From nobody at devnull.spamcop.net  Mon Sep  1 11:14:48 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Mon Sep  1 11:15:03 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net> <g9ee39$3ap$1@news.spamcop.net>
	<g9eidt$mi4$1@news.spamcop.net> <g9em79$3lj$1@news.spamcop.net>
Message-ID: <g9h0sv$p6l$1@news.spamcop.net>

> Twayne:
>> <jg cite>
>>>> <jg cite>
>>>>> Mike Easter
>
>>>>> "...useless mental masturbation."
>
>>>>> ob quirk
>
>>>  found Mike's word usage amusing.
>
>> I've even caught myself picking up some of his words:  verbosity,
>> goodmail, badmail, is/are, etc..  It sneaks in unnoticed somehow.
>
> heh;  I am prone to some neologistics <oops there's another one, where
> neologistics is (now) the coining of neologisms>
>
> For those who are unfamiliar with the usage 'ob quirk', it is a
> neologism for 'Objection!  Quirk.' or 'Quirk Objection' which is a
> usenetism for a popular post of Captain Gym Z. Quirk and those who
> would emulate hir.  The usage and background is described in the wiki
> nanae article and other places
> http://en.wikipedia.org/wiki/News.admin.net-abuse.email  Quirk
> Objection
>
> I would interpret ob quirk as meaning/ transliterating into/ - either
> - 'assumes facts not in evidence' or such as 'you are singular in your
> objection - please discontinue speaking for others'


Damn!  Learned a new word and didn't mean to!  obquirk; that's good. 
I'll remember that one!


From jzeitlin at spamcop.net  Mon Sep  1 15:57:42 2008
From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=)
Date: Mon Sep  1 16:00:04 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net> <g9ee39$3ap$1@news.spamcop.net>
	<g9eidt$mi4$1@news.spamcop.net> <g9em79$3lj$1@news.spamcop.net>
Message-ID: <s5iob49g6q7ef539tlucs387l4n45jfvuj@4ax.com>

On Sun, 31 Aug 2008 11:00:16 -0700, "Mike Easter" <MikeE@ster.invalid>
wrote:

>I would interpret ob quirk as meaning/ transliterating into/ - either -
>'assumes facts not in evidence' or such as 'you are singular in your
>objection - please discontinue speaking for others'

I usually seem to see it when it's being used in the former meaning, and
more specifically when someone makes a comment that assumes that a
spammer or an unresponsive abuse desk has a functioning brain - the
Quirk Objection, in that case, amounts to "Assumes body part not in
evidence".
-- 
E?nw?
(SpamCop subscriber, not staff/admin)
From jzeitlin at spamcop.net  Mon Sep  1 16:00:50 2008
From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=)
Date: Mon Sep  1 16:05:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
Message-ID: <7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>

On Sun, 31 Aug 2008 12:09:20 -0600, SpamCop Admin
<nobody@devnull.spamcop.net> wrote:

>Robert Blair wrote:
>>-   Tracking message source:69.42.174.238:   Cached whois for 
>>-   69.42.174.238 : spam@colocentral.com
>>-   postmaster@colocentral.com,
>
>We disabled reports to them because they appear to be a spam-friendly
>hosting service.  We don't want our reports going to the spammer.
>
>>- postmaster#colocentral.com@devnull.spamcop.net
>>- spam#colocentral.com@devnull.spamcop.net
>
>Reports sent to those addresses go to the trash, but they count
>against the IP for blocking purposes.  It doesn't matter where the
>report goes, it's the act of sending it that feeds our database.
>
>- Don D'Minion - SpamCop Admin -

This reminds me of a question I had about reporting addresses:
Occasionally, SC doesn't seem to be able to find any valid reporting
address, and ends up sending the report to nomaster@devnull.spamcop.net.
It seems to me that this is the wrong thing to do; it should be going to
nomaster@admin.spamcop.net to draw your (collective-deputies) attention
to the problem.  ?Porque no?
-- 
E?nw?
(SpamCop subscriber, not staff/admin)
From MikeE at ster.invalid  Mon Sep  1 16:20:55 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Sep  1 16:25:03 2008
Subject: [Scspamcop] Re: OT Re: Any hint about "pingeries"?
References: <g97364$b3e$1@news.spamcop.net> <g997lb$1o2$1@news.spamcop.net>
	<Xns9B09968B73E95thefrogprince@216.154.195.61>
	<g99sfp$q93$1@news.spamcop.net> <g9a7er$nna$1@news.spamcop.net>
	<g9chru$9nq$1@news.spamcop.net> <g9ee39$3ap$1@news.spamcop.net>
	<g9eidt$mi4$1@news.spamcop.net> <g9em79$3lj$1@news.spamcop.net>
	<s5iob49g6q7ef539tlucs387l4n45jfvuj@4ax.com>
Message-ID: <g9hiqt$6b6$1@news.spamcop.net>

E?nw? wrote:
> "Mike Easter"

>> I would interpret ob quirk as meaning/ transliterating into/ - either -
>> 'assumes facts not in evidence' or such as 'you are singular in your
>> objection - please discontinue speaking for others'
>
> I usually seem to see it when it's being used in the former meaning, and
> more specifically when someone makes a comment that assumes that a
> spammer or an unresponsive abuse desk has a functioning brain - the
> Quirk Objection, in that case, amounts to "Assumes body part not in
> evidence".

Yes.  The wikilink said it that way "Quirk Objection - 'Objection! Assumes
X not found in evidence!' A humorous objection, raised when the previous
poster assumes the presence of something that has not yet been proven to
exist, such as a spammer's brains or balls.  Not used to refer to things
that have definitely been proven not to exist, such as a spammer's
ethics."

... that definition being used in the context of nanae ObQuirk! usage.

But, like many neologisms, its usage has expanded beyond nanae and
spammers, so the contextualization is more variable.

--
Mike Easter
kibitzer, not SC admin

From Ag2000CO at Starband.net  Mon Sep  1 17:22:39 2008
From: Ag2000CO at Starband.net (LKing)
Date: Mon Sep  1 17:25:04 2008
Subject: [Scspamcop] Re: colocentral.com
In-Reply-To: <7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
Message-ID: <g9hmev$o3u$1@news.spamcop.net>

E?nw? wrote, On 9/1/2008 4:00 PM:
  > This reminds me of a question I had about reporting addresses:
> Occasionally, SC doesn't seem to be able to find any valid reporting
> address, and ends up sending the report to nomaster@devnull.spamcop.net.
> It seems to me that this is the wrong thing to do; it should be going to
> nomaster@admin.spamcop.net to draw your (collective-deputies) attention
> to the problem.  ?Porque no?
I'm sure Don can speak for himself, but.

It seems to me that it would make more sense to send all the dead end 
reports to nomaster@... where you can look for trends. Why wast time 
looking at each oneies or twoies? Why not concentrate on other sources 
that have generated 50, 100, 1000 reports that good reporting addresses 
can't automatically found for? Wouldn't it make more sense to spend time 
finding a good reporting address for a big time spammer? JMHO

Lou
From g.hyde at bigNOSPAMpond.net.au  Tue Sep  2 08:18:35 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Tue Sep  2 08:20:04 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
Message-ID: <g9jauv$9me$1@news.spamcop.net>


"SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
news:krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com...

> We're in the business of finding and blocking source IPs, not web
> sites.  The web sites are an extra.  There is just no way that we are
> going to devote deputy man hours to developing patterns and trends for
> web URLs.

Then tell me, is it a total waste of time for your SpamCop analysis program 
to attempt to correlate IP addresses used by the botnets hosting websites 
that change each hour, and try to match them up against IP addresses that 
send out spam?

If there was some correlation between the two, then I do think it wouldn't 
actually be a waste of time.

If not, or you can't prove that there is some correlation between the two 
without an excessive amount of processing overhead parsing the websites, 
then forget what I said above.


Cheers ...

Geoffrey Hyde


From jzeitlin at spamcop.net  Tue Sep  2 09:43:55 2008
From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=)
Date: Tue Sep  2 09:45:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
Message-ID: <4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>

On Tue, 02 Sep 2008 02:46:10 -0600, SpamCop Admin
<nobody@devnull.spamcop.net> wrote:

>E?nw? wrote:
>>-Occasionally, SC doesn't seem to be able to find any valid reporting
>>-address, and ends up sending the report to nomaster@devnull.spamcop.net.
>>-It seems to me that this is the wrong thing to do; it should be going to
>>-nomaster@admin.spamcop.net to draw your (collective-deputies) attention
>>-to the problem.  ?Porque no?
>
>No.  The Spammers are doing some fancy DNS dancing, and moving their
>web sites around to keep from being found.
>
>It won't do any good for us to spend deputy time trying to find a
>reporting address that will only be good for an hour.  The report will
>just go to a spam-friendly host anyway.  Total waste of time.
>
>We're in the business of finding and blocking source IPs, not web
>sites.  The web sites are an extra.  There is just no way that we are
>going to devote deputy man hours to developing patterns and trends for
>web URLs.
>
>- Don -

I'm sorry; I wasn't clear.  Most of the time, yes, it's for a website -
but I've hit them occasionally on SOURCE parses.  It's THOSE that I
think should be going to admin rather than devnull.  Or does
spam-friendly still apply?
-- 
E?nw?
(SpamCop subscriber, not staff/admin)
From anthony.edwards at uk.easynet.net  Tue Sep  2 14:19:00 2008
From: anthony.edwards at uk.easynet.net (Anthony Edwards)
Date: Tue Sep  2 14:20:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
Message-ID: <g9k02k$ohq$1@news.spamcop.net>

On Tue, 02 Sep 2008 02:46:10 -0600, SpamCop Admin <nobody@devnull.spamcop.net>
wrote:

> We're in the business of finding and blocking source IPs, not web
> sites.  The web sites are an extra.  There is just no way that we are
> going to devote deputy man hours to developing patterns and trends for
> web URLs.

A sensible decision in my view, particular since there are other well
run DNSBLs which specialise in listing "spamvertised" URLs e.g.:

http://www.surbl.org/

-- 
Anthony Edwards              *     anthony.edwards@uk.easynet.net
Abuse Team Manager           *     Tel: 020 7900 4444
Easynet Ltd                  *     DDI: 0161 888 3507
http://www.easynet.com       *     Fax: 0845 333 4503
From nobody at nowhere.not  Tue Sep  2 17:13:26 2008
From: nobody at nowhere.not (Robert Blair)
Date: Tue Sep  2 17:15:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
	<4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>
	<fsoqb415pauv628r6eui8s6lcdcdfiek9j@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com>

On Tue, 2 Sep 2008 16:03:40 UTC, SpamCop Admin 
<nobody@devnull.spamcop.net> wrote:

> E”nw‰ wrote:
> >-but I've hit them occasionally on SOURCE parses.  It's THOSE that I
> >-think should be going to admin rather than devnull.
> 
> When you run into one of those, send me the TRACKING URL from the top
> of the parse page and I'll be happy to take a look.

I get a few spam that report to "nomaster" each day (quick reporting).
 I do not have a current one right now but could post one when it 
comes in.

There was a discussion a few months ago about "nomaster" that Mike 
Easter looked at and he seemed to think that the problem was the way 
the Japanese registry was formatted (lack of : so that the spamcop 
parser could not find the reporting addresses).  I only keep a 45 day 
history of this newsgroup so it has been deleted from my disk and I 
could not find the thread.


-- 
Robert Blair
From Ag2000CO at Starband.net  Tue Sep  2 17:46:36 2008
From: Ag2000CO at Starband.net (LKing)
Date: Tue Sep  2 17:50:02 2008
Subject: [Scspamcop] Re: colocentral.com
In-Reply-To: <TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com>
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
	<4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>
	<fsoqb415pauv628r6eui8s6lcdcdfiek9j@4ax.com>
	<TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9kc7r$deh$1@news.spamcop.net>

Robert Blair wrote, On 9/2/2008 5:13 PM:
> On Tue, 2 Sep 2008 16:03:40 UTC, SpamCop Admin 
> <nobody@devnull.spamcop.net> wrote:
> 
>> E?nw? wrote:
>>> -but I've hit them occasionally on SOURCE parses.  It's THOSE that I
>>> -think should be going to admin rather than devnull.
>> When you run into one of those, send me the TRACKING URL from the top
>> of the parse page and I'll be happy to take a look.
> 
> I get a few spam that report to "nomaster" each day (quick reporting).
>  I do not have a current one right now but could post one when it 
> comes in.
> 
> There was a discussion a few months ago about "nomaster" that Mike 
> Easter looked at and he seemed to think that the problem was the way 
> the Japanese registry was formatted (lack of : so that the spamcop 
> parser could not find the reporting addresses).  I only keep a 45 day 
> history of this newsgroup so it has been deleted from my disk and I 
> could not find the thread.
> 
> 
http://www.spamcop.net/sc?id=z2210727016zd1750b2568ccde3e5a06f2f156c5e289z

Is this what your looking for? I have others today.

Lou
From MikeE at ster.invalid  Wed Sep  3 05:31:47 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep  3 05:35:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
	<4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>
	<fsoqb415pauv628r6eui8s6lcdcdfiek9j@4ax.com>
	<TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9llhm$p85$1@news.spamcop.net>

Robert Blair wrote:
> SpamCop Admin
>> E"nw? wrote:
>>> -but I've hit them occasionally on SOURCE parses.  It's THOSE that I
>>> -think should be going to admin rather than devnull.
>>
>> When you run into one of those, send me the TRACKING URL from the top
>> of the parse page and I'll be happy to take a look.
>
> I get a few spam that report to "nomaster" each day (quick reporting).
>  I do not have a current one right now but could post one when it
> comes in.
>
> There was a discussion a few months ago about "nomaster" that Mike
> Easter looked at and he seemed to think that the problem was the way
> the Japanese registry was formatted (lack of : so that the spamcop
> parser could not find the reporting addresses).  I only keep a 45 day
> history of this newsgroup so it has been deleted from my disk and I
> could not find the thread.

We had a jpnic nomaster no colon discussion here May 1.  The tracker for
that discussion is now dead
http://www.spamcop.net/sc?id=z1849442893zb3722a7914f10a5c1a8b50153e4d8a8cz

It was about the source 61.237.236.172 notified at chinatietong and
spamvertiser provider 203.141.137.252 devnulled because of jpnic no colon
syntax.

http://zeta.cesmail.net/pipermail/scspamcop/2008-May/006496.html

So, while one could look at how the parser (still doesn't) handle
203.141.137.252 203.141.137.252.static.zoot.jp because of the colon
discrepancy, it is not an example of a .jp source and it is not an example
with a current tracker.

From: "Mike Easter"
Subject: Re: nomaster@devnull.spamcop.net
Date: Thu, 1 May 2008 21:36:10 -0700

Sometimes a source will arise, such as 123.219.104.114  rDNS
p8114-ipbfp01kyoto.kyoto.ocn.ne.jp which could be looked up in apnic or
jpnic.  The SC algo results in the lookup taking place in apnic which has
colons for abuse@ocn.ad.jp found in the Remarks in apnic, but if jpnic had
been used with the jpnic nic-hdl which the algo is programmed to do, then
the algo can't read the jpnic email addresses for the nic-hdl/s because of
 the lack of colon syntax.



--
Mike Easter
kibitzer, not SC admin

From nobody at nowhere.not  Wed Sep  3 14:42:26 2008
From: nobody at nowhere.not (Robert Blair)
Date: Wed Sep  3 14:45:04 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>

On Sun, 31 Aug 2008 14:59:37 UTC, SpamCop Admin 
<nobody@devnull.spamcop.net> wrote:

> Patto wrote:
> >-	abuse@ip.t
> >-	abuse@ip.t-com.sk
> 
> Thanks for the info!  I fixed it.
> 
> - Don D'Minion - SpamCop Admin -


I don't know if this is just cosmetic or if it really tried to send it
to abuse@t-m.

>From a quick report.

Spam report id 3449351024 sent to: abuse@t-m

http://www.spamcop.net/sc?id=z2213929069z408470fd1fc0a570e36bf1af925e0
d48z


-- 
Robert Blair
From nobody at nowhere.not  Wed Sep  3 14:56:12 2008
From: nobody at nowhere.not (Robert Blair)
Date: Wed Sep  3 15:00:03 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
	<4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>
	<fsoqb415pauv628r6eui8s6lcdcdfiek9j@4ax.com>
Message-ID: <TECQXhvKj0FX-pn2-wxjdLGVcdP2W@dsl-206-55-144-107.tstonramp.com>

On Tue, 2 Sep 2008 16:03:40 UTC, SpamCop Admin 
<nobody@devnull.spamcop.net> wrote:

> E”nw‰ wrote:
> >-but I've hit them occasionally on SOURCE parses.  It's THOSE that I
> >-think should be going to admin rather than devnull.
> 
> When you run into one of those, send me the TRACKING URL from the top
> of the parse page and I'll be happy to take a look.
> 
> - Don D'Minion - SpamCop Admin - 
>    service at admin.spamcop.net


Here are some quick reports from last nights spam.

http://www.spamcop.net/sc?id=z2213932713z34f23de70a98413bd56f1d7bb79ec
07az
http://www.spamcop.net/sc?id=z2213932399z2c39ec534e97c5301cdb5d957b8a9
88cz
http://www.spamcop.net/sc?id=z2213932399z2c39ec534e97c5301cdb5d957b8a9
88cz
http://www.spamcop.net/sc?id=z2213939145z31557f50ee8b0d01bf03ac8c7e288
468z


This one has different results when using the tracking URL
http://www.spamcop.net/sc?id=z2213928033zc3bf74316d7e529bc4e3ca254797f
5d3z

Here is the quick report response

   Processing spam:   From: vortigern@aye.net
   Subject: 
   
   0: Received: from [91.120.62.162] (unknown [91.120.62.162]) by 
mx10.pacifier.net (Postfix) with ESMTP id DF77F799C for 
<blairra@tstonramp.com>; Wed, 3 Sep 2008 02:04:18 -0700 (PDT)
   No unique hostname found for source: 91.120.62.162
   pacifier.net received mail from sending system 91.120.62.162
   
   Tracking message source:91.120.62.162:   "whois 
91.120.62.162@whois.ripe.net" (Getting contact from whois.ripe.net)
   Abuse address in 'remarks' field: abuse@gts.hu
   whois.ripe.net found abuse contacts for 91.120.62.162 = 
abuse@datanet.hu, abuse@gts.hu
   whois: 91.120.0.0 - 91.120.255.255 = abuse@datanet.hu, abuse@gts.hu
   error:No reporting addresses found for 91.120.62.162, using devnull
for tracking.   Message is  8 hours old
   91.120.62.162 not listed in dnsbl.njabl.org
   91.120.62.162 not listed in dnsbl.njabl.org
   91.120.62.162 listed in cbl.abuseat.org ( 127.0.0.2 )
   91.120.62.162 is an open proxy
/dev/null'ing report for nomaster@devnull.spamcop.net
May be saved for future reference:
http://www.spamcop.net/sc?id=z2213928033zc3bf74316d7e529bc4e3ca254797f
5d3z


-- 
Robert Blair
From Ag2000CO at Starband.net  Wed Sep  3 15:29:52 2008
From: Ag2000CO at Starband.net (LKing)
Date: Wed Sep  3 15:30:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
In-Reply-To: <TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9mojc$omr$1@news.spamcop.net>

Robert Blair wrote, On 9/3/2008 2:42 PM:

> Spam report id 3449351024 sent to: abuse@t-m
> 
> http://www.spamcop.net/sc?id=z2213929069z408470fd1fc0a570e36bf1af925e0
> d48z
> 
> 
http://www.spamcop.net/sc?id=z2213929069z408470fd1fc0a570e36bf1af925e0d48z

Need to watch that line wrap
From MikeE at ster.invalid  Wed Sep  3 16:44:46 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep  3 16:45:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<g9mojc$omr$1@news.spamcop.net>
Message-ID: <g9msvj$bvk$1@news.spamcop.net>

LKing wrote:
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)

> Robert Blair wrote, 
User-Agent: ProNews/2 V1.58.cp116

> Need to watch that line wrap

Likely it is a (common) newsreader (mis)behavior.



-- 
Mike Easter
kibitzer, not SC admin
From nobody at devnull.spamcop.net  Wed Sep  3 16:52:59 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Wed Sep  3 16:55:02 2008
Subject: [Scspamcop] Re: colocentral.com
References: <TECQXhvKj0FX-pn2-vdb684sOogSM@dsl-206-55-144-107.tstonramp.com>
	<8gdlb4hii1c9be33q351lq9mfaqu2m3pso@4ax.com>
	<TECQXhvKj0FX-pn2-3Yod1q73pxdC@dsl-206-55-144-107.tstonramp.com>
	<69nlb4lvdq0kd7qk0npscuu3ook90is11i@4ax.com>
	<7biob4t31qvsvonvti455i87q4ui21rkvd@4ax.com>
	<krupb4hmrh6jhrf9evrcobs68eg499q3hu@4ax.com>
	<4mgqb41gokv57bgv537vn1u66kijmr66e5@4ax.com>
	<fsoqb415pauv628r6eui8s6lcdcdfiek9j@4ax.com>
	<TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com>
Message-ID: <g9mtf4$e1n$1@news.spamcop.net>

"Robert Blair" <nobody@nowhere.not> wrote in message 
news:TECQXhvKj0FX-pn2-dmySKrQTikd8@dsl-206-55-144-107.tstonramp.com...
>
> There was a discussion a few months ago about "nomaster" that Mike
> Easter looked at and he seemed to think that the problem was the 
> way
> the Japanese registry was formatted (lack of : so that the spamcop
> parser could not find the reporting addresses).  I only keep a 45 
> day
> history of this newsgroup so it has been deleted from my disk and 
> I
> could not find the thread.

At the top of the Forum pages http://forum.spamcop.net/ is a search 
box with a drop-down target selection, offering both this 
news-server (the 90 days item) or the Archive server which contains 
all but the traffic lost between the time of the "this server's hard 
drive filled" and my restart of the archiving on another server. 


From nobody at spamcop.net  Thu Sep  4 02:35:29 2008
From: nobody at spamcop.net (RandallW)
Date: Thu Sep  4 02:40:03 2008
Subject: [Scspamcop] comments to abuse addresses
Message-ID: <g9nvje$cdj$1@news.spamcop.net>

When I use the parser there are boxes at the bottom of the screen allowing 
comments to each potential abuse address.  Lately i've been plugging the 
spam-originating IP into the Spamhaus lookup box and the Cbl.abuseat site; 
if there's an entry at one or both of the sites I make mention of it/them in 
the Spamcop parser comments boxes.  Do the ISPs actually read these 
comments?  Am I wasting my time? 


From MikeE at ster.invalid  Thu Sep  4 04:28:45 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep  4 04:30:03 2008
Subject: [Scspamcop] Re: comments to abuse addresses
References: <g9nvje$cdj$1@news.spamcop.net>
Message-ID: <g9o67f$fgp$1@news.spamcop.net>

RandallW wrote:
> When I use the parser there are boxes at the bottom of the screen
> allowing comments to each potential abuse address.  Lately i've been
> plugging the spam-originating IP into the Spamhaus lookup box and the
> Cbl.abuseat site; if there's an entry at one or both of the sites I
> make mention of it/them in the Spamcop parser comments boxes.  Do the
> ISPs actually read these comments?  Am I wasting my time?

Short answer: maybe/probably.  Long answer...

When I was doing my own 'manual' notifies, my style or concept of
notifying was to create an extremely brief 'template' by which I notified
providers of the 'basis' for their being notified - what role they played
in the spam such as source, spamvertiser, relay, sometimes upstream
provider or even nameservice.

That template allowed the 'comment' that a source was listed in such as
spamcop's SCbl or CBL and/or that a provider was SPEWS or spamhaus listed.
That notify also showed each notified who else was being notified, such as
upstream or whatever.

However, at the same time my 'theory' was that only a very very very tiny
percentage or 'subset' of all of the notifies 'in the world' which have
been and will be submitted to abuse desks are actually opened or much less
read by the recipient.  The only thing that might make the content useful
would be if it happened to be yours/mine.

My take or assumption on it is that provider abuse desks fall 'generally'
into blackhats and greyhats and whitehats and duncecaps.  The blackhats
aren't opening or reading their notifies unless it benefits them somehow.
The whitehats aren't opening or reading 99.9% of their notifies because
once they get a single notify about an issue which they are going to fix,
they don't need to read any more.  The greyhats aren't reading 99.9% of
their notifies because they aren't motivated to fix the problem which they
already read about once, so they don't need to keep reading about it.  The
duncecaps don't know how the problem works or how to fix it, so they also
don't need to read about it.

As a result of all of that, the idea that some people have about how many
times or how 'stridently' they make their notify or how strongly they try
to make their point that some problem needs to be fixed, the abuse desks
mostly aren't opening their mail or listening to them at all, for the
various reasons above.  Some desks are devnulling the notifies because
their hat is black or grey or dunce.  Some desks are 'sorting' their
notifies into 'piles' so each unopened item can be auto-acked because
their hat is white, but they aren't actually reading but one of them.

You waste a lot less time adding correct listings information to a SC
notify about cbl or spamhaus than I used to 'waste' with manual notifies.
The advantage of spending the time checking spamhaus and cbl is that you
have a better understanding of what and who you are notifying about
something.

--
Mike Easter
kibitzer, not SC admin

From snowbat at geocities.com  Thu Sep  4 09:44:18 2008
From: snowbat at geocities.com (Snowbat)
Date: Thu Sep  4 09:40:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
Message-ID: <g9ooem$ft2$1@news.spamcop.net>

SpamCop Admin wrote:

> Robert Blair wrote:
>>-I don't know if this is just cosmetic or if it really tried to send it
>>-to abuse@t-m.
> 
> Yep, SpamCop tried to send mail to that address.  I can see the
> bounces logged against it in the account history.
> 
> I fixed it.
> 
> Never ending battle.  The problem is supposed to be fixed in the next
> release.

There is a similar problem with some cnc-noc.net ranges:
http://www.spamcop.net/sc?id=z2216679366zbc7d5fd461ac038202c05fd812e47eccz
abuse net cnc-noc.net = abuse@cnc-noc.net, postmaster@cnc-noc.net
Using best contacts abuse@cnc abuse@cnc-noc.net postmaster@cnc-noc.net
abuse@cnc bounces (36 sent : 32 bounces)   <<<<<<<<<<<<
Using abuse#cnc@devnull.spamcop.net for statistical tracking.

Another bug is that SC larts gmail if a provider has a gmail contact address in whois:
Tracking message source: 212.43.41.32:Routing details for 212.43.41.32
[refresh/show] Cached whois for 212.43.41.32 : unitednet@gmail.com
Using abuse net on unitednet@gmail.com
abuse net gmail.com = gmail-abuse@google.com
Using best contacts gmail-abuse@google.com
From rainbowl at tomassoni.eu  Thu Sep  4 10:11:42 2008
From: rainbowl at tomassoni.eu (Giampaolo Tomassoni)
Date: Thu Sep  4 10:15:03 2008
Subject: [Scspamcop] Limits in the "mailhosts" panel?
Message-ID: <g9oqan$nps$1@news.spamcop.net>

I would like to manually add specific ip addresses to "trust" when SC parses 
reported mails.

In example, sites hosted by joomlahost.it also avail of an SMTP server. 
Sometimes the true MX server for the hosted domain is in some else host, 
outside of joomlahost.it webfarm, and in this case the Joomlahost's SMTP 
server is barely used to forward form-supplied mail messages to the true 
destinating mailbox. Unfortunately, since the Joomlahost's SMTP server also 
accept connections from outside the site, it also forwards messages not 
originated from the site itself and there is no way I can adopt to train my 
mailhosted account to "trust" the Joomlahost's SMTP server, since there is 
not MX record pointing to it, thereby I can't simply send a training mail to 
the relevant mailbox.

Giampaolo 


From nospam at nospam.nospam  Fri Sep  5 09:02:35 2008
From: nospam at nospam.nospam (John Marion)
Date: Fri Sep  5 09:05:03 2008
Subject: [Scspamcop] I apologize
Message-ID: <g9ralb$gdc$1@news.spamcop.net>

I'm afraid I got distracted while reporting this mornings spam and I
reported a spamcop response.  I hope I'm not in trouble.  Maybe I should
stop reporting.

http://www.spamcop.net/sc?id=z2220062823z5fa7b52ca5a70dac068f327273a24b44z


From nobody at devnull.spamcop.net  Fri Sep  5 12:09:22 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Sep  5 12:10:03 2008
Subject: [Scspamcop] Re: Limits in the "mailhosts" panel?
References: <g9oqan$nps$1@news.spamcop.net>
	<4ad0c4190qlfngg2hupb6sreb1ab05qh6l@4ax.com>
Message-ID: <g9rljj$93o$1@news.spamcop.net>

"SpamCop Admin" <nobody@devnull.spamcop.net> ha scritto nel messaggio 
news:4ad0c4190qlfngg2hupb6sreb1ab05qh6l@4ax.com...
> Giampaolo Tomassoni wrote:
>>-I would like to manually add specific ip addresses to "trust" when SC 
>>parses
>>-reported mails.
>
> I can help you with that.
>
> Email me your login username (email address) and tell me about what
> you need, and I'll try to fix it up.
>
> Send email to:  service at admin.spamcop.net
>
> - Don D'Minion - SpamCop Admin -

Ahhh, perfect. See?

http://www.spamcop.net/sc?id=z2220502070z9626b0b6c29e8b6d5304c3aa66225225z

Giampaolo

-- 
NEVER send an e-mail to:
rainbow@tomassoni.eu 


From qcorrell at pacNObell.net  Fri Sep  5 13:02:29 2008
From: qcorrell at pacNObell.net (Q Correll)
Date: Fri Sep  5 13:05:02 2008
Subject: [Scspamcop] Re: I apologize
References: <g9ralb$gdc$1@news.spamcop.net>
Message-ID: <g9ron4$rr6$1@news.spamcop.net>

John,

| I'm afraid I got distracted while reporting this mornings spam and I
| reported a spamcop response.  I hope I'm not in trouble.  Maybe I should
| stop reporting.

I've had that happen a few times.  For varying reasons.  Don has let me know about it in no uncertain terms. <g>  Which I appreciate.

-- 
   Q

09/05/2008 10:00:17

XanaNews Version 1.18.1.52  [Everyone's & Q's Mods]
From skiwi at spamcop.net  Fri Sep  5 20:16:41 2008
From: skiwi at spamcop.net (Skiwi)
Date: Fri Sep  5 20:20:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <g9ek2l$rcc$1@news.spamcop.net>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
Message-ID: <g9si73$5mq$1@news.spamcop.net>

Mike Easter wrote:
[snip]
> I'm still accepting the veracity of your description and I'm still saying
> the original spam is slightly flawed and something about its flaw results
> in the spamcop filter mishandling the header/body relationship which
> aggravates the original flaw into a worse one.  The combination of the
> original flaw and its aggravation by the header line placement of the
> filtering header stamping process results in a suboptimal parse.
> 
> I'm still accepting that your handling is not what is mangling the
> placement of the filter's xlines into the spambody.


Thank you Mike for this and previous details.

So what to do?

As the two lines that SpamCop is injecting is causing, or at least 
exacerbating, the problem:

  - just wait and hope a passing admin (Ellen, etc) reads the post and 
has the time to look into it?

  - somehow get hold of the SpamCop Admin via 
<nobody@devnull.spamcop.net>?  *innocent* (*grin*)

  - ignore them and just live with a few spams unreported every day?

  - adjust them in a "legal" way?

Thanks...
From nobody at devnull.spamcop.net  Fri Sep  5 22:58:07 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Fri Sep  5 23:00:04 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
	<g9si73$5mq$1@news.spamcop.net>
Message-ID: <g9srk0$8r9$1@news.spamcop.net>

"Skiwi" <skiwi@spamcop.net> wrote in message 
news:g9si73$5mq$1@news.spamcop.net...
>
> So what to do?
>
> As the two lines that SpamCop is injecting is causing, or at least 
> exacerbating, the problem:
>
>  - just wait and hope a passing admin (Ellen, etc) reads the post 
> and has the time to look into it?

???? You already had Don responding over in the Forum.  You failed 
to do any follow-up there.  Even I am waiting for feedback over 
there.

As far as Parsing & Reporting staff 'looking into it' .. the issue 
you seem to be implying would be in reference to the e-mail system, 
which is owned and maintained by someone else.  As stated over in 
your Forum Topic, you need to contact JT/Trevor directly if you 
really thinkg that your spam e-mail is being mis-handled by that 
system.

>  - somehow get hold of the SpamCop Admin via 
> <nobody@devnull.spamcop.net>?  *innocent* (*grin*)

Don has posted his e-mail address countless times here and in the 
Forum.  (Again, noting that Don does not have access to your e-mail 
account/data.)

Where to get Help
http://forum.spamcop.net/scwik/SpamCopWhereToGetHelp

SpamCop Staff
http://forum.spamcop.net/scwik/SpamCopStaff

How to Contact SpamCop Staff
http://forum.spamcop.net/scwik/HowToContactSpamCopStaff

>  - ignore them and just live with a few spams unreported every 
> day?

Your choice.  Yet, I was of the thought that you didn't really 
'look' at your spam before submitting????

>  - adjust them in a "legal" way?

Based on all the discussion, both here and in the Forum, you have no 
'legal' way to 'adjust' anything.  What needs to be done is sort out 
just why 'you' are having a problem with these submittals.  BTW: 
this week+ stuff between replies just isn't going to get it. 


From MikeE at ster.invalid  Sat Sep  6 01:23:30 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Sep  6 01:25:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
	get them to parse?
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
	<g9si73$5mq$1@news.spamcop.net>
Message-ID: <g9t442$4jm$1@news.spamcop.net>

Skiwi wrote:
> Mike Easter wrote:
>> I'm still accepting the veracity of your description

> So what to do?

Nothing.

> As the two lines that SpamCop is injecting is causing, or at least
> exacerbating, the problem:
>
>   - just wait and hope a passing admin (Ellen, etc) reads the post and
> has the time to look into it?

Yes.  But not spend any 'emotions' waiting/expecting anything to happen.
More like, I recommend ignore the problem.

>   - somehow get hold of the SpamCop Admin via
> <nobody@devnull.spamcop.net>?  *innocent* (*grin*)

That wouldn't be my style.

>   - ignore them and just live with a few spams unreported every day?

Yes.

>   - adjust them in a "legal" way?

Absolutely not.  I cannot comprehend any legal way.


--
Mike Easter
kibitzer, not SC admin

From snowbat at geocities.com  Sun Sep  7 12:41:09 2008
From: snowbat at geocities.com (Snowbat)
Date: Sun Sep  7 12:45:04 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
	<g9ooem$ft2$1@news.spamcop.net>
Message-ID: <ga1079$5d4$1@news.spamcop.net>

Problem with abuse@vip-net.pl

$ whois 89.186.5.153
organisation:   ORG-VA95-RIPE
org-name:       VIP          
org-type:       LIR          
address:        Archidiakonska 6A
address:        20-113           
address:        Lublin           
address:        Poland           
phone:          +48815342414     
fax-no:         +48815342414  13 
abuse-mailbox:  abuse@vip-net.pl  <<<<<<<

http://www.spamcop.net/sc?action=rcache;ip=89.186.5.153
"whois 89.186.5.153@whois.ripe.net" (Getting contact from whois.ripe.net)
whois.ripe.net found abuse contacts for 89.186.5.153 = abuse@vip
whois: 89.186.0.0 - 89.186.31.255 = abuse@vip
Routing details for 89.186.5.153
Using abuse net on abuse@vip
Using best contacts abuse@vip  <<<<<<<


From nobody at devnull.spamcop.net  Tue Sep  9 14:21:21 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Tue Sep  9 14:25:04 2008
Subject: [Scspamcop] Spammer trick to avoid reporting
Message-ID: <ga6eqr$26d$1@news.spamcop.net>

I found some spam reported to SC doesn't parse well, sometime even impeding 
reporting to the mail source by SC.

Here is an example:

    http://www.spamcop.net/sc?id=z2232090009z22a228d65bcd0740402813c6f95a199az

(lines #7 and #8 are separated by CR, not by the CRLF sequence.

It seems to me that the effect of this trick is no report at all with QR, 
and report to only the mail source with manual reporting.

This seems to me a case common enough to be handed by the SC parser. I guess 
the SC parser parses header lines according to the (\n|\r\n?) regex sequence 
instead of only the Rfc-822 -defined one (\r\n), in order to cope with most 
submitting clients. But probably the SC parser should detect the message's 
overall delimiter sequence and then use only that one. This would void the 
effectiveness of this trick unless someone is manually submitting from an 
old Mac OS-9...

Giampaolo

-- 
NEVER send an e-mail to:
rainbowl@tomassoni.eu 


From nobody at spamcop.net  Tue Sep  9 14:27:17 2008
From: nobody at spamcop.net (Bar0)
Date: Tue Sep  9 14:30:03 2008
Subject: [Scspamcop] Re: Spammer trick to avoid reporting
References: <ga6eqr$26d$1@news.spamcop.net>
Message-ID: <ga6f67$3g1$1@news.spamcop.net>


"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> wrote in message 
news:ga6eqr$26d$1@news.spamcop.net...
>I found some spam reported to SC doesn't parse well, sometime even impeding 
>reporting to the mail source by SC.
>
> Here is an example:
>
> 
> http://www.spamcop.net/sc?id=z2232090009z22a228d65bcd0740402813c6f95a199az
>
> (lines #7 and #8 are separated by CR, not by the CRLF sequence.
>
> It seems to me that the effect of this trick is no report at all with QR, 
> and report to only the mail source with manual reporting.
>
> This seems to me a case common enough to be handed by the SC parser. I 
> guess the SC parser parses header lines according to the (\n|\r\n?) regex 
> sequence instead of only the Rfc-822 -defined one (\r\n), in order to cope 
> with most submitting clients. But probably the SC parser should detect the 
> message's overall delimiter sequence and then use only that one. This 
> would void the effectiveness of this trick unless someone is manually 
> submitting from an old Mac OS-9...
>
> Giampaolo
>
> -- 
> NEVER send an e-mail to:
> rainbowl@tomassoni.eu
>

unless the second received line is under the spammers control, rather than 
their MTA, it's more likely a "glitch" at the MTA. If the second Received 
line is made by the spammers  own machinery, nothing in it can be trusted in 
any case, so the spam source should be chosen from the first Received line. 

From nobody at devnull.spamcop.net  Tue Sep  9 15:22:24 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Tue Sep  9 15:25:02 2008
Subject: [Scspamcop] Re: Spammer trick to avoid reporting
References: <ga6eqr$26d$1@news.spamcop.net> <ga6f67$3g1$1@news.spamcop.net>
Message-ID: <ga6ida$kkk$1@news.spamcop.net>


"Bar0" <nobody@spamcop.net> ha scritto nel messaggio 
news:ga6f67$3g1$1@news.spamcop.net...
>
> "Giampaolo Tomassoni" <nobody@devnull.spamcop.net> wrote in message 
> news:ga6eqr$26d$1@news.spamcop.net...
>>I found some spam reported to SC doesn't parse well, sometime even 
>>impeding reporting to the mail source by SC.
>>
>> Here is an example:
>>
>>
>> http://www.spamcop.net/sc?id=z2232090009z22a228d65bcd0740402813c6f95a199az
>>
>> (lines #7 and #8 are separated by CR, not by the CRLF sequence.
>>
>> It seems to me that the effect of this trick is no report at all with QR, 
>> and report to only the mail source with manual reporting.
>>
>> This seems to me a case common enough to be handed by the SC parser. I 
>> guess the SC parser parses header lines according to the (\n|\r\n?) regex 
>> sequence instead of only the Rfc-822 -defined one (\r\n), in order to 
>> cope with most submitting clients. But probably the SC parser should 
>> detect the message's overall delimiter sequence and then use only that 
>> one. This would void the effectiveness of this trick unless someone is 
>> manually submitting from an old Mac OS-9...
>>
>> Giampaolo
>>
>> -- 
>> NEVER send an e-mail to:
>> rainbowl@tomassoni.eu
>>
>
> unless the second received line is under the spammers control, rather than 
> their MTA, it's more likely a "glitch" at the MTA. If the second Received 
> line is made by the spammers  own machinery, nothing in it can be trusted 
> in any case, so the spam source should be chosen from the first Received 
> line.

The problems are:

- QRs with mail like that seem to get totally refused by the parser;
- with manual reports, the parser doesn't parse any URL in the body.

Giampaolo 


From connyank at cox.net  Tue Sep  9 17:53:36 2008
From: connyank at cox.net (jg)
Date: Tue Sep  9 17:55:02 2008
Subject: [Scspamcop] malformed reply?
Message-ID: <ga6r8v$52u$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2232557593z242f1e912ffb842ff71e7be4d82569b1z

entire body is
<!-- 9d41405333cba3a8127c0b9c800d5299 -->

rec'd 4 mins after another reply from abuse@hrwebservices.net, which had
some faulty english, like

 > Thanks for your inquiry, and thanks for choosing !

seems hrwebservices got the report even though original parse said:

"Resolving link obfuscation

http://bewellvitamins.com/ts-orders/out/update.bankofamerica.com/online.bankofamerica.com/securedspot/verify/cmThkRqcUe5qBbIUMLTMUxjVXHuoiRBMC8Qg1BHav4pYFzembFoENcG1gf3H4PaiYU4h/bFoENcG1gf3H4PaiYU4hsecuredpage/securedpage/signon.do/
   Host bewellvitamins.com (checking ip) = 66.147.225.180
   host 66.147.225.180 = host69.hrwebservices.net (cached)
Tracking link:
http://bewellvitamins.com/ts-orders/out/update.bankofamerica.com/online.bankofamerica.com/securedspot/verify/cmThkRqcUe5qBbIUMLTMUxjVXHuoiRBMC8Qg1BHav4pYFzembFoENcG1gf3H4PaiYU4h/bFoENcG1gf3H4PaiYU4hsecuredpage/securedpage/signon.do/
[report history]
ISP does not wish to receive report regarding
http://bewellvitamins.com/ts-orders/out/update.bankofamerica.com/online.bankofamerica.com/securedspot/verify/cmThkRqcUe5qBbIUMLTMUxjVXHuoiRBMC8Qg1BHav4pYFzembFoENcG1gf3H4PaiYU4h/bFoENcG1gf3H4PaiYU4hsecuredpage/securedpage/signon.do/
Resolves to 66.147.225.180
Routing details for 66.147.225.180
[refresh/show] Cached whois for 66.147.225.180 : abuse@hostrocket.com
Using abuse net on abuse@hostrocket.com
abuse net hostrocket.com = abuse@hrwebservices.net,
postmaster@hrwebservices.net
Using best contacts abuse@hrwebservices.net postmaster@hrwebservices.net
ISP does not wish to receive reports regarding
http://bewellvitamins.com/ts-orders/out/update.bankofamerica.com/online.bankofamerica.com/securedspot/verify/cmThkRqcUe5qBbIUMLTMUxjVXHuoiRBMC8Qg1BHav4pYFzembFoENcG1gf3H4PaiYU4h/bFoENcG1gf3H4PaiYU4hsecuredpage/securedpage/signon.do/
- no date available"


So ISP didn't want the report but got it anyway, then had a brainfart?
Seems to me the spam I receive is getting weirder and weirder...
From tmcgraw at spamcop.net  Tue Sep  9 18:16:09 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Tue Sep  9 18:20:04 2008
Subject: [Scspamcop] Re: malformed reply?
In-Reply-To: <ga6r8v$52u$1@news.spamcop.net>
References: <ga6r8v$52u$1@news.spamcop.net>
Message-ID: <ga6sja$8sd$1@news.spamcop.net>

jg wrote:
> http://www.spamcop.net/sc?id=z2232557593z242f1e912ffb842ff71e7be4d82569b1z

The subject on that item makes me think it's a response to a sc report.

> entire body is
> <!-- 9d41405333cba3a8127c0b9c800d5299 -->

Indicates parts. I think. But yeah, weird.
From me at privacy.net  Tue Sep  9 19:50:13 2008
From: me at privacy.net (Will Wilkinson)
Date: Tue Sep  9 19:55:04 2008
Subject: [Scspamcop] [OT] Does anyone have an email address for reporting
	eBay spam?
Message-ID: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>

Slightly OT I know, but does anyone have an email address for reporting 
eBay spam?

There's a regular spammer to several usenet groups I frequent who I'd 
like to report to eBay for violating their terms and conditions but I 
can't find any reporting address and I don't have an eBay account which 
cripples any web based reporting. A working email address for this type 
of abuse would be greatly appreciated.

Cheers.

Will
-- 
e-mail news dot will at lancre dot net
'98 300Tdi Defender 110 CSW, 1/12th NB Sometimes
PGP Fingerprint E089 1736 A023 9E5C AFA3  0B40 E5DC D80A 9E1F D521
Public key can be obtained from ldap://certserver.pgp.com
From Ag2000CO at Starband.net  Tue Sep  9 23:17:38 2008
From: Ag2000CO at Starband.net (LKing)
Date: Tue Sep  9 23:20:03 2008
Subject: [Scspamcop] Re: [OT] Does anyone have an email address for
	reporting eBay spam?
In-Reply-To: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
References: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
Message-ID: <ga7e8j$627$1@news.spamcop.net>

Will Wilkinson wrote, On 9/9/2008 7:50 PM:
> Slightly OT I know, but does anyone have an email address for reporting 
> eBay spam?
> 
> There's a regular spammer to several usenet groups I frequent who I'd 
> like to report to eBay for violating their terms and conditions but I 
> can't find any reporting address and I don't have an eBay account which 
> cripples any web based reporting. A working email address for this type 
> of abuse would be greatly appreciated.
> 
> Cheers.
> 
> Will
Try this:

http://pages.ebay.com/help/contact_us/_base/index_selection.html?bhid=&siteid=0&co_partnerId=2&UsingSSL=1&ru=https%3A%2F%2Fsignin.ebay.com%2Fws%2FeBayISAPI.dll%3FSignIn%26guest%3D1&pageType=PageShowCUPortal&guestSignIn=1
From nobody at spamcop.net  Tue Sep  9 23:33:33 2008
From: nobody at spamcop.net (Dar)
Date: Tue Sep  9 23:35:03 2008
Subject: [Scspamcop] Re: [OT] Does anyone have an email address for
	reporting eBay spam?
References: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
	<ga7e8j$627$1@news.spamcop.net>
Message-ID: <ga7f6e$8uv$1@news.spamcop.net>

> Will Wilkinson wrote, On 9/9/2008 7:50 PM:
>> Slightly OT I know, but does anyone have an email address for reporting 
>> eBay spam?
>>
>> There's a regular spammer to several usenet groups I frequent who I'd 
>> like to report to eBay for violating their terms and conditions but I 
>> can't find any reporting address and I don't have an eBay account which 
>> cripples any web based reporting. A working email address for this type 
>> of abuse would be greatly appreciated.
>>
>> Cheers.
>>
>> Will
> Try this:
>
> http://pages.ebay.com/help/contact_us/_base/index_selection.html?bhid=&siteid=0&co_partnerId=2&UsingSSL=1&ru=https%3A%2F%2Fsignin.ebay.com%2Fws%2FeBayISAPI.dll%3FSignIn%26guest%3D1&pageType=PageShowCUPortal&guestSignIn=1


Good luck. I bought something from a seller about a year ago and I began
receiving spam from him on a weekly basis. When I complained to eBay, they
did nothing. They only suggested I attempt to work it out with the seller.
The spam only stopped because the recipient email address no longer exists.

