486v$mn6$1@news.spamcop.net>
Message-ID: <ge4bf8$r1n$1@news.spamcop.net>

le teuton wrote:
>
http://www.spamcop.net/sc?id=z2367396578z1fe5b8cc7c706c099c3b521261ebed1cz
>
> Lately, I received several spam mails where To and X-Bcc where the same,
> but SC did not munge the email address in the X-Bcc part. Thus, sending
> the reports would reveal the email address to the spammer.

It would be my opinion that the opinion of SC admin would be to allow you
to munge/delete that X-Bcc address without breaking the material changes
to spam rules seen at http://www.spamcop.net/fom-serve/cache/283.html
Material changes to spam

The existing rules allow you to munge your address if found in the body of
the message with the stipulation that you must not make that munge if it
is going to a provider which does not allow munging of reports -- so I
would assume that 'my own address mungeing' would extend to (any) other
places the address is found in the headers.

SC automunges more than the To.  It also makes munges in the Received
tracelines and other places that your address may appear.  It would be
helpful if the algo could take care of this X-Bcc problem as well.  My
concept would be that the algo would munge everything that looks like an
address which appears anywhere other than the Reply-To, From, Return-Path,
or Message-ID lines.

Just now I don't recall what SC's automunge does when your own address
appears in the From or from-like lines.



-- 
Mike Easter
kibitzer, not SC admin

From gary-sc at invalid.com  Mon Oct 27 11:11:14 2008
From: gary-sc at invalid.com (Gary)
Date: Mon Oct 27 11:15:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge24pn$bmo$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
Message-ID: <ge4lmi$jej$1@news.spamcop.net>

Hello Mike,

Thanks for the information. I was assuming that something was missing.

Now for a question of protocol. In order to report the spam, would it be 
acceptable for me to add the missing elements as the email did come to 
me. Or is there a better way to go about this?

Regards,
Gary

Mike Easter wrote:
> Gary wrote:
> 
>> I have been unable to report the last several spam emails that I have
>> received as SpamCop is unable to parse the headers.
>>
>> Here is the most recent tracking URL
>>
> http://www.spamcop.net/sc?id=z2365292266z33155afd12d663b93401c3b4c34510e8z
> .
>> I have attempted to report the spam manually by just including the
>> headers and a blank line. But the result is the same.
> 
> The parsing algorithm requires that there be a 'sufficient' number of
> elements in the header or the algo won't parse, presumably assuming that
> 'something must be wrong' with the submission.  Typical elements in an
> email besides the Received tracelines are such as Subject, From, To.  This
> item has none of those and cannot be reported.
> 
> For demonstration/experimental purposes, I sometimes 'forge' an artificial
> spam to get a parse, then cancel the report.
> 
> http://www.spamcop.net/sc?id=z2365359723z662e3e0d6fb9439430b794add94bf338z
> mod:  Subject: <none>
> 
> Report Spam to:
> 
> Re: 70.38.45.193 (Administrator of network where email originates)
>  To: abuse@privatedns.com (Notes)
> 
> Re: http://thebatcomputer.com/ekeozwtdogyglyztf/ (Administrator of network
> hosting website referenced in spam)
>  To: abuse@privatedns.com (Notes)
> 
> Re: http://thebatcomputer.com/kkkojdoftvpglyhtz/ (Administrator of network
> hosting website referenced in spam)
>  To: abuse@privatedns.com (Notes)
> <cancelled>
> 
> http://www.spamcop.net/sc?id=z2365364696zdc270249dca3698946460152392abfe7z
> mod:  To: <none>
> 
> result, parsed, reports same as above, also cancelled
> 
> http://www.spamcop.net/sc?id=z2365367852z0b423190e7f5e6408ae0926eb51c2463z
> mod:  From: <none>
> 
> result, parsed, reports same as above, also cancelled
> 
> BTW, none of those reports derived from the 'mild' forgeries are the way I
> would 'manually' report that spam.
> 
> 
> 
From MikeE at ster.invalid  Mon Oct 27 11:28:04 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct 27 11:30:04 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net>
Message-ID: <ge4mmg$oig$1@news.spamcop.net>

Gary top posted:

> Thanks for the information. I was assuming that something was missing.
>
> Now for a question of protocol. In order to report the spam, would it be
> acceptable for me to add the missing elements as the email did come to
> me. Or is there a better way to go about this?

