From nobody at spamcop.net Sun Feb 1 09:36:25 2009 From: nobody at spamcop.net (Steven Underwood) Date: Sun Feb 1 09:40:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: "VanguardLH" wrote in message news:gm2mv7$rnk$1@news.spamcop.net... > Steven Underwood wrote: > >> "VanguardLH" wrote in message >> news:gm0fij$sgn$1@news.spamcop.net... >>> >>> Yes, the FTC requested SpamCop stop sending the spam reports en masse. >> >> Correct. Your ISP however has apparently requested it receive no reports >> in >> SpamCop's format. >> >> I don't understand why you don't get this. It was a decision by your ISP >> not to receive any further messages through SpamCop. They could reverse >> this decision by communicating that to the deputies. > > I do get it. See my reply to Ellen. However, their choice seems > arbitrary. It is SpamCop's policy to comply with those requests > regardless of their insanity. Presumably the same information in a > user's manually delivered spam report would already be in the SpamCop > report. Same stuff, same address but not allowed from SpamCop but > allowed from their customer. But perhaps the additional information in SpamCop's reports are what they don't want to wade through... I don't know, but again it is your ISP to complain to, not SpamCop. I don't feel SpamCop (nor anyone else, for that matter) should ignore someone's request to stop sending information that is not wanted. > > The only SpamCop users that would be sending *missed* spam reports to > Comcast would be Comcast customers using SpamCop to facilitate a report > in a standardized form (rather than hacking together something a bit > different every time you report it yourself). The SpamCop user isn't > reporting a spam originated from Comcast. The SpamCop user would be > reporting *missed* spam which Comcast has permitted a means to report to > get their spam filter updated. Non-Comcast users would have no reason > to be sending spam reports to Comcast's missed-spam address as they > receive no benefit from Comcast updating their spam filter as a > consequence. 1. It is quite possible they get a lot more reports at that address than just what has been requested. It is likely they also get manual spam reports from Non-Comcast users there to pick through. Some reporters send messages to any/all addresses they can find at an ISP to report to. 2. SpamCop's report specifically state that an IP (and as you state, likely not a Comcast IP) has sent the spam. More junk to wade through. If I were manning that address, I would want just the forwarded message with headers (forward as attachment), nothing else. > > I think this is more of a survival tactic by those at Comcast that have > to deal with the spam reports. As with the FTC, they simply cannot > handle all the SpamCop-using Comcast customers that were issuing spam > reports from SpamCop. That also means they couldn't handle that load > from their own users that directly e-mail the spam report without using > SpamCop. They don't want to expend the resources to handle that load. > They know that cutting of SpamCop will lower the missed-spam reports to > a trickle, especially since the vast majority of other Comcast users > that I've spoken with didn't even have a clue that such a reporting > address existed. They want their users using the automated spam > adjustment mechanism in their webmail agent (where you click on a Spam > button to identify missed spam). This alleviates them having to employ > more people to handle the manual instigated missed-spam reports. If > every SpamCop-using Comcast customer were to always submit their own > separate spam report to their missed-spam address (like including > yourself in a copy of SpamCop's report and then resending that to > Comcast), they'd probably just turn off that missed-spam account or have > it automatically dump those reports into the bit bucket. > > By turning off the avenue for SpamCop-generated reports, Comcast has > effectively declared that they don't really bother handling the > missed-spam reports because they just don't have the manpower for it. Or perhaps they were getting too many reports that were not what the address was for. The above is all your speculation, your interpretation, unless you have proof otherwise (an email specifically stating as such, which I doubt anyone would create). From Ag2000CO at Starband.net Sun Feb 1 10:53:10 2009 From: Ag2000CO at Starband.net (LKing) Date: Sun Feb 1 10:55:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote, On 1/31/2009 6:30 PM: > Steven Underwood wrote: > >> "VanguardLH" wrote in message >> news:gm0fij$sgn$1@news.spamcop.net... >>> Yes, the FTC requested SpamCop stop sending the spam reports en masse. >> Correct. Your ISP however has apparently requested it receive no reports in >> SpamCop's format. >> >> I don't understand why you don't get this. It was a decision by your ISP >> not to receive any further messages through SpamCop. They could reverse >> this decision by communicating that to the deputies. > > I do get it. See my reply to Ellen. However, their choice seems > arbitrary. Arbitrary, stupid, non-caring, to busy, who knows? and unless your ISP post here, we are all just guessing. For whatever reason, rational or capricious, they have requested spamcop to not send them email. Spamcop should honer their request or run the risk of being a spammer. Wouldn't that be ironic, SpamCop on other's BL? Businesses make decisions in an effort to meet their objectives. Unless you understand their goals, it is hard to understand their choices. From nobody at spamcop.net Sun Feb 1 10:55:15 2009 From: nobody at spamcop.net (bar0) Date: Sun Feb 1 11:00:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: "LKing" wrote in message news:gm4ghf$sua$1@news.spamcop.net... ... > > Businesses make decisions in an effort to meet their objectives. Unless > you understand their goals, it is hard to understand their choices. Even then, it can still be challenging. From V at nguard.LH Sun Feb 1 19:30:20 2009 From: V at nguard.LH (VanguardLH) Date: Sun Feb 1 19:30:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Steven Underwood wrote: > "VanguardLH" wrote: >> >> The only SpamCop users that would be sending *missed* spam reports to >> Comcast would be Comcast customers using SpamCop to facilitate a report >> in a standardized form (rather than hacking together something a bit >> different every time you report it yourself). The SpamCop user isn't >> reporting a spam originated from Comcast. The SpamCop user would be >> reporting *missed* spam which Comcast has permitted a means to report to >> get their spam filter updated. Non-Comcast users would have no reason >> to be sending spam reports to Comcast's missed-spam address as they >> receive no benefit from Comcast updating their spam filter as a >> consequence. > > 1. It is quite possible they get a lot more reports at that address than > just what has been requested. It is likely they also get manual spam > reports from Non-Comcast users there to pick through. Some reporters send > messages to any/all addresses they can find at an ISP to report to. I cannot figure out that claim. SpamCop should have never itself used the missed-spam address for Comcast. SpamCop reports spam to the source's provider, not to the recipient's provider (unless that was the source). SpamCop should be issuing spam reports to Comcast's general abuse reporting address (abuse@comcast.net), not to their missed-spam address (missed-spam@comcast.net). Missed-spam is not about spam coming *from* Comcast. It's about spam that Comcast's spam filter missed in *received* e-mails. Perhaps SpamCop was improperly using the missed-spam address for general reporting and that's why Comcast asked to have it stopped. SpamCop should never have used the missed-spam address to send reports to Comcast. Only Comcast customers should be using the missed-spam address. Only SpamCopy users that are Comcast users should be specifying the missed-spam address as an additional contact. So if SpamCop was not mistakeningly sending spam reports to Comcast's missed-spam address (i.e., SpamCop always used abuse@comcast.net to send its spam reports), we are left with SpamCop users that add the missed- spam address to their Preferences as an additional contact. Well, why would a non-Comcast user at SpamCop be reporting missed spam to Comcast? That would be like me sending a *missed* spam report to Earthlink although I'm not an Earthlink customer. Why would Comcast users be wanting to help Earthlink users eliminated spam getting past Earthlink's spam filter? Similarly, why would Earthlink users be trying to update Comcast's spam filter (which only filters out incoming spam, not ougoing spam)? Makes no sense why anyone would report missed spam to update a spam filter at an ISP that they don't use. If there are such users at SpamCop that are erroneously reporting *missed* spam other than to their own e-mail provider, well, those same user are not reliable SpamCop users who probably never bother to check the technical details to ensure the report is going where it is supposed to go. They're crappy SpamCop users. I doubt that would be so many non-Comcast users that had added missed-spam@comcast.net to their additional contacts in their Preferences that it would so inundate Comcast that they would take action by requesting SpamCop sending all reports to that address. I can't see that the volume of SpamCop reports coming from non-Comcast customers using SpamCop would be more than a one-drop drip per week from the faucet. - How many non-Comcast customers using SpamCop would be reporting *missed* spam to Comcast to get Comcast to update its incoming spam filter that is only usable by Comcast customers? Probably none or some very tiny number. - How many Comcast customers using SpamCop include the missed-spam address in their additional contacts in Preferences? Well, I doubt it's anywhere close to 100%. So where did the volume come from that irritated Comcast so they closed that account to SpamCop? That's why I suspect that SpamCop itself might have improperly used the missed-spam address. Or it was a problem in the format of the spam report (see below). > 2. SpamCop's report specifically state that an IP (and as you state, likely > not a Comcast IP) has sent the spam. More junk to wade through. If I were > manning that address, I would want just the forwarded message with headers > (forward as attachment), nothing else. It could be, as you say, that Comcast found the added information in the SpamCop report to be too much for them to parse. Yet they obviously don't regulate what is in a spam report issued by a Comcast customer sending their own spam report to that same missed-spam address. The Comcast folks would still have to wade through all the additional comments that a user put in their spam report that they sent directly to Comcast. Some abuse desks require that the spam not be in an attached file (so you must include all headers so they can trace it). Some want it as an attached file to ensure they get the headers from the original e-mail. So I'm wondering if SpamCop's report has the spam e-mail as inline (i.e., in the body) rather than as an attached file. If that's the case, Comcast wants the spam attached but SpamCop puts it in the body so Comcast's parsing ends up with nothing it can send forward to its abuse desk folks. I haven't sent myself a SpamCop report in years so I don't know if SpamCop puts the entire spam in the body of their report e-mail or if they attach the spam to their report e-mail. Question: In a SpamCop report, is the spam exhibit shown inline with the body of the e-mail or as an attachment? At http://preview.tinyurl.com/azxsko, "The missed spam (spam that made it through the filters that reside on the Comcast mail servers) must be sent to missed-spam@comcast.net as RFC-822 MIME encoded attachments." They want the spam exhibit as an attachment in the report that is e-mailed to them. From V at nguard.LH Sun Feb 1 19:31:11 2009 From: V at nguard.LH (VanguardLH) Date: Sun Feb 1 19:35:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: bar0 wrote: > "LKing" wrote in message > news:gm4ghf$sua$1@news.spamcop.net... > ... >> >> Businesses make decisions in an effort to meet their objectives. Unless >> you understand their goals, it is hard to understand their choices. > > Even then, it can still be challenging. Yes, people don't always say what they mean, and they don't always mean what they say. From tmcgraw at spamcop.net Mon Feb 2 02:35:41 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Feb 2 02:40:08 2009 Subject: [Scspamcop] Stats graphs Message-ID: Does anyone know how to get the .gif files for spamday, spammonth, etc. back on track? From nobody at nowhere.not Mon Feb 2 03:12:25 2009 From: nobody at nowhere.not (Robert Blair) Date: Mon Feb 2 03:15:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: On Mon, 2 Feb 2009 00:30:20 UTC, VanguardLH wrote: > So if SpamCop was not mistakeningly sending spam reports to Comcast's > missed-spam address (i.e., SpamCop always used abuse@comcast.net to send > its spam reports), we are left with SpamCop users that add the missed- > spam address to their Preferences as an additional contact. Well, why > would a non-Comcast user at SpamCop be reporting missed spam to Comcast? > That would be like me sending a *missed* spam report to Earthlink > although I'm not an Earthlink customer. Why would Comcast users be > wanting to help Earthlink users eliminated spam getting past Earthlink's > spam filter? Similarly, why would Earthlink users be trying to update > Comcast's spam filter (which only filters out incoming spam, not ougoing > spam)? Makes no sense why anyone would report missed spam to update a > spam filter at an ISP that they don't use. > > If there are such users at SpamCop that are erroneously reporting > *missed* spam other than to their own e-mail provider, well, those same > user are not reliable SpamCop users who probably never bother to check > the technical details to ensure the report is going where it is supposed > to go. They're crappy SpamCop users. I doubt that would be so many > non-Comcast users that had added missed-spam@comcast.net to their > additional contacts in their Preferences that it would so inundate > Comcast that they would take action by requesting SpamCop sending all > reports to that address. There are a number of reporters that send spam to every email address they can find because some ISPs do not do a lot to reduce their spam problem. > I can't see that the volume of SpamCop reports > coming from non-Comcast customers using SpamCop would be more than a > one-drop drip per week from the faucet. It does not necessarily have to be a large number of incorrect reports to have them request that spamcop stop sending reports. > - How many non-Comcast customers using SpamCop would be reporting > *missed* spam to Comcast to get Comcast to update its incoming spam > filter that is only usable by Comcast customers? Probably none or some > very tiny number. Probably more than you think. > - How many Comcast customers using SpamCop include the missed-spam > address in their additional contacts in Preferences? Well, I doubt it's > anywhere close to 100%. > > So where did the volume come from that irritated Comcast so they closed > that account to SpamCop? That's why I suspect that SpamCop itself might > have improperly used the missed-spam address. Or it was a problem in > the format of the spam report (see below). I doubt that spamcop would send reports to that address unless Comcast had it listed as a spam reporting address. So if we assume that Comcast did not do that the only thing left is that some spamcop users added the missed-spam address on purpose, most likely because Comcast did not do much to stop spam. I am of the opinion that Comcast does not do much to stop spam because of the amount of spam I get from them. > -- Robert Blair From V at nguard.LH Mon Feb 2 06:09:27 2009 From: V at nguard.LH (VanguardLH) Date: Mon Feb 2 06:10:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: So, until I get a spam to report through SpamCop to get back a copy of one of their report e-mails, do you know the answer to my last question regarding the spam exhibit as inline or attached? From nobody at devnull.spamcop.net Mon Feb 2 12:08:58 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Mon Feb 2 12:10:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: > Twayne wrote: >>> VanguardLH wrote: > >>>> so why won't SpamCop let me report >>>> there? > >> But ... why won't spamcop allow reporting to >> missed... ? > > SC has a very sound policy to not be > notifying/emailing > addresses which don't want that mail. > > Many providers and mail admins find it > unfortunate that > you have to *tell* SC to not be notifying some > address, > rather than the default being 'do not email this > address > unless I ask for you to' -- which you would > think that > most antispammers would understand/assume, since > we tend > to think anyone who emails us something we > didn't request > is spam. Ah, guess I missed someting; agreed. . Twayne From tmcgraw at spamcop.net Mon Feb 2 12:30:05 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Feb 2 12:30:09 2009 Subject: [Scspamcop] Re: Stats graphs In-Reply-To: References: Message-ID: Tim McGraw wrote: > Does anyone know how to get the .gif files for spamday, spammonth, etc. > back on track? Fixed now. Thanks! From nobody at nowhere.not Mon Feb 2 13:29:02 2009 From: nobody at nowhere.not (Robert Blair) Date: Mon Feb 2 13:30:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: On Mon, 2 Feb 2009 11:09:27 UTC, VanguardLH wrote: > So, until I get a spam to report through SpamCop to get back a copy of > one of their report e-mails, do you know the answer to my last question > regarding the spam exhibit as inline or attached? It is inline. -- Robert Blair From nobody at devnull.spamcop.net Mon Feb 2 14:06:04 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Mon Feb 2 14:10:08 2009 Subject: [Scspamcop] Re: Stats graphs References: Message-ID: "Tim McGraw" wrote in message news:gm67oe$fah$1@news.spamcop.net... > Does anyone know how to get the .gif files for spamday, spammonth, > etc. back on track? As stated over in http://forum.spamcop.net/forums/index.php?showtopic=10057 the current status of that server isn't (well, now wasn't) known. Easiest to suggest that someone enjoyed a week-end off, but made it to the data-center this morning. From nobody at spamcop.net Mon Feb 2 20:09:15 2009 From: nobody at spamcop.net (Steven Underwood) Date: Mon Feb 2 20:10:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: "VanguardLH" wrote in message news:gm5eos$1kd$1@news.spamcop.net... > > I cannot figure out that claim. SpamCop should have never itself used > the missed-spam address for Comcast. SpamCop reports spam to the > source's provider, not to the recipient's provider (unless that was the > source). SpamCop should be issuing spam reports to Comcast's general > abuse reporting address (abuse@comcast.net), not to their missed-spam > address (missed-spam@comcast.net). Missed-spam is not about spam coming > *from* Comcast. It's about spam that Comcast's spam filter missed in > *received* e-mails. Perhaps SpamCop was improperly using the > missed-spam address for general reporting and that's why Comcast asked > to have it stopped. SpamCop should never have used the missed-spam > address to send reports to Comcast. Only Comcast customers should be > using the missed-spam address. Only SpamCopy users that are Comcast > users should be specifying the missed-spam address as an additional > contact. Should, but that is no guarantee that only Comcast users are using that address. A simple Google search found 391 different entries for "missed-spam@comcast.net". Some are very public sites (like dslreports and macworld). I have not said (or did not mean to say) that SpamCop used the address improperly, just that others may have improperly used that address in the very way you are trying to use it properly. From V at nguard.LH Mon Feb 2 21:02:41 2009 From: V at nguard.LH (VanguardLH) Date: Mon Feb 2 21:00:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Mike Easter wrote: > Many providers and mail admins find it unfortunate that you have to *tell* > SC to not be notifying some address, rather than the default being 'do not > email this address unless I ask for you to' ... So why do these e-mail providers *publish* an abuse address to report the spam? It's like a newspaper announcement that makes a public declaration. No one needs permission because you publicly declared the abuse address. If they don't want spam reports then they should not publicly announce an e-mail address of where to direct spam reports. Does SpamCop send spam reports to non-published abuse addresses? From V at nguard.LH Mon Feb 2 21:06:34 2009 From: V at nguard.LH (VanguardLH) Date: Mon Feb 2 21:05:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Robert Blair wrote: > On Mon, 2 Feb 2009 11:09:27 UTC, VanguardLH wrote: > >> So, until I get a spam to report through SpamCop to get back a copy of >> one of their report e-mails, do you know the answer to my last question >> regarding the spam exhibit as inline or attached? > > It is inline. Oh crap. Comcast wants it as an attachment. Inline forwarding is ALWAYS an edited copy (even if a true replica of entire contents of an e-mail is provided, including headers) and why many abuse desks won't accept the spam exhibit within the body of the e-mail but want it as an attachment. It makes easier the parsing of an the attached *original* e-mail when it is attached rather than trying to dig it out from the inline copy in the body. Since Comcast states that the spam exhibit must be forwarded as an attachment, it makes sense why they don't want unusable (to them) the spam reports from SpamCop. Thanks for the info. From V at nguard.LH Mon Feb 2 21:24:24 2009 From: V at nguard.LH (VanguardLH) Date: Mon Feb 2 21:25:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Steven Underwood wrote: > "VanguardLH" wrote in message > news:gm5eos$1kd$1@news.spamcop.net... >> >> I cannot figure out that claim. SpamCop should have never itself used >> the missed-spam address for Comcast. SpamCop reports spam to the >> source's provider, not to the recipient's provider (unless that was the >> source). SpamCop should be issuing spam reports to Comcast's general >> abuse reporting address (abuse@comcast.net), not to their missed-spam >> address (missed-spam@comcast.net). Missed-spam is not about spam coming >> *from* Comcast. It's about spam that Comcast's spam filter missed in >> *received* e-mails. Perhaps SpamCop was improperly using the >> missed-spam address for general reporting and that's why Comcast asked >> to have it stopped. SpamCop should never have used the missed-spam >> address to send reports to Comcast. Only Comcast customers should be >> using the missed-spam address. Only SpamCopy users that are Comcast >> users should be specifying the missed-spam address as an additional >> contact. > Should, but that is no guarantee that only Comcast users are using that > address. A simple Google search found 391 different entries for > "missed-spam@comcast.net". Some are very public sites (like dslreports and > macworld). I have not said (or did not mean to say) that SpamCop used the > address improperly, just that others may have improperly used that address > in the very way you are trying to use it properly. Your simple Google search must've been a bit more complex than mine. I used: http://www.google.com/search?q=%2B"missed-spam@comcast.net" and got 45,300 hits. By the way, DSLreports has a Comcast group so obviously there are Comcast customers over there that could be discussing how they could report spam to their own ISP. I took a random sample from my Google search, and found: http://www.zolved.com/synapse/view_content/15113/How_do_i_report_spam_to_Comcast_if_Im_using_E-Mail_program_ Discusses how *Comcast* customers can report missed spam. http://www.dslreports.com/forum/remark,10953180 *Comcast* user discussion. http://forums.macworld.com/message/303376 *Comcast* users in a discussion. http://www.staysafeonline.org/content/report-and-handle-problems An article that tells *Comcast* (and other ISP) users where to report missed spam to *their* ISP. http://www.medkb.com/Uwe/Forum.aspx/arthritis-forum/1382/OTP-Calling-all-Geeks A *Comcast* customer notes they discovered the missed-spam address. When you start digging into past the 20th hit, Google starts slicing up the phrase into words (although the phrase has been quoted) and including those articles in its results list, so it doesn't take too long before you go off your search criteria. I only looked at a few but the hit count says NOTHING about why the articles mention the missed-spam address for Comcast. I haven't seen anyone jump in here who is a non-Comcast customer and explaining why they would be sending spam reports to Comcast's *missed* spam address. I suppose there might be some old Comcast customers that switched to another ISP that never bothered to update their SpamCop preferences. From tmcgraw at spamcop.net Mon Feb 2 22:36:12 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Feb 2 22:40:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote: > So why do these e-mail providers *publish* an abuse address to report the spam? It's not an abuse address in the classic sense. That addy only wants email from comcast customers - which would be on their internal network, regardless of the "Reply To" header received. > It's like a newspaper announcement that makes a public declaration. No one needs permission because you publicly declared the abuse address. No it's not. It's like a newspaper publishing a customer service line and a subscription line. You're either a customer or your not. > Your simple Google search must've been a bit more complex than mine. I used: > > http://www.google.com/search?q=%2B"missed-spam@comcast.net" > > and got 45,300 hits. If this unscientific research is designed to prove that the missed_spam addy wants submissions from the general public, it fails miserably. From user at domain.invalid Tue Feb 3 00:40:30 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 3 00:45:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote: ... >...If they don't want spam reports then they should not > publicly announce an e-mail address of where to direct spam reports. > True, but SC is a repetitious reporter of volume and doesn't fight that fight if asked to desist - and it is no skin off SC's nose if an ISP doesn't wish to avail itself of the 'heads up' opportunity to identify and deal with spam sources in its net space. If those spam souces regularly send to spamtraps, there is no 'heads up' before they list on the SCBL anyway though there would probably be member reports for the same sources - but it is their business, run their way. My own ISP has no interest in dealing with or co-operating with SC (or any other DNSBL) in any way. But they make available "Ironport Systems anti-spam filtering" which literally (in my experience - obtained by turning it off) catches considerably more than 99% of all inbound spam. Perhaps they figure they do enough already because they apply filters (can't be the same systems?)to all outgoing mail too (and that is not switchable). Identified spam is silently dropped, no message back to the sender within their network. That makes it very difficult for a SC reporter to submit by e-mail from within the network, which is what I mean by their disinterest in co-operation. They may feel that anything to be reported would almost certainly be detected by their inwards filters anyway. They don't care at all about the SCBL as such (in matters like helping to maintain listing for the duration of a spam run, etc.). I'm sure there are others the same. > Does SpamCop send spam reports to non-published abuse addresses? Not in the sense I think you mean. There *are* unlisted addresses for SC reporting but they are set up with SC by the ISPs/entities concerned AFAICT. From V at nguard.LH Tue Feb 3 03:48:21 2009 From: V at nguard.LH (VanguardLH) Date: Tue Feb 3 03:50:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Tim McGraw wrote: > VanguardLH wrote: >> So why do these e-mail providers *publish* an abuse address to report the spam? > > It's not an abuse address in the classic sense. That addy only wants > email from comcast customers - which would be on their internal network, > regardless of the "Reply To" header received. Now your quoting from my post in a different subthread that discussed a different subtopic. Easter thinks SpamCop should get permission from an e-mail provider before they send spam reports there. Yet those abuse addresses are publicly announced for anyone, including SpamCop, to send abuse reports. You took my reply out of context. Yes, the missed-spam address is only for use by Comcast customers. No, there is no requirement that such reports be delivered from a Comcast account (i.e., "on their internal network"). If I use Gmail or any other service to pull e-mails from my POP Comcast account, I can still send a spam report from that other domain to Comcast's missed-spam address. They don't block spam reports to that address in which a non-Comcast domain is listed in any of the Received headers. Also, Comcast itself offers an user-configurable option to push (forward) your e-mails to another e-mail account (on a different domain) so obviously you might be submitting an spam exhibit from a non-Comcast domain. >> It's like a newspaper announcement that makes a public declaration. No one needs permission because you publicly declared the abuse address. > > No it's not. It's like a newspaper publishing a customer service line > and a subscription line. You're either a customer or your not. Again you took my reply out of context. I wasn't discussing the missed-spam address in that reply. I was addressing Easter's position that e-mail provider's should first invite SpamCop to send spam reports despite that those same e-mail providers publicly publish an abuse address to which anyone can send a spam report. I was talking about the general or published abuse address, the one to which SpamCop send spam report when that domain is the *source* of the spam, NOT the missed-spam address at Comcast. >> Your simple Google search must've been a bit more complex than mine. I used: >> >> http://www.google.com/search?q=%2B"missed-spam@comcast.net" >> >> and got 45,300 hits. > > If this unscientific research is designed to prove that the missed_spam > addy wants submissions from the general public, it fails miserably. Yep, which matches up with my point that a hit count from Google doesn't prove or disprove that non-Comcast users are discussing the missed-spam address at Comcast. I discounted Steven's claim about his Google search that attempted to prove that non-Comcast users were discussing or using the missed-spam Comcast address. You agree. My point was that I suspect there are no, or extremely few, SpamCop-using non-Comcast customers that are using the missed-spam Comcast address. No, I don't have proof. I don't have access to SpamCop's account info to see how many users are there who register with a non-Comcast e-mail address have the missed-spam Comcast address in their preferences as an additional recipient of spam reports. There's no point to it. They get no benefit from it. They would have to go hunting around for such e-mail address to include them although those addresses have nothing to do with missed spam with their own e-mail provider. That would be the same as some SpamCop user trying to insert as many abuse addresses in their preference setup but which have nothing to do with the actual source of a spam (so such abusive SpamCop users would be sending spam reports to innocent e-mail providers). As found out in another subthread, Blair says SpamCop puts the spam exhibit inline (i.e., in the body) of the spam report e-mail. Comcast requires the spam exhibit be an attached file when sent to the missed- spam address. So despite all the arguments of why Comcast might've asked SpamCop to not send to their missed-spam address, it becomes self-evident that the reason was a conflict in format for the spam report e-mail. Comcast can't use the spam reports sent by SpamCop. That also means there is no point in adding myself as a recipient of a SpamCop report to then forward it to Comcast. Comcast doesn't want it inline (which it would be even if I attached the spam report that SpamCop sent me since it would be inline to the attached e-mail). It's an e-mail format incompatibility issue. From g.hyde at bigNOSPAMpond.net.au Tue Feb 3 07:27:21 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Tue Feb 3 07:30:08 2009 Subject: [Scspamcop] More viral propagations for those interested. Message-ID: http://www.spamcop.net/sc?id=z2582034567z04e3b9dbdfdec86938d5fdb4038ac550z I get a few of these occasionally, it seems the spammer would want people to believe that BigPond Technical Support is now hosted out of saix.net - unfortunately such is not the case, and all the spammers are doing is showing how clueless they are about how BigPond Technical Support actually works in Australia. I wonder how long it'll be before saix.net in this instance receives enough complaints about viral propagations being spewed from their customers before they take appropriate action and rectify the situation? Does anyone know what their hat color is, if it's even visible? Cheers ... Geoffrey Hyde From nobody at spamcop.net Tue Feb 3 10:23:33 2009 From: nobody at spamcop.net (Bar0) Date: Tue Feb 3 10:25:08 2009 Subject: [Scspamcop] Re: More viral propagations for those interested. References: Message-ID: "Geoffrey Hyde" wrote in message news:gm9d7n$j75$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z2582034567z04e3b9dbdfdec86938d5fdb4038ac550z > > I get a few of these occasionally, it seems the spammer would want people > to believe that BigPond Technical Support is now hosted out of saix.net - > unfortunately such is not the case, and all the spammers are doing is > showing how clueless they are about how BigPond Technical Support actually > works in Australia. > > I wonder how long it'll be before saix.net in this instance receives > enough complaints about viral propagations being spewed from their > customers before they take appropriate action and rectify the situation? > > Does anyone know what their hat color is, if it's even visible? > > > Cheers ... > > Geoffrey Hyde > > > saix is South African IX and a major mugumailer source. I suspect they don't care, judge by their efforts against the HI Virus ofer the last few years. Maybe fresh fruit and vitamins for the network? From MikeE at ster.invalid Tue Feb 3 10:30:02 2009 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 3 10:30:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: VanguardLH wrote: > Mike Easter wrote: > >> Many providers and mail admins find it unfortunate that you have to >> *tell* SC to not be notifying some address, rather than the default >> being 'do not email this address unless I ask for you to' ... > > So why do these e-mail providers *publish* an abuse address to report > the spam? SC emails addresses found in abuse.net which is a publisher of a database of addresses derived in a variety of ways, not just volunteered by the provider or domain postmaster. http://www.abuse.net/contact.phtml Where do the entries in the database come from? SC emails addresses derived from domainnames shown in the regional registries which require a contact. Just because a RIR has access to a contact address doesn't mean that the entity is requesting a massive email generator like spamcop to be emailing to the abuse@ derived from it. RFC2142 (if you believe RFCs are more important than just a request for comment) requires that there be a mailbox username for common services, roles, and services, so if there is a domainname, there is supposed to be an abuse address. The publication of such an address is not an invitation for the address to be spammed and I don't think it constitutes an invitation for spamcop to mail it millions of emails -- especially when the 'mentality' of some of the reporters for spamcop is to want to mail an address whether it wants the mail or not. > It's like a newspaper announcement that makes a public > declaration. No one needs permission because you publicly declared the > abuse address. If they don't want spam reports then they should not > publicly announce an e-mail address of where to direct spam reports. I don't think publishing an address which is required by a guideline such as a RFC is an invitation to be mailbombed by something like spamcop's machinery which generates nearly 3 million messages per day to various such addresses. Some of them request of spamcop to not be so mailed so it doesn't - which is what started this thread. Some of them don't believe that they should have to correspond or jump thru' hoops to cause such mail to cease, so they just devnull SC mail internally. Some of them make their own arrangements with SC for a SC address and then they devnull everything to that address. > Does SpamCop send spam reports to non-published abuse addresses? When SC emails addresses obtained from abuse.net, those addresses have been derived in numerous ways described at the abuse.net link above, some published based on RFC and other requirements and some unpublished. -- Mike Easter kibitzer, not SC admin From user at domain.invalid Tue Feb 3 10:52:52 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 3 10:55:09 2009 Subject: [Scspamcop] Re: More viral propagations for those interested. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z2582034567z04e3b9dbdfdec86938d5fdb4038ac550z > ... > > I wonder how long it'll be before saix.net in this instance receives enough > complaints about viral propagations being spewed from their customers before > they take appropriate action and rectify the situation? > > Does anyone know what their hat color is, if it's even visible? > > > Cheers ... > > Geoffrey Hyde Unusual to have their relays nominated for reports, in addition to the source. The sender network owner - Telkom SA Limited looks fairly vile in http://www.senderbase.org/senderbase_queries/detailip?search_string=41.243.128.97 (all that pink! - like a McGrath Foundation day at the SCG). SAIX is Telekom's wholesale internet division and is obviously getting special treatment for some reason. I think they may be dark-ish. From nobody at spamcop.net Mon Feb 2 23:54:15 2009 From: nobody at spamcop.net (Ellen) Date: Tue Feb 3 11:10:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote: > > Does SpamCop send spam reports to non-published abuse addresses? Sometimes, it depends ... Ellen SpamCop From lglasser at spamcop.net Tue Feb 3 12:00:43 2009 From: lglasser at spamcop.net (Lawrence Glasser) Date: Tue Feb 3 12:05:09 2009 Subject: [Scspamcop] Gateway Timeout Message-ID: For the last day or so, I've been getting a "Gateway Timeout / The proxy server did not receive a timely response from the upstream server" error, when reporting spam. Any suggestions? Thanks! From tmcgraw at spamcop.net Tue Feb 3 12:30:38 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Feb 3 12:35:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote: > Tim McGraw wrote: >> It's not an abuse address in the classic sense. That addy only wants >> email from comcast customers - which would be on their internal network, >> regardless of the "Reply To" header received. > > Now your quoting from my post in a different subthread that discussed a > different subtopic. Easter thinks SpamCop should get permission from an > e-mail provider before they send spam reports there. Yet those abuse > addresses are publicly announced for anyone, including SpamCop, to send > abuse reports. You took my reply out of context. I don't believe so. I believe the first time sc notifies a netblock owner that has never been notified before, they have all sorts of options, most listed at http://www.spamcop.net/fom-serve/cache/75.html So while sc may not ask permission, there is an ISP-centric side of sc that most of us never see. Look at it this way: just as VanguardLH decides what is and is not spam at VanguardLH accounts, so may abuse@anywhere.tld decide what is and is not spam in the abuse@anywhere.tld account. abuse@anywhere.tld is not required to do anything just because the addy is "published," just as I may choose not to answer my phone because the number is "published." > Yes, the missed-spam address is only for use by Comcast customers. No, > there is no requirement that such reports be delivered from a Comcast > account (i.e., "on their internal network"). If I use Gmail or any > other service to pull e-mails from my POP Comcast account, I can still > send a spam report from that other domain to Comcast's missed-spam > address. They don't block spam reports to that address in which a > non-Comcast domain is listed in any of the Received headers. Also, > Comcast itself offers an user-configurable option to push (forward) your > e-mails to another e-mail account (on a different domain) so obviously > you might be submitting an spam exhibit from a non-Comcast domain. And how many "typical" comcast users would you expect could tell the difference between a spam delivered to a comcast account forwarded, and a spam delivered directly to the account that receives forwarded mail? > As found out in another subthread, Blair says SpamCop puts the spam > exhibit inline (i.e., in the body) of the spam report e-mail. Comcast > requires the spam exhibit be an attached file when sent to the missed- > spam address. So despite all the arguments of why Comcast might've > asked SpamCop to not send to their missed-spam address, it becomes > self-evident that the reason was a conflict in format for the spam > report e-mail. Comcast can't use the spam reports sent by SpamCop. > > That also means there is no point in adding myself as a recipient of a > SpamCop report to then forward it to Comcast. Comcast doesn't want it > inline (which it would be even if I attached the spam report that > SpamCop sent me since it would be inline to the attached e-mail). It's > an e-mail format incompatibility issue. You could not know definitively whether that is the reason comcast asked not to receive sc reports at that address. From nobody at nowhere.not Tue Feb 3 13:41:19 2009 From: nobody at nowhere.not (Robert Blair) Date: Tue Feb 3 13:45:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: On Tue, 3 Feb 2009 08:48:21 UTC, VanguardLH wrote: > That also means there is no point in adding myself as a recipient of a > SpamCop report to then forward it to Comcast. Comcast doesn't want it > inline (which it would be even if I attached the spam report that > SpamCop sent me since it would be inline to the attached e-mail). It's > an e-mail format incompatibility issue. I send spam reports to various government agencies and my spamcop quick reporting address so I wrote a script to send them. The script creates an email with the spam attached and then conditionally sends it to the email addresses I want the reports to go to. You should try it so you can eliminate the problem you are now having. -- Robert Blair From nobody at devnull.spamcop.net Tue Feb 3 21:03:07 2009 From: nobody at devnull.spamcop.net (Patto) Date: Tue Feb 3 21:05:08 2009 Subject: [Scspamcop] Dash it! Message-ID: http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z (and hundreds of others) It has been known for years that a dash ("-") in a reporting address breaks Spamcop. Breaks the reporting address itself, actually. The spamvertized website in this spam, http://fresh-serial.ru/ (193.27.246.115), is peddling in pirated DVDs, and has been out there for a while now, but is never reported to its hosting company, Dankon Ltd. The company has published an official abuse address: abuse@dankon-ltd.com but Spamcop snips off everything from the dashed dash on to the right, and naturally that invalid remains bounces. So Spamcop will forever go on and report to abuse#dankon@devnull.spamcop.net I have tried for a month now in the 'routing' group to have this corrected, but to no avail. I know that a majority of the regulars here think that hosting companies should never be notified - all they can think of is filter, filter, filter. I myself, on the other hand, think that no harm is done if a spammer's website is shut down. Or is that too much inconvenience for the spammer? From nobody at spamcop.net Wed Feb 4 01:19:40 2009 From: nobody at spamcop.net (Ellen) Date: Wed Feb 4 09:55:08 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Patto wrote: > http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z > (and hundreds of others) > > The company has published an official abuse address: > > abuse@dankon-ltd.com > > but Spamcop snips off everything from the dashed dash on to the right, > and naturally that invalid remains bounces. So Spamcop will forever go > on and report to abuse#dankon@devnull.spamcop.net > Sending reports for abuse@dakon to abuse@dankon-ltd.com Ellen SpamCop From nobody at devnull.spamcop.net Wed Feb 4 10:05:22 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 4 10:10:08 2009 Subject: [Scspamcop] Re: Dash it! References: Message-ID: "Patto" wrote in message news:gmat0s$9md$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z > (and hundreds of others) > > It has been known for years that a dash ("-") in a reporting address > breaks Spamcop. Breaks the reporting address itself, actually. > > The spamvertized website in this spam, http://fresh-serial.ru/ > (193.27.246.115), is peddling in pirated DVDs, and has been out there for > a while now, but is never reported to its hosting company, Dankon Ltd. > > The company has published an official abuse address: > > abuse@dankon-ltd.com > > but Spamcop snips off everything from the dashed dash on to the right, and > naturally that invalid remains bounces. So Spamcop will forever go on and > report to abuse#dankon@devnull.spamcop.net > > I have tried for a month now in the 'routing' group to have this > corrected, but to no avail. I know that a majority of the regulars here > think that hosting companies should never be notified - all they can think > of is filter, filter, filter. > > I myself, on the other hand, think that no harm is done if a spammer's > website is shut down. Or is that too much inconvenience for the spammer? The problem is this web site is registered by a black-hat, and hosted by a black-hat, as are the websites in probably 99% of spam that has a spamvertized link. Take a look at the email address in the WHOIS for fresh-serial.ru: domain: FRESH-SERIAL.RU type: CORPORATE nserver: ns1.fresh-serial.ru. 193.27.247.115 nserver: ns2.fresh-serial.ru. 216.195.61.87 nserver: ns3.fresh-serial.ru. 216.195.58.106 state: REGISTERED, DELEGATED person: Private Person phone: +7 495 8872737 e-mail: spamkings@mail.ru registrar: NAUNET-REG-RIPN created: 2008.12.24 paid-till: 2009.12.24 source: TC-RIPN The IP address 193.27.246.115 does belong to a Russian organization called dankon-ltd.com, but go and look at the web-site for http://dankon-ltd.com. You get just a directory listing. There is no valid hosting company behind this name! Do a search in news.admin.net-abuse.sightings, and you will find lots of other spam related to dankon-ltd.com. Everything associated with this spamvertised link looks nefarious to me. IMO, attempting to send a report for this spamvertised site will, at best, do nothing at all. If the email contained any coding that allows the spammer to identify the address the original spam was sent to, then it could be harmful to report it. I am quite certain that your report, or even thousands of reports, will not result in the site being taken down. Again, researching spam I have received, I concluded that this is the case for most spam. I believe that a spammer could, in fact, maliciously put links to innocent third-party sites, and cause Spamcop reports to go to those sites. I don't see any mechanism in Spamcop's automatic reporting system that would prevent that, unless the reporter were aware enough to turn off reporting check-boxes for those innocent sites. I definitely think that nothing good can come from reporting spamvertised links. Thus, I was happy to change to Quick Reporting, where only the source is reported. In the rare occasions when I find a spamvertized site on what appears to be a legitimate host, I will manually notify that host. From MikeE at ster.invalid Wed Feb 4 10:50:50 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 4 10:55:07 2009 Subject: [Scspamcop] Re: Dash it! References: Message-ID: Blue Rock wrote: > "Patto" >> I have tried for a month now in the 'routing' group to have this >> corrected, but to no avail. > The problem is this web site is registered by a black-hat, and hosted > by a black-hat, as are the websites in probably 99% of spam that has a > spamvertized link. I agree with everyone :-) I agree with Patto that it is 'crazy' that the SC parser-reporter can't get itself debugged to prevent this devnull problem with the dashed addresses. I agree with BR that sending notifies to blackhats is worth less than nothing, potentially counterproductive. I agree with Ellen that she can hand-repair/ routing manage/ each and every dashed instance one at a time until such time as someone cares to debug the SC algo. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Feb 4 20:31:02 2009 From: nobody at devnull.spamcop.net (Patto) Date: Wed Feb 4 20:35:08 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Mike Easter wrote: > Blue Rock wrote: >> "Patto" > >>> I have tried for a month now in the 'routing' group to have this >>> corrected, but to no avail. > >> The problem is this web site is registered by a black-hat, and hosted >> by a black-hat, as are the websites in probably 99% of spam that has a >> spamvertized link. > > I agree with everyone :-) > > I agree with Patto that it is 'crazy' that the SC parser-reporter can't > get itself debugged to prevent this devnull problem with the dashed > addresses. > > I agree with BR that sending notifies to blackhats is worth less than > nothing, potentially counterproductive. > > I agree with Ellen that she can hand-repair/ routing manage/ each and > every dashed instance one at a time until such time as someone cares to > debug the SC algo. So happy that for once we can all agree :) From nobody at devnull.spamcop.net Wed Feb 4 20:55:06 2009 From: nobody at devnull.spamcop.net (Patto) Date: Wed Feb 4 20:55:08 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Ellen wrote: > Patto wrote: >> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >> (and hundreds of others) > >> The company has published an official abuse address: >> >> abuse@dankon-ltd.com >> >> but Spamcop snips off everything from the dashed dash on to the right, >> and naturally that invalid remains bounces. So Spamcop will forever go >> on and report to abuse#dankon@devnull.spamcop.net >> > > Sending reports for abuse@dakon to abuse@dankon-ltd.com Thank you, Ellen. Unfortunately the reports are still going to devnull, see http://www.spamcop.net/sc?id=z2586479084z7f239b342daccf3a42ccc72f3928b314z From nobody at devnull.spamcop.net Wed Feb 4 23:16:45 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Wed Feb 4 23:20:09 2009 Subject: [Scspamcop] Re: Stats graphs References: Message-ID: "Tim McGraw" wrote in message news:gm67oe$fah$1@news.spamcop.net... > Does anyone know how to get the .gif files for spamday, spammonth, > etc. back on track? JT moved the code and graphics to a new server, changed to ".png" file type. Forum updated. Deputies advised about the need to update the http://www.spamcop.net/spamstats.shtml page. From MikeE at ster.invalid Thu Feb 5 03:34:45 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 5 03:35:08 2009 Subject: [Scspamcop] Re: Dash it! References: Message-ID: Patto wrote: > Ellen wrote: >> Sending reports for abuse@dakon to abuse@dankon-ltd.com > > Thank you, Ellen. Unfortunately the reports are still going to devnull, > see > http://www.spamcop.net/sc?id=z2586479084z7f239b342daccf3a42ccc72f3928b314z It looks like the routing block should be the /23 inetnum: 193.27.246.0 - 193.27.247.255 netname: DANKON-NET remarks: Abuse issues (ONLY TO): abuse@dankon-ltd.com route: 193.27.246.0/23 descr: Dankon Ltd. origin: AS43689 -- Mike Easter kibitzer, not SC admin From V at nguard.LH Thu Feb 5 05:41:17 2009 From: V at nguard.LH (VanguardLH) Date: Thu Feb 5 05:45:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Tim McGraw wrote: > VanguardLH wrote: >> Yes, the missed-spam address is only for use by Comcast customers. No, >> there is no requirement that such reports be delivered from a Comcast >> account (i.e., "on their internal network"). If I use Gmail or any >> other service to pull e-mails from my POP Comcast account, I can still >> send a spam report from that other domain to Comcast's missed-spam >> address. They don't block spam reports to that address in which a >> non-Comcast domain is listed in any of the Received headers. Also, >> Comcast itself offers an user-configurable option to push (forward) your >> e-mails to another e-mail account (on a different domain) so obviously >> you might be submitting an spam exhibit from a non-Comcast domain. > > And how many "typical" comcast users would you expect could tell the > difference between a spam delivered to a comcast account forwarded, and > a spam delivered directly to the account that receives forwarded mail? The same ones that should be inspecting the spam exhibit before submitting it to SpamCop. Even if forwarded, the To/Cc headers would still show my original email address at Comcast before it got forwarded by Comcast (they don't offer an aliasing service, just a forwarding service). Since I should be looking at the technical report from SpamCop's parsing to verify that SpamCop will be delivering the spam report to the correct recipient, I'm already looking at those Received headers to see it went through my Comcast account. But I'll already know it was a forwarded e-mail from my Comcast account before I even have it touch my SpamCop account to report it. > >> As found out in another subthread, Blair says SpamCop puts the spam >> exhibit inline (i.e., in the body) of the spam report e-mail. Comcast >> requires the spam exhibit be an attached file when sent to the missed- >> spam address. So despite all the arguments of why Comcast might've >> asked SpamCop to not send to their missed-spam address, it becomes >> self-evident that the reason was a conflict in format for the spam >> report e-mail. Comcast can't use the spam reports sent by SpamCop. > > You could not know definitively whether that is the reason comcast asked > not to receive sc reports at that address. Receiving e-mails in the wrong format makes more sense regarding the rejection than all the other GUESSES both you, others, and I have so far proffered before. From V at nguard.LH Thu Feb 5 05:43:46 2009 From: V at nguard.LH (VanguardLH) Date: Thu Feb 5 05:45:09 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Robert Blair wrote: > On Tue, 3 Feb 2009 08:48:21 UTC, VanguardLH wrote: > >> That also means there is no point in adding myself as a recipient of a >> SpamCop report to then forward it to Comcast. Comcast doesn't want it >> inline (which it would be even if I attached the spam report that >> SpamCop sent me since it would be inline to the attached e-mail). It's >> an e-mail format incompatibility issue. > > I send spam reports to various government agencies and my spamcop quick > reporting address so I wrote a script to send them. The script creates an > email with the spam attached and then conditionally sends it to the email > addresses I want the reports to go to. > > You should try it so you can eliminate the problem you are now having. Since sending myself a copy of SpamCop's report won't work because the spam exhibit is inline instead of attached as required by Comcast at their missed-spam address, I change my Outlook to leave messages on the POP server and delete them after 10 days or when deleted from the Deleted Items folder. That means they will still be on the server so I can use their webmail agent to click on the Spam button to identify a missed spam. Probably works better for them that way than sending e-mails to their missed-spam address. From nobody at spamcop.net Thu Feb 5 07:21:19 2009 From: nobody at spamcop.net (Ellen) Date: Thu Feb 5 07:25:08 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Patto wrote: > Ellen wrote: >> Patto wrote: >>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>> >>> (and hundreds of others) >> >>> The company has published an official abuse address: >>> >>> abuse@dankon-ltd.com >>> >>> but Spamcop snips off everything from the dashed dash on to the >>> right, and naturally that invalid remains bounces. So Spamcop will >>> forever go on and report to abuse#dankon@devnull.spamcop.net >>> >> >> Sending reports for abuse@dakon to abuse@dankon-ltd.com > > Thank you, Ellen. Unfortunately the reports are still going to devnull, > see > http://www.spamcop.net/sc?id=z2586479084z7f239b342daccf3a42ccc72f3928b314z that would be cause I can't spell looks better now sorry Ellen SpamCop From tmcgraw at spamcop.net Thu Feb 5 13:59:06 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Feb 5 14:00:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop In-Reply-To: References: Message-ID: VanguardLH wrote: > Tim McGraw wrote: >> And how many "typical" comcast users would you expect could tell the >> difference between a spam delivered to a comcast account forwarded, and >> a spam delivered directly to the account that receives forwarded mail? > > The same ones that should be inspecting the spam exhibit before > submitting it to SpamCop. Even if forwarded, the To/Cc headers would > still show my original email address at Comcast before it got forwarded > by Comcast (they don't offer an aliasing service, just a forwarding > service). Since I should be looking at the technical report from > SpamCop's parsing to verify that SpamCop will be delivering the spam > report to the correct recipient, I'm already looking at those Received > headers to see it went through my Comcast account. But I'll already > know it was a forwarded e-mail from my Comcast account before I even > have it touch my SpamCop account to report it. I don't know what your spam looks like, but a lot of mine comes with the recipient's name only in the envelope, requiring a peek at headers to determine what account it was intended for. Even then it requires some technical knowledge. Furthermore, like a lot of people, I get enough spam to require I do Quick Reporting, so I and many other sc users aren't "looking at the technical report from SpamCop's parsing to verify that SpamCop will be delivering the spam report to the correct recipient." After years of using VER + mailhosts I determined sc was going to do the right thing. >>> As found out in another subthread, Blair says SpamCop puts the spam >>> exhibit inline (i.e., in the body) of the spam report e-mail. Comcast >>> requires the spam exhibit be an attached file when sent to the missed- >>> spam address. So despite all the arguments of why Comcast might've >>> asked SpamCop to not send to their missed-spam address, it becomes >>> self-evident that the reason was a conflict in format for the spam >>> report e-mail. Comcast can't use the spam reports sent by SpamCop. >> You could not know definitively whether that is the reason comcast asked >> not to receive sc reports at that address. > Receiving e-mails in the wrong format makes more sense regarding the > rejection than all the other GUESSES both you, others, and I have so far > proffered before. I have guessed nothing. From nobody at devnull.spamcop.net Thu Feb 5 21:25:31 2009 From: nobody at devnull.spamcop.net (Patto) Date: Thu Feb 5 21:30:09 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Ellen wrote: > Patto wrote: >> Ellen wrote: >>> Patto wrote: >>>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>>> >>>> (and hundreds of others) >>> >>>> The company has published an official abuse address: >>>> >>>> abuse@dankon-ltd.com >>>> >>>> but Spamcop snips off everything from the dashed dash on to the >>>> right, and naturally that invalid remains bounces. So Spamcop will >>>> forever go on and report to abuse#dankon@devnull.spamcop.net >>>> >>> Sending reports for abuse@dakon to abuse@dankon-ltd.com >> Thank you, Ellen. Unfortunately the reports are still going to devnull, >> see >> http://www.spamcop.net/sc?id=z2586479084z7f239b342daccf3a42ccc72f3928b314z > > > that would be cause I can't spell > > > looks better now Very much better - thank you! :) From nobody at devnull.spamcop.net Thu Feb 5 23:10:43 2009 From: nobody at devnull.spamcop.net (Patto) Date: Thu Feb 5 23:15:09 2009 Subject: [Scspamcop] Dash it - 2 Message-ID: http://www.spamcop.net/sc?id=z2589403423zb8c6f69d10bcbde4dde191647f72828cz One of the spamvertized redirectors http://gkn.ebnal.cn/ resolves to IP address 81.94.248.150 (amongst others). 81.94.240.0 - 81.94.255.255 is Satelit Hiradastechnikai Kft. with a published abuse address abuse@satelit-kft.hu Naturally, the dash interferes here too ~ please fix/override. Thanks! From V at nguard.LH Fri Feb 6 03:11:35 2009 From: V at nguard.LH (VanguardLH) Date: Fri Feb 6 03:15:08 2009 Subject: [Scspamcop] Re: My ISP's spam reporting e-mail address is disabled in SpamCop References: Message-ID: Tim McGraw wrote: > VanguardLH wrote: >> Tim McGraw wrote: >>> And how many "typical" comcast users would you expect could tell the >>> difference between a spam delivered to a comcast account forwarded, and >>> a spam delivered directly to the account that receives forwarded mail? >> >> The same ones that should be inspecting the spam exhibit before >> submitting it to SpamCop. Even if forwarded, the To/Cc headers would >> still show my original email address at Comcast before it got forwarded >> by Comcast (they don't offer an aliasing service, just a forwarding >> service). Since I should be looking at the technical report from >> SpamCop's parsing to verify that SpamCop will be delivering the spam >> report to the correct recipient, I'm already looking at those Received >> headers to see it went through my Comcast account. But I'll already >> know it was a forwarded e-mail from my Comcast account before I even >> have it touch my SpamCop account to report it. > > I don't know what your spam looks like, but a lot of mine comes with the > recipient's name only in the envelope, requiring a peek at headers to > determine what account it was intended for. Even then it requires some > technical knowledge. I was talking about submitting spam reports to Comcast while NOT sending from a Comcast e-mail account. If I'm polling my Comcast e-mail account then I know to where it got delivered. If I'm forwarding my Comcast e-mails to another domain, like Gmail, and which could possibly have other e-mails forwarded there (or I use Gmail to pull e-mails from other POP accounts) then, yes, using the From wouldn't work to identify those e-mails got originally delivered to my Comcast account - but looking at the Received headers would show that the e-mail was delivered to my e-mail account before it got pushed or pulled to my Gmail account. > Furthermore, like a lot of people, I get enough spam to require I do > Quick Reporting, so I and many other sc users aren't "looking at the > technical report from SpamCop's parsing to verify that SpamCop will be > delivering the spam report to the correct recipient." After years of > using VER + mailhosts I determined sc was going to do the right thing. Luckily the volume of spams that I receive is pretty low. I enable the server-side spam filtering at whomever is my e-mail provider and they've been fairly successful in the last year, or so (before that I used to include client-side spam filtering to augment my e-mail provider's too-leaky spam filter). So it depends on your volume. For me, it's low so I always look at the technical reports. However, as mentioned, I'll already know before submitting the spam to SpamCop whether or not it went to or through my Comcast account as to whether or not I might submit another copy to Comcast's missed-spam address. From nobody at spamcop.net Fri Feb 6 08:13:06 2009 From: nobody at spamcop.net (Ellen) Date: Fri Feb 6 08:25:09 2009 Subject: [Scspamcop] Re: Dash it - 2 In-Reply-To: References: Message-ID: Patto wrote: > http://www.spamcop.net/sc?id=z2589403423zb8c6f69d10bcbde4dde191647f72828cz > > One of the spamvertized redirectors http://gkn.ebnal.cn/ resolves to IP > address 81.94.248.150 (amongst others). > > 81.94.240.0 - 81.94.255.255 is Satelit Hiradastechnikai Kft. with a > published abuse address > > abuse@satelit-kft.hu > > Naturally, the dash interferes here too ~ please fix/override. > > Thanks! Done Ellen SpamCop From ehasenle at spamcop.net Sat Feb 7 10:55:56 2009 From: ehasenle at spamcop.net (Eduard Hasenleithner) Date: Sat Feb 7 11:00:08 2009 Subject: [Scspamcop] Lots of spam from aim.com Message-ID: Since some months I get (in comparison) very much spam with a sending address of @aim.com delivered to my spamcop email addr. Here is one example: http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz Although I report every instance of it the sender (aol) does not suspend the mis-used webmail account(s). Furthermore apparently aol never gets blacklisted although being the source of a considerable amout of spam. Since AOL is never blacklisted these emails get directly in my inbox instead of being moved to the "held mail" folder. This is quite annoying. Are there other users out there which get @aim.com spam or am I the only victim? From tmcgraw at spamcop.net Sat Feb 7 12:32:50 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Feb 7 12:35:08 2009 Subject: [Scspamcop] Re: Stats graphs In-Reply-To: References: Message-ID: Wazoo wrote: > Tim McGraw wrote: >> Does anyone know how to get the .gif files for spamday, spammonth, >> etc. back on track? > JT moved the code and graphics to a new server, changed to ".png" > file type. If that were the case, then wouldn't http://alpha.cesmail.net/graphics/spammonth.png be the location of spam month? > Forum updated. > Deputies advised about the need to update the > http://www.spamcop.net/spamstats.shtml page. Perhaps the Deps don't have all the info (i.e., change in graphic file name, or perhaps location other than alpha.cesmail.net). From nobody at spamcop.net Sat Feb 7 14:35:38 2009 From: nobody at spamcop.net (Antispam Knight) Date: Sat Feb 7 14:40:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: "Eduard Hasenleithner" wrote in message news:gmkauc$m27$1@news.spamcop.net... > Since some months I get (in comparison) very much spam with a sending > address of @aim.com delivered to my spamcop email addr. > > Here is one example: > http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz > > Although I report every instance of it the sender (aol) does not suspend > the mis-used webmail account(s). Furthermore apparently aol never gets > blacklisted although being the source of a considerable amout of spam. > > Since AOL is never blacklisted these emails get directly in my inbox > instead of being moved to the "held mail" folder. This is quite annoying. > > Are there other users out there which get @aim.com spam or am I the only > victim? Are you referring to the From: address listed in the headers? That is rarely the origin of the email. Or do the headers actually trace to an aol mx? AK From nobody at spamcop.net Sat Feb 7 15:08:26 2009 From: nobody at spamcop.net (Steven Underwood) Date: Sat Feb 7 15:10:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: "Eduard Hasenleithner" wrote in message news:gmkauc$m27$1@news.spamcop.net... > Since some months I get (in comparison) very much spam with a sending > address of @aim.com delivered to my spamcop email addr. > > Here is one example: > http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz > > Although I report every instance of it the sender (aol) does not suspend > the mis-used webmail account(s). Furthermore apparently aol never gets > blacklisted although being the source of a considerable amout of spam. > The source of this message (205.188.212.233 ) has only 3 spamcop reports in the last week. 3 reports is unlikely to get any IP listed unless it is a very low volume host. Remember that spamcop lists only the IP address actually sending the spam. From blacklist-me at davjam.org Sat Feb 7 15:37:54 2009 From: blacklist-me at davjam.org (David Bolt) Date: Sat Feb 7 16:00:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: <6qS8BIOiEfjJFwzX@dev.null.davjam.org> On Sat, 7 Feb 2009, Antispam Knight wrote:- > > >"Eduard Hasenleithner" wrote in message >news:gmkauc$m27$1@news.spamcop.net... >> Here is one example: >> http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz >Are you referring to the From: address listed in the headers? That is >rarely the origin of the email. Or do the headers actually trace to an >aol mx? >AK The example shows that AOL is indeed the source. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 From MikeE at ster.invalid Sat Feb 7 16:00:54 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 7 16:05:07 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: Steven Underwood wrote: > "Eduard Hasenleithner" www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz mailhosted parse >> Although I report every instance of it the sender (aol) does not >> suspend the mis-used webmail account(s). Furthermore apparently aol >> never gets blacklisted although being the source of a considerable >> amout of spam. >> > The source of this message (205.188.212.233 ) has only 3 spamcop > reports in the last week. > > 3 reports is unlikely to get any IP listed unless it is a very low > volume host. > > Remember that spamcop lists only the IP address actually sending the > spam. Actually IMO SC doesn't get the source right on the mailhosted parse; but it does parse correctly for a non-mailhosted experimental example below. http://www.spamcop.net/sc?id=z2594260306z4e3ac8ca6e627d44349751673ed78f26z Tracking message source: 89.139.43.80: 89.139.43.80 is an open proxy If reported today, reports would be sent to: Re: 89.139.43.80 (Administrator of network where email originates) nvabuse@013netvision.co.il The mailhosted parser is more 'stringent' about chaining - and so it is more likely to break a chain than the non-mailhosted or 'generic' parser. In this case IMO it broke the chain prematurely. As a general rule the mailhosted parse would be expected to be more likely to be correct -- but as a human parser, I would take into account that this is an aol webmail sourced spam, and so I'm believing the Received traceline that sez the .il open proxy accessed the aol webmailer and injected the spam "with HTTP (WebMailUI)" -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Feb 7 16:11:08 2009 From: nobody at spamcop.net (bar0) Date: Sat Feb 7 16:15:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: "Mike Easter" wrote in message news:gmkspn$ko1$1@news.spamcop.net... ... > As a general rule the mailhosted parse would be expected to be more likely > to be correct -- but as a human parser, I would take into account that > this is an aol webmail sourced spam, and so I'm believing the Received > traceline that sez the .il open proxy accessed the aol webmailer and > injected the spam "with HTTP (WebMailUI)" I know it's not SC policy, but i'd be really happy if certain webmailers got their service blacklisted. If the .il is an enduser machine, 2 reports really ought to send it to the blacklist also. From MikeE at ster.invalid Sat Feb 7 18:28:26 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 7 18:30:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: bar0 wrote: > "Mike Easter" >> As a general rule the mailhosted parse would be expected to be more >> likely to be correct -- but as a human parser, I would take into >> account that this is an aol webmail sourced spam, and so I'm believing >> the Received traceline that sez the .il open proxy accessed the aol >> webmailer and injected the spam "with HTTP (WebMailUI)" > > I know it's not SC policy, but i'd be really happy if certain > webmailers got their service blacklisted. If the .il is an enduser > machine, 2 reports really ought to send it to the blacklist also. Well, 89.139.43.80 rDNS 89-139-43-80.bb.netvision.net.il is blocklisted on a number of lists, most significantly CBL -- but it isn't on the SCbl. In this specific example, the OP's submission didn't get a SCbl hit because SC tripped on the chain and counted the AOL IP, which isn't very likely to ever get blocklisted -- altho' it is generally not an output server but an intermediate MTA. Senderbase gives it a magnitude of 2.9-3.2 (800-1600/d) traffic - as opposed to the AOL output server that output the item which was magnitude 5.6-6.0 (.4-1 mil/d) which is a _real_ AOL output server. In some ways in this specific example, it is better if the parser trips on the AOL MTA, because it would take less hits to get it listed than the real output server -- and the .il open proxy is already listed. But, then, OTOH, the SCbl doesn't want itself to be causing false positive spam reports if it lists an AOL webmail MTA. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Feb 7 22:26:55 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sat Feb 7 22:30:09 2009 Subject: [Scspamcop] Re: Stats graphs References: Message-ID: "Tim McGraw" wrote in message news:gmkgk2$aja$1@news.spamcop.net... > Wazoo wrote: >> Tim McGraw wrote: >>> Does anyone know how to get the .gif files for spamday, >>> spammonth, etc. back on track? >> JT moved the code and graphics to a new server, changed to ".png" >> file type. > > If that were the case, then wouldn't > http://alpha.cesmail.net/graphics/spammonth.png be the location of > spam month? No, your example does not include the server(-name) change. >> Forum updated. and then fixed ... >> Deputies advised about the need to update the >> http://www.spamcop.net/spamstats.shtml page. > > Perhaps the Deps don't have all the info (i.e., change in graphic > file name, or perhaps location other than alpha.cesmail.net). Actually, Don forwarded an e-mail from JT with that data, so yes, he should be aware of the changes. On the other hand, RW has been the one to update those web-pages in the past, which is why my e-mail went to "Deputies" ... just checked and see that they haven't been fixed yet. Guess I'll try the notification again and this time add those other requests I've made over the years that have never been included either. From nobody at devnull.spamcop.net Sat Feb 7 23:00:58 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sat Feb 7 23:05:08 2009 Subject: [Scspamcop] Re: Stats graphs References: Message-ID: "Wazoo" wrote in message news:gmljdp$hod$1@news.spamcop.net... > "Tim McGraw" wrote in message > news:gmkgk2$aja$1@news.spamcop.net... > >>> Deputies advised about the need to update the >>> http://www.spamcop.net/spamstats.shtml page. >> >> Perhaps the Deps don't have all the info (i.e., change in graphic >> file name, or perhaps location other than alpha.cesmail.net). > > Actually, Don forwarded an e-mail from JT with that data, so yes, > he should be aware of the changes. On the other hand, RW has been > the one to update those web-pages in the past, which is why my > e-mail went to "Deputies" ... just checked and see that they > haven't been fixed yet. Guess I'll try the notification again > and this time add those other requests I've made over the years > that have never been included either. OK, I lied ... my original e-mail was a Reply to Don ... so forwarded that last with some updated data to the Deputies address. From V at nguard.LH Sun Feb 8 04:22:34 2009 From: V at nguard.LH (VanguardLH) Date: Sun Feb 8 04:25:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: Steven Underwood wrote: > Eduard Hasenleithner wrote ... >> >> Since some months I get (in comparison) very much spam with a >> sending address of @aim.com delivered to my spamcop email addr. >> >> Here is one example: >> http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz >> >> Although I report every instance of it the sender (aol) does not >> suspend the mis-used webmail account(s). Furthermore apparently aol >> never gets blacklisted although being the source of a considerable >> amout of spam. > > The source of this message (205.188.212.233 ) has only 3 spamcop > reports in the last week. 3 reports is unlikely to get any IP listed > unless it is a very low volume host. Remember that spamcop lists only > the IP address actually sending the spam. Yet Senderbase shows this user isn't exactly issuing a tiny amount of e-mail: http://www.senderbase.org/senderbase_queries/detailip?search_string=205.188.212.233 3.2 on their scale is a sizable volume. It's about the same level for e-mail volume as, for example, Acronis (maker of True Image) sends out to address customer issues. Considering the volume of this particular spam and its content, it is surprising that more users haven't reported this spam. However, because of its content, it probably gets blocked by server-side spam filters so there's a good chance that this crap isn't much seen by many recipients. I don't know if this one example actually exemplifies the "very much spam with a sending address of @aim.com". This one is new. Don't know of all those other AOL spams came from the same IP address. From MikeE at ster.invalid Sun Feb 8 08:44:35 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 8 08:45:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: VanguardLH wrote: > Steven Underwood wrote: >> The source of this message (205.188.212.233 ) has only 3 spamcop >> reports in the last week. 3 reports is unlikely to get any IP listed >> unless it is a very low volume host. Remember that spamcop lists only >> the IP address actually sending the spam. > > Yet Senderbase shows this user isn't exactly issuing a tiny amount of > e-mail: 205.188.212.233 rDNS mblk-d49.mblk.aol.com isn't a user and it isn't an output server, it is an intermediate MTA in the aol chain where SC tripped when it was trying to parse back to the real source. > http://www.senderbase.org/senderbase_queries/detailip?search_string=205.18 8.212.233 > > 3.2 on their scale is a sizable volume. It's about the same level for > e-mail volume as, for example, Acronis (maker of True Image) sends out > to address customer issues. The reason the AOL server has a smaller volume than a real AOL output server is because where the MTA is in the chain. Senderbase tries to intelligently put together a lot of data that reflect email traffic 'from' a particular IP - eg an output server's IP which might generate/cause something like a DNSBL query. An AOL MTA way back in the chain, not the output server, isn't going to 'show itself' in as big a way, but it still shows itself in a lesser way and in a bigger way than something that is putting out a few hundred mails a day. -- Mike Easter kibitzer, not SC admin From V at nguard.LH Sun Feb 8 11:49:33 2009 From: V at nguard.LH (VanguardLH) Date: Sun Feb 8 11:50:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: Mike Easter wrote: > VanguardLH wrote: >> >> Steven Underwood wrote: > >>> The source of this message (205.188.212.233 ) ... >> >> Yet Senderbase shows this user isn't exactly issuing a tiny amount of >> e-mail: > > 205.188.212.233 rDNS mblk-d49.mblk.aol.com isn't a user and it isn't an > output server, it is an intermediate MTA in the aol chain where SC tripped > when it was trying to parse back to the real source. Tripped? There isn't any node farther back in the Received chain. That's the source. If it isn't the sender's IP address but instead some intermediate MTA used by AOL (which means AOL is hiding the sender) then SC didn't trip. That was as far back as it could get for the Received headers that AOL provided. Since it isn't a dynamic IP address, it could very well be an intermediate MTA, like maybe the one used for their webmail agent. I just don't see how SC is going to get farther back than what is listed in the available Received headers. From MikeE at ster.invalid Sun Feb 8 14:17:27 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 8 14:20:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: VanguardLH wrote: > Mike Easter wrote: >> 205.188.212.233 rDNS mblk-d49.mblk.aol.com isn't a user and it isn't an >> output server, it is an intermediate MTA in the aol chain where SC >> tripped when it was trying to parse back to the real source. > > Tripped? There isn't any node farther back in the Received chain. > That's the source. If it isn't the sender's IP address but instead some > intermediate MTA used by AOL (which means AOL is hiding the sender) original mailhosted parse http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz showing AOL mta as source Abbreviated Received tracelines *comment from unknown (192.168.1.86) by blade5.cesmail.net *serves recipient from omr-m33.mx.aol.com (64.12.143.145) by mxin2.cesmail.net *aol out> recipient from imo-d06.mx.aol.com ([172.18.150.230]) by omr-m33.mx.aol.com *aol mta from x by imo-d06.mx.aol.com *aol mta from smtprly-da01.mx.aol.com ([205.188.249.144]) by cia-da03.mx.aol.com *aol mta from mblk-d49 ([205.188.212.233]) by smtprly-da01.mx.aol.com *aol webmail mta from 89.139.43.80 by mblk-d49.sysops.aol.com (205.188.212.233) *sourceline open proxy > webmail snipped from headers: X-Mailer: AIM WebMail 41095-STANDARD with HTTP (WebMailUI) *snipped from sourceline experimental non-mailhosted parse showing correct source http://www.spamcop.net/sc?id=z2594260306z4e3ac8ca6e627d44349751673ed78f26z -- Mike Easter kibitzer, not SC admin From V at nguard.LH Mon Feb 9 04:41:23 2009 From: V at nguard.LH (VanguardLH) Date: Mon Feb 9 04:45:07 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: Mike Easter wrote: > VanguardLH wrote: >> Mike Easter wrote: > >>> 205.188.212.233 rDNS mblk-d49.mblk.aol.com isn't a user and it isn't an >>> output server, it is an intermediate MTA in the aol chain where SC >>> tripped when it was trying to parse back to the real source. >> >> Tripped? There isn't any node farther back in the Received chain. >> That's the source. If it isn't the sender's IP address but instead some >> intermediate MTA used by AOL (which means AOL is hiding the sender) > > original mailhosted parse > http://www.spamcop.net/sc?id=z2593694260z9720154c45de82dbeb7795f121fe328fz > showing AOL mta as source > > Abbreviated Received tracelines *comment > from unknown (192.168.1.86) by blade5.cesmail.net *serves recipient > from omr-m33.mx.aol.com (64.12.143.145) by mxin2.cesmail.net *aol out> > recipient > from imo-d06.mx.aol.com ([172.18.150.230]) by omr-m33.mx.aol.com *aol > mta > from x by imo-d06.mx.aol.com *aol mta > from smtprly-da01.mx.aol.com ([205.188.249.144]) by cia-da03.mx.aol.com > *aol mta > from mblk-d49 ([205.188.212.233]) by smtprly-da01.mx.aol.com *aol > webmail mta > from 89.139.43.80 by mblk-d49.sysops.aol.com (205.188.212.233) > *sourceline open proxy > webmail Oops, I missed that last Received header. I didn't think it was legitimate to have a Received header after the *data* headers added by the sender's e-mail client (To, Subject, Date, From). Those "headers" are part of the message body sent during the DATA command to the SMTP mail host (i.e., there is a header section and a body section but both are in the same message sent in the DATA command), and server headers are supposed to get prepended to the message. Normally when I hit the headers section *in* the message, I quit looking for Received headers prepended by the mail hosts. Looks like what I've done in the past in tracing through Received headers is what SC also does. Once the message's header section is reached, any further Received headers are ignored. So is AOL really violating this scheme or is it a bogus Received header? According to RFC 2821 (obsoleted but not invalidated by RFC 5231), section 4.4: When an SMTP server receives a message for delivery or further processing, it MUST insert trace ("time stamp" or "Received") information at the beginning of the message content, as discussed in section 4.1.1.4. The Received headers are supposed to get prepended to the existing message (as delivered), not somewhere in the middle of it. If AOL is screwing up the structure for trace fields and their placement then, I guess, AOL is willing to be recognized as the source of the e-mail by their users rather than the user themself. Well, the spam report would go to same abuse address, anyway (see below) > snipped from headers: > X-Mailer: AIM WebMail 41095-STANDARD > with HTTP (WebMailUI) *snipped from sourceline Ah, so the sender did use AOL's webmail agent. So what good would it do to report the spammer to the spammer's ISP since that is not from where the e-mail originated? The user used AOL's webmail agent to create and issue the spam. Does SC report the actual sender or the e-mail provider the sender used? You just know the spammer's ISP is just going to pass off on responsibility by claiming that they weren't the e-mail source. Then again, if the spam gets reported against AOL then AOL gets blacklisted for all e-mails from there rather than just those from the spammer. What to do, what to do. From g.hyde at bigNOSPAMpond.net.au Mon Feb 9 07:07:49 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Mon Feb 9 07:10:09 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: "VanguardLH" wrote in message news:gmotmo$e97$1@news.spamcop.net... > Ah, so the sender did use AOL's webmail agent. So what good would it do > to report the spammer to the spammer's ISP since that is not from where > the e-mail originated? The user used AOL's webmail agent to create and > issue the spam. Does SC report the actual sender or the e-mail provider > the sender used? You just know the spammer's ISP is just going to pass > off on responsibility by claiming that they weren't the e-mail source. > Then again, if the spam gets reported against AOL then AOL gets > blacklisted for all e-mails from there rather than just those from the > spammer. What to do, what to do. You could send an email that includes the report's TRACKING URL to deputies AT spamcop DOT net - they will know if there's something meaningful to them in the parsed email's report, they can and will add manual notifies or routing corrections, or whatever is appropriate for the situation, if you send them a copy of the report. You might or might not get a reply or acknowledgment email back, that depends on how much spare time they have. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Mon Feb 9 10:24:25 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 10:25:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: VanguardLH wrote: > Oops, I missed that last Received header. I didn't think it was > legitimate to have a Received header after the *data* headers added by > the sender's e-mail client (To, Subject, Date, From). Well remember, this *IS* a webmailer in which the 'traditional' roles between client and server are sorta mixed up. Tim McGraw and I had a long discussion and philosophical disagreement about how 'we' think it should be considered. In any case, there isn't a 'traditional' server in the 'game' until the webmailer apparatus hands it to the first MTA which is from mblk-d49 ([205.188.212.233]) by smtprly-da01.mx.aol.com *aol webmail mta Prior to that time, there isn't the traditional mailuser agent smtp transacting with the traditional mailserver with a helo mailfrom rcptto data sequence. There was a browser which plugged in some data into a webmailer. The webmailer got the information about the IP address from the webserver and decided how to put that into the headers. Hotmail does it one Xline way. Gmail doesn't do it at all. AOL does it to look like a normal traceline. > Looks like what I've done in the past in tracing through Received > headers is what SC also does. Once the message's header section is > reached, any further Received headers are ignored. Actually SC does look thru' all of the header lines. In the OP's submitted parse, SC examined the bottom line and rejected it - broke the chain - because it didn't meet the stringent chain criteria of a mailhosted parse; whereas when I submitted it experimentally to a nonmailhosted parse, SC also examined the same bottom line and found it satisfactory for the chain and so named the .il source instead of the aol webmailer source. > So is AOL really violating this scheme or is it a bogus Received header? I determined/ opined/ that it wasn't bogus. > According to RFC 2821 (obsoleted but not invalidated by RFC 5231), > section 4.4: That RFC is about a traditional mailserver transaction. The webmailer transaction in this example isn't tradtional until the webmailer apparatus hands it to the next server. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Feb 9 10:32:30 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 10:35:08 2009 Subject: [Scspamcop] Re: Lots of spam from aim.com References: Message-ID: Mike Easter wrote: > There was a browser which plugged in some data into a > webmailer. Likely that part isn't strictly true. There was a spam generating apparatus which transacted with the webserver/webmailer via the .il open proxy in a manner which pretended to be a browser-webmailer communication. -- Mike Easter kibitzer, not SC admin From connyank at cox.net Mon Feb 9 17:45:40 2009 From: connyank at cox.net (jg) Date: Mon Feb 9 17:50:08 2009 Subject: [Scspamcop] layerstandpoint94-48-254-41.layerstandpoint.com Message-ID: http://www.spamcop.net/sc?id=z2598853550zafd0d7e563aef97f01602f0e09cbf9f4z >From what I can tell, layerstandpoint94-48-254-41.layerstandpoint.com is in Marina del Rey, Ca. Who are these guys - anyone know? thanks From connyank at cox.net Mon Feb 9 17:52:14 2009 From: connyank at cox.net (jg) Date: Mon Feb 9 17:55:07 2009 Subject: [Scspamcop] plusdiscmotion94-48-252-73.plusdiscmotion.com Message-ID: http://www.spamcop.net/sc?id=z2598873031z551da0593365e38844d571faf825cdb4z Pls. see my prior post - I'm seeing a connection here. Marina del Rey must be hdqtrs. for - isn't that ICANN? From MikeE at ster.invalid Mon Feb 9 18:38:40 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 18:40:08 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com References: Message-ID: jg wrote: Subject: plusdiscmotion94-48-252-73.plusdiscmotion.com > http://www.spamcop.net/sc?id=z2598873031z551da0593365e38844d571faf825cdb4z > > Pls. see my prior post - I'm seeing a connection here. Marina del Rey > must be hdqtrs. for - isn't that ICANN? What does plus...etc... have to do with the tracker? What does anything have to do with Marina del Rey? I don't see the dots connected yet, that is you say 'I'm seeing a connection here.' while I'm saying -- "And what connection are we talking about?" -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Feb 9 18:38:45 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 18:40:09 2009 Subject: [Scspamcop] Re: layerstandpoint94-48-254-41.layerstandpoint.com References: Message-ID: jg wrote: Subject: layerstandpoint94-48-254-41.layerstandpoint.com > http://www.spamcop.net/sc?id=z2598853550zafd0d7e563aef97f01602f0e09cbf9f4z > > From what I can tell, layerstandpoint94-48-254-41.layerstandpoint.com is > in Marina del Rey, Ca. > > Who are these guys - anyone know? What does layer..etc.. have to do with the tracker? -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon Feb 9 19:53:29 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Feb 9 19:55:08 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com In-Reply-To: References: Message-ID: Mike Easter wrote: > jg wrote: > Subject: plusdiscmotion94-48-252-73.plusdiscmotion.com > > http://www.spamcop.net/sc?id=z2598873031z551da0593365e38844d571faf825cdb4z >> Pls. see my prior post - I'm seeing a connection here. Marina del Rey >> must be hdqtrs. for - isn't that ICANN? > > What does plus...etc... have to do with the tracker? The source is 94.48.252.188, which has proper rDNS of plusdiscmotion94-48-252-73.plusdiscmotion.com, which sc cannot find an abuse contact for because for three years the -B flag to unfilter email addresses for RIPE queries has never been programmed into the parser. > What does anything have to do with Marina del Rey? Nothing. From A_burness{nospam} at hotmail.com Mon Feb 9 20:32:41 2009 From: A_burness{nospam} at hotmail.com (Alex) Date: Mon Feb 9 20:35:08 2009 Subject: [Scspamcop] Spam Question Message-ID: I received the following spam: http://www.spamcop.net/sc?id=z2599103739z9c99f5da05d5bf708979378787bcbee2z Spam-Cop picks up that it was sent from an AOL account, but completely fails to register the hotmail account that it wants replies to. Is there any particular reason why it has done this? (N.B. I am not an expert on Spam-Cop's parser by any means so this might be a really obvious question.) Thanks in Advance From g.hyde at bigNOSPAMpond.net.au Mon Feb 9 20:37:34 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Mon Feb 9 20:40:09 2009 Subject: [Scspamcop] Re: layerstandpoint94-48-254-41.layerstandpoint.com References: Message-ID: "Mike Easter" wrote in message news:gmqepj$76k$1@news.spamcop.net... > jg wrote: > Subject: layerstandpoint94-48-254-41.layerstandpoint.com >> > http://www.spamcop.net/sc?id=z2598853550zafd0d7e563aef97f01602f0e09cbf9f4z >> >> From what I can tell, layerstandpoint94-48-254-41.layerstandpoint.com is >> in Marina del Rey, Ca. >> >> Who are these guys - anyone know? > > What does layer..etc.. have to do with the tracker? The OP is referring to this: Hostname verified: layerstandpoint94-48-254-41.layerstandpoint.com Cheers ... Geoffrey Hyde From nobody at spamcop.net Mon Feb 9 21:06:23 2009 From: nobody at spamcop.net (bar0) Date: Mon Feb 9 21:10:08 2009 Subject: [Scspamcop] Re: Spam Question References: Message-ID: "Alex" wrote in message news:gmqlg1$p6u$1@news.spamcop.net... >I received the following spam: > http://www.spamcop.net/sc?id=z2599103739z9c99f5da05d5bf708979378787bcbee2z > > Spam-Cop picks up that it was sent from an AOL account, but completely > fails to register the hotmail account that it wants replies to. > > Is there any particular reason why it has done this? (N.B. I am not an > expert on Spam-Cop's parser by any means so this might be a really obvious > question.) > > Thanks in Advance A number of years ago SC stopped notifying ISP's of email addresses mentioned in spam. Too many are, or were, red herrings. Back then there wasn't the volume of advance fee and phishing scams that use email dropboxes as there are today. From MikeE at ster.invalid Mon Feb 9 21:22:09 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 21:25:07 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> jg wrote: >> Subject: plusdiscmotion94-48-252-73.plusdiscmotion.com >> >> http://www.spamcop.net/sc?id=z2598873031z551da0593365e38844d571faf825cdb4z >>> Pls. see my prior post - I'm seeing a connection here. Marina del Rey >>> must be hdqtrs. for - isn't that ICANN? >> >> What does plus...etc... have to do with the tracker? > > The source is 94.48.252.188, which has proper rDNS of > plusdiscmotion94-48-252-73.plusdiscmotion.com, I see; so it does. Missed that. > which sc cannot find an > abuse contact for because for three years the -B flag to unfilter email > addresses for RIPE queries has never been programmed into the parser. Actually even with the -B flag, the nic-hdl ME2641-RIPE doesn't have an email. There is only a 'changed' email which SC doesn't accept. That is, SC wouldn't have accepted the emailaddy if it could have found it which it didn't because of the old -B deficiency [eml addy below munged @ to so that people who don't like to see addresses in message bodies won't get atwitter] person: Mihai Enachescu address: Bucharest, Romania phone: +40730882900 nic-hdl: ME2641-RIPE changed: george.berar neoland.ro 20070615 source: RIPE >> What does anything have to do with Marina del Rey? > > Nothing. Okay then. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Feb 9 21:36:36 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 21:40:09 2009 Subject: [Scspamcop] Re: Spam Question References: Message-ID: Alex wrote: > I received the following spam: > http://www.spamcop.net/sc?id=z2599103739z9c99f5da05d5bf708979378787bcbee2z > > Spam-Cop picks up that it was sent from an AOL account, but completely > fails to register the hotmail account that it wants replies to. The spam contains a hotmail dropbox in the body > Is there any particular reason why it has done this? (N.B. I am not an > expert on Spam-Cop's parser by any means so this might be a really > obvious question.) SC does not notify for email address payloads, whether they are found in the body, From, or Reply-To. There is a faq for part of that here http://www.spamcop.net/fom-serve/cache/116.html Why doesn't SpamCop make reports about "reply-to" and "from" addresses? Once upon a time long ago and far away SC notified providers for body email address payloads, but that wasn't so good. The system depended upon the reporter to uncheck the ones which shouldn't be notified, and reporters aren't very good about unchecking things. There is another faq item^1 which describes the ability of paid SC reporters to make additional SC notifies for a particular spam to go to designated addresses -- but a free reporter would have to notify hotmail with a manual (self-generated) report. The business of making a little template for your own personal notifies is not a bad idea and doesn't take much of your time. ^1 http://www.spamcop.net/fom-serve/cache/126.html you can tell it to report the spam to any email address you want. Just check this box, and fill in the email address in the space provided. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Feb 9 21:38:47 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 9 21:40:09 2009 Subject: [Scspamcop] Re: layerstandpoint94-48-254-41.layerstandpoint.com References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> What does layer..etc.. have to do with the tracker? > > The OP is referring to this: > > Hostname verified: layerstandpoint94-48-254-41.layerstandpoint.com Got it. Easter: reading attentiveness -20 -- Mike Easter kibitzer, not SC admin From connyank at cox.net Mon Feb 9 23:19:18 2009 From: connyank at cox.net (jg) Date: Mon Feb 9 23:20:08 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com In-Reply-To: References: Message-ID: On 02/09/2009 04:53 PM Tim McGraw scribbled: > Mike Easter wrote: >> jg wrote: >> Subject: plusdiscmotion94-48-252-73.plusdiscmotion.com >> >> http://www.spamcop.net/sc?id=z2598873031z551da0593365e38844d571faf825cdb4z >>> Pls. see my prior post - I'm seeing a connection here. Marina del Rey >>> must be hdqtrs. for - isn't that ICANN? >> What does plus...etc... have to do with the tracker? > > The source is 94.48.252.188, which has proper rDNS of > plusdiscmotion94-48-252-73.plusdiscmotion.com, which sc cannot find an > abuse contact for because for three years the -B flag to unfilter email > addresses for RIPE queries has never been programmed into the parser. > >> What does anything have to do with Marina del Rey? > > Nothing. I saw the RO source listed but got this from another IP locator http://www.antionline.com/tools-and-toys/ip-locate/?address=94.48.252.188 Don't really understand why it came up that way but it shows Marina Del Rey as location. Reason I looked was the format of the rdns was unfamiliar to me and I received 2 such weird formats within a short time. From tmcgraw at spamcop.net Tue Feb 10 04:20:14 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Feb 10 04:25:08 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com In-Reply-To: References: Message-ID: jg wrote: > I saw the RO source listed but got this from another IP locator > http://www.antionline.com/tools-and-toys/ip-locate/?address=94.48.252.188 > Don't really understand why it came up that way but it shows Marina Del > Rey as location. 94.48.252.188 is in AS47931, assigned to A.L.E. COM NETWORK S.R.L. AS47931 advertises 27 prefixes and has one peer: COMTEL-AS. http://www.lerfjhax.com/as/47931 > Reason I looked was the format of the rdns was unfamiliar to me and I received 2 such weird formats within a short time. plusdiscmotion.com was registered on 11/25/2008 and expires 11/24/2009. The administrative and technical contacts in the whois have a gmail addy with username alecomnetwork. At this hour SenderBase has seen a magnitude volume change of 1860% vs. last month and a 1.8 magnitude in the last 24 hours: http://www.senderbase.org/senderbase_queries/detailip?search_string=94.48.252.188 From tmcgraw at spamcop.net Tue Feb 10 04:41:16 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Feb 10 04:45:08 2009 Subject: [Scspamcop] Re: plusdiscmotion94-48-252-73.plusdiscmotion.com In-Reply-To: References: Message-ID: Tim McGraw wrote: > 94.48.252.188 is in AS47931, assigned to A.L.E. COM NETWORK S.R.L. > AS47931 advertises 27 prefixes and has one peer: COMTEL-AS. > http://www.lerfjhax.com/as/47931 That should be 53 prefixes, though I have no clue why the Google cache would be different. http://209.85.173.132/search?q=cache:KGPi272T4UcJ:www.lerfjhax.com/as/47931+AS47931&hl=en&ct=clnk&cd=5&gl=us From V at nguard.LH Tue Feb 10 06:53:27 2009 From: V at nguard.LH (VanguardLH) Date: Tue Feb 10 06:55:08 2009 Subject: [Scspamcop] Re: Spam Question References: Message-ID: Alex wrote: > I received the following spam: > http://www.spamcop.net/sc?id=z2599103739z9c99f5da05d5bf708979378787bcbee2z > > Spam-Cop picks up that it was sent from an AOL account, but completely fails > to register the hotmail account that it wants replies to. > > Is there any particular reason why it has done this? (N.B. I am not an > expert on Spam-Cop's parser by any means so this might be a really obvious > question.) So how do you know this spam isn't really a Joe Job trying to get you to slam some innocent's e-mail account? SC is supposed to identify the source of the spam, not to someplace else that they claim they want replies. From joegill at removethis Wed Feb 11 15:31:19 2009 From: joegill at removethis (Joe Gill) Date: Wed Feb 11 15:35:08 2009 Subject: [Scspamcop] Top 10 Spam-Friendly Registrars Named and Shamed Message-ID: CSO Magazine Feb 11, 2009 12:17:48 PM Top 10 Spam-Friendly Registrars Named and Shamed When it comes time for spammers to register their Internet domain names, some companies are more popular than others. Complete article online: http://www.csoonline.com/article/479573/Top_Spam_Friendly_Registrars_Named_and_Shamed From Ag2000CO at Starband.net Wed Feb 11 15:49:36 2009 From: Ag2000CO at Starband.net (LKing) Date: Wed Feb 11 15:50:08 2009 Subject: [Scspamcop] Re: Top 10 Spam-Friendly Registrars Named and Shamed In-Reply-To: References: Message-ID: Joe Gill wrote, On 2/11/2009 3:31 PM: > CSO Magazine > Feb 11, 2009 12:17:48 PM > Top 10 Spam-Friendly Registrars Named and Shamed > When it comes time for spammers to register their Internet domain names, > some companies are more popular than others. > Complete article online: > http://www.csoonline.com/article/479573/Top_Spam_Friendly_Registrars_Named_and_Shamed > > Saw a similar article at KunjOn http://www.knujon.com/registrars/ From V at nguard.LH Wed Feb 11 22:56:28 2009 From: V at nguard.LH (VanguardLH) Date: Wed Feb 11 23:00:08 2009 Subject: [Scspamcop] Re: Top 10 Spam-Friendly Registrars Named and Shamed References: Message-ID: LKing wrote: > Joe Gill wrote, On 2/11/2009 3:31 PM: >> CSO Magazine >> Feb 11, 2009 12:17:48 PM >> Top 10 Spam-Friendly Registrars Named and Shamed >> When it comes time for spammers to register their Internet domain names, >> some companies are more popular than others. >> Complete article online: >> http://www.csoonline.com/article/479573/Top_Spam_Friendly_Registrars_Named_and_Shamed >> > Saw a similar article at KunjOn http://www.knujon.com/registrars/ "Spam-fighting organization KnujOn has released a report on the top 10 registrars it has linked to spam and other illicit activity." So the article is using the Knujon article as its basis. From nobody at spamcop.net Thu Feb 12 04:33:53 2009 From: nobody at spamcop.net (Trent) Date: Thu Feb 12 11:05:08 2009 Subject: [Scspamcop] Getting Quick Reporting enabled? Message-ID: I know it was shutdown some years ago, but I recall it could still be enabled by requesting it. Can it still be done, and who to send the request to? Trent From nobody at devnull.spamcop.net Thu Feb 12 11:15:40 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Thu Feb 12 11:15:07 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: "Trent" wrote in message news:gn1ha8$71u$1@news.spamcop.net... >I know it was shutdown some years ago, but I recall it could still be >enabled by requesting it. > > Can it still be done, and who to send the request to? > > Trent > The quick report address is equal to your current reporting address, but you change: submit.xxxxxxxx [at] spam.spamcop.net to quick.xxxxxxxx [at] spam.spamcop.net Next time you report any spam, if you report spam to the "quick" address, and your account is enable for Quick reporting, it will just work. If your account is not enabled for quick reporting, you will receive instructions on what you must do to enable it. I think those instructions go something like this, but it has been awhile since I did it: Make sure you have gone through the procedure to set up your Mail Hosts. Then, make sure you understand the pitfalls and limitations of Quick Reporting. If you agree to those, then email deputies [at] spamcop [dot] net with a request that Quick Reporting be enabled. From nobody at spamcop.net Thu Feb 12 11:21:35 2009 From: nobody at spamcop.net (Ellen) Date: Thu Feb 12 11:25:08 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? In-Reply-To: References: Message-ID: Trent wrote: > I know it was shutdown some years ago, but I recall it could still be > enabled by requesting it. > > Can it still be done, and who to send the request to? > > Trent > > write to service@admin.spamcop.net Ellen SpamCop From nobody at devnull.spamcop.net Thu Feb 12 11:25:59 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Thu Feb 12 11:25:09 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? (Correction) References: Message-ID: "Blue Rock" wrote in message news:gn1hrn$8hp$1@news.spamcop.net... > > "Trent" wrote in message > news:gn1ha8$71u$1@news.spamcop.net... >>I know it was shutdown some years ago, but I recall it could still be >>enabled by requesting it. >> >> Can it still be done, and who to send the request to? >> >> Trent >> > > The quick report address is equal to your current reporting address, but > you change: > > submit.xxxxxxxx [at] spam.spamcop.net > > to > > quick.xxxxxxxx [at] spam.spamcop.net > > Next time you report any spam, if you report spam to the "quick" address, > and your account is enable for Quick reporting, it will just work. If > your account is not enabled for quick reporting, you will receive > instructions on what you must do to enable it. > > I think those instructions go something like this, but it has been awhile > since I did it: > > Make sure you have gone through the procedure to set up your Mail Hosts. > Then, make sure you understand the pitfalls and limitations of Quick > Reporting. If you agree to those, then email deputies [at] spamcop [dot] > net with a request that Quick Reporting be enabled. > > Sorry, the address is: service [at] admin.spamcop.net From nobody at devnull.spamcop.net Thu Feb 12 12:09:57 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Thu Feb 12 12:10:09 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: "Trent" wrote in message news:gn1ha8$71u$1@news.spamcop.net... >I know it was shutdown some years ago, but I recall it could still >be enabled by requesting it. > > Can it still be done, and who to send the request to? Quick Reporting http://forum.spamcop.net/scwik/QuickReporting From MikeE at ster.invalid Thu Feb 12 12:30:12 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 12 12:35:08 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: Wazoo wrote: > "Trent" >> I know it was shutdown some years ago, but I recall it could still >> be enabled by requesting it. >> >> Can it still be done, and who to send the request to? > > Quick Reporting > http://forum.spamcop.net/scwik/QuickReporting ... which wiki link is not only excellent, but it also contains links to several other QR resources, ie Jeff's Guide, QR setup, and Don's 'beware' discussion in the forum. (For 'do it yourself' searching...) You can also use googleweb advanced search and put "Quick Reporting" (with the quotes) as the term and spamcop.net as the site. That gives 1500 hits, Jeff's Guide at the top and the above wiki entry as #9. Personally, I like the wikiQR the 'best' as it contains links to the other important ones and even the dead castlecop's (with strikeout) for nostalgia. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Thu Feb 12 13:09:26 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Feb 12 13:10:08 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? In-Reply-To: References: Message-ID: Mike Easter wrote: > Wazoo wrote: >> Quick Reporting >> http://forum.spamcop.net/scwik/QuickReporting > ... which wiki link is not only excellent, but it also contains links to > several other QR resources, ie Jeff's Guide, QR setup, and Don's 'beware' > discussion in the forum. That page hit me the same way. That's the best I've seen since the "transition" to the wiki. Props to you, Wazoo. I know you're not in it just for the glory, but give that man a raise! ;) From MikeE at ster.invalid Thu Feb 12 13:58:45 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 12 14:00:08 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> Wazoo wrote: >>> Quick Reporting >>> http://forum.spamcop.net/scwik/QuickReporting >> ... which wiki link is not only excellent, but it also contains links >> to several other QR resources, ie Jeff's Guide, QR setup, and Don's >> 'beware' discussion in the forum. > > That page hit me the same way. That's the best I've seen since the > "transition" to the wiki. > > Props to you, Wazoo. I know you're not in it just for the glory, but > give that man a raise! ;) What does 'props' mean in this context? Is that like a kudo? Oh, nevermind. I searched on/by combining terms props & kudos and found an urban dictionary Proper recognition & Props is short for "propers" as in, "proper respect" ... and then it goes on with some history including the usage of 'propers' in Aretha's RESPECT... and that Otis Redding wrote that. http://www.urbandictionary.com/define.php?term=props -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Feb 12 22:20:57 2009 From: nobody at devnull.spamcop.net (Patto) Date: Thu Feb 12 22:25:08 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Blue Rock wrote: > "Patto" wrote in message > news:gmat0s$9md$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >> (and hundreds of others) >> >> It has been known for years that a dash ("-") in a reporting address >> breaks Spamcop. Breaks the reporting address itself, actually. >> >> The spamvertized website in this spam, http://fresh-serial.ru/ >> (193.27.246.115), is peddling in pirated DVDs, and has been out there for >> a while now, but is never reported to its hosting company, Dankon Ltd. >> >> The company has published an official abuse address: >> >> abuse@dankon-ltd.com >> >> but Spamcop snips off everything from the dashed dash on to the right, and >> naturally that invalid remains bounces. So Spamcop will forever go on and >> report to abuse#dankon@devnull.spamcop.net >> >> I have tried for a month now in the 'routing' group to have this >> corrected, but to no avail. I know that a majority of the regulars here >> think that hosting companies should never be notified - all they can think >> of is filter, filter, filter. >> >> I myself, on the other hand, think that no harm is done if a spammer's >> website is shut down. Or is that too much inconvenience for the spammer? > > The problem is this web site is registered by a black-hat, and hosted by a > black-hat, as are the websites in probably 99% of spam that has a > spamvertized link. > > Take a look at the email address in the WHOIS for fresh-serial.ru: > > domain: FRESH-SERIAL.RU > type: CORPORATE > nserver: ns1.fresh-serial.ru. 193.27.247.115 > nserver: ns2.fresh-serial.ru. 216.195.61.87 > nserver: ns3.fresh-serial.ru. 216.195.58.106 > state: REGISTERED, DELEGATED > person: Private Person > phone: +7 495 8872737 > e-mail: spamkings@mail.ru > registrar: NAUNET-REG-RIPN > created: 2008.12.24 > paid-till: 2009.12.24 > source: TC-RIPN > > The IP address 193.27.246.115 does belong to a Russian organization called > dankon-ltd.com, but go and look at the web-site for http://dankon-ltd.com. > You get just a directory listing. There is no valid hosting company behind > this name! > > Do a search in news.admin.net-abuse.sightings, and you will find lots of > other spam related to dankon-ltd.com. > > Everything associated with this spamvertised link looks nefarious to me. > > IMO, attempting to send a report for this spamvertised site will, at best, > do nothing at all. If the email contained any coding that allows the > spammer to identify the address the original spam was sent to, then it could > be harmful to report it. I am quite certain that your report, or even > thousands of reports, will not result in the site being taken down. > > Again, researching spam I have received, I concluded that this is the case > for most spam. I believe that a spammer could, in fact, maliciously put > links to innocent third-party sites, and cause Spamcop reports to go to > those sites. I don't see any mechanism in Spamcop's automatic reporting > system that would prevent that, unless the reporter were aware enough to > turn off reporting check-boxes for those innocent sites. I definitely think > that nothing good can come from reporting spamvertised links. Thus, I was > happy to change to Quick Reporting, where only the source is reported. > > In the rare occasions when I find a spamvertized site on what appears to be > a legitimate host, I will manually notify that host. Just F.Y.I.: after three days of reporting to the corrected address at Dankon Ltd, they seem to have dumped the site - it is no longer at 193.27.246.115, but at 91.211.64.203 and reports go to abuse@uralnet.biz From nobody at devnull.spamcop.net Fri Feb 13 09:53:24 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Fri Feb 13 09:55:07 2009 Subject: [Scspamcop] Re: Dash it! References: Message-ID: "Patto" wrote in message news:gn2ouq$u2d$1@news.spamcop.net... > Blue Rock wrote: >> "Patto" wrote in message >> news:gmat0s$9md$1@news.spamcop.net... >>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>> (and hundreds of others) >>> >>> It has been known for years that a dash ("-") in a reporting address >>> breaks Spamcop. Breaks the reporting address itself, actually. >>> >>> The spamvertized website in this spam, http://fresh-serial.ru/ >>> (193.27.246.115), is peddling in pirated DVDs, and has been out there >>> for a while now, but is never reported to its hosting company, Dankon >>> Ltd. >>> >>> The company has published an official abuse address: >>> >>> abuse@dankon-ltd.com >>> >>> but Spamcop snips off everything from the dashed dash on to the right, >>> and naturally that invalid remains bounces. So Spamcop will forever go >>> on and report to abuse#dankon@devnull.spamcop.net >>> >>> I have tried for a month now in the 'routing' group to have this >>> corrected, but to no avail. I know that a majority of the regulars here >>> think that hosting companies should never be notified - all they can >>> think of is filter, filter, filter. >>> >>> I myself, on the other hand, think that no harm is done if a spammer's >>> website is shut down. Or is that too much inconvenience for the spammer? >> >> The problem is this web site is registered by a black-hat, and hosted by >> a black-hat, as are the websites in probably 99% of spam that has a >> spamvertized link. >> >> Take a look at the email address in the WHOIS for fresh-serial.ru: >> >> domain: FRESH-SERIAL.RU >> type: CORPORATE >> nserver: ns1.fresh-serial.ru. 193.27.247.115 >> nserver: ns2.fresh-serial.ru. 216.195.61.87 >> nserver: ns3.fresh-serial.ru. 216.195.58.106 >> state: REGISTERED, DELEGATED >> person: Private Person >> phone: +7 495 8872737 >> e-mail: spamkings@mail.ru >> registrar: NAUNET-REG-RIPN >> created: 2008.12.24 >> paid-till: 2009.12.24 >> source: TC-RIPN >> >> The IP address 193.27.246.115 does belong to a Russian organization >> called dankon-ltd.com, but go and look at the web-site for >> http://dankon-ltd.com. You get just a directory listing. There is no >> valid hosting company behind this name! >> >> Do a search in news.admin.net-abuse.sightings, and you will find lots of >> other spam related to dankon-ltd.com. >> >> Everything associated with this spamvertised link looks nefarious to me. >> >> IMO, attempting to send a report for this spamvertised site will, at >> best, do nothing at all. If the email contained any coding that allows >> the spammer to identify the address the original spam was sent to, then >> it could be harmful to report it. I am quite certain that your report, >> or even thousands of reports, will not result in the site being taken >> down. >> >> Again, researching spam I have received, I concluded that this is the >> case for most spam. I believe that a spammer could, in fact, maliciously >> put links to innocent third-party sites, and cause Spamcop reports to go >> to those sites. I don't see any mechanism in Spamcop's automatic >> reporting system that would prevent that, unless the reporter were aware >> enough to turn off reporting check-boxes for those innocent sites. I >> definitely think that nothing good can come from reporting spamvertised >> links. Thus, I was happy to change to Quick Reporting, where only the >> source is reported. >> >> In the rare occasions when I find a spamvertized site on what appears to >> be a legitimate host, I will manually notify that host. > > Just F.Y.I.: after three days of reporting to the corrected address at > Dankon Ltd, they seem to have dumped the site - it is no longer at > 193.27.246.115, but at 91.211.64.203 and reports go to abuse@uralnet.biz You may be right, and you may have found an honest, white-hat domain host in Russia, who happened to be unknowingly hosting a pirate DVD site, and who has simply not gotten around to puting up their own web site yet. (http://www.dankon-ltd.com STILL returns just a directory listing, by the way). Or, the site may be a fast-flux site (look up "fast flux" in wikipedia) that will always change its IP address eventually. I note that the time-to-live (TTL) on the current DNS record for FRESH-SERIAL.RU is only 30 seconds. That means it could change IP address again, almost at any moment. The subject of techniques that illegal sites use to make it hard to track the owner of the site is something I haven't studied a great deal. Maybe someone else could explain it better than I. But my understanding is that changing IP addresses is normal for such sites, and would happen whether people complain or not. From nobody at devnull.spamcop.net Fri Feb 13 12:05:59 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Fri Feb 13 12:10:08 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: "Tim McGraw" wrote in message news:gn1okm$r75$1@news.spamcop.net... > Mike Easter wrote: >> Wazoo wrote: >>> Quick Reporting >>> http://forum.spamcop.net/scwik/QuickReporting >> ... which wiki link is not only excellent, but it also contains >> links to >> several other QR resources, ie Jeff's Guide, QR setup, and Don's >> 'beware' >> discussion in the forum. > > That page hit me the same way. That's the best I've seen since the > "transition" to the wiki. > > Props to you, Wazoo. I know you're not in it just for the glory, > but give that man a raise! ;) Much as I'd like to bask in both your and Mike's surprising and nice words, it'd be wrong not to state that there are a number of fine folks working in the background, volunteering their time, energy, and knowledge to build these things. My thanks go out to all of those folks. From nobody at devnull.spamcop.net Fri Feb 13 17:38:37 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Fri Feb 13 17:40:07 2009 Subject: [Scspamcop] Re: Dash it! References: Message-ID: >>> "Patto" wrote in message >>> news:gmat0s$9md$1@news.spamcop.net... >>>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>>> (and hundreds of others) >>>> [SNIP] >>>> >>>> The company has published an official abuse address: >>>> >>>> abuse@dankon-ltd.com >>>> On a related note, if you still have doubts about the hat-color of dankon-ltd, please look at this Spamhaus listing: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL70826 Based on this info, I think it highly unlikely that reporting spam to them caused the site to move. On another related note it looks like your illegal DVD site is, for now at least, off the air. The site has been shut off, at the registrar. As to whether the registrar did it, or the spammer did it himself, I don't know: % By submitting a query to RIPN's Whois Service % you agree to abide by the following terms of use: % http://www.ripn.net/about/servpol.html#3.2 (in Russian) % http://www.ripn.net/about/en/servpol.html#3.2 (in English). domain: FRESH-SERIAL.RU type: CORPORATE state: REGISTERED, NOT DELEGATED person: Private Person phone: +7 495 8872737 e-mail: spamkings@mail.ru registrar: NAUNET-REG-RIPN created: 2008.12.24 paid-till: 2009.12.24 source: TC-RIPN Last updated on 2009.02.14 01:21:17 MSK/MSD From nobody at devnull.spamcop.net Sat Feb 14 08:36:39 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:24 2009 Subject: [Scspamcop] Spamcop Died? Message-ID: As of this moment SC seems to be totally dead, webmail, spam reporting, forums...you name it. This is a little more than a mere server outage, has to be! -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 8:36:39 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 14 08:47:05 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:25 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Online diagnostics say: "webmail.spamcop.net" is online but is not responding to connection attempts. I can't reach their forums either toehrwise I'd be checking for reasons. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Peter" wrote in message news:gn6hd5$5pn$1@news.spamcop.net... > As of this moment SC seems to be totally dead, webmail, spam reporting, > forums...you name it. > This is a little more than a mere server outage, has to be! > > -- > Peter > Toronto, Canada > XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 8:36:39 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 8:36:51 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 8:47:05 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From bob at donotreply.dnr Sat Feb 14 08:58:04 2009 From: bob at donotreply.dnr (bob) Date: Sun Feb 15 15:30:25 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: It'd be nice if they'd put a notice on www. "Peter" wrote in message news:gn6i0n$7do$1@news.spamcop.net... > Online diagnostics say: "webmail.spamcop.net" is online but is not > responding to connection attempts. > I can't reach their forums either toehrwise I'd be checking for reasons. > > -- > Peter > Toronto, Canada > XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 > "Peter" wrote in message > news:gn6hd5$5pn$1@news.spamcop.net... >> As of this moment SC seems to be totally dead, webmail, spam reporting, >> forums...you name it. >> This is a little more than a mere server outage, has to be! >> >> -- >> Peter >> Toronto, Canada >> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >> >> >> --- >> avast! Antivirus: Outbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 8:36:39 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> >> >> >> --- >> avast! Antivirus: Inbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 8:36:51 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 8:47:05 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > From nobody at devnull.spamcop.net Sat Feb 14 09:00:13 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:26 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Well...if one could reach it. The only page I managed to get to was: http://spamcop.net/help.shtml Everything else is off limits right now. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "bob" wrote in message news:gn6ilm$8b9$1@news.spamcop.net... > It'd be nice if they'd put a notice on www. > > "Peter" wrote in message > news:gn6i0n$7do$1@news.spamcop.net... >> Online diagnostics say: "webmail.spamcop.net" is online but is not >> responding to connection attempts. >> I can't reach their forums either toehrwise I'd be checking for reasons. >> >> -- >> Peter >> Toronto, Canada >> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >> "Peter" wrote in message >> news:gn6hd5$5pn$1@news.spamcop.net... >>> As of this moment SC seems to be totally dead, webmail, spam reporting, >>> forums...you name it. >>> This is a little more than a mere server outage, has to be! >>> >>> -- >>> Peter >>> Toronto, Canada >>> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >>> >>> >>> --- >>> avast! Antivirus: Outbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 8:36:39 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >>> >>> >>> --- >>> avast! Antivirus: Inbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 8:36:51 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >> >> >> >> --- >> avast! Antivirus: Outbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 8:47:05 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 8:58:21 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:00:13 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 09:02:49 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:26 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in news:gn6hd5$5pn$1 @news.spamcop.net: > As of this moment SC seems to be totally dead, webmail, spam reporting, > forums...you name it. Yes, no POP, IMAP, no access to webmail or forums. I hope Wazoo happens along, in that he's got some secret contact info for JT. If this keeps up, I'll probably call the colo facility. DT From mardjuki at donotreply.com Sat Feb 14 09:06:29 2009 From: mardjuki at donotreply.com (Dicky Mardjuki) Date: Sun Feb 15 15:30:26 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: It seems like the Email System News page is also accessible.... http://mail.spamcop.net/news.php "Peter" wrote in message news:gn6ipb$8h8$1@news.spamcop.net... > Well...if one could reach it. The only page I managed to get to was: > http://spamcop.net/help.shtml > Everything else is off limits right now. > > -- > Peter > Toronto, Canada > XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 > "bob" wrote in message > news:gn6ilm$8b9$1@news.spamcop.net... >> It'd be nice if they'd put a notice on www. >> >> "Peter" wrote in message >> news:gn6i0n$7do$1@news.spamcop.net... >>> Online diagnostics say: "webmail.spamcop.net" is online but is not >>> responding to connection attempts. >>> I can't reach their forums either toehrwise I'd be checking for reasons. >>> >>> -- >>> Peter >>> Toronto, Canada >>> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >>> "Peter" wrote in message >>> news:gn6hd5$5pn$1@news.spamcop.net... >>>> As of this moment SC seems to be totally dead, webmail, spam reporting, >>>> forums...you name it. >>>> This is a little more than a mere server outage, has to be! >>>> >>>> -- >>>> Peter >>>> Toronto, Canada >>>> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >>>> >>>> >>>> --- >>>> avast! Antivirus: Outbound message clean. >>>> Virus Database (VPS): 090213-0, 13/02/2009 >>>> Tested on: 14/02/2009 8:36:39 AM >>>> avast! - copyright (c) 1988-2009 ALWIL Software. >>>> http://www.avast.com >>>> >>>> >>>> >>>> >>>> >>>> --- >>>> avast! Antivirus: Inbound message clean. >>>> Virus Database (VPS): 090213-0, 13/02/2009 >>>> Tested on: 14/02/2009 8:36:51 AM >>>> avast! - copyright (c) 1988-2009 ALWIL Software. >>>> http://www.avast.com >>>> >>>> >>>> >>> >>> >>> >>> --- >>> avast! Antivirus: Outbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 8:47:05 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >> >> >> >> >> --- >> avast! Antivirus: Inbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 8:58:21 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:00:13 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > From nobody at spamcop.net Sat Feb 14 09:11:14 2009 From: nobody at spamcop.net (bar0) Date: Sun Feb 15 15:30:27 2009 Subject: [Scspamcop] Re: Spamcop Died?, what are you on about? References: Message-ID: "Dicky Mardjuki" wrote in message news:gn6j5b$8st$1@news.spamcop.net... > It seems like the Email System News page is also accessible.... > http://mail.spamcop.net/news.php > > > "Peter" wrote in message > news:gn6ipb$8h8$1@news.spamcop.net... >> Well...if one could reach it. The only page I managed to get to was: >> http://spamcop.net/help.shtml >> Everything else is off limits right now. I don't use SC mail service, but the reporting service seems fine. Just reported one 08:10 AM CST. From newspost at deletethispart.hypercreations.com Sat Feb 14 09:17:59 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:27 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Dicky Mardjuki" wrote in news:gn6j5b$8st$1@news.spamcop.net: > It seems like the Email System News page is also accessible.... > http://mail.spamcop.net/news.php Yes, but the current news item doesn't mention this outage: Feb 14, 2009 * [04:23 EST] We are aware that there is a problem POPping external servers. We are working on the problem now and expect it to be fixed within the next hour. After that, it may take a couple of hours for it to catch up POPping all of the mail waiting. Wonder if their "fix" (which was about 5 hours ago) wound up breaking all the mail services? I'm getting ready to bug the colo center. DT From nobody at devnull.spamcop.net Sat Feb 14 09:26:42 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:28 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: I managed to submit a message via the "Contact Us" on that page I mentioned earlier but I doubt it will get through. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Topping" wrote in message news:Xns9BB247ABBEDF6newsaddresshypercrea@216.154.195.61... > "Peter" wrote in news:gn6hd5$5pn$1 > @news.spamcop.net: > >> As of this moment SC seems to be totally dead, webmail, spam reporting, >> forums...you name it. > > Yes, no POP, IMAP, no access to webmail or forums. I hope Wazoo happens > along, in that he's got some secret contact info for JT. If this keeps up, > I'll probably call the colo facility. > > DT > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:25:31 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:26:43 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at no.no Sat Feb 14 09:27:52 2009 From: nobody at no.no (helge) Date: Sun Feb 15 15:30:28 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: David Topping skrev: > "Dicky Mardjuki" wrote in > news:gn6j5b$8st$1@news.spamcop.net: > >> It seems like the Email System News page is also accessible.... >> http://mail.spamcop.net/news.php > > Yes, but the current news item doesn't mention this outage: > > Feb 14, 2009 > > * [04:23 EST] We are aware that there is a problem POPping external > servers. We are working on the problem now and expect it to be fixed within > the next hour. After that, it may take a couple of hours for it to catch up > POPping all of the mail waiting. > > Wonder if their "fix" (which was about 5 hours ago) wound up breaking all > the mail services? I'm getting ready to bug the colo center. > > DT I have archived an email address: "support-cases /at/ spamcop.net" That is the address Jeff T used to reply to my latest problem report, and I have just now sent a whining email thither. Another possibility is "webmailbeta /at/ spamcop.net" All my mail is forwarded to spamcop and the goodmail is forwarded back to my ISP-address. Testmails to myself sent more than half an hour ago have not arrived, but I have received an older msg after Webmail expired. helge From nobody at devnull.spamcop.net Sat Feb 14 09:31:10 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:28 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: If it goes on much longer I'm going to have to bypass SC altogether in my email settings. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Peter" wrote in message news:gn6kb0$9hp$1@news.spamcop.net... >I managed to submit a message via the "Contact Us" on that page I mentioned >earlier but I doubt it will get through. > > -- > Peter > Toronto, Canada > XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 > "David Topping" wrote in > message news:Xns9BB247ABBEDF6newsaddresshypercrea@216.154.195.61... >> "Peter" wrote in news:gn6hd5$5pn$1 >> @news.spamcop.net: >> >>> As of this moment SC seems to be totally dead, webmail, spam reporting, >>> forums...you name it. >> >> Yes, no POP, IMAP, no access to webmail or forums. I hope Wazoo happens >> along, in that he's got some secret contact info for JT. If this keeps >> up, >> I'll probably call the colo facility. >> >> DT >> >> >> --- >> avast! Antivirus: Inbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 9:25:31 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:26:43 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:27:52 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:31:10 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 09:34:13 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:29 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: There's also a web-based contact page that will accept input...not sure if it's actually reaching anyone: http://mail.spamcop.net/contact.php DT From newspost at deletethispart.hypercreations.com Sat Feb 14 09:36:19 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:29 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in news:gn6kb0$9hp$1@news.spamcop.net: > I managed to submit a message via the "Contact Us" on that page I > mentioned earlier but I doubt it will get through. > ...and so did I. I also cited this page in another response just a moment ago...I didn't read all the new posts before responding. I tried calling the phone number in ARIN listed as responsible for the IP range, but I got the guy's voicemail. DT From nobody at devnull.spamcop.net Sat Feb 14 09:37:59 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:29 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: This is a first though for the forums to be offline as well as SC mail. I'm sure they must be all on different servers so obviously something much moire serious has happened. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Topping" wrote in message news:Xns9BB24CFF24644newsaddresshypercrea@216.154.195.61... > There's also a web-based contact page that will accept input...not sure if > it's actually reaching anyone: > > http://mail.spamcop.net/contact.php > > DT > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:35:36 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:38:00 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 14 09:47:10 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:30 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Well if you left a message there isn't much else one can do except wait patiently.......I checked my ISP's webmail and the inbox is empty, then I realised that I have it set to forward all mail to SC. I think I will reset everything to have SC pop it instead. The trouble with that is it's slower. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Topping" wrote in message news:Xns9BB24D59FC3F9newsaddresshypercrea@216.154.195.61... > "Peter" wrote in > news:gn6kb0$9hp$1@news.spamcop.net: > >> I managed to submit a message via the "Contact Us" on that page I >> mentioned earlier but I doubt it will get through. >> > > ...and so did I. I also cited this page in another response just a moment > ago...I didn't read all the new posts before responding. > > I tried calling the phone number in ARIN listed as responsible for the IP > range, but I got the guy's voicemail. > > DT > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:42:24 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:47:11 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From me at privacy.net Sat Feb 14 09:48:27 2009 From: me at privacy.net (Will Wilkinson) Date: Sun Feb 15 15:30:30 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: In message , David Topping writes >"Peter" wrote in >news:gn6kb0$9hp$1@news.spamcop.net: > >> I managed to submit a message via the "Contact Us" on that page I >> mentioned earlier but I doubt it will get through. >> > >...and so did I. I also cited this page in another response just a moment >ago...I didn't read all the new posts before responding. > >I tried calling the phone number in ARIN listed as responsible for the IP >range, but I got the guy's voicemail. > >DT Getting network time-out for webmail, pop and reporting from the UK at 14:50 GMT. Will -- e-mail news dot will at lancre dot net '98 300Tdi Defender 110 CSW, 1/12th NB Sometimes PGP Fingerprint E089 1736 A023 9E5C AFA3 0B40 E5DC D80A 9E1F D521 Public key can be obtained from ldap://certserver.pgp.com From mardjuki at donotreply.com Sat Feb 14 09:49:22 2009 From: mardjuki at donotreply.com (Dicky Mardjuki) Date: Sun Feb 15 15:30:31 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: It seems like the IP block for the webmail, forum and pop server are handled through the same provider, Quality Technology Services. When I tried to access their website www.qualitytech.com or www.edeltacom.com, I only get a 502 Bad Gateway error. It seems like this provider is the one that is having some problem.... "Peter" wrote in message news:gn6l05$9tb$1@news.spamcop.net... > This is a first though for the forums to be offline as well as SC mail. > I'm sure they must be all on different servers so obviously something much > moire serious has happened. > > -- > Peter > Toronto, Canada > XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 > "David Topping" wrote in > message news:Xns9BB24CFF24644newsaddresshypercrea@216.154.195.61... >> There's also a web-based contact page that will accept input...not sure >> if >> it's actually reaching anyone: >> >> http://mail.spamcop.net/contact.php >> >> DT >> >> >> --- >> avast! Antivirus: Inbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 9:35:36 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:38:00 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > From nobody at devnull.spamcop.net Sat Feb 14 09:58:10 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:31 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: That's interesting. I hope they haven't taken the weekend off.!!! -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Dicky Mardjuki" wrote in message news:gn6lll$aeg$1@news.spamcop.net... > It seems like the IP block for the webmail, forum and pop server are > handled through the same provider, Quality Technology Services. When I > tried to access their website www.qualitytech.com or www.edeltacom.com, I > only get a 502 Bad Gateway error. It seems like this provider is the one > that is having some problem.... > > > "Peter" wrote in message > news:gn6l05$9tb$1@news.spamcop.net... >> This is a first though for the forums to be offline as well as SC mail. >> I'm sure they must be all on different servers so obviously something >> much moire serious has happened. >> >> -- >> Peter >> Toronto, Canada >> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >> "David Topping" wrote in >> message news:Xns9BB24CFF24644newsaddresshypercrea@216.154.195.61... >>> There's also a web-based contact page that will accept input...not sure >>> if >>> it's actually reaching anyone: >>> >>> http://mail.spamcop.net/contact.php >>> >>> DT >>> >>> >>> --- >>> avast! Antivirus: Inbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 9:35:36 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >> >> >> >> --- >> avast! Antivirus: Outbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 9:38:00 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 9:56:34 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 9:58:10 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 10:13:43 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:31 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Dicky Mardjuki" wrote in news:gn6lll$aeg$1@news.spamcop.net: > It seems like the IP block for the webmail, forum and pop server are > handled through the same provider, Quality Technology Services. When I > tried to access their website www.qualitytech.com or > www.edeltacom.com, I only get a 502 Bad Gateway error. It seems like > this provider is the one that is having some problem.... I'm able to load those sites, and I'm calling their operations center right now. DT From newspost at deletethispart.hypercreations.com Sat Feb 14 10:16:41 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:32 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in news:gn6lhc$a8d$1@news.spamcop.net: > Well if you left a message there isn't much else one can do except > wait patiently I didn't leave a message, because it wasn't a general support box, but rather that of an individual who might not be working this weekend. I'm on hold for their operations center right now....long hold time might indicate that they are having problems. > I think I will reset everything to have SC pop it instead. The > trouble with that is it's slower. Not to mention that they've also been having problems with that function recently, as evidenced by the last two entries on the News page. DT From mynamehere at noplace.com Sat Feb 14 10:16:52 2009 From: mynamehere at noplace.com (vknowles) Date: Sun Feb 15 15:30:32 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: I always worry about businesses with "quality" in their name. Suggests there might be some doubt. :-) "Dicky Mardjuki" wrote in message news:gn6lll$aeg$1@news.spamcop.net... > It seems like the IP block for the webmail, forum and pop server are > handled through the same provider, Quality Technology Services. When I > tried to access their website www.qualitytech.com or www.edeltacom.com, I > only get a 502 Bad Gateway error. It seems like this provider is the one > that is having some problem.... > > > "Peter" wrote in message > news:gn6l05$9tb$1@news.spamcop.net... >> This is a first though for the forums to be offline as well as SC mail. >> I'm sure they must be all on different servers so obviously something >> much moire serious has happened. >> >> -- >> Peter >> Toronto, Canada >> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >> "David Topping" wrote in >> message news:Xns9BB24CFF24644newsaddresshypercrea@216.154.195.61... >>> There's also a web-based contact page that will accept input...not sure >>> if >>> it's actually reaching anyone: >>> >>> http://mail.spamcop.net/contact.php >>> >>> DT >>> >>> >>> --- >>> avast! Antivirus: Inbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 9:35:36 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >> >> >> >> --- >> avast! Antivirus: Outbound message clean. >> Virus Database (VPS): 090213-0, 13/02/2009 >> Tested on: 14/02/2009 9:38:00 AM >> avast! - copyright (c) 1988-2009 ALWIL Software. >> http://www.avast.com >> >> >> > > From nobody at devnull.spamcop.net Sat Feb 14 10:19:01 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:33 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Quite...LOL -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "vknowles" wrote in message news:gn6n97$bj6$1@news.spamcop.net... >I always worry about businesses with "quality" in their name. Suggests >there might be some doubt. > > :-) > > > "Dicky Mardjuki" wrote in message > news:gn6lll$aeg$1@news.spamcop.net... >> It seems like the IP block for the webmail, forum and pop server are >> handled through the same provider, Quality Technology Services. When I >> tried to access their website www.qualitytech.com or www.edeltacom.com, I >> only get a 502 Bad Gateway error. It seems like this provider is the one >> that is having some problem.... >> >> >> "Peter" wrote in message >> news:gn6l05$9tb$1@news.spamcop.net... >>> This is a first though for the forums to be offline as well as SC mail. >>> I'm sure they must be all on different servers so obviously something >>> much moire serious has happened. >>> >>> -- >>> Peter >>> Toronto, Canada >>> XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 >>> "David Topping" wrote in >>> message news:Xns9BB24CFF24644newsaddresshypercrea@216.154.195.61... >>>> There's also a web-based contact page that will accept input...not sure >>>> if >>>> it's actually reaching anyone: >>>> >>>> http://mail.spamcop.net/contact.php >>>> >>>> DT >>>> >>>> >>>> --- >>>> avast! Antivirus: Inbound message clean. >>>> Virus Database (VPS): 090213-0, 13/02/2009 >>>> Tested on: 14/02/2009 9:35:36 AM >>>> avast! - copyright (c) 1988-2009 ALWIL Software. >>>> http://www.avast.com >>>> >>>> >>>> >>> >>> >>> >>> --- >>> avast! Antivirus: Outbound message clean. >>> Virus Database (VPS): 090213-0, 13/02/2009 >>> Tested on: 14/02/2009 9:38:00 AM >>> avast! - copyright (c) 1988-2009 ALWIL Software. >>> http://www.avast.com >>> >>> >>> >> >> > > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 10:18:44 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 10:19:02 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 14 10:22:03 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:33 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: It would appear that the whole thing is in a total mess right now. By the way, the one or two pages I could access have at the bottom, "Copyright xxxx - 2006 Ironport...." .. 2006? Someone needs to do some revisions methinks. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Topping" wrote in message news:Xns9BB254320C15Dnewsaddresshypercrea@216.154.195.61... > "Peter" wrote in > news:gn6lhc$a8d$1@news.spamcop.net: > >> Well if you left a message there isn't much else one can do except >> wait patiently > > I didn't leave a message, because it wasn't a general support box, but > rather that of an individual who might not be working this weekend. I'm on > hold for their operations center right now....long hold time might > indicate > that they are having problems. > >> I think I will reset everything to have SC pop it instead. The >> trouble with that is it's slower. > > Not to mention that they've also been having problems with that function > recently, as evidenced by the last two entries on the News page. > > DT > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 10:19:04 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 10:22:03 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From mrmaxx at spamcop.net Sat Feb 14 10:26:13 2009 From: mrmaxx at spamcop.net (John Aldrich) Date: Sun Feb 15 15:30:33 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: On Sat, 14 Feb 2009 14:48:27 +0000, Will Wilkinson wrote: [snip] > Getting network time-out for webmail, pop and reporting from the UK at > 14:50 GMT. > I, too, am unable to access imap.spamcop.net or forum.spamcop.net, which I believe are both on Jeff's system. I would appreciate it if someone who knows how to contact him would get a message to him. From nobody at devnull.spamcop.net Sat Feb 14 10:28:29 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:34 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: If you read the entire thread you'll see it could be another company that is the source of the trouble. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "John Aldrich" wrote in message news:pan.2009.02.14.15.26.12@spamcop.net... > On Sat, 14 Feb 2009 14:48:27 +0000, Will Wilkinson wrote: > [snip] >> Getting network time-out for webmail, pop and reporting from the UK at >> 14:50 GMT. >> > I, too, am unable to access imap.spamcop.net or forum.spamcop.net, which > I believe are both on Jeff's system. I would appreciate it if someone who > knows how to contact him would get a message to him. > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 10:26:40 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 10:28:29 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 14 10:21:44 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:34 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in message news:gn6hd5$5pn$1@news.spamcop.net... > As of this moment SC seems to be totally dead, webmail, spam > reporting, forums...you name it. > This is a little more than a mere server outage, has to be! Left a message on JT's voice-mail thing. Am currently waiting to talk to someone at Quality Tech, but it does appear that there is/was am issue at the data center. At this point (again not having talked to anyone directly) I'm having to guess at something along the lines of power ... some of the e-mail servers seem to be alive and reachable, but I can't get anywhere near the Forum server at present. ... sent this while still on hold ... From newspost at deletethispart.hypercreations.com Sat Feb 14 10:35:04 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:35 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in news:gn6nur$bvv$1@news.spamcop.net: > If you read the entire thread you'll see it could be another company > that is the source of the trouble. > The key word is "could." Their sites are up. What we have is a stale "news" item indicating that JT (or Trevor) was aware of a different problem and working on it 6 hours ago, mentioning a 1-hour ETA on a fix, but no updated information. DT From newspost at deletethispart.hypercreations.com Sat Feb 14 10:36:24 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:35 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: John Aldrich wrote in news:pan.2009.02.14.15.26.12@spamcop.net: > I, too, am unable to access imap.spamcop.net or forum.spamcop.net, > which I believe are both on Jeff's system. I would appreciate it if > someone who knows how to contact him would get a message to him. That would be Wazoo, who hasn't dropped by yet. DT From 867-5309 at domain.invalid Sat Feb 14 10:44:23 2009 From: 867-5309 at domain.invalid (Sue Morton) Date: Sun Feb 15 15:30:35 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: 7:30a Pacific here, no forums and no email access yet. Thanks for the link to the email system news page in this thread. I have that bookmarked now, just in case it continues to be available and actually have some news. -- Sue Morton FWIW I've asked JT several times over the years for the news page to be hosted reasonably independently from the email system, so at least we can have some point of contact. (Obviously if Level3 or similar is out then half the US is too, different problem.) Perhaps he did that. Hmmm... I think I'll go look at the host for news page right now... :-/ Now to get the news page updated... that probably requires them to make a phone call, to someone with access to the 'net! Peter wrote: > If you read the entire thread you'll see it could be another company > that is the source of the trouble. > >> On Sat, 14 Feb 2009 14:48:27 +0000, Will Wilkinson wrote: >> I, too, am unable to access imap.spamcop.net or forum.spamcop.net, >> which I believe are both on Jeff's system. I would appreciate it if >> someone who knows how to contact him would get a message to him. From newspost at deletethispart.hypercreations.com Sat Feb 14 10:50:44 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:36 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Sue Morton" <867-5309@domain.invalid> wrote in news:gn6oss$cl2$1@news.spamcop.net: > FWIW I've asked JT several times over the years for the news page to > be hosted reasonably independently from the email system, so at least > we can have some point of contact. (Obviously if Level3 or similar is > out then half the US is too, different problem.) Perhaps he did > that. Nope. It's hosted in the same facility, but the HTTP service on that server seems to be pretty much the only thing that's working this morning. That probably means it's not a massive failure "upstream," but rather crap happening with JT's servers. DT From newspost at deletethispart.hypercreations.com Sat Feb 14 11:06:54 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:36 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: David Topping wrote in news:Xns9BB259F7E737Cnewsaddresshypercrea@216.154.195.61: > Nope. It's hosted in the same facility, but the HTTP service on that > server seems to be pretty much the only thing that's working this > morning. (slaps forehead) ...in addition to the NNTP service, I hasten to add. DT From nobody at devnull.spamcop.net Sat Feb 14 11:05:47 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:37 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Wazoo" wrote in message news:gn6oam$cb2$1@news.spamcop.net... > "Peter" wrote in message > news:gn6hd5$5pn$1@news.spamcop.net... >> As of this moment SC seems to be totally dead, webmail, spam >> reporting, forums...you name it. >> This is a little more than a mere server outage, has to be! > > Left a message on JT's voice-mail thing. > Am currently waiting to talk to someone at Quality Tech, but it > does appear that there is/was am issue at the data center. At this > point (again not having talked to anyone directly) I'm having to > guess at something along the lines of power ... some of the e-mail > servers seem to be alive and reachable, but I can't get anywhere > near the Forum server at present. ... sent this while still on > hold ... OK, I'm not on the "access list": .. so had to resort to a bit of social engineering. The girl I talked to stated that she would confirm that my guess about a probable power issue did in fact have much merit, something around 0800 their time. End result, either JT (or possibly Trevor?) has to physically get on-site to get some things powered back up, other things actually talking once again. Left another voice-mail message for Jeff. From newspost at deletethispart.hypercreations.com Sat Feb 14 11:10:56 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:37 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Wazoo" wrote in news:gn6oam$cb2$1 @news.spamcop.net: > (again not having talked to anyone directly) I'm having to guess at > something along the lines of power ... some of the e-mail servers > seem to be alive and reachable, but I can't get anywhere near the > Forum server at present. ... sent this while still on hold ... Be prepared for a long hold time...I gave up after about 15 minutes. The thing that doesn't add up is the acknowledgement on the News page well over 6 hours ago of problems on just the POP/fetching system, which seems to indicate some early-morning "touching" of stuff by JT (or Trevor) and then maybe they went away, thinking it was fixed. That's just a guess. DT From nobody at devnull.spamcop.net Sat Feb 14 11:13:05 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:37 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: David, Wazoo et alia, thanks for your efforts. ;-) -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Wazoo" wrote in message news:gn6qa7$dpi$1@news.spamcop.net... > "Wazoo" wrote in message > news:gn6oam$cb2$1@news.spamcop.net... >> "Peter" wrote in message >> news:gn6hd5$5pn$1@news.spamcop.net... >>> As of this moment SC seems to be totally dead, webmail, spam reporting, >>> forums...you name it. >>> This is a little more than a mere server outage, has to be! >> >> Left a message on JT's voice-mail thing. >> Am currently waiting to talk to someone at Quality Tech, but it does >> appear that there is/was am issue at the data center. At this point >> (again not having talked to anyone directly) I'm having to guess at >> something along the lines of power ... some of the e-mail servers seem to >> be alive and reachable, but I can't get anywhere near the Forum server at >> present. ... sent this while still on hold ... > > OK, I'm not on the "access list": .. so had to resort to a bit of social > engineering. The girl I talked to stated that she would confirm that my > guess about a probable power issue did in fact have much merit, something > around 0800 their time. > > End result, either JT (or possibly Trevor?) has to physically get on-site > to get some things powered back up, other things actually talking once > again. Left another voice-mail message for Jeff. > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 11:12:06 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 11:13:05 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 11:13:23 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:38 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Wazoo" wrote in news:gn6qa7$dpi$1 @news.spamcop.net: > End result, either JT (or possibly Trevor?) has to physically get > on-site to get some things powered back up, other things actually > talking once again. Left another voice-mail message for Jeff. Thanks for the update, Wazoo. Turns out that I'm partially correct -- I was skeptical about the "upstream" issue, but now that it's been resolved, what we're all indeed waiting on is for JT to realize this is happening and get on site....but he might be asleep. :-( DT From jzeitlin at spamcop.net Sat Feb 14 11:16:51 2009 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Sun Feb 15 15:30:38 2009 Subject: [Scspamcop] Re: Spamcop Died?, what are you on about? References: Message-ID: On Sat, 14 Feb 2009 08:11:14 -0600, "bar0" wrote: > >"Dicky Mardjuki" wrote in message >news:gn6j5b$8st$1@news.spamcop.net... >> It seems like the Email System News page is also accessible.... >> http://mail.spamcop.net/news.php >> >> >> "Peter" wrote in message >> news:gn6ipb$8h8$1@news.spamcop.net... >>> Well...if one could reach it. The only page I managed to get to was: >>> http://spamcop.net/help.shtml >>> Everything else is off limits right now. > >I don't use SC mail service, but the reporting service seems fine. Just >reported one 08:10 AM CST. > As of the posting time of this message, I get valid ping responses from pop.spamcop.net and webmail.spamcop.net, but my email client and browser cannot connect; it's timing out. This suggests that the SERVER is up, but the SERVICES are not; i.e., something is b0rked in software. Forum.spamcop.net does not return pings at all. -- E?nw? (SpamCop subscriber, not staff/admin) From df at nowhere.invalid Sat Feb 14 11:25:13 2009 From: df at nowhere.invalid (David F.) Date: Sun Feb 15 15:30:39 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Where did you find the link to the news item? I went to the site to see if they had posted a known problem exists, but couldn't find anything until I finally found this NNTP newsgroup (the forum links and email it self don't work as well as POP email). "David Topping" wrote in message news:Xns9BB24A3E4FE12newsaddresshypercrea@216.154.195.61... > "Dicky Mardjuki" wrote in > news:gn6j5b$8st$1@news.spamcop.net: > >> It seems like the Email System News page is also accessible.... >> http://mail.spamcop.net/news.php > > Yes, but the current news item doesn't mention this outage: > > Feb 14, 2009 > > * [04:23 EST] We are aware that there is a problem POPping external > servers. We are working on the problem now and expect it to be fixed > within > the next hour. After that, it may take a couple of hours for it to catch > up > POPping all of the mail waiting. > > Wonder if their "fix" (which was about 5 hours ago) wound up breaking all > the mail services? I'm getting ready to bug the colo center. > > DT > From newspost at deletethispart.hypercreations.com Sat Feb 14 11:28:19 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:39 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "David F." wrote in news:gn6r9j$ejg$1@news.spamcop.net: > Where did you find the link to the news item? http://mail.spamcop.net/news.php DT From nobody at devnull.spamcop.net Sat Feb 14 11:30:26 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:40 2009 Subject: [Scspamcop] Re: Spamcop Died?, what are you on about? In-Reply-To: References: Message-ID: Either way E?nw? - it died. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "E?nw?" wrote in message news:edrdp41njsturo585gq6u7htmd87unb6ll@4ax.com... > On Sat, 14 Feb 2009 08:11:14 -0600, "bar0" wrote: > >> >>"Dicky Mardjuki" wrote in message >>news:gn6j5b$8st$1@news.spamcop.net... >>> It seems like the Email System News page is also accessible.... >>> http://mail.spamcop.net/news.php >>> >>> >>> "Peter" wrote in message >>> news:gn6ipb$8h8$1@news.spamcop.net... >>>> Well...if one could reach it. The only page I managed to get to was: >>>> http://spamcop.net/help.shtml >>>> Everything else is off limits right now. >> >>I don't use SC mail service, but the reporting service seems fine. Just >>reported one 08:10 AM CST. >> > > As of the posting time of this message, I get valid ping responses from > pop.spamcop.net and webmail.spamcop.net, but my email client and browser > cannot connect; it's timing out. This suggests that the SERVER is up, > but the SERVICES are not; i.e., something is b0rked in software. > Forum.spamcop.net does not return pings at all. > -- > E?nw? > (SpamCop subscriber, not staff/admin) > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090213-0, 13/02/2009 > Tested on: 14/02/2009 11:29:12 AM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090213-0, 13/02/2009 Tested on: 14/02/2009 11:30:26 AM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 11:30:36 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:41 2009 Subject: [Scspamcop] Re: Spamcop Died?, what are you on about? References: Message-ID: Eönwë wrote in news:edrdp41njsturo585gq6u7htmd87unb6ll@4ax.com: > As of the posting time of this message, I get valid ping responses from > pop.spamcop.net and webmail.spamcop.net, but my email client and browser > cannot connect; it's timing out. This suggests that the SERVER is up, > but the SERVICES are not; i.e., something is b0rked in software. Yes, the servers have power, but there seems to have been a loss of power about 3.5 hours ago, and they probably didn't appreciate going down in that manner. These are surely "unmanaged" servers and so it seems that JT needs to go to the site and take care of getting them functioning properly. DT From nobody at devnull.spamcop.net Sat Feb 14 12:38:29 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:41 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: It appears to be back up now although my inbox was empty, which makes me suspicious. Peter Toronto, Canada. "David Topping" wrote in message news:Xns9BB25D64DD7D4newsaddresshypercrea@216.154.195.61... > "Wazoo" wrote in news:gn6oam$cb2$1 > @news.spamcop.net: > >> (again not having talked to anyone directly) I'm having to guess at >> something along the lines of power ... some of the e-mail servers >> seem to be alive and reachable, but I can't get anywhere near the >> Forum server at present. ... sent this while still on hold ... > > Be prepared for a long hold time...I gave up after about 15 minutes. > > The thing that doesn't add up is the acknowledgement on the News page well > over 6 hours ago of problems on just the POP/fetching system, which seems > to indicate some early-morning "touching" of stuff by JT (or Trevor) and > then maybe they went away, thinking it was fixed. That's just a guess. > > DT From spamcop at geodosch.com Sat Feb 14 12:40:31 2009 From: spamcop at geodosch.com (GeoDosch) Date: Sun Feb 15 15:30:42 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: It's up, and mail is trickling in. The mail sent to the spamcop SMTP server would have bounced during the outage, and the sending server will periodically retry to send, so it could take several hours for all backlogged mail to be delivered to spamcop. "Peter" wrote in message news:gn6vij$jes$1@news.spamcop.net... > It appears to be back up now although my inbox was empty, which makes me > suspicious. > > Peter > Toronto, Canada. > > "David Topping" wrote in > message news:Xns9BB25D64DD7D4newsaddresshypercrea@216.154.195.61... >> "Wazoo" wrote in news:gn6oam$cb2$1 >> @news.spamcop.net: >> >>> (again not having talked to anyone directly) I'm having to guess at >>> something along the lines of power ... some of the e-mail servers >>> seem to be alive and reachable, but I can't get anywhere near the >>> Forum server at present. ... sent this while still on hold ... >> >> Be prepared for a long hold time...I gave up after about 15 minutes. >> >> The thing that doesn't add up is the acknowledgement on the News page >> well >> over 6 hours ago of problems on just the POP/fetching system, which seems >> to indicate some early-morning "touching" of stuff by JT (or Trevor) and >> then maybe they went away, thinking it was fixed. That's just a guess. >> >> DT > From nobody at devnull.spamcop.net Sat Feb 14 12:59:00 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:42 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Just tried the forums and that failed. "GeoDosch" wrote in message news:gn6vmm$jm8$1@news.spamcop.net... > It's up, and mail is trickling in. The mail sent to the spamcop SMTP > server would have bounced during the outage, and the sending server will > periodically retry to send, so it could take several hours for all > backlogged mail to be delivered to spamcop. > > "Peter" wrote in message > news:gn6vij$jes$1@news.spamcop.net... >> It appears to be back up now although my inbox was empty, which makes me >> suspicious. >> >> Peter >> Toronto, Canada. >> >> "David Topping" wrote in >> message news:Xns9BB25D64DD7D4newsaddresshypercrea@216.154.195.61... >>> "Wazoo" wrote in news:gn6oam$cb2$1 >>> @news.spamcop.net: >>> >>>> (again not having talked to anyone directly) I'm having to guess at >>>> something along the lines of power ... some of the e-mail servers >>>> seem to be alive and reachable, but I can't get anywhere near the >>>> Forum server at present. ... sent this while still on hold ... >>> >>> Be prepared for a long hold time...I gave up after about 15 minutes. >>> >>> The thing that doesn't add up is the acknowledgement on the News page >>> well >>> over 6 hours ago of problems on just the POP/fetching system, which >>> seems >>> to indicate some early-morning "touching" of stuff by JT (or Trevor) and >>> then maybe they went away, thinking it was fixed. That's just a guess. >>> >>> DT >> > > From newspost at deletethispart.hypercreations.com Sat Feb 14 15:01:08 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:43 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Peter" wrote in news:gn70p2$kfn$1@news.spamcop.net: > Just tried the forums and that failed. Two hours later and the forum server is still down, but everything else is back up. No new "news" however. DT From nobody at spamcop.net Sat Feb 14 09:06:01 2009 From: nobody at spamcop.net (Trent) Date: Sun Feb 15 15:30:43 2009 Subject: [Scspamcop] Re: Getting Quick Reporting enabled? References: Message-ID: Thanks for the replies, all "Trent" wrote in message news:gn1ha8$71u$1@news.spamcop.net... >I know it was shutdown some years ago, but I recall it could still be >enabled by requesting it. > > Can it still be done, and who to send the request to? > > Trent > From nobody at devnull.spamcop.net Sat Feb 14 16:49:22 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:44 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Well obviously someone is working on the problems. I guess they'll wait until it's all done before updating the news, although it would be nice to get an update. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Topping" wrote in message news:Xns9BB2846BE5EF3newsaddresshypercrea@216.154.195.61... > "Peter" wrote in > news:gn70p2$kfn$1@news.spamcop.net: > >> Just tried the forums and that failed. > > Two hours later and the forum server is still down, but everything else is > back up. No new "news" however. > > DT > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090214-0, 14/02/2009 > Tested on: 14/02/2009 4:48:16 PM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090214-0, 14/02/2009 Tested on: 14/02/2009 4:49:23 PM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 14 20:58:36 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:44 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "David Topping" wrote in message news:Xns9BB2846BE5EF3newsaddresshypercrea@216.154.195.61... > "Peter" wrote in > news:gn70p2$kfn$1@news.spamcop.net: > >> Just tried the forums and that failed. > > Two hours later and the forum server is still down, but everything > else is > back up. No new "news" however. Yeah, it still looks like that server needs to be physically powered up. I left another voice-mail, passing on the complaints of no 'news update' and that the Forum server is still dead. . From nobody at devnull.spamcop.net Sat Feb 14 21:08:57 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:45 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Thanks on both counts Wazoo. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Wazoo" wrote in message news:gn7ss7$j9r$1@news.spamcop.net... > "David Topping" wrote in > message news:Xns9BB2846BE5EF3newsaddresshypercrea@216.154.195.61... >> "Peter" wrote in >> news:gn70p2$kfn$1@news.spamcop.net: >> >>> Just tried the forums and that failed. >> >> Two hours later and the forum server is still down, but everything else >> is >> back up. No new "news" however. > > Yeah, it still looks like that server needs to be physically powered up. > I left another voice-mail, passing on the complaints of no 'news update' > and that the Forum server is still dead. . > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090214-0, 14/02/2009 > Tested on: 14/02/2009 9:08:01 PM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090214-0, 14/02/2009 Tested on: 14/02/2009 9:08:58 PM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From newspost at deletethispart.hypercreations.com Sat Feb 14 22:06:13 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:45 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Wazoo" wrote in news:gn7ss7$j9r$1 @news.spamcop.net: > Yeah, it still looks like that server needs to be physically powered > up. I left another voice-mail, passing on the complaints of no > 'news update' and that the Forum server is still dead. . I think the SMTP service is also broken....I just tried sending something from my email client using SpamCop's SMTP and got error messages. Keep pinging JT, Wazoo. DT From newspost at deletethispart.hypercreations.com Sat Feb 14 23:14:35 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:46 2009 Subject: [Scspamcop] smtp.cesmail.net now also dead Message-ID: Today's outage has now started affecting my ability to send mail. I have my client set up to use port 587 on smtp.cesmail.net, but am now getting consistent errors when trying to do so. The "news" still hasn't been updated since before 4:30 am EST (well over 20 hours ago). Since that server is up and most likely accessible to JT, it's puzzling that he's not taking the opportunity to let us know what's happening (the forums have been down all day, so that's not an option). DT From df at nowhere.invalid Sat Feb 14 23:50:07 2009 From: df at nowhere.invalid (David F.) Date: Sun Feb 15 15:30:46 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Well - yeah .. I mean originally - where was it linked at spamcop.net? I looked all over for a news item. "David Topping" wrote in message news:Xns9BB26057569B6newsaddresshypercrea@216.154.195.61... > "David F." wrote in > news:gn6r9j$ejg$1@news.spamcop.net: > >> Where did you find the link to the news item? > > http://mail.spamcop.net/news.php > > DT From skiwi at spamcop.net Sun Feb 15 00:22:38 2009 From: skiwi at spamcop.net (Skiwi) Date: Sun Feb 15 15:30:47 2009 Subject: [Scspamcop] Re: smtp.cesmail.net now also dead In-Reply-To: References: Message-ID: David Topping wrote: > Today's outage has now started affecting my ability to send mail. I have my > client set up to use port 587 on smtp.cesmail.net, but am now getting > consistent errors when trying to do so. > > The "news" still hasn't been updated since before 4:30 am EST (well over 20 > hours ago). Since that server is up and most likely accessible to JT, it's > puzzling that he's not taking the opportunity to let us know what's > happening (the forums have been down all day, so that's not an option). OK, "good" to see it is not just me with the issue getting to smtp.cesmail.net - and so I can stop chasing down whether the ISP "changed anything" or somesuch... I guess all 'we' just to need wait... First glitch in many years, otherwise an excellent service - so thanks regardless! From newspost at deletethispart.hypercreations.com Sun Feb 15 00:32:18 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:47 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "David F." wrote in news:gn86u9$sks$1@news.spamcop.net: > Well - yeah .. I mean originally - where was it linked at spamcop.net? > I looked all over for a news item. I'm not sure it's linked from the main site. It's linked from the webmail login, so people might bookmark it. It's also on this rather secret page: http://www.spamcop.net/ces/members.shtml DT From skiwi at spamcop.net Sun Feb 15 02:23:03 2009 From: skiwi at spamcop.net (Skiwi) Date: Sun Feb 15 15:30:48 2009 Subject: [Scspamcop] Re: smtp.cesmail.net now also dead [back up] In-Reply-To: References: Message-ID: Skiwi wrote: > I guess all 'we' just to need wait... Back up - cheers! From nobody at devnull.spamcop.net Sun Feb 15 04:17:38 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:48 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "David Topping" wrote in message news:Xns9BB2CC7CFBB2Enewsaddresshypercrea@216.154.195.61... > "Wazoo" wrote in news:gn7ss7$j9r$1 > @news.spamcop.net: > >> Yeah, it still looks like that server needs to be physically >> powered >> up. I left another voice-mail, passing on the complaints of no >> 'news update' and that the Forum server is still dead. . > > I think the SMTP service is also broken....I just tried sending > something > from my email client using SpamCop's SMTP and got error messages. > > Keep pinging JT, Wazoo. What are the odds? About four hours ago, sat on hold for over 45 minutes, finally connected to the latest 'service office for my ISP .. way the hell over in the Philippines ... was told that the reason I had no Internet was due to a cable problem that took out at least three cities .. per her note. Yeah, imagine my surprise at finding the Forum server still unreachable .. then see the posts in .mail and here .... unreal ... From nobody at devnull.spamcop.net Sun Feb 15 06:48:59 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:49 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: Correcting the top-posting mode. > "David Topping" wrote > in message > news:Xns9BB26057569B6newsaddresshypercrea@216.154.195.61... >> "David F." wrote in >> news:gn6r9j$ejg$1@news.spamcop.net: >> >>> Where did you find the link to the news item? >> >> http://mail.spamcop.net/news.php >> "David F." wrote in message news:gn86u9$sks$1@news.spamcop.net... > Well - yeah .. I mean originally - where was it linked at > spamcop.net? I looked all over for a news item. Your "logged-in" www.spamcop.net Reporting page includes (all on one line); News: (Last Modified: Friday, January 23, 2009 9:00:52 AM -0600) (Email-account news) That last part being the link to the e-mail news page. From nobody at 127.0.0.1 Sun Feb 15 08:54:25 2009 From: nobody at 127.0.0.1 (Peter Hancock) Date: Sun Feb 15 15:30:49 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up In-Reply-To: References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: Dave Lerner wrote: > SpamCop Admin wrote on 02/15/2009 06:53 AM: >> smtp.cesmail.net is working again as of this post. >> >> - Don - > > It's still not working for me. Nor me. It *once* worked, but now it doesn't. >From Thunderbird: "Sending of message failed. The message could not be sent because connecting to SMTP server smtp.cesmail.net failed. The server may be unavailable or is refusing SMTP connections. ..." Hank From nobody at devnull.spamcop.net Sun Feb 15 09:14:11 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:50 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: That's interesting. On another note, that original message on the Sc Mail login page regarding trouble with the POP3 servers. I think the problem still exists because when I check my MSN hotmail setting in webmail/Options/ I see it has returned incorrect password 47 times.....the password is correct, so something is amiss there still. Peter Toronto, Canada. "Wazoo" wrote in message news:gn8mjc$9f0$1@news.spamcop.net... > "David Topping" wrote in > message news:Xns9BB2CC7CFBB2Enewsaddresshypercrea@216.154.195.61... >> "Wazoo" wrote in news:gn7ss7$j9r$1 >> @news.spamcop.net: >> >>> Yeah, it still looks like that server needs to be physically powered >>> up. I left another voice-mail, passing on the complaints of no >>> 'news update' and that the Forum server is still dead. . >> >> I think the SMTP service is also broken....I just tried sending something >> from my email client using SpamCop's SMTP and got error messages. >> >> Keep pinging JT, Wazoo. > > What are the odds? About four hours ago, sat on hold for over 45 minutes, > finally connected to the latest 'service office for my ISP .. way the hell > over in the Philippines ... was told that the reason I had no Internet was > due to a cable problem that took out at least three cities .. per her > note. Yeah, imagine my surprise at finding the Forum server still > unreachable .. then see the posts in .mail and here .... unreal ... > From newspost at deletethispart.hypercreations.com Sun Feb 15 09:21:08 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:50 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: SpamCop Admin wrote in news:8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com: > smtp.cesmail.net is working again as of this post. It just worked for me, using port 587. DT From nobody at 127.0.0.1 Sun Feb 15 09:50:37 2009 From: nobody at 127.0.0.1 (Peter Hancock) Date: Sun Feb 15 15:30:51 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up In-Reply-To: References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: David Topping wrote: > SpamCop Admin wrote in > news:8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com: > >> smtp.cesmail.net is working again as of this post. > > It just worked for me, using port 587. It worked once for me, and failed several times on port 143. I'll try 587. I can see masses (eg 85%) of packet loss on the way to the smtp server, using mtr from two different uk ISP's (demon/virgin). I suspect that the problems *may* not be at spamcop, but somewhere in edeltacom or cogentco. (I'm no expert in interpreting mtr's output.) Hank From nobody at devnull.spamcop.net Sun Feb 15 10:32:50 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sun Feb 15 15:30:51 2009 Subject: [Scspamcop] Re: smtp.cesmail.net now also dead [back up] In-Reply-To: References: Message-ID: Forums still down and there needs to be an explanatiry message on the sign-in page at SC Mail. Regards Peter Toronto, Canada. See the now rather lengthy thread in "spamcop" Spamcop Died? "SpamCop Admin" wrote in message news:a70gp45do3k263bnqak06sopta6uiv17hd@4ax.com... > Dave Lerner wrote: >>-The SMTP is still not working for me. > > It's not working for me, either. > > I'll try to catch Jeff on IM. Maybe he will have time to let me know > what's happening. > > - Don - From news0807REMOVECAPS at orrery.e4ward.com Sun Feb 15 11:05:53 2009 From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith) Date: Sun Feb 15 15:30:52 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up In-Reply-To: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: SpamCop Admin wrote: > smtp.cesmail.net is working again as of this post. > Does this mean that those of us with spamcop.net email accounts can send out via smtp, rather than use our own ISP? regards, Ian From newspost at deletethispart.hypercreations.com Sun Feb 15 11:11:17 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:52 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: Ian Smith wrote in news:gn9eh3$184$1 @news.spamcop.net: > SpamCop Admin wrote: >> smtp.cesmail.net is working again as of this post. >> > > Does this mean that those of us with spamcop.net email accounts can > send out via smtp, rather than use our own ISP? Yes. There's information about it at the forums....but they're still down, with no "JT sightings" yet reported. DT From skiwi at spamcop.net Sun Feb 15 13:13:38 2009 From: skiwi at spamcop.net (Skiwi) Date: Sun Feb 15 15:30:52 2009 Subject: [Scspamcop] Re: smtp.cesmail.net now also dead [back up] In-Reply-To: References: Message-ID: Dave Lerner wrote: > Skiwi wrote on 02/15/2009 02:23 AM: >> Skiwi wrote: >> >> >> >>> I guess all 'we' just to need wait... >> >> Back up - cheers! > > The SMTP is still not working for me. I must have caught a window, back down again for me at this time... From nobody at devnull.spamcop.net Sun Feb 15 13:06:22 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Feb 15 15:30:53 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: "David Topping" wrote in message news:Xns9BB35D728C731newsaddresshypercrea@216.154.195.61... > Ian Smith wrote in > news:gn9eh3$184$1 > @news.spamcop.net: > >> SpamCop Admin wrote: >>> smtp.cesmail.net is working again as of this post. >> >> Does this mean that those of us with spamcop.net email accounts >> can >> send out via smtp, rather than use our own ISP? > > Yes. There's information about it at the forums....but they're > still down, > with no "JT sightings" yet reported. No idea what to offer .... as far as IM goes, not logged in on one account, coming up on 24 hours 'idle' on another account ... no idea what's up. Not sure why the situation hasn't yet garnered an entry on the www.spamcop.net web-page, but perhaps there's that 'legal' thing involved again???? From Ag2000CO at Starband.net Sun Feb 15 13:30:38 2009 From: Ag2000CO at Starband.net (LKing) Date: Sun Feb 15 15:30:53 2009 Subject: [Scspamcop] Re: Spamcop Died? In-Reply-To: References: Message-ID: Wazoo wrote, On 2/14/2009 8:58 PM: > "David Topping" wrote > in message > news:Xns9BB2846BE5EF3newsaddresshypercrea@216.154.195.61... >> "Peter" wrote in >> news:gn70p2$kfn$1@news.spamcop.net: >> >>> Just tried the forums and that failed. >> Two hours later and the forum server is still down, but everything >> else is back up. No new "news" however. > > Yeah, it still looks like that server needs to be physically powered > up. > > Just noticed that the server that host the Total spam reported graphs has not come back on. From MikeE at ster.invalid Sun Feb 15 14:12:18 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 15 15:30:54 2009 Subject: [Scspamcop] Quick reporting functional Message-ID: This morning at 8:13 am PST (-0800) I submitted spams to QR at spam.spamcop.net and got back my QR data from sc-app7.spamcop.net at 8:14. -- Mike Easter kibitzer, not SC admin From newspost at deletethispart.hypercreations.com Sun Feb 15 14:25:57 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:54 2009 Subject: [Scspamcop] Re: Quick reporting functional References: Message-ID: "Mike Easter" wrote in news:gn9ped$a2t$1@news.spamcop.net: > This morning at 8:13 am PST (-0800) I submitted spams to QR at > spam.spamcop.net and got back my QR data from sc-app7.spamcop.net at > 8:14. OK, but that action doesn't depend upon the servers in Georgia, does it? The reporting-side servers are not in the same place as the forum or email servers. DT From newspost at deletethispart.hypercreations.com Sun Feb 15 14:27:04 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:55 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: "Wazoo" wrote in news:gn9lip$6qq$1 @news.spamcop.net: > No idea what to offer .... as far as IM goes, not logged in on one > account, coming up on 24 hours 'idle' on another account Maybe he's a NASCAR-type and down at the Daytona 500? DT From newspost at deletethispart.hypercreations.com Sun Feb 15 14:44:56 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 15:30:55 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: The SMTP is still working consitently for me, although it only involves a few attempts, so YMMV. I seached my inbox for messages I sent to others *and* to myself using SpamCop's SMTP and came up with these three different relay hosts: relay.cesmail.net smtprelay1.cesmail.net smtprelay2.cesmail.net The first one wasn't in a recent headers, so it appears that what was once handled by one server was subsequently divided between two. Most of mine went through "smtprelay2," but the tests I've sent today went through "smtprelay1." That may mean that "smtprelay2" is still down from yesterday's outage, and that the people who are still experiencing failures are randomly being assigned to smtprelay2 somehow....just guessing, trying to explain the reported phenomena (but Wazoo will confim that I've been pretty good at that lately). DT From Ag2000CO at Starband.net Sun Feb 15 15:03:34 2009 From: Ag2000CO at Starband.net (LKing) Date: Sun Feb 15 15:30:56 2009 Subject: [Scspamcop] Re: Quick reporting functional In-Reply-To: References: Message-ID: Mike Easter wrote, On 2/15/2009 2:12 PM: > This morning at 8:13 am PST (-0800) I submitted spams to QR at > spam.spamcop.net and got back my QR data from sc-app7.spamcop.net at 8:14. > > I haven't noticed any interruption in QR during this "event." Do notice that the server with the spam reported graphics data is down. IIUC what Wazoo reported this resource is also in a different place than the reporting system. But not functioning in any case. Lou From nobody at no.no Sun Feb 15 15:44:06 2009 From: nobody at no.no (helge) Date: Sun Feb 15 15:45:08 2009 Subject: [Scspamcop] news on the news page: Message-ID: "Feb 15, 2009 * [15:40 EST] Our data center had a major power outage on Saturday morning around 8:00 a.m. EST. We were able to resolve most issues by around 12:00 p.m. but some of our equipment was damaged in the power problems. We are working on restoring 100% service today. We will post more information on the forum and update this news with a link to that post. Thanks to Wazoo and Don for working with users and notification during this time." helge From newspost at deletethispart.hypercreations.com Sun Feb 15 17:02:42 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Sun Feb 15 17:05:09 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: helge wrote in news:gn9us5$e7b$1@news.spamcop.net: > Thanks to Wazoo and Don for working with users and > notification during this time." Whatever. It seems that Wazoo and Don's attempts at contacting JT were entirely ignored/unsuccessful for the entire duration of the forum outage...well over 30 hours. One simple update to the News page sometime after the crisis was discovered would have been most appropriate and welcome. DT From nobody at spamcop.net Sun Feb 15 18:22:51 2009 From: nobody at spamcop.net (RW) Date: Sun Feb 15 18:25:09 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up In-Reply-To: References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: Wazoo wrote: > No idea what to offer .... as far as IM goes, not logged in on one > account, coming up on 24 hours 'idle' on another account ... no idea > what's up. Not sure why the situation hasn't yet garnered an entry > on the www.spamcop.net web-page, but perhaps there's that 'legal' > thing involved again???? There's no official news to post, only speculation. If something comes across I'll post it. Richard From Klamm at x.x Sun Feb 15 20:01:49 2009 From: Klamm at x.x (Klamm) Date: Sun Feb 15 20:05:08 2009 Subject: [Scspamcop] about reporting spam Message-ID: Mails reporting spam has to be sent using the mail address I used to register at spamcop or I can usea any other ? From MikeE at ster.invalid Sun Feb 15 20:29:07 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 15 20:30:07 2009 Subject: [Scspamcop] Re: about reporting spam References: Message-ID: Klamm wrote: > Mails reporting spam has to be sent using the mail address I used to > register at spamcop or I can usea any other ? Any. The private (secret - personal) submit address you were provided corresponds to the registered email address account and the address to which the submission reply will be sent. But... if any spamcop sourced mail sent to the email address of registration bounces, then the processing stops until your registered email address 'problem' is resolved. That submit address will work no matter where the mail submission is sent from, and it will be considered to be from 'you' - your account. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Feb 15 22:14:49 2009 From: nobody at devnull.spamcop.net (Patto) Date: Sun Feb 15 22:15:07 2009 Subject: [Scspamcop] Re: Dash it! In-Reply-To: References: Message-ID: Blue Rock wrote: >>>> "Patto" wrote in message >>>> news:gmat0s$9md$1@news.spamcop.net... >>>>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>>>> (and hundreds of others) >>>>> > [SNIP] >>>>> The company has published an official abuse address: >>>>> >>>>> abuse@dankon-ltd.com >>>>> > > On a related note, if you still have doubts about the hat-color of > dankon-ltd, please look at this Spamhaus listing: > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL70826 > > Based on this info, I think it highly unlikely that reporting spam to them > caused the site to move. > > On another related note it looks like your illegal DVD site is, for now at > least, off the air. The site has been shut off, at the registrar. As to > whether the registrar did it, or the spammer did it himself, I don't know: > > % By submitting a query to RIPN's Whois Service > % you agree to abide by the following terms of use: > % http://www.ripn.net/about/servpol.html#3.2 (in Russian) > % http://www.ripn.net/about/en/servpol.html#3.2 (in English). > > domain: FRESH-SERIAL.RU > type: CORPORATE > state: REGISTERED, NOT DELEGATED > person: Private Person > phone: +7 495 8872737 > e-mail: spamkings@mail.ru > registrar: NAUNET-REG-RIPN > created: 2008.12.24 > paid-till: 2009.12.24 > source: TC-RIPN > > > Last updated on 2009.02.14 01:21:17 MSK/MSD I've noticed that the spam site was gone today; somebody somewhere must have gotten pissed off by their most relentless spamming I have ever seen! Now the site has gone, the hundreds of googlepages redirects have been taken down (that was also a long and difficult effort), but ... that hasn't stopped them from still spamming the site #$%& ! From g.hyde at bigNOSPAMpond.net.au Sun Feb 15 22:18:31 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Sun Feb 15 22:20:08 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: "David Topping" wrote in message news:Xns9BB39906FEFEBnewsaddresshypercrea@216.154.195.61... > helge wrote in news:gn9us5$e7b$1@news.spamcop.net: > >> Thanks to Wazoo and Don for working with users and >> notification during this time." > > Whatever. It seems that Wazoo and Don's attempts at contacting JT were > entirely ignored/unsuccessful for the entire duration of the forum > outage...well over 30 hours. One simple update to the News page sometime > after the crisis was discovered would have been most appropriate and > welcome. What is most appropriate and welcome is all too often not possible due to circumstances you are not aware of. I'm only a free SpamCop reporter and I'm not an adminstrator, but when the admins are available to fix SpamCop's services, they will be doing it as fast as is humanly possible. Give them time to fix it, and it will in due course be fixed. Administrators are not able to be there 24/7 - if they were we'd have an entire psychiatric unit in hospitals devoted to soothing the frayed nerves of stressed-out server administrators. Cheers ... Geoffrey Hyde NOT a SpamCop admin, just a reporter. From newspost at deletethispart.hypercreations.com Mon Feb 16 00:32:26 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Mon Feb 16 00:35:09 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: "Geoffrey Hyde" wrote in news:gnalui$1gt$1@news.spamcop.net: > What is most appropriate and welcome is all too often not possible due > to circumstances you are not aware of. That's certainly possible, but no such excuses have been put forward yet. I too am a server admin--only six servers, but if I'm aware of problems that will affect my users, I make every effort to notify them. Another admin from your own country seems to agree with me, Geoffrey: http://forum.spamcop.net/forums/index.php?showtopic=10104 (see the response from "mrmaxx") DT From nobody at devnull.spamcop.net Mon Feb 16 02:14:52 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Mon Feb 16 02:15:08 2009 Subject: [Scspamcop] Re: Spamcop Died? References: Message-ID: "Wazoo" wrote in message news:gn6qa7$dpi$1@news.spamcop.net... >> "Peter" wrote in message >> news:gn6hd5$5pn$1@news.spamcop.net... >>> As of this moment SC seems to be totally dead, webmail, spam >>> reporting, forums...you name it. >>> This is a little more than a mere server outage, has to be! >> >> Left a message on JT's voice-mail thing. >> Am currently waiting to talk to someone at Quality Tech, but it >> does appear that there is/was am issue at the data center. At >> this point (again not having talked to anyone directly) I'm >> having to guess at something along the lines of power ... some of >> the e-mail servers seem to be alive and reachable, but I can't >> get anywhere near the Forum server at present. ... sent this >> while still on hold ... > > OK, I'm not on the "access list": .. so had to resort to a bit of > social engineering. The girl I talked to stated that she would > confirm that my guess about a probable power issue did in fact > have much merit, something around 0800 their time. > > End result, either JT (or possibly Trevor?) has to physically get > on-site to get some things powered back up, other things actually > talking once again. Left another voice-mail message for Jeff. E-mail from JT describes the problem as worse than just a power-outage. The back-up system came up in such a way that equipment got fried. An updated post wit some more detail offered at http://forum.spamcop.net/forums/index.php?showtopic=10104 From newspost at deletethispart.hypercreations.com Mon Feb 16 02:20:48 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Mon Feb 16 02:25:08 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: RW wrote in news:gna848$k5n$1@news.spamcop.net: > There's no official news to post, only speculation. If something comes > across I'll post it. IIRC, Richard can edit pages at "spamcop.net," yes? If so, then I think the four pages linked under "Total spam report volume" found here: http://www.spamcop.net/spamstats.shtml all need editing, in that they're trying to pull graphics from "alpha.cesmail.net" but I thinks those were recently moved to "delta2.cesmail.net." That situation happened during the last month, and it was discussed here: http://forum.spamcop.net/forums/index.php?showtopic=10057 and here: http://forum.spamcop.net/forums/index.php?showtopic=10074 Not sure if the move is permanent or not, but the graphic links on all of these pages should be updated, at least for now: http://www.spamcop.net/spamgraph.shtml?spamstats http://www.spamcop.net/spamgraph.shtml?spamweek http://www.spamcop.net/spamgraph.shtml?spammonth http://www.spamcop.net/spamgraph.shtml?spamyear DT From nobody at spamcop.net Mon Feb 16 06:35:03 2009 From: nobody at spamcop.net (Steven Underwood) Date: Mon Feb 16 06:35:08 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: "David Topping" wrote in message news:Xns9BB3E54649E24newsaddresshypercrea@216.154.195.61... > "Geoffrey Hyde" wrote in > news:gnalui$1gt$1@news.spamcop.net: > >> What is most appropriate and welcome is all too often not possible due >> to circumstances you are not aware of. > > That's certainly possible, but no such excuses have been put forward yet. > I > too am a server admin--only six servers, but if I'm aware of problems that > will affect my users, I make every effort to notify them. Another admin > from your own country seems to agree with me, Geoffrey: > > http://forum.spamcop.net/forums/index.php?showtopic=10104 > (see the response from "mrmaxx") > > DT David: I work in an environment with ~100 servers, some with outrageous SLA's, and the first responder rarely, if ever, gets the time to stop finding/fixing the problems to alert the users ahead of time. That is usually left to the "extra bodies" that show up, or more probably a manager who is worried about how it looks to the user community. The administrators are usually way too busy for that "fluff". Getting the servers up and running is job one when you know of a problem. On a weekend outage, it is likely an outage report goes out only after the problem has been fixed. It is never "excuses" and I would not expect any here, either. Steve From newspost at deletethispart.hypercreations.com Mon Feb 16 09:34:01 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Mon Feb 16 09:35:09 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: "Steven Underwood" wrote in news:gnbj19$qac$1@news.spamcop.net: > I work in an environment with ~100 servers, some with outrageous > SLA's, and the first responder rarely, if ever, gets the time to stop > finding/fixing the problems to alert the users ahead of time. All fairly plausible, Steve, were it not for a contrary example from this team the very morning of the power outage: Feb 14, 2009 * [04:23 EST] We are aware that there is a problem POPping external servers. We are working on the problem now and expect it to be fixed within the next hour. After that, it may take a couple of hours for it to catch up POPping all of the mail waiting They apparently posted that *during* work, thus setting up an expectation that they could do so again, sometime during the follwoing outage. DT From abuse at delfi.lv Mon Feb 16 10:10:07 2009 From: abuse at delfi.lv (DELFI.lv) Date: Mon Feb 16 10:15:08 2009 Subject: [Scspamcop] Update your administrator contacts, please! Message-ID: Hello! Please, stop using old Whois information and sending large quantities of SPAP reports to our abuse mailbox regarding IP addresses our company does not have anything to do with anymore (for quite some time already)! -- DELFI From newspost at deletethispart.hypercreations.com Mon Feb 16 10:19:18 2009 From: newspost at deletethispart.hypercreations.com (David Topping) Date: Mon Feb 16 10:20:08 2009 Subject: [Scspamcop] Re: Update your administrator contacts, please! References: Message-ID: "DELFI.lv" wrote in news:gnbvkg$51i$1@news.spamcop.net: > Please, stop using old Whois information and sending large quantities > of SPAP reports to our abuse mailbox regarding IP addresses our > company does not have anything to do with anymore (for quite some time > already)! IIUC, this newsgroup isn't the place to make that request. You should use the contact information on www.spamcop.net (but better still, take a close look at the links in the abuse reports). Although some official SpamCop representatives participate in these newsgroups, I'm sure they'll want for you to get in touch with them directly, or to at least supply more details about the IP address range in question. BTW, what's a "SPAP report"? Perhaps you meant "spam reports"? (and you then shouldn't use UPPERCASE letters...that's a trademark for a food product). DT From nobody at devnull.spamcop.net Mon Feb 16 11:36:48 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Mon Feb 16 11:40:08 2009 Subject: [Scspamcop] Re: Update your administrator contacts, please! References: Message-ID: "DELFI.lv" wrote in message news:gnbvkg$51i$1@news.spamcop.net... > > Please, stop using old Whois information and sending large > quantities of SPAP reports to our abuse mailbox regarding IP > addresses our company does not have anything to do with anymore > (for quite some time already)! And the magic missing data is where exactly? As seen in the data posted to the ISP Abuse Report Center page over in the Wiki, one of the options is in fact "I am not the person to contact about this" ... http://forum.spamcop.net/scwik/ISPAbuseReportCenter If that isn't direct enough for you, then please try; http://forum.spamcop.net/scwik/SpamCopWhereToGetHelp However, in any actual follow-up, you do need to provide some actual data to work with. Replying via the Report links would do this right off the bat. From nobody at devnull.spamcop.net Mon Feb 16 13:36:32 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Mon Feb 16 13:35:08 2009 Subject: [Scspamcop] Re: Dash it! (They're baaack!) References: Message-ID: "Patto" wrote in message news:gnaln9$np$1@news.spamcop.net... > Blue Rock wrote: >>>>> "Patto" wrote in message >>>>> news:gmat0s$9md$1@news.spamcop.net... >>>>>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>>>>> (and hundreds of others) >>>>>> >> [SNIP] >>>>>> The company has published an official abuse address: >>>>>> >>>>>> abuse@dankon-ltd.com >>>>>> >> >> On a related note, if you still have doubts about the hat-color of >> dankon-ltd, please look at this Spamhaus listing: >> >> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL70826 >> >> Based on this info, I think it highly unlikely that reporting spam to >> them caused the site to move. >> >> On another related note it looks like your illegal DVD site is, for now >> at least, off the air. The site has been shut off, at the registrar. As >> to whether the registrar did it, or the spammer did it himself, I don't >> know: >> >> % By submitting a query to RIPN's Whois Service >> % you agree to abide by the following terms of use: >> % http://www.ripn.net/about/servpol.html#3.2 (in Russian) >> % http://www.ripn.net/about/en/servpol.html#3.2 (in English). >> >> domain: FRESH-SERIAL.RU >> type: CORPORATE >> state: REGISTERED, NOT DELEGATED >> person: Private Person >> phone: +7 495 8872737 >> e-mail: spamkings@mail.ru >> registrar: NAUNET-REG-RIPN >> created: 2008.12.24 >> paid-till: 2009.12.24 >> source: TC-RIPN >> >> >> Last updated on 2009.02.14 01:21:17 MSK/MSD > > I've noticed that the spam site was gone today; somebody somewhere must > have gotten pissed off by their most relentless spamming I have ever seen! > > Now the site has gone, the hundreds of googlepages redirects have been > taken down (that was also a long and difficult effort), but ... that > hasn't stopped them from still spamming the site #$%& ! Your illegal DVD site looks like it is coming back. It looks as though the site is now hosted on several compromised computers, all over the world, and has DNS entries that match the "fast-flux" pattern described in the Wikipedia article I mentioned earlier. The DNS changes were just made this morning, and may not have propagated yet. >From whois: domain: FRESH-SERIAL.RU type: CORPORATE nserver: ns2.besttopnews.net. nserver: ns3.besttopnews.net. nserver: ns5.besttopnews.net. nserver: ns6.besttopnews.net. state: REGISTERED, DELEGATED person: Private Person phone: +7 495 8872737 e-mail: spamkings@mail.ru registrar: NAUNET-REG-RIPN created: 2008.12.24 paid-till: 2009.12.24 source: TC-RIPN DNS Lookup: ; <<>> DiG 9.3.4-P1 <<>> @ns2.besttopnews.net fresh-serial.ru a ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35364 ;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;fresh-serial.ru. IN A ;; ANSWER SECTION: fresh-serial.ru. 180 IN A 88.174.162.130 fresh-serial.ru. 180 IN A 85.204.83.216 fresh-serial.ru. 180 IN A 89.175.190.174 fresh-serial.ru. 180 IN A 76.124.175.233 fresh-serial.ru. 180 IN A 78.227.106.8 fresh-serial.ru. 180 IN A 89.234.69.167 fresh-serial.ru. 180 IN A 92.245.77.29 fresh-serial.ru. 180 IN A 82.66.90.213 fresh-serial.ru. 180 IN A 76.22.152.114 fresh-serial.ru. 180 IN A 24.65.117.239 ;; Query time: 143 msec ;; SERVER: 76.112.160.35#53(76.112.160.35) ;; WHEN: Mon Feb 16 12:37:31 2009 ;; MSG SIZE rcvd: 193 It occurs to me that if you want to pre-emptively cause the spammer some grief, you could starting sending notifies to the owners of all of these IP addresses. Some of them are on US ISP's like Comcast, or Canadian ones, like Shaw Cable. I think these are all dynamic IP ranges (at least all of those I checked are), which probably means they are on compromised computers. If those ISP's act quickly enough, you may get some of these sites taken down before the DNS information propagates. Note that I only checked one of the site's DNS servers. The other 3 may all have more IP addresses! BTW, I also downloaded the site from one of these IP addresses, using WGET, and viewed it (safely) in a text editor. It currently contains Russian text, which translates (on Babelfish) to: "You will excuse, store is located on the maintenance. Orders can be left on the telephone", and gives a phone number. From 867-5309 at domain.invalid Mon Feb 16 14:02:00 2009 From: 867-5309 at domain.invalid (Sue Morton) Date: Mon Feb 16 14:05:07 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: I'm for some kind of communication that someone is aware of the problem and has responded. I also agree that no one wants to take the focus from the person who needs to work on the problem. Rather than not communicate, there are other options, such as (and not limited to): 1. A person not heavily involved in the diagnosis and/or fixing of the problem, makes the communication update to the news page. It may be as simple as, "We are aware there is an outage and are working on it. We do not have details or estimates but will post as soon as we do. We will post another update within four hours." Note that this person is aware of this responsibility well in advance, and has the necessary security to edit and publish the news webpage, etc. That person can be simply and quickly contacted to "go do the job". If details are known they can be provided. This person will update the communication every four hours (or as agreed), even if only to state 'still working on it, still no details', an assurance to customers no one thinks the problem has been resolved yet. 2. An automated script to replace the news webpage with a generic communication such as the above, which can be triggered from a cell phone or an email. This has the obvious disadvantage of not knowing if it worked, if the news page is functioning, or even if it is accessible. But if there is no one who can serve as Communications Officer this has at least a snowball's chance without taking valuable time away from the person focused on addressing the issues. I have requested in the past that the News pages be hosted, or at least mirrored, independent of the email and reporting systems as much as is feasible. My own company uses a free page on Tripod as a simple news mirror. The Tripod page link is on the company's News page and is offered as an alternate link everywhere the News page link appears in our site (just a few places). The News page has instructions and encouragement to bookmark both links for future direct reference. In time of crisis, every effort is made to update both pages, or at least whichever link is functioning and accessible. Again this can be by automation or by proxy, as previously arranged and tested. I'm sure there are many more ways a communiation could be handled, without taking focus from the critical tasks at hand. Me, I'm just not crazy about the 'no news is good news' method of "communication" :-) -- Sue Morton David Topping wrote: > "Steven Underwood" wrote in > news:gnbj19$qac$1@news.spamcop.net: > >> I work in an environment with ~100 servers, some with outrageous >> SLA's, and the first responder rarely, if ever, gets the time to stop >> finding/fixing the problems to alert the users ahead of time. > > All fairly plausible, Steve, were it not for a contrary example from > this team the very morning of the power outage: > > Feb 14, 2009 > > * [04:23 EST] We are aware that there is a problem POPping external > servers. We are working on the problem now and expect it to be fixed > within the next hour. After that, it may take a couple of hours for > it to catch up POPping all of the mail waiting > > They apparently posted that *during* work, thus setting up an > expectation that they could do so again, sometime during the > follwoing outage. > > DT From MikeE at ster.invalid Mon Feb 16 15:01:36 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 16 15:05:08 2009 Subject: [Scspamcop] Re: confused... References: Message-ID: Bill wrote earlier: > maybe the right place, maybe not, if not, then i apologize.. Long version: once upon a time spamcop.spam was intended for the posting of spam examples which are not allowed in the discussion groups such as spamcop (or even spamcop.help). That resulted in spamcop.spam (hereafter .spam) not being a 'normal' discussion group -- so many people don't read this group; and personally I often make an effort to move a discussion taking place here into a 'real' discussion group such as spamcop by posting here and spamcop and making followups f/ups to spamcop. And also... subsequently - as an improvement over posting spam examples into .spam, the best way to illustrate a spam example is to use a tracker - which *can* be posted into a regular discussion group. That is, nothing is posted into .spam and no spam is posted into spamcop -- but a better way to illustrate your example is - the tracker. Tracker posting described below. Bill wrote: > well i'm seeing this more and more, so hopefully the issue's taken care > of even though the spammers are seemingly trying to make it look legit: > > > Received: from bcs-bcs.com [69.147.228.100] by fetchmail.cesmail.net > with POP3 (fetchmail-6.2.1) for x (single-drop); Sun, 15 Feb 2009 > 16:01:03 -0500 (EST) One of the problems with posting something into a newsgroup is how the normal header formatting gets mangled by the newsreader/newsserver process. What I was looking at looked like a Received: traceline had become smushed into some other headerlines. > Host nebula.bcs-bcs.com (checking ip) = 69.147.228.100 > 69.147.228.100 not listed in dnsbl.njabl.org > 69.147.228.100 not listed in cbl.abuseat.org > 69.147.228.100 not listed in dnsbl.sorbs.net > Chain test:nebula.bcs-bcs.com =? nebula.bcs-bcs.com > nebula.bcs-bcs.com and nebula.bcs-bcs.com have same hostname - chain > verified > Possible relay: 69.147.228.100 > 69.147.228.100 has already been sent to relay testers > Received line accepted That testing/evalution process described in the SC verbose above is normal. > and my system doesn't relay I understand. You mean your system doesn't relay promiscuously. The process is that SC doesn't list 'trusted' relays -- where trusted means that SC has processed the IP in the past and found it to be a part of a chain of IPs; as your 69.147.228.100 rDNS nebula.bcs-bcs.com DNS 69.147.228.100 (passes paranoid DNS) is considered to be a 'trusted' (ie known) relay (SC: has already been sent to relay testers) Now I'm going to put my tracker tutorial in and then xpost this to spamcop w/ fups to there. How to make a tracker: 1 select and obtain the complete spam 2 privatize the header&body content 3 webparse it & copy the tracking URL 4 cancel the report & paste the tracker in here 1 ... in the manner described by the SC faq http://www.spamcop.net/fom-serve/cache/19.html How do I get my email program to reveal the full, unmodified email? 