~ Dar


From skiwi at spamcop.net  Wed Sep 10 00:19:47 2008
From: skiwi at spamcop.net (Skiwi)
Date: Wed Sep 10 00:20:04 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <g9srk0$8r9$1@news.spamcop.net>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
	<g9si73$5mq$1@news.spamcop.net> <g9srk0$8r9$1@news.spamcop.net>
Message-ID: <ga7htf$hvd$1@news.spamcop.net>

Wazoo wrote:
> "Skiwi" <skiwi@spamcop.net> wrote in message 
> news:g9si73$5mq$1@news.spamcop.net...
>> So what to do?
>>
>> As the two lines that SpamCop is injecting is causing, or at least 
>> exacerbating, the problem:
>>
>>  - just wait and hope a passing admin (Ellen, etc) reads the post 
>> and has the time to look into it?
> 
> ???? You already had Don responding over in the Forum.  You failed 
> to do any follow-up there.  Even I am waiting for feedback over 
> there.

As I mentioned there after my post, I was bringing the discussion over 
here as I was more comfortable and familiar with this "system" - and to 
be blunt the 'default' in the forums in some of the initial responses 
was that it was somehow my fault, that I was 'messing it up' somehow. I 
am all for efficiency, all for directness, believe me - and can see why 
  technical users such as yourself might assume a simple user rather 
than a well-tried system is the issue - but at least give me the benefit 
of some doubt, to mangle the old cliche!

> As far as Parsing & Reporting staff 'looking into it' .. the issue 
> you seem to be implying would be in reference to the e-mail system, 
> which is owned and maintained by someone else.  As stated over in 
> your Forum Topic, you need to contact JT/Trevor directly if you 
> really thinkg that your spam e-mail is being mis-handled by that 
> system.
> 

And yet I thought this was a user-supported system? <g>

I wanted people with knowledge to may be assure me, if possible, that 
this indeed was a problem BEFORE I started chasing down the contact 
details (thanks for the links below BTW) of the people you mention and 
'bothering' them...

>>  - somehow get hold of the SpamCop Admin via 
>> <nobody@devnull.spamcop.net>?  *innocent* (*grin*)
> 
> Don has posted his e-mail address countless times here and in the 
> Forum.  (Again, noting that Don does not have access to your e-mail 
> account/data.)

I think you missed the <grin> in reference to the reply-to address on 
his posts; I emailed directly and Don replied (I hope he does not mind 
me quoting):

"The problem is the "Message-ID" line... The subsequent lines, such as 
"From", "To", "Subject", etc have gotten run together with it into one 
long line.  The long line itself is OK, but it prevents the parse from 
seeing critical elements of the headers, such as the lines that are run 
into the "Message-ID" line, and fools the parse into thinking that the 
headers are incomplete.

This is all one long line in the headers:

Message-ID: <b288019dbcdc$2a2b2884$53b854ee@sesmail.com> From: 
"=?windows-1251?B?QWJiaWUgQ2hhbWJlcnM=?=" <silvesterm@sesmail.com> To: 
<skiwi@spamcop.net> Subject: 
=?windows-1251?B?U29sdXRpb24gZm9yIHlvdXIgc2V4dWFsIGxpZmU=?= Date: Fri, 
29 Aug 3609 13:23:17 +0900 MIME-Version: 1.0 Content-Type: 
multipart/alternative; 
boundary=----=_NextPart_000_0023_78_47D9E246.5E19FA3C X-Priority: 3 
X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 
6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Nothing I can do about that.

- Don D'Minion - SpamCop Admin - "

> 
> Where to get Help
> http://forum.spamcop.net/scwik/SpamCopWhereToGetHelp
> 
> SpamCop Staff
> http://forum.spamcop.net/scwik/SpamCopStaff
> 
> How to Contact SpamCop Staff
> http://forum.spamcop.net/scwik/HowToContactSpamCopStaff
> 
>>  - ignore them and just live with a few spams unreported every 
>> day?
> 
> Your choice.  Yet, I was of the thought that you didn't really 
> 'look' at your spam before submitting????

I think you maybe misread that in support of your possible (and 
misplaced) impression that I wanted "everything to be doing for me - 
what I in fact said, to paraphrase, was that I skimmed the 'auto 
replies' to my Quick Reports.

>>  - adjust them in a "legal" way?
> 
> Based on all the discussion, both here and in the Forum, you have no 
> 'legal' way to 'adjust' anything.  What needs to be done is sort out 
> just why 'you' are having a problem with these submittals.  BTW: 
> this week+ stuff between replies just isn't going to get it. 

I am a geologist by profession and am often not in a position to reply 
on a daily basis as work pressures move me around a bit, away from cell 
phone service let alone an internet connection - I feel no need to 
apologise for that of course.

As to the adjustments, and as mentioned, removing the two header lines 
that Spamcop injects (sic?) allows the spam source at least to parse - 
as others have noted in forums posts and so forth. I assumed the spam 
could NOT be 'adjusted' but I wanted to check (for instance, if you get 
a spam with no body, I understand from many posts over the years I have 
lurked here that you are "able" to add a line like "[no body]" in the 
spam to get it reported.

I am about to put together a SUM for the forum, as requested.

Have a good one...
From skiwi at spamcop.net  Wed Sep 10 00:23:46 2008
From: skiwi at spamcop.net (Skiwi)
Date: Wed Sep 10 00:25:02 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <g9t442$4jm$1@news.spamcop.net>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
	<g9si73$5mq$1@news.spamcop.net> <g9t442$4jm$1@news.spamcop.net>
Message-ID: <ga7i4i$i1c$1@news.spamcop.net>

Mike Easter wrote:
> Skiwi wrote:
>> Mike Easter wrote:
>>> I'm still accepting the veracity of your description
> 
>> So what to do?
> 
> Nothing.
> 
>> As the two lines that SpamCop is injecting is causing, or at least
>> exacerbating, the problem:
>>
>>   - just wait and hope a passing admin (Ellen, etc) reads the post and
>> has the time to look into it?
> 
> Yes.  But not spend any 'emotions' waiting/expecting anything to happen.
> More like, I recommend ignore the problem.
> 
>>   - somehow get hold of the SpamCop Admin via
>> <nobody@devnull.spamcop.net>?  *innocent* (*grin*)
> 
> That wouldn't be my style.
> 
>>   - ignore them and just live with a few spams unreported every day?
> 
> Yes.
> 
>>   - adjust them in a "legal" way?
> 
> Absolutely not.  I cannot comprehend any legal way.
> 

Thanks Mike - although my approach in starting this discussion in the 
forum and moving it here caused some frustration and confusion (which I 
of course regret), although it seems that I might not have given all of 
the necessary info up front or in the best way, I appreciate your help 
and patience.
From skiwi at spamcop.net  Wed Sep 10 00:36:11 2008
From: skiwi at spamcop.net (Skiwi)
Date: Wed Sep 10 00:40:03 2008
Subject: [Scspamcop] Re: What to adjust / can I adjust spams like these to
 get them to parse?
In-Reply-To: <vc05c45n5auqm03920h8brt2reu0s3mko6@4ax.com>
References: <g95847$2n1$1@news.spamcop.net> <g969k8$287$1@news.spamcop.net>
	<g96als$9ss$1@news.spamcop.net> <g9827g$ehm$1@news.spamcop.net>
	<TECQXhvKj0FX-pn2-fdHv0KjGbqgs@dsl-206-55-144-107.tstonramp.com>
	<g9ei97$m5s$1@news.spamcop.net> <g9ek2l$rcc$1@news.spamcop.net>
	<g9si73$5mq$1@news.spamcop.net>
	<vc05c45n5auqm03920h8brt2reu0s3mko6@4ax.com>
Message-ID: <ga7isf$m6n$1@news.spamcop.net>

SpamCop Admin wrote:
> Not sure how far along this discussion has gone...
> 
> I just got email about a subject very much like this one.
> 
> http://www.spamcop.net/sc?id=z2196747351z6ba68eb26809c77d606d0bd53e487873z
> 

[snip]

> - Don D'Minion - SpamCop Admin - 


Thanks Don for this and the initial reply... I did not see this post 
before I quoted it in the reply to  Wazoo...
From me at privacy.net  Wed Sep 10 04:48:32 2008
From: me at privacy.net (Will Wilkinson)
Date: Wed Sep 10 04:50:02 2008
Subject: [Scspamcop] Re: [OT] Does anyone have an email address for
	reporting eBay spam?
References: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
	<ga7e8j$627$1@news.spamcop.net>
Message-ID: <ovwABlBgn4xIFw0l@steely-glint.lancre.net>

In message <ga7e8j$627$1@news.spamcop.net>, LKing 
<Ag2000CO@Starband.net> writes
>Will Wilkinson wrote, On 9/9/2008 7:50 PM:
>> Slightly OT I know, but does anyone have an email address for 
>>reporting  eBay spam?
>>  There's a regular spammer to several usenet groups I frequent who 
>>I'd  like to report to eBay for violating their terms and conditions 
>>but I  can't find any reporting address and I don't have an eBay 
>>account which  cripples any web based reporting. A working email 
>>address for this type  of abuse would be greatly appreciated.
>>  Cheers.
>>  Will
>Try this:
>
>http://pages.ebay.com/help/contact_us/_base/index_selection.html?bhid=&s
>iteid=0&co_partnerId=2&UsingSSL=1&ru=https%3A%2F%2Fsignin.ebay.com%2Fws%
>2FeBayISAPI.dll%3FSignIn%26guest%3D1&pageType=PageShowCUPortal&guestSign
>In=1

I'd already tried that route, but thanks anyway.

Although it appears to be for non-account holders to report abuse, when 
I hit continue after selecting the type of report this leads to an eBay 
sign in page - not a lot of use if you don't have (and don't want) an 
eBay account.

What I really wanted was an email address, which appears to be 
non-existent from the eBay site - web forms don't really cut it, even if 
they worked, which this one doesn't.

Will
-- 
e-mail news dot will at lancre dot net
'98 300Tdi Defender 110 CSW, 1/12th NB Sometimes
PGP Fingerprint E089 1736 A023 9E5C AFA3  0B40 E5DC D80A 9E1F D521
Public key can be obtained from ldap://certserver.pgp.com
From Ag2000CO at Starband.net  Wed Sep 10 09:45:23 2008
From: Ag2000CO at Starband.net (LKing)
Date: Wed Sep 10 09:50:04 2008
Subject: [Scspamcop] Re: [OT] Does anyone have an email address for
	reporting eBay spam?
In-Reply-To: <ovwABlBgn4xIFw0l@steely-glint.lancre.net>
References: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
	<ga7e8j$627$1@news.spamcop.net>
	<ovwABlBgn4xIFw0l@steely-glint.lancre.net>
Message-ID: <ga8j1j$jf9$1@news.spamcop.net>

Will Wilkinson wrote, On 9/10/2008 4:48 AM:
<snip>
> What I really wanted was an email address, which appears to be 
> non-existent from the eBay site - web forms don't really cut it, even if 
> they worked, which this one doesn't.
> 
> Will
Sorry I did not follow the link.  I use to report ebay/paypal spam 
directly to them. Now that I think about it, I stopped when I started 
getting bounce messages from ebay.

Seems most companies stopped accepting "public" reports. At one time I 
sorted the spam by type and had a list of abuse@ addresses I reported to 
for SW (MS, Adobe, etc), ebay, paypal, phishing, or bank spam. When they 
started bouncing I would  stop send to them until there was no one left. 
I think the cost of staff for a company to follow-up on individual spam 
became to costly.  Besides there are more effective approaches.

Lou
From connyank at cox.net  Wed Sep 10 11:15:57 2008
From: connyank at cox.net (jg)
Date: Wed Sep 10 11:20:02 2008
Subject: [Scspamcop] Re: malformed reply?
In-Reply-To: <1cjfc49abnm3i3oslo8pi3r0mgdhmje1nd@4ax.com>
References: <ga6r8v$52u$1@news.spamcop.net>
	<1cjfc49abnm3i3oslo8pi3r0mgdhmje1nd@4ax.com>
Message-ID: <ga8oba$hmk$1@news.spamcop.net>

On 09/10/2008 06:40 AM SpamCop Admin scribbled:

> jg wrote:
>> -http://www.spamcop.net/sc?id=z2232557593z242f1e912ffb842ff71e7be4d82569b1z
> 
> That is a response to your report #3467886067, about
> http://bewellvitamins.com/... which you sent to
> abuse@hrwebservices.net
> 
> - Don D'Minion - SpamCop Admin -


I knew that - I got one that said something and then the weird one 4
minutes later...
From ppearson at nowhere.invalid  Wed Sep 10 12:10:56 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Wed Sep 10 12:15:03 2008
Subject: [Scspamcop] Phishing for Spamcop accounts
Message-ID: <ga8rig$ip$1@news.spamcop.net>

I've just received email phishing for Spamcop account information.

Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET

It contains an amusing explanation of its non-Spamcop reply address.

Tracker:
http://www.spamcop.net/sc?id=z2234660313zc6655b54432ad1fad1d640bf999ce1ccz

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From tmcgraw at spamcop.net  Wed Sep 10 12:24:28 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Sep 10 12:25:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
In-Reply-To: <ga8rig$ip$1@news.spamcop.net>
References: <ga8rig$ip$1@news.spamcop.net>
Message-ID: <ga8sbs$3oc$3@news.spamcop.net>

Peter Pearson wrote:
> I've just received email phishing for Spamcop account information.
> 
> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET

Isn't this akin to phishing bank accounts using only a list of bank 
managers?
From gezgin at spamcop.net  Wed Sep 10 12:29:36 2008
From: gezgin at spamcop.net (Opinicus)
Date: Wed Sep 10 12:30:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
References: <ga8rig$ip$1@news.spamcop.net>
Message-ID: <ga8slh$7ps$1@news.spamcop.net>

"Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
news:ga8rig$ip$1@news.spamcop.net...

> I've just received email phishing for Spamcop account information.
> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
> It contains an amusing explanation of its non-Spamcop reply address.

Just caught one too:
http://www.spamcop.net/sc?id=z2234695079z4d9b809aeeaf51358f97190d84e7b575z

What could they possibly want the account info for?

-- 
Bob
http://www.kanyak.com 

From nobody at spamcop.net  Wed Sep 10 14:27:49 2008
From: nobody at spamcop.net (Bar0)
Date: Wed Sep 10 14:30:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
References: <ga8rig$ip$1@news.spamcop.net> <ga8slh$7ps$1@news.spamcop.net>
Message-ID: <ga93ji$993$1@news.spamcop.net>


"Opinicus" <gezgin@spamcop.net> wrote in message 
news:ga8slh$7ps$1@news.spamcop.net...
> "Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
> news:ga8rig$ip$1@news.spamcop.net...
>
>> I've just received email phishing for Spamcop account information.
>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
>> It contains an amusing explanation of its non-Spamcop reply address.
>
> Just caught one too:
> http://www.spamcop.net/sc?id=z2234695079z4d9b809aeeaf51358f97190d84e7b575z
>
> What could they possibly want the account info for?
>

Well, if it's an SC Mail account they could start spamming from SC.

If it's also or just a reporting account, they could generate masses of bad 
complaints and listings.

Reputation?

From me at privacy.net  Wed Sep 10 16:43:15 2008
From: me at privacy.net (Will Wilkinson)
Date: Wed Sep 10 16:50:03 2008
Subject: [Scspamcop] Re: [OT] Does anyone have an email address for
	reporting eBay spam?
References: <M11pXQL1uwxIFwR2@steely-glint.lancre.net>
	<npjfc4plaa6faiu5tjb819rhjfkivl1ibb@4ax.com>
Message-ID: <7kD0zhCjFDyIFwff@steely-glint.lancre.net>

In message <npjfc4plaa6faiu5tjb819rhjfkivl1ibb@4ax.com>, SpamCop Admin 
<nobody@devnull.spamcop.net> writes
>Will Wilkinson wrote:
>>-Slightly OT I know, but does anyone have an email address for reporting
>>-eBay spam?
>
>spam at ebay.com  is a valid address.
>
>- Don D'Minion - SpamCop Admin -
Cheers, I'll start forwarding them there then :-)

Will
-- 
e-mail news dot will at lancre dot net
'98 300Tdi Defender 110 CSW, 1/12th NB Sometimes
PGP Fingerprint E089 1736 A023 9E5C AFA3  0B40 E5DC D80A 9E1F D521
Public key can be obtained from ldap://certserver.pgp.com
From nobody at devnull.spamcop.net  Wed Sep 10 18:22:43 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Wed Sep 10 18:25:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
References: <ga8rig$ip$1@news.spamcop.net> <ga8slh$7ps$1@news.spamcop.net>
	<ga93ji$993$1@news.spamcop.net>
Message-ID: <ga9hbb$3q5$1@news.spamcop.net>


"Bar0" <nobody@spamcop.net> ha scritto nel messaggio 
news:ga93ji$993$1@news.spamcop.net...
>
> "Opinicus" <gezgin@spamcop.net> wrote in message 
> news:ga8slh$7ps$1@news.spamcop.net...
>> "Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
>> news:ga8rig$ip$1@news.spamcop.net...
>>
>>> I've just received email phishing for Spamcop account information.
>>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
>>> It contains an amusing explanation of its non-Spamcop reply address.
>>
>> Just caught one too:
>> http://www.spamcop.net/sc?id=z2234695079z4d9b809aeeaf51358f97190d84e7b575z
>>
>> What could they possibly want the account info for?
>>
>
> Well, if it's an SC Mail account they could start spamming from SC.
>
> If it's also or just a reporting account, they could generate masses of 
> bad complaints and listings.
>
> Reputation?

Why don't SC setup a special account which will report the reporter?

We could mass-reply with the login data of that account... :)

Giampaolo 


From nobody at spamcop.net  Thu Sep 11 01:53:46 2008
From: nobody at spamcop.net (Antispam Knight)
Date: Thu Sep 11 01:55:02 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
References: <ga8rig$ip$1@news.spamcop.net> <ga8slh$7ps$1@news.spamcop.net>
	<ga93ji$993$1@news.spamcop.net> <ga9hbb$3q5$1@news.spamcop.net>
Message-ID: <gaabpb$s7e$1@news.spamcop.net>



"Giampaolo Tomassoni" <nobody@devnull.spamcop.net> wrote in message 
news:ga9hbb$3q5$1@news.spamcop.net...
>
> "Bar0" <nobody@spamcop.net> ha scritto nel messaggio 
> news:ga93ji$993$1@news.spamcop.net...
>>
>> "Opinicus" <gezgin@spamcop.net> wrote in message 
>> news:ga8slh$7ps$1@news.spamcop.net...
>>> "Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
>>> news:ga8rig$ip$1@news.spamcop.net...
>>>
>>>> I've just received email phishing for Spamcop account information.
>>>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
>>>> It contains an amusing explanation of its non-Spamcop reply address.
>>>
>>> Just caught one too:
>>> http://www.spamcop.net/sc?id=z2234695079z4d9b809aeeaf51358f97190d84e7b575z
>>>
>>> What could they possibly want the account info for?
>>>
>>
>> Well, if it's an SC Mail account they could start spamming from SC.
>>
>> If it's also or just a reporting account, they could generate masses of 
>> bad complaints and listings.
>>
>> Reputation?
>
> Why don't SC setup a special account which will report the reporter?
>
> We could mass-reply with the login data of that account... :)
>
> Giampaolo
Why not just send a whole bunch of bogus crap via some of the anonymizers?
AK 

From news0807REMOVECAPS at orrery.e4ward.com  Thu Sep 11 03:55:04 2008
From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith)
Date: Thu Sep 11 04:00:04 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
In-Reply-To: <ga8sbs$3oc$3@news.spamcop.net>
References: <ga8rig$ip$1@news.spamcop.net> <ga8sbs$3oc$3@news.spamcop.net>
Message-ID: <gaaisp$1g7$1@news.spamcop.net>

Tim McGraw wrote:
> Peter Pearson wrote:
>> I've just received email phishing for Spamcop account information.
>>
>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
> 
> Isn't this akin to phishing bank accounts using only a list of bank 
> managers?

I often wonder why the spammers don't remove all spamcop.net email 
addresses from their lists - it would save them a good deal of grief.

regards, Ian
From nobody at spamcop.net  Thu Sep 11 10:00:07 2008
From: nobody at spamcop.net (Bar0)
Date: Thu Sep 11 10:05:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
References: <ga8rig$ip$1@news.spamcop.net> <ga8sbs$3oc$3@news.spamcop.net>
	<gaaisp$1g7$1@news.spamcop.net>
Message-ID: <gab899$lks$1@news.spamcop.net>


"Ian Smith" <news0807REMOVECAPS@orrery.e4ward.com> wrote in message 
news:gaaisp$1g7$1@news.spamcop.net...
> Tim McGraw wrote:
>> Peter Pearson wrote:
>>> I've just received email phishing for Spamcop account information.
>>>
>>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
>>
>> Isn't this akin to phishing bank accounts using only a list of bank 
>> managers?
>
> I often wonder why the spammers don't remove all spamcop.net email 
> addresses from their lists - it would save them a good deal of grief.
>
> regards, Ian

For the same reasons that they spam NANAE , because they can, and they want 
people to know.

Also there are undoubtedly some SC users and mail account holders gullible 
enough to fall for this sort of thing.

There are still people falling for 419s when they have a mailbox full of 
hundreds of them. 

From acmeanvil at fishnet.com  Sat Sep 13 19:58:24 2008
From: acmeanvil at fishnet.com (rooster)
Date: Sat Sep 13 20:00:03 2008
Subject: [Scspamcop] Re: Phishing for Spamcop accounts
In-Reply-To: <ga93ji$993$1@news.spamcop.net>
References: <ga8rig$ip$1@news.spamcop.net> <ga8slh$7ps$1@news.spamcop.net>
	<ga93ji$993$1@news.spamcop.net>
Message-ID: <48CC53A0.5010309@fishnet.com>

Bar0 wrote:
> 
> "Opinicus" <gezgin@spamcop.net> wrote in message 
> news:ga8slh$7ps$1@news.spamcop.net...
>> "Peter Pearson" <ppearson@nowhere.invalid> wrote in message 
>> news:ga8rig$ip$1@news.spamcop.net...
>>
>>> I've just received email phishing for Spamcop account information.
>>> Subject: UPDATE YOUR ACCOUNT / SPAMCOP.NET
>>> It contains an amusing explanation of its non-Spamcop reply address.
>>
>> Just caught one too:
>> http://www.spamcop.net/sc?id=z2234695079z4d9b809aeeaf51358f97190d84e7b575z 
>>
>>
>> What could they possibly want the account info for?
>>
> 
> Well, if it's an SC Mail account they could start spamming from SC.
> 
> If it's also or just a reporting account, they could generate masses of 
> bad complaints and listings.
> 
> Reputation?
> 

Reputations/credibilities could well be involved. There could also be 
broader,
more ambitious (nefarious) objectives, intended to damage the internet's 
anti-
spam infrastructure.

Some back-channel info from Steve Linford: (Note [~Square brackets~] are 
mine~)

 >This is a joe-job spam, sent by a spammer who is harvesting addresses
 >from every anti-spam place he can find in order to hit as many anti-
 >spammers as possible, hoping to get his competitor (another Russian
 >[~product~] website) shut down. Obviously he's harvesting [~anti-spam 
list name withheld~]
 >amongst others.

 >   Steve Linford

SC Mail List/Accounts security notwithstanding, if the spammer in 
question, or his spamming agent (spag)
captures a couple of SC subscriber 'home' email addresses, he'd have 
enough info to start a hacking regime
that could do considerable damage.
E.g. Register snowshoe spam accounts/domains on servers upstream from 
both subscriber(s) and possibly
SC/Ironport, to get IP Blocks listed on SBLs. I'm bearing in mind that 
many large and small
ISPs, MTAs and hosting providers maintain their own BLs that often 
include entire
/8s and /16s, thus making the destructive potential of such a regime 
unpleasant to contemplate.

I'm not current with SC Forum/News posts, but if the following article 
didn't get
mentioned during the week, y'all  might find it interesting. Two fingers 
of Glendronach
or a judicious selection from the benzodiaphamine family might make the 
reading
easier (to take).
http://www.theregister.co.uk/2008/09/05/rock_phish_and_asprox_team_up/

-- 
Happy trails,
rooster
boundary beach, bc
From no at reply.addy  Sun Sep 14 13:45:15 2008
From: no at reply.addy (Neil)
Date: Sun Sep 14 13:50:03 2008
Subject: [Scspamcop] Sorry: Spammer Walks Free as Virginia Anti-Spam Law Is
	Declared Unconstitutional
Message-ID: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>

http://www.efluxmedia.com/news_Spammer_Walks_Free_as_Virginia_Anti_Spam_Law
_Is_Declared_Unconstitutional_24293.html
From dfmanno at mail.com  Sun Sep 14 13:56:49 2008
From: dfmanno at mail.com (D.F. Manno)
Date: Sun Sep 14 14:00:03 2008
Subject: [Scspamcop] Re: Sorry: Spammer Walks Free as Virginia Anti-Spam Law
	Is Declared Unconstitutional
References: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
Message-ID: <dfmanno-BBAE45.13564914092008@news.cesmail.net>

In article <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>,
 Neil <no@reply.addy> wrote:

> http://www.efluxmedia.com/news_Spammer_Walks_Free_as_Virginia_Anti_Spam_Law
> _Is_Declared_Unconstitutional_24293.html

As the cited article notes, the law was overbroad and could have 
infringed on First Amendment rights. The Virginia legislature will have 
to redraft the law so that it narrowly targets commercial junk e-mail.

-- 
D.F. Manno | dfmanno@mail.com
Faith may be defined briefly as an illogical belief in the occurrence of
the improbable. (H. L. Mencken)
From MikeE at ster.invalid  Sun Sep 14 14:13:52 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sun Sep 14 14:15:03 2008
Subject: [Scspamcop] Re: Sorry: Spammer Walks Free as Virginia Anti-Spam Law
	Is Declared Unconstitutional
References: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
Message-ID: <gajk86$ij8$1@news.spamcop.net>

Neil wrote:
Subject: Sorry: Spammer Walks Free as Virginia Anti-Spam Law Is Declared
Unconstitutional

There is 'inherently' a big problem with trying to write antispam
legislation.

The first big problem comes from the definition of spam and the difference
between what such as US legislators and the CANSPAM act and the Direct
Marketing Association think as distinguished from what antispammers would
like to imagine.

You can't expect to do anything useful about spam with bad legislation and
poor implementation.


--
Mike Easter
kibitzer, not SC admin

From acmeanvil at fishnet.com  Sun Sep 14 22:41:23 2008
From: acmeanvil at fishnet.com (rooster)
Date: Sun Sep 14 22:45:03 2008
Subject: [Scspamcop] Re: Sorry: Spammer Walks Free as Virginia Anti-Spam Law
 Is Declared Unconstitutional
In-Reply-To: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
References: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
Message-ID: <48CDCB53.2030105@fishnet.com>

Neil wrote:
> http://www.efluxmedia.com/news_Spammer_Walks_Free_as_Virginia_Anti_Spam_Law
> _Is_Declared_Unconstitutional_24293.html

Rather poorly written/researched article.

It only mentions by inference that the court heard or considered 
arguments concerning
Jayne's misrepresentations; which acts were an integral part of his 
operation and which
constituted fraud (i.e., felonies) according to legislation that existed 
before the State's
Anti-Spam Legislation came into effect. Arguments based on First 
Amendment Rights
vs. the metrics of the spamming are made to appear to be the crux of the 
appellant
case according to the article.

These argument might well be moot. The First Amendment does not afford 
protection
from prosecution when committing a crime. The way the article is 
written, this would
appear to be the case.

As reported in the WP, Wednesday, September 6, 2006, the Court of 
Appeals of Virginia
upheld Jayne's original conviction. In his written ruling, Judge James 
W. Haley Jr. opined
that the State's Anti-Spam Legislation, "prohibits trespassing on 
private computer networks
through intentional misrepresentation, an activity that merits no First 
Amendment protection."

More important than the arithmetic of what might be defined as a 
violation under the Anti-
Spam legislation is the issue of whether 'deliberate' misrepresentation 
constitutes
felonious fraud, or, as the piece implies, such ruses may be interpreted 
by the courts broadly to
merit the protection of the Right to Anonymity.

I'm not trying to give my own opinion of the ruling; ...just saying that 
the article missed
(what might be) the more salient point.
-- 
Happy trails,
rooster
boundary beach, bc
From news0807REMOVECAPS at orrery.e4ward.com  Mon Sep 15 07:36:10 2008
From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith)
Date: Mon Sep 15 07:40:04 2008
Subject: [Scspamcop] Link obfuscation error
Message-ID: <galhbc$bkj$1@news.spamcop.net>

The following should unescape to:

http://casiofirstbest.com/

instead of http://casiofirst/

<<
Resolving link obfuscation
    http://%63%61%73%69%6F%66%69%72%73%74%0D%0Abest.com/441/
    Percent unescape: http://casiofirst
    host casiofirst (getting name) no name
    casiofirst is not a hostname
    casiofirst is not a hostname
Tracking link: http://casiofirst/
No recent reports, no history available
casiofirst is not a hostname
Cannot resolve http://casiofirst/
 >>

regards, Ian

From MikeE at ster.invalid  Mon Sep 15 08:14:48 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Sep 15 08:15:04 2008
Subject: [Scspamcop] Re: Link obfuscation error
References: <galhbc$bkj$1@news.spamcop.net>
Message-ID: <galjj6$kgl$1@news.spamcop.net>

Ian Smith wrote:
> The following should unescape to:
>
> http://casiofirstbest.com/
>
> instead of http://casiofirst/

It looks to me like the URL was written wrong(ly) and there is an EOL (OD
OA) right before 'best.com'

Where is the tracker so we can see the original spam?

> Resolving link obfuscation
>     http://%63%61%73%69%6F%66%69%72%73%74%0D%0Abest.com/441/

<that might wrap for a newsmessage>

> Cannot resolve http://casiofirst/

If I put your % escaped link derived from your newsmessage source into
some other link deobfuscator such as the one at NetDemon, I get the
casiofirst result, not the casiofirstbest result.


--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Mon Sep 15 08:24:51 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Sep 15 08:25:04 2008
Subject: [Scspamcop] Re: Link obfuscation error
References: <galhbc$bkj$1@news.spamcop.net> <galjj6$kgl$1@news.spamcop.net>
Message-ID: <galk61$me4$1@news.spamcop.net>

Mike Easter wrote:
> Ian Smith wrote:
>> The following should unescape to:

> It looks to me like the URL was written wrong(ly) and there is an EOL
> (OD OA) right before 'best.com'

Oops.  I meant 0D 0A.

> Where is the tracker so we can see the original spam?

How to make a tracker:

 1 select and obtain the complete spam
 2 privatize the header&body content
 3 webparse it & copy the tracking URL
 4 cancel the report & paste the tracker in here


1  ... in the manner described by the SC faq
http://www.spamcop.net/fom-serve/cache/19.html  How do I get my email
program to reveal the full, unmodified email?

2 ... by modestly and unambiguously mungeing any private information you
don't want to expose, such as your name or email address which might
appear anywhere in the header or body.  Avoid excessive or confusing
mungeing.

3 login to the SC webparser, paste in the spam, and click Process Spam
button;  then copy the tracking URL from the top 'Here is your TRACKING
URL' of the appearance
http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez

4 ... after parsing, the report is 'live' until the cancel button is
used.  After cancelling the tracker disappears;  the munged spam report
should be cancelled because it has been materially changed and because
you don't want to leave a tracker live.



--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Mon Sep 15 12:22:12 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 12:25:04 2008
Subject: [Scspamcop] Old news
Message-ID: <gam23b$42g$1@news.spamcop.net>

This phishing:

http://www.spamcop.net/sc?id=z2248651308z312a73d9fbbf9b0d9b791ce41fe679e8z

does not produce any report just because the second 'Received:' line is fake 
and carries a more-than-2-days-old date in the past.

Of course, the real received date is the one shown in the first 'Received:' 
line, the second one being apparently fake.

I still don't get why the SC parser doesn't trust the date shown in the very 
first 'Received:' line in the message, and keeps inspecting further. Can 
someone explain this to me?

Giampaolo

-- 
NEVER send an e-mail to:
rainbowl@tomassoni.eu 


From nobody at devnull.spamcop.net  Mon Sep 15 12:41:38 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 12:45:03 2008
Subject: [Scspamcop] Re: Link obfuscation error
References: <galhbc$bkj$1@news.spamcop.net> <galjj6$kgl$1@news.spamcop.net>
Message-ID: <gam37p$aqa$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> ha scritto nel messaggio 
news:galjj6$kgl$1@news.spamcop.net...
> Ian Smith wrote:
>> The following should unescape to:
>>
>> http://casiofirstbest.com/
>>
>> instead of http://casiofirst/
>
> It looks to me like the URL was written wrong(ly) and there is an EOL (OD
> OA) right before 'best.com'
>
> Where is the tracker so we can see the original spam?
>
>> Resolving link obfuscation
>>     http://%63%61%73%69%6F%66%69%72%73%74%0D%0Abest.com/441/
>
> <that might wrap for a newsmessage>
>
>> Cannot resolve http://casiofirst/
>
> If I put your % escaped link derived from your newsmessage source into
> some other link deobfuscator such as the one at NetDemon, I get the
> casiofirst result, not the casiofirstbest result.

It seems to me the problem here is that OE (and probably other mail readers) 
ignores the %0D%0A stuff.

Of course spammers attempt a lot of tricks based on the most popular mail 
clients. The question is: shouldn't the SC parser attempt to mime these 
popular clients in resolving link obfuscation? I think it should, but of 
course this may be a matter of taste.

Giampaolo


>
>
> --
> Mike Easter
> kibitzer, not SC admin
> 


From nobody at spamcop.net  Mon Sep 15 12:51:57 2008
From: nobody at spamcop.net (Ellen)
Date: Mon Sep 15 12:55:04 2008
Subject: [Scspamcop] Re: Old news
In-Reply-To: <gam23b$42g$1@news.spamcop.net>
References: <gam23b$42g$1@news.spamcop.net>
Message-ID: <gam40u$epa$1@news.spamcop.net>

Giampaolo Tomassoni wrote:
> This phishing:
> 
> http://www.spamcop.net/sc?id=z2248651308z312a73d9fbbf9b0d9b791ce41fe679e8z
> 
> does not produce any report just because the second 'Received:' line is fake 
> and carries a more-than-2-days-old date in the past.
> 
> Of course, the real received date is the one shown in the first 'Received:' 
> line, the second one being apparently fake.
> 
> I still don't get why the SC parser doesn't trust the date shown in the very 
> first 'Received:' line in the message, and keeps inspecting further. Can 
> someone explain this to me?
> 
> Giampaolo
> 

  206.196.19.122 had a trusted mailserver flag from a long long  time 
ago and as I am not sure whether that is valid any more, I removed it. 
That solved the date problem.

We'll undoubtedly hear from maximumasp.com if this is their outgoing 
mailserver  and then we can have a lively discussion about why their 
users are spamming :-)


Ellen
SpamCop
From nobody at devnull.spamcop.net  Mon Sep 15 13:00:48 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 13:05:03 2008
Subject: [Scspamcop] Also note this (Was: Link obfuscation error)
References: <galhbc$bkj$1@news.spamcop.net>
Message-ID: <gam4bn$frh$1@news.spamcop.net>

"Ian Smith" <news0807REMOVECAPS@orrery.e4ward.com> ha scritto nel messaggio 
news:galhbc$bkj$1@news.spamcop.net...
> The following should unescape to:
>
> http://casiofirstbest.com/
>
> instead of http://casiofirst/
>
> <<
> Resolving link obfuscation
>    http://%63%61%73%69%6F%66%69%72%73%74%0D%0Abest.com/441/
>    Percent unescape: http://casiofirst
>    host casiofirst (getting name) no name
>    casiofirst is not a hostname
>    casiofirst is not a hostname
> Tracking link: http://casiofirst/
> No recent reports, no history available
> casiofirst is not a hostname
> Cannot resolve http://casiofirst/
> >>

http://www.spamcop.net/sc?id=z2248807117z48d381f94fa0ccdf42f85b603875d889z

Here the SC uri parser is not RFC-3986 -compliant, being unable to resolve 
the host referenced by the advertizing URI (ftp.smtp.ru).

Giampaolo

-- 
NEVER send an e-mail to:
rainbowl@tomassoni.eu


>
> regards, Ian
> 


From nobody at devnull.spamcop.net  Mon Sep 15 13:08:13 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 13:10:03 2008
Subject: [Scspamcop] Re: Old news
References: <gam23b$42g$1@news.spamcop.net> <gam40u$epa$1@news.spamcop.net>
Message-ID: <gam4pk$iov$1@news.spamcop.net>

"Ellen" <nobody@spamcop.net> ha scritto nel messaggio 
news:gam40u$epa$1@news.spamcop.net...
> Giampaolo Tomassoni wrote:
>> This phishing:
>>
>> http://www.spamcop.net/sc?id=z2248651308z312a73d9fbbf9b0d9b791ce41fe679e8z
>>
>> does not produce any report just because the second 'Received:' line is 
>> fake and carries a more-than-2-days-old date in the past.
>>
>> Of course, the real received date is the one shown in the first 
>> 'Received:' line, the second one being apparently fake.
>>
>> I still don't get why the SC parser doesn't trust the date shown in the 
>> very first 'Received:' line in the message, and keeps inspecting further. 
>> Can someone explain this to me?
>>
>> Giampaolo
>>
>
>  206.196.19.122 had a trusted mailserver flag from a long long  time ago 
> and as I am not sure whether that is valid any more, I removed it. That 
> solved the date problem.
>
> We'll undoubtedly hear from maximumasp.com if this is their outgoing 
> mailserver  and then we can have a lively discussion about why their users 
> are spamming :-)

Ah, SC was trusting it.

Thank you, Ellen.

Giampaolo


> Ellen
> SpamCop 


From MikeE at ster.invalid  Mon Sep 15 15:07:25 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Sep 15 15:10:03 2008
Subject: [Scspamcop] Re: Also note this (Was: Link obfuscation error)
References: <galhbc$bkj$1@news.spamcop.net> <gam4bn$frh$1@news.spamcop.net>
Message-ID: <gambov$o11$1@news.spamcop.net>

Giampaolo Tomassoni wrote:

>
http://www.spamcop.net/sc?id=z2248807117z48d381f94fa0ccdf42f85b603875d889z
>
> Here the SC uri parser is not RFC-3986 -compliant, being unable to
> resolve the host referenced by the advertizing URI (ftp.smtp.ru).

I can't read all of the .it, but it seems that the item is an ebay phish
and the 'target'/payload is a URL for which the html rendering makes it
look like:

http://cgi.ebay.it/ws/eBayISAPI.dll?ViewItem&item=110260188209

... but which in reality is a very long ftp url which will wrap here:

ftp://fewdsa:qwerqwer@ftp.smtp.ru/ehayISAPIdllSignInruhttwwwehaycomtrksidm
confirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignI
n11.aspx

I'm not familiar with whether ftp vs http syntax allows/permits...

ftp://string1:string2@ftp.smtp.ru

that is string1<colon>string2<at>ftp.smtp.ru

... but there is a server at ftp.smtp.ru dns 82.204.219.231 which answers
on port 21 (ftp port)

Initiating server query ...
Looking up IP address for domain: ftp.smtp.ru
The IP address for the domain is: 82.204.219.231
Connecting to the server on remote port: 21
[Connected]  The server greeted our connection with this message:
220 ProFTPD 1.3.1 Server (Pochta.ru FTP Server) [82.204.219.231]
Query complete.


--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Mon Sep 15 15:41:15 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 15:45:04 2008
Subject: [Scspamcop] Re: Also note this (Was: Link obfuscation error)
References: <galhbc$bkj$1@news.spamcop.net> <gam4bn$frh$1@news.spamcop.net>
	<gambov$o11$1@news.spamcop.net>
Message-ID: <gamdoh$1b6$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> ha scritto nel messaggio 
news:gambov$o11$1@news.spamcop.net...
> Giampaolo Tomassoni wrote:
>
>>
> http://www.spamcop.net/sc?id=z2248807117z48d381f94fa0ccdf42f85b603875d889z
>>
>> Here the SC uri parser is not RFC-3986 -compliant, being unable to
>> resolve the host referenced by the advertizing URI (ftp.smtp.ru).
>
> I can't read all of the .it, but it seems that the item is an ebay phish
> and the 'target'/payload is a URL for which the html rendering makes it
> look like:
>
> http://cgi.ebay.it/ws/eBayISAPI.dll?ViewItem&item=110260188209
>
> ... but which in reality is a very long ftp url which will wrap here:
>
> ftp://fewdsa:qwerqwer@ftp.smtp.ru/ehayISAPIdllSignInruhttwwwehaycomtrksidm
> confirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignI
> n11.aspx
>
> I'm not familiar with whether ftp vs http syntax allows/permits...
>
> ftp://string1:string2@ftp.smtp.ru
>
> that is string1<colon>string2<at>ftp.smtp.ru
>
> ... but there is a server at ftp.smtp.ru dns 82.204.219.231 which answers
> on port 21 (ftp port)
>
> Initiating server query ...
> Looking up IP address for domain: ftp.smtp.ru
> The IP address for the domain is: 82.204.219.231
> Connecting to the server on remote port: 21
> [Connected]  The server greeted our connection with this message:
> 220 ProFTPD 1.3.1 Server (Pochta.ru FTP Server) [82.204.219.231]
> Query complete.

Well, RFC-3986 states an URI such that means:

    scheme://username:password@host/path

When you click such a link, an IE (and others) web browser would basically 
contact the given host using the given schema, authenticating with the given 
username and password, and request the given path resource. Then, it would 
download the resource. If the resource is an html page, IE would show it 
even regardless of wether the scheme is http, https or ftp.

To me, phisers are using a full scheme://username:password@host/path URI 
exactly to conceal the host involved in the phishing, possibly given the 
fact that SC would not report it...

This is what I get by manually executing the request:

myhost ~ # ftp ftp.smtp.ru
Connected to ftp.smtp.ru (82.204.219.231).
220 ProFTPD 1.3.1 Server (Pochta.ru FTP Server) [82.204.219.231]
Name (ftp.smtp.ru:ugo): fewdsa
500 AUTH not understood
SSL not available
331 Password required for fewdsa
Password:
230 User fewdsa logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get 
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
local: 
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx 
remote: 
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
200 PORT command successful
150 Opening BINARY mode data connection for 
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx 
(18417 bytes)
226 Transfer complete
18417 bytes received in 0.268 secs (67 Kbytes/sec)
ftp> quit
221 Goodbye.

The downloaded file starts with this:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>

and in effect it is an HTML page (with some javascript code, too).

Coping the URI in my IE, it works...

Giampaolo

> --
> Mike Easter
> kibitzer, not SC admin
> 


From nobody at devnull.spamcop.net  Mon Sep 15 15:45:17 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Mon Sep 15 15:50:03 2008
Subject: [Scspamcop] Re: Also note this (Was: Link obfuscation error)
References: <galhbc$bkj$1@news.spamcop.net> <gam4bn$frh$1@news.spamcop.net>
	<gambov$o11$1@news.spamcop.net>
Message-ID: <game02$2ec$1@news.spamcop.net>

"Mike Easter" <MikeE@ster.invalid> ha scritto nel messaggio
news:gambov$o11$1@news.spamcop.net...
> Giampaolo Tomassoni wrote:
>
>>
> http://www.spamcop.net/sc?id=z2248807117z48d381f94fa0ccdf42f85b603875d889z
>>
>> Here the SC uri parser is not RFC-3986 -compliant, being unable to
>> resolve the host referenced by the advertizing URI (ftp.smtp.ru).
>
> I can't read all of the .it, but it seems that the item is an ebay phish
> and the 'target'/payload is a URL for which the html rendering makes it
> look like:
>
> http://cgi.ebay.it/ws/eBayISAPI.dll?ViewItem&item=110260188209
>
> ... but which in reality is a very long ftp url which will wrap here:
>
> ftp://fewdsa:qwerqwer@ftp.smtp.ru/ehayISAPIdllSignInruhttwwwehaycomtrksidm
> confirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignI
> n11.aspx
>
> I'm not familiar with whether ftp vs http syntax allows/permits...
>
> ftp://string1:string2@ftp.smtp.ru
>
> that is string1<colon>string2<at>ftp.smtp.ru
>
> ... but there is a server at ftp.smtp.ru dns 82.204.219.231 which answers
> on port 21 (ftp port)
>
> Initiating server query ...
> Looking up IP address for domain: ftp.smtp.ru
> The IP address for the domain is: 82.204.219.231
> Connecting to the server on remote port: 21
> [Connected]  The server greeted our connection with this message:
> 220 ProFTPD 1.3.1 Server (Pochta.ru FTP Server) [82.204.219.231]
> Query complete.

Well, RFC-3986 states an URI such that means:

    scheme://username:password@host/path

When you click such a link, an IE (and others) web browser would basically
contact the given host using the given schema, authenticating with the given
username and password, and request the given path resource. Then, it would
download the resource. If the resource is an html page, IE would show it
even regardless of wether the scheme is http, https or ftp.

To me, phisers are using a full scheme://username:password@host/path URI
exactly to conceal the host involved in the phishing, possibly given the
fact that SC would not report it...

This is what I get by manually executing the request:

myhost ~ # ftp ftp.smtp.ru
Connected to ftp.smtp.ru (82.204.219.231).
220 ProFTPD 1.3.1 Server (Pochta.ru FTP Server) [82.204.219.231]
Name (ftp.smtp.ru:root): fewdsa
500 AUTH not understood
SSL not available
331 Password required for fewdsa
Password:
230 User fewdsa logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
local:
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
remote:
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
200 PORT command successful
150 Opening BINARY mode data connection for
ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx
(18417 bytes)
226 Transfer complete
18417 bytes received in 0.268 secs (67 Kbytes/sec)
ftp> quit
221 Goodbye.

The downloaded file starts with this:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>

and in effect it is an HTML page (with some javascript code, too).

Coping the URI in my IE, it works...

Giampaolo

> --
> Mike Easter
> kibitzer, not SC admin
>



From nobody at devnull.spamcop.net  Tue Sep 16 08:43:03 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Tue Sep 16 08:45:03 2008
Subject: [Scspamcop] And this - if you like (Was: Link obfuscation error)
References: <galhbc$bkj$1@news.spamcop.net>
Message-ID: <gao9kc$tto$1@news.spamcop.net>

"Ian Smith" <news0807REMOVECAPS@orrery.e4ward.com> ha scritto nel messaggio 
news:galhbc$bkj$1@news.spamcop.net...
> The following should unescape to:
>
> http://casiofirstbest.com/
>
> instead of http://casiofirst/
>
> <<
> Resolving link obfuscation
>    http://%63%61%73%69%6F%66%69%72%73%74%0D%0Abest.com/441/
>    Percent unescape: http://casiofirst
>    host casiofirst (getting name) no name
>    casiofirst is not a hostname
>    casiofirst is not a hostname
> Tracking link: http://casiofirst/
> No recent reports, no history available
> casiofirst is not a hostname
> Cannot resolve http://casiofirst/
> >>

http://www.spamcop.net/sc?id=z2251032143z49f43781f81993714f960033166fbf0dz

Phishing site is:

ftp://dqwadsdsa:qwerqwer@ftp.smtp.ru/ehayISAPIdllSignInruhttwwwehaycomtrksidmconfirm-ebry11Page-Type-existing1Email-isCheck1-out-migarate-visitor-SignIn11.aspx

Giampaolo

>
> regards, Ian
> 


From news0807REMOVECAPS at orrery.e4ward.com  Tue Sep 16 11:42:55 2008
From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith)
Date: Tue Sep 16 11:45:03 2008
Subject: [Scspamcop] Re: Link obfuscation error
In-Reply-To: <galhbc$bkj$1@news.spamcop.net>
References: <galhbc$bkj$1@news.spamcop.net>
Message-ID: <gaok60$fdj$1@news.spamcop.net>


And another similar one:

Resolving link obfuscation
    http://msn.ofseem.com?fxh

Spamcop doesn't successfully parse it, for obvious reasons, but the 
browser (Firefox in my case) automatically fixes it to:

http://msn.ofseem.com/?fxh

- another Canadian Pharma site.

regards, Ian
From nobody at devnull.spamcop.net  Tue Sep 16 17:40:03 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Tue Sep 16 17:40:03 2008
Subject: [Scspamcop] Strange spams
Message-ID: <gap93g$io3$1@news.spamcop.net>

Hi,

http://www.spamcop.net/sc?id=z2252252187ze2af7249bf92b1b8c93d194639cd6ec8z

is one of several spams I've had lately.  What's interesting about it 
is:
1.  When I reported, the report went ONLY to Verizon.
2.  Using the tracker number, it says it would also have reported it to 
:
Re: http://ree.eymore.cn/ (Administrator of network hosting website 
referenced in spam)

poul@ragtime.ru

----------------------

And here's another, but this time it's only VZ as I saw when I submitted 
it:

http://www.spamcop.net/sc?id=z2251380926z6475221400831c985d452c35b6956e06z

----------------

I've been watching my spam a little bit because almost all if it traces 
(seemingly reasonable so) back to Verizon as the origin (actually Yahoo, 
I think, because of the VZ/Yh crazy e-mail relationship).  But, I'm 
never seeing Yahoo being reported to.