In my opinion, the rules against material changes are strict rather than
flexible.  IMO, the most important element of the material change rule is
the concept that you cannot make changes that would cause spamcop to be
able to make a report/notify that it would not be able to otherwise do.

http://www.spamcop.net/fom-serve/cache/283.html  Rules - everybody read! :
Material changes to spam - Do not make any material changes to spam before
submitting or parsing which may cause SpamCop to find a link, address or
URL it normally would not, by design, find.

To me, forging or altering the spam headers into something different than
they were which 'enables' SC to be able to report (as opposed to 'find'
above) is against the rules -- unless you have the specific and particular
blessing of a SC admin to do the exact and particular modification which
SC admin authorizes.

Further, the rules are (potentially) 'harsh' if enforced --
http://www.spamcop.net/fom-serve/cache/143.html  Rules - everybody read! :
What if I break the rule(s)? -- ... Free users who break one of the rules
will be immediately banned from SpamCop. - Paying Reporting Service
Members: Members who break a rule will be fined $2.00 worth of fuel, your
account could be suspended or you could be banned from future use of the
service.

Also, when you top post, you fail trim and context remarks, so that your
words don't fall just under those words of mine which you are addressing.
By doing so, you cause the part of my remarks where I say that I am
forging the experimental spam and cancelling the report - to disappear.


> Mike Easter wrote:
>> For demonstration/experimental purposes, I sometimes 'forge' an
>> artificial spam to get a parse, then cancel the report.

>> BTW, none of those reports derived from the 'mild' forgeries are the
>> way I would 'manually' report that spam.


The purpose of my forgery/experiment was *NOT* to teach you how to forge
spam and how to break the rules -- but instead my forgery experiment was
simply to illustrate how the algorithm works to assess the quality or
integrity of headers.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at no.no  Mon Oct 27 17:06:32 2008
From: nobody at no.no (helge)
Date: Mon Oct 27 17:10:02 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge4lmi$jej$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net>
Message-ID: <ge5aic$hm8$1@news.spamcop.net>

Gary skrev:
> Hello Mike,
> 
> Thanks for the information. I was assuming that something was missing.
> 
> Now for a question of protocol. In order to report the spam, would it be 
> acceptable for me to add the missing elements as the email did come to 
> me. Or is there a better way to go about this?
> 
> Regards,
> Gary

These tracking urls:
http://www.spamcop.net/sc?id=z2368993312zd88dcdc07a396b20bba8b495ae415cf5z 

and
http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
look like your example, but when quick-reported they gave a better result:
http://www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz
and
http://www.spamcop.net/sc?id=z2367914037zefa3ed7ea84431f36e5f1c0dab5efcabz.

So if quick reporting is an option for you, try that.

Most of my spam is in this category now, but they seem to come in two 
sizes, 2-4kb or 17-20kb. All of them show up in my held mail folder 
with 'unknown date', 'invalid email address' and 'no subject'.
> 
> Mike Easter wrote:

>snip
>> BTW, none of those reports derived from the 'mild' forgeries are the 
>> way I
>> would 'manually' report that spam.

What about my examples?

helge
From MikeE at ster.invalid  Mon Oct 27 18:00:02 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Oct 27 18:05:02 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
Message-ID: <ge5dle$sf0$1@news.spamcop.net>

helge wrote:
> These tracking urls:
www.spamcop.net/sc?id=z2368993312zd88dcdc07a396b20bba8b495ae415cf5z

> and
www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
> look like your example,

Correct, those two lack all 3 subject, to, & from.