2 ... by modestly and unambiguously mungeing any private information you don't want to expose, such as your name or email address which might appear anywhere in the header or body. Avoid excessive or confusing mungeing. 3 login to the SC webparser, paste in the spam, and click Process Spam button; then copy the tracking URL from the top 'Here is your TRACKING URL' of the appearance http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez 4 ... after parsing, the report is 'live' until the cancel button is used. After cancelling the tracker disappears; the munged spam report should be cancelled because it has been materially changed and because you don't want to leave a tracker live. -- Mike Easter kibitzer, not SC admin From Ag2000CO at Starband.net Mon Feb 16 15:15:33 2009 From: Ag2000CO at Starband.net (LKing) Date: Mon Feb 16 15:20:07 2009 Subject: [Scspamcop] Re: news on the news page: In-Reply-To: References: Message-ID: Sue Morton wrote, On 2/16/2009 2:02 PM: > > I also agree that no one wants to take the focus from the person who needs > to work on the problem. Rather than not communicate, there are other > options, such as (and not limited to): > Back in the dark ages that was one aspect of how I defined my Job. My job was to "keep everyone else out of the way so the troops could get the d*@# thing working." How the higher ups though I was in charge and reporting the status so they knew what was going on. But the truth was - anything to keep them out of the shop and away from the techs. The difference is the government apparently can afford to have someone stand around and provide status. That is not necessarily true in a completive environment. From MikeE at ster.invalid Mon Feb 16 16:26:08 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 16 16:30:09 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: LKing wrote: > Sue Morton wrote, >> I also agree that no one wants to take the focus from the person who >> needs to work on the problem. Rather than not communicate, there are >> other options, such as (and not limited to): >> > Back in the dark ages that was one aspect of how I defined my Job. My > job was to "keep everyone else out of the way so the troops could get > the d*@# thing working." How the higher ups though I was in charge and > reporting the status so they knew what was going on. But the truth was - > anything to keep them out of the shop and away from the techs. > > The difference is the government apparently can afford to have someone > stand around and provide status. That is not necessarily true in a > completive environment. Status-ing. I almost always completely avoid trying to communicate with my 'provider's' tech support. I put provider in quotes because in many ways EL is just a reseller of TimeWarner (for me: other providers for other people) connectivity. Most of the time that works just fine. If I have a connectivity problem, I contact a local telno TW cable tech support which is cooperative and helpful. Rarely is there some kind of EL related problem. My process is that I do all of my own troubleshooting, because EL's tech support is miserable. It is generally the lowest outsource bidder in India or the Philippines, the English language competency is weak, the tech-ness competency is incompetent, and the 'process' - tech structure created by EL or the outsource - isn't properly structured. The result of that is that the tech support has a cookbook by which they are supposed to de-construct destruct deconfigure the client's system *first*. That would be even if the issue is about something wrong on EL's end - because the tech doesn't know that. So, my process is to first go to EL's status page to see if a problem is statused. Then I do my troubleshooting to determine that indeed it is an EL problem which isn't statused. Then I 'write up' the troubleshooting determination. Then I contact the EL chat person (the one with the menu to destruct my system first). I contact chat because telephone and email tech support don't work for completely different reasons. Then I communicate 'unilaterally' with the chat person. I tell them I don't want them to troubleshoot my system. I paste in the troubleshooting report which indicates that it is an EL problem. I paste in the EL status page which says there isn't an EL problem. I tell them to tell their supervisor what I've uploaded and that it needs to be status/ed. My big gripe is about a provider not properly status-ing. Users are going to be doing their own troubleshooting. If the provider - or spamcop - doesn't status a problem properly in some way, then the customer/client is going to be doing unnecessary troubleshooting. So, from an admin perspective, I think the first thing the admin should do is a quick overview of what is wrong/missing and status that information as best he can. Too many admins at EL think that such a status 'admission' of malfunction is some kind of a reflection on their poor administration -- so they hope that they can fix it before anyone notices. The result is that things get to be wrong which aren't statused. -- Mike Easter kibitzer, not SC admin From 867-5309 at domain.invalid Mon Feb 16 17:50:25 2009 From: 867-5309 at domain.invalid (Sue Morton) Date: Mon Feb 16 17:55:08 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: I work for a private, family owned and operated company that employs approximately 15,000. My data center employs about 60. If we can do it...? You'd think JT's kid or wife or somebody has access to a tripod page while he's off working on the problem -- Sue Morton LKing wrote: > The difference is the government apparently can afford to have someone > stand around and provide status. That is not necessarily true in a > completive environment. From 867-5309 at domain.invalid Mon Feb 16 17:54:11 2009 From: 867-5309 at domain.invalid (Sue Morton) Date: Mon Feb 16 17:55:09 2009 Subject: [Scspamcop] Re: news on the news page: References: Message-ID: I think there are lots of ways to let people know the problem has been noticed and is being worked on, even if there is no more information available than that... and that should be updated by a human every xx hours, so people don't feel like the robot posted a "don't worry everything will be fine" message. We customers may not be happy with lack of estimate or lack of details, but at least we would know someone is not only aware but working on it. Personally I don't get a warm and fuzzy from someone just being aware of the problem, especially if they're on vacation in the bahamas at the moment. :-) I'd like to know someone has been dispatched to deal with it, too. -- Sue Morton Mike Easter wrote: > So, from an admin perspective, I think the first thing the admin > should do is a quick overview of what is wrong/missing and status > that information as best he can. Too many admins at EL think that > such a status 'admission' of malfunction is some kind of a reflection > on their poor administration -- so they hope that they can fix it > before anyone notices. The result is that things get to be wrong > which aren't statused. From bcs1 at spamcop.net Mon Feb 16 18:11:27 2009 From: bcs1 at spamcop.net (Bill) Date: Mon Feb 16 18:15:09 2009 Subject: [Scspamcop] Re: confused... References: Message-ID: "Mike Easter" wrote in message news:gncgmr$ci2$1@news.spamcop.net... > How to make a tracker: > > 1 select and obtain the complete spam > 2 privatize the header&body content > 3 webparse it & copy the tracking URL > 4 cancel the report & paste the tracker in here > > > 1 ... in the manner described by the SC faq > http://www.spamcop.net/fom-serve/cache/19.html How do I get my email > program to reveal the full, unmodified email? > > 2 ... by modestly and unambiguously mungeing any private information you > don't want to expose, such as your name or email address which might > appear anywhere in the header or body. Avoid excessive or confusing > mungeing. > > 3 login to the SC webparser, paste in the spam, and click Process Spam > button; then copy the tracking URL from the top 'Here is your TRACKING > URL' of the appearance > http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez > > 4 ... after parsing, the report is 'live' until the cancel button is > used. After cancelling the tracker disappears; the munged spam report > should be cancelled because it has been materially changed and because > you don't want to leave a tracker live. > > > > -- > Mike Easter > kibitzer, not SC admin > Hi Mike, i didn't report this one, just ran it through the parser, didn't know I could get the tracking url if i didn't submit the report. (my bad) i had a few reports to my host (the company i work for who hosts my box in a colo) so i didn't want to add to the reports, but i was curious as to why my system was getting tagged at thew time as the source of spam. From MikeE at ster.invalid Mon Feb 16 19:06:27 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 16 19:10:07 2009 Subject: [Scspamcop] Re: confused... References: Message-ID: Bill wrote: > "Mike Easter" >> How to make a tracker: > Hi Mike, i didn't report this one, just ran it through the parser, > didn't know I could get the tracking url if i didn't submit the report. > (my bad) i had a few reports to my host (the company i work for who > hosts my box in a colo) so i didn't want to add to the reports, but i > was curious as to why my system was getting tagged at thew time as the > source of spam. - if the parser names your provider/IP as the source, you shouldn't make that report. That's one of the reasons for a reporter to oversee the parses - the parser can 'temporarily' name your provider/IP as the source because of breaking the chain on an unfamiliar IP. After familiarity develops, a parse of the same spam can chain thru'/past the/your IP/provider to get to the real source further down - one solution to the problem of the parser naming your IP/provider as the source is to configure for mailhosting -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Feb 16 21:01:00 2009 From: nobody at devnull.spamcop.net (Patto) Date: Mon Feb 16 21:05:07 2009 Subject: [Scspamcop] Re: Dash it! (They're baaack!) In-Reply-To: References: Message-ID: Blue Rock wrote: > "Patto" wrote in message > news:gnaln9$np$1@news.spamcop.net... >> Blue Rock wrote: >>>>>> "Patto" wrote in message >>>>>> news:gmat0s$9md$1@news.spamcop.net... >>>>>>> http://www.spamcop.net/sc?id=z2583951063zd733f6f883cdac93afe7a269e7e7d9d7z >>>>>>> (and hundreds of others) >>>>>>> >>> [SNIP] >>>>>>> The company has published an official abuse address: >>>>>>> >>>>>>> abuse@dankon-ltd.com >>>>>>> >>> On a related note, if you still have doubts about the hat-color of >>> dankon-ltd, please look at this Spamhaus listing: >>> >>> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL70826 >>> >>> Based on this info, I think it highly unlikely that reporting spam to >>> them caused the site to move. >>> >>> On another related note it looks like your illegal DVD site is, for now >>> at least, off the air. The site has been shut off, at the registrar. As >>> to whether the registrar did it, or the spammer did it himself, I don't >>> know: >>> >>> % By submitting a query to RIPN's Whois Service >>> % you agree to abide by the following terms of use: >>> % http://www.ripn.net/about/servpol.html#3.2 (in Russian) >>> % http://www.ripn.net/about/en/servpol.html#3.2 (in English). >>> >>> domain: FRESH-SERIAL.RU >>> type: CORPORATE >>> state: REGISTERED, NOT DELEGATED >>> person: Private Person >>> phone: +7 495 8872737 >>> e-mail: spamkings@mail.ru >>> registrar: NAUNET-REG-RIPN >>> created: 2008.12.24 >>> paid-till: 2009.12.24 >>> source: TC-RIPN >>> >>> >>> Last updated on 2009.02.14 01:21:17 MSK/MSD >> I've noticed that the spam site was gone today; somebody somewhere must >> have gotten pissed off by their most relentless spamming I have ever seen! >> >> Now the site has gone, the hundreds of googlepages redirects have been >> taken down (that was also a long and difficult effort), but ... that >> hasn't stopped them from still spamming the site #$%& ! > > > Your illegal DVD site looks like it is coming back. It looks as though the > site is now hosted on several compromised computers, all over the world, and > has DNS entries that match the "fast-flux" pattern described in the > Wikipedia article I mentioned earlier. > > The DNS changes were just made this morning, and may not have propagated > yet. > > > From whois: > > domain: FRESH-SERIAL.RU > type: CORPORATE > nserver: ns2.besttopnews.net. > nserver: ns3.besttopnews.net. > nserver: ns5.besttopnews.net. > nserver: ns6.besttopnews.net. > state: REGISTERED, DELEGATED > person: Private Person > phone: +7 495 8872737 > e-mail: spamkings@mail.ru > registrar: NAUNET-REG-RIPN > created: 2008.12.24 > paid-till: 2009.12.24 > source: TC-RIPN > > > > DNS Lookup: > > ; <<>> DiG 9.3.4-P1 <<>> @ns2.besttopnews.net fresh-serial.ru a > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35364 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;fresh-serial.ru. IN A > > ;; ANSWER SECTION: > fresh-serial.ru. 180 IN A 88.174.162.130 > fresh-serial.ru. 180 IN A 85.204.83.216 > fresh-serial.ru. 180 IN A 89.175.190.174 > fresh-serial.ru. 180 IN A 76.124.175.233 > fresh-serial.ru. 180 IN A 78.227.106.8 > fresh-serial.ru. 180 IN A 89.234.69.167 > fresh-serial.ru. 180 IN A 92.245.77.29 > fresh-serial.ru. 180 IN A 82.66.90.213 > fresh-serial.ru. 180 IN A 76.22.152.114 > fresh-serial.ru. 180 IN A 24.65.117.239 > > ;; Query time: 143 msec > ;; SERVER: 76.112.160.35#53(76.112.160.35) > ;; WHEN: Mon Feb 16 12:37:31 2009 > ;; MSG SIZE rcvd: 193 > > > It occurs to me that if you want to pre-emptively cause the spammer some > grief, you could starting sending notifies to the owners of all of these IP > addresses. Some of them are on US ISP's like Comcast, or Canadian ones, > like Shaw Cable. I think these are all dynamic IP ranges (at least all of > those I checked are), which probably means they are on compromised > computers. > > If those ISP's act quickly enough, you may get some of these sites taken > down before the DNS information propagates. > > Note that I only checked one of the site's DNS servers. The other 3 may all > have more IP addresses! > > BTW, I also downloaded the site from one of these IP addresses, using WGET, > and viewed it (safely) in a text editor. It currently contains Russian > text, which translates (on Babelfish) to: > > "You will excuse, store is located on the maintenance. Orders can be left > on the telephone", and gives a phone number. The spamming for fresh-serial.ru has stopped today, but continues with the same ferocity for replacement sites classdvdserial.com [222.186.13.27] and 2009kino.com [64.38.29.126] - both hosted in China this time. From nobody at spamcop.net Tue Feb 17 01:02:53 2009 From: nobody at spamcop.net (RW) Date: Tue Feb 17 01:05:08 2009 Subject: [Scspamcop] Re: smtp.cesmail.net Back Up In-Reply-To: References: <8h0gp4t8q0no8lgo0evvmcrr8l8qr2q451@4ax.com> Message-ID: David Topping wrote: > RW wrote in news:gna848$k5n$1@news.spamcop.net: > >> There's no official news to post, only speculation. If something comes >> across I'll post it. > > IIRC, Richard can edit pages at "spamcop.net," yes? If so, then I think the > four pages linked under "Total spam report volume" found here: > > http://www.spamcop.net/spamstats.shtml > No, I can't edit html pages, only the faqs. We can also post 'news' on the main page via a webform we have access to. html pages need to be changed by IT engineering. We know the graphs have moved (and we know about the copyright date thing). These will be changed shortly with the upload of the next update of SpamCop (and you'll start seeing the Cisco name instead of Ironport). As it stands, SC 4.1 (current version) is in lock-down mode except for absolute emergency coding. SC 4.5 (the new version) is also in lockdown mode, ready for going live. Any changes we request right now go into the wish list for 4.6. Not sure when the upload is going to happen; we've been expecting it for weeks. Last I heard all the new hardware is finally in place, so it's just a wait and see situation. All I know is one of these days I'll log in and see we'll have some new toys (features) to play with that we've been asking for. The only hint we'll see on the surface is the change in the copyright notice :-) Richard From nobody at spamcop.net Tue Feb 17 01:04:27 2009 From: nobody at spamcop.net (RW) Date: Tue Feb 17 01:05:09 2009 Subject: [Scspamcop] Re: about reporting spam In-Reply-To: References: Message-ID: Mike Easter wrote: > Klamm wrote: >> Mails reporting spam has to be sent using the mail address I used to >> register at spamcop or I can usea any other ? > > Any. > > The private (secret - personal) submit address you were provided > corresponds to the registered email address account and the address to > which the submission reply will be sent. > > But... if any spamcop sourced mail sent to the email address of > registration bounces, then the processing stops until your registered > email address 'problem' is resolved. > > That submit address will work no matter where the mail submission is sent > from, and it will be considered to be from 'you' - your account. Although remember, if you set up mailhosts in your account (which we encourage), you have to run the tool on every account/domain that receives spam you'll be reporting. Richard From anfi at onet.eu Tue Feb 17 13:40:29 2009 From: anfi at onet.eu (Andrzej Adam Filip) Date: Tue Feb 17 13:45:08 2009 Subject: [Scspamcop] Is spam-stats page finally dead? Message-ID: Page http://www.spamcop.net/spamgraph.shtml?spamstats cointains image http://alpha.cesmail.net/graphics/spamstats.gif alpha.cesmail.net is unreachable. Traceroute/tcptraceroute ends at: gig12-1.zone1-gw1.suw1 (64.88.172.38) or gig13-1.zone1-gw1.suw1 (64.88.172.42) -- [pl>en Andrew] Andrzej Adam Filip : anfi@onet.eu : anfi@xl.wp.pl "Religion is something left over from the infancy of our intelligence, it will fade away as we adopt reason and science as our guidelines." -- Bertrand Russell From Ag2000CO at Starband.net Tue Feb 17 13:57:17 2009 From: Ag2000CO at Starband.net (LKing) Date: Tue Feb 17 14:00:08 2009 Subject: [Scspamcop] Re: Is spam-stats page finally dead? In-Reply-To: References: Message-ID: Andrzej Adam Filip wrote, On 2/17/2009 1:40 PM: If you read around here or on the forum you will see that the pages have been moved but the statistics tab links has not been updated. Until the page gets updated, the easy answer is to goto http://forum.spamcop.net/forums/ and click on the graphic in the upper right corner. works fine Lou From nobody at devnull.spamcop.net Tue Feb 17 14:55:48 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Tue Feb 17 15:05:08 2009 Subject: [Scspamcop] Re: Is spam-stats page finally dead? References: Message-ID: "Andrzej Adam Filip" wrote in message news:el25kcym78@johnie.brudna.chmurka.net... > Page http://www.spamcop.net/spamgraph.shtml?spamstats cointains > image > http://alpha.cesmail.net/graphics/spamstats.gif > > alpha.cesmail.net is unreachable. > Traceroute/tcptraceroute ends at: > gig12-1.zone1-gw1.suw1 (64.88.172.38) > or > gig13-1.zone1-gw1.suw1 (64.88.172.42) Traffic exists within this newsgroup about it, the latest )as you didn't see it 'here' can also be found in the Archives at [Scspamcop] Re: smtp.cesmail.net Back Up RW http://zeta.cesmail.net/pipermail/scspamcop/2009-February/008161.html Forum traffic can be seen at [Resolved] The SpamCop Statistics Page - Total spam report volume Is it ever going to work again? http://forum.spamcop.net/forums/index.php?showtopic=10057 Current and corrected links are available via the Forum (and CESmail) servers ... look/click-on-the-link at the top of the page ... From anfi at onet.eu Tue Feb 17 17:52:56 2009 From: anfi at onet.eu (Andrzej Adam Filip) Date: Tue Feb 17 17:55:08 2009 Subject: [Scspamcop] Re: Is spam-stats page finally dead? References: Message-ID: "Wazoo" wrote: > "Andrzej Adam Filip" wrote in message > news:el25kcym78@johnie.brudna.chmurka.net... >> Page http://www.spamcop.net/spamgraph.shtml?spamstats cointains >> image >> http://alpha.cesmail.net/graphics/spamstats.gif >> >> alpha.cesmail.net is unreachable. >> Traceroute/tcptraceroute ends at: >> gig12-1.zone1-gw1.suw1 (64.88.172.38) >> or >> gig13-1.zone1-gw1.suw1 (64.88.172.42) > > Traffic exists within this newsgroup about it, the latest )as you > didn't see it 'here' can also be found in the Archives at > > [Scspamcop] Re: smtp.cesmail.net Back Up RW > http://zeta.cesmail.net/pipermail/scspamcop/2009-February/008161.html > > Forum traffic can be seen at > > [Resolved] The SpamCop Statistics Page - Total spam report volume > Is it ever going to work again? > http://forum.spamcop.net/forums/index.php?showtopic=10057 > > > Current and corrected links are available via the Forum (and > CESmail) servers ... look/click-on-the-link at the top of the page > ... Thank you for the references. -- [pl>en Andrew] Andrzej Adam Filip : anfi@onet.eu : anfi@xl.wp.pl Never let your sense of morals prevent you from doing what is right. -- Salvor Hardin, "Foundation" From blacklist-me at davjam.org Tue Feb 17 17:59:20 2009 From: blacklist-me at davjam.org (David Bolt) Date: Tue Feb 17 18:30:09 2009 Subject: [Scspamcop] Re: Update your administrator contacts, please! References: Message-ID: <7jNszLGIF0mJFwLb@dev.null.davjam.org> On Mon, 16 Feb 2009, DELFI.lv wrote:- >Hello! > >Please, stop using old Whois information and sending large quantities of >SPAP reports to our abuse mailbox regarding IP addresses our company does >not have anything to do with anymore (for quite some time already)! Your address (abuse [at] delfi.lv) is listed on abuse.net as one of the contacts for reporting abuse from microlink.lv. Removing it from their database should cut down on a lot of the (misdirected?) reports. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 From nobody at devnull.spamcop.net Tue Feb 17 20:58:41 2009 From: nobody at devnull.spamcop.net (Patto) Date: Tue Feb 17 21:00:08 2009 Subject: [Scspamcop] Re: Dash it! (They're baaack!) In-Reply-To: References: Message-ID: Patto wrote: > > The spamming for fresh-serial.ru has stopped today, but continues with > the same ferocity for replacement sites classdvdserial.com > [222.186.13.27] and 2009kino.com [64.38.29.126] - both hosted in China > this time. classdvdserial.com & 2009kino.com are gone today, but fresh-serial.ru is back online (yes, on fast-flux). From bcs1 at spamcop.net Fri Feb 20 13:48:32 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 20 13:50:07 2009 Subject: [Scspamcop] something wrong with popgate? Message-ID: I noticed that my hotmail dot com account messages weren't coming into spamcop, so i looked at the settings and it says a password error, but the pass is right, and it's the one i use in OE and the webpage to sign in. or was there just a notice somewhere about that functionality that i've missed? Thanks Bill From connyank at cox.net Fri Feb 20 16:25:23 2009 From: connyank at cox.net (jg) Date: Fri Feb 20 16:30:09 2009 Subject: [Scspamcop] reporting your own ISP Message-ID: I believe, and someone will correct me if I'm wrong, that it isn't considered good form to report your own ISP as a source. Could someone give me the rationale for that, if there is one? Thanks... From nobody at spamcop.net Fri Feb 20 18:00:45 2009 From: nobody at spamcop.net (bar0) Date: Fri Feb 20 18:05:09 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: "jg" wrote in message news:gnn743$8il$1@news.spamcop.net... >I believe, and someone will correct me if I'm wrong, that it isn't > considered good form to report your own ISP as a source. > > Could someone give me the rationale for that, if there is one? > > Thanks... Some ISP's don't like their customers reporting them, so, it's not a question of form. From nobody at devnull.spamcop.net Fri Feb 20 18:56:15 2009 From: nobody at devnull.spamcop.net (Peter) Date: Fri Feb 20 19:00:07 2009 Subject: [Scspamcop] Re: something wrong with popgate? In-Reply-To: References: Message-ID: You can also now forward MSN/Hotmail if necessary. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "David Dean" wrote in message news:siliconman-A8BE82.10540520022009@killface.local... > In article , "Bill" > wrote: > >> I noticed that my hotmail dot com account messages weren't coming into >> spamcop, so i looked at the settings and it says a password error, but >> the >> pass is right, and it's the one i use in OE and the webpage to sign in. > > You can pop directly from hotmail now. US instructions follow: > > > > -- > -David > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090220-0, 20/02/2009 > Tested on: 20/02/2009 6:55:30 PM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090220-0, 20/02/2009 Tested on: 20/02/2009 6:56:15 PM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From MikeE at ster.invalid Fri Feb 20 19:08:19 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 20 19:10:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: jg wrote: > I believe, and someone will correct me if I'm wrong, that it isn't > considered good form to report your own ISP as a source. A common situation that can arise is that during the parse, the SC parser reporter algo breaks the chain prematurely at your/ the reporter's/ own provider's server. source > MTA1 > MTA2 > mailbox ... where the parser names MTA1 or MTA2 as the source instead of the source IP. If MTA1or2 is your provider, then the parser has mistakenly named your provider as the source, which is incorrect. The reporter's responsibility is to recognize such an error and prevent it. Then, the next thing that happens is that your/ the irresponsible spamcop reporter's/ provider is notified by SC that it the reporter's provider is the source of a spam which you, your ISP's client, has received. This tells your ISP that they have a fool for a client which fool is aggravating their foolish condition by hurting the provider's server's 'condition' by causing the provider's server to be at risk of being blocklisted by SC. This does *NOT* make the provider happy. The provider would rather that the foolish client either not be a client any more, or else not be a foolish spamcop reporter any more. > Could someone give me the rationale for that, if there is one? Providers do not want clients who are bad spamcop reporters - ie making false reports against their own provider. OTOH ontheotherhand, it is possible that a spamcop reporter might report their own provider 'legitimately' as being the source of a spam which is *actually* sourced from the reporter's provider. In that case, it would not be bad form. -- Mike Easter kibitzer, not SC admin From connyank at cox.net Fri Feb 20 23:32:03 2009 From: connyank at cox.net (jg) Date: Fri Feb 20 23:35:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: On 02/20/2009 04:08 PM Mike Easter scribbled: > Then, the next thing that happens is that your/ the irresponsible spamcop > reporter's/ provider is notified by SC that it the reporter's provider is > the source of a spam which you, your ISP's client, has received. > > This tells your ISP that they have a fool for a client which fool is > aggravating their foolish condition by hurting the provider's server's > 'condition' by causing the provider's server to be at risk of being > blocklisted by SC. And I guess that would make SC fools as well since they parsed it that way, no? > > This does *NOT* make the provider happy. The provider would rather that > the foolish client either not be a client any more, or else not be a > foolish spamcop reporter any more. Point of fact, I'm not going to be their client for much longer, but that has nothing to do with SC. But SC pointed them out 3 times in the last month (out of thin air) and I saw no reason to doubt it - cox has had issues and google, fer deity's sake, has better filters > > OTOH ontheotherhand, it is possible that a spamcop reporter might report > their own provider 'legitimately' as being the source of a spam which is > *actually* sourced from the reporter's provider. In that case, it would > not be bad form. > So my answer is, yes, it depends. From tmcgraw at spamcop.net Sat Feb 21 00:12:10 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Feb 21 00:15:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: Mike Easter wrote: > jg wrote: >> I believe, and someone will correct me if I'm wrong, that it isn't >> considered good form to report your own ISP as a source. > > A common situation that can arise is that during the parse, the SC parser > reporter algo breaks the chain prematurely at your/ the reporter's/ own > provider's server. > > source > MTA1 > MTA2 > mailbox > > ... where the parser names MTA1 or MTA2 as the source instead of the > source IP. This can also happen if your ISP creates a new mailpath with a server name and/or IP#/range that sc has not yet associated with your ISP. The best antidote for this is to do some manual parses every day, even if you use VER for most of the spam you get. From nobody at nowhere.not Sat Feb 21 02:26:03 2009 From: nobody at nowhere.not (Robert Blair) Date: Sat Feb 21 02:30:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: On Fri, 20 Feb 2009 21:25:23 UTC, jg wrote: > I believe, and someone will correct me if I'm wrong, that it isn't > considered good form to report your own ISP as a source. > > Could someone give me the rationale for that, if there is one? I report my ISP regularly, they are poor at keeping their users from sending spam. Since I do not use their email service I have no chance of miss-reporting spam because of a bad SC parse. -- Robert Blair From MikeE at ster.invalid Sat Feb 21 03:30:25 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 21 03:35:07 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: jg wrote: > Mike Easter scribbled: >> This tells your ISP that they have a fool for a client > And I guess that would make SC fools as well since they parsed it that > way, no? Supposedly the reporter has read the faq^1 about this issue. Supposedly the reporter has a 'smattering' of awareness so that s/he -1- knows who hir provider is and -2- can see (and not approve^2) who spamcop is naming as source and reporting to. ^1 http://www.spamcop.net/fom-serve/cache/13.html Why does SpamCop want to send a report to my own network administrator? ^2 http://www.spamcop.net/fom-serve/cache/126.html How should I select the recipients for my spam report? [...] Source of email [...] leave this box checked unless you believe SpamCop has made an error >> OTOH ontheotherhand, it is possible that a spamcop reporter might >> report their own provider 'legitimately' as being the source of a spam >> which is *actually* sourced from the reporter's provider. In that >> case, it would not be bad form. >> > So my answer is, yes, it depends. When you are reporting and notifying your own provider as source, you should be sufficiently knowledgeable about headers so that you know whether _you_ (the ultimate party responsible for a spamcop parse report) are making a mistake or not. SC is acting as *your agent* when you call something spam and report it. You are the reporter; SC is your tool. -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Sat Feb 21 10:49:32 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 21 10:50:08 2009 Subject: [Scspamcop] Re: something wrong with popgate? References: Message-ID: "David Dean" wrote in message news:siliconman-A8BE82.10540520022009@killface.local... > In article , "Bill" > wrote: > >> I noticed that my hotmail dot com account messages weren't coming into >> spamcop, so i looked at the settings and it says a password error, but >> the >> pass is right, and it's the one i use in OE and the webpage to sign in. > > You can pop directly from hotmail now. US instructions follow: > > > > -- > -David well, i already use POP3 in my outlook express, but i mean the popgate.cesmail.net in my spamcop settings that automatically fetches the emails from there like it does my aol and other accounts. so does this mean that in my spamcop settings i should nor replace the popgate entry with the pop3.live.com one? Bill From connyank at cox.net Sat Feb 21 12:49:46 2009 From: connyank at cox.net (jg) Date: Sat Feb 21 12:50:09 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: On 02/21/2009 12:30 AM Mike Easter scribbled: >> So my answer is, yes, it depends. > > When you are reporting and notifying your own provider as source, you > should be sufficiently knowledgeable about headers so that you know > whether _you_ (the ultimate party responsible for a spamcop parse report) > are making a mistake or not. SC is acting as *your agent* when you call > something spam and report it. You are the reporter; SC is your tool. > > > So my answer is still yes, one can do so if it is in fact spam. Thanks for your time, Mike/ From bcs1 at spamcop.net Sat Feb 21 15:07:46 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 21 15:10:08 2009 Subject: [Scspamcop] Re: something wrong with popgate? References: Message-ID: "David Dean" wrote in message news:siliconman-7F7AD7.11250421022009@n003-000-000-000.static.ge.com... > In article , "Bill" > wrote: > >> so does this mean that in my spamcop settings i should nor replace the >> popgate entry with the pop3.live.com one? > > That's what I did... > > -- > -David cool, i just did too :) Thanks David... From nobody at devnull.spamcop.net Sat Feb 21 15:34:56 2009 From: nobody at devnull.spamcop.net (Peter) Date: Sat Feb 21 15:35:07 2009 Subject: [Scspamcop] Re: something wrong with popgate? In-Reply-To: References: Message-ID: As I said, in MSN/Hotmail Options you can now forward your mail to the Cesmail/Spamcop servers, just input your SC email address. That way it's immediate instead of waiting for the pop3 servers to kick in. -- Peter Toronto, Canada XP Pro SP3 x 2, Vista Ult SP1, Windows 7 Ult 7000 "Bill" wrote in message news:gnpmui$rdq$1@news.spamcop.net... > > "David Dean" wrote in message > news:siliconman-7F7AD7.11250421022009@n003-000-000-000.static.ge.com... >> In article , "Bill" >> wrote: >> >>> so does this mean that in my spamcop settings i should nor replace the >>> popgate entry with the pop3.live.com one? >> >> That's what I did... >> >> -- >> -David > > cool, i just did too :) > > Thanks David... > > > > --- > avast! Antivirus: Inbound message clean. > Virus Database (VPS): 090220-0, 20/02/2009 > Tested on: 21/02/2009 3:32:58 PM > avast! - copyright (c) 1988-2009 ALWIL Software. > http://www.avast.com > > > --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 090220-0, 20/02/2009 Tested on: 21/02/2009 3:34:57 PM avast! - copyright (c) 1988-2009 ALWIL Software. http://www.avast.com From nobody at devnull.spamcop.net Sat Feb 21 16:13:43 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Sat Feb 21 16:15:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: jg wrote: > I believe, and someone will correct me if I'm wrong, that it isn't > considered good form to report your own ISP as a source. > > Could someone give me the rationale for that, if there is one? > > Thanks... IFF I'm certain my ISP is the source, hell yes I report them! I dont' want my neighborhood filled with spammers. IMO a source is a source; ALL spammers need killing, not just the ones that aren't on my own ISP! From Ag2000CO at Starband.net Sat Feb 21 16:53:56 2009 From: Ag2000CO at Starband.net (LKing) Date: Sat Feb 21 16:55:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: Twayne wrote, On 2/21/2009 4:13 PM: > jg wrote: >> I believe, and someone will correct me if I'm wrong, that it isn't >> considered good form to report your own ISP as a source. >> >> Could someone give me the rationale for that, if there is one? >> >> Thanks... > > IFF I'm certain my ISP is the source, hell yes I report them! I dont' > want my neighborhood filled with spammers. IMO a source is a source; > ALL spammers need killing, not just the ones that aren't on my own ISP! > Not to suggest that one source of spam should be handled differently than an other, but... You do have a different relationship with your ISP than other SC reporters; you are a paying client of their's and could/should have more leverage than 'just some jerk that reported us.' What I'm suggesting is that if you take your neighborhood argument to directly to them, pointing out that the spam is clogging both their SMTP server and POP server, maybe causing your mail to be blocked, etc. you may be able to get their attention more effectively than "just a SC" report. Lou From connyank at cox.net Sat Feb 21 18:29:30 2009 From: connyank at cox.net (jg) Date: Sat Feb 21 18:30:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: On 02/21/2009 01:53 PM LKing scribbled: > Twayne wrote, On 2/21/2009 4:13 PM: >> jg wrote: >>> I believe, and someone will correct me if I'm wrong, that it isn't >>> considered good form to report your own ISP as a source. >>> >>> Could someone give me the rationale for that, if there is one? >>> >>> Thanks... >> IFF I'm certain my ISP is the source, hell yes I report them! I dont' >> want my neighborhood filled with spammers. IMO a source is a source; >> ALL spammers need killing, not just the ones that aren't on my own ISP! >> > Not to suggest that one source of spam should be handled differently > than an other, but... You do have a different relationship with your ISP > than other SC reporters; you are a paying client of their's and > could/should have more leverage than 'just some jerk that reported us.' > > What I'm suggesting is that if you take your neighborhood argument to > directly to them, pointing out that the spam is clogging both their SMTP > server and POP server, maybe causing your mail to be blocked, etc. you > may be able to get their attention more effectively than "just a SC" report. > > Lou Theres something to be said for that but my ISP is strugglng to control its spam problem and are well aware of the problems - I'd guess they have just too many owned machines. Their filters miss about 50% and those are forwarded to them in an attempt to help. Half of /them/ are rejected for delivery - cox says looks like spam. cox doesn't any spam to be forwarded to various agencies. Their server, their rules. When I do get a spam from them that is certain, I report it and send them the SC link - they won't allow me to forward it. I've tried by phone, impossible to find anyone that undestands the issue. From Ag2000CO at Starband.net Sat Feb 21 19:02:53 2009 From: Ag2000CO at Starband.net (LKing) Date: Sat Feb 21 19:05:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: jg wrote, On 2/21/2009 6:29 PM: > On 02/21/2009 01:53 PM LKing scribbled: > those are forwarded to them in an attempt to help. Half of /them/ are > rejected for delivery - cox says looks like spam. cox doesn't any spam > to be forwarded to various agencies. > Their server, their rules. > When I do get a spam from them that is certain, I report it and send > them the SC link - they won't allow me to forward it. I've tried by > phone, impossible to find anyone that undestands the issue. I see your point, cox is a know problem. I report several of their's myself. And not everyone is in a position to exercise the power of $$$ by using another provider. When not living next to the belly of the beast (Washington D.C.) I spend time in the only county in Colorado without fiber. They do have one cell tower (not digital). Lou From nobody at devnull.spamcop.net Sun Feb 22 17:53:54 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Sun Feb 22 17:55:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: LKing wrote: > Twayne wrote, On 2/21/2009 4:13 PM: >> jg wrote: >>> I believe, and someone will correct me if I'm wrong, that it isn't >>> considered good form to report your own ISP as a source. >>> >>> Could someone give me the rationale for that, if there is one? >>> >>> Thanks... >> >> IFF I'm certain my ISP is the source, hell yes I report them! I >> dont' want my neighborhood filled with spammers. IMO a source is a >> source; ALL spammers need killing, not just the ones that aren't on >> my own ISP! > Not to suggest that one source of spam should be handled differently > than an other, but... You do have a different relationship with your > ISP than other SC reporters; you are a paying client of their's and > could/should have more leverage than 'just some jerk that reported > us.' > What I'm suggesting is that if you take your neighborhood argument to > directly to them, pointing out that the spam is clogging both their > SMTP server and POP server, maybe causing your mail to be blocked, > etc. you may be able to get their attention more effectively than > "just a SC" > report. > Lou You're right of course. Did I neglect to say my ISP is Verizon? Well, actually verizon-yahoo which really means farmed Yahoo. Their oh-so friendly response was to ask me to use their address for spam-not-caught. Every spam goes to that address, in addition to SC, so they have a record if they want it. To date my SC reports have stopped more spam than VZ has - which means a couple sites got nuked but VZ continues to allow the rest thru otherwise. It's actually almost funny: my mail goes thru verizon-yahoo where some spam is caught, then to Netfirms where some more is caught, and finally to my Inbox where Norton gets some and passes it to the Norton Spam filter, the rest being left for me to handle. I'll give you 2 guesses how much spam I see in the Webmail spam folders and the first one doesn't count. The particular sets of spams I'm getting right now are so simple as to be catchable with words in the subject line like viagara, pharm, loan, things like that, but they still filter right on in! Presently 12 to 20 per day roll in, down from 50 or so per day due to my separating out the most obnoxious one at a time and going after them with great prejudice and strong, real sounding (I think) threats. SC fails to parse the right addresses for some reason - one day for grins I went in and killed the hosting stuff to redo it, and darned it if wasn't all of a sudden parsing the spams right!! Redid my hosts info, felt good about the spam being parsed right, and all of a sudden it wasn't catching it again! Somehow, the hosting stuff borks something but I can't prove it! It's just my word against everyone else that the non-host end of things works better than the new host-list stuff. I'm no guru with parsing so I have to depend on tools and others' advice which, well, often doesn't teach me a lot. Sorry for the vent - guess it's more of an annoyance than I thought it was. I'm just sick of doing the manual larts it takes to kill these jockies. I have a feeling all I do is end up getting listwashed, but ... though that's not my intent I'll take it for those particular ones. Lowering sheepishly, he said softly and weakly; "I'll go now" and disappeared back into the foliage. Twayne From user at domain.invalid Mon Feb 23 02:57:23 2009 From: user at domain.invalid (Farelf) Date: Mon Feb 23 03:00:09 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: LKing wrote: > Twayne wrote, On 2/21/2009 4:13 PM: >> jg wrote: >>> I believe, and someone will correct me if I'm wrong, that it isn't >>> considered good form to report your own ISP as a source. >>> >>> Could someone give me the rationale for that, if there is one? >>> >>> Thanks... >> >> IFF I'm certain my ISP is the source, hell yes I report them! I dont' >> want my neighborhood filled with spammers. IMO a source is a source; >> ALL spammers need killing, not just the ones that aren't on my own ISP! >> > Not to suggest that one source of spam should be handled differently > than an other, but... You do have a different relationship with your ISP > than other SC reporters; you are a paying client of their's and > could/should have more leverage than 'just some jerk that reported us.' > > What I'm suggesting is that if you take your neighborhood argument to > directly to them, pointing out that the spam is clogging both their SMTP > server and POP server, maybe causing your mail to be blocked, etc. you > may be able to get their attention more effectively than "just a SC" > report. > > Lou On the other hand ... I reported my own ISP for the first time today. Well, I don't usually have his inwards filters disabled otherwise I never would have seen the offending item. Anyway, this was spam from a dynamic address, definitely sent contrary to AUP/TOS/CRA and almost certainly a bot-net assimilate. That address has been listed on and off for > 18 days because of spamtrap hits. Mine was apparently the first member report. Ergo, my ISP now has some comprehensive and very timely data with which to work in locating the compromised machine, should he chose to do so and as he is encouraged to so do under the voluntary code of conduct here in Oz. I'm doing my ISP a favor. In this instance it would not have affected the rest of the network - all personal subscriber mail from that network is supposed to go through the ISP's IronPort devices on a handful of outwards servers (and business subscribers' mail goes through their own static addresses). But in some circumstances it would be doing a favor to all users of that IP address, or even that address block (other BLs). I am certainly doing the nominal owner of the compromised machine a favor - provided our ISP-in-common complies with the previously-mentioned voluntary code of conduct and doesn't just terminate hir account. But I believe there are up to three warnings specified somewhere in the applicable CRA (IIRC). I guess there's a risk he (the ISP) might terminate *my* account. Apart from his excellent choice of IronPort devices to filter and drop incoming spam he hasn't much in the way of clue. As evidenced by his also attempting to block my SC submissions through the use of the same technology to (silently) 'handle' *outwards* spam content. Hello ... spam bots ... how much spam gets sent through regular e-mail channels these days? Anyway, if he does that, I shall, of course, point him 'here'. Once I have a working internet again :) And he can also explain to an arbitrator how such action was fair use of which CRA provision. From tmcgraw at spamcop.net Mon Feb 23 12:37:45 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Feb 23 12:40:09 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: Farelf wrote: > I guess there's a risk he (the ISP) might terminate *my* account. I take it you don't choose to munge your reports? From user at domain.invalid Mon Feb 23 13:09:19 2009 From: user at domain.invalid (Farelf) Date: Mon Feb 23 13:10:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: References: Message-ID: Tim McGraw wrote: > Farelf wrote: >> I guess there's a risk he (the ISP) might terminate *my* account. > > I take it you don't choose to munge your reports? No, I spent years as a mole, more years munged, then un-munged some months ago. Figured if I was telling people that, logically, there was (probably) little risk either way then I should do that. From nobody at devnull.spamcop.net Mon Feb 23 15:32:40 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Mon Feb 23 15:35:07 2009 Subject: [Scspamcop] CCR Spam from Magnetmail/Datapipe Message-ID: Several months ago, I decided to sign my business up on the governemnt's Central Contractor Registration (CCR) web site (ccr.gov). At that time, it was possible that I might be getting some government contractor work. At the time I signed up, I received a warning that emailing marketers may use the email address used to sign up to send me marketing information, but I did not find any statement that I was agreeing to receive such marketing information as a condition of signing up on the government site. Whenever I enter an email address at any site, I create an alias address, which is used only on that site, and nowhere else. Shortly after I did that, I started receiving marketing information at the email address I used. Some of it was from organizations that appear to be legitimate (other than the fact that they spam). Some of it was straight spam, with forged headers, and advertising pills, watches, 419 scams, pump-and-dump, etc. I have been reporting all of this spam via SPAMCOP. Most of the "legitimate" (I put this term in quotes, because I am using it to indicate that these emails are not forging headers, or contact information, or offering illegitimate or illegal products or services - but I still consider it spam) marketing email I receive comes from an email marketing company called Magnetmail, and uses the servers of an ISP called Datapipe. Examples of this are here: http://www.spamcop.net/sc?id=z2608293226zb52500da2c8d2c3508de6fd44b45a6dcz http://www.spamcop.net/sc?id=z2608293225zadf9d312d4e1ee68cce4a789d9929dd7z I consider all of this email to be spam, because I did not sign up to receive it, and because I have never received or answered any email to confirm that I have signed up to receive such marketing information. I believe these spammers harvested my address from the government CCR database. I also want to make it clear that I am not receiving hard-core spam (pills, 419's, etc.) from datapipe or magnetmail. Despite numerous reports from me, and from others, I have never seen datapipe or magnetmail listed in block lists, including SCBL, and senderbase lists them as having a "GOOD" reputation (as an example see IP address 209.18.70.87, which sends alot of spam to me). It is clear, looking at SPAMCOP's report history on this address that others who have signed up on the CCR site are reporting them. My first question is: Am I correct to be reporting these guys? I am sure that the email they are sending is legitimate under the CANSPAM law, but I think most anti-spam organizations, such as SPAMCOP, have higher standards than CANSPAM, and state that email is spam if the address has not been double-opt-in confirmed. None of the other conditions for a company to be sending me email marketing materials, such as prior business relationship, apply. My second question is: why are they not showing up on more block lists? Is it because the population of people who have signed up for the CCR site, and are being spammed by these people too low to make a difference, or to trigger SPAMCOP's listing in the SCBL? My third question is: Is there anything else I should do to put pressure on them to change their ways? I have already manually emailed them, but have been ignored. (As far as I can tell, they have not even list-washed me). From MikeE at ster.invalid Mon Feb 23 16:30:52 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 23 16:35:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > Central Contractor Registration (CCR) web site (ccr.gov). > http://www.spamcop.net/sc?id=z2608293226zb52500da2c8d2c3508de6fd44b45a6dcz > http://www.spamcop.net/sc?id=z2608293225zadf9d312d4e1ee68cce4a789d9929dd7z Straightup spams with an unsub. > Despite numerous reports from me, and from others, I have never seen > datapipe or magnetmail listed in block lists, including SCBL, and > senderbase lists them as having a "GOOD" reputation (as an example see > IP address 209.18.70.87, which sends alot of spam to me). 