In addition, many of the spams are coming from the same block of 
numbers.  Spam after spam has similar IP addresses in the traces.  In 
fact, I think the two trackers above show the same exact IPs if I recall 
correctly; I'm a little blotto from trying to figure these things out.

While the majority of the spams go to Verizon, there are also a lot of 
others that go to Bell South, Gblx and a few other big names, as the 
sources of the spam.  And there is often a long list of spamvertising 
sites in the suggested report to's.

I guess what I'm wondering is:

--  Is SC getting these things right?  Looks like the injection points 
are at Yahoo, not Verizon, to me, but I'm not too sure of what I'm 
looking at.

--  Isn't Yahoo more accurately the right place for these reports to go? 
I hope not because I know Yahoo is nothing but a black hole.  Hmm, maybe 
that's why they're going to VZ then.  Dunno.

--  Or have I just had the honor of getting on some specific idiot's 
list that this is their modus operandi?

If anyone wants more evidence, this is the ONLY type of spam I'm getting 
these days; probably between 8 to 15 a day.  If it'll help anything I 
can provide more trackers and/or excerpts from trackers or whatever 
would help, if needed.

Yes, My ISP is Verizon.

Regards,

Twayne








From MikeE at ster.invalid  Tue Sep 16 19:57:15 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 16 20:00:02 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net>
Message-ID: <gaph3r$f3p$1@news.spamcop.net>

Twayne wrote:

www.spamcop.net/sc?id=z2252252187ze2af7249bf92b1b8c93d194639cd6ec8z

non-mailhosted tracker

> is one of several spams I've had lately.  What's interesting about it
> is:
> 1.  When I reported, the report went ONLY to Verizon.

SC correctly determines the source to be 200.96.73.101 rDNS
200-96-73-101.paemt701.dsl.brasiltelecom.net.br which should notify
abuse@noc.brasiltelecom.net.br or supplement that with this gang:
whois -h whois.abuse.net noc.brasiltelecom.net.br ...
postmaster@brasiltelecom.net.br   abuse@noc.brasiltelecom.net.br
mail-abuse@cert.br   suporte@noc.brasiltelecom.net.br
antispambr@abuse.net (for brasiltelecom.net.br)

 -- but the routing deputy most recently in 2002 configured the notify to
go to verizon.net@abuse.net which translates/references to
abuse@verizon.net

And/But there is additional information about how the yahoo/verizon system
is handling its headers to indicate that you should be using mailhosting
to get accurate parses.  Here's abbreviated tracelines + XOIP:

  Abbreviated Received tracelines *comment
  from mta101.vzn.mail.re2.yahoo.com (HELO mta292.mail.re4.yahoo.com)
(206.190.53.173) by 0 *serves recipient
  from 186.12.58.185  (EHLO vms172073pub.verizon.net) (206.46.172.73) by
mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant fromfield
  from bxtvh ([200.96.73.101]) by vms172073.mailsrvcs.net *sourceline
X-Originating-IP: [200.96.73.101] *XOIP sourceline

Notice the *noncompliant fromfield stamped by the yahoo server.

> 2.  Using the tracker number, it says it would also have reported it to
>>
> Re: http://ree.eymore.cn/ (Administrator of network hosting website
> referenced in spam)
>
> poul@ragtime.ru

Sometimes the parser will want to notify the spamvertiser provider and
sometimes it doesn't.  Currently it wants to notify

  Re: http://gfse.dmminute.cn/ (Administrator of network hosting website
referenced in spam) abuse@sbcglobal.net
  Re: http://gpuu.dmminute.cn/ (Administrator of network hosting website
referenced in spam) abuse@sbcglobal.net

... for the above tracker;  so there might be a tracker mixup.

> And here's another, but this time it's only VZ as I saw when I submitted
> it:

www.spamcop.net/sc?id=z2251380926z6475221400831c985d452c35b6956e06z

also nonmailhosted, you should change that for parser accuracy purposes

In this case, the combination of noncompliance and nonmailhosted causes SC
to break the chain prematurely and name your provider's server

If reported today, reports would be sent to:
Re: 206.46.169.127 (Administrator of network where email originates)
abuse@verizon.net

  Abbreviated Received tracelines *comment
  from mta101.vzn.mail.re2.yahoo.com (HELO mta292.mail.re4.yahoo.com)
(206.190.53.173) by 0 *serves recipient
  from 216.130.45.150  (EHLO vms169127pub.verizon.net) (206.46.169.127) by
mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant fromfield
  from ioistphvo ([85.185.153.143]) by vms169127.mailsrvcs.net *sourceline
X-Originating-IP: [85.185.153.143] XOIP sourceline

As you can see, the yahoo server stamped its line badly where I've
indicated *noncompliant fromfield.

> --  Is SC getting these things right?

Not in the 2nd case above.  You need to be mailhosted especially if you
are using a mailhost which stamps noncompliant lines.

> Yes, My ISP is Verizon.



--
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Wed Sep 17 10:33:10 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 17 10:35:03 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
Message-ID: <gar4f1$i07$1@news.spamcop.net>

> Twayne wrote:
>
> www.spamcop.net/sc?id=z2252252187ze2af7249bf92b1b8c93d194639cd6ec8z
>
> non-mailhosted tracker
>
>> is one of several spams I've had lately.  What's interesting about it
>> is:
>> 1.  When I reported, the report went ONLY to Verizon.
>
> SC correctly determines the source to be 200.96.73.101 rDNS
> 200-96-73-101.paemt701.dsl.brasiltelecom.net.br which should notify
> abuse@noc.brasiltelecom.net.br or supplement that with this gang:
> whois -h whois.abuse.net noc.brasiltelecom.net.br ...
> postmaster@brasiltelecom.net.br   abuse@noc.brasiltelecom.net.br
> mail-abuse@cert.br   suporte@noc.brasiltelecom.net.br
> antispambr@abuse.net (for brasiltelecom.net.br)
>
> -- but the routing deputy most recently in 2002 configured the notify
> to go to verizon.net@abuse.net which translates/references to
> abuse@verizon.net
>
> And/But there is additional information about how the yahoo/verizon
> system is handling its headers to indicate that you should be using
> mailhosting to get accurate parses.  Here's abbreviated tracelines +
> XOIP:
>
>  Abbreviated Received tracelines *comment
>  from mta101.vzn.mail.re2.yahoo.com (HELO mta292.mail.re4.yahoo.com)
> (206.190.53.173) by 0 *serves recipient
>  from 186.12.58.185  (EHLO vms172073pub.verizon.net) (206.46.172.73)
> by mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant
>  fromfield from bxtvh ([200.96.73.101]) by vms172073.mailsrvcs.net
> *sourceline X-Originating-IP: [200.96.73.101] *XOIP sourceline
>
> Notice the *noncompliant fromfield stamped by the yahoo server.
>
>> 2.  Using the tracker number, it says it would also have reported it
>> to
>>>
>> Re: http://ree.eymore.cn/ (Administrator of network hosting website
>> referenced in spam)
>>
>> poul@ragtime.ru
>
> Sometimes the parser will want to notify the spamvertiser provider and
> sometimes it doesn't.  Currently it wants to notify
>
>  Re: http://gfse.dmminute.cn/ (Administrator of network hosting
> website referenced in spam) abuse@sbcglobal.net
>  Re: http://gpuu.dmminute.cn/ (Administrator of network hosting
> website referenced in spam) abuse@sbcglobal.net
>
> ... for the above tracker;  so there might be a tracker mixup.
>
>> And here's another, but this time it's only VZ as I saw when I
>> submitted it:
>
> www.spamcop.net/sc?id=z2251380926z6475221400831c985d452c35b6956e06z
>
> also nonmailhosted, you should change that for parser accuracy
> purposes
>
> In this case, the combination of noncompliance and nonmailhosted
> causes SC to break the chain prematurely and name your provider's
> server
>
> If reported today, reports would be sent to:
> Re: 206.46.169.127 (Administrator of network where email originates)
> abuse@verizon.net
>
>  Abbreviated Received tracelines *comment
>  from mta101.vzn.mail.re2.yahoo.com (HELO mta292.mail.re4.yahoo.com)
> (206.190.53.173) by 0 *serves recipient
>  from 216.130.45.150  (EHLO vms169127pub.verizon.net)
> (206.46.169.127) by mta101.vzn.mail.re2.yahoo.com *serves recipient,
>  noncompliant fromfield from ioistphvo ([85.185.153.143]) by
> vms169127.mailsrvcs.net *sourceline X-Originating-IP:
> [85.185.153.143] XOIP sourceline
>
> As you can see, the yahoo server stamped its line badly where I've
> indicated *noncompliant fromfield.
>
>> --  Is SC getting these things right?
>
> Not in the 2nd case above.  You need to be mailhosted especially if
> you are using a mailhost which stamps noncompliant lines.
>
>> Yes, My ISP is Verizon.

Hmm, thanks, Mike, that explains a couple of things, actually.
  I haven't had a spam lately that doesn't trace to Verizon for some 
reason; it must be intentional on the part of the spammers. They 
trickled in all day yesterday.
  I even got one on an account this morning that's never had spam at all 
in fact, in the year + that it's existed; an incoming only account I 
created on my website.  Reporting one's own ISP can be, well, sort of 
self defeating<g>.

As for the noncompliant line in each one, the sc mailhost refuses to 
work for me because of it.  I asked Yahoo and VZ "why" and "when" they 
planned to fix it before but besides a lot of black holes all I ever got 
was to not hold my breath waiting for it to be changed.  I realize it 
should be a FQDN and was able to get the mailhost to parse them by 
adding one manually, but besides it being against the rules to do that, 
it could be any one of several DNs at Yahoo.

   For awhile it looked like SC might be able to work around it, but I 
guess that never went anywhere either and eventually I got tired of 
frogging with it and just let it be.

   The odd thing is, it's a geographic thing.  Other vz/yahoo geographic 
areas and any non-vz/yahoo I've managed to get a look at don't have that 
problem.

   Haven't tried setting up the mailhost in quite awhile now and might 
try again, just for grins, but I don't expect to see anything any 
different come about.  I'm just "left out" when it comes to the mailhost 
at spamcop.

Regards,

Twayne 


From nobody at spamcop.net  Wed Sep 17 11:07:55 2008
From: nobody at spamcop.net (Antispam Knight)
Date: Wed Sep 17 11:10:02 2008
Subject: [Scspamcop] Attn: Deputies (Reporting error)
Message-ID: <gar6gb$rs4$1@news.spamcop.net>

Spamcop wants to report 91.184.80.75 to abuse@datak, and defaults to 
nomaster.  Correct reporting addy should be 
postmaster@datak-telecom.ne,abuse@datak-telecom.ne.

http://www.spamcop.net/sc?id=z2254293740z88bb894d8e2c879a86f122b88d3c2a56z

AK 

From MikeE at ster.invalid  Wed Sep 17 11:15:02 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 17 11:15:03 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net>
Message-ID: <gar6sl$tt2$1@news.spamcop.net>

Twayne wrote:

>> In this case, the combination of noncompliance and nonmailhosted
>> causes SC to break the chain prematurely and name your provider's
>> server

>>> --  Is SC getting these things right?
>>
>> Not in the 2nd case above.  You need to be mailhosted especially if
>> you are using a mailhost which stamps noncompliant lines.

> Hmm, thanks, Mike, that explains a couple of things, actually.
>   I haven't had a spam lately that doesn't trace to Verizon for some
> reason; it must be intentional on the part of the spammers. They
> trickled in all day yesterday.

There's a big problem with using SC to report spam which results in
false/bad reports sourcing your provider.  The provider doesn't like that,
SC admin doesn't like that, and SC admin is going to insist that you
either get mailhosted and make accurate reports or that you don't be a SC
reporter if you can't make accurate reports.

> Reporting one's own ISP can be, well, sort of
> self defeating<g>.

Much worse than that.

> As for the noncompliant line in each one, the sc mailhost refuses to
> work for me because of it.

I've seen evidence here of mailhosts setup on some pretty whacky
noncompliant providers tracelines.

>    For awhile it looked like SC might be able to work around it, but I
> guess that never went anywhere either and eventually I got tired of
> frogging with it and just let it be.

Sometimes I can understand the 'mechnanism' or the 'syntax' of a
noncompliant line, but these two examples are a little baffling to me.  I
might need to look at them some more to see if what I said previously was
correct or to try to guess at what the yahoo server is doing.

>    Haven't tried setting up the mailhost in quite awhile now and might
> try again, just for grins, but I don't expect to see anything any
> different come about.  I'm just "left out" when it comes to the mailhost
> at spamcop.

IMO it is a must-do.  You can't be a spamcop reporter reporting the wrong
source.  That is bad for the provider and it is bad for the SCbl and it is
bad for SC generally.  All of that make it 'bad for you'.  SC has a rule
that you can't be making bad/false reports

http://www.spamcop.net/fom-serve/cache/125.html  Erroneous reports make
the SCBL less accurate and potentially cause thousands of sites to
mistakenly block wanted, solicited email. ... SpamCop will ban users of
the free reporting service who violate these rules. ... SpamCop may fine,
suspend or terminate the accounts of paid members who violate these rules.

http://www.spamcop.net/fom-serve/cache/13.html  Why does SpamCop want to
send a report to my own network administrator? -- The mail servers
handling your email must identify themselves in a consistent way,

There are some discussions in the forum about mailhosts and yahoo, but I
don't feel like wading thru' all that crap.  Trying to read or search
messages with a browser isn't at all appealing to me.

--
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Wed Sep 17 11:44:34 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 17 11:45:02 2008
Subject: [Scspamcop] Re: Attn: Deputies (Reporting error)
References: <gar6gb$rs4$1@news.spamcop.net>
Message-ID: <gar8k1$7qm$1@news.spamcop.net>

Antispam Knight wrote:
> Spamcop wants to report 91.184.80.75 to abuse@datak, and defaults to
> nomaster.  Correct reporting addy should be
> postmaster@datak-telecom.ne,abuse@datak-telecom.ne.

Or .net instead of .ne

whois -h whois.abuse.net datak-telecom.net ...
abuse@datak-telecom.net  postmaster@datak-telecom.net  (for
datak-telecom.net)

>
http://www.spamcop.net/sc?id=z2254293740z88bb894d8e2c879a86f122b88d3c2a56z

I wonder why there isn't someone capable of fixing the hyphen domainname
problem.  As it currently stands, it is left to the routing deputy to
manually adjust routing for the block 91.184.64.0/19

DATAK Internet Engineering, Inc
inetnum:        91.184.64.0 - 91.184.95.255
abuse-mailbox:  abuse@datak-telecom.net

... and that happens every time a derived notify has a hyphen/dash in it.

--
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Wed Sep 17 13:42:51 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Sep 17 13:45:03 2008
Subject: [Scspamcop] Re: Attn: Deputies (Reporting error)
In-Reply-To: <gar8k1$7qm$1@news.spamcop.net>
References: <gar6gb$rs4$1@news.spamcop.net> <gar8k1$7qm$1@news.spamcop.net>
Message-ID: <garfj2$907$1@news.spamcop.net>

Mike Easter wrote:
> Antispam Knight wrote:
>> Spamcop wants to report 91.184.80.75 to abuse@datak, and defaults to
>> nomaster.  Correct reporting addy should be
>> postmaster@datak-telecom.ne,abuse@datak-telecom.ne.
> 
> Or .net instead of .ne
> 
> whois -h whois.abuse.net datak-telecom.net ...
> abuse@datak-telecom.net  postmaster@datak-telecom.net  (for
> datak-telecom.net)
> 
> http://www.spamcop.net/sc?id=z2254293740z88bb894d8e2c879a86f122b88d3c2a56z
> 
> I wonder why there isn't someone capable of fixing the hyphen domainname
> problem.  As it currently stands, it is left to the routing deputy to
> manually adjust routing for the block 91.184.64.0/19
> 
> DATAK Internet Engineering, Inc
> inetnum:        91.184.64.0 - 91.184.95.255
> abuse-mailbox:  abuse@datak-telecom.net
> 
> ... and that happens every time a derived notify has a hyphen/dash in it.
> 

Thanks -- I set it to the abuse@ address.

There is an engineering group capable of fixing this and it should be 
fixed in the next release. (I think Don might have mentioned that? maybe 
not). Because of some platform changes the next release is a non-trivial 
effort and requires a huge amount of quality assurance checking before 
it can be released to production. So while the "-" fix is relatively 
simple, it is but a tiny part of a much larger effort. Trust me -- there 
is no one more anxious than I am to see the system not be stymied by 
hyphens.


Ellen
SpamCop

From nobody at devnull.spamcop.net  Wed Sep 17 14:09:01 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 17 14:10:03 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net> <gar6sl$tt2$1@news.spamcop.net>
Message-ID: <garh3o$kal$1@news.spamcop.net>

> Twayne wrote:
>
>>> In this case, the combination of noncompliance and nonmailhosted
>>> causes SC to break the chain prematurely and name your provider's
>>> server
>
>>>> --  Is SC getting these things right?
>>>
>>> Not in the 2nd case above.  You need to be mailhosted especially if
>>> you are using a mailhost which stamps noncompliant lines.

Yeah; but what are you supposed to do when those non-compliant lines 
cause parse results to not be provided and end up useless?  It's a 
Verizon/Yahoo issue; nothing I can do anything about anymore than I 
already have.  They know but they just don't care and used the line that 
it'll never make any difference to anyone anyway type of bozo response 
at one point.  Frustrated with them is a mild way to phrase my feelings 
about it.  There seems to be no place to complain to that can/will do 
anything about it.

>
>> Hmm, thanks, Mike, that explains a couple of things, actually.
>>   I haven't had a spam lately that doesn't trace to Verizon for some
>> reason; it must be intentional on the part of the spammers. They
>> trickled in all day yesterday.
>
> There's a big problem with using SC to report spam which results in
> false/bad reports sourcing your provider.  The provider doesn't like
> that, SC admin doesn't like that, and SC admin is going to insist
> that you either get mailhosted and make accurate reports or that you
> don't be a SC reporter if you can't make accurate reports.

Well, I've always figured I'd throw out spamcop when they indicated they 
would eventually insist on the mailhost only situation a long time ago. 
Up until a couple of weeks ago it was never a problem, either, so 
something has changed at spamcop, IMO.  I've been with SC since almost 
day one and this "by 0" crap has been there just as long.

>
>> Reporting one's own ISP can be, well, sort of
>> self defeating<g>.
>
>
> I've seen evidence here of mailhosts setup on some pretty whacky
> noncompliant providers tracelines.

I doubt you've seen this one, though.  It's not new by any means; I've 
posted about it here in fact, at least three times, this making the 4th, 
over the years.

>
>>    For awhile it looked like SC might be able to work around it, but
>> I guess that never went anywhere either and eventually I got tired of
>> frogging with it and just let it be.
>
> Sometimes I can understand the 'mechnanism' or the 'syntax' of a
> noncompliant line, but these two examples are a little baffling to
> me.  I might need to look at them some more to see if what I said
> previously was correct or to try to guess at what the yahoo server is
> doing.

If you mean the "by 0" part vs FQDN, I can pull out ANY e-mail and show 
it to you in the headers.  It never fails to appear and the domain there 
is NEVER named, for whatever reason.  If you see more than that, I'm not 
aware of it.  Not that it's not enough to frog things up royally anyway.

>
>>    Haven't tried setting up the mailhost in quite awhile now and
>> might try again, just for grins, but I don't expect to see anything
>> any different come about.  I'm just "left out" when it comes to the
>> mailhost at spamcop.
>
> IMO it is a must-do.  You can't be a spamcop reporter reporting the
> wrong source.  That is bad for the provider and it is bad for the
> SCbl and it is bad for SC generally.  All of that make it 'bad for
> you'.  SC has a rule that you can't be making bad/false reports

Well, I'm hoping I come back and apologize to you for being wrong, but 
... I'm going to tell you right now, you are wrong.  And,  that I'll 
waste the hour or so it takes to get it all set up and then I'll fail to 
get any parses to work.  I've long ago cleaned up the forward to here 
and forward to there and all that crap in my accounts.  The only 
"forwarding" left is that I pop the mails I want instead.  I've kept 
that setup on purpose, just because of the mailhost thing.  All I'm 
going to get from the mailhosts is a story about the inability to parse 
it because ... well, you know why now, I think.

>
> http://www.spamcop.net/fom-serve/cache/125.html  Erroneous reports
> make the SCBL less accurate and potentially cause thousands of sites
> to mistakenly block wanted, solicited email. ... SpamCop will ban
> users of the free reporting service who violate these rules. ...
> SpamCop may fine, suspend or terminate the accounts of paid members
> who violate these rules.

>
> http://www.spamcop.net/fom-serve/cache/13.html  Why does SpamCop want
> to send a report to my own network administrator? -- The mail servers
> handling your email must identify themselves in a consistent way,

I hear what you're saying but it's a little silly on your part to be 
quoting them to me since it's obviously nothing I have any conrtol over 
myself.  I have to wonder how many others have walked away from 
supporting the sbl et al because of comments like that and the confusion 
it all generates.  I've fielded five or six such questions myself from 
people around here and they just threw up their hands and said SC was 
useless.  And, that's about what you especially, and the FAQs tend to 
say in many places.  And you know, from their viewpoint, they're right? 
It is of no use to them.  It's of no use to me either, as of the last 
couple of weeks.  If you wish to digress and postulate, you should take 
an attitude of problem resolution, not get out of town.  Which, near as 
I can tell, is probably my only viable move right now.
>
> There are some discussions in the forum about mailhosts and yahoo,
> but I don't feel like wading thru' all that crap.  Trying to read or
> search messages with a browser isn't at all appealing to me.

I'm reading a piece or two when I get a spare minute between calls, but 
gads, that's a crummy place to wade around in and  I suppose that only 
means it's newbies, which is fine with me, but ... it's not the best 
place to find information without a lot of luck, skimming and waiting 
for screen refreshes.

Cheers,

Twayne.



From nobody at devnull.spamcop.net  Wed Sep 17 14:40:16 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 17 14:45:03 2008
Subject: [Scspamcop] PS  Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net> <gar6sl$tt2$1@news.spamcop.net>
Message-ID: <gariuc$stf$1@news.spamcop.net>

PS
Mike,

If you do a forum search on "received by 0" you'll find a lot of 
discussion, mostly guesses, and some that matched it to "0" being a 
server, and a few others that just threw up their hands.  This is the 
first time I've been aware other ISPs are doing that; I thought it was 
just mine.  But for the few that had it ID'd right, none of them lead to 
a conclusion; the threads all just peter out without resolution or hands 
in the air.

I still intend to try the mailhosts again tonite and I'll make one post 
to the forum for what it's worth, but ... I really don't see any future 
in it now.

Can't recall the deputy address or I'd copy them on this.  Nothing 
stands out in the spamcop.net or FAQ and I'm out of time.

Regards,

Twayne


> Twayne wrote:
>
>>> In this case, the combination of noncompliance and nonmailhosted
>>> causes SC to break the chain prematurely and name your provider's
>>> server
>
>>>> --  Is SC getting these things right?
>>>
>>> Not in the 2nd case above.  You need to be mailhosted especially if
>>> you are using a mailhost which stamps noncompliant lines.
>
>> Hmm, thanks, Mike, that explains a couple of things, actually.
>>   I haven't had a spam lately that doesn't trace to Verizon for some
>> reason; it must be intentional on the part of the spammers. They
>> trickled in all day yesterday.
>
> There's a big problem with using SC to report spam which results in
> false/bad reports sourcing your provider.  The provider doesn't like
> that, SC admin doesn't like that, and SC admin is going to insist
> that you either get mailhosted and make accurate reports or that you
> don't be a SC reporter if you can't make accurate reports.
>
>> Reporting one's own ISP can be, well, sort of
>> self defeating<g>.
>
> Much worse than that.
>
>> As for the noncompliant line in each one, the sc mailhost refuses to
>> work for me because of it.
>
> I've seen evidence here of mailhosts setup on some pretty whacky
> noncompliant providers tracelines.
>
>>    For awhile it looked like SC might be able to work around it, but
>> I guess that never went anywhere either and eventually I got tired of
>> frogging with it and just let it be.
>
> Sometimes I can understand the 'mechnanism' or the 'syntax' of a
> noncompliant line, but these two examples are a little baffling to
> me.  I might need to look at them some more to see if what I said
> previously was correct or to try to guess at what the yahoo server is
> doing.
>
>>    Haven't tried setting up the mailhost in quite awhile now and
>> might try again, just for grins, but I don't expect to see anything
>> any different come about.  I'm just "left out" when it comes to the
>> mailhost at spamcop.
>
> IMO it is a must-do.  You can't be a spamcop reporter reporting the
> wrong source.  That is bad for the provider and it is bad for the
> SCbl and it is bad for SC generally.  All of that make it 'bad for
> you'.  SC has a rule that you can't be making bad/false reports
>
> http://www.spamcop.net/fom-serve/cache/125.html  Erroneous reports
> make the SCBL less accurate and potentially cause thousands of sites
> to mistakenly block wanted, solicited email. ... SpamCop will ban
> users of the free reporting service who violate these rules. ...
> SpamCop may fine, suspend or terminate the accounts of paid members
> who violate these rules.
>
> http://www.spamcop.net/fom-serve/cache/13.html  Why does SpamCop want
> to send a report to my own network administrator? -- The mail servers
> handling your email must identify themselves in a consistent way,
>
> There are some discussions in the forum about mailhosts and yahoo,
> but I don't feel like wading thru' all that crap.  Trying to read or
> search messages with a browser isn't at all appealing to me.



From MikeE at ster.invalid  Wed Sep 17 16:00:38 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 17 16:05:04 2008
Subject: [Scspamcop] Re: PS  Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net> <gar6sl$tt2$1@news.spamcop.net>
	<gariuc$stf$1@news.spamcop.net>
Message-ID: <garnk4$esq$1@news.spamcop.net>

Twayne wrote:
> PS
> Mike,
>
> If you do a forum search on "received by 0"

That isn't the problem line, except in the context that it is one of the
header tracelines which is non-helpful.  As you said earlier, that
traceline condition isn't all that unusual.

The line under that one is the real problem which is what I indicated by
my *comment about noncompliant.  I wasn't talking about the 'by 0' line
being noncompliant.

Here are two examples from your trackers:

  from 186.12.58.185  (EHLO vms172073pub.verizon.net) (206.46.172.73) by
mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant fromfield

and

  from 216.130.45.150  (EHLO vms169127pub.verizon.net) (206.46.169.127) by
mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant fromfield

For purposes of discussion, I'm assuming that both of those lines are
'real' lines stamped by mta101.vzn.mail.re2.yahoo.com

The question is, what the hell is that IP address immediately after the
'from' all about?  It isn't the source, it isn't where
mta101.vzn.mail.re2.yahoo.com got the item from and it looks for all the
world like the construction for a bogusline.

I'm not familiar with what your mailhost normally looks like, so I don't
know what to say about such a line.


--
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Wed Sep 17 17:20:09 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Wed Sep 17 17:25:03 2008
Subject: [Scspamcop] Re: Strange spams
In-Reply-To: <garh3o$kal$1@news.spamcop.net>
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net> <gar6sl$tt2$1@news.spamcop.net>
	<garh3o$kal$1@news.spamcop.net>
Message-ID: <garsab$3ck$1@news.spamcop.net>

"Twayne" <nobody@devnull.spamcop.net> wrote in message 
news:garh3o$kal$1@news.spamcop.net...
> Well, I've always figured I'd throw out spamcop when they indicated they 
> would eventually insist on the mailhost only situation a long time ago. Up 
> until a couple of weeks ago it was never a problem, either, so something 
> has changed at spamcop, IMO.  I've been with SC since almost day one and 
> this "by 0" crap has been there just as long.
>

Twayne:  Have you ever contacted the deputies while tying to get your 
mailhost setup?  They can manually over-ride things that you can not do 
yourself... then you would have a working mailhost and no misreporting.  I 
believe the rejection reply actually provides the directions for getting 
this accomplished.  I know I needed to have it done for my work accounts for 
2 different jobs because both used Postini which adds a header without me 
having control over it. 

From nobody at devnull.spamcop.net  Wed Sep 17 17:45:58 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 17 17:50:03 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<gar4f1$i07$1@news.spamcop.net> <gar6sl$tt2$1@news.spamcop.net>
	<garh3o$kal$1@news.spamcop.net> <garsab$3ck$1@news.spamcop.net>
Message-ID: <gartqh$baa$1@news.spamcop.net>

> "Twayne" <nobody@devnull.spamcop.net> wrote in message
> news:garh3o$kal$1@news.spamcop.net...
>> Well, I've always figured I'd throw out spamcop when they indicated
>> they would eventually insist on the mailhost only situation a long
>> time ago. Up until a couple of weeks ago it was never a problem,
>> either, so something has changed at spamcop, IMO.  I've been with SC
>> since almost day one and this "by 0" crap has been there just as
>> long.
>
> Twayne:  Have you ever contacted the deputies while tying to get your
> mailhost setup?  They can manually over-ride things that you can not
> do yourself... then you would have a working mailhost and no
> misreporting.  I believe the rejection reply actually provides the
> directions for getting this accomplished.  I know I needed to have it
> done for my work accounts for 2 different jobs because both used
> Postini which adds a header without me having control over it.

Mmm, not recently.  Actually, it was Don that originally pointed out the 
"by 0" part of the early received line that was causing the problem. 
I've made kind of a mental note to contact admin though after I try the 
mailhost setpup one more time, just to prove due diligence or whatever 
you want to call it.  At that time there was nothign SC could do for it. 
But things do change; sometimes.

Thanks for the comeback

Twayne



From nobody at spamcop.net  Wed Sep 17 19:48:01 2008
From: nobody at spamcop.net (Antispam Knight)
Date: Wed Sep 17 19:50:03 2008
Subject: [Scspamcop] Re: Attn: Deputies (Reporting error)
References: <gar6gb$rs4$1@news.spamcop.net> <gar8k1$7qm$1@news.spamcop.net>
Message-ID: <gas4vi$60h$1@news.spamcop.net>



"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gar8k1$7qm$1@news.spamcop.net...
> Antispam Knight wrote:
>> Spamcop wants to report 91.184.80.75 to abuse@datak, and defaults to
>> nomaster.  Correct reporting addy should be
>> postmaster@datak-telecom.ne,abuse@datak-telecom.ne.
>
> Or .net instead of .ne
You got me, Mike. It didn't even occur to me that it was .net. I assumed 
that .ne was a country domain (Niger)! I should've dug deeper.
AK

<snip> 

From MikeE at ster.invalid  Wed Sep 17 20:00:57 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 17 20:05:03 2008
Subject: [Scspamcop] Re: Attn: Deputies (Reporting error)
References: <gar6gb$rs4$1@news.spamcop.net> <gar8k1$7qm$1@news.spamcop.net>
	<gas4vi$60h$1@news.spamcop.net>
Message-ID: <gas5mn$7as$1@news.spamcop.net>

Antispam Knight wrote:
> "Mike Easter"

>> Or .net instead of .ne

> You got me, Mike. It didn't even occur to me that it was .net. I assumed
> that .ne was a country domain (Niger)! I should've dug deeper.

Niger!  Now there's a god-forsaken place.  Mostly all covered by the
Sahara.  If they're lucky, maybe they can find some gold or oil in the
future and evntually be able to buy some imported food.

The don't have much in the way of communication.


--
Mike Easter
kibitzer, not SC admin

From not at home.today  Wed Sep 17 22:33:49 2008
From: not at home.today (Ant)
Date: Wed Sep 17 22:40:03 2008
Subject: [Scspamcop] Re: Niger [was: Attn: Deputies (Reporting error)]
References: <gar6gb$rs4$1@news.spamcop.net> <gar8k1$7qm$1@news.spamcop.net>
	<gas4vi$60h$1@news.spamcop.net> <gas5mn$7as$1@news.spamcop.net>
Message-ID: <gasepd$5o2$1@news.spamcop.net>

"Mike Easter" wrote:
> Niger!
> ...
> The don't have much in the way of communication.

But they know about "the new technologies of information":

Centre de Coordination de l'Informatique et des Nouvelles Technologies de l'Information
inetnum:  193.251.227.108 - 193.251.227.115
netname:  CCINTI-NETNE
descr:    CENTRE COORDINATION INFORMATIQUE ET NTIC
descr:    Niamey
descr:    Niger
country:  NE

One for customs...

inetnum:  193.251.227.85 - 193.251.227.85
netname:  DGD-NETNE
descr:    DIRECTION GENERALE DES DOUANES

not forgetting the printer ;-)

inetnum:  193.251.227.96 - 193.251.227.96
netname:  NIN-NETNE
descr:    Printing

and some relaxation:

inetnum:  193.251.227.228 - 193.251.227.231
netname:  LONANI-NETNE
descr:    Games

They also have a handful of other blocks, one as large as a /23!


From nobody at devnull.spamcop.net  Wed Sep 17 22:46:41 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 17 22:50:03 2008
Subject: [Scspamcop] Mailhost setup
Message-ID: <gasfeb$70f$1@news.spamcop.net>

Well, I've gotten a grand total of zip for my efforts to set up a 
mailhost tonite.

My ISP is Verizon, and I have a verizon.net email address.  But SC won't 
accept it.  I've deleted & started over twice with the exact same 
results:
----------------------
Host mta102.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.174

Sorry, SpamCop has encountered errors:

The email sample you submitted for r91658@verizon.net
appears to traverse more than one domain.
Please ensure that you configure each mailhost individually and in 
order.

Proceed here:
http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm

---------------------

vzn.mail.re2.yahoo.com indicates to me that vz is the right starting 
point.  I can't test by trying Yahoo though since I don't use any Yahoo 
addresses; othere then verizon.net, I get all my other ones from my web 
site provider. I may still have an address functional there, but I've no 
idea what it is anymore.

There was a link to discuss things with an admin, so I clicked that and 
instead of any method of contact, it told me my waiver request was sent 
and I should get a response soon.  So, rather than create more confusion 
I left it with that entry and quit.  The Proceed Here link is of no use 
at all; it only reiterates the same message, bascially.  And whatever 
the hell the waiver is and is for is anybody's guess at this point. 
Hell, I can't even find the deputy address in the FAQs let alone 
anything else useful.
   Wazoo, no offense; I know they're there.  I just can't find them.

I suspect it's the verizon/yahoo relathionship screwing up the 
submission but I'm not going to turn this into a career just to get set 
up.  I haven't been able to report spam in over a week since it's all 
tracing to my own ISP, so ... unless an admin or someone can come to my 
aid and query me and straighten this out, I'm probably at the end of my 
tour with SpamCop; I can't trust a system I can't even get set up and is 
threatening to kick me off anyway for this and another couple reasons 
related the header problems I have no contol over.  S'not kosher.

Regards,

Twayne




From user at domain.invalid  Thu Sep 18 06:56:48 2008
From: user at domain.invalid (Farelf)
Date: Thu Sep 18 07:00:04 2008
Subject: [Scspamcop] Re: Mailhost setup
In-Reply-To: <gasfeb$70f$1@news.spamcop.net>
References: <gasfeb$70f$1@news.spamcop.net>
Message-ID: <gatc5f$sgg$1@news.spamcop.net>

Twayne wrote:
> Well, I've gotten a grand total of zip for my efforts to set up a 
> mailhost tonite.
> 
> My ISP is Verizon, and I have a verizon.net email address.  But SC won't 
> accept it.  I've deleted & started over twice with the exact same 
> results:
> ----------------------
> Host mta102.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.174
> 
> Sorry, SpamCop has encountered errors:
> 
> The email sample you submitted for r91658@verizon.net
> appears to traverse more than one domain.
> Please ensure that you configure each mailhost individually and in 
> order.
> 
> Proceed here:
> http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm
> 

That link now says problem is resolved - the process initiated has 
apparently been completed.  All fixed now?

For future reference, searching the forums using the error message will 
usually get some helpful results.
From nobody at devnull.spamcop.net  Thu Sep 18 11:37:41 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Sep 18 11:40:04 2008
Subject: [Scspamcop] Re: Mailhost setup
References: <gasfeb$70f$1@news.spamcop.net> <gatc5f$sgg$1@news.spamcop.net>
Message-ID: <gatsjv$hd7$1@news.spamcop.net>

> Twayne wrote:
>> Well, I've gotten a grand total of zip for my efforts to set up a
>> mailhost tonite.
>>
>> My ISP is Verizon, and I have a verizon.net email address.  But SC
>> won't accept it.  I've deleted & started over twice with the exact
>> same results:
>> ----------------------
>> Host mta102.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.174
>>
>> Sorry, SpamCop has encountered errors:
>>
>> The email sample you submitted for r91658@verizon.net
>> appears to traverse more than one domain.
>> Please ensure that you configure each mailhost individually and in
>> order.
>>
>> Proceed here:
>> http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm
>>
>
> That link now says problem is resolved - the process initiated has
> apparently been completed.  All fixed now?
>
> For future reference, searching the forums using the error message
> will usually get some helpful results.

I discovered that; thanks.  So far so good this am.


From acmeanvil at fishnet.com  Thu Sep 18 22:17:41 2008
From: acmeanvil at fishnet.com (rooster)
Date: Thu Sep 18 22:20:03 2008
Subject: [Scspamcop] Whose URL is Named?
Message-ID: <gav24t$b83$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z

I can't fetch the spam url in this one. Neither did SC. I thought it 
might be Base64, but
my decoder doesn't give joy and neither did ToastedSpam's machine;... 
unless I'm
entering it wrong.

I don't recognize anything source-wise. It might be some new player or a 
'familiar' using
a new ruse.

How would y'all handle something like this?
_____________________________________________________________________________________

This is a multi-part message in MIME format.

--=_4TtZhIACfnFER3
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

  try  medication fast delivery  see us
--=_4TtZhIACfnFER3
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-- 
Happy trails,
rooster
boundary beach, bc
From nobody at spamcop.net  Thu Sep 18 22:30:17 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Thu Sep 18 22:35:04 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gav24t$b83$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net>
Message-ID: <gav2rq$dnf$1@news.spamcop.net>

"rooster" <acmeanvil@fishnet.com> wrote in message 
news:gav24t$b83$1@news.spamcop.net...
> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z
>
> I can't fetch the spam url in this one. Neither did SC. I thought it might 
> be Base64, but
> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
> unless I'm
> entering it wrong.
>
> I don't recognize anything source-wise. It might be some new player or a 
> 'familiar' using
> a new ruse.
>
> How would y'all handle something like this?
> _____________________________________________________________________________________
>
> This is a multi-part message in MIME format.
>
> --=_4TtZhIACfnFER3
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
>  try  medication fast delivery  see us
> --=_4TtZhIACfnFER3
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> -- 
> Happy trails,
> rooster
> boundary beach, bc


I don't see any URL in the spam shown at that link.  The closest to a URL 
is: <A href=3D""> see us</A> and there is nothing there to find.  What am I 
missing?  There is no link shown in the text/plain portion of the message 
either. 

From acmeanvil at fishnet.com  Fri Sep 19 00:51:08 2008
From: acmeanvil at fishnet.com (rooster)
Date: Fri Sep 19 00:55:04 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gav2rq$dnf$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
Message-ID: <48D32FBC.50100@fishnet.com>

Steven Underwood wrote:
> "rooster" <acmeanvil@fishnet.com> wrote in message 
> news:gav24t$b83$1@news.spamcop.net...
>> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z 
>>
>>
>> I can't fetch the spam url in this one. Neither did SC. I thought it 
>> might be Base64, but
>> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
>> unless I'm
>> entering it wrong.
>>
>> I don't recognize anything source-wise. It might be some new player or 
>> a 'familiar' using
>> a new ruse.
>>
>> How would y'all handle something like this?
>> _____________________________________________________________________________________ 
>>
>>
>> This is a multi-part message in MIME format.
>>
>> --=_4TtZhIACfnFER3
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>>  try  medication fast delivery  see us
>> --=_4TtZhIACfnFER3
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> -- 
>> Happy trails,
>> rooster
>> boundary beach, bc
> 
> 
> I don't see any URL in the spam shown at that link.  The closest to a 
> URL is: <A href=3D""> see us</A> and there is nothing there to find.  
> What am I missing?  There is no link shown in the text/plain portion of 
> the message either.

What is that "--=_4TtZhIACfnFER3" supposed to indicate?

Considering its position in the message body, and absent anything else that
looks 'URLish", I was left to wonder if "--=_4TtZhIACfnFER3" might be a 
code
for an URL I hadn't  seen before.

You've probably noticed that there is code to set the background colour.
I cycled through white, black and blue backgrounds just to see if
there was a masked url, or something like, embedded. But nothing showed up.

I guess you're telling me there isn't anything there.

...reminds me of Mearns'(?) ditty:
"Yesterday, upon the stair.
I met a man, who wasn't there.
He wasn't there again today.
Oh dear, I wish he'd go away."
(variations abound)

-- 
Happy trails,
rooster
boundary beach, bc
From acmeanvil at fishnet.com  Fri Sep 19 01:05:06 2008
From: acmeanvil at fishnet.com (rooster)
Date: Fri Sep 19 01:10:03 2008
Subject: [Scspamcop] FU: Re: Sorry: Spammer Walks Free as Virginia Anti-Spam
 Law Is Declared Unconstitutional
In-Reply-To: <48CDCB53.2030105@fishnet.com>
References: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
	<48CDCB53.2030105@fishnet.com>
Message-ID: <48D33302.9070403@fishnet.com>

rooster wrote:
> Neil wrote:
>> http://www.efluxmedia.com/news_Spammer_Walks_Free_as_Virginia_Anti_Spam_Law 
>>
>> _Is_Declared_Unconstitutional_24293.html
> 
> Rather poorly written/researched article.
> 
> It only mentions by inference that the court heard or considered 
> arguments concerning
> Jayne's misrepresentations; which acts were an integral part of his 
> operation and which
> constituted fraud (i.e., felonies) according to legislation that existed 
> before the State's
> Anti-Spam Legislation came into effect. Arguments based on First 
> Amendment Rights
> vs. the metrics of the spamming are made to appear to be the crux of the 
> appellant
> case according to the article.
> 
> These argument might well be moot. The First Amendment does not afford 
> protection
> from prosecution when committing a crime. The way the article is 
> written, this would
> appear to be the case.
> 
> As reported in the WP, Wednesday, September 6, 2006, the Court of 
> Appeals of Virginia
> upheld Jayne's original conviction. In his written ruling, Judge James 
> W. Haley Jr. opined
> that the State's Anti-Spam Legislation, "prohibits trespassing on 
> private computer networks
> through intentional misrepresentation, an activity that merits no First 
> Amendment protection."
> 
> More important than the arithmetic of what might be defined as a 
> violation under the Anti-
> Spam legislation is the issue of whether 'deliberate' misrepresentation 
> constitutes
> felonious fraud, or, as the piece implies, such ruses may be interpreted 
> by the courts broadly to
> merit the protection of the Right to Anonymity.
> 
> I'm not trying to give my own opinion of the ruling; ...just saying that 
> the article missed
> (what might be) the more salient point.

If anyone is interested in pursuing this ruling further, here's an
article by Declan McCullagh in "Politics and Law" that explores
the issue from a legal perspective.

http://news.cnet.com/8301-13578_3-10040522-38.html

-- 
Happy trails,
rooster
boundary beach, bc
From nobody at devnull.spamcop.net  Fri Sep 19 04:12:20 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Sep 19 04:15:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com>
Message-ID: <gavmsk$lkg$1@news.spamcop.net>


"rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
news:48D32FBC.50100@fishnet.com...
> Steven Underwood wrote:
>> "rooster" <acmeanvil@fishnet.com> wrote in message 
>> news:gav24t$b83$1@news.spamcop.net...
>>> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z
>>>
>>> I can't fetch the spam url in this one. Neither did SC. I thought it 
>>> might be Base64, but
>>> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
>>> unless I'm
>>> entering it wrong.
>>>
>>> I don't recognize anything source-wise. It might be some new player or a 
>>> 'familiar' using
>>> a new ruse.
>>>
>>> How would y'all handle something like this?
>>> _____________________________________________________________________________________
>>>
>>> This is a multi-part message in MIME format.
>>>
>>> --=_4TtZhIACfnFER3
>>> Content-Type: text/plain;
>>> charset="iso-8859-1"
>>> Content-Transfer-Encoding: quoted-printable
>>>
>>>  try  medication fast delivery  see us
>>> --=_4TtZhIACfnFER3
>>> Content-Type: text/html;
>>> charset="iso-8859-1"
>>> Content-Transfer-Encoding: quoted-printable
>>> -- 
>>> Happy trails,
>>> rooster
>>> boundary beach, bc
>>
>>
>> I don't see any URL in the spam shown at that link.  The closest to a URL 
>> is: <A href=3D""> see us</A> and there is nothing there to find.  What am 
>> I missing?  There is no link shown in the text/plain portion of the 
>> message either.
>
> What is that "--=_4TtZhIACfnFER3" supposed to indicate?
>
> Considering its position in the message body, and absent anything else 
> that
> looks 'URLish", I was left to wonder if "--=_4TtZhIACfnFER3" might be a 
> code
> for an URL I hadn't  seen before.

This is the multipart boundary.

See the "Content-Type:" header line.


>
> You've probably noticed that there is code to set the background colour.
> I cycled through white, black and blue backgrounds just to see if
> there was a masked url, or something like, embedded. But nothing showed 
> up.
>
> I guess you're telling me there isn't anything there.

I don't see any URL, too.

Giampaolo


>
> ...reminds me of Mearns'(?) ditty:
> "Yesterday, upon the stair.
> I met a man, who wasn't there.
> He wasn't there again today.
> Oh dear, I wish he'd go away."
> (variations abound)
>
> -- 
> Happy trails,
> rooster
> boundary beach, bc 


From acmeanvil at fishnet.com  Fri Sep 19 10:59:39 2008
From: acmeanvil at fishnet.com (rooster)
Date: Fri Sep 19 11:05:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gavmsk$lkg$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
Message-ID: <48D3BE5B.3070702@fishnet.com>

Giampaolo Tomassoni wrote:
> "rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
> news:48D32FBC.50100@fishnet.com...
>> Steven Underwood wrote:
>>> "rooster" <acmeanvil@fishnet.com> wrote in message 
>>> news:gav24t$b83$1@news.spamcop.net...
>>>> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z
>>>>
>>>> I can't fetch the spam url in this one. Neither did SC. I thought it 
>>>> might be Base64, but
>>>> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
>>>> unless I'm
>>>> entering it wrong.
>>>>
>>>> I don't recognize anything source-wise. It might be some new player or a 
>>>> 'familiar' using
>>>> a new ruse.
>>>>
>>>> How would y'all handle something like this?
>>>> _____________________________________________________________________________________
>>>>
>>>> This is a multi-part message in MIME format.
>>>>
>>>> --=_4TtZhIACfnFER3
>>>> Content-Type: text/plain;
>>>> charset="iso-8859-1"
>>>> Content-Transfer-Encoding: quoted-printable
>>>>
>>>>  try  medication fast delivery  see us
>>>> --=_4TtZhIACfnFER3
>>>> Content-Type: text/html;
>>>> charset="iso-8859-1"
>>>> Content-Transfer-Encoding: quoted-printable
>>>> -- 
>>>> Happy trails,
>>>> rooster
>>>> boundary beach, bc
>>>
>>> I don't see any URL in the spam shown at that link.  The closest to a URL 
>>> is: <A href=3D""> see us</A> and there is nothing there to find.  What am 
>>> I missing?  There is no link shown in the text/plain portion of the 
>>> message either.
>> What is that "--=_4TtZhIACfnFER3" supposed to indicate?
>>
>> Considering its position in the message body, and absent anything else 
>> that
>> looks 'URLish", I was left to wonder if "--=_4TtZhIACfnFER3" might be a 
>> code
>> for an URL I hadn't  seen before.
> 
> This is the multipart boundary.
> 
> See the "Content-Type:" header line.
> 

Aha! Another "Duh" I can add to my list. I wonder how many I can squeeze 
into
an 80 GB partition?