> but when quick-reported they gave a better
> result:
www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz
> and
www.spamcop.net/sc?id=z2367914037zefa3ed7ea84431f36e5f1c0dab5efcabz.

No.  Those two both have all 3 subject, to, & from.  Those are not
trackers for the same spams.

>>> BTW, none of those reports derived from the 'mild' forgeries are the
>>> way I would 'manually' report that spam.

> What about my examples?

Your examples are 4 different spams whereas Gary's was one.  My objection
to SC's notify for my forged derivation result of Gary's wasn't based on
any 'mistakes' in SC parsing, but a difference of opinion about how to
notify.

SC got the source IP right, but I didn't really like the address it wanted
to notify.  I would do it differently.  In the case of the spamvertiser,
the spammer was being shifty and redirected to the payload URL.  If one
were going to bother to notify the spamvertiser provider, which I usually
don't, then I would notify the provider for where the real payload was,
not the provider of the redirector.

Choose two of yours and I'll say how I would notify for them and why.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at no.no  Tue Oct 28 06:24:28 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 06:30:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge5dle$sf0$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net>
Message-ID: <ge6pah$79a$1@news.spamcop.net>

Mike Easter skrev:
> helge wrote:
>> These tracking urls:
> www.spamcop.net/sc?id=z2368993312zd88dcdc07a396b20bba8b495ae415cf5z
> 
>> and
> www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
>> look like your example,
> 
> Correct, those two lack all 3 subject, to, & from.
> 
>> but when quick-reported they gave a better
>> result:
> www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz
>> and
> www.spamcop.net/sc?id=z2367914037zefa3ed7ea84431f36e5f1c0dab5efcabz.
> 
> No.  Those two both have all 3 subject, to, & from.  Those are not
> trackers for the same spams.

Sorry, but I am sure no.2 and 3 are identical
msg id <1a20______________________4dd6@avci.net> and
mxg id <1a20______________________4dd6@avci.net>

Possibly spamcop hiccups because of the timestamp
Mon, 27 Oct 3609(!) 17:09:14 +0000 and
Mon, 27 Oct 3609 17:09:14 +0000. There are also identical and partly 
illegible subjects and froms:
"=?windows-1251?B?QWRvbHBobyBBZGFtcw==?=" <sudeshnae@avci.net>
"=?windows-1251?B?QWRvbHBobyBBZGFtcw==?=" <sudeshnae@avci.net>

Another example from today Tue, 28 Oct 3609 10:23:42 +0900 (18kb)

http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
http://www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz

>>>> BTW, none of those reports derived from the 'mild' forgeries are the
>>>> way I would 'manually' report that spam.
> 
>> What about my examples?
> 
> Your examples are 4 different spams whereas Gary's was one.  My objection
> to SC's notify for my forged derivation result of Gary's wasn't based on
> any 'mistakes' in SC parsing, but a difference of opinion about how to
> notify.
> 
> SC got the source IP right, but I didn't really like the address it wanted
> to notify.  I would do it differently.  In the case of the spamvertiser,
> the spammer was being shifty and redirected to the payload URL.  If one
> were going to bother to notify the spamvertiser provider, which I usually
> don't, then I would notify the provider for where the real payload was,
> not the provider of the redirector.
> 
> Choose two of yours and I'll say how I would notify for them and why.

Say the two new ones, and I'll amend the question: why does the QR 
parsing work but the ordinary parsing not work

helge
From nobody at spamcop.net  Tue Oct 28 07:03:39 2008
From: nobody at spamcop.net (Ellen)
Date: Tue Oct 28 08:00:04 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge6pah$79a$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
Message-ID: <4906F18B.8050408@spamcop.net>

helge wrote:
> Mike Easter skrev:

>>http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
http://www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz

>> Choose two of yours and I'll say how I would notify for them and why.
> 
> Say the two new ones, and I'll amend the question: why does the QR 
> parsing work but the ordinary parsing not work
> 
> helge



The messageid/TO/Date etc have all been folded into one big line and the 
parser does not see anything beyond the messageID:

http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz

I assume that by quick reporting we are talking about checkmarking the 
spam and clicking the "report as spam" button while logged into 
webmail.spamcop.net and that by normal reporting we are talking about 
logging into http://www.spamcop.net and using VER?