209.18.70.87 rDNS mail87.magnetmail.net is one of a great many output servers for magnetmail, almost all of which senderbase sez have a 'good' reputation. That means that the servers are judged to put out a lot of mail which is not spam. If you put out a lot of goodmail, then you have a lot of reputation/traffic points. If you have a lot of rep/traff points, then just some - a few - SC spamsource reports don't get you blocklisted in the SCbl. Or even if you should be transiently listed, you would auto-delist almost immediately. Also, the method by which they create their 'mailing list' is made of 'legitimate' addresses as opposed to being made of harvested and manufactured addresses which include spamtraps -- so their mailing list system also keeps them off of spamtrap created blocklists. > It is clear, > looking at SPAMCOP's report history on this address that others who > have signed up on the CCR site are reporting them. > My first question is: Am I correct to be reporting these guys? Sure. > I am > sure that the email they are sending is legitimate under the CANSPAM > law, but I think most anti-spam organizations, such as SPAMCOP, have > higher standards than CANSPAM, and state that email is spam if the > address has not been double-opt-in confirmed. SC sez that if you say it is spam, it is counted as spam. Or, sometimes the SC system helps the outfits who create lists/systems like accredit.habeas.com, plus.bondedsender.org, or adb.isipp.com -- accrediting databases. http://www.ironport.com/technology/reputation_filters.html IronPort Reputation Filters > My second question is: why are they not showing up on more block lists? > Is it because the population of people who have signed up for the CCR > site, and are being spammed by these people too low to make a > difference, or to trigger SPAMCOP's listing in the SCBL? The reputation/traffic condition outweighs the number of spam reports which are generated. > My third question is: Is there anything else I should do to put > pressure on them to change their ways? I have already manually emailed > them, but have been ignored. (As far as I can tell, they have not even > list-washed me). I would consider unsubbing if you haven't done that -- unless you are philosophically against unsub. Straightup canspam legal spam is more likely to have a legitimate unsub function than 'the other kind' of spam. -- Mike Easter kibitzer, not SC admin From me at privacy.net Mon Feb 23 16:48:44 2009 From: me at privacy.net (Michael R N Dolbear) Date: Mon Feb 23 16:50:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: Message-ID: <01c995d8$898d8e80$LocalHost@default> Farelf wrote [...] > spam bots ... how much spam gets sent through regular e-mail channels > these days? Anyway, if he does that, I shall, of course, point him Regular channels ? Quite a lot still judging by the numbers that have "xxx is an open proxy" in the analysis or webmail adverts in the text -- Mike D From nobody at spamcop.net Mon Feb 23 17:53:13 2009 From: nobody at spamcop.net (Ellen) Date: Mon Feb 23 17:55:07 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: > Several months ago, I decided to sign my business up on the governemnt's > Central Contractor Registration (CCR) web site (ccr.gov). At that time, it > was possible that I might be getting some government contractor work. At > the time I signed up, I received a warning that emailing marketers may use > the email address used to sign up to send me marketing information, but I > did not find any statement that I was agreeing to receive such marketing > information as a condition of signing up on the government site. they warned you and in effect by continuing the sign-up you agreed that you would get those mails. > > Whenever I enter an email address at any site, I create an alias address, > which is used only on that site, and nowhere else. that makes sense > > Shortly after I did that, I started receiving marketing information at the > email address I used. Some of it was from organizations that appear to be > legitimate (other than the fact that they spam). Some of it was straight > spam, with forged headers, and advertising pills, watches, 419 scams, > pump-and-dump, etc. > > I have been reporting all of this spam via SPAMCOP. I would say that you should not be reporting the mails that are obviously being sent as part of the "emailing marketers may use the email address used to sign up to send me marketing information" > My first question is: Am I correct to be reporting these guys? no you should not be reporting those -- it has nothing to do with canspam but rather to do with the fact that you gave tacit permission to receive marketing mails with no particular limits as to who from and how much. The obvious bot mail you can report. > > My second question is: why are they not showing up on more block lists? Is > it because the population of people who have signed up for the CCR site, and > are being spammed by these people too low to make a difference, or to > trigger SPAMCOP's listing in the SCBL? for the IP you mentioned over the last 30 days there are 10 reports -- Personally if you are not going to do business with the govt at this time I would set the email address to reject. If you decide you need to do business with the govt or want to see the emails then stop rejecting the mail. Ellen From nobody at devnull.spamcop.net Mon Feb 23 18:03:15 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Mon Feb 23 18:05:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Mike Easter" wrote in message news:gnv4ia$ona$1@news.spamcop.net... > Blue Rock wrote: > >> Central Contractor Registration (CCR) web site (ccr.gov). >> ... >> Despite numerous reports from me, and from others, I have never seen >> datapipe or magnetmail listed in block lists, including SCBL, and >> senderbase lists them as having a "GOOD" reputation (as an example see >> IP address 209.18.70.87, which sends alot of spam to me). > > 209.18.70.87 rDNS mail87.magnetmail.net is one of a great many output > servers for magnetmail, almost all of which senderbase sez have a 'good' > reputation. That means that the servers are judged to put out a lot of > mail which is not spam. If you put out a lot of goodmail, then you have a > lot of reputation/traffic points. If you have a lot of rep/traff points, > then just some - a few - SC spamsource reports don't get you blocklisted > in the SCbl. Or even if you should be transiently listed, you would > auto-delist almost immediately. > > Also, the method by which they create their 'mailing list' is made of > 'legitimate' addresses as opposed to being made of harvested and > manufactured addresses which include spamtraps -- so their mailing list > system also keeps them off of spamtrap created blocklists. > ... > >> My third question is: Is there anything else I should do to put >> pressure on them to change their ways? I have already manually emailed >> them, but have been ignored. (As far as I can tell, they have not even >> list-washed me). > > I would consider unsubbing if you haven't done that -- unless you are > philosophically against unsub. > > Straightup canspam legal spam is more likely to have a legitimate unsub > function than 'the other kind' of spam. When I originally started using SPAMCOP, I thought it would reduce spam I received. When it didn't, I mentioned that fact here, and people (you included) explained the more-important philosophy behind SPAMCOP, and I bought into it. I set up my email so that spam doesn't bother me anymore (never comes into my inbox), and started regularly reporting it, with the full understanding that it was not likely to reduce spam I received. I agree with you that the unsub functions are probably legitimate. But doing so basically just list-washes me, and I will not be reporting spam from this source any longer. I thought the anti-spam philosophy was to avoid being list-washed. As long as I receive spam and report spam sources, that helps to keep them listed on SCBL, until the legitimate emailers using that ISP start complaining about having their mail blocked, and motivate the ISP to stop their spam-friendly behavior. So, I guess based on that, I would say that I am "philosophically against unsub". If I understand you correctly, you are saying that there are spam-supporting providers out there, who are able to hide behind the fact that they have a large number of users sending legitimate mail. So, if any provider can get a large enough base of users sending legitimate email, they can then spam without fear of being listed (at least by SPAMCOP), provided they keep the ratio of spam to legitimate mail low. I am a little disillusioned to find that there are companies that can spam, or support spam, and not worry about a SPAMCOP listing. It seems to me that Datapipe should be a prime candidate to be block listed. They would not want to tick-off all of those legitimate users. From nobody at devnull.spamcop.net Mon Feb 23 18:59:13 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Mon Feb 23 19:00:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Ellen" wrote in message news:gnv9d7$30i$1@news.spamcop.net... > Blue Rock wrote: >> Several months ago, I decided to sign my business up on the governemnt's >> Central Contractor Registration (CCR) web site (ccr.gov). At that time, >> it was possible that I might be getting some government contractor work. >> At the time I signed up, I received a warning that emailing marketers may >> use the email address used to sign up to send me marketing information, >> but I did not find any statement that I was agreeing to receive such >> marketing information as a condition of signing up on the government >> site. > > they warned you and in effect by continuing the sign-up you agreed that > you would get those mails. > > ... > >> I have been reporting all of this spam via SPAMCOP. > > I would say that you should not be reporting the mails that are obviously > being sent as part of the "emailing marketers may use > the email address used to sign up to send me marketing information" > > ... > >> My first question is: Am I correct to be reporting these guys? > > no you should not be reporting those -- it has nothing to do with canspam > but rather to do with the fact that you gave tacit permission to receive > marketing mails with no particular limits as to who from and how much. Thanks for the reply Ellen. You are a representative of SPAMCOP, and I will abide by your instructions. But I would like to clarify what I said about the warning on the CCR site, and better understand the philosophy behind determining what should be reported. I think this is a very grey area, and may need better clarification in your FAQ. I read your FAQ on this subject, and here are the relevant excerpts: - "Spam is unsolicited bulk email. Not all bulk email is spam. Not all commercial email is spam. Email must be unsolicited and bulk in order to be spam. Unsolicited email is email the recipient did not (explicitly or implicitly) agree to receive. If the recipient agreed to receive it, then it is not spam." - "Bulk email can be split into two categories: Opt-in and Opt-out. Opt-in is email that an individual requested or agreed to receive. Many legitimate mailers use opt-in methods for marketing. Individuals are responsible for reading and understanding a company's privacy policies and acceptable use policies (if applicable) before submitting an email address. If a privacy or acceptable use policy clearly states that signing up for the service results in receiving marketing or commercial email, then the individual has "opted-in" to receive email and that email is not spam." - "Many reputable companies use opt-in email for marketing purposes. When receiving email purporting to be from a company normally considered reputable, the recipient should consider carefully the possibility that he or she did agree to receive it sometime in the past." - "If after reviewing the sender's privacy and acceptable use policies, the recipient is certain he did not agree to receive the email in question, then it may be someone attempting to appear as the company in question, without the company's consent. If a recipient is certain he did not request the email, then the recipient may report it as spam using the SpamCop reporting tool." I fully agree with these guildelines. I have signed up for commercial web sites, that have, in turn, sent me newsletters, or advertisements within the guidelines of their terms of service, and I have not reported those as spam. Likewise, I read the warning on the CCR site very carefully. It was not written as part of an agreement. It was not part of the Terms of Service, saying that if you continue to register, you are granting permission for those marketers to email you. It was written more as a warning that the email address will be published on a public website, and thus may be harvested by spam-bots, etc. The gist of it was that anyone could obtain the email address, and use it to market to you. Many web publishers issue similar warnings - that if you place an email address on a web-site published by them, it will be publicly accessible, and used to advertise to you. These are warnings that your address may be harvested, and used for spam, not an agreement with the publisher of the site. So, does that mean that I should not report any spam received at an address that has been placed on any public web site? Finally, I signed up on a government site. Any agreement that I made (tacit or otherwise) is with the US Government. Magnetmail, and the other companies sending me marketing materials are not part of the US Government. They (or their customers, who are also not the US government) harvested my email address from the government web site, and are using it to send me materials advertising their products or services. How are they any different from the guy who harvested my address from the government web site, and sent me an advertisement for pills, or for a watch, or for a low-interest loan? From MikeE at ster.invalid Mon Feb 23 18:59:30 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 23 19:00:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Mike Easter" > When I originally started using SPAMCOP, I thought it would reduce spam > I received. Once upon a time when the world was a simpler place, there was a concept that if you notified a provider about being a spam source, they would be inclined to 'undo' their sourcing of spam. Nowadays there are some reasons they are disinclined to do that. The providers who both source and defend their clients from spam would rather defend than take down their bots. I don't like that provider decision/strategy, because I consider an internet full of scores or hundreds of millions of bots to be a more dangerous and problematic place separate from the spam issues. I think that providers (and backbones and the entities in between) should be licensed. Whether that should be done nation by nation or by some international 'collective' would have to be worked out. If all carriers from backbone to smallest server were licensed, then you could make rules about being fined or losing your license if you were carrying unlicensed content. That is, you wouldn't have to define spam, you would only have to recognize insecurity. > When it didn't, I mentioned that fact here, and people (you > included) explained the more-important philosophy behind SPAMCOP, and I > bought into it. Presumably you are referring to the fact the SC is responsible for the SCbl and reporters contribute their spamsources to the SCbl. The SCbl is important. Reporters contributing to the scbl is important. Notifying providers IMO is almost always not important. As a general rule, SC's notifying of providers is a tiny contribution to the general noise which consists of mail which is flying around the internet which is unwanted and just taking up bandwidth. Like spam. Some provider notifies are worthwhile. > I set up my email so that spam doesn't bother me > anymore (never comes into my inbox), and started regularly reporting > it, with the full understanding that it was not likely to reduce spam I > received. Well, if the filters which you use to keep spam out of your inbox do anything with the SCbl, then the reporting *IS* going to help reduce spam, because it will help the integrity of dnsbl filtering -- which I think is a very important element of spamfiltering. > I agree with you that the unsub functions are probably legitimate. Oh, I don't know if they are 'legitimate' or not. Where legitimate would mean that one's address is removed from a list and also that one's address isn't added to other lists as a responder who doesn't want to be on this list but must surely want to be on some other lists. In this specific instance, you would be considered a person who has 'invited' themselves to be on some kind of list, so you are known to want to be on lists, so maybe a bulk mailer would consider your address to just need to be moved from list to list until you landed on a list you liked. > But > doing so basically just list-washes me, and I will not be reporting spam > from this source any longer. I would certainly defer to Ellen's judgment and read on this situation along those lines. > I thought the anti-spam philosophy was to > avoid being list-washed. My personal antispam philosophy is to get less spam, and to handle the spam I /do/ get in the most convenient and least irritating way -- and to contribute to antispam effects in some way or another. I don't have a philosophy against being listwashed, because listwashing gets me less spam. Once upon a time I was glad to find my name on a spammer's list of "anti-s" -- where an anti is someone who causes spammers some trouble and where it would be better if an anti weren't getting that spammers spam because the anti might cause some kind of trouble that the spammer didn't want. These days I don't think there are any real 'anti' lists, but it was a nice concept while it lasted. > As long as I receive spam and report spam > sources, that helps to keep them listed on SCBL, Correct. > until the legitimate > emailers using that ISP start complaining about having their mail > blocked, and motivate the ISP to stop their spam-friendly behavior. I didn't quite parse that. My concept of the benefit of the SCbl is that it helps to block spam. Very rarely does - sometimes - the SCbl motivates some provider to do something about sourcing spam. I think it is uncommon that the scbl listing or a SC notify is some kind of a motivator. I think it is extremely common that the scbl acts in a helpful way to block spam. > So, I guess based on that, I would say that I am "philosophically > against unsub". I didn't actually follow (above) how you arrived at that philosophy, but I wouldn't argue with anyone who embraces it. > If I understand you correctly, you are saying that there are > spam-supporting providers out there, who are able to hide behind the > fact that they have a large number of users sending legitimate mail. No, I didn't really say it that way. I said that there were mail providers who handle bulk mailing and who try to do so in a way that prevents their bulk from having any problems getting delivered. > So, if any provider can get a large enough base of users sending > legitimate email, they can then spam without fear of being listed (at > least by SPAMCOP), provided they keep the ratio of spam to legitimate > mail low. Spam is a relative term. As you can see in this discussion, Ellen's view of how the CCR business works is that the mail you get from bulk mailers as a result of your signing up for CCR is (sorta) solicited -- something like FFA - free-for-all signups. > I am a little disillusioned to find that there are companies that can > spam, or support spam, and not worry about a SPAMCOP listing. I think you are arguing that your bulk mails are clearly spam to you and that the source is unlikely to become blocklisted at SC or anywhere else. > It seems to me that Datapipe should be a prime candidate to be block > listed. They would not want to tick-off all of those legitimate users. There is not doubt that datapipe/magnetmail doesn't want its output server on any kind of a popular blocklist like SC's. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Feb 23 20:05:30 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Mon Feb 23 20:10:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Mike Easter" wrote in message news:gnvd8v$b28$1@news.spamcop.net... > Blue Rock wrote: >> "Mike Easter" > >> When I originally started using SPAMCOP, I thought it would reduce spam >> I received. > > Once upon a time when the world was a simpler place, there was a concept > that if you notified a provider about being a spam source, they would be > inclined to 'undo' their sourcing of spam. Nowadays there are some > reasons they are disinclined to do that. The providers who both source > and defend their clients from spam would rather defend than take down > their bots. > > I don't like that provider decision/strategy, because I consider an > internet full of scores or hundreds of millions of bots to be a more > dangerous and problematic place separate from the spam issues. I think > that providers (and backbones and the entities in between) should be > licensed. Whether that should be done nation by nation or by some > international 'collective' would have to be worked out. If all carriers > from backbone to smallest server were licensed, then you could make rules > about being fined or losing your license if you were carrying unlicensed > content. That is, you wouldn't have to define spam, you would only have > to recognize insecurity. > Maybe... but I could see alot more harm coming from such a structure than good. Let's just say that I would prefer to have to deal with spam, than to give the government (or an international collection of governments) the power to regulate all internet traffic (which I think your scheme would ultimately evolve into, because then governments would get to decide what content is 'licensed' or 'unlicensed'). The US government's last attempt to stop spam worked really well, don't you think? But this may be a discussion for another thread. >> When it didn't, I mentioned that fact here, and people (you >> included) explained the more-important philosophy behind SPAMCOP, and I >> bought into it. > > Presumably you are referring to the fact the SC is responsible for the > SCbl and reporters contribute their spamsources to the SCbl. The SCbl is > important. Reporters contributing to the scbl is important. Notifying > providers IMO is almost always not important. As a general rule, SC's > notifying of providers is a tiny contribution to the general noise which > consists of mail which is flying around the internet which is unwanted and > just taking up bandwidth. Like spam. Some provider notifies are > worthwhile. > Yes, that is what I am referring to, and you and I agree about notifying providers (as discussed in another thread, recently). >> I set up my email so that spam doesn't bother me >> anymore (never comes into my inbox), and started regularly reporting >> it, with the full understanding that it was not likely to reduce spam I >> received. > > Well, if the filters which you use to keep spam out of your inbox do > anything with the SCbl, then the reporting *IS* going to help reduce spam, > because it will help the integrity of dnsbl filtering -- which I think is > a very important element of spamfiltering. > The filter that keeps spam out of my inbox is a whitelist. If someone isn't on my whitelist, they don't enter my inbox, period. In addition to that, a customized procmail filter, and a spamassassin filter (which does use SCBL) sorts my email into Possible or Definite spam. The occasional person who sends me legitimate email from a previously unknown address always ends up in my Possible folder, which I manually check occasionally. Everything that goes in the Definite folder is definitely spam. Unfortunately, I don't have any control over my domain's MX server, so I cannot reject mail at that level. This means that the SCBL doesn't actually help me *reduce* spam, it just helps separate mail from new unknown senders, who are not on my whitelist. All actual spam that ends up in the Possible folder, or the Definite folder is still reported to SPAMCOP. The SCBL is still a benefit to me, so it behooves me to support it. >> I agree with you that the unsub functions are probably legitimate. > > Oh, I don't know if they are 'legitimate' or not. Where legitimate would > mean that one's address is removed from a list and also that one's address > isn't added to other lists as a responder who doesn't want to be on this > list but must surely want to be on some other lists. In this specific > instance, you would be considered a person who has 'invited' themselves to > be on some kind of list, so you are known to want to be on lists, so maybe > a bulk mailer would consider your address to just need to be moved from > list to list until you landed on a list you liked. > Point taken. >> But >> doing so basically just list-washes me, and I will not be reporting spam >> from this source any longer. > > I would certainly defer to Ellen's judgment and read on this situation > along those lines. As of the time I wrote my reply to you, Ellen's post had not appeared for me yet. I will defer to her judgement, but I have some questions about it. > >> As long as I receive spam and report spam >> sources, that helps to keep them listed on SCBL, > > Correct. > >> until the legitimate >> emailers using that ISP start complaining about having their mail >> blocked, and motivate the ISP to stop their spam-friendly behavior. > > I didn't quite parse that. My concept of the benefit of the SCbl is that > it helps to block spam. Very rarely does - sometimes - the SCbl motivates > some provider to do something about sourcing spam. > > I think it is uncommon that the scbl listing or a SC notify is some kind > of a motivator. I think it is extremely common that the scbl acts in a > helpful way to block spam. Well, my brother was on a small ISP in his area, who was blocked by SPAMCOP, and eventually fixed their problems. I thought the whole idea behind blocklists was to force ISP's to change their behavior, or lose customers. > >> So, I guess based on that, I would say that I am "philosophically >> against unsub". > > I didn't actually follow (above) how you arrived at that philosophy, but I > wouldn't argue with anyone who embraces it. My logic: as someone who wishes to do something about the problem of spam, there is more benefit to staying on the list of a spammer and reporting his sources all the time, than there is in getting off his list. With hard-core spammers, there can actually be harm in clicking the unsub link. Therefore, I do not click on unsub links, even if I believe they will work. Add to that, your comments above (about the "legitimate" unsub link), and I am more motivated to not use the unsub link. > >> If I understand you correctly, you are saying that there are >> spam-supporting providers out there, who are able to hide behind the >> fact that they have a large number of users sending legitimate mail. > > No, I didn't really say it that way. I said that there were mail > providers who handle bulk mailing and who try to do so in a way that > prevents their bulk from having any problems getting delivered. > >> So, if any provider can get a large enough base of users sending >> legitimate email, they can then spam without fear of being listed (at >> least by SPAMCOP), provided they keep the ratio of spam to legitimate >> mail low. > > Spam is a relative term. As you can see in this discussion, Ellen's view > of how the CCR business works is that the mail you get from bulk mailers > as a result of your signing up for CCR is (sorta) solicited -- something > like FFA - free-for-all signups. Again, I had not read Ellen's comments when I last answered you. I am not sure if Ellen's view is based on her personal knowledge of the CCR, or on my comment about them warning me that I would receive email marketing. I read the CCR warning as saying that the address would be on a public site, and thus would be harvested, and receive email marketing in general (including spam). It was not an agreement (as I have seen on other sites) that I would accept receipt of marketing materials. > >> I am a little disillusioned to find that there are companies that can >> spam, or support spam, and not worry about a SPAMCOP listing. > > I think you are arguing that your bulk mails are clearly spam to you and > that the source is unlikely to become blocklisted at SC or anywhere else. I am not arguing. I thought you were saying that SPAMCOP blocklist decisions were based on ratios of good mail to spam coming from a particular server, and therefore all an ISP had to do was maintain a high ratio of good mail to spam, and he could also "get away" with supporting spam, at least for the purpose of avoiding the SCBL. If this fact is true, I feel disillusioned. I admit I may have misunderstood, or mis-worded what you said. Ellen's comments aside, even you seemed to feel that the email messages I provided trackers for were spam. If so, should they not be listed? > >> It seems to me that Datapipe should be a prime candidate to be block >> listed. They would not want to tick-off all of those legitimate users. > > There is not doubt that datapipe/magnetmail doesn't want its output server > on any kind of a popular blocklist like SC's. From nobody at devnull.spamcop.net Mon Feb 23 20:33:36 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Mon Feb 23 20:35:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Ellen" wrote in message > news:gnv9d7$30i$1@news.spamcop.net... >> Blue Rock wrote: >>> Several months ago, I decided to sign my business up on the >>> governemnt's Central Contractor Registration (CCR) web site >>> (ccr.gov). At that time, it was possible that I might be getting >>> some government contractor work. At the time I signed up, I >>> received a warning that emailing marketers may use the email >>> address used to sign up to send me marketing information, but I did >>> not find any statement that I was agreeing to receive such >>> marketing information as a condition of signing up on the >>> government site. >> ... > Many web publishers issue similar warnings - that if you place an > email address on a web-site published by them, it will be publicly > accessible, and used to advertise to you. These are warnings that > your address may be harvested, and used for spam, not an agreement > with the publisher of the site. So, does that mean that I should not > report any spam received at an address that has been placed on any > public web site? > Finally, I signed up on a government site. Any agreement that I made > (tacit or otherwise) is with the US Government. Magnetmail, and the > other companies sending me marketing materials are not part of the US > Government. They (or their customers, who are also not the US > government) harvested my email address from the government web site, > and are using it to send me materials advertising their products or > services. How are they any different from the guy who harvested my > address from the government web site, and sent me an advertisement > for pills, or for a watch, or for a low-interest loan? This was an interesting thread. In past lives I have had many dealings with gvt critters & their holes, I mean, offices and rules & regs, and this just wasn't jiving right. Unfortunately, it would appear that you did unwittingly requiest some of that spam. Please read the excerpt below I found when briefly searching their FAQs: http://www.ccr.gov/faq.aspx#needtoknow ------------------- Q: Is my company going to be included in any marketing lists? A: Certain CCR information, like phone numbers, is available through the Freedom of Information Act (FOIA). *Email addresses are never made available publicly* through CCR. In D&B, users have the option of being included in D&B’s marketing campaign. If you choose not to be included in this marketing list, please *request to be removed* from D&B’s marketing file by calling 866-705-5711. *D&B does not publish email addresses.* If you are a small business and part of the Dynamic Small Business Search (DSBS), your business contact information, including email addresses, *may be available. *You can *request to have your email address removed* by sending an email to DSBShelpdesk@basetech.com. For Equifax (formerly known as Austin Tetra), users who no longer wish to receive promotional materials from Equifax or its affiliates and partners may opt out of receiving marketing communications by replying with "unsubscribe" in the subject line of the email or by sending an email to clientsvc@austintetra.com. ----------------- Like it says, CCR makes NO email addresses publicly availble. But then they add a lot of shit to that, which seems to nullify the claim entirely. Based on this Q/A and a couple others of similar content, it looks to me like you need to make a few phone calls to get off those lists, wherever your mail addy is being listed. IMO you are the victim of having had to do a lot of reading in the right places to know what you should have known. Typical unfortunately of our bass turd gummint critters, and thoroughly disgusting. While it makes sense there HAS to be a method of contact, it does NOT appear that it's anything that's intended to be in the clear and that would be so easily harvested by spammers, especially considering the sensitive personal nature of some of the information they collect! As sort of an aside here, I would be forced to allow my paranoia to rise high enough to worry about the exposure of my ss number and some other identity-theft information, and seek strong evidence that was was NOT possible to do! My short ftp stint led me to a few pages of what I think were embedded ssn's next to full names but I'm not certain that's what it was/is. The number format was right though, and every single one of them passed my ssn program for probably being legitimate ssns. If the site can be believed, sensitive data should ONLY be able to be accessed via fairly closely guarded accounts and bots wouldn't be crawling those very easily so the sources of the spam are probably as referenced in that FAQ entry above. If it were me I think I'd get on the horn and start asking some deep questions in a firm and mehodical manner, keeping FOIA in mind if they gave you trouble. You are alleging somethign that is very disturbing to be happening at an actual .gov web site. I would be very interested in hearing what transpires for you in your endeavors to get you address hidden. Actually, you should probably use their panel to change the email addy you use and simply retire the current one since it sounds like it's probably on a lot of lists already. IMO what's going on is totally unacceptable of any gvt agency/office/person/critter/whatever. HTH Twayne From nobody at spamcop.net Mon Feb 23 20:33:32 2009 From: nobody at spamcop.net (Ellen) Date: Mon Feb 23 20:35:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: > "Ellen" wrote in message > news:gnv9d7$30i$1@news.spamcop.net... >> Blue Rock wrote: > > Thanks for the reply Ellen. You are a representative of SPAMCOP, and I will > abide by your instructions. But I would like to clarify what I said about > the warning on the CCR site, can you point me to the site and the warning - I should read it > > Likewise, I read the warning on the CCR site very carefully. It was not > written as part of an agreement. It was not part of the Terms of Service, > saying that if you continue to register, you are granting permission for > those marketers to email you. It was written more as a warning that the > email address will be published on a public website, and thus may be > harvested by spam-bots, etc. The gist of it was that anyone could obtain > the email address, and use it to market to you. OK it is sort of a gray area -- I am not going to suspend your acct or anything for reporting those emails > > Many web publishers issue similar warnings - that if you place an email > address on a web-site published by them, it will be publicly accessible, and > used to advertise to you. yes and I would certainly think long and hard about placing an email address on for publication on a website and apply dranconian filters to any mail sent to it > > Finally, I signed up on a government site. Any agreement that I made (tacit > or otherwise) is with the US Government. Magnetmail, and the other > companies sending me marketing materials are not part of the US Government. > They (or their customers, who are also not the US government) harvested my > email address from the government web site, and are using it to send me > materials advertising their products or services. How are they any > different from the guy who harvested my address from the government web > site, and sent me an advertisement for pills, or for a watch, or for a > low-interest loan? Well as I said it is a gray area and I am not going to make Custer's last stand on whether you report the mails or not. Personally if I needed to keep the address live I would probably make a couple of attempts to unsub at magnetmail first and see what happened. If that didn't work then I would likely report the subsequent mails. Ellen > > From fdraven at cableone.net Mon Feb 23 23:35:30 2009 From: fdraven at cableone.net (Frank) Date: Mon Feb 23 23:40:08 2009 Subject: [Scspamcop] Major Spamage Message-ID: I tried spamcop a few days ago , then I was only getting like 2 to 4 spams a day, now I am getting between 12 and 16 a day, can someone explain this to me? Thanks Fdraven From tmcgraw at spamcop.net Tue Feb 24 01:49:39 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Feb 24 01:50:08 2009 Subject: [Scspamcop] Re: Major Spamage In-Reply-To: References: Message-ID: Frank wrote: > I tried spamcop a few days ago , then I was only getting like 2 to 4 > spams a day, now I am getting between 12 and 16 a day, can someone > explain this to me? Free account or paid? Your email address already appears frequently enough on the Internet that 12 to 16 spam items a day would be a small number. From bjarke.andersen at gmail.com Tue Feb 24 02:09:44 2009 From: bjarke.andersen at gmail.com (Bjarke Andersen) Date: Tue Feb 24 02:10:08 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: "Frank" crashed Echelon writing news:gnvtgs$f9v$1@news.spamcop.net: > I tried spamcop a few days ago , then I was only getting like 2 to 4 > spams a day, now I am getting between 12 and 16 a day, can someone > explain this to me? If your email reply address is the one you use, and is getting the spam, have you tried google it? If SpamCop could stop all the spam in the world, then it would be heaven. SpamCop is only a helper in reporting found spam to the ISPs. -- Bjarke Andersen From user at domain.invalid Tue Feb 24 02:56:54 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 24 03:00:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: <01c995d8$898d8e80$LocalHost@default> References: <01c995d8$898d8e80$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Farelf wrote > [...] >> spam bots ... how much spam gets sent through regular e-mail channels > >> these days? Anyway, if he does that, I shall, of course, point him > > Regular channels ? > > Quite a lot still judging by the numbers that have "xxx is an open > proxy" in the analysis or webmail adverts in the text > That's interesting Mike. On two quite different spam "streams", one at work, one at home, I have been seeing next to none of that (just a little webmail only). Different spammer lists to yours I guess. Anyway, "open proxy" isn't part of a "regular" e-mail channel, IIUC. From MikeE at ster.invalid Tue Feb 24 08:49:22 2009 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 24 08:50:09 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: Frank wrote: > I tried spamcop a few days ago , then I was only getting like 2 to 4 > spams a day, now I am getting between 12 and 16 a day, can someone > explain this to me? If becoming a spamcop reporter is causing you to open spam insecurely which you weren't doing before, then "Yes, handling your spam insecurely can cause an increase in spam." The moral to that lesson is -- don't handle spam insecurely. Insecure spam-handling is when your spam opening signals^0 to the spamsystem that the recipient has received the spam and opened it. I don't let spam into my inbox, but my filter and message rules direct it into my Junk folder. Once a day, sometimes twice, I go to my Junk folder and scan the From/Subject sections to be sure that no goodmail has gotten in there. I do not open any spam^1. I select all of the spam and quick report unopened it to SC. Now the day's spamwork is done. ^0 If you cannot report your spam without opening it, and if your spamopening signals that you've received an item and opened it, then a spamsending system which is configured to 'register' that your address is a good one to send spam to will add your address to even more spamsending systems, and your spam will grow. ^1 It is not necessary to open a spam to identify it as spam. If for some reason I should want additional information about the 'content' or spammishness of an item, I look at its message properties which contain the headers, which headers show me the source and also the X-lines which my spamfilter has created listing spammish characteristics of the interior. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Feb 24 12:28:30 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Tue Feb 24 12:30:07 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Ellen" wrote in message news:gnvipe$oah$1@news.spamcop.net... > Blue Rock wrote: >> "Ellen" wrote in message >> news:gnv9d7$30i$1@news.spamcop.net... >>> Blue Rock wrote: > >> >> Thanks for the reply Ellen. You are a representative of SPAMCOP, and I >> will abide by your instructions. But I would like to clarify what I said >> about the warning on the CCR site, > > can you point me to the site and the warning - I should read it > It was 9 months ago, when I registered on the CCR site, so it is difficult to remember exactly which statement I read. I went back and thoroughly serached the site now. I found their privacy notice, which says absolutely nothing on the subject. The main site is www.ccr.gov. I found this in the FAQ, and I am pretty sure this is what I read: (from http://www.ccr.gov/FAQ.aspx#marketing) ================================ Q: Is my company going to be included in any marketing lists? A: Certain CCR information, like phone numbers, is available through the Freedom of Information Act (FOIA). Email addresses are never made available publicly through CCR. In D&B, users have the option of being included in D&B's marketing campaign. If you choose not to be included in this marketing list, please request to be removed from D&B's marketing file by calling 866-705-5711. D&B does not publish email addresses. If you are a small business and part of the Dynamic Small Business Search (DSBS), your business contact information, including email addresses, may be available. You can request to have your email address removed by sending an email to DSBShelpdesk [at]basetech.com. For Equifax (formerly known as Austin Tetra), users who no longer wish to receive promotional materials from Equifax or its affiliates and partners may opt out of receiving marketing communications by replying with "unsubscribe" in the subject line of the email or by sending an email to clientsvc [at] austintetra.com. ================================ I don't read any of this as saying that I am agreeing to receive email marketing at the address I use. It is simply a list of related sites that *may* publicly display my information, or that may send me marketing materials. None of the spam I am receiving is from D&B or Equifax. Everyone registering on CCR must obtain a D&B number for their company, which means they must also register on D&B's site. I did so, and I opted out of D&B's marketing information. I used a different email address on D&B's site anyway, and that address is not receiving any email (spam or otherwise). When you indicate you are a small business, the information you enter in your CCR registration gets transferred to the Small Business Administration's "Dynamic Small Business Search" (DSBS). This is the only place I have found where my email address is publicly available, and this is where I believe the spammers are harvesting my address. The address that shows up here for my company is the same as the one I used on the CCR site, and is the address that all spam we are discussing is going to. BTW, I also searched the SBA's DSBS site and privacy policy, which also says nothing about agreeing to receive marketing information from a listing there. My comapny did not need to get a credit rating, so I did not register on Equifax's site. > >> >> Many web publishers issue similar warnings - that if you place an email >> address on a web-site published by them, it will be publicly accessible, >> and used to advertise to you. > > yes and I would certainly think long and hard about placing an email > address on for publication on a website and apply dranconian filters to > any mail sent to it > > > I do have an email address publicly displayed on my web site. It is a very simple web site, that I put together very quickly, and I didn't have time to play around with forms, or captchas, or things like that. So, I created a special email address for that site, along with instructions that a potential sender should follow when trying to email me (to place a certain word in the subject line). The email address has been there for several years now. I have received legitimate contacts through that address, and every person who has legitimately contacted me using that address, has correctly followed the instructions. I also do receive some hard core spam at that address (which does not contain the keyword in the subject line), although not as much as I thought I would. For now, all such spam received at that address is reported to SPAMCOP. I am careful to check that I do not report someone who sends to that address, who simply didn't follow the instructions, but that has never happened. So, this is another example of a publicly available address, for which I report spam. I hope this is not a violation of the rules, and I can not find anything in your rules that forbids this. I view the public listing of my CCR email address the same way - it is simply an address that shows up in a public place that spammers harvest and use to send me advertising. > >> >> Finally, I signed up on a government site. Any agreement that I made >> (tacit or otherwise) is with the US Government. Magnetmail, and the >> other companies sending me marketing materials are not part of the US >> Government. They (or their customers, who are also not the US government) >> harvested my email address from the government web site, and are using it >> to send me materials advertising their products or services. How are >> they any different from the guy who harvested my address from the >> government web site, and sent me an advertisement for pills, or for a >> watch, or for a low-interest loan? > > Well as I said it is a gray area and I am not going to make Custer's last > stand on whether you report the mails or not. Personally if I needed to > keep the address live I would probably make a couple of attempts to unsub > at magnetmail first and see what happened. If that didn't work then I > would likely report the subsequent mails. > > > Ellen > > >> >> > From nobody at spamcop.net Tue Feb 24 12:42:47 2009 From: nobody at spamcop.net (Ellen) Date: Tue Feb 24 12:45:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: > > If you are a small business and part of the Dynamic Small Business Search > (DSBS), your business contact information, including email addresses, may be > available. You can request to have your email address removed by sending an > email to DSBShelpdesk [at]basetech.com. I assume you have or are planning to do this? > > > When you indicate you are a small business, the information you enter in > your CCR registration gets transferred to the Small Business > Administration's "Dynamic Small Business Search" (DSBS). This is the only > place I have found where my email address is publicly available, and this is > where I believe the spammers are harvesting my address. The address that > shows up here for my company is the same as the one I used on the CCR site, > and is the address that all spam we are discussing is going to. Assuming that is the only place you publicly used the address then I assume that is where it was harvested from. > > So, this is another example of a publicly available address, for which I > report spam. I hope this is not a violation of the rules, and I can not > find anything in your rules that forbids this. That's fine reporting that spam. >> Well as I said it is a gray area and I am not going to make Custer's last >> stand on whether you report the mails or not. Personally if I needed to >> keep the address live I would probably make a couple of attempts to unsub >> at magnetmail first and see what happened. If that didn't work then I >> would likely report the subsequent mails. and the above is what I said in my last post as to what I would probably do were it I -- I think the above also indicates that if you want to report the mails then do so altho we may further discuss this with you in email and not in the newsgroup, if we receive email concerning the reports that in some way indicates that there was some permission given altho obviously we would expect the person challenging the report to provide information concerning that permission .... Ellen From nobody at devnull.spamcop.net Tue Feb 24 12:54:10 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 12:55:07 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: Frank wrote: > I tried spamcop a few days ago , then I was only getting like 2 to 4 > spams a day, now I am getting between 12 and 16 a day, can someone > explain this to me? > Thanks > Fdraven Hi Frank, In plain language, using Spamcop won't usually get you less spam and in certain instances can actually increase your spam load. With all due respect, if you go back and read more in the FAQs at spamcop.net, you'll notice that spamcop is really a tool used to create a listing of spammers, thereby identifying them and allowing them be be ignored by various and varied methods. Spamcop's purpose is not to decrease the spam you get, although logically it may seem that should be the result. So if your interest is solely to get rid of spam in your mailbox, spamcop isn't going to make that happen. However if your interest is to punish spammers, cost them money by keeping their accounts being taken away from them, and in general fighting the scourge of the internet, you've chosen what IMO Is the best place to do it. Ymmv of course and your successes are often not even known to you untl you learn more about how it all works together. So the basic purpose of SC is to list spammers in a maintained list that others can use to keep them out of their inboxes. It seldom will result in less spam and maybe even increase it at first. Here are some spamfighting tips you can find mentioned in and around the good FAQs at spamcop: -- GET YOUR REAL EMAIL ADDRESS OUT OF YOUR POSTS HEADERS! Just based on that one mistake, I'd say your increase in spam is not due to using spamcop but from leaving your real email address in each and every place you post to in any/all the groups. To see what I'm talking about, take a look at the Headers in any of your posts; you'll see your address right there, just waiting to be picked up and added to many spammer's lists. Based on that and your Vista OS, I'd also say that your current address hasn't been used for very long. I'd predict that within the next few to several weeks your address, if not so already, will be appearing in thousands of "lists" of addresses to spam, and probably on several of the CDs spammers sell to each other of "good addresses to spam". Where your address is listed will continue to grow and it'll be in more and more places every day. Hopefully, due to the efforts of spamcop and the like, it won't completely obliterate your mailbox by virtue of having shut down many of those spammers sites and accounts, or at least by them being listed on the spamcop block list by faithful spam reporters such as yourself. I'll stop before I write a book. Everything I said and much more is available in the spamcop FAQs if you can just locate the right ones. There's a lot to learn and a lot to read. The point I am trying to make is that spamcop IMO is a great tool, creates a valuable and useful block list, usable by any who wish to use it and who have the ability, of identified bottom feeding bass turd spammers. It is not to reduce YOUR spam load; it's to reduce the world's spamload by getting spammers isolated until eventually, in theory, they can no longer reach anyone with their spam. Theory isn't reality of course. The real value in being a spamcop reporter is knowing you are making it difficult for the spammers. Hopefully; sometimes it's hard to tell. So, remove your real email addy from your headers; use something like invalid@invalid.invalid or any one of many others that have been created specifically for this purpose. Notice my email address; it's one spamcop provides to use in place of a real email address. It's very important to never use any kind of address that could ever exist now or in the future; it has to be one set aside for the purpose. Never post your real email address on a newsgroup in a recognizable form; the bots and crawlers will scrape it up every time and often within hours, not days. Then learn about and practice Safe Hex. Look for the term in Google or your fav search engine. Lots of good advice there. Never, ever respond to a spam in any way; don't click anything in it, don't even set your mouse in it it. If possible, don't even read it or allow it to display on your screen. 