> 
>> You've probably noticed that there is code to set the background colour.
>> I cycled through white, black and blue backgrounds just to see if
>> there was a masked url, or something like, embedded. But nothing showed 
>> up.
>>
>> I guess you're telling me there isn't anything there.
> 
> I don't see any URL, too.
> 
> Giampaolo
> 
> 
>> ...reminds me of Mearns'(?) ditty:
>> "Yesterday, upon the stair.
>> I met a man, who wasn't there.
>> He wasn't there again today.
>> Oh dear, I wish he'd go away."
>> (variations abound)
>>
>> -- 
>> Happy trails,
>> rooster
>> boundary beach, bc 
> 
> 


-- 
Happy trails,
rooster
boundary beach, bc
From connyank at cox.net  Fri Sep 19 11:41:57 2008
From: connyank at cox.net (jg)
Date: Fri Sep 19 11:45:04 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <48D32FBC.50100@fishnet.com>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com>
Message-ID: <gb0h83$fev$1@news.spamcop.net>

On 09/18/2008 09:51 PM rooster scribbled:


> 
> ...reminds me of Mearns'(?) ditty:
> "Yesterday, upon the stair.
> I met a man, who wasn't there.
> He wasn't there again today.
> Oh dear, I wish he'd go away."
> (variations abound)
>

I'd always thought that to be Ogden Nash - will have to look it up when
time allows...

From user at domain.invalid  Fri Sep 19 12:01:47 2008
From: user at domain.invalid (Farelf)
Date: Fri Sep 19 12:05:02 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb0h83$fev$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
Message-ID: <gb0id9$mn6$1@news.spamcop.net>

jg wrote:
> On 09/18/2008 09:51 PM rooster scribbled:
> 
> 
> 
>>...reminds me of Mearns'(?) ditty:
>>"Yesterday, upon the stair.
>>I met a man, who wasn't there.
>>He wasn't there again today.
>>Oh dear, I wish he'd go away."
>>(variations abound)
>>
> 
> 
> I'd always thought that to be Ogden Nash - will have to look it up when
> time allows...
> 

http://www.funtrivia.com/askft/Question37160.html
From nobody at devnull.spamcop.net  Fri Sep 19 12:56:48 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Fri Sep 19 13:00:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com>
Message-ID: <gb0lkh$7vf$1@news.spamcop.net>

"rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
news:48D3BE5B.3070702@fishnet.com...
> Giampaolo Tomassoni wrote:
>> "rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
>> news:48D32FBC.50100@fishnet.com...
>>> Steven Underwood wrote:
>>>> "rooster" <acmeanvil@fishnet.com> wrote in message 
>>>> news:gav24t$b83$1@news.spamcop.net...
>>>>> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z
>>>>>
>>>>> I can't fetch the spam url in this one. Neither did SC. I thought it 
>>>>> might be Base64, but
>>>>> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
>>>>> unless I'm
>>>>> entering it wrong.
>>>>>
>>>>> I don't recognize anything source-wise. It might be some new player or 
>>>>> a 'familiar' using
>>>>> a new ruse.
>>>>>
>>>>> How would y'all handle something like this?
>>>>> _____________________________________________________________________________________
>>>>>
>>>>> This is a multi-part message in MIME format.
>>>>>
>>>>> --=_4TtZhIACfnFER3
>>>>> Content-Type: text/plain;
>>>>> charset="iso-8859-1"
>>>>> Content-Transfer-Encoding: quoted-printable
>>>>>
>>>>>  try  medication fast delivery  see us
>>>>> --=_4TtZhIACfnFER3
>>>>> Content-Type: text/html;
>>>>> charset="iso-8859-1"
>>>>> Content-Transfer-Encoding: quoted-printable
>>>>> -- 
>>>>> Happy trails,
>>>>> rooster
>>>>> boundary beach, bc
>>>>
>>>> I don't see any URL in the spam shown at that link.  The closest to a 
>>>> URL is: <A href=3D""> see us</A> and there is nothing there to find. 
>>>> What am I missing?  There is no link shown in the text/plain portion of 
>>>> the message either.
>>> What is that "--=_4TtZhIACfnFER3" supposed to indicate?
>>>
>>> Considering its position in the message body, and absent anything else 
>>> that
>>> looks 'URLish", I was left to wonder if "--=_4TtZhIACfnFER3" might be a 
>>> code
>>> for an URL I hadn't  seen before.
>>
>> This is the multipart boundary.
>>
>> See the "Content-Type:" header line.
>>
>
> Aha! Another "Duh" I can add to my list. I wonder how many I can squeeze 
> into
> an 80 GB partition?

It is a matter of facts, that the more one works, the biggest is the number 
of "achieved" Duhs... :)

Giampaolo


>
>>
>>> You've probably noticed that there is code to set the background colour.
>>> I cycled through white, black and blue backgrounds just to see if
>>> there was a masked url, or something like, embedded. But nothing showed 
>>> up.
>>>
>>> I guess you're telling me there isn't anything there.
>>
>> I don't see any URL, too.
>>
>> Giampaolo
>>
>>
>>> ...reminds me of Mearns'(?) ditty:
>>> "Yesterday, upon the stair.
>>> I met a man, who wasn't there.
>>> He wasn't there again today.
>>> Oh dear, I wish he'd go away."
>>> (variations abound)
>>>
>>> -- 
>>> Happy trails,
>>> rooster
>>> boundary beach, bc
>>
>>
>
>
> -- 
> Happy trails,
> rooster
> boundary beach, bc 


From qcorrell at pacNObell.net  Fri Sep 19 13:08:57 2008
From: qcorrell at pacNObell.net (Q Correll)
Date: Fri Sep 19 13:10:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
Message-ID: <gb0mb9$bid$1@news.spamcop.net>

jg,

| I'd always thought that to be Ogden Nash - will have to look it up
| when time allows...

"The verse, titled "Antigonish" was written by William Hughes Mearns in
1899. William Hughes Mearns, better known as Hughes Mearns (1875-1965)
was an American Educator and Poet. He wrote two books which are
credited for fueling the educational trend of creative writing. A
longer version of this poem, found on en.wikiquote.org starts and ends
with the cited verse but has this verse in between: "When I came home
last night at three /The man was waiting there for me/ But when I
looked around the hall/ I couldn't see him there at all!/ Go away, go
away, don't you come back any more!/ Go away, go away, and please don't
slam the door... (slam!)"

-- 

   Q

09/19/2008 10:07:27

XanaNews Version 1.18.1.52  [Everyone's & Q's Mods]
From acmeanvil at fishnet.com  Fri Sep 19 16:57:17 2008
From: acmeanvil at fishnet.com (rooster)
Date: Fri Sep 19 17:00:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb0lkh$7vf$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com> <gb0lkh$7vf$1@news.spamcop.net>
Message-ID: <48D4122D.9090506@fishnet.com>

Giampaolo Tomassoni wrote:
> "rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
> news:48D3BE5B.3070702@fishnet.com...
>> Giampaolo Tomassoni wrote:
>>> "rooster" <acmeanvil@fishnet.com> ha scritto nel messaggio 
>>> news:48D32FBC.50100@fishnet.com...
>>>> Steven Underwood wrote:
>>>>> "rooster" <acmeanvil@fishnet.com> wrote in message 
>>>>> news:gav24t$b83$1@news.spamcop.net...
>>>>>> http://www.spamcop.net/sc?id=z2258585399zfd54d127262b2556dc8ad48e1e1b5717z
>>>>>>
>>>>>> I can't fetch the spam url in this one. Neither did SC. I thought it 
>>>>>> might be Base64, but
>>>>>> my decoder doesn't give joy and neither did ToastedSpam's machine;... 
>>>>>> unless I'm
>>>>>> entering it wrong.
>>>>>>
>>>>>> I don't recognize anything source-wise. It might be some new player or 
>>>>>> a 'familiar' using
>>>>>> a new ruse.
>>>>>>
>>>>>> How would y'all handle something like this?
>>>>>> _____________________________________________________________________________________
>>>>>>
>>>>>> This is a multi-part message in MIME format.
>>>>>>
>>>>>> --=_4TtZhIACfnFER3
>>>>>> Content-Type: text/plain;
>>>>>> charset="iso-8859-1"
>>>>>> Content-Transfer-Encoding: quoted-printable
>>>>>>
>>>>>>  try  medication fast delivery  see us
>>>>>> --=_4TtZhIACfnFER3
>>>>>> Content-Type: text/html;
>>>>>> charset="iso-8859-1"
>>>>>> Content-Transfer-Encoding: quoted-printable
>>>>>> -- 
>>>>>> Happy trails,
>>>>>> rooster
>>>>>> boundary beach, bc
>>>>> I don't see any URL in the spam shown at that link.  The closest to a 
>>>>> URL is: <A href=3D""> see us</A> and there is nothing there to find. 
>>>>> What am I missing?  There is no link shown in the text/plain portion of 
>>>>> the message either.
>>>> What is that "--=_4TtZhIACfnFER3" supposed to indicate?
>>>>
>>>> Considering its position in the message body, and absent anything else 
>>>> that
>>>> looks 'URLish", I was left to wonder if "--=_4TtZhIACfnFER3" might be a 
>>>> code
>>>> for an URL I hadn't  seen before.
>>> This is the multipart boundary.
>>>
>>> See the "Content-Type:" header line.
>>>
>> Aha! Another "Duh" I can add to my list. I wonder how many I can squeeze 
>> into
>> an 80 GB partition?
> 
> It is a matter of facts, that the more one works, the biggest is the number 
> of "achieved" Duhs... :)
> 
> Giampaolo

"...works" ??? I don't follow...

> 
>>>> You've probably noticed that there is code to set the background colour.
>>>> I cycled through white, black and blue backgrounds just to see if
>>>> there was a masked url, or something like, embedded. But nothing showed 
>>>> up.
>>>>
>>>> I guess you're telling me there isn't anything there.
>>> I don't see any URL, too.
>>>
>>> Giampaolo
>>>
>>>
>>>> ...reminds me of Mearns'(?) ditty:
>>>> "Yesterday, upon the stair.
>>>> I met a man, who wasn't there.
>>>> He wasn't there again today.
>>>> Oh dear, I wish he'd go away."
>>>> (variations abound)
>>>>
>>>> -- 
>>>> Happy trails,
>>>> rooster
>>>> boundary beach, bc
>>>
>>
>> -- 
>> Happy trails,
>> rooster
>> boundary beach, bc 
> 
> 


-- 
Happy trails,
rooster
boundary beach, bc
From acmeanvil at fishnet.com  Fri Sep 19 17:01:58 2008
From: acmeanvil at fishnet.com (rooster)
Date: Fri Sep 19 17:05:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb0h83$fev$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
Message-ID: <48D41346.3000809@fishnet.com>

jg wrote:
> On 09/18/2008 09:51 PM rooster scribbled:
> 
> 
>> ...reminds me of Mearns'(?) ditty:
>> "Yesterday, upon the stair.
>> I met a man, who wasn't there.
>> He wasn't there again today.
>> Oh dear, I wish he'd go away."
>> (variations abound)
>>
> 
> I'd always thought that to be Ogden Nash - will have to look it up when
> time allows...
> 

So did I. I was absolutely positive it was our Poet Laureate of the LA 
Rams.
Then, my mother corrected me. It had been around since she was a kid
in the 20's.

Oh, well; "The shorrob [still] scudders nights in the Quastron now"
and "Collody [still] lollops belutedly over the slawn."

-- 
Happy trails,
rooster
boundary beach, bc
From nobody at devnull.spamcop.net  Fri Sep 19 18:11:10 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Sep 19 18:15:03 2008
Subject: [Scspamcop] DEPUTIES PLEASE? Mailhost still a failure for me with
	Verizon
Message-ID: <gb181l$pvr$1@news.spamcop.net>

I don't know what to say other than I give up.  Whatever the "waiver" 
was it did no good whatsoever.  Verizon is my ISP, I have one never-used 
main account there, plust I have a website at Netfirms where I create my 
personal and everyday email addresses.

Quite frankly I've gotten to the GAS point over the mailhost; it's a 
good idea gone bad as far as I can see.  I'll continue to watch the 
forum for awhile to see what pops up there maybe, but ...

   I only have two ISPs to list; one at Netfirms for my own domain 
(twaynesdomain.com) where I created my own email accounts, and Verizon. 
Apparently VZ hands off emails to Yahoo and SpamCop wants me to give 
information about the Yahoo servers it's seeing.  However, that's 
nothing I have any control or knowledge of in any way.  I know from Mike 
Easter and a deputy some time back that the Yahoo parts of the headers 
are borked in the early received lines and that's also nothing I have 
any control over.

   At one time I had a Yahoo address too but it's long forgotten and 
getting any information out of Yahoo is like pulling teeth, as is 
creating a new account I don't want anyway.  From the look of things 
though, that's not what they want and it would solve nothing.
   Any Yahoo relationship I would think should show up in the verizon 
email address I used.

  It almost seems like SpamCop is punishing me for Verizon's deal with 
Yahoo to handle their email for them.  It wants information about Yahoo 
accounts that I know nothing about!  The relay IDs etc. are just a 
jumble of IDs I know nothing about.  It's not ME traversing multiple 
domains; it's Verizon!  Just now I blew away and accounts that existed 
and entered my Verizon and Netfirms email accounts over again.  Here's 
the history of what went on, in digest form.  Text in *[ ... ]* is mine, 
added to the pastes.  ALL CAPS areas are for emphais, NOT for yelling, 
OK?  <g>:

----------------------------------
Host mta105.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.189
Sorry, SpamCop has encountered errors:
The email sample you submitted for munged@verizon.net
appears to traverse more than one domain.
Please ensure that you configure each mailhost individually and in 
order.

[ Apparently, but it's nothing of my doing.  It's something Verizon 
and/or Yahoo are doing ]

Proceed here:
http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm
-------------------
doing that:
---------------
Report Spam Filtered Email Blocking List Statistics Login
Sent test email to MUNGED @ twaynesdomain.com@twaynesdomain.com through 
q1.netfirms.com.

[ The address above makes absolutely NO sense to me and I can't imagine 
where it came from.  I never entered anything even close to that.  ]

Sent test email to MUNGED @ twaynesdomain.com@twaynesdomain.com through 
q0.netfirms.com.
SpamCop has just sent you 2 test messages to 
tom@twaynesdomain.com@twaynesdomain.com.
Please allow for up to an hour for those messages to reach you, and then 
follow the enclosed instructions.
Copyright (C) 1998-2006, IronPort Systems, Inc. All rights reserved. 
HTML4 / CSS2 Firefox recommended - Policies and Disclaimers

[ and, after giving the headers as requested ]

Host mta105.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.189
Sorry, SpamCop has encountered errors:
The email sample you submitted for munged @verizon.net
appears to traverse more than one domain.
Please ensure that you configure each mailhost individually and in 
order.

[  I am NOT forwarding ANYTHING ANYWHERE.

Proceed here:
http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm

Complex header analysis
The header sample for munged @verizon.net shows more than one new mail 
host. This seems to indicate that your email is being forwarded through 
another account. SpamCop needs to identify each account individually.

[ NO!  I AM NOT FORWARDING ANY MESSAGES THROUGH ANY OTHER ACCOUNT!! ANY 
FORWARDING GOING ON IS BEING DONE BY VERIZION/YAHOO! ]

Top of Form 1
In analysing the sample headers, SpamCop has identified additional email 
accounts. Please configure each of these accounts. If this analysis is 
incorrect, consider the other options below instead.

[  I *THINK* IT MEANS THE YAHOO CRAP VERIZON (NOT ME) IS USING ]
Email account:

What is the standard name of this email provider - for instance, 
hotmail.com might be referred to simply as "Hotmail"?


Bottom of Form 1
Other Options
...
--------------------------------

So, the mailhost is expecting something from me that I can not provide 
nor have the right to provide as near as I can tell.  It would seem that 
since Verizon/Yahoo is one ISP to me, that it should also be one ISP to 
SpamCop.

At this point and for the foreseeable future there will be no mailhost 
usage for accounts of the kind I have.  I've asked before for people 
with the same setup and although there were two, they were different 
geographic areas of the country and didn't run into the hassles I have 
run into.  For me, nothing has changed in the mailhost situation since 
it was first announced and I tried to sign up for it then.

If any deputy or knowledgeable soul wishes to pick this up and try to 
sort it out for me, I'll see that the solution, assuming there is one, 
I'm not so sure, gets a lot of play in my circles.  Most of the people I 
know in my shoes have simply thrown up their hands and said it just 
wasn't worth it.  I disagree, but I also can't continue to waste 
valuable time and resources on the issue.

Regards,

Twayne
-- 
Most people agree that if you have to go,
drowning in varnish provides
the best finish.





From user at domain.invalid  Fri Sep 19 20:10:47 2008
From: user at domain.invalid (Farelf)
Date: Fri Sep 19 20:15:04 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <48D4122D.9090506@fishnet.com>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com> <gb0lkh$7vf$1@news.spamcop.net>
	<48D4122D.9090506@fishnet.com>
Message-ID: <gb1f25$d5h$1@news.spamcop.net>

rooster wrote:
> Giampaolo Tomassoni wrote:
> 

>>
>> It is a matter of facts, that the more one works, the biggest is the 
>> number of "achieved" Duhs... :)
>>
>> Giampaolo
> 
> 
> "...works" ??? I don't follow...
> 

Heh, Giampaolo pays you the courtesy of supposing that what you do 
constitutes work Rooster and, in truth, learning - or at least 
investigating - is a chore which most manage to avoid.  But not you, and 
in public too.  Which facts excite admiration, and the wish to offer 
consolation, in my heart no less than Giampaolo's. Another compliment 
but Gianpaolo's was less wordy.
From connyank at cox.net  Fri Sep 19 23:57:22 2008
From: connyank at cox.net (jg)
Date: Sat Sep 20 00:00:04 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb0id9$mn6$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<gb0id9$mn6$1@news.spamcop.net>
Message-ID: <gb1sb2$mt2$1@news.spamcop.net>

On 09/19/2008 09:01 AM Farelf scribbled:

> jg wrote:
>> On 09/18/2008 09:51 PM rooster scribbled:
>>
>>
>>
>>> ...reminds me of Mearns'(?) ditty:
>>> "Yesterday, upon the stair.
>>> I met a man, who wasn't there.
>>> He wasn't there again today.
>>> Oh dear, I wish he'd go away."
>>> (variations abound)
>>>
>>
>> I'd always thought that to be Ogden Nash - will have to look it up when
>> time allows...
>>
> 
> http://www.funtrivia.com/askft/Question37160.html

oh well...sorry to say, never read anything by Mearns - he never won a
Nebula or Hugo award did he?
From connyank at cox.net  Sat Sep 20 01:42:34 2008
From: connyank at cox.net (jg)
Date: Sat Sep 20 01:45:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb0mb9$bid$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<gb0mb9$bid$1@news.spamcop.net>
Message-ID: <gb22g9$fdn$1@news.spamcop.net>

On 09/19/2008 10:08 AM Q Correll scribbled:

> jg,
> 
> | I'd always thought that to be Ogden Nash - will have to look it up
> | when time allows...
> 
> "The verse, titled "Antigonish" was written by William Hughes Mearns in
> 1899. William Hughes Mearns, better known as Hughes Mearns (1875-1965)
> was an American Educator and Poet.
<snip>
so it seems...
From nobody at spamcop.net  Sat Sep 20 04:53:54 2008
From: nobody at spamcop.net (Claudio Valderrama C.)
Date: Sat Sep 20 04:55:04 2008
Subject: [Scspamcop] "substancedirect" nightmare
Message-ID: <gb2dg7$rtj$1@news.spamcop.net>

Hello, I received spam that advertized substancedirect.com
and SC produced an IP plus the corresponding abuse report.
However, just for making sure it was the latest info, I refreshed it. Got
another, completely different IP and another ISP. So far so good, this
happens. But now I pinged the domain. Got another address. After spending
some minutes looking at RIPE, ARIN and APNIC information, I did a
traceroute. I got another IP. So I continued doing my work (without
reporting yet) and when I remembered, I did another ping, typically at 
intervals or 10 minutes or so. Almost invariably, I got a new IP after a few 
minutes. Finally, I collected IP addresses
belonging to ISPs in China, Russia, USA, Germany, Poland and other places.
In one of the attempts, I got an error because substancedirect.com couldn't
be resolved. Supposedly picked it when the spammer is pointing the domain to 
another IP.

Didn't want to visit the site with the browser. Not sure if this is a 
spammer's
trick tp make one lose time trying to report to the correct ISP or really 
the spammer has a lot of web sites
around the world and has a very short-lived domain entry that's changing
many times per hour. What I got from samspade.org's online whois is:

   Domain Name: SUBSTANCEDIRECT.COM
    Registrar: ONLINENIC  INC.
    Whois Server: whois.35.com
    Referral URL: http://www.OnlineNIC.com
    Name Server: NS0.ROUKJU009.COM
    Name Server: NS1.ROUKJU009.COM
    Name Server: NS2.ROUKJU009.COM
    Name Server: NS3.ROUKJU009.COM
    Status: ok
    Updated Date: 19-sep-2008
    Creation Date: 16-sep-2008
    Expiration Date: 16-sep-2009

and an explanation follows, saying that the expiration date is not really 
the expiration date.

Anybody knows what's going here?

C.

-- 
Claudio Valderrama C.
SW developer, consultant.
http://www.cvalde.net - http://www.firebirdsql.org


From user at domain.invalid  Sat Sep 20 04:54:19 2008
From: user at domain.invalid (Farelf)
Date: Sat Sep 20 04:55:05 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb1sb2$mt2$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<gb0id9$mn6$1@news.spamcop.net> <gb1sb2$mt2$1@news.spamcop.net>
Message-ID: <gb2dnp$spl$1@news.spamcop.net>

jg wrote:
> On 09/19/2008 09:01 AM Farelf scribbled:
> 
> 
>>jg wrote:
>>
>>>On 09/18/2008 09:51 PM rooster scribbled:
>>>
>>>
>>>
>>>
>>>>...reminds me of Mearns'(?) ditty:
>>>>"Yesterday, upon the stair.
>>>>I met a man, who wasn't there.
>>>>He wasn't there again today.
>>>>Oh dear, I wish he'd go away."
>>>>(variations abound)
>>>>
>>>
>>>I'd always thought that to be Ogden Nash - will have to look it up when
>>>time allows...
>>>
>>
>>http://www.funtrivia.com/askft/Question37160.html
> 
> 
> oh well...sorry to say, never read anything by Mearns - he never won a
> Nebula or Hugo award did he?

Alas, no ... IIUC they had yet to be invented when he penned the above, 
or something closely resembling it, in fact even Amazing Stories lay in 
the future.  But the above ditty would probably make it into the pages 
of Asimov's these days which would be a start.
From nobody at spamcop.net  Sat Sep 20 06:36:07 2008
From: nobody at spamcop.net (Ellen)
Date: Sat Sep 20 06:40:03 2008
Subject: [Scspamcop] Re: DEPUTIES PLEASE? Mailhost still a failure for me
	with Verizon
In-Reply-To: <gb181l$pvr$1@news.spamcop.net>
References: <gb181l$pvr$1@news.spamcop.net>
Message-ID: <48D4D217.4000308@spamcop.net>

Twayne wrote:

> 
> So, the mailhost is expecting something from me that I can not provide 
> nor have the right to provide as near as I can tell.  It would seem that 
> since Verizon/Yahoo is one ISP to me, that it should also be one ISP to 
> SpamCop.
> 
> At this point and for the foreseeable future there will be no mailhost 
> usage for accounts of the kind I have.  I've asked before for people 
> with the same setup and although there were two, they were different 
> geographic areas of the country and didn't run into the hassles I have 
> run into.  For me, nothing has changed in the mailhost situation since 
> it was first announced and I tried to sign up for it then.
> 
> If any deputy or knowledgeable soul wishes to pick this up and try to 
> sort it out for me, I'll see that the solution, assuming there is one, 
> I'm not so sure, gets a lot of play in my circles.  Most of the people I 
> know in my shoes have simply thrown up their hands and said it just 
> wasn't worth it.  I disagree, but I also can't continue to waste 
> valuable time and resources on the issue.
> 
> Regards,
> 
> Twayne

I forwarded your post to Don who does most of the mailhost stuff as I 
heads up *but* you need to also write to him directly so you and he can 
work this out. Write to service@admin.spamcop.net and make sure to 
include your registered email address and he will work with you directly 
to get this straightened out.


Ellen
SpamCop

From acmeanvil at fishnet.com  Sat Sep 20 06:43:43 2008
From: acmeanvil at fishnet.com (rooster)
Date: Sat Sep 20 06:45:02 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb1f25$d5h$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com> <gb0lkh$7vf$1@news.spamcop.net>
	<48D4122D.9090506@fishnet.com> <gb1f25$d5h$1@news.spamcop.net>
Message-ID: <48D4D3DF.8080201@fishnet.com>

Farelf wrote:
> rooster wrote:
>> Giampaolo Tomassoni wrote:
>>
> 
>>>
>>> It is a matter of facts, that the more one works, the biggest is the 
>>> number of "achieved" Duhs... :)
>>>
>>> Giampaolo
>>
>>
>> "...works" ??? I don't follow...
>>
> 
> Heh, Giampaolo pays you the courtesy of supposing that what you do 
> constitutes work Rooster and, in truth, learning - or at least 
> investigating - is a chore which most manage to avoid.  But not you, and 
> in public too.  Which facts excite admiration, and the wish to offer 
> consolation, in my heart no less than Giampaolo's. Another compliment 
> but Gianpaolo's was less wordy.

You're both too kind. But speaking of "work" and "learning" and "Dohs"...

THE ROAD TO WISDOM
(piet hein; Grooks 1)

"The road to wisdom?
-- Well, it's plain
and simple to express:
Err
and err
and err again
but less
and less
and less."

-- 
Happy trails,
rooster
boundary beach, bc
From nobody at spamcop.net  Sat Sep 20 07:01:18 2008
From: nobody at spamcop.net (Ellen)
Date: Sat Sep 20 07:05:03 2008
Subject: [Scspamcop] Re: "substancedirect" nightmare
In-Reply-To: <gb2dg7$rtj$1@news.spamcop.net>
References: <gb2dg7$rtj$1@news.spamcop.net>
Message-ID: <gb2l6h$q44$1@news.spamcop.net>

Claudio Valderrama C. wrote:
> Hello, I received spam that advertized substancedirect.com
> and SC produced an IP plus the corresponding abuse report.
> However, just for making sure it was the latest info, I refreshed it. Got
> another, completely different IP and another ISP. So far so good, this
> happens. But now I pinged the domain. Got another address. After spending
> some minutes looking at RIPE, ARIN and APNIC information, I did a
> traceroute. I got another IP. So I continued doing my work (without
> reporting yet) and when I remembered, I did another ping, typically at 
> intervals or 10 minutes or so. Almost invariably, I got a new IP after a few 
> minutes. Finally, I collected IP addresses
> belonging to ISPs in China, Russia, USA, Germany, Poland and other places.
> In one of the attempts, I got an error because substancedirect.com couldn't
> be resolved. Supposedly picked it when the spammer is pointing the domain to 
> another IP.
> 
> Didn't want to visit the site with the browser. Not sure if this is a 
> spammer's
> trick tp make one lose time trying to report to the correct ISP or really 
> the spammer has a lot of web sites
> around the world and has a very short-lived domain entry that's changing
> many times per hour. What I got from samspade.org's online whois is:
> 
>    Domain Name: SUBSTANCEDIRECT.COM
>     Registrar: ONLINENIC  INC.
>     Whois Server: whois.35.com
>     Referral URL: http://www.OnlineNIC.com
>     Name Server: NS0.ROUKJU009.COM
>     Name Server: NS1.ROUKJU009.COM
>     Name Server: NS2.ROUKJU009.COM
>     Name Server: NS3.ROUKJU009.COM
>     Status: ok
>     Updated Date: 19-sep-2008
>     Creation Date: 16-sep-2008
>     Expiration Date: 16-sep-2009
> 
> and an explanation follows, saying that the expiration date is not really 
> the expiration date.
> 
> Anybody knows what's going here?
> 
> C.
> 

That note would be this one I suspect:

" NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the 
expiration date of the domain name registrant's agreement with the 
sponsoring registrar.  Users may consult the sponsoring registrar's 
Whois database to view the registrar's reported date of expiration for 
this registration.  "

Seems to me that is saying that the expiration date listed is the best 
knowledge that the displayer of the record has as to when the domain 
expires but the registrar and the registrant nay be in the process of 
renewing the domain or some such thing. I think the notice is just more 
of a "this is the best knowledge that we have at this time but it could 
be note exactly correct" kind of thing.

So I trundled over to onlinenic and looked it up there and it has the 
same creation/updated/expiration date as you show above.



What you were seeing WRT the IP changing is fast flux:

http://en.wikipedia.org/wiki/Fast_flux

and a longer write-up:

http://www.honeynet.org/papers/ff/fast-flux.pdf


Right now that domain has no DNS as far as I can see.


Ellen
SpamCop



From acmeanvil at fishnet.com  Sat Sep 20 08:02:57 2008
From: acmeanvil at fishnet.com (rooster)
Date: Sat Sep 20 08:05:03 2008
Subject: [Scspamcop] Truth in Advertising
Message-ID: <gb2oqh$c32$1@news.spamcop.net>

"Subj: FW: Is your skills about to expired?"

There's a couple of free grandstand tickets to the 2009 Turkey Hurling
Competitions in Bent Snake Alberta for the first 5 people who can guess
what the 'author'(?) of the above is offering.
(Offer void where prohibited by law. Successful respondents must first
answer a "skills" testing question in Flathead Indian)

Here's the 'refurl' ... No peeking!
http://www.spamcop.net/sc?id=z2262267252za6c1e2e850793f33f3cd490825748a8fz

-- 
Happy trails,
rooster
boundary beach, bc
From me at privacy.net  Sat Sep 20 08:32:33 2008
From: me at privacy.net (David)
Date: Sat Sep 20 08:35:03 2008
Subject: [Scspamcop] Re: Truth in Advertising
In-Reply-To: <gb2oqh$c32$1@news.spamcop.net>
References: <gb2oqh$c32$1@news.spamcop.net>
Message-ID: <gb2qh2$jcq$1@news.spamcop.net>



rooster wrote:
> "Subj: FW: Is your skills about to expired?"
<snip>

You'duh thunk that somebody offering a college degree would learn to 
talk well english.
From connyank at cox.net  Sat Sep 20 12:15:25 2008
From: connyank at cox.net (jg)
Date: Sat Sep 20 12:20:04 2008
Subject: [Scspamcop] Re: Truth in Advertising
In-Reply-To: <gb2qh2$jcq$1@news.spamcop.net>
References: <gb2oqh$c32$1@news.spamcop.net> <gb2qh2$jcq$1@news.spamcop.net>
Message-ID: <gb37iv$fnd$1@news.spamcop.net>

On 09/20/2008 05:32 AM David scribbled:

> 
> rooster wrote:
>> "Subj: FW: Is your skills about to expired?"
> <snip>
> 
> You'duh thunk that somebody offering a college degree would learn to 
> talk well english.

ya think?

rooster, shud that report be canceled?  Still offering to submit (albeit
a 'silent' report, whatever that is)
From nobody at devnull.spamcop.net  Sat Sep 20 12:22:22 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 20 12:25:03 2008
Subject: [Scspamcop] RESOLVED I think Re: DEPUTIES PLEASE? Mailhost still a
	failure for me with Verizon
References: <gb181l$pvr$1@news.spamcop.net>
Message-ID: <gb37vj$ihg$1@news.spamcop.net>

Thank you Don & Ellen,

Seems to be fully functional now.  I'll record the relevant info for 
future use. Apologies for being so thick about this situation.

Twayne


> I don't know what to say other than I give up.  Whatever the "waiver"
> was it did no good whatsoever.  Verizon is my ISP, I have one
> never-used main account there, plust I have a website at Netfirms
> where I create my personal and everyday email addresses.
>
> Quite frankly I've gotten to the GAS point over the mailhost; it's a
> good idea gone bad as far as I can see.  I'll continue to watch the
> forum for awhile to see what pops up there maybe, but ...
>
>   I only have two ISPs to list; one at Netfirms for my own domain
> (twaynesdomain.com) where I created my own email accounts, and
> Verizon. Apparently VZ hands off emails to Yahoo and SpamCop wants me
> to give information about the Yahoo servers it's seeing.  However,
> that's nothing I have any control or knowledge of in any way.  I know
> from Mike Easter and a deputy some time back that the Yahoo parts of
> the headers are borked in the early received lines and that's also
> nothing I have any control over.
>
>   At one time I had a Yahoo address too but it's long forgotten and
> getting any information out of Yahoo is like pulling teeth, as is
> creating a new account I don't want anyway.  From the look of things
> though, that's not what they want and it would solve nothing.
>   Any Yahoo relationship I would think should show up in the verizon
> email address I used.
>
>  It almost seems like SpamCop is punishing me for Verizon's deal with
> Yahoo to handle their email for them.  It wants information about
> Yahoo accounts that I know nothing about!  The relay IDs etc. are
> just a jumble of IDs I know nothing about.  It's not ME traversing
> multiple domains; it's Verizon!  Just now I blew away and accounts
> that existed and entered my Verizon and Netfirms email accounts over
> again.  Here's the history of what went on, in digest form.  Text in
> *[ ... ]* is mine, added to the pastes.  ALL CAPS areas are for
> emphais, NOT for yelling, OK?  <g>:
>
> ----------------------------------
> Host mta105.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.189
> Sorry, SpamCop has encountered errors:
> The email sample you submitted for munged@verizon.net
> appears to traverse more than one domain.
> Please ensure that you configure each mailhost individually and in
> order.
>
> [ Apparently, but it's nothing of my doing.  It's something Verizon
> and/or Yahoo are doing ]
>
> Proceed here:
> http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm
> -------------------
> doing that:
> ---------------
> Report Spam Filtered Email Blocking List Statistics Login
> Sent test email to MUNGED @ twaynesdomain.com@twaynesdomain.com
> through q1.netfirms.com.
>
> [ The address above makes absolutely NO sense to me and I can't
> imagine where it came from.  I never entered anything even close to
> that.  ]
> Sent test email to MUNGED @ twaynesdomain.com@twaynesdomain.com
> through q0.netfirms.com.
> SpamCop has just sent you 2 test messages to
> tom@twaynesdomain.com@twaynesdomain.com.
> Please allow for up to an hour for those messages to reach you, and
> then follow the enclosed instructions.
> Copyright (C) 1998-2006, IronPort Systems, Inc. All rights reserved.
> HTML4 / CSS2 Firefox recommended - Policies and Disclaimers
>
> [ and, after giving the headers as requested ]
>
> Host mta105.vzn.mail.re2.yahoo.com (checking ip) = 206.190.53.189
> Sorry, SpamCop has encountered errors:
> The email sample you submitted for munged @verizon.net
> appears to traverse more than one domain.
> Please ensure that you configure each mailhost individually and in
> order.
>
> [  I am NOT forwarding ANYTHING ANYWHERE.
>
> Proceed here:
> http://www.spamcop.net/mcgi?mhc2=XqTRWjBbDguTSqfm
>
> Complex header analysis
> The header sample for munged @verizon.net shows more than one new mail
> host. This seems to indicate that your email is being forwarded
> through another account. SpamCop needs to identify each account
> individually.
> [ NO!  I AM NOT FORWARDING ANY MESSAGES THROUGH ANY OTHER ACCOUNT!!
> ANY FORWARDING GOING ON IS BEING DONE BY VERIZION/YAHOO! ]
>
> Top of Form 1
> In analysing the sample headers, SpamCop has identified additional
> email accounts. Please configure each of these accounts. If this
> analysis is incorrect, consider the other options below instead.
>
> [  I *THINK* IT MEANS THE YAHOO CRAP VERIZON (NOT ME) IS USING ]
> Email account:
>
> What is the standard name of this email provider - for instance,
> hotmail.com might be referred to simply as "Hotmail"?
>
>
> Bottom of Form 1
> Other Options
> ...
> --------------------------------
>
> So, the mailhost is expecting something from me that I can not provide
> nor have the right to provide as near as I can tell.  It would seem
> that since Verizon/Yahoo is one ISP to me, that it should also be one
> ISP to SpamCop.
>
> At this point and for the foreseeable future there will be no mailhost
> usage for accounts of the kind I have.  I've asked before for people
> with the same setup and although there were two, they were different
> geographic areas of the country and didn't run into the hassles I have
> run into.  For me, nothing has changed in the mailhost situation since
> it was first announced and I tried to sign up for it then.
>
> If any deputy or knowledgeable soul wishes to pick this up and try to
> sort it out for me, I'll see that the solution, assuming there is one,
> I'm not so sure, gets a lot of play in my circles.  Most of the
> people I know in my shoes have simply thrown up their hands and said
> it just wasn't worth it.  I disagree, but I also can't continue to
> waste valuable time and resources on the issue.
>
> Regards,
>
> Twayne



From user at domain.invalid  Sat Sep 20 12:51:20 2008
From: user at domain.invalid (Farelf)
Date: Sat Sep 20 12:55:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <48D41346.3000809@fishnet.com>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<48D41346.3000809@fishnet.com>
Message-ID: <gb39m6$o22$1@news.spamcop.net>

rooster wrote:

> 
> Oh, well; "The shorrob [still] scudders nights in the Quastron now"
> and "Collody [still] lollops belutedly over the slawn."
> 

"shorrob"?  You just made that up, didn't you?  Sharrots of the world 
shall fly up and dejugulate you of all your joices should this slight 
stand unslated.
From nobody at spamcop.net  Sat Sep 20 13:03:04 2008
From: nobody at spamcop.net (Antispam Knight)
Date: Sat Sep 20 13:05:04 2008
Subject: [Scspamcop] Re: "substancedirect" nightmare
References: <gb2dg7$rtj$1@news.spamcop.net> <gb2l6h$q44$1@news.spamcop.net>
Message-ID: <gb3ac8$qm6$1@news.spamcop.net>



"Ellen" <nobody@spamcop.net> wrote in message 
news:gb2l6h$q44$1@news.spamcop.net...
> Claudio Valderrama C. wrote:
>> Hello, I received spam that advertized substancedirect.com
>> and SC produced an IP plus the corresponding abuse report.
>> However, just for making sure it was the latest info, I refreshed it. Got
>> another, completely different IP and another ISP. So far so good, this
>> happens. But now I pinged the domain. Got another address. After spending
>> some minutes looking at RIPE, ARIN and APNIC information, I did a
>> traceroute. I got another IP. So I continued doing my work (without
>> reporting yet) and when I remembered, I did another ping, typically at 
>> intervals or 10 minutes or so. Almost invariably, I got a new IP after a 
>> few minutes. Finally, I collected IP addresses
>> belonging to ISPs in China, Russia, USA, Germany, Poland and other 
>> places.
>> In one of the attempts, I got an error because substancedirect.com 
>> couldn't
>> be resolved. Supposedly picked it when the spammer is pointing the domain 
>> to another IP.
>>
>> Didn't want to visit the site with the browser. Not sure if this is a 
>> spammer's
>> trick tp make one lose time trying to report to the correct ISP or really 
>> the spammer has a lot of web sites
>> around the world and has a very short-lived domain entry that's changing
>> many times per hour. What I got from samspade.org's online whois is:
>>
>>    Domain Name: SUBSTANCEDIRECT.COM
>>     Registrar: ONLINENIC  INC.
>>     Whois Server: whois.35.com
>>     Referral URL: http://www.OnlineNIC.com
>>     Name Server: NS0.ROUKJU009.COM
>>     Name Server: NS1.ROUKJU009.COM
>>     Name Server: NS2.ROUKJU009.COM
>>     Name Server: NS3.ROUKJU009.COM
>>     Status: ok
>>     Updated Date: 19-sep-2008
>>     Creation Date: 16-sep-2008
>>     Expiration Date: 16-sep-2009
>>
>> and an explanation follows, saying that the expiration date is not really 
>> the expiration date.
>>
>> Anybody knows what's going here?
>>
>> C.
>>
>
> That note would be this one I suspect:
>
> " NOTICE: The expiration date displayed in this record is the date the
> registrar's sponsorship of the domain name registration in the registry is
> currently set to expire. This date does not necessarily reflect the 
> expiration date of the domain name registrant's agreement with the 
> sponsoring registrar.  Users may consult the sponsoring registrar's Whois 
> database to view the registrar's reported date of expiration for this 
> registration.  "
>
> Seems to me that is saying that the expiration date listed is the best 
> knowledge that the displayer of the record has as to when the domain 
> expires but the registrar and the registrant nay be in the process of 
> renewing the domain or some such thing. I think the notice is just more of 
> a "this is the best knowledge that we have at this time but it could be 
> note exactly correct" kind of thing.
>
> So I trundled over to onlinenic and looked it up there and it has the same 
> creation/updated/expiration date as you show above.
>
>
>
> What you were seeing WRT the IP changing is fast flux:
>
> http://en.wikipedia.org/wiki/Fast_flux
>
> and a longer write-up:
>
> http://www.honeynet.org/papers/ff/fast-flux.pdf
>
>
> Right now that domain has no DNS as far as I can see.
>
>
> Ellen
> SpamCop
>
>
>
Getting authoritative NS from ns0.uu889989.COM [213.231.1.125] as of this 
moment.
AK 

From qcorrell at pacNObell.net  Sat Sep 20 14:01:29 2008
From: qcorrell at pacNObell.net (Q Correll)
Date: Sat Sep 20 14:05:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<48D41346.3000809@fishnet.com>
Message-ID: <gb3dpp$76n$1@news.spamcop.net>

rooster,

| Oh, well; "The shorrob [still] scudders nights in the Quastron now"
| and "Collody [still] lollops belutedly over the slawn."

Trying to channel Lewis Carroll?  ;-)

-- 

   Q

09/20/2008 11:01:05

XanaNews Version 1.18.1.52  [Everyone's & Q's Mods]
From nobody at devnull.spamcop.net  Sat Sep 20 18:23:31 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 20 18:25:02 2008
Subject: [Scspamcop] Re: Truth in Advertising
References: <gb2oqh$c32$1@news.spamcop.net> <gb2qh2$jcq$1@news.spamcop.net>
Message-ID: <gb3t4o$93m$1@news.spamcop.net>

> rooster wrote:
>> "Subj: FW: Is your skills about to expired?"
> <snip>
>
> You'duh thunk that somebody offering a college degree would learn to
> talk well english.

Yuk, I've seen quite a few of that type lately with various 
misspellings.  One said something like "Is those..." and similars.  At 
least it's semi-entertainment if you happen to notice the subject lines. 


From nobody at devnull.spamcop.net  Sat Sep 20 18:39:46 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 20 18:40:03 2008
Subject: [Scspamcop] a result of "by 0" ? & RFC?
Message-ID: <gb3u37$bap$1@news.spamcop.net>

Hi,

Trackers, either of:
http://www.spamcop.net/sc?id=z2263525135z8b5bc7ffc921fb0bcdc89f03fe82ca96z
and
http://www.spamcop.net/sc?id=z2263524117zc6144cd7edeaa351976cdd26d99bdeabz

Reported via email, not copy/pasted.
Two different report sessions, one was in each.
Both are Nothing To Do.

I just had 4 of these in a row this afternoon, all different sources, 
whatever.  At any rate, is the "nothing to do" result directly 
attritibutable to the "by 0"  in the first received line?
   If the "by 0" were by FQDN would this have been able to parse 
correctly?
   I think not, but if I don't ask, I'll never know for sure.

Since my mailhosts started working I've been trying to analyze the 
parses and see if I can follow/duplicate them, with pretty decent 
success, and then these popped up.

Anyone happen to know the relevant RFC to quote for the header 
composition that covers this situation?
   I'm not having much luck with Google but I'm probably not using the 
right search terms.  I had it once but can't seem to find my copy of it 
either, dang it.

Regards,

Twayne 


From g.hyde at bigNOSPAMpond.net.au  Sat Sep 20 18:49:31 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Sat Sep 20 18:50:03 2008
Subject: [Scspamcop] Re: Truth in Advertising [SPOILER]
References: <gb2oqh$c32$1@news.spamcop.net>
Message-ID: <gb3um4$cd3$1@news.spamcop.net>


"rooster" <acmeanvil@fishnet.com> wrote in message 
news:gb2oqh$c32$1@news.spamcop.net...
> "Subj: FW: Is your skills about to expired?"
>
> There's a couple of free grandstand tickets to the 2009 Turkey Hurling
> Competitions in Bent Snake Alberta for the first 5 people who can guess
> what the 'author'(?) of the above is offering.
> (Offer void where prohibited by law. Successful respondents must first
> answer a "skills" testing question in Flathead Indian)
>
> Here's the 'refurl' ... No peeking!
> http://www.spamcop.net/sc?id=z2262267252za6c1e2e850793f33f3cd490825748a8fz

What?  Not another 'university degree'??  I had a guess, then I peeked, so 
that doesn't qualify.

I put [SPOILER] in the subject, so anyone peeking at this subject line had 
better watch themselves or they will be eating turkey!  ;)


Cheers ...

Geoffrey Hyde



From user at domain.invalid  Sat Sep 20 20:35:26 2008
From: user at domain.invalid (Farelf)
Date: Sat Sep 20 20:40:04 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
In-Reply-To: <gb3u37$bap$1@news.spamcop.net>
References: <gb3u37$bap$1@news.spamcop.net>
Message-ID: <gb44sc$2cr$1@news.spamcop.net>

Twayne wrote:

> 
> Anyone happen to know the relevant RFC to quote for the header 
> composition that covers this situation?
>    I'm not having much luck with Google but I'm probably not using the 
> right search terms.  I had it once but can't seem to find my copy of it 
> either, dang it.
> 

All whitefella magic to me Twayne but try googling on qmail service, or 
sepecifically on /service/qmail-smtpd/run since a server admin 
documented a solution in:
http://forum.spamcop.net/forums/index.php?s=&showtopic=7593&view=findpost&p=51673
From nobody at devnull.spamcop.net  Sat Sep 20 23:26:13 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 20 23:30:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net>
	<4a6bd49bis742adc9v7a1q9h1tcroka2ss@4ax.com>
Message-ID: <gb4es9$5hu$1@news.spamcop.net>

> Twayne wrote:
>> - At any rate, is the "nothing to do" result directly
>> - attritibutable to the "by 0"  in the first received line?
>
> Yes.  You have Mailhosts registered and "0" isn't one of the servers
> listed for your hosts.  And it can't be added manually.
>
> All you can do is ask your service provider to configure their servers
> to us their true names when they handle the mail.
>
> - Don D'Minion - SpamCop Admin -

Thanks, Don.  Wish me luck; maybe I can make myself a PITA to them.