Ellen
SpamCop
From nobody at no.no  Tue Oct 28 08:11:09 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 08:15:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <4906F18B.8050408@spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net>
Message-ID: <ge6vih$15t$1@news.spamcop.net>

Ellen skrev:
> helge wrote:

snip
> 
> The messageid/TO/Date etc have all been folded into one big line and the 
> parser does not see anything beyond the messageID:
> 
> http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
> 
> I assume that by quick reporting we are talking about checkmarking the 
> spam and clicking the "report as spam" button while logged into 
> webmail.spamcop.net and that by normal reporting we are talking about 
> logging into http://www.spamcop.net and using VER?

Thanks, Ellen. Yes,you are right - that's what I call quick report and
ordinary report respectively.

A minor point: Do you think the yearstamp 3609 also is a stumbling 
block for the parser?

helge



> Ellen
> SpamCop
From MikeE at ster.invalid  Tue Oct 28 08:23:48 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct 28 08:25:03 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
Message-ID: <ge708u$314$1@news.spamcop.net>

helge wrote:
> Mike Easter skrev:
>> helge wrote:
>>> These tracking urls:
>> www.spamcop.net/sc?id=z2368993312zd88dcdc07a396b20bba8b495ae415cf5z
>>
>>> and
>> www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
>>> look like your example,
>>
>> Correct, those two lack all 3 subject, to, & from.

I misinterpreted the top two because I failed to notice that they have
'concealed' header elements on a long extended MID line.  So a better
description would be that they have improperly constructed headers.

The top one has the following header elements 'stuffed' into the MID line:
From: To: Subject: Date: MIME-Version: Content-Type: X-Priority:
Mail-Priority: X-Mailer: X-MimeOLE:

As a consequence, there are insufficient header elements (on proper header
lines) for the SC parser to determine that there is 'sufficient' header.

The second one has the same condition of cramming header elements into a
long extended MID line.

Another anomalous appearance is the difference between how the header
looks in the 'view entire message' section vs how it looks in the 'normal'
view of the tracker.  View entire message appears to be almost normal,
with separate lines for the header elements which are crammed into the MID
line and the abnormalities are a 'smushing' of the top part of the body
into the headers (no empty line) followed by the spamcop Xlines.  We have
seen this anomalous condition before, presumed to be caused by spamcop
server handling errors.

This anomaly also appears in the second one.

>>> but when quick-reported they gave a better
>>> result:
>> www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz
>>> and
>> www.spamcop.net/sc?id=z2367914037zefa3ed7ea84431f36e5f1c0dab5efcabz.
>>
>> No.  Those two both have all 3 subject, to, & from.  Those are not
>> trackers for the same spams.
>
> Sorry, but I am sure no.2 and 3 are identical
> msg id <1a20______________________4dd6@avci.net> and
> mxg id <1a20______________________4dd6@avci.net>
>
> Possibly spamcop hiccups because of the timestamp
> Mon, 27 Oct 3609(!) 17:09:14 +0000 and
> Mon, 27 Oct 3609 17:09:14 +0000. There are also identical and partly
> illegible subjects and froms:
> "=?windows-1251?B?QWRvbHBobyBBZGFtcw==?=" <sudeshnae@avci.net>
> "=?windows-1251?B?QWRvbHBobyBBZGFtcw==?=" <sudeshnae@avci.net>

You are correct that #2 & #3 are 'based on' the same spam item, but they
are not 'identical' in their appearance at the tracker at all.

#2 has all of the anomalies I described.  Numerous header elements smushed
into the MID line + displacement of the SC X lines 'downward' (fractured)
+ smushing of the top part of the body into the header then followed by
the displaced SC Xlines.