98% of spam can be identified without reading it IMO. Happy reading, or, bye, as the case may be. Cheers, Twayne From nobody at devnull.spamcop.net Tue Feb 24 13:06:43 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 13:10:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Ellen, Actually, I have my doubts as to whether that's even actually a gvt site. If you take a look at them with robtex.com, some of the info is pretty interesting. I am not saying I don't think the site is legit; I'm saying I'm not so sure it's really a gvt site. As for blocklists, they're listed as "entire tld is rfc-ignorant". Never seen that before about a site. Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting neighbors, too. Twayne Ellen wrote: > Blue Rock wrote: >> "Ellen" wrote in message >> news:gnv9d7$30i$1@news.spamcop.net... >>> Blue Rock wrote: > >> >> Thanks for the reply Ellen. You are a representative of SPAMCOP, >> and I will abide by your instructions. But I would like to clarify >> what I said about the warning on the CCR site, > > can you point me to the site and the warning - I should read it > > > >> >> Likewise, I read the warning on the CCR site very carefully. It was >> not written as part of an agreement. It was not part of the Terms >> of Service, saying that if you continue to register, you are >> granting permission for those marketers to email you. It was >> written more as a warning that the email address will be published >> on a public website, and thus may be harvested by spam-bots, etc. The >> gist of it was that anyone could obtain the email address, and >> use it to market to you. > > OK it is sort of a gray area -- I am not going to suspend your acct or > anything for reporting those emails > >> >> Many web publishers issue similar warnings - that if you place an >> email address on a web-site published by them, it will be publicly >> accessible, and used to advertise to you. > > yes and I would certainly think long and hard about placing an email > address on for publication on a website and apply dranconian filters > to any mail sent to it > > > > >> >> Finally, I signed up on a government site. Any agreement that I >> made (tacit or otherwise) is with the US Government. Magnetmail, >> and the other companies sending me marketing materials are not part >> of the US Government. They (or their customers, who are also not the >> US government) harvested my email address from the government web >> site, and are using it to send me materials advertising their >> products or services. How are they any different from the guy who >> harvested my address from the government web site, and sent me an >> advertisement for pills, or for a watch, or for a low-interest loan? > > Well as I said it is a gray area and I am not going to make Custer's > last stand on whether you report the mails or not. Personally if I > needed to keep the address live I would probably make a couple of > attempts to unsub at magnetmail first and see what happened. If that > didn't work then I would likely report the subsequent mails. > > > Ellen From nobody at devnull.spamcop.net Tue Feb 24 13:06:59 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Tue Feb 24 13:10:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Twayne" wrote in message news:gnvipb$oag$1@news.spamcop.net... > Blue Rock wrote: >> "Ellen" wrote in message >> news:gnv9d7$30i$1@news.spamcop.net... >>> Blue Rock wrote: >>>> Several months ago, I decided to sign my business up on the >>>> governemnt's Central Contractor Registration (CCR) web site >>>> (ccr.gov). At that time, it was possible that I might be getting >>>> some government contractor work. At the time I signed up, I >>>> received a warning that emailing marketers may use the email >>>> address used to sign up to send me marketing information, but I did >>>> not find any statement that I was agreeing to receive such >>>> marketing information as a condition of signing up on the >>>> government site. >>> > > ... > > any of the snipped information; snippage is for relevance to my comments > only: > >> >> Many web publishers issue similar warnings - that if you place an >> email address on a web-site published by them, it will be publicly >> accessible, and used to advertise to you. These are warnings that >> your address may be harvested, and used for spam, not an agreement >> with the publisher of the site. So, does that mean that I should not >> report any spam received at an address that has been placed on any >> public web site? >> Finally, I signed up on a government site. Any agreement that I made >> (tacit or otherwise) is with the US Government. Magnetmail, and the >> other companies sending me marketing materials are not part of the US >> Government. They (or their customers, who are also not the US >> government) harvested my email address from the government web site, >> and are using it to send me materials advertising their products or >> services. How are they any different from the guy who harvested my >> address from the government web site, and sent me an advertisement >> for pills, or for a watch, or for a low-interest loan? > > > This was an interesting thread. In past lives I have had many dealings > with gvt critters & their holes, I mean, offices and rules & regs, and > this just wasn't jiving right. > > Unfortunately, it would appear that you did unwittingly requiest some of > that spam. > Please read the excerpt below I found when briefly searching their FAQs: > http://www.ccr.gov/faq.aspx#needtoknow > ------------------- > Q: Is my company going to be included in any marketing lists? > > A: Certain CCR information, like phone numbers, is available through the > Freedom of Information Act (FOIA). *Email addresses are never made > available publicly* through CCR. > In D&B, users have the option of being included in D&B's marketing > campaign. If you choose not to be included in this marketing list, please > *request to be removed* from D&B's marketing file by calling 866-705-5711. > *D&B does not publish email addresses.* > If you are a small business and part of the Dynamic Small Business Search > (DSBS), your business contact information, including email addresses, *may > be available. *You can *request to have your email address removed* by > sending an email to DSBShelpdesk@basetech.com. > For Equifax (formerly known as Austin Tetra), users who no longer wish to > receive promotional materials from Equifax or its affiliates and partners > may opt out of receiving marketing communications by replying with > "unsubscribe" in the subject line of the email or by sending an email to > clientsvc@austintetra.com. > ----------------- > Like it says, CCR makes NO email addresses publicly availble. But then > they add a lot of shit to that, which seems to nullify the claim entirely. > What that FAQ means, is that during the process of registering on the CCR site, you may have to deal with one or more other sites. Two of those other sites (D&B and Equifax) are businesses that may want to send you marketing information of their own. The third (DSBS) is another government site which may publicly display your email address. EVERYONE registering on CCR must obtain a D&B number, which means they must also register on D&B's site. I did so, but I opted out of receiving their marketing information. I also used a different email address, and that email address is not receiving anything. None of the spam I am receiving comes from D&B anyway. Some people wanting to do business with the government may have to get a credit rating, so they might have to deal with Equifax. That did not apply to me, so I did not even go to their site. None of the spam I am receiving comes from Equifax anyway. My email address was publicly displayed in the governemnt DSBS. This happens automatically if you indicate you are a small business, during the registration. This is the only place where the address shows up publicly, and it is where the spammers are harvesting my email address. NOTHING in the FAQ states that you are agreeing to receive such marketing information, (except that which would come from D&B or Equifax). I have signed up for plenty of sites (credit cards, banks, on-line stores, etc.) that make it very clear how they will use your email address, whether or not they send you marketing materials, and how to opt-out if you don't want them. This FAQ is nothing like that. NOTHING in the CCR privacy policy states that you are agreeing to receive such marketing information, either. So, I disagree that I have tacitly agreed to receive spam. > Based on this Q/A and a couple others of similar content, it looks to me > like you need to make a few phone calls to get off those lists, wherever > your mail addy is being listed. IMO you are the victim of having had to > do a lot of reading in the right places to know what you should have > known. Typical unfortunately of our bass turd gummint critters, and > thoroughly disgusting. > Since I am not receiving marketing materials from Equifax or D&B, calling or writing either of them will do nothing. D&B had a box to check to NOT receive their marketing info when I signed up, and so far they have honored that request. Although I agree that I could contact DSBS, and have them remove my email address, I don't think that is necessary. The spammers have already harvested the address anyway, and I would like to provide some means for a potental customer to contact me. > While it makes sense there HAS to be a method of contact, it does NOT > appear that it's anything that's intended to be in the clear and that > would be so easily harvested by spammers, especially considering the > sensitive personal nature of some of the information they collect! As > sort of an aside here, I would be forced to allow my paranoia to rise high > enough to worry about the exposure of my ss number and some other > identity-theft information, and seek strong evidence that was was NOT > possible to do! My short ftp stint led me to a few pages of what I think > were embedded ssn's next to full names but I'm not certain that's what it > was/is. The number format was right though, and every single one of them > passed my ssn program for probably being legitimate ssns. > I am not sure what ftp site you looked at. I never had to enter my SSN. I probably had to enter my company's TID, but that is probably available someplace anyway. > If the site can be believed, sensitive data should ONLY be able to be > accessed via fairly closely guarded accounts and bots wouldn't be crawling > those very easily so the sources of the spam are probably as referenced in > that FAQ entry above. > You can very easily search either the CCR site, or the DSBS site. I see absolutely no reason why a bot could not do so. If you look up my company "Blue Rock Systems", you will find that the CCR site does not list any email address, but the DSBS site does. None of the other information displayed on either of these searches is "sensitive". > If it were me I think I'd get on the horn and start asking some deep > questions in a firm and mehodical manner, keeping FOIA in mind if they > gave you trouble. > You are alleging somethign that is very disturbing to be happening at an > actual .gov web site. I would be very interested in hearing what > transpires for you in your endeavors to get you address hidden. Actually, > you should probably use their panel to change the email addy you use and > simply retire the current one since it sounds like it's probably on a lot > of lists already. IMO what's going on is totally unacceptable of any gvt > agency/office/person/critter/whatever. > When I started receiving hard-core spam at that email address, less than a week after I registered, I contacted the CCR, using the contact form on their web site. I received absolutely no reply. I decided not to pursue it any further. The email address is publicly displayed. It is easy for spammers to find. There is nothing the government can really do about that. If spammers send email to me, I report them to SPAMCOP. Hopefully that hurts the spammers, if they get listed. I have set my email up so that the whole process can be done in minutes, so it doesn't matter that much to me. From nobody at devnull.spamcop.net Tue Feb 24 13:30:50 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Tue Feb 24 13:35:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Ellen" wrote in message news:go1bj0$sqc$1@news.spamcop.net... > Blue Rock wrote: > >> >> If you are a small business and part of the Dynamic Small Business Search >> (DSBS), your business contact information, including email addresses, may >> be available. You can request to have your email address removed by >> sending an email to DSBShelpdesk [at]basetech.com. > > I assume you have or are planning to do this? > > > >>> Well as I said it is a gray area and I am not going to make Custer's >>> last >>> stand on whether you report the mails or not. Personally if I needed to >>> keep the address live I would probably make a couple of attempts to >>> unsub >>> at magnetmail first and see what happened. If that didn't work then I >>> would likely report the subsequent mails. If you think I should do either of these things, then I will do so. I didn't think it was necessary for three reasons: 1) The address has already been up there for nearly a year, and has already been harvested. 2) Removing the address will not stop the spam, and it will remove a potential contact path for a legitimate customer who may want to contact me. 3) As I stated in my conversation with Mike Easter (another thread in this post), I have come to realize that I am not going to be able to stop spam coming to me, so I have sort of given up trying. But, if by reporting spam here, I contribute to the SCBL, which makes it harder on spammers, I am satisfied to continue to do so. If I remove myself from illegitimately built spam lists (meaning lists of addresses harvested from web sites, dictionary attacks, viruses, etc.) then that will be one less SPAMCOP reporter contributing information from that spammer using those lists to the SCBL. IMO, all of the email I am receiving and reporting is coming from an illegitimately built list, including the email from Magnetmail. I have searched the CCR and read every legal notice and instruciton I could find. If there is some secret path by which I have inadvertently agreed to receive such marketing, by signing up on the CCR, it sure is very well hidden! So, do you think I should try to remove myself from the list, or remove my email address from the site? From nobody at devnull.spamcop.net Tue Feb 24 13:40:14 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Tue Feb 24 13:45:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Twayne" wrote in message news:go1cve$2qj$1@news.spamcop.net... > Ellen, > > Actually, I have my doubts as to whether that's even actually a gvt site. > If you take a look at them with robtex.com, some of the info is pretty > interesting. I am not saying I don't think the site is legit; I'm saying > I'm not so sure it's really a gvt site. > As for blocklists, they're listed as "entire tld is rfc-ignorant". Never > seen that before about a site. > > Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting > neighbors, too. > > Twayne > Just out of curiosity, what is it you find interesting about that site? Why do you think it is not a government site? Is it possible for some outside entity to create a domain name in the .gov TLD? My understanding is that anyone wishing to do business with the government must register on that site. If this is some sort of scam, I would really like to know! From tmcgraw at spamcop.net Tue Feb 24 13:51:37 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Feb 24 13:55:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: > Twayne wrote: >> Actually, I have my doubts as to whether that's even actually a gvt site. >> If you take a look at them with robtex.com, some of the info is pretty >> interesting. I am not saying I don't think the site is legit; I'm saying >> I'm not so sure it's really a gvt site. >> As for blocklists, they're listed as "entire tld is rfc-ignorant". Never >> seen that before about a site. >> >> Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting >> neighbors, too. >> >> Twayne > > Just out of curiosity, what is it you find interesting about that site? Why > do you think it is not a government site? Is it possible for some outside > entity to create a domain name in the .gov TLD? > > My understanding is that anyone wishing to do business with the government > must register on that site. If this is some sort of scam, I would really > like to know! http://en.wikipedia.org/wiki/.gov From nobody at devnull.spamcop.net Tue Feb 24 13:59:07 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Tue Feb 24 14:00:07 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Tim McGraw" wrote in message news:go1fjp$9t7$1@news.spamcop.net... > Blue Rock wrote: >> Twayne wrote: >>> Actually, I have my doubts as to whether that's even actually a gvt >>> site. If you take a look at them with robtex.com, some of the info is >>> pretty interesting. I am not saying I don't think the site is legit; >>> I'm saying I'm not so sure it's really a gvt site. >>> As for blocklists, they're listed as "entire tld is rfc-ignorant". >>> Never seen that before about a site. >>> >>> Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting >>> neighbors, too. >>> >>> Twayne >> >> Just out of curiosity, what is it you find interesting about that site? >> Why do you think it is not a government site? Is it possible for some >> outside entity to create a domain name in the .gov TLD? >> >> My understanding is that anyone wishing to do business with the >> government must register on that site. If this is some sort of scam, I >> would really like to know! > > http://en.wikipedia.org/wiki/.gov Thanks, Tim. Reading this, it looks like it would be very difficult for somebody to set up an illegitimate .gov site. From me at privacy.net Tue Feb 24 14:45:13 2009 From: me at privacy.net (Michael R N Dolbear) Date: Tue Feb 24 14:50:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: <01c995d8$898d8e80$LocalHost@default> Message-ID: <01c996a8$848439e0$LocalHost@default> Farelf wrote in article ... > Michael R N Dolbear wrote: > > Regular channels ? > > Quite a lot still judging by the numbers that have "xxx is an open > > proxy" in the analysis or webmail adverts in the text > That's interesting Mike. On two quite different spam "streams", one at > work, one at home, I have been seeing next to none of that (just a > little webmail only). Different spammer lists to yours I guess. > Anyway, "open proxy" isn't part of a "regular" e-mail channel, IIUC. I would say that a hacked php response page is both an "open proxy" and uses a "regular" e-mail channel. The only irregular feature being the hacking. >From one of today's Quick reporting data emails, 26 out of 30 were open proxies 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) 88.250.73.250 is an open proxy http://www.spamcop.net/sc?id=z2646355423z2930f9786c2293bc91a86732fbb3c22 3z 200.88.171.200 listed in cbl.abuseat.org ( 127.0.0.2 ) 200.88.171.200 is an open proxy http://www.spamcop.net/sc?id=z2646355232z201e977cab1b2a05008c1d0dc9cd154 bz 218.59.30.70 listed in cbl.abuseat.org ( 127.0.0.2 ) 218.59.30.70 is an open proxy http://www.spamcop.net/sc?id=z2646355158z3cb3dd6ff5d6557c5eff8d626d01601 0z 208.110.88.79 listed in cbl.abuseat.org ( 127.0.0.2 ) 208.110.88.79 is an open proxy Spam report id 3892744550 sent to: abuse@wholesaleinternet.com May be saved for future reference: http://www.spamcop.net/sc?id=z2646355023zfb34a4f4b46aa1d5d1b4140826237ea fz 87.109.221.15 listed in cbl.abuseat.org ( 127.0.0.2 ) 87.109.221.15 is an open proxy http://www.spamcop.net/sc?id=z2646354979z6f93e18af80a5f3e6cb10db6f677328 8z 124.135.57.31 listed in cbl.abuseat.org ( 127.0.0.2 ) 124.135.57.31 is an open proxy http://www.spamcop.net/sc?id=z2646354942zb221e7c5b58be6ab6d2e9ec43c2ec46 3z Got bored. -- Mike D From Klamm at x.x Tue Feb 24 15:28:59 2009 From: Klamm at x.x (Klamm) Date: Tue Feb 24 15:30:08 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: Hey Twayne. Can I ask u a question? Can I use a mail account (a non valid one) with the smtp of another account to send spam reports? I mean, I know I can do it. In fact, I?m doing it right now sending this mail. Bur my question is if Spamcop wouldn?t accept my report for considering it a bounce mail. Well, my english is not very good. I hope you undestand something. Thanks. En 24/02/2009 15:54:10, Twayne escribi?: > Frank wrote: >> I tried spamcop a few days ago , then I was only getting like 2 to 4 >> spams a day, now I am getting between 12 and 16 a day, can someone >> explain this to me? >> Thanks >> Fdraven > > Hi Frank, > > In plain language, using Spamcop won't usually get you less spam and in > certain instances can actually increase your spam load. > With all due respect, if you go back and read more in the FAQs at > spamcop.net, you'll notice that spamcop is really a tool used to create > a listing of spammers, thereby identifying them and allowing them be be > ignored by various and varied methods. Spamcop's purpose is not to > decrease the spam you get, although logically it may seem that should be > the result. > So if your interest is solely to get rid of spam in your mailbox, > spamcop isn't going to make that happen. However if your interest is to > punish spammers, cost them money by keeping their accounts being taken > away from them, and in general fighting the scourge of the internet, > you've chosen what IMO Is the best place to do it. Ymmv of course > and your successes are often not even known to you untl you learn more > about how it all works together. > So the basic purpose of SC is to list spammers in a maintained list > that others can use to keep them out of their inboxes. It seldom will > result in less spam and maybe even increase it at first. Here are some > spamfighting tips you can find mentioned in and around the good FAQs at > spamcop: > > -- GET YOUR REAL EMAIL ADDRESS OUT OF YOUR POSTS HEADERS! Just based > on that one mistake, I'd say your increase in spam is not due to using > spamcop but from leaving your real email address in each and every place > you post to in any/all the groups. To see what I'm talking about, take > a look at the Headers in any of your posts; you'll see your address > right there, just waiting to be picked up and added to many spammer's > lists. > Based on that and your Vista OS, I'd also say that your current > address hasn't been used for very long. I'd predict that within the > next few to several weeks your address, if not so already, will be > appearing in thousands of "lists" of addresses to spam, and probably on > several of the CDs spammers sell to each other of "good addresses to > spam". Where your address is listed will continue to grow and it'll be > in more and more places every day. Hopefully, due to the efforts of > spamcop and the like, it won't completely obliterate your mailbox by > virtue of having shut down many of those spammers sites and accounts, or > at least by them being listed on the spamcop block list by faithful spam > reporters such as yourself. > I'll stop before I write a book. Everything I said and much more is > available in the spamcop FAQs if you can just locate the right ones. > There's a lot to learn and a lot to read. > > The point I am trying to make is that spamcop IMO is a great tool, > creates a valuable and useful block list, usable by any who wish to use > it and who have the ability, of identified bottom feeding bass turd > spammers. It is not to reduce YOUR spam load; it's to reduce the > world's spamload by getting spammers isolated until eventually, in > theory, they can no longer reach anyone with their spam. Theory isn't > reality of course. The real value in being a spamcop reporter is > knowing you are making it difficult for the spammers. Hopefully; > sometimes it's hard to tell. > > So, remove your real email addy from your headers; use something like > invalid@invalid.invalid or any one of many others that have been created > specifically for this purpose. Notice my email address; it's one > spamcop provides to use in place of a real email address. It's very > important to never use any kind of address that could ever exist now or > in the future; it has to be one set aside for the purpose. Never post > your real email address on a newsgroup in a recognizable form; the bots > and crawlers will scrape it up every time and often within hours, not > days. > > Then learn about and practice Safe Hex. Look for the term in Google or > your fav search engine. Lots of good advice there. > > Never, ever respond to a spam in any way; don't click anything in it, > don't even set your mouse in it it. If possible, don't even read it or > allow it to display on your screen. 98% of spam can be identified > without reading it IMO. Happy reading, or, bye, as the case may be. > > Cheers, > > Twayne > > > > From me at privacy.net Tue Feb 24 17:32:50 2009 From: me at privacy.net (Michael R N Dolbear) Date: Tue Feb 24 17:35:08 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: <01c996cd$b059b160$LocalHost@default> Twayne wrote > -- GET YOUR REAL EMAIL ADDRESS OUT OF YOUR POSTS HEADERS! Just based > on that one mistake, I'd say your increase in spam is not due to using > spamcop but from leaving your real email address in each and every place > you post to in any/all the groups. To see what I'm talking about, take > a look at the Headers in any of your posts; you'll see your address > right there, just waiting to be picked up and added to many spammer's > lists. Actually if Frank doesn't need to take his email addie out altogether. If he changes his From: to use nobody at devnull.spamcop.net as you do and has a Reply-to with email address as I do, that seems to defeat the current harvesters. -- Mike D From nobody at spamcop.net Tue Feb 24 18:46:50 2009 From: nobody at spamcop.net (Bar0) Date: Tue Feb 24 18:50:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Blue Rock" wrote in message news:go1ecu$6bs$1@news.spamcop.net... ..... > > So, do you think I should try to remove myself from the list, or remove my > email address from the site? That depends on your objectives. If you find reporting the mainsleaze spammers odious and fruitless, try to get yourself removed from the list. Removing your address from the site will probably have no effect on your spam load now. But, who knows, perhaps the next mainsleazer won't include you in their list. How valuable to you is it to be present on that site? From nobody at devnull.spamcop.net Tue Feb 24 19:57:39 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 20:00:07 2009 Subject: [Scspamcop] Re: Major Spamage References: <01c996cd$b059b160$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Twayne wrote > >> -- GET YOUR REAL EMAIL ADDRESS OUT OF YOUR POSTS HEADERS! Just >> based on that one mistake, I'd say your increase in spam is not due >> to using spamcop but from leaving your real email address in each >> and every place you post to in any/all the groups. To see what I'm >> talking about, take a look at the Headers in any of your posts; >> you'll see your address right there, just waiting to be picked up >> and added to many spammer's > >> lists. > > Actually if Frank doesn't need to take his email addie out altogether. > If he changes his From: to use nobody at devnull.spamcop.net as you do > and has a Reply-to with email address as I do, that seems to defeat > the current harvesters. I mean no offense, but I think you are laboring under a false assumption: According to your Headers, your Reply to is mDOTdolbearATlineoneDOTnet, right? That is every bit as scrapeable by spambots and harvesters as if it were in the Return Path header where you DO have a fasle address. But, your real address is still right there, waiting to be scraped by any kiddie/college kid/spammer/malcontent that crawls the same places you post to. It is not WHERE the email address appears in the headers, it's that it appears at all. Spamware et al simply look for the @ sign and then take the before/after tonnage including any other DOTs, etc, up to the first space, and use it for an address. BTW, I'm just a user like you, and no guru by any means. Cheers, Bro` Regards, Twayne From nobody at devnull.spamcop.net Tue Feb 24 20:03:29 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 20:05:08 2009 Subject: [Scspamcop] Re: Major Spamage References: Message-ID: Klamm wrote: > Hey Twayne. Can I ask u a question? > > Can I use a mail account (a non valid one) with the smtp of another > account to send spam reports? > > I mean, I know I can do it. In fact, I´m doing it right now sending > this mail. Bur my question is if Spamcop wouldn´t accept my report for > considering it a bounce mail. > > Well, my english is not very good. I hope you undestand something. > > Thanks. Well, yes, you probably can and I don't see where spamcop would have any problems. Unless your hostmail setup didn't include it; then I guess you might have problems. If your hostmail setup doesn't include it, then your spam parses might not be accurate I suppose and you could be misreporting spams, a no-no for spamcop. I'll have to hope someone else pops in with a more reliable, more inclusive answer; I'm just a user like you are; sorry. My apologies if I gave you a different impression of my status here. Cheers, Twayne > > > > En 24/02/2009 15:54:10, Twayne escribió: > >> Frank wrote: >>> I tried spamcop a few days ago , then I was only getting like 2 to 4 >>> spams a day, now I am getting between 12 and 16 a day, can someone >>> explain this to me? >>> Thanks >>> Fdraven >> >> Hi Frank, >> >> In plain language, using Spamcop won't usually get you less spam and >> in certain instances can actually increase your spam load. >> With all due respect, if you go back and read more in the FAQs at >> spamcop.net, you'll notice that spamcop is really a tool used to >> create a listing of spammers, thereby identifying them and allowing >> them be be ignored by various and varied methods. Spamcop's purpose >> is not to decrease the spam you get, although logically it may seem >> that should be the result. >> So if your interest is solely to get rid of spam in your mailbox, >> spamcop isn't going to make that happen. However if your interest >> is to punish spammers, cost them money by keeping their accounts >> being taken away from them, and in general fighting the scourge of >> the internet, you've chosen what IMO Is the best place to do it. Ymmv >> of course and your successes are often not even known to you >> untl you learn more about how it all works together. >> So the basic purpose of SC is to list spammers in a maintained >> list that others can use to keep them out of their inboxes. It >> seldom will result in less spam and maybe even increase it at first. >> Here are some spamfighting tips you can find mentioned in and around >> the good FAQs at spamcop: >> >> -- GET YOUR REAL EMAIL ADDRESS OUT OF YOUR POSTS HEADERS! Just >> based on that one mistake, I'd say your increase in spam is not due >> to using spamcop but from leaving your real email address in each >> and every place you post to in any/all the groups. To see what I'm >> talking about, take a look at the Headers in any of your posts; >> you'll see your address right there, just waiting to be picked up >> and added to many spammer's lists. >> Based on that and your Vista OS, I'd also say that your current >> address hasn't been used for very long. I'd predict that within the >> next few to several weeks your address, if not so already, will be >> appearing in thousands of "lists" of addresses to spam, and probably >> on several of the CDs spammers sell to each other of "good addresses >> to spam". Where your address is listed will continue to grow and >> it'll be in more and more places every day. Hopefully, due to the >> efforts of spamcop and the like, it won't completely obliterate your >> mailbox by virtue of having shut down many of those spammers sites >> and accounts, or at least by them being listed on the spamcop block >> list by faithful spam reporters such as yourself. >> I'll stop before I write a book. Everything I said and much more >> is available in the spamcop FAQs if you can just locate the right >> ones. There's a lot to learn and a lot to read. >> >> The point I am trying to make is that spamcop IMO is a great tool, >> creates a valuable and useful block list, usable by any who wish to >> use it and who have the ability, of identified bottom feeding bass >> turd spammers. It is not to reduce YOUR spam load; it's to reduce >> the world's spamload by getting spammers isolated until eventually, >> in theory, they can no longer reach anyone with their spam. Theory >> isn't reality of course. The real value in being a spamcop reporter >> is knowing you are making it difficult for the spammers. >> Hopefully; sometimes it's hard to tell. >> >> So, remove your real email addy from your headers; use something like >> invalid@invalid.invalid or any one of many others that have been >> created specifically for this purpose. Notice my email address; >> it's one spamcop provides to use in place of a real email address. >> It's very important to never use any kind of address that could ever >> exist now or in the future; it has to be one set aside for the >> purpose. Never post your real email address on a newsgroup in a >> recognizable form; the bots and crawlers will scrape it up every >> time and often within hours, not days. >> >> Then learn about and practice Safe Hex. Look for the term in Google >> or your fav search engine. Lots of good advice there. >> >> Never, ever respond to a spam in any way; don't click anything in it, >> don't even set your mouse in it it. If possible, don't even read it >> or allow it to display on your screen. 98% of spam can be identified >> without reading it IMO. Happy reading, or, bye, as the case may >> be. Cheers, >> >> Twayne From nobody at spamcop.net Tue Feb 24 20:15:08 2009 From: nobody at spamcop.net (Ellen) Date: Tue Feb 24 20:20:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Twayne wrote: > Ellen, > > Actually, I have my doubts as to whether that's even actually a gvt > site. If you take a look at them with robtex.com, some of the info is > pretty interesting. I am not saying I don't think the site is legit; > I'm saying I'm not so sure it's really a gvt site. > As for blocklists, they're listed as "entire tld is rfc-ignorant". > Never seen that before about a site. > > Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting > neighbors, too. > looks legit to me: whois: CCR.GOV Department of Defense Integrated Acquisition Environment (IAE) - Business Partner Network Domain Name: CCR.GOV Status: Active I have no idea what robtex.com is and when I tried to access it I got this error: While trying to retrieve the URL: http://robtex.com/ The following error was encountered: * Unable to forward this request at this time. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: * The cache administrator does not allow this cache to make direct connections to origin servers, and * All configured parent caches are currently unreachable. Ellen From nobody at devnull.spamcop.net Tue Feb 24 20:22:36 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 20:25:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Twayne" wrote in message > news:gnvipb$oag$1@news.spamcop.net... >> Blue Rock wrote: >>> "Ellen" wrote in message >>> news:gnv9d7$30i$1@news.spamcop.net... >>>> Blue Rock wrote: >>>>> Several months ago, I decided to sign my business up on the >>>>> governemnt's Central Contractor Registration (CCR) web site >>>>> (ccr.gov). At that time, it was possible that I might be getting >>>>> some government contractor work. At the time I signed up, I >>>>> received a warning that emailing marketers may use the email >>>>> address used to sign up to send me marketing information, but I >>>>> did not find any statement that I was agreeing to receive such >>>>> marketing information as a condition of signing up on the >>>>> government site. >>>> >> >> ... >> >> > dismissal of any of the snipped information; snippage is for >> relevance to my comments only: ... > > If spammers send email to me, I report them to SPAMCOP. Hopefully > that hurts the spammers, if they get listed. I have set my email up > so that the whole process can be done in minutes, so it doesn't > matter that much to me. Makes sense, Blue. I still have a feeling there's something to their initial warning bits that if you pressed them to the wall, they'd use it as the reason for the spams, but that's just my opinion. It'd be a dull world without differing opinions. Just to state something that may be irrellevent or even moot, it looked like in order to contact you or anyone who signed up, that the contactor had to sign up similar to the way you, the contactee, did and that was how they would receive contact information. I feel that, gvt site or not, there is no reason to ever be placing clients/users email in the clear on a web site. To me that is just inexcusably wrong. Gosh, that's such a simply obvious well known strategy that almost no one other than extreme newbies violate it anymore. That's not to say that some clever programmer hasn't figured out how to turn loose a bot though, capable of signing into and scraping addresses for the spammers. I didn't go into the site far enough to know whether there were any security measures in place at all so I'm just guessing, sort of thinking out loud here. Apparently I've misunderstood you from the beginning because in view of your statements and comments now, I no longer see a question to be answered here. If feels like you answered your own question. I'd say that as long as you're satisfied with the way things are then great; enjoy life and don't worry about the small things. And your'e right, your address IS out there now so you are going to get spam regardless of what you do now. OTOH you might be able to limit it from going to future lists and CDs though. Six of one ... . Cheers, Twayne From user at domain.invalid Tue Feb 24 20:34:59 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 24 20:35:08 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: <01c996a8$848439e0$LocalHost@default> References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > > I would say that a hacked php response page is both an "open proxy" and > uses a "regular" e-mail channel. The only irregular feature being the > hacking. > > From one of today's Quick reporting data emails, 26 out of 30 were open > proxies > > 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) > 88.250.73.250 is an open proxy > http://www.spamcop.net/sc?id=z2646355423z2930f9786c2293bc91a86732fbb3c22 > 3z ... Ah, I see ... of course. My eyes must have been glazing over before that point, glancing at my own - you are right of course. > > Got bored. > But thanks anyway - I've learned something. Well, several things. From user at domain.invalid Tue Feb 24 20:51:46 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 24 20:55:07 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Ellen wrote: ... > > I have no idea what robtex.com is and when I tried to access it I got > this error: > > While trying to retrieve the URL: http://robtex.com/ > > The following error was encountered: > > * Unable to forward this request at this time. > > This request could not be forwarded to the origin server or to any > parent caches. The most likely cause for this error is that: > > * The cache administrator does not allow this cache to make direct > connections to origin servers, and > * All configured parent caches are currently unreachable. That is weird - I use RobTex all the time. Scripting needs to be allowed for the significant parts of the pages to work but that should not prevent you at least pulling up a sparse page. Sounds like you would need to change some browser/add-ins settings or use a proxy, if you wanted to go there, unless it was just a momentary thing. But if you've managed without it before ... Still, it very nearly is a "one-stop shop" and I think you might like their connectivity maps with clickable links all through the displayed networks. From user at domain.invalid Tue Feb 24 21:06:12 2009 From: user at domain.invalid (Farelf) Date: Tue Feb 24 21:10:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Bar0 wrote: > > "Blue Rock" wrote in message > news:go1ecu$6bs$1@news.spamcop.net... > ..... >> >> So, do you think I should try to remove myself from the list, or >> remove my email address from the site? > > That depends on your objectives. > > If you find reporting the mainsleaze spammers odious and fruitless, try > to get yourself removed from the list. > ... I have a 'marketing' company spamming me regularly for six months, evidently fairly mainstream and sending to an address that had not been given to them by me (in fact hasn't been used for any outgoing since Nov/Dec 2005 though may have been quoted in some sign-up after that date). But I report them. They have never once responded to me about any of the many reports I have made. (They also have an 'do not reply' sending address and a gmail return address which I don't like). Anyway, I figure if they have a problem with my behavior they could always discuss it but they never have. If they complained to SC, I would hope one of SC's early responses to them would be to ask if they had ever used the response to reporter link on every report and could they please provide some evidence of doing that. From nobody at devnull.spamcop.net Tue Feb 24 21:08:45 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Feb 24 21:10:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Twayne" wrote in message > news:go1cve$2qj$1@news.spamcop.net... >> Ellen, >> >> Actually, I have my doubts as to whether that's even actually a gvt >> site. If you take a look at them with robtex.com, some of the info >> is pretty interesting. I am not saying I don't think the site is >> legit; I'm saying I'm not so sure it's really a gvt site. >> As for blocklists, they're listed as "entire tld is rfc-ignorant". >> Never seen that before about a site. >> >> Strange place. Oh, it's simply ccr.gov, BTW. Pretty interesting >> neighbors, too. >> >> Twayne >> > > Just out of curiosity, what is it you find interesting about that > site? Why do you think it is not a government site? What I meant was it wasn't actually run by a government agency and gvt critters but is a site allowed by the GSA because they offer a service the gvt wants/uses. The GSA manages .gov TLDs for the web. Is it possible > for some outside entity to create a domain name in the .gov TLD? I don't know. I'd say since it's all federally controlled though that one wouldn't ge away with it for long! In this country anyway. If you noticed, the registraarts don't offer a .gov listing. I suspect that's by law since the GSA manages them. But ... I wasn't suggesting that it was DISHONEST or ILLEGAL or posing as something it is not. Rather, I have the feeling that the .gov TLD may not be techinically completely applicable because it just doesn't ring true of a government web site. It's sometimes possible IME to get the gvt GSA office to give you a .gov domain because you are in support of some gvt agency or function and some office speaks for you, allowing it to happen. CCR seems to be more one of those than an actual governmental site. That's all. > > My understanding is that anyone wishing to do business with the > government must register on that site. If this is some sort of scam, > I would really like to know! I do not think it's some sort of scam. To me it appears poorly managed and its policies seem pretty loose from some things you've said. My apologies if I made it sound like a scam. I do not think that at all and have only briefly researched it based on your leads. Howver, I would like to point out that " anyone wishing to do business with the > government must register on that site. " isn't actually true, but suffice to say there are several paths rather than argue the point. I used to be aware of several of them when I was working with the SBA and FTC but I'd be hard pressed to find them again at this late date. Sorry if I've caused any confusion. Didn't mean to. Twayne From nobody at spamcop.net Wed Feb 25 00:55:06 2009 From: nobody at spamcop.net (Antispam Knight) Date: Wed Feb 25 00:55:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Blue Rock" wrote in message news:go1d08$2s1$1@news.spamcop.net... > > "Twayne" wrote in message > news:gnvipb$oag$1@news.spamcop.net... >> Blue Rock wrote: >>> "Ellen" wrote in message >>> news:gnv9d7$30i$1@news.spamcop.net... >>>> Blue Rock wrote: >>>>> Several months ago, I decided to sign my business up on the >>>>> governemnt's Central Contractor Registration (CCR) web site >>>>> (ccr.gov). At that time, it was possible that I might be getting >>>>> some government contractor work. At the time I signed up, I >>>>> received a warning that emailing marketers may use the email >>>>> address used to sign up to send me marketing information, but I did >>>>> not find any statement that I was agreeing to receive such >>>>> marketing information as a condition of signing up on the >>>>> government site. >>>> >> >> ... >> >> > any of the snipped information; snippage is for relevance to my comments >> only: >> >>> >>> Many web publishers issue similar warnings - that if you place an >>> email address on a web-site published by them, it will be publicly >>> accessible, and used to advertise to you. These are warnings that >>> your address may be harvested, and used for spam, not an agreement >>> with the publisher of the site. So, does that mean that I should not >>> report any spam received at an address that has been placed on any >>> public web site? >>> Finally, I signed up on a government site. Any agreement that I made >>> (tacit or otherwise) is with the US Government. Magnetmail, and the >>> other companies sending me marketing materials are not part of the US >>> Government. They (or their customers, who are also not the US >>> government) harvested my email address from the government web site, >>> and are using it to send me materials advertising their products or >>> services. How are they any different from the guy who harvested my >>> address from the government web site, and sent me an advertisement >>> for pills, or for a watch, or for a low-interest loan? >> >> >> This was an interesting thread. In past lives I have had many dealings >> with gvt critters & their holes, I mean, offices and rules & regs, and >> this just wasn't jiving right. >> >> Unfortunately, it would appear that you did unwittingly requiest some of >> that spam. >> Please read the excerpt below I found when briefly searching their FAQs: >> http://www.ccr.gov/faq.aspx#needtoknow >> ------------------- >> Q: Is my company going to be included in any marketing lists? >> >> A: Certain CCR information, like phone numbers, is available through the >> Freedom of Information Act (FOIA). *Email addresses are never made >> available publicly* through CCR. >> In D&B, users have the option of being included in D&B's marketing >> campaign. If you choose not to be included in this marketing list, please >> *request to be removed* from D&B's marketing file by calling >> 866-705-5711. *D&B does not publish email addresses.