Twayne


From MikeE at ster.invalid  Sat Sep 20 23:39:29 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Sat Sep 20 23:40:02 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net>
Message-ID: <gb4flc$8b7$1@news.spamcop.net>

Twayne wrote:

> Trackers, either of:
www.spamcop.net/sc?id=z2263525135z8b5bc7ffc921fb0bcdc89f03fe82ca96z
> and
www.spamcop.net/sc?id=z2263524117zc6144cd7edeaa351976cdd26d99bdeabz

>From a workaround perspective;  if you have a mailhost/account for which
all of your spam is of this configuration of these two items;  namely only
one (real) Received traceline, which is the one with 'by 0' on the topmost
traceline, then it could have a separate SC reporting account -- separate
from your mailhosted account.

If the spam from those trackers above is submitted to a non-mailhosted
account, the parser can/will parse them correctly for source.

http://www.spamcop.net/sc?id=z2264026891z95562b735849a5adaa3dcef25580c474z
Report Spam to:
Re: 201.253.228.74 (Administrator of network where email originates)
 To: miguelcamino1@gmail.com (Notes)
<cancelled>

http://www.spamcop.net/sc?id=z2264007981z8f5c68d01b5ef0dde3e9dd58d1c76256z
Report Spam to:
Re: 217.151.136.96 (Administrator of network where email originates)
 To: i.izotov@gs.gazprom.ru (Notes)
 To: a.polyakov@gs.gazprom.ru (Notes)
 To: a.stepanov@gazprom.ru (Notes)

Re: http://www.royalsgame.com/ (Administrator of network hosting website
referenced in spam)
 To: abuse@rcs-rds.ro (Notes)
<cancelled>

Even if the spammer puts in a bogus Received traceline down below, the
parser will not parse beyond the chainbreak created by the 'by 0' part of
the top traceline.

>From the trackers we were looking at before, you were mixing/forwarding
mail from other accounts/mailhosts into that 'by 0' host/mailbox.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Sun Sep 21 00:07:56 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sun Sep 21 00:10:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb44sc$2cr$1@news.spamcop.net>
Message-ID: <gb4hah$d6t$1@news.spamcop.net>

> Twayne wrote:
>
>>
>> Anyone happen to know the relevant RFC to quote for the header
>> composition that covers this situation?
>>    I'm not having much luck with Google but I'm probably not using
>> the right search terms.  I had it once but can't seem to find my
>> copy of it either, dang it.
>>
>
> All whitefella magic to me Twayne but try googling on qmail service,
> or sepecifically on /service/qmail-smtpd/run since a server admin
> documented a solution in:
> http://forum.spamcop.net/forums/index.php?s=&showtopic=7593&view=findpost&p=51673

lol, whitefella magic, eh? Not too sure what to make of that :^)
     That was a worthwhile hint you provided; I came across three 
solutions posted and it all so far seems to be qmail related, the same 
solution each time.
   I Plan to climb some ladders and make a PITA out of myself, but so 
far the only place in the world that seems to care about this is 
Spamcop.  Every single link I've seen relates this to spamcop, so that's 
not going to be my "ticket" to get attention from a place like Yahoo. 
BTDT already but I didn't have the PITA-making time available that I 
have now<g>.
     All I have left to hope for is that I can find something of a good 
reason in the RFCs and I don't hold much hope for that either.  But 
maybe if I contact enough separate areas they'll think it's more than 
one person, who know?  Even though it's not a huge issue for me anymore, 
I'd still like to see them fess up and fix it; it looks pretty easy to 
do.

Cheers,

Twayne


From not at home.today  Sun Sep 21 08:49:26 2008
From: not at home.today (Ant)
Date: Sun Sep 21 08:50:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net>
Message-ID: <gb5ft7$psj$1@news.spamcop.net>

"Twayne" wrote:
> Anyone happen to know the relevant RFC to quote for the header
> composition that covers this situation?

RFCs 821, 2821 (SMTP), 822 and 2822 (message format) are all relevant.
Although the later numbers supercede the earlier ones, they don't
repeat all of the information in them (e.g. some formal syntax).

Searching them for "received" or "trace" should get what you want.
Look first at section 4.4 (Trace Information) in RFC 2821.


From acmeanvil at fishnet.com  Sun Sep 21 19:12:00 2008
From: acmeanvil at fishnet.com (rooster)
Date: Sun Sep 21 19:15:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gb39m6$o22$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gb0h83$fev$1@news.spamcop.net>
	<48D41346.3000809@fishnet.com> <gb39m6$o22$1@news.spamcop.net>
Message-ID: <48D6D4C0.1020204@fishnet.com>

Farelf wrote:
> rooster wrote:
> 
>>
>> Oh, well; "The shorrob [still] scudders nights in the Quastron now"
>> and "Collody [still] lollops belutedly over the slawn."
>>
> 
> "shorrob"?  You just made that up, didn't you?  Sharrots of the world 
> shall fly up and dejugulate you of all your joices should this slight 
> stand unslated.

I couldn't lay hands on my collection of Nash's works. So I took a shot
from memory. Unfortunately, the memory I used was mine. I wanted to
look it up (check my source) on the net, but I kept 'misremembering' the
title as "Gerontion".... which is T.S. Eliot.

     Missus just barely

     A bug of clutter my missus is,
     A book lent her she lost.
     My "Pocketbook of Ogden Nash",
     slinks 'deceded' in her grost.

Good eye on the attempted quote, though.

     Geddondillo
     by: Ogden Nash

     The sharrot scudders nights in the quastron now,
     The dorlim slinks undeceded in the grost,
     Appetency lights the corb of the guzzard now,
     The ancient beveldric is otley lost.

     Treduty flees like a darbit along the drace now,
     Collody lollops belutedly over the slawn.
     The bloodbound bitterlitch bays the ostrous moon now,
     For yesterday's bayable majicity is flunky gone.

     Make way, make way, the preluge is scarly nonce now,
     Make way, I say, the gronderous Demiburge comes,
     His blidless veins shall ye joicily rejugulate now,
     And gollify him from 'twixt his protecherous gums.
-- 
Happy trails,
rooster
boundary beach, bc
From nobody at spamcop.net  Mon Sep 22 07:34:05 2008
From: nobody at spamcop.net (N. Miller)
Date: Mon Sep 22 07:35:04 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
Message-ID: <16pxx0oc5qidp$.dlg@nobody.spamcop.net>

On Tue, 16 Sep 2008 16:57:15 -0700, Mike Easter from SpamCop wrote:

>   from 186.12.58.185  (EHLO vms172073pub.verizon.net) (206.46.172.73) by
> mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant fromfield

Wondering how 'mta101.vzn.mail.re2.yahoo.com' is doing that? I see:

| Received: from 207.115.20.64  (EHLO flpi095.prodigy.net) (207.115.20.64)
|   by mta142.sbc.mail.mud.yahoo.com with SMTP; Thu, 11 Sep 2008 02:28:47 -0700

When I look at the headers in this message:

http://www.spamcop.net/sc?id=z2266821492z5ec64707d48505e9929dea6ccceba3b3z

That is an example from an 'at&t Yahoo! HSI' account, and I have
successfully mailhosted that account; but I don't forward from that account
to any other.

-- 
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
From MikeE at ster.invalid  Mon Sep 22 09:00:39 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Mon Sep 22 09:05:03 2008
Subject: [Scspamcop] Re: Strange spams
References: <gap93g$io3$1@news.spamcop.net> <gaph3r$f3p$1@news.spamcop.net>
	<16pxx0oc5qidp$.dlg@nobody.spamcop.net>
Message-ID: <gb84tm$1uo$1@news.spamcop.net>

N. Miller wrote:
> Mike Easter
>
>>   from 186.12.58.185  (EHLO vms172073pub.verizon.net) (206.46.172.73)
>> by mta101.vzn.mail.re2.yahoo.com *serves recipient, noncompliant
>> fromfield
>
> Wondering how 'mta101.vzn.mail.re2.yahoo.com' is doing that?

I have no idea -- it was a complete bafflement to me.  As I recall, that
186.12.58.185 no rDNS lacnic .ar IP had nothing to do with the mail.  It
is very difficult to make a good analysis of what is real and what is
bogus when the (apparently) real server is/ appears to be/ stamping zany
noncompliant lines.

> I see:

>> Received: from 207.115.20.64  (EHLO flpi095.prodigy.net)
>>   (207.115.20.64) by mta142.sbc.mail.mud.yahoo.com with SMTP; Thu, 11
>> Sep 2008 02:28:47 -0700
>
> When I look at the headers in this message:
>
>
http://www.spamcop.net/sc?id=z2266821492z5ec64707d48505e9929dea6ccceba3b3z
>
> That is an example from an 'at&t Yahoo! HSI' account, and I have
> successfully mailhosted that account; but I don't forward from that
> account to any other.

Your headers are pretty healthy and interpretable even if not completely
compliant.

You accessed an AOL server from a sbc/swbell IP, which aol transacted with
the prodigy/yahoo mailbox, and all of the from and by fields are
interpretable.

  Abbreviated Received tracelines *comment
  from 207.115.20.64  (EHLO flpi095.prodigy.net) (207.115.20.64) by
mta142.sbc.mail.mud.yahoo.com *serves recipient
  from imo-m23.mx.aol.com (imo-m23.mx.aol.com [64.12.137.4]) by
flpi095.prodigy.net *serves recipient
  from <munge netscape eml addy> by imo-m23.mx.aol.com *extra noncompliant
line SC ignores
  from [192.168.102.34] ([69.110.229.74]) by cia-db05.mx.aol.com
*noncompliant sourceline aided by XOIP & aol xoip



-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Mon Sep 22 20:44:54 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Mon Sep 22 20:45:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
Message-ID: <gb9e64$m9$1@news.spamcop.net>

I can be pretty thick at thick at times and this is one of them.  Inline 
please:


> Twayne wrote:
>
>> Trackers, either of:
> www.spamcop.net/sc?id=z2263525135z8b5bc7ffc921fb0bcdc89f03fe82ca96z
>> and
> www.spamcop.net/sc?id=z2263524117zc6144cd7edeaa351976cdd26d99bdeabz
>
> From a workaround perspective;  if you have a mailhost/account for
> which all of your spam is of this configuration of these two items;
> namely only one (real) Received traceline, which is the one with 'by
> 0' on the topmost traceline, then it could have a separate SC
> reporting account -- separate from your mailhosted account.

100% of my e-mails are of that configuration; the "by 0" portion.
  In order for it to get to/from me, it has to pass thru Verizon (my 
ISP) and that in turn brings on the Yahoo tie-ine.  So even going to my 
own site and using webmail to send/receive to/from myself I'll still see 
the same header issue.  Apparently, from my reading, it's the Qmail 
thing that causes it if the setup isn't changed from its default.
   Since it's Yahoo actually doing the Received line, I have to assume 
then that they either don't care or find it useful somehow. As in 
breaking SpamCop maybe.   One thing I've noticed and I've been looking 
for it, is that there is no mention of the "by 0" anywhere that I can 
locate that isn't related to SpamCop.
   The reason I started looking for effects other than SC was hopefully 
to be able to tell Yahoo/Verizon they they're screwing up more than just 
SpamCop.  But so far that does not seem to be the case; SC seems to be 
the ONLY place it matters to anything.  Not enough to base a good 
arguement on or even get anyone's serious attention, IMO.

>
> If the spam from those trackers above is submitted to a non-mailhosted
> account, the parser can/will parse them correctly for source.
>
> http://www.spamcop.net/sc?id=z2264026891z95562b735849a5adaa3dcef25580c474z
> Report Spam to:
> Re: 201.253.228.74 (Administrator of network where email originates)
> To: miguelcamino1@gmail.com (Notes)
> <cancelled>
>
> http://www.spamcop.net/sc?id=z2264007981z8f5c68d01b5ef0dde3e9dd58d1c76256z
> Report Spam to:
> Re: 217.151.136.96 (Administrator of network where email originates)
> To: i.izotov@gs.gazprom.ru (Notes)
> To: a.polyakov@gs.gazprom.ru (Notes)
> To: a.stepanov@gazprom.ru (Notes)
>
> Re: http://www.royalsgame.com/ (Administrator of network hosting
> website referenced in spam)
> To: abuse@rcs-rds.ro (Notes)
> <cancelled>

Right.  I discovered that too but I don't have enough confidence in my 
own abilities to be sure of the results being correct. Now that I have a 
functioning mailhost setup, I know my assumptions were valid, but I 
hadn't yet gotten a mailhost setup to work at that earlier point.   I 
did send some and just unticked the Verizon box, but ... I finally just 
quit reporting at all because there seemed no way to abate the 
confusion.

>
> Even if the spammer puts in a bogus Received traceline down below, the
> parser will not parse beyond the chainbreak created by the 'by 0'
> part of the top traceline.

Yup; got it.
>
> From the trackers we were looking at before, you were
> mixing/forwarding mail from other accounts/mailhosts into that 'by 0'
> host/mailbox.

I can't get my head around what you mean but no, I wasn't, by any action 
of my own, "mixing/forwarding" mail in any way into the "by 0".  In my 
case, just so others realize this isn't a one size fits all, it is the 
Verizon/Yahoo interactions that insert the "by 0" into the Received 
line.  The "by 0" in each and every case I have here should be a Yahoo 
server; that much I'm now certain of.
   Also at that initial point I had no mailhost setup, which is what got 
me going on the issue again.  I have made absolutely and literally no 
changes to any email setups of any kind, not even tweaks, to any mail or 
news account from the time of my original post you refer to and up to 
today.  It had nothing to do with anything I did in any way to 
create/cause the "by 0" business.
   Apparently what made the mailhost setup work in my case was the 
"waiver" that the deputies accomplished for me but I have absolutely no 
idea what the waiver was for or what it did.  Hesitating to make myself 
any more of a PIA than I alrady have, I opted to simply document what 
happened and what it took for me to get the mailhost to work.  And it 
does seem to be working.  The "by 0" still exists in the Headers, but 
the spams do parse correctly, near as I can judge them.  I'm guessing 
that the waiver just tells some code somewhere that "by 0" is a FQDN and 
so the parses can function.

LIke I said, I'm feeling pretty thick tonight and most of your post went 
right over my head for whateve reason.

Regards,

Twayne



From nobody at devnull.spamcop.net  Mon Sep 22 21:20:14 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Mon Sep 22 21:25:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb5ft7$psj$1@news.spamcop.net>
Message-ID: <gb9g8c$5p2$1@news.spamcop.net>

> "Twayne" wrote:
>> Anyone happen to know the relevant RFC to quote for the header
>> composition that covers this situation?
>
> RFCs 821, 2821 (SMTP), 822 and 2822 (message format) are all relevant.
> Although the later numbers supercede the earlier ones, they don't
> repeat all of the information in them (e.g. some formal syntax).
>
> Searching them for "received" or "trace" should get what you want.
> Look first at section 4.4 (Trace Information) in RFC 2821.

Thanks much, 2821 is exactly the one I was remembering.  SMTP; duhhh, 
where was my head?

Twayne 


From MikeE at ster.invalid  Tue Sep 23 00:11:19 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 00:15:04 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net>
Message-ID: <gb9q95$4re$1@news.spamcop.net>

Twayne wrote:
> I can be pretty thick at thick at times and this is one of them.  Inline
> please:

<my cite>
>> From a workaround perspective;  if you have a mailhost/account for
>> which all of your spam is of this configuration of these two items;
>> namely only one (real) Received traceline, which is the one with 'by
>> 0' on the topmost traceline, then it could have a separate SC
>> reporting account -- separate from your mailhosted account.
>
> 100% of my e-mails are of that configuration; the "by 0" portion.

That isn't what I said re configuration.  I'm not talking about just the
by0.  The two items in question had only one Received traceline, the by0
one.  You have posted other trackers in the past which were forwarded to
that account.  Those mails were both forwarded *and* had by0.

>   In order for it to get to/from me, it has to pass thru Verizon (my
> ISP) and that in turn brings on the Yahoo tie-ine.  So even going to my
> own site and using webmail to send/receive to/from myself I'll still see
> the same header issue.  Apparently, from my reading, it's the Qmail
> thing that causes it if the setup isn't changed from its default.
>    Since it's Yahoo actually doing the Received line, I have to assume
> then that they either don't care or find it useful somehow. As in
> breaking SpamCop maybe.   One thing I've noticed and I've been looking
> for it, is that there is no mention of the "by 0" anywhere that I can
> locate that isn't related to SpamCop.
>    The reason I started looking for effects other than SC was hopefully
> to be able to tell Yahoo/Verizon they they're screwing up more than just
> SpamCop.  But so far that does not seem to be the case; SC seems to be
> the ONLY place it matters to anything.  Not enough to base a good
> arguement on or even get anyone's serious attention, IMO.

I have seen by0 before when it didn't cause the problems it is causing for
your own particular and somewhat peculiar situation -- which - your own
situation - shows a more complex and problematic condition than just by0
when there is more than one Received traceline of your own providers.

These two trackers I was talking about here were not more than one
Received traceline.

>> If the spam from those trackers above is submitted to a non-mailhosted
>> account, the parser can/will parse them correctly for source.

> Right.  I discovered that too but I don't have enough confidence in my
> own abilities to be sure of the results being correct. Now that I have a
> functioning mailhost setup, I know my assumptions were valid, but I
> hadn't yet gotten a mailhost setup to work at that earlier point.   I
> did send some and just unticked the Verizon box, but ... I finally just
> quit reporting at all because there seemed no way to abate the
> confusion.

The confusion seems to me because you are mixing (allowing to be mixed) a
forwarding mailhost into the final mailbox and you (appear to) have more
than one kind of noncompliance in the tracelines.  by0 is one, some other
whackiness discussed with N. Miller is the other kind.

>> From the trackers we were looking at before, you were
>> mixing/forwarding mail from other accounts/mailhosts into that 'by 0'
>> host/mailbox.
>
> I can't get my head around what you mean but no, I wasn't, by any action
> of my own, "mixing/forwarding" mail in any way into the "by 0".

If you forward mail from the yahoo into the by0, you are mixing
nonyahooforwarded by0 with yahooforwarded by0 (top received traceline).

> In my
> case, just so others realize this isn't a one size fits all, it is the
> Verizon/Yahoo interactions that insert the "by 0" into the Received
> line.  The "by 0" in each and every case I have here should be a Yahoo
> server; that much I'm now certain of.

No.  I agree with Don that the by0 is coming from the handler for
twaynesdomain.com which is netfirms.com.

>    Also at that initial point I had no mailhost setup, which is what got
> me going on the issue again.  I have made absolutely and literally no
> changes to any email setups of any kind, not even tweaks, to any mail or
> news account from the time of my original post you refer to and up to
> today.  It had nothing to do with anything I did in any way to
> create/cause the "by 0" business.

Except that you hired netfirms.com to handle twaynesdomain.com and then
you forwarded yahoo mail into that mailbox in addition to the mail which
that mailbox gets which is not so forwarded -- so there is a 'mix' of
forwarded and unforwarded.  Also a mix of more than one kind of
noncompliance, including noncompliant 'from' field in addition to
noncompliant by0 field.



-- 
Mike Easter
kibitzer, not SC admin

From maria.jacobs at xs4all.nl  Tue Sep 23 08:49:27 2008
From: maria.jacobs at xs4all.nl (Maria Jacobs)
Date: Tue Sep 23 08:50:03 2008
Subject: [Scspamcop] Re: Even if it could handle multibyte characters,
 SC doesn't find  reporting   address
References: <g68ql3$juu$1@news.spamcop.net> <g6j93g$cb$1@news.spamcop.net>
	<g6jbhf$606$2@news.spamcop.net> <g6jlpb$2cl$1@news.spamcop.net>
	<g6l4gd$q4r$1@news.spamcop.net>
Message-ID: <gbaokm$3q4$1@news.spamcop.net>

Op Mon, 28 Jul 2008 13:51:55 -0500, schreef Wazoo:


> http://forum.spamcop.net/forums/index.php?s=&showtopic=9419&view=findpost&p=64603
> is where I posted the info I received in an e-mail from Ellen.

On urls beginning with:

http://forum.spamcop.net/forums/

I get this error:

Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, 
try looking through the help files for more information.

What is the problem?
From nobody at spamcop.net  Tue Sep 23 09:41:28 2008
From: nobody at spamcop.net (Bar0)
Date: Tue Sep 23 09:45:03 2008
Subject: [Scspamcop] ATTN Deputies, SC Broken?
Message-ID: <gbarm8$ng4$1@news.spamcop.net>

Trying to report my days spams, the top of the lineup gets:

An error occurred while processing your request.
Reference #97.4f1cb4a.1222176660.2a48309



Similar error trying to do a manual (screen submission) parse (as opposed to 
the submit step problem seen above on emailed submissions.):

An error occurred while processing your request.

Reference #97.4f1cb4a.1222176943.2ab5410

From MikeE at ster.invalid  Tue Sep 23 11:24:16 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 11:25:03 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net>
Message-ID: <gbb1mu$fdd$1@news.spamcop.net>

Bar0 wrote:
> Trying to report my days spams, the top of the lineup gets:
>
> An error occurred while processing your request.
> Reference #97.4f1cb4a.1222176660.2a48309

I just emailed a submission.  Awaiting its return.

> Similar error trying to do a manual (screen submission) parse (as
> opposed to the submit step problem seen above on emailed submissions.):
>
> An error occurred while processing your request.
>
> Reference #97.4f1cb4a.1222176943.2ab5410

Webparser working here.

http://www.spamcop.net/sc?id=z2269973200z21bb760f05d341da870262cf98852148z
Report Spam to:

Re: 202.74.220.31 (Administrator of network where email originates)
 To: mlaw@walkerwireless.com (Notes)
 To: spaterson@walkerwireless.com (Notes)

Re: http://www.instantimagehosting.com/storage/9877... (Administrator of
network hosting website referenced in spam)
 To: abuse@godaddy.com (Notes)
<cancelled>


8:21 AM 2008.Sep.23 (PDT offset -0700) = 15:21 UTC.



-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Tue Sep 23 11:37:25 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 11:40:03 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net> <gbb1mu$fdd$1@news.spamcop.net>
Message-ID: <gbb2fj$i64$1@news.spamcop.net>

Mike Easter wrote:
> Bar0 wrote:
>> Trying to report my days spams, the top of the lineup gets:
>> 
>> An error occurred while processing your request.
>> Reference #97.4f1cb4a.1222176660.2a48309
> 
> I just emailed a submission.  Awaiting its return.

My email submission worked ok.



-- 
Mike Easter
kibitzer, not SC admin
From nobody at spamcop.net  Tue Sep 23 11:44:41 2008
From: nobody at spamcop.net (Ellen)
Date: Tue Sep 23 11:45:03 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
In-Reply-To: <gbarm8$ng4$1@news.spamcop.net>
References: <gbarm8$ng4$1@news.spamcop.net>
Message-ID: <gbb2tn$jqr$1@news.spamcop.net>

Bar0 wrote:
> Trying to report my days spams, the top of the lineup gets:
> 
> An error occurred while processing your request.
> Reference #97.4f1cb4a.1222176660.2a48309
> 
> 
> 
> Similar error trying to do a manual (screen submission) parse (as 
> opposed to the submit step problem seen above on emailed submissions.):
> 
> An error occurred while processing your request.
> 
> Reference #97.4f1cb4a.1222176943.2ab5410
> 

Must be transient or localized  -- I have been on the website since 6 AM 
(-0400) except for a couple of 10 min periods here and there ...

Is it working now?


Ellen
SpamCop
From nobody at spamcop.net  Tue Sep 23 11:52:27 2008
From: nobody at spamcop.net (Bar0)
Date: Tue Sep 23 11:55:04 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
Message-ID: <gbb3c3$m2h$1@news.spamcop.net>


"Ellen" <nobody@spamcop.net> wrote in message 
news:gbb2tn$jqr$1@news.spamcop.net...
> Bar0 wrote:
>> Trying to report my days spams, the top of the lineup gets:
>>
>> An error occurred while processing your request.
>> Reference #97.4f1cb4a.1222176660.2a48309
>>
>>
>>
>> Similar error trying to do a manual (screen submission) parse (as opposed 
>> to the submit step problem seen above on emailed submissions.):
>>
>> An error occurred while processing your request.
>>
>> Reference #97.4f1cb4a.1222176943.2ab5410
>>
>
> Must be transient or localized  -- I have been on the website since 6 AM 
> (-0400) except for a couple of 10 min periods here and there ...
>
> Is it working now?
>
>
> Ellen
> SpamCop

No 

From Ag2000CO at Starband.net  Tue Sep 23 12:10:05 2008
From: Ag2000CO at Starband.net (LKing)
Date: Tue Sep 23 12:10:02 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
In-Reply-To: <gbb3c3$m2h$1@news.spamcop.net>
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net>
Message-ID: <gbb4cj$sa9$1@news.spamcop.net>

Bar0 wrote, On 9/23/2008 11:52 AM:
> 
> "Ellen" <nobody@spamcop.net> wrote in message 
> news:gbb2tn$jqr$1@news.spamcop.net...
<snip>
>>
>> Must be transient or localized  -- I have been on the website since 6 
>> AM (-0400) except for a couple of 10 min periods here and there ...
>>
>> Is it working now?
>>
>>
>> Ellen
>> SpamCop
> 
> No

I'm using quick reporting without problem sending (last 1153 -0500) or 
receiving (last 1130 -0500) results.

Is the error accruing when submitting the same/similar spam?

Lou
From MikeE at ster.invalid  Tue Sep 23 12:17:45 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 12:20:03 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net>
Message-ID: <gbb4r7$u21$1@news.spamcop.net>

Bar0 wrote:
> "Ellen" 
>> Bar0 wrote:
>>> Trying to report my days spams, the top of the lineup gets:
>>> 
>>> An error occurred while processing your request.

>> Is it working now?

> No

You've been banished. :-)



-- 
Mike Easter
kibitzer, not SC admin
From nobody at devnull.spamcop.net  Tue Sep 23 12:27:53 2008
From: nobody at devnull.spamcop.net (Wazoo)
Date: Tue Sep 23 12:30:04 2008
Subject: [Scspamcop] Banned Forum Account - Was: Re: Even if it could handle
	multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net>
Message-ID: <gbb5ea$1k9$1@news.spamcop.net>

"Maria Jacobs" <maria.jacobs@xs4all.nl> wrote in message 
news:gbaokm$3q4$1@news.spamcop.net...
> Op Mon, 28 Jul 2008 13:51:55 -0500, schreef Wazoo:
>
>> http://forum.spamcop.net/forums/index.php?s=&showtopic=9419&view=findpost&p=64603
>> is where I posted the info I received in an e-mail from Ellen.
>
> On urls beginning with:
>
> http://forum.spamcop.net/forums/
>
> I get this error:
>
> Sorry, an error occurred. If you are unsure on how to use a 
> feature, or don't know why you got this error message,
> try looking through the help files for more information.
>
> What is the problem?

Wow!!!  Hijacking a two-month old thread that has no relevance to 
your actual question is such a novel way to garner attention.

'You' already had hints, FAQs, and specific points made in 'your' 
original Forum Topic/Discussion at 
http://forum.spamcop.net/forums/index.php?showtopic=9776 ... 'you' 
had already made contact with Don/SpamCop Admin who also stated the 
obvious .... 'you' had been Banned from the Forum.  And that was 
after your fourth account being generated.  It seems pretty silly to 
bring it up here in the newsgroups.

Why would 'you' think that a fifth account would be allowed after 
all this previous activity? 


From nobody at spamcop.net  Tue Sep 23 12:35:44 2008
From: nobody at spamcop.net (Bar0)
Date: Tue Sep 23 12:40:04 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net> <gbb4r7$u21$1@news.spamcop.net>
Message-ID: <gbb5t2$3kj$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gbb4r7$u21$1@news.spamcop.net...
> Bar0 wrote:
>> "Ellen"
>>> Bar0 wrote:
>>>> Trying to report my days spams, the top of the lineup gets:
>>>>
>>>> An error occurred while processing your request.
>
>>> Is it working now?
>
>> No
>
> You've been banished. :-)

Are you serious , or joking?

anyway, your guess? looks like it may be correct,  to answer some other 
queries,

2 Canadian Pharms with mime encoded html (mostly plaintext) bodies

1 419 with plain text only

1 PHISH with HTML body, 1 image link and 1 PHISH link

All small (less than 20 80 byte lines of ASCII) except for the 419 which 
would have to be scrolled once to be read in full.

I've Cleared my Queue, and no luck.

Tried to "logout" of my SC account (free reporting) and same error message, 
so, it looks like I've been locked out. perhaps there is a database error 
with my reporting account.

To summarize:

I can't parse a screen submission,

I can parse but not "report" mailed submissions.

I can NOT logout of my account using the "logout" button on the upper right.

All produce a similar error

I can mail a submission and I receive the notify.

I can clear unreported spam

I haven't tried to clear my cookies and logging in fresh yet.

Other home page functions such as accessing forums, help etc. seem to work. 

From maria.jacobs at xs4all.nl  Tue Sep 23 13:43:14 2008
From: maria.jacobs at xs4all.nl (Maria)
Date: Tue Sep 23 13:45:04 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbb5ea$1k9$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
Message-ID: <gbb9rk$i9p$1@news.spamcop.net>

In case I missed something let Don/SpamCop Admin please state the obvious here again, in public.

This is what I signed:

{quote}
 >  SpamCop Discussion > Registration Form
   Registration Terms & Rules
          In order to proceed, you must agree to the following:
   Forum Terms & Rules
   Please take a moment to review these rules detailed below. If you agree with them and wish to proceed with the registration,
simply click the
   "Register" button below. To cancel this registration, simply hit the 'back' button on your browser.
   Please remember that we are not responsible for any messages posted. We do not vouch for or warrant the accuracy, completeness or
usefulness of any
   message, and are not responsible for the contents of any message.
   The messages express the views of the author of the message, not necessarily the views of this bulletin board. Any user who feels
that a posted
   message is objectionable is encouraged to contact us immediately by email. We have the ability to remove objectionable messages
and we will make
   every effort to do so, within a reasonable time frame, if we determine that removal is necessary.
   You agree, through your use of this service, that you will not use this bulletin board to post any material which is knowingly
false and/or
   defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a
person's privacy, or
   otherwise violative of any law.
   You agree not to post any copyrighted material unless the copyright is owned by you or by this bulletin board.
   [ ] I have read, understood and agree to these rules and conditions
   Register
{/quote}

"Wazoo" <nobody@devnull.spamcop.net> schreef in bericht news:gbb5ea$1k9$1@news.spamcop.net...
> "Maria Jacobs" <maria.jacobs@xs4all.nl> wrote in message news:gbaokm$3q4$1@news.spamcop.net...
>> Op Mon, 28 Jul 2008 13:51:55 -0500, schreef Wazoo:
>>
>>> http://forum.spamcop.net/forums/index.php?s=&showtopic=9419&view=findpost&p=64603
>>> is where I posted the info I received in an e-mail from Ellen.
>>
>> On urls beginning with:
>>
>> http://forum.spamcop.net/forums/
>>
>> I get this error:
>>
>> Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message,
>> try looking through the help files for more information.
>>
>> What is the problem?
>
> Wow!!!  Hijacking a two-month old thread that has no relevance to your actual question is such a novel way to garner attention.
>
> 'You' already had hints, FAQs, and specific points made in 'your' original Forum Topic/Discussion at 
> http://forum.spamcop.net/forums/index.php?showtopic=9776 ... 'you' had already made contact with Don/SpamCop Admin who also stated 
> the obvious .... 'you' had been Banned from the Forum.  And that was after your fourth account being generated.  It seems pretty 
> silly to bring it up here in the newsgroups.
>
> Why would 'you' think that a fifth account would be allowed after all this previous activity?
>

"Wazoo" <nobody@devnull.spamcop.net> schreef in bericht news:gbb5ea$1k9$1@news.spamcop.net...
> "Maria Jacobs" <maria.jacobs@xs4all.nl> wrote in message news:gbaokm$3q4$1@news.spamcop.net...
>> Op Mon, 28 Jul 2008 13:51:55 -0500, schreef Wazoo:
>>
>>> http://forum.spamcop.net/forums/index.php?s=&showtopic=9419&view=findpost&p=64603
>>> is where I posted the info I received in an e-mail from Ellen.
>>
>> On urls beginning with:
>>
>> http://forum.spamcop.net/forums/
>>
>> I get this error:
>>
>> Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message,
>> try looking through the help files for more information.
>>
>> What is the problem?
>
> Wow!!!  Hijacking a two-month old thread that has no relevance to your actual question is such a novel way to garner attention.
>
> 'You' already had hints, FAQs, and specific points made in 'your' original Forum Topic/Discussion at 
> http://forum.spamcop.net/forums/index.php?showtopic=9776 ... 'you' had already made contact with Don/SpamCop Admin who also stated 
> the obvious .... 'you' had been Banned from the Forum.  And that was after your fourth account being generated.  It seems pretty 
> silly to bring it up here in the newsgroups.
>
> Why would 'you' think that a fifth account would be allowed after all this previous activity?
> 

From underwood+nntp at spamcop.net  Tue Sep 23 14:34:32 2008
From: underwood+nntp at spamcop.net (Steven P. Underwood)
Date: Tue Sep 23 14:35:04 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net>
Message-ID: <gbbcrr$utf$1@news.spamcop.net>

Don/SpamCop Admin is NOT the Administrator of the forums, Wazoo is as 
indicated by the title next to his name.  The forums are a user-user support 
area where Don comes in to help out and offer official guidance when he has 
the time.  Wazoo was asked by JT (the owner/operator of the SpamCop email 
service and owner of the box the forums run on) to Administer the forum for 
primary support of the Mail Service.  Don is an actual employee of SpamCop. 
Everyone else in the forums (for the most part) are simply other end users 
trying to help those who want to be helped.

As for what was said, you know because you replied to it in the same way you 
just did.  In a Forum, there are Forum sections that may indicate additional 
rules to be followed by that immediate community... so: SpamCop Forum FAQ 
SECTION 3 - Maintaining & Updating Your Account are a part of the rules.

That section is part of the links in the: Start Here - before you make your 
first Post section.

Since you can no longer access it, I will repeat the relevant part here for 
you.

Your Account

Q. Am I allowed more than one account?
A. SpamCop Forum members are only permitted ONE member account. If you have 
more than one account, contact a SpamCop Forum Admin immediately to rectify 
the situation. It is in your interests to let us know as anyone found to 
have more than one account may have the account(s) blocked or deleted 
without notice.




"Maria" <maria.jacobs@xs4all.nl> wrote in message 
news:gbb9rk$i9p$1@news.spamcop.net...
> In case I missed something let Don/SpamCop Admin please state the obvious 
> here again, in public.
>
> This is what I signed:
>


From nobody at spamcop.net  Tue Sep 23 16:39:36 2008
From: nobody at spamcop.net (Bar0)
Date: Tue Sep 23 16:40:03 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?-Fixed
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net> <gbb4r7$u21$1@news.spamcop.net>
	<gbb5t2$3kj$1@news.spamcop.net>
Message-ID: <gbbk68$nb9$1@news.spamcop.net>

Hmmm.....

Seems to have sorted itself now.


From maria.jacobs at xs4all.nl  Tue Sep 23 18:39:59 2008
From: maria.jacobs at xs4all.nl (Maria)
Date: Tue Sep 23 18:40:04 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbbcrr$utf$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbbcrr$utf$1@news.spamcop.net>
Message-ID: <gbbr82$el1$1@news.spamcop.net>


"Steven P. Underwood" <underwood+nntp@spamcop.net> schreef in bericht news:gbbcrr$utf$1@news.spamcop.net...
> Don/SpamCop Admin is NOT the Administrator of the forums, Wazoo is as indicated by the title next to his name.  The forums are a 
> user-user support area where Don comes in to help out and offer official guidance when he has the time.  Wazoo was asked by JT 
> (the owner/operator of the SpamCop email service and owner of the box the forums run on) to Administer the forum for primary 
> support of the Mail Service.  Don is an actual employee of SpamCop. Everyone else in the forums (for the most part) are simply 
> other end users trying to help those who want to be helped.
>
> As for what was said, you know because you replied to it in the same way you just did.  In a Forum, there are Forum sections that 
> may indicate additional rules to be followed by that immediate community... so: SpamCop Forum FAQ SECTION 3 - Maintaining & 
> Updating Your Account are a part of the rules.

I know what is part of the rules and what not, I signed the rules with a checkbox.

The rules say:

{quote}
Please remember that we are not responsible for any messages posted.
We do not vouch for or warrant the accuracy, completeness or usefulness of any message,
and are not responsible for the contents of any message.
{/quote}

What you are selling as 'rules' here is just messages of which the accuracy, completeness or usefulness is not vouched for or 
warranted.

> That section is part of the links in the: Start Here - before you make your first Post section.
>
> Since you can no longer access it, I will repeat the relevant part here for you.
>
> Your Account
>
> Q. Am I allowed more than one account?
> A. SpamCop Forum members are only permitted ONE member account. If you have more than one account, contact a SpamCop Forum Admin 
> immediately to rectify the situation. It is in your interests to let us know as anyone found to have more than one account may 
> have the account(s) blocked or deleted without notice.
>
>
>
>
> "Maria" <maria.jacobs@xs4all.nl> wrote in message news:gbb9rk$i9p$1@news.spamcop.net...
>> In case I missed something let Don/SpamCop Admin please state the obvious here again, in public.
>>
>> This is what I signed:
>>
>
> 

From tmcgraw at spamcop.net  Tue Sep 23 18:46:38 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Tue Sep 23 18:50:03 2008
Subject: [Scspamcop] Re: FU: Re: Sorry: Spammer Walks Free as Virginia
 Anti-Spam Law Is Declared     Unconstitutional
In-Reply-To: <48D33302.9070403@fishnet.com>
References: <Xns9B198BEB6B05Cnoreplyaddy@216.154.195.61>
	<48CDCB53.2030105@fishnet.com> <48D33302.9070403@fishnet.com>
Message-ID: <gbbrkf$fer$1@news.spamcop.net>

rooster wrote:
> If anyone is interested in pursuing this ruling further, here's an
> article by Declan McCullagh in "Politics and Law" that explores
> the issue from a legal perspective.
> 
> http://news.cnet.com/8301-13578_3-10040522-38.html

Declan is usually spot-on, but to cite the libertarian and "free market" 
Cato Institute to call into question whether commercial speech = First 
Amendment speech is daft.

There is a long history of case law limiting commercial speech: 
http://www.abuse.net/commercial.html
From nobody at devnull.spamcop.net  Tue Sep 23 18:56:56 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Tue Sep 23 19:00:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
Message-ID: <gbbs7k$gso$1@news.spamcop.net>

> Twayne wrote:
>> I can be pretty thick at thick at times and this is one of them.
>> Inline please:
>
> <my cite>
>>> From a workaround perspective;  if you have a mailhost/account for
>>> which all of your spam is of this configuration of these two items;
>>> namely only one (real) Received traceline, which is the one with 'by
>>> 0' on the topmost traceline, then it could have a separate SC
>>> reporting account -- separate from your mailhosted account.
>>
>> 100% of my e-mails are of that configuration; the "by 0" portion.
>
> That isn't what I said re configuration.  I'm not talking about just
> the by0.  The two items in question had only one Received traceline,
> the by0 one.  You have posted other trackers in the past which were
> forwarded to that account.  Those mails were both forwarded *and* had
> by0.

Oh, yes, you're correct.  Most I receive are of the latter type; I 
picked those with the single Received traceline on purpose to make it 
clear what my question was about.  I think I see what you're about now: 
I thought you meant I forwarded the mails, which I did not; the 
forwarding was done by vzn or maybe ...re. ... something but anyway, it 
was Yahoo or Verizon doing the forwarding, not me.  The lines vary by 
spam source I think, but there is often a relay involved; just not 
anything I caused personally.

>
>>   In order for it to get to/from me, it has to pass thru Verizon (my
>> ISP) and that in turn brings on the Yahoo tie-ine.  So even going to
>> my own site and using webmail to send/receive to/from myself I'll
>> still see the same header issue.  Apparently, from my reading, it's
>> the Qmail thing that causes it if the setup isn't changed from its
>>    default. Since it's Yahoo actually doing the Received line, I
>> have to assume then that they either don't care or find it useful
>> somehow. As in breaking SpamCop maybe.   One thing I've noticed and
>> I've been looking for it, is that there is no mention of the "by 0"
>> anywhere that I can locate that isn't related to SpamCop.
>>    The reason I started looking for effects other than SC was
>> hopefully to be able to tell Yahoo/Verizon they they're screwing up
>> more than just SpamCop.  But so far that does not seem to be the
>> case; SC seems to be the ONLY place it matters to anything.  Not
>> enough to base a good arguement on or even get anyone's serious
>> attention, IMO.
>
> I have seen by0 before when it didn't cause the problems it is
> causing for your own particular and somewhat peculiar situation --
> which - your own situation - shows a more complex and problematic
> condition than just by0 when there is more than one Received
> traceline of your own providers.
>
> These two trackers I was talking about here were not more than one
> Received traceline.
>
>>> If the spam from those trackers above is submitted to a
>>> non-mailhosted account, the parser can/will parse them correctly
>>> for source.
>
>> Right.  I discovered that too but I don't have enough confidence in
>> my own abilities to be sure of the results being correct. Now that I
>> have a functioning mailhost setup, I know my assumptions were valid,
>> but I hadn't yet gotten a mailhost setup to work at that earlier
>> point.   I did send some and just unticked the Verizon box, but ...
>> I finally just quit reporting at all because there seemed no way to
>> abate the confusion.
>
> The confusion seems to me because you are mixing (allowing to be
> mixed) a forwarding mailhost into the final mailbox and you (appear
> to) have more than one kind of noncompliance in the tracelines.  by0
> is one, some other whackiness discussed with N. Miller is the other
> kind.

Well, except for "allowing to be mixed", that sounds right but it 
quickly goes over my head.  I only have the two ISPs and one is 
definitely not being forwarded to the other.  A year or so I had some 
forwarding going on, but today I pop both sets of accounts right  to my 
computer; I don't even use the webmail auto-forward feature.  One, where 
I have my web site, does have several e-mail accounts associated with 
it, only one of which needed to be registered in mailhost according to 
the instructions since they're all in the same domain.  And that makes 
sense because as I recall the one account registration picked up all of 
the MX;s etc..

Verizon/Yahoo want to blame each other for the received line issues and 
it seems pretty sure to be their relationship causing the problems. 
Which problems, as I mentioned before, seem to have been overcome by the 
"waiver" that Don did for me.

I do get the occasional spam with a single received trace too, where the 
mailhost suggests that it might be one I don't have listed in my 
mailhosts.  However, those are usually .ru or .cn addresses and I think 
one was a comcast, so ... that sho 'nuff ain't mine<g>!
   I don't know what changed out there, but my spam load is increaasing 
the last few weeks.  It's gone from ten to fifteen a week to around 
fifteen a day now and slowly increasing at a steady rate on one 
particular address.  That could be for lots of reasons, I know, 
including my own stupidity.  Also I've been paying so much attention to 
whether parses were correct lately I haven't paid much attention to 
whether my address has been in other parts of the spams.  I think I felt 
an over confidence because they're almost every one a single line spam 
of the ph0rn/pharmacy/stock/make it bigger/etc. kinds.   Fortunately 
it's not my main account so I can just use it to feed the list or get 
rid of it.  For awhile I was getting the same spam on three addresses 
but those seem to have stopped and it all went back to one.  I've eve 
got some dummy sending return-receipt-requested spams; I guess that must 
still work for them.

Except for Verizon no longer being listed, and neglecting my inability 
to consistantly parse spams correctly, it actually seems like the old 
non-mailhost system did an equivalent job than the mailhost system was 
doing. No one has said so, but pre my mailhost setup,  *something* at SC 
had to change for Verizon to just strat popping up in every parse as the 
source of the spams.  I really don't think every spammer I get spam from 
changed overnight to make that happen.  It about had to be a change by 
SC that initiated it.  But that's the only proof I have; intuition and 
coincidence.

>
>>> From the trackers we were looking at before, you were
>>> mixing/forwarding mail from other accounts/mailhosts into that 'by
>>> 0' host/mailbox.
>>
>> I can't get my head around what you mean but no, I wasn't, by any
>> action of my own, "mixing/forwarding" mail in any way into the "by
>> 0".
>
> If you forward mail from the yahoo into the by0, you are mixing
> nonyahooforwarded by0 with yahooforwarded by0 (top received
> traceline).

This probably sounds a lot like all I'm trying to do is shoot Mike down 
for whatever he brings up, but that's far from the case.  I read, reread 
and sanitize the things you say, looking for places that can be 
meaningful to me and that might further my understanding of the 
situation, or even improve it somehow.
   So when I say something over and over in several different ways, it's 
an attempt at clarification and nothing more.  If anything seems to 
contradict the preceding, then one of us is misunderstanding the other 
somehow.
   Figured I'd better say that because the next para starts to sound 
like a tirade and it's not<g>:
SO:
Again, no, I (as in me, sitting here at the keyboard and managing my 
mail accounts et al) am *NOT* doing that!  I don't even literally USE a 
Yahoo account.  I do not send nor receive e-mail to/from/through/via any 
Yahoo address to/from anywhere, ever, through any intended action of my 
own.
     Long ago I had a Yahoo account but it's long forgotten and one of 
the messages I received yesterday indicated that if I hadn't used it in 
that long it was almost surely deleted for non-use.  I do not even 
knowingly access Yahoo for anything; their set of 'features' that went 
along with my signup at Verizon were tossed and deleted quickly, as in 
within seconds of finding out for sure that I did not have to have any 
of them as a requirment for anything - they were simply "Value Added" 
services.  Mostly it was their own bastardized version of IE set up with 
bookmarks to Yahoo features like movies, music, IM, all that crap.
   I hear they're even offering things like free Norton AV and other 
niceties but I don't need them or want them and haven't even ever looked 
at any of Yahoo's pages about them or anything else.  I long ago stopped 
the newsletter, which I now wish I hadn't; it might have explained some 
of these interworkings, but I really doubt it.
   So, IMO there is no way I am intentionally or by virtue of any e-mail 
accounts I have, causing any kind of fowarding even remotely similar to 
what you mention.  VZ is, but not me.
    I want to eventually, probably by this winter, start using some 
forwarding services, but for the past couple of years there have been 
none.  And, just to be sure I haven't been lying to you inadvetantly, I 
visited both Veriozon and my Netfirms Control Panels and WebMail 
Settings today and there is NO forwarding of any kind going on anywhere. 
Period<G>.  In doing so I did end up at a yahoo/verizon (or a 
verizon/yahoo) page but ... damned if I know who it really was.  Even 
the address has that mix in it.  I may go back and check just for GPs 
though; I'd like to know whose spaces I was on.

(I think it was) Don straightened out the issues with mailhost for me 
and did the waiver thing, after which mailhost did start to work as I 
implied above.  I'm not particularly fond of IronPort and whatever part 
of it works SC but I do really like the way SC works its blocklistings 
and IMO there is a definite need for this kind of thing to exist.  I've 
been looking over a few of the spamcop wanna be's I came across in my 
research and a couple bear checking out but in general they always fall 
short somehow.  It would be handy of there were a second spamcop type 
site out there but I'm not too sure that will ever happen.  Thus my 
loyalty to the guys here on the group remains but SpamCop itself over 
the last few years has brought me some pretty disappointing attitudes 
and activities.

'nuff "verbosity" for now I guess.  If you think you can clarify 
anything for me, feel free; I am interested.  I've also not snipped this 
post for that very reason, although I have zero problems if you wish to 
snip with gusto!  If I respond again I'll probably be forced to snip 
anyway; it's becoming a little unweildly.

Twayne





>
>> In my
>> case, just so others realize this isn't a one size fits all, it is
>> the Verizon/Yahoo interactions that insert the "by 0" into the
>> Received line.  The "by 0" in each and every case I have here should
>> be a Yahoo server; that much I'm now certain of.
>
> No.  I agree with Don that the by0 is coming from the handler for
> twaynesdomain.com which is netfirms.com.
>
>>    Also at that initial point I had no mailhost setup, which is what
>> got me going on the issue again.  I have made absolutely and
>> literally no changes to any email setups of any kind, not even
>> tweaks, to any mail or news account from the time of my original
>> post you refer to and up to today.  It had nothing to do with
>> anything I did in any way to create/cause the "by 0" business.
>
> Except that you hired netfirms.com to handle twaynesdomain.com and
> then you forwarded yahoo mail into that mailbox in addition to the
> mail which that mailbox gets which is not so forwarded -- so there is
> a 'mix' of forwarded and unforwarded.  Also a mix of more than one
> kind of noncompliance, including noncompliant 'from' field in
> addition to noncompliant by0 field.