#3 appears to be the same spam without all of those anomalies.  So, we can
call #2 smushed in 2 ways and 'fractured' -- whereas #3 is not smushed in
those ways /or/ fractured.

> Another example from today Tue, 28 Oct 3609 10:23:42 +0900 (18kb)

I'm going to start this in another message.



-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Tue Oct 28 08:40:03 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct 28 08:45:02 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
Message-ID: <ge717e$6k3$1@news.spamcop.net>

helge wrote:

> Another example from today Tue, 28 Oct 3609 10:23:42 +0900 (18kb)
>
>
http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz

When this is viewed in the normal view, we see the MID line with a number
of elements on its line.  When this is viewed in the view entire message
view, we see the elements on their own lines, but we see other
anomalies -- we see the SC Xlines fractured and displaced down into the
body and we see the top part of the body smushed up into the header
without an empty line (followed by the SC Xlines)

>
http://www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz

This appears to be derived from the same spam, but viewed in the normal
view the header elements are not crammed into the MID line.  However, when
viewed in the entire message view, we still see the other anomalies of SC
Xlines fractured and displaced down into the body and the top part of the
body smushed up into the header without an empty line followed by the SC
Xlines.

> Say the two new ones, and I'll amend the question: why does the QR
> parsing work but the ordinary parsing not work

I don't even know how much of this problem is being introduced by the SC
server.  Once we see the SC server creating some of the problem, I don't
know how much to blame on that mechanism.  SC has dirty hands in this.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Tue Oct 28 10:02:09 2008
From: nobody at spamcop.net (Ellen)
Date: Tue Oct 28 10:10:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge6vih$15t$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
Message-ID: <49071B61.9090107@spamcop.net>

helge wrote:

> 
> A minor point: Do you think the yearstamp 3609 also is a stumbling block 
> for the parser?
> 
> helge
> 

If you mean this:

Date: Mon, 27 Oct 3609 17:09:14 +0000

As far as I know the parser looks for a subset of the 
to/from/date/messageID elements to know that full headers have been 
provided but does not check them for sanity.

I seem to remember a known problem with header lines being smooshed 
together sometimes in the interface between the email system and the 
parsing system but I could just be delusional. In any case, I have 
emailed Don about this issue ...


Ellen
SpamCop
From nobody at no.no  Tue Oct 28 10:29:39 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 10:35:04 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <49071B61.9090107@spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net>
Message-ID: <ge77m7$1to$1@news.spamcop.net>

Ellen skrev:
> helge wrote:
> 
>>
>> A minor point: Do you think the yearstamp 3609 also is a stumbling 
>> block for the parser?
>>
>> helge
>>
> 
> If you mean this:
> 
> Date: Mon, 27 Oct 3609 17:09:14 +0000
> 
> As far as I know the parser looks for a subset of the 
> to/from/date/messageID elements to know that full headers have been 
> provided but does not check them for sanity.
> 
> I seem to remember a known problem with header lines being smooshed 
> together sometimes in the interface between the email system and the 
> parsing system but I could just be delusional. In any case, I have 
> emailed Don about this issue ...
> 
> 
> Ellen
> SpamCop


Thanks, Ellen.

When I forward such messages to my fastmail address, the from and the 
subject become legible (translated from the windows 1251 - cyrillic?) 
and sane, but the timestamp there is transformed into:
13 Dec 1901 8:45 PM  ( 106 years 10 months ago )

Your word smoosh and Mike's version of the same word smush are not 
listed in my primary dictionary sources (COD, M-W), but I found them 
in Dictionary.com.

helge
From nobody at no.no  Tue Oct 28 10:42:57 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 10:45:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge717e$6k3$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<ge717e$6k3$1@news.spamcop.net>
Message-ID: <ge78f5$3sq$1@news.spamcop.net>