From mikeyhsd at lamparty.net  Tue Sep 23 18:57:23 2008
From: mikeyhsd at lamparty.net (mikeyhsd)
Date: Tue Sep 23 19:00:04 2008
Subject: [Scspamcop] email address change
Message-ID: <gbbsav$gvo$1@news.spamcop.net>

due to sprint dropping email support in december, it is imperative that I 
log on to spam cop and edit my profile to change the email address.

so far all attempts have failed.

have mailed to support 2 times with no response.

what so I have to do to get  my email address changed so the reports get 
sent to the proper address.



-- 

mikeyhsd@lamparty.net




From nobody at spamcop.net  Tue Sep 23 19:10:24 2008
From: nobody at spamcop.net (RandallW)
Date: Tue Sep 23 19:15:03 2008
Subject: [Scspamcop] parser webpage burping?
Message-ID: <gbbt0v$imj$1@news.spamcop.net>

While trying to load the parser I am shown these messages:

An error occurred while processing your request.
Reference #97.5b41a45.1222211392.94649a


From nobody at spamcop.net  Tue Sep 23 19:23:17 2008
From: nobody at spamcop.net (RandallW)
Date: Tue Sep 23 19:25:03 2008
Subject: [Scspamcop] Re: parser webpage burping?
References: <gbbt0v$imj$1@news.spamcop.net>
Message-ID: <gbbtp5$kgb$1@news.spamcop.net>

Never mind, seems o.k. now. 


From MikeE at ster.invalid  Tue Sep 23 20:35:18 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 20:40:04 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net> <gbb4r7$u21$1@news.spamcop.net>
	<gbb5t2$3kj$1@news.spamcop.net>
Message-ID: <gbc203$15b$1@news.spamcop.net>

Bar0 wrote:
> "Mike Easter
>> Bar0 wrote:
>>>> Bar0 wrote:
>>>>> Trying to report my days spams, the top of the lineup gets:
>>>>>
>>>>> An error occurred while processing your request.

>> You've been banished. :-)
>
> Are you serious , or joking?

I was just joking.  I didn't realize there was another thread and another
venue in which some kind of banishment had actually occurred.  That didn't
arise until after I made my 'joke'.


Bar0 wrote:
> Hmmm.....
>
> Seems to have sorted itself now.

Thank goodness.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Tue Sep 23 20:58:15 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Tue Sep 23 21:00:04 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbbr82$el1$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbbcrr$utf$1@news.spamcop.net>
	<gbbr82$el1$1@news.spamcop.net>
Message-ID: <gbc3bd$57l$1@news.spamcop.net>

"Maria" <maria.jacobs@xs4all.nl> wrote in message 
news:gbbr82$el1$1@news.spamcop.net...
>
>
> I know what is part of the rules and what not, I signed the rules with a 
> checkbox.
>

And that is why you have been banned from the forums... the administrator of 
the Forums (Wazoo) and all of the moderators (me included) there agree that 
there are netiquette rules as well which are laid out in the forum sections 
pointed to.  Looks like the IP block will be in place quite a bit longer 
than first imagined.

Just like using a blocklist: Admin's servers, admin's rules.  JT, the owner 
of the server has made Wazoo the administrator, and thus far not complained 
about the job he is doing.

Have a nice day. 

From nobody at spamcop.net  Tue Sep 23 21:06:32 2008
From: nobody at spamcop.net (Steven Underwood)
Date: Tue Sep 23 21:10:03 2008
Subject: [Scspamcop] Re: email address change
In-Reply-To: <gbbsav$gvo$1@news.spamcop.net>
References: <gbbsav$gvo$1@news.spamcop.net>
Message-ID: <gbc3qu$7da$1@news.spamcop.net>

"mikeyhsd" <mikeyhsd@lamparty.net> wrote in message 
news:gbbsav$gvo$1@news.spamcop.net...
> due to sprint dropping email support in december, it is imperative that I 
> log on to spam cop and edit my profile to change the email address.
>
> so far all attempts have failed.
>

Is this a reporting account or email account you need to modify?  What URL 
are you trying to log into?

For email account:
https://webmail.spamcop.net/
http://mailsc.spamcop.net/

For reporting only accounts:
http://www.spamcop.net/mcgi?action=loginform
http://members.spamcop.net/

> have mailed to support 2 times with no response.
>

What email address did you use?

support[at]spamcop.net would be for email account
deputies[at]admin.spamcop.net or service[at]admin.spamcop.net for reporting 
accounts


From MikeE at ster.invalid  Tue Sep 23 21:33:30 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 23 21:35:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net>
Message-ID: <gbc5d7$bie$1@news.spamcop.net>

Twayne wrote:

> I thought you meant I forwarded the mails, which I did not; the
> forwarding was done by vzn or maybe ...re. ... something but anyway, it
> was Yahoo or Verizon doing the forwarding, not me.

Yes.  I meant configured to allow/force/cause server forwarding;  not
'user forwarded'.

>  The lines vary by
> spam source I think, but there is often a relay involved; just not
> anything I caused personally.

Personally by hand, as opposed to personally by configuration for a mail
account.

>>>   In order for it to get to/from me, it has to pass thru Verizon (my
>>> ISP) and that in turn brings on the Yahoo tie-ine.

Not the ones for the 2 trackers in this thread which came directly to the
by0 mailbox from the spamsource.

>> The confusion seems to me because you are mixing (allowing to be
>> mixed) a forwarding mailhost into the final mailbox and you (appear
>> to) have more than one kind of noncompliance in the tracelines.  by0
>> is one, some other whackiness discussed with N. Miller is the other
>> kind.
>
> Well, except for "allowing to be mixed", that sounds right but it
> quickly goes over my head.  I only have the two ISPs and one is
> definitely not being forwarded to the other.

Rather than ISPs, which I generally think of as providing connectivity for
a price, I'm talking about mailboxes which are based on a email address
which may come with connectivity or be free or even at a price which
doesn't include connectivity.  You have something (email) based on
twaynesdomain which is handled by a netfirms server (which I think makes
by0) and you have something emailbox based on yahoo/verizon or whatever
you might want to call it.

> A year or so I had some
> forwarding going on, but today I pop both sets of accounts right  to my
> computer; I don't even use the webmail auto-forward feature.

That doesn't fit with my having seen both 1 Received traceline with by0
trackers and other trackers which show 2+ Received tracelines involving
verizon/yahoo *plus* by0.  I'm figgering those trackers were server (not
user) forwarded to the netfirms twaynesdomain mailbox.

> I do get the occasional spam with a single received trace too, where the
> mailhost suggests that it might be one I don't have listed in my
> mailhosts.

Both of the trackers for this thread, which you can review by going back
to your first post in this thread, were mailhosted trackers;  that is,
they were trackers which were performed on/for a mailhosted account, and
they were trackers which showed only 1 Received traceline which was by0
which I believe is a twaynesdomain/netfirms mailbox.  Those items did not
pass thru' any vz/yh servers.

>> If you forward mail from the yahoo into the by0, you are mixing
>> nonyahooforwarded by0 with yahooforwarded by0 (top received
>> traceline).

That's me still talking about server forwarding not user forwarding.

> This probably sounds a lot like all I'm trying to do is shoot Mike down
> for whatever he brings up, but that's far from the case.  I read, reread
> and sanitize the things you say, looking for places that can be
> meaningful to me and that might further my understanding of the
> situation, or even improve it somehow.
>    So when I say something over and over in several different ways, it's
> an attempt at clarification and nothing more.  If anything seems to
> contradict the preceding, then one of us is misunderstanding the other
> somehow.
>    Figured I'd better say that because the next para starts to sound
> like a tirade and it's not<g>:
> SO:
> Again, no, I (as in me, sitting here at the keyboard and managing my
> mail accounts et al) am *NOT* doing that!  I don't even literally USE a
> Yahoo account.  I do not send nor receive e-mail to/from/through/via any
> Yahoo address to/from anywhere, ever, through any intended action of my
> own.

I wonder if you could elaborate on what becomes of mail which is sent to
some old yahoo account/address.

I've heard of people who have a yahoo account which they don't know about
or even know its password any longer.  However, if that account is
configured to forward mail to some other address, then it will keep doing
that.  The old yahoo address may not appear anywhere in the To or anywhere
else of course, because spam typically/often does not have the 'addressee'
in the To or anywhere else.

>      Long ago I had a Yahoo account but it's long forgotten and one of
> the messages I received yesterday indicated that if I hadn't used it in
> that long it was almost surely deleted for non-use.

I don't know anything about yahoo accounts or their being deleted for
'nonuse'.  How would yahoo know if something were being used or not?  If
there is a mechanism for the mailbox to get emptied by the server
forwarding the mail, the box wouldn't become overfull.  The account would
be being 'used' for forwarding.  It would be being used by keeping its
inbox empty by the server forwarding.  The only kind of usage it wouldn't
be getting would be emailing from it.

I have a gmail account.  It is configured to forward.  I virtually never
use it for anything, but mail is coming into it all the time and being
forwarded to another account.  I can't imagine gmail advising me that I
wasn't using the account, because I am.  I get very little spam forwarded
from it because gmail has a pretty good filter.  I don't know about
yahoo's.

If you don't know that you are 'using' (receiving server forwarded mail) a
yahoo account, perhaps you should research that subject.

>    So, IMO there is no way I am intentionally or by virtue of any e-mail
> accounts I have, causing any kind of fowarding even remotely similar to
> what you mention.  VZ is, but not me.

I don't know enough about yahoo/vz to distinguish between the two,
especially in this case.

>     I want to eventually, probably by this winter, start using some
> forwarding services, but for the past couple of years there have been
> none.  And, just to be sure I haven't been lying to you inadvetantly, I
> visited both Veriozon and my Netfirms Control Panels and WebMail
> Settings today and there is NO forwarding of any kind going on anywhere.
> Period<G>.

Maybe you should visit some kind of yahoo that involves verizon.

> 'nuff "verbosity" for now I guess.  If you think you can clarify
> anything for me, feel free; I am interested.

I'm nto able to clarify except to try to clarify what I'm saying about
what I'm thinking.  I can't clarify exactly how all of your mail is being
handled except for the ones with 1 Received traceline which is by0.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at nowhere.not  Tue Sep 23 22:18:29 2008
From: nobody at nowhere.not (Robert Blair)
Date: Tue Sep 23 22:20:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net>
Message-ID: <TECQXhvKj0FX-pn2-4WBv6H1OVSkY@localhost>

On Tue, 23 Sep 2008 22:56:56 UTC, "Twayne" <nobody@devnull.spamcop.net> wrote:

>    So, IMO there is no way I am intentionally or by virtue of any e-mail 
> accounts I have, causing any kind of fowarding even remotely similar to 
> what you mention.  VZ is, but not me.
>     I want to eventually, probably by this winter, start using some 
> forwarding services, but for the past couple of years there have been 
> none.  And, just to be sure I haven't been lying to you inadvetantly, I 
> visited both Veriozon and my Netfirms Control Panels and WebMail 
> Settings today and there is NO forwarding of any kind going on anywhere. 
> Period<G>.  In doing so I did end up at a yahoo/verizon (or a 
> verizon/yahoo) page but ... damned if I know who it really was.  Even 
> the address has that mix in it.  I may go back and check just for GPs 
> though; I'd like to know whose spaces I was on.

Currently I only use my ISP for connection to the internet but still have an 
email address there that gets one valid email (their bill) a month the rest is 
spam.  I had a problem with my previous hosting company and they would not fix 
the problems.  Because they did not appear to be responsive to customer 
complaints I moved my account to a hosting company that did care about good 
customer service and requested a refund from my old hosting company.  Personally
I would not use a forwarding service because I do not see a need for them, I 
have two accounts on my email client one POPs one email address and the other 
POPs three email addresses to my laptop.  I suggest that you check out pair.com 
to be your hosting company, I am sure that there are other hosting companies 
that will give you good service.  If I had your problems I definitely would 
leave Netfirms as soon as possible.


-- 
Robert Blair
From maria.jacobs at xs4all.nl  Wed Sep 24 03:28:55 2008
From: maria.jacobs at xs4all.nl (Maria)
Date: Wed Sep 24 03:30:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbc3bd$57l$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbbcrr$utf$1@news.spamcop.net>
	<gbbr82$el1$1@news.spamcop.net> <gbc3bd$57l$1@news.spamcop.net>
Message-ID: <gbcq7q$apj$1@news.spamcop.net>


"Steven Underwood" <nobody@spamcop.net> schreef in bericht news:gbc3bd$57l$1@news.spamcop.net...
> "Maria" <maria.jacobs@xs4all.nl> wrote in message 
> news:gbbr82$el1$1@news.spamcop.net...
>>
>>
>> I know what is part of the rules and what not, I signed the rules with a 
>> checkbox.
>>
> 
> And that is why you have been banned from the forums... the administrator of 
> the Forums (Wazoo) and all of the moderators (me included) there agree that 
> there are netiquette rules as well which are laid out in the forum sections 
> pointed to.  Looks like the IP block will be in place quite a bit longer 
> than first imagined.

Well, that is quite nice, since then other users of the I.P. address will be blocked clearly without reason.
And that will make clear to that other users what crap your forum is much clearer than I can explain it in words.
From Ag2000CO at Starband.net  Wed Sep 24 09:33:54 2008
From: Ag2000CO at Starband.net (LKing)
Date: Wed Sep 24 09:35:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
 handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbcq7q$apj$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbbcrr$utf$1@news.spamcop.net>
	<gbbr82$el1$1@news.spamcop.net> <gbc3bd$57l$1@news.spamcop.net>
	<gbcq7q$apj$1@news.spamcop.net>
Message-ID: <gbdfjm$5qf$1@news.spamcop.net>

Maria wrote, On 9/24/2008 3:28 AM:
> 
> Well, that is quite nice, since then other users of the I.P. address 
> will be blocked clearly without reason.
> And that will make clear to that other users what crap your forum is 
> much clearer than I can explain it in words.
Just out of curiosity, what do you think you, under any of your IDs, 
added to the forum? Or the news group for that matter?

After a quick review I don't see what positive content you contributed. 
You ask a question then didn't seem to like the answer. On reflexion 
maybe your objective was to expand the references to xs4all. Surly a 
wast of my time.
From MikeE at ster.invalid  Wed Sep 24 09:45:31 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 09:50:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net>
Message-ID: <gbdg9n$7og$1@news.spamcop.net>

Maria wrote:

> This is what I signed:

To me, it seems less important what you signed than what happened.

What happened was that you acted somewhat rude and impertinent in a
moderated forum in the referred thread
http://forum.spamcop.net/forums/index.php?showtopic=9776   XS4ALL, ISP
Mailhost and user Mailhost

To me, the/your original question was fine, except that the username you
registered was an email address which isn't recommended.  Under that same
username, your next remark was somewhat smart-alecky while being
explanatory.

You continued to get helpful replies from Darren and Steven.

What happened next between you and Wazoo involving the link to the graphic
at your xs4all webpage isn't completely clear to me, but it involved a
suboptimal interaction between you two which focused on the exposure of an
email address.

Then you shifted into a higher gear of impertinence and sass and began nym
shifting and continuing to post an email address.  By that time the
impertinently behaving nyms in the thread were chrisjqb<eml>, Knygathin,
etaoin, and Chris Jacobs and arguing about with moderators and other
helpers about what the rules were and were not.

In a moderated forum, if you engage in a 'in your face' style of behavior
while defying the recommendations that you not behave that way, you are
going to get shut down.


<your later post>
> other users of the I.P. address
> will be blocked

If the forum is going to shut down/ ban/ a nym-shifter, the IP address is
going to be involved.



-- 
Mike Easter
kibitzer, not SC admin

From maria.jacob at xs4all.nl  Wed Sep 24 09:48:34 2008
From: maria.jacob at xs4all.nl (Maria)
Date: Wed Sep 24 09:50:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
 handle multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net> <g6j93g$cb$1@news.spamcop.net>
	<g6jbhf$606$2@news.spamcop.net> <g6jlpb$2cl$1@news.spamcop.net>
	<g6l4gd$q4r$1@news.spamcop.net> <gbaokm$3q4$1@news.spamcop.net>
	<gbb5ea$1k9$1@news.spamcop.net> <gbb9rk$i9p$1@news.spamcop.net>
	<gbbcrr$utf$1@news.spamcop.net>
Message-ID: <gbdgfi$5n1$1@news.spamcop.net>

Op Tue, 23 Sep 2008 14:34:32 -0400, schreef Steven P. Underwood:

> Wazoo was asked by JT (the owner/operator of the
> SpamCop email service and owner of the box the forums run on) to
> Administer the forum for primary support of the Mail Service.

It took me rather long to get it, but finally I got it:

JT is trash !!!

From maria.jacobs at xs4all.nl  Wed Sep 24 09:58:53 2008
From: maria.jacobs at xs4all.nl (Maria)
Date: Wed Sep 24 10:00:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbdg9n$7og$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbdg9n$7og$1@news.spamcop.net>
Message-ID: <gbdh30$9q3$1@news.spamcop.net>

Essentially what happened is quite simple:

Wazoo irritated me.

If you don't want me to behave irritated, then simpy don't irritate me.

"Mike Easter" <MikeE@ster.invalid> schreef in bericht news:gbdg9n$7og$1@news.spamcop.net...
> Maria wrote:
> 
>> This is what I signed:
> 
> To me, it seems less important what you signed than what happened.
> 
> What happened was that you acted somewhat rude and impertinent in a
> moderated forum in the referred thread
> http://forum.spamcop.net/forums/index.php?showtopic=9776   XS4ALL, ISP
> Mailhost and user Mailhost
> 
> To me, the/your original question was fine, except that the username you
> registered was an email address which isn't recommended.  Under that same
> username, your next remark was somewhat smart-alecky while being
> explanatory.
> 
> You continued to get helpful replies from Darren and Steven.
> 
> What happened next between you and Wazoo involving the link to the graphic
> at your xs4all webpage isn't completely clear to me, but it involved a
> suboptimal interaction between you two which focused on the exposure of an
> email address.
> 
> Then you shifted into a higher gear of impertinence and sass and began nym
> shifting and continuing to post an email address.  By that time the
> impertinently behaving nyms in the thread were chrisjqb<eml>, Knygathin,
> etaoin, and Chris Jacobs and arguing about with moderators and other
> helpers about what the rules were and were not.
> 
> In a moderated forum, if you engage in a 'in your face' style of behavior
> while defying the recommendations that you not behave that way, you are
> going to get shut down.
> 
> 
> <your later post>
>> other users of the I.P. address
>> will be blocked
> 
> If the forum is going to shut down/ ban/ a nym-shifter, the IP address is
> going to be involved.
> 
> 
> 
> -- 
> Mike Easter
> kibitzer, not SC admin
>
From nobody at spamcop.net  Wed Sep 24 10:00:16 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Sep 24 10:05:02 2008
Subject: [Scspamcop] Re: ATTN Deputies, SC Broken?-Fixed
In-Reply-To: <gbbk68$nb9$1@news.spamcop.net>
References: <gbarm8$ng4$1@news.spamcop.net> <gbb2tn$jqr$1@news.spamcop.net>
	<gbb3c3$m2h$1@news.spamcop.net> <gbb4r7$u21$1@news.spamcop.net>
	<gbb5t2$3kj$1@news.spamcop.net> <gbbk68$nb9$1@news.spamcop.net>
Message-ID: <gbdh8q$9hl$1@news.spamcop.net>

Bar0 wrote:
> Hmmm.....
> 
> Seems to have sorted itself now.
> 
> 
the error message you were getting is an akamai generated message -- it 
can mean a variety of things including but limited to:

1. the SC website is not responding in a timely fashion
2. some local akamai type problem
3. other


As no one else appears to have been having the problem I suspect it is #2.

I see further down the thread that it has cleared up for you.


Ellen
Spamcop
From nobody at devnull.spamcop.net  Wed Sep 24 10:02:27 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 24 10:05:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
Message-ID: <gbdh9d$ad5$1@news.spamcop.net>

> Twayne wrote:
>
...
>
> I wonder if you could elaborate on what becomes of mail which is sent
> to some old yahoo account/address.

Truthfully, no idea.  I tossed in an old archive a little over two years 
old and pulled my accounts info from it, and tried sending a mail to the 
single Yahoo address I had listed but with no indicator how old/new it 
was in my list.  It bounced.  No idea what other address/es I might have 
had before or at the same time though.

>
> I've heard of people who have a yahoo account which they don't know
> about or even know its password any longer.  However, if that account
> is configured to forward mail to some other address, then it will
> keep doing that.  The old yahoo address may not appear anywhere in
> the To or anywhere else of course, because spam typically/often does
> not have the 'addressee' in the To or anywhere else.

Interesting thought.  But wouldn't that show up as one of the 
suggextions that maybe I have a mailhost missing?  I see that once in 
awhile, but the references are always to obviously not places I'd have 
an account such as overseas or in one cast Comcast?  Probably wishful 
thinking.
>
...

> I don't know anything about yahoo accounts or their being deleted for
> 'nonuse'.  How would yahoo know if something were being used or not?
> If there is a mechanism for the mailbox to get emptied by the server

They can know somehow.  Hotmail before all the changes used to insist 
that you check into a Hotmail site at least monthly or 60 days, 
something like that, or they deactivated the accounts and after 90 days 
they deleted them.  I don't know what Yahoo does but it's apparently not 
hard to do.

>
> I have a gmail account.  It is configured to forward.  I virtually
> never use it for anything, but mail is coming into it all the time
> and being forwarded to another account.  I can't imagine gmail
> advising me that I wasn't using the account, because I am.  I get
> very little spam forwarded from it because gmail has a pretty good
> filter.  I don't know about yahoo's.

lol, spam is the exact reason I quit, and don't like, Yahoo!  It seemed 
no matter what I did or what I had for a username (I used things like 
abcxxxdef where xxx = digits 0-9 at that time) I ended up buried in 
spam.  So I left and didn't look back.  I think gmail at last tries to 
be a little more responsible.

>
> If you don't know that you are 'using' (receiving server forwarded
> mail) a yahoo account, perhaps you should research that subject.

Yes.  Actually, if I want to get my facts straight it occurs to me I 
probably should repeat the entire research bit again from start to 
finish and set up more recent records for it.  I'll start right at my 
ISP again and work outward from there.  I don't think so anymore, but 
last time thru this, I thought Netfirms was responsible for the "by 0". 
So if nothing else I'll give them first denial opporunities and then 
work over to Verizon and Yahoo where I'm pretty sure it's coming from. 
Maybe there's a bad part coming from two different places, who knows?

Looking at some good mail, most headers are of the format from CO:
-------------------------
Received: (qmail 50073 invoked from network); 22 Sep 2008 21:34:25 -0000
Received: from blu0-omc4-s19.blu0.hotmail.com (65.55.111.158)
  *by 0 *with SMTP; 22 Sep 2008 21:34:25 -0000
Received: from BLU108-DS7 ([65.55.111.137]) by 
blu0-omc4-s19.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
  Mon, 22 Sep 2008 14:34:20 -0700
X-Originating-IP: [67.41.145.191]
------------------------
and here's a slightly longer trace from CT:
--------------------
Received: (qmail 64023 invoked from network); 20 Apr 2008 18:54:08 -0000
Received: from qmta06.westchester.pa.mail.comcast.net (76.96.62.56)
  by 0 with SMTP; 20 Apr 2008 18:54:08 -0000
Received: from OMTA12.westchester.pa.mail.comcast.net ([76.96.62.44])
 by QMTA06.westchester.pa.mail.comcast.net with comcast
 id Fnx01Z00B0xGWP8560Yr00; Sun, 20 Apr 2008 18:53:58 +0000
Received: from [192.168.1.100] ([71.235.249.42])
 by OMTA12.westchester.pa.mail.comcast.net with comcast
 id Fuu01Z00B0ve3pT3Y00000; Sun, 20 Apr 2008 18:54:01 +0000
------------------

Those are why I thought initially it was Netfirms doing the 'by 0' 
stamp, but SC and Netfirms both declared it to be Yahoo's and VZ/Yahoo 
didn't blame Netfirms, so ... it sort of made sense.  Qmail is also 
typical of these stamps; seldom anything else.  That makes sense too 
from what I see in the groups, but if that's a solid connection it seems 
to point back to Netfirms.  And that's another reason I'm so lost.
   Unless things have changed, I could at one time stick a Yahoo server 
in there in place of the 'by 0' and get a good parse but putting one of 
the Netfirms servers in place of it, didn't parse right.  Beats the hell 
out of me!  And that's why I guess it's time to start over.  Yés, I 
canceled such tests; did not submit them.

Mostly I hate not knowing.  But secondarily it doesn't seem right to 
ignore part of the RFC like they've done. Whoever 'they' are.  IIRC the 
RFC number I was reading was 2821, SMTP.
...


REgards,

Twayne


From MikeE at ster.invalid  Wed Sep 24 10:08:31 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 10:10:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbdg9n$7og$1@news.spamcop.net>
	<gbdh30$9q3$1@news.spamcop.net>
Message-ID: <gbdhks$b5d$1@news.spamcop.net>

<trimmed, contexted, and attributed>

Maria wrote:
> "Mike Easter"

>> In a moderated forum, if you engage in a 'in your face' style of
>> behavior while defying the recommendations that you not behave that
>> way, you are going to get shut down.

> Essentially what happened is quite simple:
>
> Wazoo irritated me.
>
> If you don't want me to behave irritated, then simpy don't irritate me.

Maybe some married couples behave in an escalating process of bickering
and namecalling, and maybe some junkyard dogs and alleycats adopt a
growling, snarling, hissing 'don't tread on me' style of behavior -- but
civilized people are able to have discussions in which they disagree
without getting whacky.

And, if you and I are going to have a conversation, you will have to trim
and context your replies -- not top post.  When you top post, you aren't
responding specifically to anything I say.  You should either trim away
everything I said and 'recapitulate' it in a paraphrase of describing
exactly what part of what I said that you are replying to -- or -- you
should trim away everything I said which you aren't replying to and then
put your own replying words right under an empty line under my words.

Like this:  http://www.anta.net/misc/nnq/nquote.shtml  Quoting style in
newsgroup postings

I don't intend to restructure all of your replies here.  I would rather
stop talking to you.




-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Wed Sep 24 11:00:53 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Sep 24 11:05:05 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
In-Reply-To: <gbdh9d$ad5$1@news.spamcop.net>
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net>
Message-ID: <gbdknb$ke8$1@news.spamcop.net>

Twayne wrote:
> 
> Looking at some good mail, most headers are of the format from CO:
> -------------------------
> Received: (qmail 50073 invoked from network); 22 Sep 2008 21:34:25 -0000
> Received: from blu0-omc4-s19.blu0.hotmail.com (65.55.111.158)
>   *by 0 *with SMTP; 22 Sep 2008 21:34:25 -0000
> Received: from BLU108-DS7 ([65.55.111.137]) by 
> blu0-omc4-s19.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
>   Mon, 22 Sep 2008 14:34:20 -0700
> X-Originating-IP: [67.41.145.191]
> ------------------------
> and here's a slightly longer trace from CT:
> --------------------
> Received: (qmail 64023 invoked from network); 20 Apr 2008 18:54:08 -0000
> Received: from qmta06.westchester.pa.mail.comcast.net (76.96.62.56)
>   by 0 with SMTP; 20 Apr 2008 18:54:08 -0000
> Received: from OMTA12.westchester.pa.mail.comcast.net ([76.96.62.44])
>  by QMTA06.westchester.pa.mail.comcast.net with comcast
>  id Fnx01Z00B0xGWP8560Yr00; Sun, 20 Apr 2008 18:53:58 +0000
> Received: from [192.168.1.100] ([71.235.249.42])
>  by OMTA12.westchester.pa.mail.comcast.net with comcast
>  id Fuu01Z00B0ve3pT3Y00000; Sun, 20 Apr 2008 18:54:01 +0000
> ------------------
> 
> Those are why I thought initially it was Netfirms doing the 'by 0' 
> stamp, but SC and Netfirms both declared it to be Yahoo's and VZ/Yahoo 
> didn't blame Netfirms, so ... it sort of made sense.  Qmail is also 
> typical of these stamps; seldom anything else.  That makes sense too 
> from what I see in the groups, but if that's a solid connection it seems 
> to point back to Netfirms.  And that's another reason I'm so lost.
>    Unless things have changed, I could at one time stick a Yahoo server 
> in there in place of the 'by 0' and get a good parse but putting one of 
> the Netfirms servers in place of it, didn't parse right.  Beats the hell 
> out of me!  And that's why I guess it's time to start over.  Y?s, I 
> canceled such tests; did not submit them.
> 
> Mostly I hate not knowing.  But secondarily it doesn't seem right to 
> ignore part of the RFC like they've done. Whoever 'they' are.  IIRC the 
> RFC number I was reading was 2821, SMTP.
> ...
> 
> 
> REgards,
> 
> Twayne
> 
> 

Coming into the conversation late but anyway -- are the mails/spams 
being forwarded to your netfirms/domain email address? just posting 
snippets of received headers doesn't reveal any useful information - 
tracking urls would however.

If they are being sent to your <name>@<mydomain>.com account or 
forwarded there then that is who is stamping the top header line and 
that is whose qmail server is not putting in the fully qualified domain 
name (FQDN) ... In neither of those snippets do I see anything to do 
with yahoo.

Of course as I say I am joining the party late ... so I am probably 
confused.


Ellen
SpamCop
From MikeE at ster.invalid  Wed Sep 24 11:01:02 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 11:05:05 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net>
Message-ID: <gbdknb$ke7$1@news.spamcop.net>

Twayne wrote:

>> I wonder if you could elaborate on what becomes of mail which is sent
>> to some old yahoo account/address.
>
> Truthfully, no idea.

Uhhhhh...

>> I've heard of people who have a yahoo account which they don't know
>> about or even know its password any longer.

> Interesting thought.  But wouldn't that show up as one of the
> suggextions that maybe I have a mailhost missing?

I don't think that SC mailhost configuration should be the mechanism by
which that topic is researched.

>> I don't know anything about yahoo accounts or their being deleted for
>> 'nonuse'.  How would yahoo know if something were being used or not?
>> If there is a mechanism for the mailbox to get emptied by the server
>
> They can know somehow.  Hotmail before all the changes used to insist
> that you check into a Hotmail site at least monthly or 60 days,
> something like that, or they deactivated the accounts and after 90 days
> they deleted them.  I don't know what Yahoo does but it's apparently not
> hard to do.

I'm pretty sure that if I were suspicious of having an account somewhere
which was autoforwarding mail to another mail account, that I could figure
it out by my email's headers.  I don't think it is the forwarding mail
provider whose job it is to figure out whether a mailbox should be killed
or not because the mailbox's owner doesn't know it exists.

Once I got my hands on a recent email which was so autoforwarded, I would
try to work with the mail provider to kill the specific account.

>> I have a gmail account.  It is configured to forward.  I virtually
>> never use it for anything, but mail is coming into it all the time
>> and being forwarded to another account.  I can't imagine gmail
>> advising me that I wasn't using the account, because I am.

>> If you don't know that you are 'using' (receiving server forwarded
>> mail) a yahoo account, perhaps you should research that subject.
>
> Yes.  Actually, if I want to get my facts straight it occurs to me I
> probably should repeat the entire research bit again from start to
> finish and set up more recent records for it.  I'll start right at my
> ISP again and work outward from there.

You are using the term ISP again which seems ambiguous to me in this
context.  To me, an ISP is someone who you pay for connectivity who also
provides you with mailboxes.  My ISP is earthlink (cable) whose
infrastructure is provided by timewarner cable which is the same
infrastructure as roadrunner's.  I also have a gmail (mailbox) account
which I don't consider my ISP.  I also have a free dialup connectivity
account (backup) which I don't consider my ISP.

I think that your terminology in this context should be 'mailbox
providers' not ISPs.

> I don't think so anymore, but
> last time thru this, I thought Netfirms was responsible for the "by 0".

I don't know why you wouldn't think the netfirms' server was responsible
for the by0.  In fact, these goodmail examples below are a good way for
you to get clear on that fact.  In the case of the goodmail, you should
know exactly what the To says.

> So if nothing else I'll give them first denial opporunities and then
> work over to Verizon and Yahoo where I'm pretty sure it's coming from.

I completely disagree with that approach.  You should be able to figure
out 'your own self' what the addresses of all of your mailboxes are and
how that mail is being handled.

> Maybe there's a bad part coming from two different places, who knows?

I don't think that it should be such a mystery.

> Looking at some good mail, most headers are of the format from CO:
> -------------------------
> Received: (qmail 50073 invoked from network); 22 Sep 2008 21:34:25 -0000
> Received: from blu0-omc4-s19.blu0.hotmail.com (65.55.111.158)
>   *by 0 *with SMTP; 22 Sep 2008 21:34:25 -0000
> Received: from BLU108-DS7 ([65.55.111.137]) by
> blu0-omc4-s19.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
>   Mon, 22 Sep 2008 14:34:20 -0700
> X-Originating-IP: [67.41.145.191]
> ------------------------

67.41.145.191 = 67-41-145-191.hlrn.qwest.net (connectivity)
65.55.111.137 = no rDNS hotmail server
65.55.111.158 = blu0-omc4-s19.blu0.hotmail.com
by 0 = (I call) netfirms.com for twaynesdomain.com

qwest.net connector > hotmail > twaynesdomain

<but you didn't identify for us the domainname of you the recipient>

> and here's a slightly longer trace from CT:
> --------------------
> Received: (qmail 64023 invoked from network); 20 Apr 2008 18:54:08 -0000
> Received: from qmta06.westchester.pa.mail.comcast.net (76.96.62.56)
>   by 0 with SMTP; 20 Apr 2008 18:54:08 -0000
> Received: from OMTA12.westchester.pa.mail.comcast.net ([76.96.62.44])
>  by QMTA06.westchester.pa.mail.comcast.net with comcast
>  id Fnx01Z00B0xGWP8560Yr00; Sun, 20 Apr 2008 18:53:58 +0000
> Received: from [192.168.1.100] ([71.235.249.42])
>  by OMTA12.westchester.pa.mail.comcast.net with comcast
>  id Fuu01Z00B0ve3pT3Y00000; Sun, 20 Apr 2008 18:54:01 +0000
> ------------------

71.235.249.42 = c-71-235-249-42.hsd1.ma.comcast.net
76.96.62.44 & 76.96.62.56 = comcast servers

comcast connector > comcast servers > twaynesdomain

<but you didn't identify for us the domainname of you the recipient>

> Those are why I thought initially it was Netfirms doing the 'by 0'
> stamp, but SC and Netfirms both declared it to be Yahoo's

I interpreted what Don said as his opinion that by0 was netfirms.  I have
no idea what netfirms said.

>  and VZ/Yahoo
> didn't blame Netfirms, so ... it sort of made sense.

Are you saying that the above headers were sent to some vz/yh address or
to twaynesdomain?




-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Wed Sep 24 11:12:55 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 11:15:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net>
Message-ID: <gbdldk$nlu$1@news.spamcop.net>

Twayne wrote:

> Looking at some good mail, most headers are of the format from CO:

> and here's a slightly longer trace from CT:

BTW, that method of talking about headers is suboptimal.

The best way is to adopt my 'boilerplate' advice about privatizing and
trackers and cancelling.  In this case, the privatization could munge the
username but not the domainname of the To, and it could munge all of the
>From and it could replace the subject and body with MUNGED or whatever.


How to make a tracker:

 1 select and obtain the complete spam
 2 privatize the header&body content
 3 webparse it & copy the tracking URL
 4 cancel the report & paste the tracker in here


1  ... in the manner described by the SC faq
http://www.spamcop.net/fom-serve/cache/19.html  How do I get my email
program to reveal the full, unmodified email?

2 ... by modestly and unambiguously mungeing any private information you
don't want to expose, such as your name or email address which might
appear anywhere in the header or body.  Avoid excessive or confusing
mungeing.

3 login to the SC webparser, paste in the spam, and click Process Spam
button;  then copy the tracking URL from the top 'Here is your TRACKING
URL' of the appearance
http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez

4 ... after parsing, the report is 'live' until the cancel button is
used.  After cancelling the tracker disappears;  the munged spam report
should be cancelled because it has been materially changed and because
you don't want to leave a tracker live.





-- 
Mike Easter
kibitzer, not SC admin

From tmcgraw at spamcop.net  Wed Sep 24 11:43:19 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Sep 24 11:45:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
 handle multibyte characters, SC doesn't find   reporting   address
In-Reply-To: <gbdh30$9q3$1@news.spamcop.net>
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbdg9n$7og$1@news.spamcop.net>
	<gbdh30$9q3$1@news.spamcop.net>
Message-ID: <gbdn6o$v9h$1@news.spamcop.net>

Maria wrote:
> Essentially what happened is quite simple:
> 
> Wazoo irritated me.
> 
> If you don't want me to behave irritated, then simpy don't irritate me.

What a peach you must be!
From MikeE at ster.invalid  Wed Sep 24 11:58:41 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 12:00:04 2008
Subject: [Scspamcop] Twayne summary
Message-ID: <gbdo3d$6f9$1@news.spamcop.net>

Summary:

You have posted 4 spamtrackers here, all of which 'ended' with the topline
by0.  2 of those were 'direct' to the by0 provider and 2 appear to be
forwarded via a vz/yh system to the topline by0.  You have pasted 2
partial headers of goodmail here which end with the topline by0.

Date: Tue, 16 Sep 2008 17:40:03 -0400
http://www.spamcop.net/sc?id=z2252252187ze2af7249bf92b1b8c93d194639cd6ec8z
http://www.spamcop.net/sc?id=z2251380926z6475221400831c985d452c35b6956e06z

Date: Sat, 20 Sep 2008 18:39:46 -0400
http://www.spamcop.net/sc?id=z2263525135z8b5bc7ffc921fb0bcdc89f03fe82ca96z
http://www.spamcop.net/sc?id=z2263524117zc6144cd7edeaa351976cdd26d99bdeabz

You have acknowledged that you have a twaynesdomain and a verizon mailbox.
You doubt if you still have a yahoo mailbox.

Separate from the by0 issue in which the receiving server's domainname is
never mentioned in the headers, the trackers which show the routing vz/yh
are zany and noncompliant before they get to the by0.  Since we have only
seen two of them and since the noncompliance is on multiple lines, it is
possible that there may have been some header misinterpretation so far.

Here is my interpretation of the path (using the stamped domainnames in
the from & by fields) which involves vz/yh from both the 2 such trackers:

XOIP source > mailsrvcs.net > verizon.net > yahoo.com > by 0

In both those cases, 3 bad/noncompliant lines can be seen in the stamps
placed by mailsrvcs.net & by yahoo.com & by by0.

mailsrvcs.net is a bogusname for a verizon net server
yahoo.com puts an additional and bogus IP in the from field
by0 doesn't name itself.

It is my interpretation that your verizon mail is being forwarded to your
twaynesdomain mailbox and that netfirms which is handling the
twaynesdomain is stamping the by0.


-- 
Mike Easter
kibitzer, not SC admin

From snowbat at geocities.com  Wed Sep 24 13:21:05 2008
From: snowbat at geocities.com (Snowbat)
Date: Wed Sep 24 13:25:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
	<g9ooem$ft2$1@news.spamcop.net>
Message-ID: <gbdsu1$uav$1@news.spamcop.net>

On Thu, 04 Sep 2008 10:44:18 -0300, Snowbat wrote:

Problem with abuse@asta-net.pl

$ whois 77.45.26.245
inetnum:        77.45.0.0 - 77.45.31.255
netname:        ASTA-NET                
descr:          ASTA-NET CUSTOMERS      
country:        PL                      
admin-c:        TK1957-RIPE             
admin-c:        JS3340-RIPE             
admin-c:        AFW-RIPE                
tech-c:         TK1957-RIPE             
tech-c:         JS3340-RIPE             
tech-c:         AFW-RIPE                
status:         ASSIGNED PA             
remarks:        ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks:        ! - ! Please send spam and abuse notification only to abuse@asta-net.pl ! - !  <<<<<<<
remarks:        ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !

http://www.spamcop.net/sc?action=rcache;ip=77.45.26.245
"whois 77.45.26.245@whois.arin.net" (Getting contact from whois.arin.net )
   Redirect to ripe
   Display data:
   "whois 77.45.26.245@whois.ripe.net" (Getting contact from whois.ripe.net)
   Abuse address in 'remarks' field: abuse@asta-net.pl
   whois.ripe.net found abuse contacts for 77.45.26.245 = abuse@asta
   whois: 77.45.0.0 - 77.45.31.255 = abuse@asta
Routing details for 77.45.26.245
Using abuse net on abuse@asta
Using best contacts abuse@asta <<<<<<<

From nobody at spamcop.net  Wed Sep 24 13:45:49 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Sep 24 13:55:03 2008
Subject: [Scspamcop] Re: Twayne summary
In-Reply-To: <gbdo3d$6f9$1@news.spamcop.net>
References: <gbdo3d$6f9$1@news.spamcop.net>
Message-ID: <gbdupa$b1k$1@news.spamcop.net>

Mike Easter wrote:

> 
> It is my interpretation that your verizon mail is being forwarded to your
> twaynesdomain mailbox and that netfirms which is handling the
> twaynesdomain is stamping the by0.
> 
> 

Twayne: yes -- some are forwarded to twaynesdomain from wherever and at 
least one is sent there directly. The source of the by 0 is the host for 
twaynesdomain. That is netfirms or whoever hosts the domain. They are 
running qmail and let it default at installation wrt the FQDN which is 
where the by 0 comes from. Whoever admins that/those server(s) needs to 
make the simple change to put in the FQDN.  The "by 0" has nothing to do 
with verizon or yahoo.

I have nothing to add to the previous analyses of the bogusity of the 
yahoo/verizon received headers. They are what they are and the odds of 
getting useful changes made is somewhere south of 0 I suspect.

I think we have beat this to death so I have nothing more to say about 
other than to say: netfirms needs to be notified about this and get it 
fixed. I have written to them.


Ellen
SpamCop
From nobody at devnull.spamcop.net  Wed Sep 24 15:08:11 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 24 15:10:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net> <gbdldk$nlu$1@news.spamcop.net>
Message-ID: <gbe36k$u22$1@news.spamcop.net>

> Twayne wrote:
>
>> Looking at some good mail, most headers are of the format from CO:
>
>> and here's a slightly longer trace from CT:
>
> BTW, that method of talking about headers is suboptimal.

I agree, and also I neglected to mention was that what I posted was all 
received lines.  I might, just might, have a solution at hand finally, 
but just for reference, here are the mail trackers a tech Mgr and I just 
got through analyzing:
---------------
http://www.spamcop.net/sc?id=z2273296551z975408a6308b0b41fa9ac41bcef14508z
http://www.spamcop.net/sc?id=z2273298022zaed4d8936eea69b294af6a786ae7effbz
http://www.spamcop.net/sc?id=z2273302562z0801ca2c53bf2c694be1e12ab33de247z
and a spam:
http://www.spamcop.net/sc?id=z2273299723zfcef5b199915c279fb748a31ec0fbffdz

lol, and this receipt from Netfirms that can't be processed but is 
legitimate:
http://www.spamcop.net/sc?id=z2273307341z6cec77a436287c166c97ad112332ae77z

Some of those have unmunged info, so please treat them accordingly.  I 
forgot to look thru them because time is growing short on me.
--------------
   Pick your choose:  They are all about the same formats.
   And yes, I cancelled each one before leaving the window so if you see 
anything live, kill it! You shouldn't see anything live though.

Now for what *might* be the good news:
  I managed to get a support manager to talk to me on the phone.  He 
agreed that it IS the VZ/Yahoo setup causing the problems and after 
trying to briefly tell me there might be sort of "encryption" reason for 
the "by 0", he finally said he looked closer and then remotely took over 
my machine so he could check all my OE settings etc. on his own and see 
what's up.  Hmm, now I think about it, I think he left the "include when 
checking mail" turned off on my VZ account!

   At any rate, thanks to his continued persistance and finally his 
interest in the by thing, he finally got someone else together with him 
and between their cogitations decided they were indeed responsible for 
the "by 0".  I wasn't smart enough to ask whether that meant VZ or 
Yahoo, but I guess I don't care IFF they actually can fix the problem as 
they claim they can do.  I was invited to come back anytime, and 
continue to ask questions if the situation wasn't completely rectified, 
so ... let's see whether their word and technical abilities are any 
good.  He said maybe a week or two before the fix could be implemented; 
there was paperwork to generate and "rationalizations" to complete.
   He claimed to be in CA but his name and speech sure sounded like 
India; guess we'll find out!  He called me, so I've now way of knowing 
where he actually is.  V Paresh was his name FWIW in case anyone ever 
heard of him.

So, I'm from Missouri on this yet, but ... at least there will be hope 
for awhile.  He even copied/saved some of the forum conversations about 
Qmail that I had in the same folder I let him into.

Aside; sort of a "cute" story:

Verizon/Yahoo is where you go if you enter verizon.net into your 
browser.  It seems to be one single org, but obviously it's not, 
technically.  They make it hard to email, but easy to chat so I picked 
the chat.
   The first assistant just threw up his hands and had no idea what I 
was talking about.  When I asked for a higher level contact he said he 
couldn't do that and signed off.
   The second time the guy seemed interested in helping and we spent a 
lot of time with my trying to make him understand my problem was NOT 
with my email tx/rx, but with the email headers.  Then he lied to me at 
which point I excused him for not understanding my problem, said it was 
OK, and asked to be given a contact further up the chain, preferably 
management.   He asked some more questions and when he finally appeared 
to almost understand what I was trying to say,  he just abruptly said 
"bye" and closed the connection.  Upon which I went and found an e-mail 
link and reported the chump, along with his name and the complete copy 
of our conversation.
  About 20 minutes after that I recieved the call from V Paresh, 
claiming to be a tech support "manager".  He and I got places and he 
even quoted parts of RFC2821 to me so he at least had some understanding 
of things like headers, etc..  When he came across how to "fix" Qmail 
servers by accident, I thought I'd be able to hear him wetting his pants 
he was so happy.  So, for a manger, that was bad form; managers should 
never show that much surprise at anything, IMO.
   I meant to ask Paresh why he called me, but there was likely only one 
place where he could have gotten my phone number and called me right 
after my complaint was sent.  So it's MY assumption that the complaint 
did anything good.  In reality, I've flooded VZ/Yahoo's contact forms, 
whatever I could locate that was different from the last one, with 
questions about the headers.  Most only allowed 70 characters, so it 
took three forms to even minimally say all I had to say.

I still don't have Netfirms' response; this could get interesting, I 
suppose.  As a rule they respond the same day but not always.

Maybe I've made a difference, maybe I haven't.  I'm not holding my 
breath<g>.

Twayne







From nobody at devnull.spamcop.net  Wed Sep 24 15:18:01 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 24 15:20:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net>
Message-ID: <gbe3p3$v9f$1@news.spamcop.net>

> Summary:
>
> You have posted 4 spamtrackers here, all of which 'ended' with the
> topline by0.  2 of those were 'direct' to the by0 provider and 2
> appear to be forwarded via a vz/yh system to the topline by0.  You
> have pasted 2 partial headers of goodmail here which end with the
> topline by0.
>
> Date: Tue, 16 Sep 2008 17:40:03 -0400
> http://www.spamcop.net/sc?id=z2252252187ze2af7249bf92b1b8c93d194639cd6ec8z
> http://www.spamcop.net/sc?id=z2251380926z6475221400831c985d452c35b6956e06z
>
> Date: Sat, 20 Sep 2008 18:39:46 -0400
> http://www.spamcop.net/sc?id=z2263525135z8b5bc7ffc921fb0bcdc89f03fe82ca96z
> http://www.spamcop.net/sc?id=z2263524117zc6144cd7edeaa351976cdd26d99bdeabz
>
> You have acknowledged that you have a twaynesdomain and a verizon
> mailbox. You doubt if you still have a yahoo mailbox.
>
> Separate from the by0 issue in which the receiving server's
> domainname is never mentioned in the headers, the trackers which show
> the routing vz/yh are zany and noncompliant before they get to the
> by0.  Since we have only seen two of them and since the noncompliance
> is on multiple lines, it is possible that there may have been some
> header misinterpretation so far.
>
> Here is my interpretation of the path (using the stamped domainnames
> in the from & by fields) which involves vz/yh from both the 2 such
> trackers:
>
> XOIP source > mailsrvcs.net > verizon.net > yahoo.com > by 0
>
> In both those cases, 3 bad/noncompliant lines can be seen in the
> stamps placed by mailsrvcs.net & by yahoo.com & by by0.
>
> mailsrvcs.net is a bogusname for a verizon net server
> yahoo.com puts an additional and bogus IP in the from field
> by0 doesn't name itself.
>
> It is my interpretation that your verizon mail is being forwarded to
> your twaynesdomain mailbox and that netfirms which is handling the
> twaynesdomain is stamping the by0.

Probably, Mike.  I parsed and posted a few trackers back in the other 
thread, mostly to make up for my stupidity in not having done so 
initially.  Plus I forgot to scrutinize them for munging purposes, so 
... please treat them accordingly<g>.
   And like I said in that post, whether I made any difference or not, I 
did at least get some attention from a Verizon/Yahoo support manager 
that I can reach again should I need to.  At least he knew what I was 
talking about; no idea whether anything else he/I said is accurate or 
not.

I'm actually pleased that you also see Netfirms as the cause of the 
problem, because I think I do too.  I'm going to figure out a workaround 
to that; shouldn't be hard to do, and hopefully it'll prove it once and 
for all.  Maybe I'll try a gmail account; I want to get far away from 
Yahoo if I can.  Hmm, sneakemail is a possibility, too.

So, I don't know if you have any interest left in this or not, but the 
other thread does have some trackers it; 5, I think, even though they're 
all similar.

Regards,

Twayne


From nobody at devnull.spamcop.net  Wed Sep 24 15:35:07 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 24 15:35:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
Message-ID: <gbe4p5$20q$1@news.spamcop.net>

> Mike Easter wrote:
>
>>
>> It is my interpretation that your verizon mail is being forwarded to
>> your twaynesdomain mailbox and that netfirms which is handling the
>> twaynesdomain is stamping the by0.
>>
>>
>
> Twayne: yes -- some are forwarded to twaynesdomain from wherever and
> at least one is sent there directly. The source of the by 0 is the
> host for twaynesdomain. That is netfirms or whoever hosts the domain.

Yes, that would be Netfirms; for now<g>.

> They are running qmail and let it default at installation wrt the
> FQDN which is where the by 0 comes from. Whoever admins that/those
> server(s) needs to make the simple change to put in the FQDN.  The
> "by 0" has nothing to do with verizon or yahoo.

I hope you're right.  Wish I'd read this before I responded to Mike's 
last post in the other thread, but ... such is life.  There's nothing 
worse than a little knowledge, and that might be what I encountered 
there.  You'll see what I mean if you take a look at my last post in the 
other thread.  There are also some trackers there for anyone who's 
interested.  It sure confuses the devil out of me!
>
> I have nothing to add to the previous analyses of the bogusity of the
> yahoo/verizon received headers. They are what they are and the odds of
> getting useful changes made is somewhere south of 0 I suspect.
>
> I think we have beat this to death so I have nothing more to say about
> other than to say: netfirms needs to be notified about this and get it
> fixed. I have written to them.

THANK YOU!  I've sent them a mail too!
    I like Netfirms and you can't beat their price structure for what 
you get, but ... if you're right, which is all this first part of my 
research started out to prove, then that alone is a big step.  I need to 
be certain that when I start to make a PIA of myself, I'm doing it at 
the right place<G>.

   Historically, a couple of years ago, I started with Netfirms and they 
blamed Verizon/Yahoo.  I went to Verizon and they were blaming Yahoo and 
of course Yahoo was blaming Verizon.  This time it appears that, to the 
caller/user/visitor, there is no longer any difference between the two. 
Once you sign in, every page says Yahoo/Verizon or Verizon/Yahoo; 
usually Yahoo first.

Regards,

Twayne

>
>
> Ellen
> SpamCop



From stephenbye at byedesign.co.uk  Wed Sep 24 17:39:51 2008
From: stephenbye at byedesign.co.uk (Stephen Bye)
Date: Wed Sep 24 17:40:03 2008
Subject: [Scspamcop] [media] Spamming ISP cut off from Internet
Message-ID: <gbec2s$sml$1@news.spamcop.net>

http://tech.slashdot.org/article.pl?sid=08/09/23/1631234


From MikeE at ster.invalid  Wed Sep 24 17:43:33 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Wed Sep 24 17:45:03 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net> <gbdldk$nlu$1@news.spamcop.net>
	<gbe36k$u22$1@news.spamcop.net>
Message-ID: <gbeca0$t56$1@news.spamcop.net>

Twayne wrote:

> but just for reference, here are the mail trackers a tech Mgr and I just
> got through analyzing:

z2273296551z975408a6308b0b41fa9ac41bcef14508z
z2273298022zaed4d8936eea69b294af6a786ae7effbz
z2273302562z0801ca2c53bf2c694be1e12ab33de247z

<snip the  http://www.spamcop.net/sc?id= parts>

Those 3 sample goodmails are very useful and informative.

z2273307341z6cec77a436287c166c97ad112332ae77z

and that one from netfirms.



-- 
Mike Easter
kibitzer, not SC admin

From mikeyhsd at lamparty.net  Wed Sep 24 19:12:37 2008
From: mikeyhsd at lamparty.net (mikeyhsd)
Date: Wed Sep 24 19:15:03 2008
Subject: [Scspamcop] Re: email address change
In-Reply-To: <rlvjd4hj704vdikdfsafbk7javup6ebnf8@4ax.com>
References: <gbbsav$gvo$1@news.spamcop.net>
	<rlvjd4hj704vdikdfsafbk7javup6ebnf8@4ax.com>
Message-ID: <gbehhg$drf$1@news.spamcop.net>

thank you.

done.



-- 

mikeyhsd@lamparty.net




"SpamCop Admin" <nobody@devnull.spamcop.net> wrote in message 
news:rlvjd4hj704vdikdfsafbk7javup6ebnf8@4ax.com...
> mikeyhsd wrote:
>>-due to sprint dropping email support in december, it is imperative that I
>>-log on to spam cop and edit my profile to change the email address.
>
> Please write to me directly with your account details, and I'll be
> happy to help.
>
> Write to me at:  service at admin.spamcop.net
>
> - Don D'Minion - SpamCop Admin - 

From g.hyde at bigNOSPAMpond.net.au  Wed Sep 24 19:53:19 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Wed Sep 24 19:55:03 2008
Subject: [Scspamcop] Re: [media] Spamming ISP cut off from Internet
References: <gbec2s$sml$1@news.spamcop.net>
Message-ID: <gbejtj$lmu$1@news.spamcop.net>


"Stephen Bye" <stephenbye@byedesign.co.uk> wrote in message 
news:gbec2s$sml$1@news.spamcop.net...
> http://tech.slashdot.org/article.pl?sid=08/09/23/1631234

The networkworld article this was excerpted from:

http://www.networkworld.com/news/2008/092308-accused-of-tolerating-scammers-an.html?ts0hb&story=ts_isp


Cheers ...

Geoffrey Hyde


From nobody at devnull.spamcop.net  Wed Sep 24 19:53:32 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Wed Sep 24 19:55:04 2008
Subject: [Scspamcop] Re: a result of "by 0" ? & RFC?
References: <gb3u37$bap$1@news.spamcop.net> <gb4flc$8b7$1@news.spamcop.net>
	<gb9e64$m9$1@news.spamcop.net> <gb9q95$4re$1@news.spamcop.net>
	<gbbs7k$gso$1@news.spamcop.net> <gbc5d7$bie$1@news.spamcop.net>
	<gbdh9d$ad5$1@news.spamcop.net> <gbdldk$nlu$1@news.spamcop.net>
	<gbe36k$u22$1@news.spamcop.net> <gbeca0$t56$1@news.spamcop.net>
Message-ID: <gbejtm$lng$1@news.spamcop.net>

> Twayne wrote:
>
>> but just for reference, here are the mail trackers a tech Mgr and I
>> just got through analyzing:
>
> z2273296551z975408a6308b0b41fa9ac41bcef14508z
> z2273298022zaed4d8936eea69b294af6a786ae7effbz
> z2273302562z0801ca2c53bf2c694be1e12ab33de247z
>
> <snip the  http://www.spamcop.net/sc?id= parts>
>
> Those 3 sample goodmails are very useful and informative.
>
> z2273307341z6cec77a436287c166c97ad112332ae77z
>
> and that one from netfirms.

lol, Yahoo's a hoot!
 I found another possible address I'd once used on Yahoo, so earlier 
today I sent a mail TO it, and a mail FROM it from myself.  The mail 
FROM it arrived, no problem, in my POPped mailbox..
  But the mail TO it, I just received the following:
--------------------------
<munge@yahoo.com>:
216.39.53.3 failed after I sent the message.
Remote host said: 554 delivery error: dd Sorry your message to 
munge@yahoo.com cannot be delivered. This account has been disabled or 
discontinued [#102]. - mta338.mail.re4.yahoo.com
------------------------

.re4 is a new one too; I only recall seeing up to re2 in the past so far 
in the "by 0" mails.

Sooo, it exists, but it's been disabled or discontinued, but it still 
receives mail and allows me to pop it.  Neat.  So I have me a 
receive-only email account at Yahoo.  Mail TO it I can get; I just can't 
send any mail FROM it.

Twayne 


From nobody at spamcop.net  Wed Sep 24 20:09:30 2008
From: nobody at spamcop.net (Ellen)
Date: Wed Sep 24 20:15:03 2008
Subject: [Scspamcop] Re: Twayne summary
In-Reply-To: <gbe4p5$20q$1@news.spamcop.net>
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net>
Message-ID: <gbel29$of5$1@news.spamcop.net>

Twayne wrote:
>> Mike Easter wrote:
>>
>>> It is my interpretation that your verizon mail is being forwarded to
>>> your twaynesdomain <snip>

Please be more careful in your attributions. While the above is from 
Mike the below is from me

>>>
>>>
>> Twayne: yes -- some are forwarded to twaynesdomain from wherever and
>> at least one is sent there directly. The source of the by 0 is the
>> host for twaynesdomain. That is netfirms or whoever hosts the domain.


> 
> Yes, that would be Netfirms; for now<g>.
> 
>> They are running qmail and let it default at installation wrt the
>> FQDN which is where the by 0 comes from. Whoever admins that/those
>> server(s) needs to make the simple change to put in the FQDN.  The
>> "by 0" has nothing to do with verizon or yahoo.
> 
> I hope you're right. 

I looked at the spams/mail in it's unmunged/raw form which includes the 
"to/delivered-to" etc and the mail is clearly forwarded to and/or sent 
directly to your netfirms email address. Makes it a whole lot easier to 
see what is happening when you can see that. That top received header is 
stamped by the netfirms  server which accepts mail for twaynesdomain.



>>
>> I think we have beat this to death so I have nothing more to say about
>> other than to say: netfirms needs to be notified about this and get it
>> fixed. I have written to them.

And got an autobot from them which says that a real person will look at 
the mail at some point.


> 
> THANK YOU!  I've sent them a mail too!
>     I like Netfirms and you can't beat their price structure for what 
> you get, but ... if you're right, which is all this first part of my 
> research started out to prove, then that alone is a big step.  I need to 
> be certain that when I start to make a PIA of myself, I'm doing it at 
> the right place<G>.

This gmail "by 0" is pretty common or has been over the years -- it is 
easy to overlook the setting when installing gmail. I would presume that 
sooner or later they will get it fixed. I suspecct that how long it 
takes depends on how many servers they have to fix.


Ellen
SpamCop

From me at privacy.net  Wed Sep 24 20:40:55 2008
From: me at privacy.net (Frog Prince)
Date: Wed Sep 24 20:45:03 2008
Subject: [Scspamcop] Re: Banned Forum Account - Was: Re: Even if it could
	handle multibyte characters, SC doesn't find   reporting   address
References: <g68ql3$juu$1@news.spamcop.net>
	<g6j93g$cb$1@news.spamcop.net><g6jbhf$606$2@news.spamcop.net>
	<g6jlpb$2cl$1@news.spamcop.net><g6l4gd$q4r$1@news.spamcop.net>
	<gbaokm$3q4$1@news.spamcop.net> <gbb5ea$1k9$1@news.spamcop.net>
	<gbb9rk$i9p$1@news.spamcop.net> <gbdg9n$7og$1@news.spamcop.net>
	<gbdh30$9q3$1@news.spamcop.net>
Message-ID: <gbemrc$u5e$1@news.spamcop.net>


"Maria" <maria.jacobs@xs4all.nl> wrote in message 
news:gbdh30$9q3$1@news.spamcop.net...
| Essentially what happened is quite simple:
|
| Wazoo irritated me.
|
| If you don't want me to behave irritated, then simpy don't irritate me.

The micor-give-a-sh|t news group is ====> that way.

Watch out for the heavy screen door on your way out.


From tmcgraw at spamcop.net  Wed Sep 24 21:22:57 2008
From: tmcgraw at spamcop.net (Tim McGraw)
Date: Wed Sep 24 21:25:04 2008
Subject: [Scspamcop] Re: [media] Spamming ISP cut off from Internet
In-Reply-To: <gbec2s$sml$1@news.spamcop.net>
References: <gbec2s$sml$1@news.spamcop.net>
Message-ID: <gbep5i$4e5$1@news.spamcop.net>

Stephen Bye wrote:
> http://tech.slashdot.org/article.pl?sid=08/09/23/1631234

As I understand it, it wasn't so much the spam (as your subject line 
suggests) but the malware coming out of Intercage that resulted in the 
severing of peerage.

Very informative spamhaus blog entry from last month: 
http://www.spamhaus.org/news.lasso?article=636
From V at nguard.LH  Thu Sep 25 00:39:13 2008
From: V at nguard.LH (VanguardLH)
Date: Thu Sep 25 00:40:03 2008
Subject: [Scspamcop] Re: [media] Spamming ISP cut off from Internet
References: <gbec2s$sml$1@news.spamcop.net>
Message-ID: <gbf4k0$635$1@news.spamcop.net>

Stephen Bye wrote:

> http://tech.slashdot.org/article.pl?sid=08/09/23/1631234

And now they're back up.

http://www.theregister.co.uk/2008/09/24/intercage_back_online/

So much for community pressure to kill them.  I've many times traced a
"bad" domain to EstDomains ran through Intercage/Atrivo.  Without fines
and legal sanctions against continued or renew operations enforced
against Emil Kacperski, owner of Intercage, it was obvious that nothing
would bar him from simply finding another dupe for his upstream
provider.  That's like the Better Business Bureau where a company simply
has to shutdown under one name and startup under a different name and
carry on doing whatever got them in hot water with their customers
before.  No real punishment.
From nobody at spamcop.net  Thu Sep 25 03:06:22 2008
From: nobody at spamcop.net (RandallW)
Date: Thu Sep 25 03:10:03 2008
Subject: [Scspamcop] Re: [media] Spamming ISP cut off from Internet
References: <gbec2s$sml$1@news.spamcop.net> <gbf4k0$635$1@news.spamcop.net>
Message-ID: <gbfd9e$71m$1@news.spamcop.net>

I guess this explains why my manual complaints to Estdomains and Intercage 
haven't been going through. :p 


From MikeE at ster.invalid  Thu Sep 25 09:10:54 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 09:15:03 2008
Subject: [Scspamcop] SenderBase SBRS discussions
Message-ID: <gbg2kp$so1$1@news.spamcop.net>

There have been some discussions in the SC forum in the past week, and
also questions in nanae about the problems created by senderbase
reputation scores.

Servers use senderbase applicances which use the SBRS senderbase
reputationscore and if an IP has a poor reputation, its mail may be
blocked or graylisted whether it is currently on any blocklists such as
SCBL or not.  The last 3 IPs which were having trouble and asking
questions had poor SBRS reputation and/but weren't (otherwise) blocklisted
anywhere (in the 268 blocklists accessed by dnsstuff or mxtoolbox).

For reference or additional information for those in the SC forums or
other venues, if a mail admin wants to check hir IP for its SBRS
classification as poor, neutral, or good, there is a lookup tool at
senderbase.  There is also a senderbase whitepaper/ overview/ more depth/
discussion in a .pdf

<http://www.senderbase.org/home/rep_lookup>  Lookup & What Does My
Reputation Score Mean?

http://www.ironport.com/pdf/ironport_senderbase_reputationscore_overview.p
df  or http://snipr.com/3tzy9  SenderBase Reputation Score

Whether or not there would be any purpose in 'communicating' with
senderbase on a low score issue, I don't know.  Somehow I think not.
Senderbase does offer to correct misinformation they may have in their
database about the ownership of an IP.  support[at]senderbase.org


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Thu Sep 25 09:39:20 2008
From: nobody at spamcop.net (Bar0)
Date: Thu Sep 25 09:40:03 2008
Subject: [Scspamcop] Re: [media] Spamming ISP cut off from Internet
References: <gbec2s$sml$1@news.spamcop.net> <gbf4k0$635$1@news.spamcop.net>
	<gbfd9e$71m$1@news.spamcop.net>
Message-ID: <gbg4aa$4q9$1@news.spamcop.net>


"RandallW" <nobody@spamcop.net> wrote in message 
news:gbfd9e$71m$1@news.spamcop.net...
>I guess this explains why my manual complaints to Estdomains and Intercage 
>haven't been going through. :p
>

They didn't feel the need to lstwash, probably from now they will go through 
once they have there auto-listwash software up and running. They no longer 
feel so invulnerable, so their operation will look more like softlayer and 
constant contact., both spammers that aggressively listwash, -Err 
"immediately take care of spammers". 

From nobody at spamcop.net  Thu Sep 25 09:41:54 2008
From: nobody at spamcop.net (Bar0)
Date: Thu Sep 25 09:45:03 2008
Subject: [Scspamcop] Re: SenderBase SBRS discussions
References: <gbg2kp$so1$1@news.spamcop.net>
Message-ID: <gbg4f4$5f9$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gbg2kp$so1$1@news.spamcop.net...
> There have been some discussions in the SC forum in the past week, and
> also questions in nanae about the problems created by senderbase
> reputation scores.
>
> Servers use senderbase applicances which use the SBRS senderbase
> reputationscore and if an IP has a poor reputation, its mail may be
> blocked or graylisted whether it is currently on any blocklists such as
> SCBL or not.  The last 3 IPs which were having trouble and asking
> questions had poor SBRS reputation and/but weren't (otherwise) blocklisted
> anywhere (in the 268 blocklists accessed by dnsstuff or mxtoolbox).
>
> For reference or additional information for those in the SC forums or
> other venues, if a mail admin wants to check hir IP for its SBRS
> classification as poor, neutral, or good, there is a lookup tool at
> senderbase.  There is also a senderbase whitepaper/ overview/ more depth/
> discussion in a .pdf
>
> <http://www.senderbase.org/home/rep_lookup>  Lookup & What Does My
> Reputation Score Mean?
>
> http://www.ironport.com/pdf/ironport_senderbase_reputationscore_overview.p
> df  or http://snipr.com/3tzy9  SenderBase Reputation Score
>
> Whether or not there would be any purpose in 'communicating' with
> senderbase on a low score issue, I don't know.  Somehow I think not.
> Senderbase does offer to correct misinformation they may have in their
> database about the ownership of an IP.  support[at]senderbase.org
>
>
> -- 
> Mike Easter
> kibitzer, not SC admin
>

If I recall correctly, the dude with the reputation problem was intercage, a 
place with a poor reputation. 

From MikeE at ster.invalid  Thu Sep 25 10:25:41 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 10:30:03 2008
Subject: [Scspamcop] Re: SenderBase SBRS discussions
References: <gbg2kp$so1$1@news.spamcop.net> <gbg4f4$5f9$1@news.spamcop.net>
Message-ID: <gbg710$h9l$1@news.spamcop.net>

Bar0 wrote:
> "Mike Easter

>> There have been some discussions in the SC forum in the past week, and
>> also questions in nanae about the problems created by senderbase
>> reputation scores.

> If I recall correctly, the dude with the reputation problem was
> intercage, a place with a poor reputation.

The 3 I saw recently were not intercage.

http://forum.spamcop.net/forums/index.php?showtopic=9781&hl=
67.106.118.130 & 87.236.7.99

Newsgroups: news.admin.net-abuse.email
Subject: Poor reputation by senderbase, anything I could do?
Date: Mon, 22 Sep 2008 09:39:28 +0200
Message-ID: <m3ljxk7hov.fsf@alex.2e-systems.com>

<62.80.19.67>


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Thu Sep 25 10:32:56 2008
From: nobody at spamcop.net (Bar0)
Date: Thu Sep 25 10:35:03 2008
Subject: [Scspamcop] Re: SenderBase SBRS discussions
References: <gbg2kp$so1$1@news.spamcop.net> <gbg4f4$5f9$1@news.spamcop.net>
	<gbg710$h9l$1@news.spamcop.net>
Message-ID: <gbg7eo$iup$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gbg710$h9l$1@news.spamcop.net...
> Bar0 wrote:
>> "Mike Easter
>
>>> There have been some discussions in the SC forum in the past week, and
>>> also questions in nanae about the problems created by senderbase
>>> reputation scores.
>
>> If I recall correctly, the dude with the reputation problem was
>> intercage, a place with a poor reputation.
>
> The 3 I saw recently were not intercage.
>
> http://forum.spamcop.net/forums/index.php?showtopic=9781&hl=
> 67.106.118.130 & 87.236.7.99
>
> Newsgroups: news.admin.net-abuse.email
> Subject: Poor reputation by senderbase, anything I could do?
> Date: Mon, 22 Sep 2008 09:39:28 +0200
> Message-ID: <m3ljxk7hov.fsf@alex.2e-systems.com>
>
> <62.80.19.67>

Ooops--Right, I got it mixed up with the abuse-net address problem 

From spamster at my508.com  Thu Sep 25 12:21:36 2008
From: spamster at my508.com (geekyguy)
Date: Thu Sep 25 12:25:03 2008
Subject: [Scspamcop] question about SenderScoreCertified reports
Message-ID: <gbgdqe$k90$1@news.spamcop.net>

Hi: I'm the mail admin for a domain that recently joined ReturnPath's Sender 
Score Certified whitelist. We get a daily compliance report from them 
listing various feedbackloop complaint rates, including "spamcop 
complaints".

I've started to see that we're in the "warning" range for SpamCop complaints 
for one of the IPs we mail from (the main one).

both "postmaster" and "abuse" accounts are set up for the sending domain, 
and are actively monitored, but we have yet to see a single spamcop 
notification...is there anything else that needs to be done to monitor 
spamcop complaints? 

From nobody at spamcop.net  Thu Sep 25 12:44:11 2008
From: nobody at spamcop.net (Ellen)
Date: Thu Sep 25 12:45:04 2008
Subject: [Scspamcop] Re: question about SenderScoreCertified reports
In-Reply-To: <gbgdqe$k90$1@news.spamcop.net>
References: <gbgdqe$k90$1@news.spamcop.net>
Message-ID: <gbgf52$ngh$1@news.spamcop.net>

geekyguy wrote:
> Hi: I'm the mail admin for a domain that recently joined ReturnPath's 
> Sender Score Certified whitelist. We get a daily compliance report from 
> them listing various feedbackloop complaint rates, including "spamcop 
> complaints".
> 
> I've started to see that we're in the "warning" range for SpamCop 
> complaints for one of the IPs we mail from (the main one).
> 
> both "postmaster" and "abuse" accounts are set up for the sending 
> domain, and are actively monitored, but we have yet to see a single 
> spamcop notification...is there anything else that needs to be done to 
> monitor spamcop complaints?

Write to deputies <at> admin.spamcop.net


Ellen
SpamCop
From nobody at spamcop.net  Thu Sep 25 14:59:18 2008
From: nobody at spamcop.net (RandallW)
Date: Thu Sep 25 15:00:02 2008
Subject: [Scspamcop] babelfish translator for Turkish?
Message-ID: <gbgn25$rrn$1@news.spamcop.net>

Is there a site that can translate a Turkish page to English? 


From MikeE at ster.invalid  Thu Sep 25 15:15:51 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 15:20:03 2008
Subject: [Scspamcop] Re: babelfish translator for Turkish?
References: <gbgn25$rrn$1@news.spamcop.net>
Message-ID: <gbgo12$fh$1@news.spamcop.net>

RandallW wrote:
> Is there a site that can translate a Turkish page to English?

I don't know of a page translator like the googleweb languagetool
function, but InterTran allows you to paste

http://www.tranexp.com:2000/Translate/result.shtml

I see a site that looks like it would translate English to Turkish, but
doesn't look like it goes the other way
http://www.humanitas-international.org/newstran/more-translators.htm


-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Thu Sep 25 18:32:43 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Sep 25 19:35:02 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
Message-ID: <gbh6v1$pln$1@news.spamcop.net>

Ellen wrote to Twayne:

> Twayne wrote:
>>> Mike Easter wrote:
>>>
>>>> It is my interpretation that your verizon mail is being forwarded
>>>> to your twaynesdomain <snip>
>
> Please be more careful in your attributions. While the above is from
> Mike the below is from me

Sorry about that Ellen; OE is less than helpful with things like that 
and when I get tired, well ... .  I'll be more careful in the future.

>
>>>>
>>>>
...
>>
...
>
> I looked at the spams/mail in it's unmunged/raw form which includes
> the "to/delivered-to" etc and the mail is clearly forwarded to and/or
> sent directly to your netfirms email address. Makes it a whole lot
> easier to see what is happening when you can see that. That top
> received header is stamped by the netfirms  server which accepts mail
> for twaynesdomain.
>
>
>>>
>>> I think we have beat this to death so I have nothing more to say
>>> about other than to say: netfirms needs to be notified about this
>>> and get it fixed. I have written to them.
>
> And got an autobot from them which says that a real person will look
> at the mail at some point.

Yes, with Netfirms, their autobot responses are actually important: The 
up to first two responses from them are normally a transmission of 
nothing but supposedly related FAQs.  On the second, sometimes the 
third, round, an actual sapient being gets involved and that triggers 
the autobot.  I received my response from Netfirms earlier today . 
Getting the auto-response without FAQs and nothing else is a good sign, 
in other words.

The person's name that responded to me is Richard.  I would much 
appreciate it if you would share Netfirm's response to you with me, just 
for my record keeping.  I've worked with Richard before and he is very 
knowledgeable and does know his way around the tehnical side of the 
systems.  Not that he can't make mistakes; anyone can do that<g>.

ANYway, here's the gist of his response:
-------------------
Thank you for your e-mail.

[ PERSONAL INFORMATION REMOVED; MY ACCOUNT # FULL NAME, ETC. ]


Upon investigation of the headers it appears that this is happening on 
the Verizon side and it appears it is unable to properly place the host 
for some reason we cannot determine.  As evident in the following:

Delivered-To: tom@tewaynesdomain.com@twaynesdomain.com Received: (qmail 
95047 invoked from network); 15 Sep 2008 13:41:04 -0000
Received: from mx4.stlawu.edu (69.6.96.24)
---->by 0<----
with SMTP; 15 Sep 2008 13:41:04 -0000
Received: from mx4.stlawu.edu (localhost.localdomain [127.0.0.1])

This mail was stamped by stlawu.edu before it arrived at Netfirms' 
network.  Through our investigations of e-mail headers sent through our 
network at this time we could not locate any other instance of the "by 
0" hostname error that is occurring.

The second e-mail header is being stamped by Yahoo's mailserver (or 
Verizon).    We could not locate an e-mail header of mail between the 
domain @twaynesdomain.com to @twaynesdomain.com as that would illustrate 
if this was an internal Netfirms issue.

Regards,

Richard
Netfirms Inc.
www.netfirms.com
Tutorials, demos, and answers to over 90% of your questions may also be 
found immediately at our Self-Help Support Centre: 
http://support.netfirms.com

---------------------------------

That is all pretty familiar sounding from my trip throught all this a 
couple years ago.  At least their stand on the matter hasn't changed, 
and it seems they did search at least some other emails for that similar 
second received line.
   I think this, in conjunction with Verizon/Yahoo having accepted 
responsiblity for that second Received line, tells me that Verizon/Yahoo 
was likely on the right track.  They also confirmed they use Qmail.

   I was actually hoping it'd turn out to be Netfirms for sure because 
at least then I know who I'm talking to.  With the VZ/Yahoo crap it's 
pretty hard to tell where you really are within their structure.
   I'll give V/Y a week or two to do something and if nothing transpires 
I'll try again.  I at least now have two names at V/Y that I know are 
aware of the issues, so they can't claim complete ignorance of it.
    Actually, I'm also beginning to wonder if maybe there isn't a 
missing Received line in there, too.  It might explain the inconsistancy 
Mike E was referring to earlier.

Thanks for your views; I appreciate it!

And in case Deputy Don should read this:
   YES, if anything does come of it, I'll attend to the mailhost 
situation too as I was requested to do and notify accordingly.

Regards,

Twayne



>
>
>>
>> THANK YOU!  I've sent them a mail too!
>>     I like Netfirms and you can't beat their price structure for what
>> you get, but ... if you're right, which is all this first part of my
>> research started out to prove, then that alone is a big step.  I
>> need to be certain that when I start to make a PIA of myself, I'm
>> doing it at the right place<G>.
>
> This gmail "by 0" is pretty common or has been over the years -- it is
> easy to overlook the setting when installing gmail. I would presume
> that sooner or later they will get it fixed. I suspecct that how long
> it takes depends on how many servers they have to fix.
>
>
> Ellen
> SpamCop



From MikeE at ster.invalid  Thu Sep 25 20:26:51 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 20:30:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net>
Message-ID: <gbha86$2lo$1@news.spamcop.net>

Twayne wrote:

> I've worked with Richard before and he is very
> knowledgeable and does know his way around the tehnical side of the
> systems.  Not that he can't make mistakes; anyone can do that<g>.
>
> ANYway, here's the gist of his response:

Unless I'm misunderstanding something, it seems that Richard doesn't know
what he is talking about.

> Upon investigation of the headers it appears that this is happening on
> the Verizon side and it appears it is unable to properly place the host
> for some reason we cannot determine.  As evident in the following:

Whatever vz/yh is doing wrong has nothing to do with his/ netfirms/
problem with stamping the by0.

> Delivered-To: tom@tewaynesdomain.com@twaynesdomain.com Received: (qmail
> 95047 invoked from network); 15 Sep 2008 13:41:04 -0000
> Received: from mx4.stlawu.edu (69.6.96.24)
> ---->by 0<----
> with SMTP; 15 Sep 2008 13:41:04 -0000
> Received: from mx4.stlawu.edu (localhost.localdomain [127.0.0.1])
>
> This mail was stamped by stlawu.edu before it arrived at Netfirms'
> network.  Through our investigations of e-mail headers sent through our
> network at this time we could not locate any other instance of the "by
> 0" hostname error that is occurring.

Huh?  Where does he think the line in question is coming from?

>     Actually, I'm also beginning to wonder if maybe there isn't a
> missing Received line in there, too.  It might explain the inconsistancy
> Mike E was referring to earlier.


-- 
Mike Easter
kibitzer, not SC admin

From MikeE at ster.invalid  Thu Sep 25 20:45:04 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 20:45:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbha86$2lo$1@news.spamcop.net>
Message-ID: <gbhbab$6d6$1@news.spamcop.net>

Mike Easter wrote:
> Twayne wrote:
>
>> I've worked with Richard before and he is very
>> knowledgeable

> Unless I'm misunderstanding something, it seems that Richard doesn't
> know what he is talking about.

<Richard>
>>Through our investigations of e-mail headers sent through our
>> network at this time we could not locate any other instance of the "by
>> 0" hostname error that is occurring.

Maybe he should look at the headers of the mail which netfirms sent to you

http://www.spamcop.net/sc?id=z2273307341z6cec77a436287c166c97ad112332ae77z

There is only one Received traceline:

Received: from unknown (10.8.9.0) by 0 with QMQP; 24 Sep 2008
18:31:06 -0000

From: Netfirms Billing <billing@netfirms.com>

The nonrouting from IP is because it originated from netfirms internally
and was 'received' by a netfirms server for your mailbox/domainname which
stamped the by0 and it was never outside the system.

Tell Richard to put that one in his pipe and smoke it a little while.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Thu Sep 25 21:26:53 2008
From: nobody at spamcop.net (Ellen)
Date: Thu Sep 25 21:30:03 2008
Subject: [Scspamcop] Re: Twayne summary
In-Reply-To: <gbh6v1$pln$1@news.spamcop.net>
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net>
Message-ID: <gbhdre$bbo$1@news.spamcop.net>

Twayne wrote:
<snip>
> 
> The person's name that responded to me is Richard.  I would much 
> appreciate it if you would share Netfirm's response to you with me, just 
> for my record keeping. 

All I got was an autobot -- they will either answer beyond that or they 
won't. You might mention to them that when they receive email from 
SpamCop it might be useful to them to read it :-)


  I've worked with Richard before and he is very
> knowledgeable and does know his way around the tehnical side of the 
> systems.  Not that he can't make mistakes; anyone can do that<g>.
> 
> ANYway, here's the gist of his response:
> -------------------
> Thank you for your e-mail.
> 
> [ PERSONAL INFORMATION REMOVED; MY ACCOUNT # FULL NAME, ETC. ]
> 
> 
> Upon investigation of the headers it appears that this is happening on 
> the Verizon side and it appears it is unable to properly place the host 
> for some reason we cannot determine.  As evident in the following:
> 
> Delivered-To: tom@tewaynesdomain.com@twaynesdomain.com Received: (qmail 
> 95047 invoked from network); 15 Sep 2008 13:41:04 -0000
> Received: from mx4.stlawu.edu (69.6.96.24)
> ---->by 0<----
> with SMTP; 15 Sep 2008 13:41:04 -0000
> Received: from mx4.stlawu.edu (localhost.localdomain [127.0.0.1])
> 
> This mail was stamped by stlawu.edu before it arrived at Netfirms' 
> network.  Through our investigations of e-mail headers sent through our 
> network at this time we could not locate any other instance of the "by 
> 0" hostname error that is occurring.

That is all very nice but that header is being stamped by some inbound 
mailserver of theirs. Now that you have Richard's attention you can 
certainly ask him to look for the mail I sent to abuse@ and/or have him 
write to me/us directly

<snip>

> ---------------------------------
> 
> That is all pretty familiar sounding from my trip throught all this a 
> couple years ago.  At least their stand on the matter hasn't changed, 
> and it seems they did search at least some other emails for that similar 
> second received line.
>    I think this, in conjunction with Verizon/Yahoo having accepted 
> responsiblity for that second Received line, tells me that Verizon/Yahoo 
> was likely on the right track.  They also confirmed they use Qmail.

This has nothing to do with yahoo/verizon at all -- you showed in one of 
your tracking urls mail sent directly to your @twaynesdomain email 
address with the same received header. The topmost received header is 
being stamped by the mailsever that accepts mail sent to twaynesdomain 
and that is from what you have said is a mailserver controlled by netfirms.

DiG 9.2.2 <<>> twaynesdomain.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50064
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;twaynesdomain.com.             IN      MX

;; ANSWER SECTION:
twaynesdomain.com.      600     IN      MX      20 q1.netfirms.com.
twaynesdomain.com.      600     IN      MX      10 q0.netfirms.com.

;; AUTHORITY SECTION:
twaynesdomain.com.      600     IN      NS      ns1.netfirms.com.
twaynesdomain.com.      600     IN      NS      ns2.netfirms.com.

;; Query time: 46 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 25 21:14:20 2008
;; MSG SIZE  rcvd: 118

and FWIW:


  telnet 38.113.184.203 25
Trying 38.113.184.203...
Connected to 38.113.184.203.
Escape character is '^]'.
220 qmail-in-norm-0.netfirms.com ESMTP
mail from:<deputies@admin.spamcop.net>
250 ok
RCPT TO:<elided@twaynesdomain.com>
250 ok
data
354 go ahead
hi twayne test test test ellen

250 ok 1222391907 qp 23478

Maybe you will see that mail from me and maybe you won't -- I had to 
guess at the local part of the email address and no telling if it was 
correct or not (and no I did send it to elided@ ) and if it was wrong I 
suppose they will send a delayed bounce  to deputies@ or maybe not ...

But if you do get it, please post the headers from that email here with 
any munging you feel necessary to protect your email address.



> 
>    I was actually hoping it'd turn out to be Netfirms for sure because 
> at least then I know who I'm talking to.  With the VZ/Yahoo crap it's 
> pretty hard to tell where you really are within their structure.

Why are we still talking about yahoo/verizon? I mean yes their received 
headers are cough cough "interesting" but I thought we were actually 
trying to solve the problem that is causing you issues reporting mail 
that transits the twaynesdomain mailserver?


Ellen
SpamCop
From nobody at devnull.spamcop.net  Thu Sep 25 22:15:24 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Sep 25 22:20:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbha86$2lo$1@news.spamcop.net>
Message-ID: <gbhgjj$i9p$1@news.spamcop.net>

Hi Mike,

> Twayne wrote:
>
>> I've worked with Richard before and he is very
>> knowledgeable and does know his way around the tehnical side of the
>> systems.  Not that he can't make mistakes; anyone can do that<g>.
>>
>> ANYway, here's the gist of his response:
>
> Unless I'm misunderstanding something, it seems that Richard doesn't
> know what he is talking about.

It's all over my head!  I can seem to see it both ways, so what can I 
say?  Right now my "opinion" seems to be that of the last person I 
talked to!  NOT very enlightening 'tall.  I'm way too incompetent at 
this point to make any points with anyone about anything I'm afraid.  I 
plan to be a PITA to them for awhile, but Ellen was probably right with 
her less than zero predication.  If I can't sound like I know a little 
bit about what I'm talking about (and I can't) I'm sure not going to do 
a very good job of convincing anyone else.

It's frustrating to say the least.

Cheers,

Twayne


>
>> Upon investigation of the headers it appears that this is happening
>> on the Verizon side and it appears it is unable to properly place
>> the host for some reason we cannot determine.  As evident in the
>> following:
>
> Whatever vz/yh is doing wrong has nothing to do with his/ netfirms/
> problem with stamping the by0.
>
>> Delivered-To: tom@tewaynesdomain.com@twaynesdomain.com Received:
>> (qmail 95047 invoked from network); 15 Sep 2008 13:41:04 -0000
>> Received: from mx4.stlawu.edu (69.6.96.24)
>> ---->by 0<----
>> with SMTP; 15 Sep 2008 13:41:04 -0000
>> Received: from mx4.stlawu.edu (localhost.localdomain [127.0.0.1])
>>
>> This mail was stamped by stlawu.edu before it arrived at Netfirms'
>> network.  Through our investigations of e-mail headers sent through
>> our network at this time we could not locate any other instance of
>> the "by 0" hostname error that is occurring.
>
> Huh?  Where does he think the line in question is coming from?



>
>>     Actually, I'm also beginning to wonder if maybe there isn't a
>> missing Received line in there, too.  It might explain the
>> inconsistancy Mike E was referring to earlier.



From nobody at devnull.spamcop.net  Thu Sep 25 22:25:36 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Sep 25 22:30:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbha86$2lo$1@news.spamcop.net>
	<gbhbab$6d6$1@news.spamcop.net>
Message-ID: <gbhh6n$k8t$1@news.spamcop.net>

Twayne wrote:
> Mike Easter wrote:
>> Twayne wrote:
>>
>>> I've worked with Richard before and he is very
>>> knowledgeable
>
>> Unless I'm misunderstanding something, it seems that Richard doesn't
>> know what he is talking about.
>
> <Richard>
>>> Through our investigations of e-mail headers sent through our
>>> network at this time we could not locate any other instance of the
>>> "by 0" hostname error that is occurring.
>
> Maybe he should look at the headers of the mail which netfirms sent
> to you
>
> http://www.spamcop.net/sc?id=z2273307341z6cec77a436287c166c97ad112332ae77z
>
> There is only one Received traceline:
>
> Received: from unknown (10.8.9.0) by 0 with QMQP; 24 Sep 2008
> 18:31:06 -0000
>
> From: Netfirms Billing <billing@netfirms.com>
>
> The nonrouting from IP is because it originated from netfirms
> internally and was 'received' by a netfirms server for your
> mailbox/domainname which stamped the by0 and it was never outside the
> system.
>
> Tell Richard to put that one in his pipe and smoke it a little while.

lol!  Actually, I was sitting here thinking about that exact same thing 
just now; I'd forgotten that one for the moment.  Unfortunately, this 
response was of the usual format of these things but there's no 
disputing that previous one.
   Gonna go sleep on it right now and see what it all looks like 
tomorrow.  I have a plan to do some testing too so we can eliminate 
Netfirms from the picture; that should prove something pretty quickly, I 
think. There are only 2 places it could be happening and if it ain't 
one, it's the other.  What I need is some proof.

I'll probably quit thinking out loud here for awhile until I get 
something I feel proves something; then I'll come back again and ask for 
advice/confirmation/redirect, whatever <g>.

Cheers,

Twayne



From nobody at devnull.spamcop.net  Thu Sep 25 23:07:53 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Thu Sep 25 23:10:04 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbhdre$bbo$1@news.spamcop.net>
Message-ID: <gbhjm0$u0v$1@news.spamcop.net>

> Twayne wrote:
> <snip>
<more snip>
>
> That is all very nice but that header is being stamped by some inbound
> mailserver of theirs. Now that you have Richard's attention you can
> certainly ask him to look for the mail I sent to abuse@ and/or have
> him write to me/us directly

Actually I've been avoiding mentioning my relationship with Spamcop so 
far in my discussions because SC seems to be the ONLY  and THE single 
instance I can locate where the "by 0" is creating any problems.  I've 
looked and looked and failed to find any other situation where it's 
causing any problems with the exception of course that it's 
non-compliant to RFC 2821 SMPT. So far I've limited myself to saying I 
am having problems that I've discovered are caused by ... .
   My last time through this, a long time ago, when I mentioned SpamCop 
I either got a "Huh, what's that?" or an "Oh, no wonder" type of 
response.  I'd rather that didn't happen again.  Yet, anyway.
   Are you aware of any other instance outside of SpamCop where it could 
or does create an issue of any sort?

>
> <snip>
>
>> ---------------------------------
...
>
> Maybe you will see that mail from me and maybe you won't -- I had to
> guess at the local part of the email address and no telling if it was
> correct or not (and no I did send it to elided@ ) and if it was wrong
> I suppose they will send a delayed bounce  to deputies@ or maybe not

I haven't seen it yet.  If you want to do an actual test, feel free to 
use the twayne as a username for the address.  It's an expendable 
account so if it gets out no big deal.

> ...
> But if you do get it, please post the headers from that email here
> with any munging you feel necessary to protect your email address.

Will do.  I suspect I won't see it though.  Unless it's sitting 
someplace enroute the mails usually go thru pretty fast. At any rate, 
I'll let you know.

...
> Why are we still talking about yahoo/verizon? I mean yes their
> received headers are cough cough "interesting" but I thought we were
> actually trying to solve the problem that is causing you issues
> reporting mail that transits the twaynesdomain mailserver?

lol, mostly because whomever I talk to last is the one I seem to want to 
agree with!  I hate people like that, and I just realized that's what 
I'm doing.  It's raised my frustration level a few degrees.

OK, re the "by 0" problems:
   Yes, they are still causing problems.  Of the twenty or so spame per 
day I'm getting at that account now, there will be around 5 of them with 
a short received list, broken chain, and a "nothing to do" at the end.
   Otherwise the rest of the spams are going through and appear to be 
parsing correctly, near as I can follow them.  Some of them have pretty 
long Report To lists and I've quit trying to check those and concentrate 
on the ones with the "by 0" issues hoping someone will screw up and i'll 
be able to catch something.
   And thirdly, I just want to know WHY.
   Overall, with the exception of the "Nothing to do" about a quarter of 
the time, everything is functioning.

That's why I'm setting up to do some testing of mails that won't touch 
my domain at all.  I need to get a couple accounts I can send to/from 
that won't involve twaynesdomain, and see if the "by '0" follows or not. 
I'm going to try that tomorrow if I have the time, of definitely by the 
end of the weekend.

How it all started was:  All of a sudden, nearly all of my spam parses 
started wanting to report to my own ISP.  Something changed like 
overnight, to make that come about.  Then within a week or so literally 
ALL of them began to peg my ISP (Verizon) as the source.  Something 
changed.  Where I don't know, but the suddenness of it seems to 
seriously point to SC IMO.
   At any rate, that's how I got back into the "by 0" thing again.  I 
say "again" because this is now my third trip thru that garbage, the 
last time over a year ago.  Mailhost problems at that point had no way 
of working for me.  Don was the one alerted me to the "by 0" stuff in 
fact, as the cause.  So, in the face of the SC warnings that I'd be left 
out if I didn't have the mailhost set up, I finally gave it up and 
figured c'est le vie.
   But when everything suddenly started pointing at my own ISP I figured 
what the hell, one more try couldn't hurt.  And this time it sort of 
worked.  Don did some sort of waiver for me, and suddenly I was able to 
report spams with the mailhost set up.  But that "by 0" still causes 
problems on about a quarter of the spams I receive, and the quantity is 
slowly growing each day for that one, single account which unfortunately 
is my main use account.  I really don't want to change it unless I 
absolutely have to.

I think in a nutshell, that covers the major detail.

Chees,

Twayne


>
>
> Ellen
> SpamCop



From gezgin at spamcop.net  Thu Sep 25 23:33:07 2008
From: gezgin at spamcop.net (Opinicus)
Date: Thu Sep 25 23:35:03 2008
Subject: [Scspamcop] Re: babelfish translator for Turkish?
References: <gbgn25$rrn$1@news.spamcop.net>
Message-ID: <gbhl5l$4dr$1@news.spamcop.net>

"RandallW" <nobody@spamcop.net> wrote

> Is there a site that can translate a Turkish page to English? 

Do I qualify as a "site"?

-- 
Bob
http://www.kanyak.com
From MikeE at ster.invalid  Thu Sep 25 23:39:57 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 23:40:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbha86$2lo$1@news.spamcop.net>
	<gbhgjj$i9p$1@news.spamcop.net>
Message-ID: <gbhli7$5c5$1@news.spamcop.net>

Twayne wrote:
> If I can't sound like I know a little
> bit about what I'm talking about (and I can't) I'm sure not going to do
> a very good job of convincing anyone else.

It is actually the job of a competent mail admin (whoever that might be)
to make a correct diagnosis, not the job of an end user/ client/ to
convince/ prove to/ them what they are doing wrong.

The way it is supposed to work is that an operation like netfirms, which
has gobs of mailserver IPs, suggesting that they are doing a lot of
domainname handling....

<twaynesdomian.com MXes are q0. & q1.netfirms.com>

Canonical name: q0.netfirms.com
Addresses:
  70.42.30.171
  70.42.30.11
  70.42.30.235
  70.42.30.43
  70.42.30.139
  70.42.30.203
  70.42.30.75
  70.42.30.107

Canonical name: q1.netfirms.com
Addresses:
  38.113.184.11
  38.113.184.139
  38.113.184.107
  38.113.184.171
  38.113.184.235
  38.113.184.43
  38.113.184.75
  38.113.184.203

... means that netfirms is supposedly doing a significant amount of
mailhandling if they really need all of those IPs to serve the two MXes
which are named for your domainname.  That means that they are supposed to
be competent to do such mailhandling competently.