Mike Easter skrev:
> helge wrote:
> 
>> Another example from today Tue, 28 Oct 3609 10:23:42 +0900 (18kb)
>>
>>
> http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
> 
> When this is viewed in the normal view, we see the MID line with a number
> of elements on its line.  When this is viewed in the view entire message
> view, we see the elements on their own lines, but we see other
> anomalies -- we see the SC Xlines fractured and displaced down into the
> body and we see the top part of the body smushed up into the header
> without an empty line (followed by the SC Xlines)
> 
> http://www.spamcop.net/sc?id=z2368630275zdf9c0bcb88f963a94cbc29fe43373d1fz
> 
> This appears to be derived from the same spam, but viewed in the normal
> view the header elements are not crammed into the MID line.  However, when
> viewed in the entire message view, we still see the other anomalies of SC
> Xlines fractured and displaced down into the body and the top part of the
> body smushed up into the header without an empty line followed by the SC
> Xlines.
> 
>> Say the two new ones, and I'll amend the question: why does the QR
>> parsing work but the ordinary parsing not work
> 
> I don't even know how much of this problem is being introduced by the SC
> server.  Once we see the SC server creating some of the problem, I don't
> know how much to blame on that mechanism.  SC has dirty hands in this.
> 

Thanks, Mike for the clarification. Ellen 'seem to remember a known 
problem with header lines being smooshed together sometimes in the 
interface between the email system and the parsing system'.

I wouldn't like to think the problem prevents SC reporters to report. 
Personally I am satisfied with the quick report solution - you have 
taught me not to shed a single tear for the lost opportunity to report 
spamvertised sites. But when these spams started dominating my held 
mail folder some two weeks ago or so, I was tempted to 'read' them to 
see what was new, and to full-report them from the 'report spam' 
button on my webmail page.

helge

From ppearson at nowhere.invalid  Tue Oct 28 11:12:25 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Tue Oct 28 11:15:03 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net>
Message-ID: <ge7a4p$6kr$1@news.spamcop.net>

On Tue, 28 Oct 2008 07:03:39 -0400, Ellen <nobody@spamcop.net> wrote:
>
> The messageid/TO/Date etc have all been folded into one big line and the 
> parser does not see anything beyond the messageID:
>
> http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz

Sorry to jump in late, but maybe the above is an example of
something I've been seeing for the past 10 days or so:
messages in which Message-ID, From, To, Subject, Date and
more are separated by carriage returns without linefeeds.
When I follow the above tracker, I don't see the <CR>s, but
I bet they're there.  The fact that different parsers see
the header differently (some see a subject, some don't) makes
these messages slippery.

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From MikeE at ster.invalid  Tue Oct 28 11:24:44 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct 28 11:25:02 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net> <ge77m7$1to$1@news.spamcop.net>
Message-ID: <ge7as6$9v0$1@news.spamcop.net>

helge wrote:

> Your word smoosh and Mike's version of the same word smush are not
> listed in my primary dictionary sources (COD, M-W), but I found them
> in Dictionary.com.

I'm prone to 'create' or use words that aren't really everyone-else types
of words, hoping that their neologistic meaning/interpretation will 'flow'
from some kind of logical process.

To me, my 'smush' kinda comes from smash/mash something into mush/smush -
or smush things together.

Smoosh seems the same, only 'oo' is somewhat more melodic/romantic instead
my schwa/germanic 'uh'.


-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Tue Oct 28 11:50:50 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct 28 11:55:03 2008
Subject: [Scspamcop] Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge7a4p$6kr$1@news.spamcop.net>
Message-ID: <ge7cd4$ei6$1@news.spamcop.net>

Peter Pearson wrote:

www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz

> Sorry to jump in late, but maybe the above is an example of
> something I've been seeing for the past 10 days or so:
> messages in which Message-ID, From, To, Subject, Date and
> more are separated by carriage returns without linefeeds.
> When I follow the above tracker, I don't see the <CR>s, but
> I bet they're there.  The fact that different parsers see
> the header differently (some see a subject, some don't) makes
> these messages slippery.