Whether Richard is a /real/ mailserver admin or just a CS customerservice
rep, he is supposed to know what kinds of things need to get appropriately
referred to a real server admin;  he shouldn't have to have everything
spelled out to him by the end user -- or even Ellen for that matter --
altho' I'm sure she is in the position of having explained a lot of things
to a lot of mail admins -- if they have the good sense to listen to her.

And...

... if netfirms is going to have someone who is trying to interact with
the public/customer/you such as Richard about the interpretation of
mailheaders -- then they should certainly have someone talking to the
customer who isn't totally incompetent at performing the job of
recognizing his own mailadmin's server's headers.

That is ridiculous.


-- 
Mike Easter
kibitzer, not SC admin

From snowbat at geocities.com  Thu Sep 25 23:46:36 2008
From: snowbat at geocities.com (Snowbat)
Date: Thu Sep 25 23:50:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
	<g9ooem$ft2$1@news.spamcop.net> <ga1079$5d4$1@news.spamcop.net>
Message-ID: <gbhlus$uk1$1@news.spamcop.net>

Problem with abuseftes.es@orange-ftgroup.com

http://www.spamcop.net/sc?action=rcache;ip=90.164.6.218
"whois 90.164.6.218@whois.ripe.net" (Getting contact from whois.ripe.net)
Abuse address in 'remarks' field: abuseftes.es@orange-ftgroup.com
whois.ripe.net found abuse contacts for 90.164.6.218 = abuseftes.es@orange
whois: 90.160.0.0 - 90.175.255.255 = abuseftes.es@orange
Routing details for 90.164.6.218
Using abuse net on abuseftes.es@orange
Using best contacts abuseftes.es@orange  <<<<<<<





From MikeE at ster.invalid  Thu Sep 25 23:50:22 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Thu Sep 25 23:55:03 2008
Subject: [Scspamcop] Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbdupa$b1k$1@news.spamcop.net>
	<gbe4p5$20q$1@news.spamcop.net> <gbel29$of5$1@news.spamcop.net>
	<gbh6v1$pln$1@news.spamcop.net> <gbhdre$bbo$1@news.spamcop.net>
	<gbhjm0$u0v$1@news.spamcop.net>
Message-ID: <gbhm5o$6rv$1@news.spamcop.net>

Twayne wrote:

>> <snip>
> <more snip>

When you are doing all of that snipping, you are supposed to maintain the
part which properly attributes the speaker/poster of the citation.

<this is Ellen>
>> That is all very nice but that header is being stamped by some inbound
>> mailserver of theirs. Now that you have Richard's attention you can
>> certainly ask him to look for the mail I sent to abuse@ and/or have
>> him write to me/us directly
>
> Actually I've been avoiding mentioning my relationship with Spamcop so
> far in my discussions because SC seems to be the ONLY  and THE single
> instance I can locate where the "by 0" is creating any problems.

I don't follow your logic on that.  Hopefully someone at netfirms has some
respect for SC's deputy's ability to interpret mailheaders, more than they
might respect someone with less experience.  It seems likely that a real
mail admin rather than an uninformed incompetent CS rep might interact
with Ellen and learn something about how to configure a mailserver to do
what it is supposed to do when it stamps headerlines.

Who would know better than a SC deputy about all of the weird vagaries of
what mailservers do wrong when they stamp their headerlines?  SC's entire
parsing algorithm depends so much upon compliantly stamped Received
tracelines.

>    My last time through this, a long time ago, when I mentioned SpamCop
> I either got a "Huh, what's that?" or an "Oh, no wonder" type of
> response.  I'd rather that didn't happen again.  Yet, anyway.

I suspect a reaction like that indicates that you are talking to a CS rep
who doesn't know the first thing about mailheaders, all s/he knows about
is interacting with a customer, not anything about a mail admin's job.

>    Are you aware of any other instance outside of SpamCop where it could
> or does create an issue of any sort?

The average mailuser doesn't typically have an opportunity to
encounter/examine mail headers.  Mailusers who are tracing spam do.  The
average CS rep for a domainname services doesn't typically have any idea
about examining mail headers either.  Or even using a newsreader for that
matter.

Realize that your experience with your provider so far has not put you
into contact with a particularly competent person in this sphere that we
are dealing with.  Somewhere in that netfirms organization is supposed to
be someone who is capable of configuring their mailservers.  It isn't
/your/ job to find them.  It is the job of the contact people to alert the
proper people about who they should be talking to, such as Ellen.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at devnull.spamcop.net  Fri Sep 26 00:03:05 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Sep 26 00:05:03 2008
Subject: [Scspamcop] RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net>
Message-ID: <gbhmth$85e$1@news.spamcop.net>

All snipped so as to avoid possiblity of a restart of the convo<g>.

The good news is:  The "by 0" was apparently fixed sometime early this 
evening.

The bad news is:  I can't report spam again!  lol, but I think that was 
to be expected.  I keep getting the message that my mailhost is hosed. 
It probably is, now.

The other good news is:  You will never guess WHO is appearing now where 
the "by 0" used to be!  WHO should I have placed all my faith in; the 
good folk here, or the "good folk" at VZ/Yahoo?  It's funny; I should 
have stuck to my first impressions - my first original suspicions was 
... and it turns out to be ... wait for it ... Netfirms of course!  But 
you all knew that, didn't you?

OK, now I gotta touch bases with Don to see what it takes to get the 
mailhost to work again.  Think I'll do that tomorrow; the spam can go to 
hell for a few hours; turns out the last several I just reported didn't 
go anywhere anyway since I mailed them in after the fix happened; what's 
a couple more?

Here's a couple trackers showing it's gone:

http://www.spamcop.net/sc?id=z2277302867z0b4fa47d468b639ad6917af9bf851a7fz
http://www.spamcop.net/sc?id=z2277303342z5449855453b79843c346e0edd6f21f28z

Unfortunately those are spams, and they won't report, but ... the "by 0" 
is gone at least.

Too bad you don't live around here; I'd buy you all two or ten fav 
drinks at our local establishment, even if I'm not allowed to 
participate anymore.

Regards,

Twayne






From MikeE at ster.invalid  Fri Sep 26 00:36:11 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Sep 26 00:40:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
Message-ID: <gbhorl$dev$1@news.spamcop.net>

Twayne wrote:

> The good news is:  The "by 0" was apparently fixed sometime early this
> evening.

Goodjob.  - or - Congratulations.  -or-   Finally!

> The bad news is:  I can't report spam again!

Easily repaired, and more comprehensively.  The new mailhosting would be
expected to be able to not only handle the items directly to the netfirms
server, but also those which come in via zany vz/yh - I think.

<abbreviated tracker z number>

z2277302867z0b4fa47d468b639ad6917af9bf851a7fz

This one has a healthy netfirms section at the top, and some zaniness as
described previously in the vz/yh sections.

z2277303342z5449855453b79843c346e0edd6f21f28z

Ditto.

> Unfortunately those are spams, and they won't report, but ... the "by 0"
> is gone at least.

Indeed

... by q4-in-norm.netfirms.com

> Too bad you don't live around here; I'd buy you all two or ten fav
> drinks at our local establishment, even if I'm not allowed to
> participate anymore.

According to googlemaps, the driving distance is about 2810 mi, 1 d. 18
hr.

<googlemaps trek>  http://snipr.com/3upif

I've driven a long way for a drink, but usually I had plenty of cold beer
on board for the trip :-)



-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Fri Sep 26 09:27:56 2008
From: nobody at spamcop.net (Ellen)
Date: Fri Sep 26 11:10:02 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
In-Reply-To: <gbhlus$uk1$1@news.spamcop.net>
References: <g8tpuu$ao$1@news.spamcop.net>	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>	<g9ooem$ft2$1@news.spamcop.net>
	<ga1079$5d4$1@news.spamcop.net> <gbhlus$uk1$1@news.spamcop.net>
Message-ID: <gbitpn$39o$1@news.spamcop.net>

Snowbat wrote:
> Problem with abuseftes.es@orange-ftgroup.com
> 
> http://www.spamcop.net/sc?action=rcache;ip=90.164.6.218
> "whois 90.164.6.218@whois.ripe.net" (Getting contact from whois.ripe.net)
> Abuse address in 'remarks' field: abuseftes.es@orange-ftgroup.com
> whois.ripe.net found abuse contacts for 90.164.6.218 = abuseftes.es@orange
> whois: 90.160.0.0 - 90.175.255.255 = abuseftes.es@orange
> Routing details for 90.164.6.218
> Using abuse net on abuseftes.es@orange
> Using best contacts abuseftes.es@orange  <<<<<<<
> 



tx

Ellen
SpamCop
From nobody at devnull.spamcop.net  Fri Sep 26 13:15:09 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Sep 26 13:15:05 2008
Subject: [Scspamcop] for Mike & Ellen: Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net>
Message-ID: <gbj5aj$45p$1@news.spamcop.net>

Mike & Ellen,

> Twayne wrote:
>
>> The good news is:  The "by 0" was apparently fixed sometime early
>> this evening.
>
> Goodjob.  - or - Congratulations.  -or-   Finally!

Yeah, more like good luck, I think.  Remember, this is my 3rd time thru 
this gamut; maybe 4th, it's so long ago it's all run together now.
   I dropped "Richard" a note this morning about how disappointed I was 
in Netfirms giving me all that misinformation and brefly described how 
I'd discussed it with Verizon by phone & Yahoo by mail.  So, his 
misinformative attitude got a small amounf of mileage; wonder if he'll 
get the point?

   ELLEN:  I even asked him why Netfirms was a blackhole to SpamCop's 
inquiry, and indicated that they "also" had issues with the headers. 
Ever get a response?

   Yahoo came back immediately and politely  that "whoever" was 
analyzing headers had no idea what they were doing and that Yahoo's 
equipment were not at fault.

   And Verizon you know about; their attitude must be to fix problems 
whether there are any or not, OR the two I spoke with knew no more than 
Ricard.  VZ was "still working on it" yesterday; whatever that means.

   Quite a gang I've associated myself with, eh?  I'm not certain I'll 
hurry much to notify VZ since they also use Qmail and in my research I 
did see some by zeroes that looked like theirs at SC and maybe globalx, 
not certain now.  I guess I do have to tell them though, 
unfortunately<G>.

>
>> The bad news is:  I can't report spam again!
>
> Easily repaired, and more comprehensively.  The new mailhosting would
> be expected to be able to not only handle the items directly to the
> netfirms server, but also those which come in via zany vz/yh - I
> think.

Yup, fixed up my mailhost per Don's instructions, and it looks like it's 
working fine so far for the first fistful of spams I sent in.  Looked at 
every one of them and managed to duplicate the paths manually, so ... 
looks good.  And I think some of the my series of Header construction 
analysises are a lot clearer to me now.  I hope; we'll see.

...

>
>> Unfortunately those are spams, and they won't report, but ... the
>> "by 0" is gone at least.
>
> Indeed
>
> ... by q4-in-norm.netfirms.com
>
>> Too bad you don't live around here; I'd buy you all two or ten fav
>> drinks at our local establishment, even if I'm not allowed to
>> participate anymore.
>
> According to googlemaps, the driving distance is about 2810 mi, 1 d.
> 18 hr.

Drove a similar route many times!  Twice alone and non-stop.  40 hrs is 
about right for car time too.  Other times we'd stop in the Cincinatti 
area for the night so we could rest & clean up for the last part of the 
trip.  It was ~40 hrs give or take, plus another 4 hours for the last 
120 miles; no N/S interstate in those days.  Gads, I couldn't do that 
again!  But in those days I could live in my car and never even get 
tired.  Had a '68 Ford-Shelby Mustang and you couldn't pry me out of 
that car anyway<G>!  28,000 miles the first year we owned it.  That 
sound high but driving out there counts the miles up real quick, I know. 
One trip we even slid over and travelled Rt 66 as far as we reasonably 
could.  Our very last trip right after the moving van left, we spent 
almost 3 weeks and over 6,000 miles getting from San Diego to here. 
Spent a week here, and then went back to Chgo to go to school.  Now 
we're back "here", I'm retired and my wife will be too in a few more 
years.  Full Circle.  Viscous Circle.  Whatever.

>
> <googlemaps trek>  http://snipr.com/3upif
>
> I've driven a long way for a drink, but usually I had plenty of cold
> beer on board for the trip :-)

Well, if you ever make a trip to Maine or up into the mountains in 
Ontario, the name of the establishment in Heuvelton is Dave's; you can't 
miss it (only bar/restaurant) and there are only 3 ways to traverse 
Heuvelton, 2 of which go right by Dave's.  It's right in the middle of 
the steep hill so you can't miss that!
   He's also a barber during the day<g>.  Population around 890 I think, 
last census.  Big village.

San Diego, eh?  We lived out that way too; in Coronado to be exact.  We 
were at 9th & B or C, forgotten which now.  When we left, the bridge to 
the mainland was about half finished.  You had to take the ferry or go 
drive around the Strand and thru National City (I think it was) to get 
to San Diego.  Good times, great weather and many good memories from 
those days.  At first all we had for transportation was a 450 Honda.

Cheers!
-- 
Twayne




From MikeE at ster.invalid  Fri Sep 26 13:52:01 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Sep 26 13:55:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
Message-ID: <gbj7fq$cet$1@news.spamcop.net>

Twayne wrote:

> When we left, the bridge to
> the mainland was about half finished.

That's a beautiful bridge.  The next plan is to light the supports from
the water so that it will also look pretty in the night time.

http://snipr.com/3v68l  http://snipr.com/3v69f  http://snipr.com/3v6a6
http://snipr.com/3v6av  http://snipr.com/3v6ds

wiki: The 11,288-foot-long (3,407m or 2.1mi) bridge ascends from Coronado
at a 4.67 percent grade before curving 80 degrees toward San Diego. The
span reaches a maximum height of 200 feet (61m), allowing the U.S. Navy
ships which operate out of the nearby Naval Station San Diego to pass
underneath it. The two Nimitz class aircraft carriers home-ported in San
Diego, the Nimitz and the Reagan, are 201 feet (61 m) high and tie up at
Naval Air Station North Island, located between the bay entrance and the
bridge.

> You had to take the ferry or go
> drive around the Strand and thru National City (I think it was) to get
> to San Diego.

There is still an hourly ferry and plenty of shops on the Coronado side at
the Ferry Landing Marketplace.



-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Fri Sep 26 13:28:19 2008
From: nobody at spamcop.net (Ellen)
Date: Fri Sep 26 14:00:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
In-Reply-To: <gbj5aj$45p$1@news.spamcop.net>
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
Message-ID: <gbj7nm$d52$1@news.spamcop.net>

Twayne wrote:

> 
>    ELLEN:  I even asked him why Netfirms was a blackhole to SpamCop's 
> inquiry, and indicated that they "also" had issues with the headers. 
> Ever get a response?
> 

I actually do not expect to hear from them -- they fixed the problem and 
by now are undoubtedly deeply mired in new ones. I only wrote to abuse@ 
hoping that they would pass it on to the NOC.


Ellen
SpamCop
From nobody at devnull.spamcop.net  Fri Sep 26 17:47:00 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Fri Sep 26 17:50:04 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net>
Message-ID: <gbjl89$7r8$1@news.spamcop.net>

Mike E. said:
> Twayne wrote:
>
>> When we left, the bridge to
>> the mainland was about half finished.
>
> That's a beautiful bridge.  The next plan is to light the supports
> from the water so that it will also look pretty in the night time.
>
> http://snipr.com/3v68l  http://snipr.com/3v69f  http://snipr.com/3v6a6
> http://snipr.com/3v6av  http://snipr.com/3v6ds
>

Wow, those are gorgeous shots; that really did turn out beautiful. 
Thanks for the links!


From MikeE at ster.invalid  Fri Sep 26 18:02:25 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Sep 26 18:05:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
Message-ID: <gbjm5a$bf9$1@news.spamcop.net>

Twayne wrote:
> Mike E. said:

>> That's a beautiful bridge.  The next plan is to light the supports
>> from the water so that it will also look pretty in the night time.
>>
>> http://snipr.com/3v68l  http://snipr.com/3v69f  http://snipr.com/3v6a6
>> http://snipr.com/3v6av  http://snipr.com/3v6ds

> Wow, those are gorgeous shots; that really did turn out beautiful.
> Thanks for the links!

Interestingly, none of those are the view I usually have of the bridge
when I fly into SD Lindbergh Field.  When on final at low altitude above
the city and just a little higher than the bridge which is not really very
far off to the left of the flight path, there is a very nice evolving view
as the bridge is passed descending.


-- 
Mike Easter
kibitzer, not SC admin

From nobody at spamcop.net  Fri Sep 26 20:55:15 2008
From: nobody at spamcop.net (Ellen)
Date: Fri Sep 26 21:05:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
In-Reply-To: <gbjl89$7r8$1@news.spamcop.net>
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
Message-ID: <gbk0la$qou$1@news.spamcop.net>

tagging on to the topic altho drifted :-)




I did get a response from netfirms, I'm impressed:

Hello,

Thank you for contacting Netfirms.

This issue has been corrected.  The by 0 is no longer being stamped in 
the  headers and the FQDN is now there.  We apologize for the inconvenience.



Ellen
SpamCop

From MikeE at ster.invalid  Fri Sep 26 21:16:01 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Fri Sep 26 21:20:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
	<gbk0la$qou$1@news.spamcop.net>
Message-ID: <gbk1gb$svq$1@news.spamcop.net>

Ellen wrote:

> I did get a response from netfirms, I'm impressed:
>
> Hello,
>
> Thank you for contacting Netfirms.
>
> This issue has been corrected.  The by 0 is no longer being stamped in
> the  headers and the FQDN is now there.  We apologize for the
> inconvenience.

They're trying to make me feel bad about bad-mouthing Richard here :-)

The good news is that whatever was the mechanism for them eventually
recognizing that they had a problem and fixing it, it got done.



-- 
Mike Easter
kibitzer, not SC admin

From ppearson at nowhere.invalid  Sat Sep 27 01:07:51 2008
From: ppearson at nowhere.invalid (Peter Pearson)
Date: Sat Sep 27 01:10:03 2008
Subject: [Scspamcop] Hooray: Cyrillic filtering
Message-ID: <gbkf37$901$1@news.spamcop.net>

Thank you, Spamcop, for letting me filter out Cyrillic emails.

I'm ashamed to announce such ignorance, but I don't understand
Japanese, Korean, or Chinese, either.

-- 
To email me, substitute nowhere->spamcop, invalid->net.
From g.hyde at bigNOSPAMpond.net.au  Sat Sep 27 02:47:50 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Sat Sep 27 02:50:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
	<gbk0la$qou$1@news.spamcop.net> <gbk1gb$svq$1@news.spamcop.net>
Message-ID: <gbkkv9$q10$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gbk1gb$svq$1@news.spamcop.net...

> They're trying to make me feel bad about bad-mouthing Richard here :-)
>
> The good news is that whatever was the mechanism for them eventually
> recognizing that they had a problem and fixing it, it got done.

At least someone got a mailserver fixed, now for the other 999,999,999 
mailservers that are noncompliantly stamping rubbish like 'by 0' etc.

If people can make netfirms listen, maybe other ISP's/companies will listen, 
or at least open a trouble ticket/inquiry/whatever.  It really makes a 
difference when they finally fix a problem.


Cheers ...

Geoffrey Hyde



From nobody at devnull.spamcop.net  Sat Sep 27 15:58:44 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 27 16:00:04 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
	<gbk0la$qou$1@news.spamcop.net>
Message-ID: <gbm398$ue0$1@news.spamcop.net>

> tagging on to the topic altho drifted :-)
>
>
>
>
> I did get a response from netfirms, I'm impressed:
>
> Hello,
>
> Thank you for contacting Netfirms.
>
> This issue has been corrected.  The by 0 is no longer being stamped in
> the  headers and the FQDN is now there.  We apologize for the
> inconvenience.
>
>
> Ellen
> SpamCop

lol, WELL!  Where the hell's MY response saying that?
I have a feeling you made a difference, Ellen!  Thanks.

Twayne 


From nobody at devnull.spamcop.net  Sat Sep 27 16:29:13 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 27 16:30:03 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
	<gbk0la$qou$1@news.spamcop.net> <gbk1gb$svq$1@news.spamcop.net>
	<gbkkv9$q10$1@news.spamcop.net>
Message-ID: <gbm52d$3vj$1@news.spamcop.net>

> "Mike Easter" <MikeE@ster.invalid> wrote in message
> news:gbk1gb$svq$1@news.spamcop.net...
>
>> They're trying to make me feel bad about bad-mouthing Richard here
>> :-) The good news is that whatever was the mechanism for them 
>> eventually
>> recognizing that they had a problem and fixing it, it got done.
>
> At least someone got a mailserver fixed, now for the other 999,999,999
> mailservers that are noncompliantly stamping rubbish like 'by 0' etc.
>
> If people can make netfirms listen, maybe other ISP's/companies will
> listen, or at least open a trouble ticket/inquiry/whatever.  It
> really makes a difference when they finally fix a problem.
>
>
> Cheers ...
>
> Geoffrey Hyde

It's possible the Netfirms thing might be used as a precedence setter?
FYI, here is what I THINK they had to do to fix it:
--------------------
You have not installed by following the instructions in _Life
With "qmail"_.  If you had, the name would be taken from the
first line of "controls/me".

Use the "-l" option to "tcpserver".
------------------------
In other words, -l 0 needed to be changed to -l FQDN.

HA!  And now, I came across reasons to USE "by 0" and problems it can 
cause if it's used wrong!  GADS where was this stuff before this?

"by 0" is often used with encrypted emails somehow.  I didn't read 
enough to understand it and didn't care.  But it worries me what will 
happen at Netfirms when someone gets a complain and doesn't know how to 
separate encrypts from non-encrypts headers with Qmail.

The "by 0" CAN cause other problems, such as trashing list-mail 
deliveries apparently!  The article talks about "other" problems with 
it, but doesn't specifically mention them!  Gotta dig more into that one 
because it's going to be good to know the first time the rebuild a 
server or try to fix someone's encryption problems<g>.

If anyone cares, I came across the Qmail manual at:
http://unkie.org/files/qmail.pdf

Haven't read much of it and don't intend to, but some selective glancing 
shows a lot of interesting information already.

In my research it's amazing how many installations of Qmail simply don't 
implement the tcpserver I think it is, correctly and leave it at the 
default, which is what causes the by 0.  Lots of comments about not 
wanting to mess with the defaults, but almost no one ever says they read 
the guide or whatever the quick start manual is; I forget its name now.

Another thing is, the by 0 thing seems to be almost exclusively the 
responsibility of Qmail.  I have not yet come across a single thing 
indicating that it comes from any other source.  So in most of these 
cases it seems like an RTFM is almost exclusively what's being missed.

I hope somewhere in all that there is something useful to you, Ellen. 
I've reached the point of saturation where the details are just 
confusion now.

FWIW, the search term

"by 0" +Qmail +fix

gets a lot of decent hits with Google for anyone interested.

Cheers,

Twayne


From nobody at devnull.spamcop.net  Sat Sep 27 16:29:19 2008
From: nobody at devnull.spamcop.net (Twayne)
Date: Sat Sep 27 16:30:04 2008
Subject: [Scspamcop] Re: for Mike & Ellen: Re: RESOLVED? Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
	<gbhorl$dev$1@news.spamcop.net> <gbj5aj$45p$1@news.spamcop.net>
	<gbj7fq$cet$1@news.spamcop.net> <gbjl89$7r8$1@news.spamcop.net>
	<gbjm5a$bf9$1@news.spamcop.net>
Message-ID: <gbm52j$401$1@news.spamcop.net>

> Twayne wrote:
>> Mike E. said:
>
>>> That's a beautiful bridge.  The next plan is to light the supports
>>> from the water so that it will also look pretty in the night time.
>>>
>>> http://snipr.com/3v68l  http://snipr.com/3v69f
>>> http://snipr.com/3v6a6 http://snipr.com/3v6av
>>> http://snipr.com/3v6ds
>
>> Wow, those are gorgeous shots; that really did turn out beautiful.
>> Thanks for the links!
>
> Interestingly, none of those are the view I usually have of the bridge
> when I fly into SD Lindbergh Field.  When on final at low altitude
> above the city and just a little higher than the bridge which is not
> really very far off to the left of the flight path, there is a very
> nice evolving view as the bridge is passed descending.

lol, we have a similar situation here.  The suspension bridge across the 
St. Lawrence River is a couple miles long and really a gorgeous 
accomplishment as many local photos and post cards will show.  But what 
is not mentioned it, to SEE that view of the bridge, you have to go off 
the road and into the Pshychiatric Center!  Not a place a lot of people 
are willing to visit just to see a bridge.  It's also right next to a 
prison<g>.

Top photo is view from Psych Center, middle is from the city side:
http://www.bridgemeister.com/pic.php?pid=157

http://www.flickr.com/photos/77136894@N00/1251739165

It's funny none of them mention the overall length of the bridge is 
about 2.5 miles but they all spec the 1200' Main Span over the Seaway 
Channel.
   SanDiego did a better job!

Cheers,

Twayne



From me at privacy.net  Sat Sep 27 18:33:35 2008
From: me at privacy.net (Michael R N Dolbear)
Date: Sat Sep 27 18:35:03 2008
Subject: [Scspamcop] Re: Hooray: Cyrillic filtering
References: <gbkf37$901$1@news.spamcop.net>
Message-ID: <01c920d3$dbdf42c0$LocalHost@default>


Peter Pearson <ppearson@nowhere.invalid> wrote 

> Thank you, Spamcop, for letting me filter out Cyrillic emails.
 
> I'm ashamed to announce such ignorance, but I don't understand
> Japanese, Korean, or Chinese, either.

SpamAssassin seems to do a fair job of eliminating those from my Inbox
but not for Cyrillic. 

I have just posted to the SpamCop forum the note that though the filter
warns

"Block Russian: This option will block most Russian email (and other
email in Cyrillic characters) and send it to your Held Mail, whether or
not it is spam. Only select this if you do not receive any legitimate
Russian emails. "

that in fact "Only select this" is a little OTT since whitelisting
works with 'Block Russian' as it does with all other SpamCop Mail
blocking options.

It also appears that if the text string "koi8-r" appears anywhere in
the header or body of an email 'Block Russian' will trigger (the syntax
and context is ignored). This includes use in the text of subject lines
or in the text of emails and thus in the body of SpamCop Replies (since
these include the subject of every Spam reported).

Of course if the cyrillic spammers figure out how to send Cyrillic
without mentioning that string we will be back to square 1.

Meanwhile I look forward to my spam leak rate being about 30% lower
which is great.

-- 
Mike D

From eschrama at spamcop.net  Sun Sep 28 07:41:06 2008
From: eschrama at spamcop.net (Ejo)
Date: Sun Sep 28 07:45:03 2008
Subject: [Scspamcop] Greylisting does not work for me
Message-ID: <gbnqft$834$1@news.spamcop.net>

I've played a bit around with the greylisting option, and I get the 
feeling that it doesn't work because I only use webmail.spamcop.net to 
receive forwarded e-mail.

I do see entries under greylist pending that include the relay IP, a 
from e-mail address, etc, but so far I didn't see entries under greylist 
rejected.

All relay ip addresses are those that belong to mail servers that I 
know, ie. addresses that I told to forward e-mail.

Greylisting was supposed to keep the spammer's SMTP server busy for a 
while, but apparently everything falls through the filter.

Does this mean that greylisting only works if someone sends e-mail 
directly to my spamcop e-mail account?

Ejo
From nobody at spamcop.net  Sun Sep 28 07:47:14 2008
From: nobody at spamcop.net (bar0)
Date: Sun Sep 28 07:50:03 2008
Subject: [Scspamcop] Re: Greylisting does not work for me
References: <gbnqft$834$1@news.spamcop.net>
Message-ID: <gbnqs3$96s$1@news.spamcop.net>


"Ejo" <eschrama@spamcop.net> wrote in message 
news:gbnqft$834$1@news.spamcop.net...
> I've played a bit around with the greylisting option, and I get the ... 
> Does this mean that greylisting only works if someone sends e-mail 
> directly to my spamcop e-mail account?
>
> Ejo

Yes, how else? SC is not talking to the spammers MTA on forwarded mail. 


From eschrama at spamcop.net  Sun Sep 28 08:31:46 2008
From: eschrama at spamcop.net (Ejo)
Date: Sun Sep 28 08:35:04 2008
Subject: [Scspamcop] Re: Greylisting does not work for me
In-Reply-To: <gbnqs3$96s$1@news.spamcop.net>
References: <gbnqft$834$1@news.spamcop.net> <gbnqs3$96s$1@news.spamcop.net>
Message-ID: <gbntet$go3$1@news.spamcop.net>

bar0 wrote:
> "Ejo" <eschrama@spamcop.net> wrote in message 
> news:gbnqft$834$1@news.spamcop.net...
>> I've played a bit around with the greylisting option, and I get the ... 
>> Does this mean that greylisting only works if someone sends e-mail 
>> directly to my spamcop e-mail account?
>>
>> Ejo
> 
> Yes, how else? SC is not talking to the spammers MTA on forwarded mail. 
> 
> 

My suggestion is to include this information in the greylist 
description, I wasn't aware of this behavior.
From nobody at spamcop.net  Sun Sep 28 08:51:29 2008
From: nobody at spamcop.net (bar0)
Date: Sun Sep 28 08:55:03 2008
Subject: [Scspamcop] Re: Greylisting does not work for me
References: <gbnqft$834$1@news.spamcop.net> <gbnqs3$96s$1@news.spamcop.net>
	<gbntet$go3$1@news.spamcop.net>
Message-ID: <gbnuki$l5i$1@news.spamcop.net>


"Ejo" <eschrama@spamcop.net> wrote in message 
news:gbntet$go3$1@news.spamcop.net...
> bar0 wrote:
>> "Ejo" <eschrama@spamcop.net> wrote in message 
>> news:gbnqft$834$1@news.spamcop.net...
>>> I've played a bit around with the greylisting option, and I get the ... 
>>> Does this mean that greylisting only works if someone sends e-mail 
>>> directly to my spamcop e-mail account?
>>>
>>> Ejo
>>
>> Yes, how else? SC is not talking to the spammers MTA on forwarded mail.
>
> My suggestion is to include this information in the greylist description, 
> I wasn't aware of this behavior.

I think you'll need to sign up to the web-fora, and have it added to the 
Wiki they are building there. 


From snowbat at geocities.com  Mon Sep 29 09:38:06 2008
From: snowbat at geocities.com (Snowbat)
Date: Mon Sep 29 09:40:03 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net>
	<ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com>
	<TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com>
	<sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com>
	<g9ooem$ft2$1@news.spamcop.net> <ga1079$5d4$1@news.spamcop.net>
Message-ID: <gbqlnu$mf6$1@news.spamcop.net>

Problem with abuse@neo-sky.com

http://www.spamcop.net/sc?action=rcache;ip=213.172.34.166
"whois 213.172.34.166@whois.ripe.net" (Getting contact from whois.ripe.net)
Abuse address in 'remarks' field: abuse@neo-sky.com
Abuse address in 'remarks' field: abuse@neo-sky.com
whois.ripe.net found abuse contacts for 213.172.34.166 = abuse@neo
whois: 213.172.32.0 - 213.172.63.255 = abuse@neo
Routing details for 213.172.34.166
Using abuse net on abuse@neo
Using best contacts abuse@neo <<<<<<<

From nobody at spamcop.net  Mon Sep 29 10:32:51 2008
From: nobody at spamcop.net (Bar0)
Date: Mon Sep 29 10:35:04 2008
Subject: [Scspamcop] Re: Again - truncated reporting address
References: <g8tpuu$ao$1@news.spamcop.net><ucclb4lkimjmuhe920a5r50ukscdbl49rp@4ax.com><TECQXhvKj0FX-pn2-dHg5K6b0t9YY@dsl-206-55-144-107.tstonramp.com><sn7vb4538jbti2tpb0qfqmc6e31vm9qmi2@4ax.com><g9ooem$ft2$1@news.spamcop.net>
	<ga1079$5d4$1@news.spamcop.net> <gbqlnu$mf6$1@news.spamcop.net>
Message-ID: <gbqoui$rfb$1@news.spamcop.net>


"Snowbat" <snowbat@geocities.com> wrote in message 
news:gbqlnu$mf6$1@news.spamcop.net...
> Problem with abuse@neo-sky.com
>
> http://www.spamcop.net/sc?action=rcache;ip=213.172.34.166
> "whois 213.172.34.166@whois.ripe.net" (Getting contact from 
> whois.ripe.net)
> Abuse address in 'remarks' field: abuse@neo-sky.com
> Abuse address in 'remarks' field: abuse@neo-sky.com
> whois.ripe.net found abuse contacts for 213.172.34.166 = abuse@neo
> whois: 213.172.32.0 - 213.172.63.255 = abuse@neo
> Routing details for 213.172.34.166
> Using abuse net on abuse@neo
> Using best contacts abuse@neo <<<<<<<
>

Frankly, I prefer spammers go un-notified. Most spam sources are bots in 
ISP's that don't really care, well, not enough to act, or bad actors. 

From spamster at my508.com  Mon Sep 29 11:22:52 2008
From: spamster at my508.com (geekyguy)
Date: Mon Sep 29 11:25:03 2008
Subject: [Scspamcop] Re: question about SenderScoreCertified reports
In-Reply-To: <gbgf52$ngh$1@news.spamcop.net>
References: <gbgdqe$k90$1@news.spamcop.net> <gbgf52$ngh$1@news.spamcop.net>
Message-ID: <gbqrsc$dhq$1@news.spamcop.net>

Hi Ellen: I sent an email to deputies last week, but never received an 
answer or acknowledgment? How long do I need to wait typically, or should I 
try again?

"Ellen" <nobody@spamcop.net> wrote in message 
news:gbgf52$ngh$1@news.spamcop.net...
> geekyguy wrote:
>> Hi: I'm the mail admin for a domain that recently joined ReturnPath's 
>> Sender Score Certified whitelist. We get a daily compliance report from 
>> them listing various feedbackloop complaint rates, including "spamcop 
>> complaints".
>>
>> I've started to see that we're in the "warning" range for SpamCop 
>> complaints for one of the IPs we mail from (the main one).
>>
>> both "postmaster" and "abuse" accounts are set up for the sending domain, 
>> and are actively monitored, but we have yet to see a single spamcop 
>> notification...is there anything else that needs to be done to monitor 
>> spamcop complaints?
>
> Write to deputies <at> admin.spamcop.net
>
>
> Ellen
> SpamCop 

From nobody at spamcop.net  Mon Sep 29 13:11:57 2008
From: nobody at spamcop.net (Ellen)
Date: Mon Sep 29 13:15:03 2008
Subject: [Scspamcop] Re: question about SenderScoreCertified reports
In-Reply-To: <gbqrsc$dhq$1@news.spamcop.net>
References: <gbgdqe$k90$1@news.spamcop.net> <gbgf52$ngh$1@news.spamcop.net>
	<gbqrsc$dhq$1@news.spamcop.net>
Message-ID: <gbr29c$7qi$1@news.spamcop.net>

geekyguy wrote:
> Hi Ellen: I sent an email to deputies last week, but never received an 
> answer or acknowledgment? How long do I need to wait typically, or 
> should I try again?
> 
> "Ellen" <nobody@spamcop.net> wrote in message 
> news:gbgf52$ngh$1@news.spamcop.net...
>> geekyguy wrote:
>>> Hi: I'm the mail admin for a domain that recently joined ReturnPath's 
>>> Sender Score Certified whitelist. We get a daily compliance report 
>>> from them listing various feedbackloop complaint rates, including 
>>> "spamcop complaints".
>>>
>>> I've started to see that we're in the "warning" range for SpamCop 
>>> complaints for one of the IPs we mail from (the main one).
>>>
>>> both "postmaster" and "abuse" accounts are set up for the sending 
>>> domain, and are actively monitored, but we have yet to see a single 
>>> spamcop notification...is there anything else that needs to be done 
>>> to monitor spamcop complaints?
>>
>> Write to deputies <at> admin.spamcop.net
>>
>>
>> Ellen
>> SpamCop 
> 

Hi geekguy -- we usually respond in less than 24 hours. So I would say 
try again. We get a ton of spam and in deleting that maybe your email 
was inadvertantly deleted. We try *not* to do that obviously but it is 
easier to spot email coming in from one of the webforms than one with a 
random subject line. You can use this form:

http://www.spamcop.net/fom-serve/cache/91.html

Make sure to include your IP range(s) and a short statement about the 
business you are in (ISP/ESP/hosting company etc), who you are and why 
you are writing. We prefer to see mail from the domain that you wish to 
discuss with us.


Ellen
SpamCop
From nobody at devnull.spamcop.net  Tue Sep 30 08:45:20 2008
From: nobody at devnull.spamcop.net (Giampaolo Tomassoni)
Date: Tue Sep 30 08:45:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com> <gb0lkh$7vf$1@news.spamcop.net>
	<48D4122D.9090506@fishnet.com> <gb1f25$d5h$1@news.spamcop.net>
Message-ID: <gbt6vv$tjh$1@news.spamcop.net>

"Farelf" <user@domain.invalid> ha scritto nel messaggio 
news:gb1f25$d5h$1@news.spamcop.net...
> rooster wrote:
>> Giampaolo Tomassoni wrote:
>>
>
>>>
>>> It is a matter of facts, that the more one works, the biggest is the 
>>> number of "achieved" Duhs... :)
>>>
>>> Giampaolo
>>
>>
>> "...works" ??? I don't follow...
>>
>
> Heh, Giampaolo pays you the courtesy of supposing that what you do 
> constitutes work Rooster and, in truth, learning - or at least 
> investigating - is a chore which most manage to avoid.  But not you, and 
> in public too.  Which facts excite admiration, and the wish to offer 
> consolation, in my heart no less than Giampaolo's. Another compliment but 
> Gianpaolo's was less wordy.

Farelf,

thank you for interpreting my poor english wording: that was exactly what I 
meant.

Sorry for replying so lately, but I sent my reply right before entering 
"vacation mode". I just got back to work... :)

Giampaolo 


From user at domain.invalid  Tue Sep 30 09:45:28 2008
From: user at domain.invalid (Farelf)
Date: Tue Sep 30 09:50:03 2008
Subject: [Scspamcop] Re: Whose URL is Named?
In-Reply-To: <gbt6vv$tjh$1@news.spamcop.net>
References: <gav24t$b83$1@news.spamcop.net> <gav2rq$dnf$1@news.spamcop.net>
	<48D32FBC.50100@fishnet.com> <gavmsk$lkg$1@news.spamcop.net>
	<48D3BE5B.3070702@fishnet.com> <gb0lkh$7vf$1@news.spamcop.net>
	<48D4122D.9090506@fishnet.com> <gb1f25$d5h$1@news.spamcop.net>
	<gbt6vv$tjh$1@news.spamcop.net>
Message-ID: <gbtahn$aqg$1@news.spamcop.net>

Giampaolo Tomassoni wrote:

> Farelf,
> 
> thank you for interpreting my poor english wording: that was exactly what I 
> meant.

You're most welcome Giampaolo - but your English is fine.

> 
> Sorry for replying so lately, but I sent my reply right before entering 
> "vacation mode". I just got back to work... :)
> 
> Giampaolo 
> 
> 

Hope you had a good time - and glad to see you back.

Steve
From spamster at my508.com  Tue Sep 30 10:48:16 2008
From: spamster at my508.com (geekyguy)
Date: Tue Sep 30 10:50:03 2008
Subject: [Scspamcop] Re: question about SenderScoreCertified reports
In-Reply-To: <gbr29c$7qi$1@news.spamcop.net>
References: <gbgdqe$k90$1@news.spamcop.net> <gbgf52$ngh$1@news.spamcop.net>
	<gbqrsc$dhq$1@news.spamcop.net> <gbr29c$7qi$1@news.spamcop.net>
Message-ID: <gbte7h$r91$1@news.spamcop.net>

Thanks, Ellen...I used the form to resubmit.

"Ellen" <nobody@spamcop.net> wrote in message 
news:gbr29c$7qi$1@news.spamcop.net...
> geekyguy wrote:
>> Hi Ellen: I sent an email to deputies last week, but never received an 
>> answer or acknowledgment? How long do I need to wait typically, or should 
>> I try again?
>>
>> "Ellen" <nobody@spamcop.net> wrote in message 
>> news:gbgf52$ngh$1@news.spamcop.net...
>>> geekyguy wrote:
>>>> Hi: I'm the mail admin for a domain that recently joined ReturnPath's 
>>>> Sender Score Certified whitelist. We get a daily compliance report from 
>>>> them listing various feedbackloop complaint rates, including "spamcop 
>>>> complaints".
>>>>
>>>> I've started to see that we're in the "warning" range for SpamCop 
>>>> complaints for one of the IPs we mail from (the main one).
>>>>
>>>> both "postmaster" and "abuse" accounts are set up for the sending 
>>>> domain, and are actively monitored, but we have yet to see a single 
>>>> spamcop notification...is there anything else that needs to be done to 
>>>> monitor spamcop complaints?
>>>
>>> Write to deputies <at> admin.spamcop.net
>>>
>>>
>>> Ellen
>>> SpamCop
>>
>
> Hi geekguy -- we usually respond in less than 24 hours. So I would say try 
> again. We get a ton of spam and in deleting that maybe your email was 
> inadvertantly deleted. We try *not* to do that obviously but it is easier 
> to spot email coming in from one of the webforms than one with a random 
> subject line. You can use this form:
>
> http://www.spamcop.net/fom-serve/cache/91.html
>
> Make sure to include your IP range(s) and a short statement about the 
> business you are in (ISP/ESP/hosting company etc), who you are and why you 
> are writing. We prefer to see mail from the domain that you wish to 
> discuss with us.
>
>
> Ellen
> SpamCop 

From 127 at [127.0.0.1]  Tue Sep 30 14:13:49 2008
From: 127 at [127.0.0.1] (vg4cysss7001)
Date: Tue Sep 30 15:25:03 2008
Subject: [Scspamcop] Re: RESOLVED?  Re: Twayne summary
References: <gbdo3d$6f9$1@news.spamcop.net> <gbhmth$85e$1@news.spamcop.net>
Message-ID: <tebT50Hdxm4IFweN@spam.filter>

In article <gbhmth$85e$1@news.spamcop.net>, Twayne 
<nobody@devnull.spamcop.net> writes
[snip]
>Too bad you don't live around here; I'd buy you all two or ten fav 
>drinks at our local establishment, even if I'm not allowed to 
>participate anymore.

I have watched this thread with interest.
I am glad that it appears to be resolved.
I was a paying subscriber to Spamcop, then merely a reporter.
A couple of months ago my reporting was suspended until I "mailhost",
but I have so many e-mail accounts, domains and limited bandwidth, it 
must wait :-(

BTW Sneakemail seems to work fine for me.

I am 6,000 miles from home, in another continent, but have good, cheap 
vodka :-)

Regards from Novosibirsk,
-- 
Misha
Free on-line, off-site backups?
<https://mozy.com/?ref=UK45Y5>
From g.hyde at bigNOSPAMpond.net.au  Tue Sep 30 18:17:24 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Tue Sep 30 18:20:02 2008
Subject: [Scspamcop] Is the spammer trying for the most reports in one spam
	or something?
Message-ID: <gbu8hu$9mh$1@news.spamcop.net>

http://www.spamcop.net/sc?id=z2291381718ze3f4efc0087fc11ceec2d755bc20d413z

If you have a look at the tracker, this came up with about 15-20 reports all 
for the same domain in China.

Are they trying to see which spammer has the most overinflated ego or 
something?

You'd think the last thing the spammer would want is to spam him/herself 
with SpamCop reports!  <g>


Cheers ...

Geoffrey Hyde



From MikeE at ster.invalid  Tue Sep 30 18:36:56 2008
From: MikeE at ster.invalid (Mike Easter)
Date: Tue Sep 30 18:40:04 2008
Subject: [Scspamcop] Re: Is the spammer trying for the most reports in one
	spam or something?
References: <gbu8hu$9mh$1@news.spamcop.net>
Message-ID: <gbu9m9$fqh$1@news.spamcop.net>

Geoffrey Hyde wrote:
z2291381718ze3f4efc0087fc11ceec2d755bc20d413z
>
> If you have a look at the tracker, this came up with about 15-20
> reports all for the same domain in China.

But if I refresh the cache, it comes down to just 1 each for the source
and 2 spamvertiser providers:

If reported today, reports would be sent to:
Re: 211.157.127.35 (Administrator of network where email originates)
anti-spam@ns.chinanet.cn.net
postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net

Re: http://www.analyst.com.cn/ (Administrator of network hosting website
referenced in spam)
ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
anti-spam@ns.chinanet.cn.net

Re: http://www.cichina.org/ (Administrator of network hosting website
referenced in spam)
ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
anti-spam@ns.chinanet.cn.net

The only notify which isn't devnulled is the 'parent' which comes from the
abuse.net reg'd notify anti-spam@ns.chinanet.cn.net whch doesn't actually
have anything (directly) to do with the source or the spamvertisers -- it
is a waste of notify bandwidth, and is another example of my philosophy
about wishing for an optional configuration by the spamcop reporter about
what s/he is going to do about notifies.

In a great many situations, there shouldn't be any notifying.  In this
case, going from a 'whole bunch' of notifies to only 3 notifies, 1 each
for the source & 2 spamvertisers, could be improved still further by
making no/zero notifies -- but that wouldn't suit a great many spamcop
reporters.




-- 
Mike Easter
kibitzer, not SC admin

From g.hyde at bigNOSPAMpond.net.au  Tue Sep 30 19:04:59 2008
From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde)
Date: Tue Sep 30 19:10:02 2008
Subject: [Scspamcop] Re: Is the spammer trying for the most reports in one
	spam or something?
References: <gbu8hu$9mh$1@news.spamcop.net> <gbu9m9$fqh$1@news.spamcop.net>
Message-ID: <gbubb6$le9$1@news.spamcop.net>


"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:gbu9m9$fqh$1@news.spamcop.net...
> Geoffrey Hyde wrote:
> z2291381718ze3f4efc0087fc11ceec2d755bc20d413z
>>
>> If you have a look at the tracker, this came up with about 15-20
>> reports all for the same domain in China.
>
> But if I refresh the cache, it comes down to just 1 each for the source
> and 2 spamvertiser providers:

It'd help reporting a great deal if SpamCop could automatically weed out 
duplicated notifies.  Perhaps there is a reason it's done the way it is.

> If reported today, reports would be sent to:
> Re: 211.157.127.35 (Administrator of network where email originates)
> anti-spam@ns.chinanet.cn.net
> postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
> ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
>
> Re: http://www.analyst.com.cn/ (Administrator of network hosting website
> referenced in spam)
> ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
> postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
> anti-spam@ns.chinanet.cn.net
>
> Re: http://www.cichina.org/ (Administrator of network hosting website
> referenced in spam)
> ipmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
> postmaster#cetc-chinacomm.com.cn@devnull.spamcop.net
> anti-spam@ns.chinanet.cn.net
>
> The only notify which isn't devnulled is the 'parent' which comes from the
> abuse.net reg'd notify anti-spam@ns.chinanet.cn.net whch doesn't actually
> have anything (directly) to do with the source or the spamvertisers -- it
> is a waste of notify bandwidth, and is another example of my philosophy
> about wishing for an optional configuration by the spamcop reporter about
> what s/he is going to do about notifies.

Then why does SpamCop list it as a notify?  If the routing database is 
incorrect, or out-of-date, it obviously needs an updated notify to be 
notifying.  Stale data is never good for real-time applications.

> In a great many situations, there shouldn't be any notifying.  In this
> case, going from a 'whole bunch' of notifies to only 3 notifies, 1 each
> for the source & 2 spamvertisers, could be improved still further by
> making no/zero notifies -- but that wouldn't suit a great many spamcop
> reporters.

I really don't care how many notifies do or don't get sent as long as the 
spam when reported qualifies and generates the appropriate entry for the 
SpamCop blocklist/listing for the source IP.


Cheers ...

Geoffrey Hyde