I'm thinking that the headers are not created 'normally' or compliantly in
terms of those EOLs - whether that noncompliance is intentional or
unintentional - and the altered structure causes both the parser and the
server-filter to handle the lines 'variably'.

The variable handling obscures header elements sometimes, resulting in an
inadequate header element 'count' - which causes the parser to refuse to
determine source or notifies - and it also causes the server filter and
its stamper to become confused about when the header is ending and when
the body is beginning, because the filter needs an empty line to recognize
header-body separation in there.

As a result, during the spamfilter's processing, it includes the top 3
elements (in the item above) of the message body, which consist of several
lines.  The first line is the announcement: 'This is a multi-part message
in MIME format.' (without quote)  The next lines are those which belong to
the boundary delimiter 'package' consisting of the boundary= delimiter and
the Content-Type and the Content-Transfer-Encoding.

The filter is confused by the noncompliant EOL problem and doesn't
recognize any empty line to separate the header from the body, so it
smushes those non-headerlines into the header and finally finds an empty
line after all of that -- at which time it then stamps its 2 SC Xlines
for -Checked and -Disposition.

This causes fracture/displacement of the SC Xlines - separation of them
from where they belong at the bottom of the header - and inclusion of the
above described message body elements into this now 'extended' header,
which extended header is also not compliant in terms of its 'missing'
header fields which were smushed into the MID line.

So, the header contains 'good' or compliant lines, those which were
stamped after a server received the item, such as Received tracelines and
the top Xlines.  All of the header lines which 'belong to' the original
spam, such as the 11 header lines from MID to X-MimeOLE are missing a
proper EOL, so they are handled noncompliantly.  Additional body lines
missing proper EOL are also handled noncompliantly, namely the first 3
elements of the body as described above.

Then, on top of everything else, the noncompliant EOLs cause the SC filter
to stamp its lines 'noncompliantly' or displaced -- because they should
have been stamped at the bottom of the header.  But since the bottom of
the header isn't recognized until after 3 elements of the body have been
smushed into the header, the SC Xlines are placed after those body parts.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Tue Oct 28 11:55:59 2008
From: nobody at spamcop.net (Ellen)
Date: Tue Oct 28 12:15:03 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge7as6$9v0$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net> <ge77m7$1to$1@news.spamcop.net>
	<ge7as6$9v0$1@news.spamcop.net>
Message-ID: <ge7dil$nd8$1@news.spamcop.net>

Mike Easter wrote:

> 
> Smoosh seems the same, only 'oo' is somewhat more melodic/romantic instead
> my schwa/germanic 'uh'.
> 
> 

:-)

Ellen

From nobody at no.no  Tue Oct 28 15:54:59 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 16:00:03 2008
Subject: [Scspamcop] OT Re: header parsing errors
In-Reply-To: <ge7as6$9v0$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net> <ge77m7$1to$1@news.spamcop.net>
	<ge7as6$9v0$1@news.spamcop.net>
Message-ID: <ge7qo8$9ie$1@news.spamcop.net>

Mike Easter skrev:
> helge wrote:
> 
>> Your word smoosh and Mike's version of the same word smush are not
>> listed in my primary dictionary sources (COD, M-W), but I found them
>> in Dictionary.com.
> 
> I'm prone to 'create' or use words that aren't really everyone-else types
> of words, hoping that their neologistic meaning/interpretation will 'flow'
> from some kind of logical process.
> 
> To me, my 'smush' kinda comes from smash/mash something into mush/smush -
> or smush things together.
> 
> Smoosh seems the same, only 'oo' is somewhat more melodic/romantic instead
> my schwa/germanic 'uh'.
> 

I have come to realise that you are a seasoned neologian (or 
neologist?) My problem was that I associated the word with smudge 
instead of mash.
Do the 'uh' and the 'oo' represent different American regions or dialects?

helge
From nobody at no.no  Tue Oct 28 16:01:09 2008
From: nobody at no.no (helge)
Date: Tue Oct 28 16:05:02 2008
Subject: [Scspamcop] Re: header parsing errors
In-Reply-To: <ge7a4p$6kr$1@news.spamcop.net>
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge7a4p$6kr$1@news.spamcop.net>
Message-ID: <ge7r3q$bjh$1@news.spamcop.net>

Peter Pearson skrev:
> On Tue, 28 Oct 2008 07:03:39 -0400, Ellen <nobody@spamcop.net> wrote:
>> The messageid/TO/Date etc have all been folded into one big line and the 
>> parser does not see anything beyond the messageID:
>>
>> http://www.spamcop.net/sc?id=z2368998058z03809a42f895da76077bdb5d7460a4eaz
> 
> Sorry to jump in late, but maybe the above is an example of
> something I've been seeing for the past 10 days or so:
> messages in which Message-ID, From, To, Subject, Date and
> more are separated by carriage returns without linefeeds.
> When I follow the above tracker, I don't see the <CR>s, but
> I bet they're there.  The fact that different parsers see
> the header differently (some see a subject, some don't) makes
> these messages slippery.
> 

I believe all these messages come to my spamcop email address, not to 
my ISP address. I am surprised nobody mentioned the problem in these 
newsgroups until the OP, Gary, 'broke the news' yesterday. But perhaps 
they have been mentioned in the web forum.

helge
From MikeE at ster.invalid  Tue Oct 28 16:13:33 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Oct 28 16:15:03 2008
Subject: [Scspamcop] Re: OT Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net> <ge77m7$1to$1@news.spamcop.net>
	<ge7as6$9v0$1@news.spamcop.net> <ge7qo8$9ie$1@news.spamcop.net>
Message-ID: <ge7rpm$ej7$1@news.spamcop.net>

helge wrote:
> Mike Easter skrev:

>> To me, my 'smush' kinda comes from smash/mash something into
>> mush/smush - or smush things together.
>>
>> Smoosh seems the same, only 'oo' is somewhat more melodic/romantic
>> instead my schwa/germanic 'uh'.
>>
>
> I have come to realise that you are a seasoned neologian (or
> neologist?) My problem was that I associated the word with smudge
> instead of mash.
> Do the 'uh' and the 'oo' represent different American regions or
> dialects?

Not that I know of.  Perhaps Ellen is more likely to purse/pucker her lips
into 'oo' whereas I'm more likely to grimace/grunt 'uh'.

Maybe it's a gender issue.  I think stereotypical women smash/ smush/
smoosh/ things differently than stereotypical men.

.... if you can find any stereotypical ones of either of those.


Put/ Sprinkle/ your wry or standard smilies up in there wherever :-)
necessary :-/



-- 
Mike Easter
kibitzer, not SC admin

From 127 at [127.0.0.1]  Fri Oct 31 22:15:53 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Fri Oct 31 23:00:03 2008
Subject: [Scspamcop] Re: OT Re: header parsing errors
References: <ge21pk$tge$1@news.spamcop.net> <ge24pn$bmo$1@news.spamcop.net>
	<ge4lmi$jej$1@news.spamcop.net> <ge5aic$hm8$1@news.spamcop.net>
	<ge5dle$sf0$1@news.spamcop.net> <ge6pah$79a$1@news.spamcop.net>
	<4906F18B.8050408@spamcop.net> <ge6vih$15t$1@news.spamcop.net>
	<49071B61.9090107@spamcop.net> <ge77m7$1to$1@news.spamcop.net>
	<ge7as6$9v0$1@news.spamcop.net> <ge7qo8$9ie$1@news.spamcop.net>
	<ge7rpm$ej7$1@news.spamcop.net>
Message-ID: <2qTXMihZv7CJFwa6@spam.filter>

In article <ge7rpm$ej7$1@news.spamcop.net>, Mike Easter 
<MikeE@ster.invalid> writes
[snip]
>Put/ Sprinkle/ your wry or standard smilies up in there wherever :-) 
>necessary :-/

At primary school in UK 1950's, one boy was nick-named "Sprinkle", 
because of his artistic urination :-)
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>