* >> If you are a small business and part of the Dynamic Small Business Search >> (DSBS), your business contact information, including email addresses, >> *may be available. *You can *request to have your email address removed* >> by sending an email to DSBShelpdesk@basetech.com. >> For Equifax (formerly known as Austin Tetra), users who no longer wish to >> receive promotional materials from Equifax or its affiliates and partners >> may opt out of receiving marketing communications by replying with >> "unsubscribe" in the subject line of the email or by sending an email to >> clientsvc@austintetra.com. >> ----------------- >> Like it says, CCR makes NO email addresses publicly availble. But then >> they add a lot of shit to that, which seems to nullify the claim >> entirely. >> > > What that FAQ means, is that during the process of registering on the CCR > site, you may have to deal with one or more other sites. Two of those > other sites (D&B and Equifax) are businesses that may want to send you > marketing information of their own. The third (DSBS) is another > government site which may publicly display your email address. > > EVERYONE registering on CCR must obtain a D&B number, which means they > must also register on D&B's site. I did so, but I opted out of receiving > their marketing information. I also used a different email address, and > that email address is not receiving anything. None of the spam I am > receiving comes from D&B anyway. > > Some people wanting to do business with the government may have to get a > credit rating, so they might have to deal with Equifax. That did not > apply to me, so I did not even go to their site. None of the spam I am > receiving comes from Equifax anyway. > > My email address was publicly displayed in the governemnt DSBS. This > happens automatically if you indicate you are a small business, during the > registration. This is the only place where the address shows up publicly, > and it is where the spammers are harvesting my email address. > > NOTHING in the FAQ states that you are agreeing to receive such marketing > information, (except that which would come from D&B or Equifax). I have > signed up for plenty of sites (credit cards, banks, on-line stores, etc.) > that make it very clear how they will use your email address, whether or > not they send you marketing materials, and how to opt-out if you don't > want them. This FAQ is nothing like that. NOTHING in the CCR privacy > policy states that you are agreeing to receive such marketing information, > either. > > So, I disagree that I have tacitly agreed to receive spam. > >> Based on this Q/A and a couple others of similar content, it looks to me >> like you need to make a few phone calls to get off those lists, wherever >> your mail addy is being listed. IMO you are the victim of having had to >> do a lot of reading in the right places to know what you should have >> known. Typical unfortunately of our bass turd gummint critters, and >> thoroughly disgusting. >> > > Since I am not receiving marketing materials from Equifax or D&B, calling > or writing either of them will do nothing. D&B had a box to check to NOT > receive their marketing info when I signed up, and so far they have > honored that request. > > Although I agree that I could contact DSBS, and have them remove my email > address, I don't think that is necessary. The spammers have already > harvested the address anyway, and I would like to provide some means for a > potental customer to contact me. > >> While it makes sense there HAS to be a method of contact, it does NOT >> appear that it's anything that's intended to be in the clear and that >> would be so easily harvested by spammers, especially considering the >> sensitive personal nature of some of the information they collect! As >> sort of an aside here, I would be forced to allow my paranoia to rise >> high enough to worry about the exposure of my ss number and some other >> identity-theft information, and seek strong evidence that was was NOT >> possible to do! My short ftp stint led me to a few pages of what I think >> were embedded ssn's next to full names but I'm not certain that's what it >> was/is. The number format was right though, and every single one of them >> passed my ssn program for probably being legitimate ssns. >> > > I am not sure what ftp site you looked at. I never had to enter my SSN. > I probably had to enter my company's TID, but that is probably available > someplace anyway. > >> If the site can be believed, sensitive data should ONLY be able to be >> accessed via fairly closely guarded accounts and bots wouldn't be >> crawling those very easily so the sources of the spam are probably as >> referenced in that FAQ entry above. >> > > You can very easily search either the CCR site, or the DSBS site. I see > absolutely no reason why a bot could not do so. If you look up my company > "Blue Rock Systems", you will find that the CCR site does not list any > email address, but the DSBS site does. None of the other information > displayed on either of these searches is "sensitive". > >> If it were me I think I'd get on the horn and start asking some deep >> questions in a firm and mehodical manner, keeping FOIA in mind if they >> gave you trouble. >> You are alleging somethign that is very disturbing to be happening at an >> actual .gov web site. I would be very interested in hearing what >> transpires for you in your endeavors to get you address hidden. Actually, >> you should probably use their panel to change the email addy you use and >> simply retire the current one since it sounds like it's probably on a lot >> of lists already. IMO what's going on is totally unacceptable of any gvt >> agency/office/person/critter/whatever. >> > > When I started receiving hard-core spam at that email address, less than a > week after I registered, I contacted the CCR, using the contact form on > their web site. I received absolutely no reply. > > I decided not to pursue it any further. The email address is publicly > displayed. It is easy for spammers to find. There is nothing the > government can really do about that. > > If spammers send email to me, I report them to SPAMCOP. Hopefully that > hurts the spammers, if they get listed. I have set my email up so that > the whole process can be done in minutes, so it doesn't matter that much > to me. > Interesting discussion. I too have signed up on CCR, a couple of years ago. I too, created a unique email addy for CCR. Over the period hence, I can count on one hand the number of spams I have received through that email addy. After the second spam, a few months back, I whitelisted the apprpriate TLD's, and haven't seen a spam since. Now, anybody from any of the agencies with which I deal, can email me, but others get rejected at SMTP time. Works for me--ymmv. I don't think I reported those spams I received. They were straight up. AK From 127 at [127.0.0.1] Wed Feb 25 06:30:28 2009 From: 127 at [127.0.0.1] (vg4cysss7001) Date: Wed Feb 25 06:35:09 2009 Subject: [Scspamcop] Re: Major Spamage References: <01c996cd$b059b160$LocalHost@default> Message-ID: In article , Twayne writes >I mean no offense, but I think you are laboring under a false >assumption: > According to your Headers, your Reply to is >mDOTdolbearATlineoneDOTnet, right? That is every bit as scrapeable by >spambots and harvesters as if it were in the Return Path header where >you DO have a fasle address. But, your real address is still right >there, waiting to be scraped by any kiddie/college >kid/spammer/malcontent that crawls the same places you post to. > It is not WHERE the email address appears in the headers, it's that >it appears at all. Spamware et al simply look for the @ sign and then >take the before/after tonnage including any other DOTs, etc, up to the >first space, and use it for an address. From what I have read, what you have written is not true of Usenet. There is a difference between what is returned for various NNTP commands (XOVER?). A From: address is readily attainable, but a Reply-To: address takes more bandwidth. Hence my current practice :-) > >BTW, I'm just a user like you, and no guru by any means. -- Misha Free on-line, off-site backups? From nobody at spamcop.net Wed Feb 25 06:51:17 2009 From: nobody at spamcop.net (Ellen) Date: Wed Feb 25 08:00:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Farelf wrote: > Ellen wrote: > ... >> >> I have no idea what robtex.com is and when I tried to access it I got >> this error: >> >> While trying to retrieve the URL: http://robtex.com/ >> >> The following error was encountered: >> >> * Unable to forward this request at this time. >> >> This request could not be forwarded to the origin server or to any >> parent caches. The most likely cause for this error is that: >> >> * The cache administrator does not allow this cache to make direct >> connections to origin servers, and >> * All configured parent caches are currently unreachable. > > That is weird - I use RobTex all the time. Scripting needs to be > allowed for the significant parts of the pages to work but that should > not prevent you at least pulling up a sparse page. Sounds like you > would need to change some browser/add-ins settings or use a proxy, if > you wanted to go there, unless it was just a momentary thing. But if > you've managed without it before ... > I tried the link again and got the same error message. I have javascript turned on. What *is* it that the site is supposed to do? Ellen From MikeE at ster.invalid Wed Feb 25 09:50:59 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 25 09:55:08 2009 Subject: [Scspamcop] Re: Major Spamage References: <01c996cd$b059b160$LocalHost@default> Message-ID: vg4cysss7001 wrote: > Twayne >> It is not WHERE the email address appears in the headers, it's that >> it appears at all. > From what I have read, what you have written is not true of > Usenet. There is a difference between what is returned for various NNTP > commands (XOVER?). > A From: address is readily attainable, but a Reply-To: address > takes more bandwidth. Hence my current practice :-) You are correct about XOVER. Twayne is incorrect. There are some processes, such as virus/trojans which harvest everything with an @ from anywhere on the infected's system. Under those circumstances, even a reply-to address could be harvested from a message as well as innumerable other types of file @ harvests. But for simple usenet From scraping, the XOVER is a very popular tool, which xover does not (normally) harvest the reply-to because the reply-to is not in the overview, unless for some strange reason a news admin would choose to put it there. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Feb 25 10:03:35 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 25 10:05:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Ellen wrote: > Farelf wrote: >> Ellen wrote: >>> While trying to retrieve the URL: http://robtex.com/ >> That is weird - I use RobTex all the time. > I tried the link again and got the same error message. I have javascript > turned on. What *is* it that the site is supposed to do? I go in here http://www.robtex.com/ It is hard to describe its myriad functions, but there's a 'light' description on the front page. Mess around with it for a while. It really surprised me the other day when I fed it an IP and was expecting to just get the rDNS, but hoping that I would get a 'whole bunch' of names which DNS to the IP, which it did for me, giving me about 85 names for a main google IP. One of the subpages sez "latest news: Jan 26: new version of the shared tab with more extensive DNS-relationships" I'm not sure how that works. Here's a thread^1 for the discussion. Ignore Spam Guy who brought it up :-) ^1 http://groups.google.com/group/alt.spam/msg/808f2ba98a68ce34?hl=en -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Feb 25 10:31:38 2009 From: nobody at spamcop.net (Ellen) Date: Wed Feb 25 11:55:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Mike Easter wrote: > > I go in here http://www.robtex.com/ oh duh that worked ... slow but the site came up > > It is hard to describe its myriad functions, but there's a 'light' > description on the front page. Mess around with it for a while. OK off to mess around ... > > ^1 http://groups.google.com/group/alt.spam/msg/808f2ba98a68ce34?hl=en > > :-) TY Ellen From nobody at devnull.spamcop.net Wed Feb 25 13:08:12 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Feb 25 13:10:08 2009 Subject: [Scspamcop] Re: Major Spamage References: <01c996cd$b059b160$LocalHost@default> Message-ID: Mike Easter wrote: > vg4cysss7001 wrote: >> Twayne > >>> It is not WHERE the email address appears in the headers, it's >>> that it appears at all. > >> From what I have read, what you have written is not true of >> Usenet. There is a difference between what is returned for various >> NNTP commands (XOVER?). >> A From: address is readily attainable, but a Reply-To: >> address takes more bandwidth. Hence my current practice :-) > > You are correct about XOVER. Twayne is incorrect. > > There are some processes, such as virus/trojans which harvest > everything with an @ from anywhere on the infected's system. Under > those circumstances, even a reply-to address could be harvested from > a message as well as innumerable other types of file @ harvests. > > But for simple usenet From scraping, the XOVER is a very popular tool, > which xover does not (normally) harvest the reply-to because the > reply-to is not in the overview, unless for some strange reason a > news admin would choose to put it there. Thanks for the correction Mike, but a pox on your for confusing me! Please see my following New "ping" post to you. HTH, Twayne From nobody at devnull.spamcop.net Wed Feb 25 13:15:55 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 25 13:20:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Twayne" wrote in message news:go26gm$4ol$1@news.spamcop.net... > Blue Rock wrote: >> "Twayne" wrote in message >> news:gnvipb$oag$1@news.spamcop.net... >>> Blue Rock wrote: >>>> "Ellen" wrote in message >>>> news:gnv9d7$30i$1@news.spamcop.net... >>>>> Blue Rock wrote: >>>>>> Several months ago, I decided to sign my business up on the >>>>>> governemnt's Central Contractor Registration (CCR) web site >>>>>> (ccr.gov). At that time, it was possible that I might be getting >>>>>> some government contractor work. At the time I signed up, I >>>>>> received a warning that emailing marketers may use the email >>>>>> address used to sign up to send me marketing information, but I >>>>>> did not find any statement that I was agreeing to receive such >>>>>> marketing information as a condition of signing up on the >>>>>> government site. >>>>> >>> >>> ... >>> >>> >> dismissal of any of the snipped information; snippage is for >>> relevance to my comments only: > ... >> >> If spammers send email to me, I report them to SPAMCOP. Hopefully >> that hurts the spammers, if they get listed. I have set my email up >> so that the whole process can be done in minutes, so it doesn't >> matter that much to me. > > Makes sense, Blue. I still have a feeling there's something to their > initial warning bits that if you pressed them to the wall, they'd use it > as the reason for the spams, but that's just my opinion. It'd be a dull > world without differing opinions. If there is such a warning, it is buried so deeply, that no reasonable human being can find it. Since I posted this, others, including you, have looked at the site to find if there was some tacit agreement, and so far no one has found anything. > Just to state something that may be irrellevent or even moot, it looked > like in order to contact you or anyone who signed up, that the contactor > had to sign up similar to the way you, the contactee, did and that was how > they would receive contact information. > ... > That's not to say that some clever programmer hasn't figured out how to > turn loose a bot though, capable of signing into and scraping addresses > for the spammers. I didn't go into the site far enough to know whether > there were any security measures in place at all so I'm just guessing, > sort of thinking out loud here. I don't think so. I just tried it from my home computer, which has never been used previously to "log in" to the site (so no cookies or anything else could exist to identify me as having registered), and was able to find my email address. You can try it to.... Just go to: http://dsbs.sba.gov/dsbs/search/dsp_dsbs.cfm and enter 16851 in the ZIP code box. Then scroll down to the bottom, and click "Search Using These Criteria". You will get a very short list of all two CCR registrants in the small town of Lemont, PA. Note that there are a variety of other search criteria on the first page that a marketer could use! If you click on the listing for my company, you will see my email address publicly displayed. What is worse - on the search results page (the one listing the two CCR registrants in Lemont), there is a button you can click that will generate a list of email address for all listed companies that met the search criteria, formatted to be easily used in a variety of email programs! I never clicked that button before, but as I wrote this, I tried it. It works! But, when you click it, you get a very stern warning against using this information to "spam". After reading that warning I now feel more comfortable that I am not wrong to report those companies for spamming me. In fact, that warning also states that if I complain to the SBA, my complaint will be "referred to the Office of the Inspector General for investigation". I just might do that! At any rate, I see nothing here that would prevent a spammer from automating this search process. Among the available serach criteria, you can specify the date that any company last updated it's information. So, if a spammer searches using that criteria once a day, they can detect any new companies that sign up. > I feel that, gvt site or not, there is no reason to ever be placing > clients/users email in the clear on a web site. To me that is just > inexcusably wrong. Gosh, that's such a simply obvious well known strategy > that almost no one other than extreme newbies violate it anymore. Remember, this is the US Government we are talking about here. Terms like "inexcusably wrong" or "simply obvious" do not apply! > > Apparently I've misunderstood you from the beginning because in view of > your statements and comments now, I no longer see a question to be > answered here. > If feels like you answered your own question. I hope you have not misunderstood me. I think this has been a very helpful and informative conversation. When I look at the reporting history for one of the IP addresses used, I can see that I am not the only one reporting these guys, and from the subject lines of those reports, the other reporter(s) are clearly getting the same CCR small-business-related spam that I am. I count 27 reports over the past 30 days for IP address 209.18.70.87. Yes, I had come to the decision that the spam was reportable, after carefully reading SPAMCOP's rules, and everything I could find on this subject on the CCR site. Obviously, at least one other reporter feels the same way. But, I was 'afraid' that I overlooked something, and I wanted the opinions of more experienced people, including those at SPAMCOP, thus I posted here. I hoped that SPAMCOP may have dealt with these companies before, and might have some inside knowledege that I did not. Or that another reporter reading this group might have already gone down this road. When you and Ellen answered initially with the opinion that I had tacitly agreed to receive the spam, you both stated reasons for coming to that conclusion. Those reasons were things that I had already considered. So, I replied, further clarifying my thinking. But, I tried to be respectful, and state that I would abide by SPAMCOP's decision. In response, you and Ellen have further reviewed the policies stated on the CCR website, which has been helpful. My OP asked three questions: 1) Am I correct to be reporting these guys? 2) Why are they not showing up on more block lists (including the SCBL)? 3) Is there anything else I should do to put pressure on them (Datapipe/Magnetmail) to change their ways? Most of this "branch" of the thread has been dedicated to answering question number 1. So far, the answer seems to be: When a person signs up for the CCR site, they *may* be agreeing to receive this marketing material, but nobody can find the written statement that would inform the user of this policy. Based on this, it is OK to report them, until someone presents such evidence. Mike Easter discussed the second question in his branch of the thead. His reply, paraphrasing: An email server gets a "reputation" that is based on the ratio of goodmail to spam coming from that server. A server with a good reputation is harder get listed in the SCBL, and will more quickly be removed from the SCBL. [Note that I may be misinterpreting his reply, but if that fact is true, it seems to me that if an ISP gets large enough, they can support spammers provided they keep the ratio of spam to goodmail below a certain level, without worrying about a SPAMCOP listing.] Mike also stated that they avoid other blocklists, because their email list is built from addresses that are certainly valid addresses, and are also certainly not spamtraps. To my knowledge, no one has really discussed the third question as of yet. Please don't think that this has not been a useful discussion. You did not mis-understand me, and your answers have been right on target. And, thank-you very much for your help! From nobody at spamcop.net Wed Feb 25 13:28:19 2009 From: nobody at spamcop.net (RW) Date: Wed Feb 25 13:30:09 2009 Subject: [Scspamcop] Re: reporting your own ISP In-Reply-To: <01c996a8$848439e0$LocalHost@default> References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) > 88.250.73.250 is an open proxy "is an open proxy" is a generic term used when an IP is found on the CBL. An njabl listing will result is "open relay" and the text for a SORBS listing will vary depending on the response code. I suppose CBL listing text could be change to "bot", as most listings on the CBL are for spam-bots. It is technically an open proxy, though only accessible by the master controller. Richard > Farelf wrote in article > ... >> Michael R N Dolbear wrote: > >>> Regular channels ? > >>> Quite a lot still judging by the numbers that have "xxx is an open >>> proxy" in the analysis or webmail adverts in the text > >> That's interesting Mike. On two quite different spam "streams", one > at >> work, one at home, I have been seeing next to none of that (just a >> little webmail only). Different spammer lists to yours I guess. >> Anyway, "open proxy" isn't part of a "regular" e-mail channel, IIUC. > > I would say that a hacked php response page is both an "open proxy" and > uses a "regular" e-mail channel. The only irregular feature being the > hacking. > > From one of today's Quick reporting data emails, 26 out of 30 were open > proxies > > 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) > 88.250.73.250 is an open proxy > http://www.spamcop.net/sc?id=z2646355423z2930f9786c2293bc91a86732fbb3c22 > 3z > > 200.88.171.200 listed in cbl.abuseat.org ( 127.0.0.2 ) > 200.88.171.200 is an open proxy > http://www.spamcop.net/sc?id=z2646355232z201e977cab1b2a05008c1d0dc9cd154 > bz > > 218.59.30.70 listed in cbl.abuseat.org ( 127.0.0.2 ) > 218.59.30.70 is an open proxy > http://www.spamcop.net/sc?id=z2646355158z3cb3dd6ff5d6557c5eff8d626d01601 > 0z > > 208.110.88.79 listed in cbl.abuseat.org ( 127.0.0.2 ) > 208.110.88.79 is an open proxy > Spam report id 3892744550 sent to: abuse@wholesaleinternet.com > May be saved for future reference: > http://www.spamcop.net/sc?id=z2646355023zfb34a4f4b46aa1d5d1b4140826237ea > fz > > 87.109.221.15 listed in cbl.abuseat.org ( 127.0.0.2 ) > 87.109.221.15 is an open proxy > http://www.spamcop.net/sc?id=z2646354979z6f93e18af80a5f3e6cb10db6f677328 > 8z > > 124.135.57.31 listed in cbl.abuseat.org ( 127.0.0.2 ) > 124.135.57.31 is an open proxy > http://www.spamcop.net/sc?id=z2646354942zb221e7c5b58be6ab6d2e9ec43c2ec46 > 3z > > Got bored. > From nobody at devnull.spamcop.net Wed Feb 25 13:31:47 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Feb 25 13:35:08 2009 Subject: [Scspamcop] ping Mike Easter re xover Message-ID: Hi Mike, Reference, on 2-25-09 09:50 Sent stamp re _Major Spammage_ thread, you said: " > You are correct about XOVER. Twayne is incorrect. > 1. > There are some processes, such as virus/trojans which harvest > everything with an @ from anywhere on the infected's system. Under > those circumstances, even a reply-to address could be harvested from > a message as well as innumerable other types of file @ harvests. > 2. > But for simple usenet From scraping, the XOVER is a very popular tool, > which xover does not (normally) harvest the reply-to because the > reply-to is not in the overview, unless for some strange reason a > news admin would choose to put it there. " I assume "XOVER" must be a part of the comms protocol; I'm completely unfamiliar with it and barely familiar with helo etc.. You indicated I was incorrect, apparently re my statement about it not being WHERE an address appeared, but that it appears at all. Your first paragraph is what I was talking about. If an "@" appears, scrapers can grab an address rather readily, regardless of where it appears, as long as it appears. IMO that's the most popular method of thieving addresses with newsgroup spiders/crawlers/bots/, whatever. Right? Or wrong? Therefore, it doesn't matter where it appears, it is likely to be scraped. Perhaps not as popular these days as in the past, but a lot of it still goes on. So a form of protection is to NOT include one's address anywhere in the post's contents whether it be headers or body, etc., which are meaningless to many bots. Your second paragraph I don't understand but it appears it would be part of a contact protocol where the source is asking the server for email addresses. I did a few lookups on ehlo & xover but didnt' find anything meaningful to me other than an apparent consistant reference to nntp article numbers and where it appears, etc., but I couldn't get my head around what it was in layman's terms. Perhaps you could strap on your teacher's hat for a moment and clarify for me how your para 1 above is not relevant and what para 2 says that prevents address scraping? I probably phrased the question very poorly, so try to answer what I meant instead of what I literally asked for, OK? Seriously, apparently I'm ignorant of xover vs scraping addresses somehow and would like to get my head around it better. URLs/link/references are fine too; not trying to send you off on any research efforts. Regards, Twayne From user at domain.invalid Wed Feb 25 13:33:59 2009 From: user at domain.invalid (Farelf) Date: Wed Feb 25 13:35:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Mike Easter wrote: > > I go in here http://www.robtex.com/ Yes, that's where I end up, if I use Ellen's link. > It is hard to describe its myriad functions, but there's a 'light' > description on the front page. Mess around with it for a while. > Here's their own shot at an explanation, the 'light' description: "swiss army knife internet tool in the searchbox above you can search for: RBL checks multible RBL:s if a specific is listed (xxx.xxx.xxx.xxx) DNS checks detailed dns information for a hostname (xxx.xxx.xxx.xxx.dyn.some.net) or a domain (dyn.some.net) IP-number checks ip number information such as dns reverse and forwards (xxx.xxx.xxx.xxx) C-net checks an entire c-network (xxx.xxx.xxx) whois lookup checks whois information for a domain (dyn.some.net) route checks a specific routed prefix () AS numbers checks information on an AS-number (AS ()) BGP announcements checks prefixes origined from a specific AS-number (AS) AS macros checks who belongs to an AS-macro (example: as-ams-ix-peers) RFC documents Request For Comments (rfc2822) add engine to browser" The 'shared' thing shows shared resources for a domain (others using the same a, ns, mx, etc.) which they've now broadened - also works off IP address if that happens to be an a, ns, mx, etc. From nobody at devnull.spamcop.net Wed Feb 25 13:37:43 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 25 13:40:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Twayne" wrote in message news:go2977$cku$1@news.spamcop.net... > Blue Rock wrote: >> My understanding is that anyone wishing to do business with the >> government must register on that site. If this is some sort of scam, >> I would really like to know! > > > > Howver, I would like to point out that > " >> anyone wishing to do business with the >> government must register on that site. > " > isn't actually true, but suffice to say there are several paths rather > than argue the point. I used to be aware of several of them when I was > working with the SBA and FTC but I'd be hard pressed to find them again at > this late date. (from http://www.ccr.gov/faq.aspx#who) --- Q: Who is required to register in CCR? A: Since October 1, 2003, it is federally mandated that any organization wishing to do business with the federal government under a FAR-based contract must be registered in CCR before being awarded a contract. You can find more information on CCR and the registration process in our User's Guide. Q: What do I need to know about registering in CCR?? A: Anyone (sole proprietors, corporations, partnerships and governmental organizations) desiring to do business with the federal government must register in CCR. However, CCR registration is not required for individuals seeking grants. --- FAR is "Federal Acquistion Regulations". More than one person has told me this is true, including a purchasing agent for a company I work with, who has done Federal work. I also don't want to disagree, or have an argument, and I am certainly no expert. But these statements seem pretty clear, and simply obvious. But, in the spirit of my comment in another thread, "pretty clear" and "simply obvious" probably don't apply to the US Government! From nobody at devnull.spamcop.net Wed Feb 25 13:51:44 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 25 13:55:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Bar0" wrote in message news:go20tb$mar$1@news.spamcop.net... > > "Blue Rock" wrote in message > news:go1ecu$6bs$1@news.spamcop.net... > ..... >> >> So, do you think I should try to remove myself from the list, or remove >> my email address from the site? > > That depends on your objectives. > > If you find reporting the mainsleaze spammers odious and fruitless, try to > get yourself removed from the list. I have streamlined the process, so that it only takes a few minutes, and I use Quick Reporting. Most the spam I am receiving at this address is not mainsleaze (although I have gotten some). Most of it is CAN-SPAM compliant, and from otherwise legitimate companies, who have decided that advertising by email is a reasonable thing to do. > > Removing your address from the site will probably have no effect on your > spam load now. But, who knows, perhaps the next mainsleazer won't include > you in their list. How valuable to you is it to be present on that site? In nine months, I have not gotten a single legitimate business contact from that listing, so it is not all that valuable. I am not sure what I will do when it expires, I may simply not renew it. From nobody at devnull.spamcop.net Wed Feb 25 13:59:46 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 25 14:00:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Farelf" wrote in message news:go292h$bkh$1@news.spamcop.net... > Bar0 wrote: >> >> "Blue Rock" wrote in message >> news:go1ecu$6bs$1@news.spamcop.net... >> ..... >>> >>> So, do you think I should try to remove myself from the list, or remove >>> my email address from the site? >> >> That depends on your objectives. >> >> If you find reporting the mainsleaze spammers odious and fruitless, try >> to get yourself removed from the list. >> > ... > > I have a 'marketing' company spamming me regularly for six months, > evidently fairly mainstream and sending to an address that had not been > given to them by me (in fact hasn't been used for any outgoing since > Nov/Dec 2005 though may have been quoted in some sign-up after that date). > But I report them. They have never once responded to me about any of the > many reports I have made. (They also have an 'do not reply' sending > address and a gmail return address which I don't like). That is why I always create a unique email alias address when signing up on any site. If I start getting email to that address from someone else, I can find the site I originally used the address on, read their policies, and decide whether there is a valid business reason for this other person or company to be emailing me on that address. If in doubt, I contact the original company (where I signed up) and ask them. From MikeE at ster.invalid Wed Feb 25 14:11:28 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 25 14:15:09 2009 Subject: [Scspamcop] Re: ping Mike Easter re xover References: Message-ID: Twayne wrote: > I assume "XOVER" must be a part of the comms protocol; I'm completely > unfamiliar with it and barely familiar with helo etc.. nntp has an overview, and typically the newsserver admin configures it thusly: Subject: From: Date: Message-ID: References: Bytes: Lines: So, thus a bot can go to a newsserver and download a zillion overviews and very very efficiently harvest a lot of From. Notice that there is no Reply-To in that overview above. Thus the bot doesn't have to download all of the header or any of the body to get the From. > You indicated I was incorrect, apparently re my statement about it > not being WHERE an address appeared, but that it appears at all. Your > first paragraph is what I was talking about. If an "@" appears, > scrapers can grab an address rather readily, regardless of where it > appears, as long as it appears. Typically the bots which harvest from 'everywhere' have the luxury of time -- such as infecting a user's system and harvesting every @ with appropriate associated string which can be found on the infected's system. Then they send that list they make back to their bot meister. > IMO that's the most popular method of thieving addresses with > newsgroup spiders/crawlers/bots/, whatever. Right? Or wrong? Another address scraper are the ones which run all over the internet harvesting @ related strings from webpages. > Therefore, it doesn't matter where it appears, it is likely to be > scraped. No. I wouldn't say that. I would say the number one place to scrape is an accessible webpage. I would say that another very very popular place to scrape is from XOVER From/s. Then another place is from an infected's anywhere. So, I wouldn't be so very hesitant to put a good address in the Reply-To of a news message, because it wouldn't be accessible to XOVER scrapers and it wouldn't be appearing on a webpage. But its vulnerability would be that it - the message - could get onto someone's system which someone was/became infected and so my Reply-To could be harvested. But the likelihood of that is much much much less than if the addy appeared naked on a website or in a usenet From. > Perhaps not as popular these days as in the past, but a lot of > it still goes on. So a form of protection is to NOT include one's > address anywhere in the post's contents whether it be headers or body, > etc., which are meaningless to many bots. One of my points is that I think that people are overly concerned about exposure of a naked addy in the body of a message or the reply-to. They should be most concerned about the From and about it getting onto a website. Sometimes the problem with the body exposure is that sites scrape messages from usenet and may publish the content without mungeing. Then a web bot scrapes 'indirectly' from a news message body, whereas the XOVER bot didn't do that. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Feb 25 14:12:13 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Feb 25 14:15:10 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Twayne" wrote in message > news:go26gm$4ol$1@news.spamcop.net... >> Blue Rock wrote: >>> "Twayne" wrote in message >>> news:gnvipb$oag$1@news.spamcop.net... >>>> Blue Rock wrote: >>>>> "Ellen" wrote in message >>>>> news:gnv9d7$30i$1@news.spamcop.net... >>>>>> Blue Rock wrote: >>>>>>> Several months ago, I decided to sign my business up on the >>>>>>> governemnt's Central Contractor Registration (CCR) web site >>>>>>> (ccr.gov). At that time, it was possible that I might be >>>>>>> getting some government contractor work. At the time I signed >>>>>>> up, I received a warning that emailing marketers may use the >>>>>>> email address used to sign up to send me marketing information, >>>>>>> but I did not find any statement that I was agreeing to receive >>>>>>> such marketing information as a condition of signing up on the >>>>>>> government site. >>>> ... >>>> >>> dismissal of any of the snipped information; snippage is for >>>> relevance to my comments only: >> ... >>> >>> If spammers send email to me, I report them to SPAMCOP. Hopefully >>> that hurts the spammers, if they get listed. I have set my email up >>> so that the whole process can be done in minutes, so it doesn't >>> matter that much to me. ... > In response, you and Ellen have further reviewed the policies stated > on the CCR website, which has been helpful. > > My OP asked three questions: Keeping in mind that I am but a simple user, let's take care of all 3 questions with the short form answers first: > > 1) Am I correct to be reporting these guys? Yes. If it were me I would be reporting them, based on what I know of the situation. There are always gray areas so only you can really answer that, but you seem on target to me. > > 2) Why are they not showing up on more block lists (including the > SCBL)? Just a guess, but the .gov TLD might keep some from messing with it. Pure criminals are also very paranoid and though dumb, not stupid. There are too many possible reasons to list but a few are: -- They aren't appearing on the scbl simply because the user-base connected to CCR and that type of spam simply don't exist in strong enough numbers to trip the meters for a listing. Are these targeted spams, or are they penis, breast loan, pharmacy, etc. as is the standard "junk" these days? If they're targeted to CCR type stuff, then the reporting rate would be lower too I'd expect because most probably have the same questions you do if they even question it at all. -- Those spammed are not reporters and JHD (Just Hit Delete); their major concerns are elsewhere. -- It can depend on where you choose to check the blacklists. Some places are more accurate than others, some places will check tens of re-sources at once, etc.. -- It's just not enough spam to be hitting many recipients that do report spam. Many people have no idea what to do and with ISPs coming up with these "send me your uncaught spam" addresses like Verizon has, they're only being reported to that one ISP and not to other block/blacklists. I don't use my ISPs uncaught spam link because I don't think it's any kind of answer to the problem as I see it. Ymmv and others too of course. -- It's not perfectly straight forward to crawl and all spammers are lazy; a different process for just one place isn't to their liking when there are so many other resources out there. And so on. I'm a closet Sociologist myself, but ... the spammer culture is both simple and extremely complex all at the same time IMO. In total, it's a very tiny number of people who take the time and effort to report spams here and/or elsewhere. > > 3) Is there anything else I should do to put pressure on them > (Datapipe/Magnetmail) to change their ways? Strictly my own opinion and off the top of my head: -- Educate them. -- Copy them on all spams, including the sourcecodes of the spam. Show them what's going on and tell them you don't like it. -- Learn more about spam and reporting, and eventually take it to more powerful orgranizations of a more permanent listing nature than spamcop and create strong manual LARTs for them. By nature, spamcop if a gentler, kinder sort of list and it's useful as a forewarning of problems to come, but other listkeepers are nowhere near so forgiving and make people jump through a lot more hoops to get off those lists. Every list they appear on makes their range of communications a tad smaller than it was before. In the extreme they can eventually find themselves all alone in the universe. Seldom happens of course, but logic says ... -- Figure out who the Powers That Be are in CCR and communicate directly to them. Be polite but very firm in your requests and comments. You want them on your side, not an adversary. -- Keep an eye out for ways to spread the word and pressure them for changes. But do not libel. I know, that's a lot of vague talk but baby steps; tackle one, get a good grasp, move to the next one, etc.. I'm sure a few will be along with some much more specific hints and references. > > Most of this "branch" of the thread has been dedicated to answering > question number 1. So far, the answer seems to be: > > When a person signs up for the CCR site, they *may* be agreeing to > receive this marketing material, but nobody can find the written > statement that would inform the user of this policy. Based on this, > it is OK to report them, until someone presents such evidence. Agreed. Within reason, if it's spam to you, then it is spam and is reportable. > > Mike Easter discussed the second question in his branch of the thead. > His reply, paraphrasing: > > An email server gets a "reputation" that is based on the ratio of > goodmail to spam coming from that server. A server with a good > reputation is harder get listed in the SCBL, and will more quickly be > removed from the SCBL. [Note that I may be misinterpreting his reply, > but if that fact is true, it seems to me that if an ISP gets large > enough, they can support spammers provided they keep the ratio of > spam to goodmail below a certain level, without worrying about a > SPAMCOP listing.] ... > > Please don't think that this has not been a useful discussion. You > did not mis-understand me, and your answers have been right on > target. And, thank-you very much for your help! I don't know about "right on target" in my case, but ... I try. Your efforts have initiated an interesting and useful set of threads. I like these kinds of discussions and especially when they are originated by an actual calm, well intended person and a purposed person. Cheers, Twayne From nobody at devnull.spamcop.net Wed Feb 25 14:12:53 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Wed Feb 25 14:15:10 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Antispam Knight" wrote in message news:go2mfp$flp$1@news.spamcop.net... > > > "Blue Rock" wrote in message > news:go1d08$2s1$1@news.spamcop.net... >> >> "Twayne" wrote in message >> news:gnvipb$oag$1@news.spamcop.net... >>> Blue Rock wrote: >>>> "Ellen" wrote in message >>>> news:gnv9d7$30i$1@news.spamcop.net... >>>>> Blue Rock wrote: >>>>>> Several months ago, I decided to sign my business up on the >>>>>> governemnt's Central Contractor Registration (CCR) web site >>>>>> (ccr.gov). At that time, it was possible that I might be getting >>>>>> some government contractor work. At the time I signed up, I >>>>>> received a warning that emailing marketers may use the email >>>>>> address used to sign up to send me marketing information, but I did >>>>>> not find any statement that I was agreeing to receive such >>>>>> marketing information as a condition of signing up on the >>>>>> government site. >>>>> >>> >>> ... >>> >>> >> any of the snipped information; snippage is for relevance to my comments >>> only: >>> >>>> >>>> Many web publishers issue similar warnings - that if you place an >>>> email address on a web-site published by them, it will be publicly >>>> accessible, and used to advertise to you. These are warnings that >>>> your address may be harvested, and used for spam, not an agreement >>>> with the publisher of the site. So, does that mean that I should not >>>> report any spam received at an address that has been placed on any >>>> public web site? >>>> Finally, I signed up on a government site. Any agreement that I made >>>> (tacit or otherwise) is with the US Government. Magnetmail, and the >>>> other companies sending me marketing materials are not part of the US >>>> Government. They (or their customers, who are also not the US >>>> government) harvested my email address from the government web site, >>>> and are using it to send me materials advertising their products or >>>> services. How are they any different from the guy who harvested my >>>> address from the government web site, and sent me an advertisement >>>> for pills, or for a watch, or for a low-interest loan? >>> >>> >>> This was an interesting thread. In past lives I have had many dealings >>> with gvt critters & their holes, I mean, offices and rules & regs, and >>> this just wasn't jiving right. >>> >>> Unfortunately, it would appear that you did unwittingly requiest some of >>> that spam. >>> Please read the excerpt below I found when briefly searching their FAQs: >>> http://www.ccr.gov/faq.aspx#needtoknow >>> ------------------- >>> Q: Is my company going to be included in any marketing lists? >>> >>> A: Certain CCR information, like phone numbers, is available through the >>> Freedom of Information Act (FOIA). *Email addresses are never made >>> available publicly* through CCR. >>> In D&B, users have the option of being included in D&B's marketing >>> campaign. If you choose not to be included in this marketing list, >>> please *request to be removed* from D&B's marketing file by calling >>> 866-705-5711. *D&B does not publish email addresses.* >>> If you are a small business and part of the Dynamic Small Business >>> Search (DSBS), your business contact information, including email >>> addresses, *may be available. *You can *request to have your email >>> address removed* by sending an email to DSBShelpdesk@basetech.com. >>> For Equifax (formerly known as Austin Tetra), users who no longer wish >>> to receive promotional materials from Equifax or its affiliates and >>> partners may opt out of receiving marketing communications by replying >>> with "unsubscribe" in the subject line of the email or by sending an >>> email to clientsvc@austintetra.com. >>> ----------------- >>> Like it says, CCR makes NO email addresses publicly availble. But then >>> they add a lot of shit to that, which seems to nullify the claim >>> entirely. >>> >> >> What that FAQ means, is that during the process of registering on the CCR >> site, you may have to deal with one or more other sites. Two of those >> other sites (D&B and Equifax) are businesses that may want to send you >> marketing information of their own. The third (DSBS) is another >> government site which may publicly display your email address. >> >> EVERYONE registering on CCR must obtain a D&B number, which means they >> must also register on D&B's site. I did so, but I opted out of receiving >> their marketing information. I also used a different email address, and >> that email address is not receiving anything. None of the spam I am >> receiving comes from D&B anyway. >> >> Some people wanting to do business with the government may have to get a >> credit rating, so they might have to deal with Equifax. That did not >> apply to me, so I did not even go to their site. None of the spam I am >> receiving comes from Equifax anyway. >> >> My email address was publicly displayed in the governemnt DSBS. This >> happens automatically if you indicate you are a small business, during >> the registration. This is the only place where the address shows up >> publicly, and it is where the spammers are harvesting my email address. >> >> NOTHING in the FAQ states that you are agreeing to receive such marketing >> information, (except that which would come from D&B or Equifax). I have >> signed up for plenty of sites (credit cards, banks, on-line stores, etc.) >> that make it very clear how they will use your email address, whether or >> not they send you marketing materials, and how to opt-out if you don't >> want them. This FAQ is nothing like that. NOTHING in the CCR privacy >> policy states that you are agreeing to receive such marketing >> information, either. >> >> So, I disagree that I have tacitly agreed to receive spam. >> >>> Based on this Q/A and a couple others of similar content, it looks to me >>> like you need to make a few phone calls to get off those lists, wherever >>> your mail addy is being listed. IMO you are the victim of having had to >>> do a lot of reading in the right places to know what you should have >>> known. Typical unfortunately of our bass turd gummint critters, and >>> thoroughly disgusting. >>> >> >> Since I am not receiving marketing materials from Equifax or D&B, calling >> or writing either of them will do nothing. D&B had a box to check to NOT >> receive their marketing info when I signed up, and so far they have >> honored that request. >> >> Although I agree that I could contact DSBS, and have them remove my email >> address, I don't think that is necessary. The spammers have already >> harvested the address anyway, and I would like to provide some means for >> a potental customer to contact me. >> >>> While it makes sense there HAS to be a method of contact, it does NOT >>> appear that it's anything that's intended to be in the clear and that >>> would be so easily harvested by spammers, especially considering the >>> sensitive personal nature of some of the information they collect! As >>> sort of an aside here, I would be forced to allow my paranoia to rise >>> high enough to worry about the exposure of my ss number and some other >>> identity-theft information, and seek strong evidence that was was NOT >>> possible to do! My short ftp stint led me to a few pages of what I >>> think were embedded ssn's next to full names but I'm not certain that's >>> what it was/is. The number format was right though, and every single >>> one of them passed my ssn program for probably being legitimate ssns. >>> >> >> I am not sure what ftp site you looked at. I never had to enter my SSN. >> I probably had to enter my company's TID, but that is probably available >> someplace anyway. >> >>> If the site can be believed, sensitive data should ONLY be able to be >>> accessed via fairly closely guarded accounts and bots wouldn't be >>> crawling those very easily so the sources of the spam are probably as >>> referenced in that FAQ entry above. >>> >> >> You can very easily search either the CCR site, or the DSBS site. I see >> absolutely no reason why a bot could not do so. If you look up my >> company "Blue Rock Systems", you will find that the CCR site does not >> list any email address, but the DSBS site does. None of the other >> information displayed on either of these searches is "sensitive". >> >>> If it were me I think I'd get on the horn and start asking some deep >>> questions in a firm and mehodical manner, keeping FOIA in mind if they >>> gave you trouble. >>> You are alleging somethign that is very disturbing to be happening at an >>> actual .gov web site. I would be very interested in hearing what >>> transpires for you in your endeavors to get you address hidden. >>> Actually, you should probably use their panel to change the email addy >>> you use and simply retire the current one since it sounds like it's >>> probably on a lot of lists already. IMO what's going on is totally >>> unacceptable of any gvt agency/office/person/critter/whatever. >>> >> >> When I started receiving hard-core spam at that email address, less than >> a week after I registered, I contacted the CCR, using the contact form on >> their web site. I received absolutely no reply. >> >> I decided not to pursue it any further. The email address is publicly >> displayed. It is easy for spammers to find. There is nothing the >> government can really do about that. >> >> If spammers send email to me, I report them to SPAMCOP. Hopefully that >> hurts the spammers, if they get listed. I have set my email up so that >> the whole process can be done in minutes, so it doesn't matter that much >> to me. >> > Interesting discussion. I too have signed up on CCR, a couple of years > ago. I too, created a unique email addy for CCR. > Over the period hence, I can count on one hand the number of spams I have > received through that email addy. After the second spam, a few months > back, I whitelisted the apprpriate TLD's, and haven't seen a spam since. > Now, anybody from any of the agencies with which I deal, can email me, but > others get rejected at SMTP time. Works for me--ymmv. I don't think I > reported those spams I received. They were straight up. > AK The quantity of hard-core spam I have recieved on the address is very low. I would have to go back and check, but I think I could also count it on one hand. But, the amount of CANSPAM-compliant spam I get, from US companies and organizations advertising small business services, mostly sent through Magnetmail, is comparatively high, amounting to 3 or 4 a day. When you registered on CCR, did you also get listed on the Dynamic Small Business Search? Is your email address publicly displayed on that site? (You can check by searching at: http://dsbs.sba.gov/dsbs/search/dsp_dsbs.cfm). I am lsited there, and I am pretty certain this is how these spammers have gotten my email address. If you search on the CCR site directly, they do not list any email addresses there. From nobody at devnull.spamcop.net Wed Feb 25 14:41:34 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Feb 25 14:45:07 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: Blue Rock wrote: > "Twayne" wrote in message > news:go2977$cku$1@news.spamcop.net... >> Blue Rock wrote: >>> My understanding is that anyone wishing to do business with the >>> government must register on that site. If this is some sort of >>> scam, I would really like to know! >> >> >> >> Howver, I would like to point out that >> " >>> anyone wishing to do business with the >>> government must register on that site. >> " >> isn't actually true, but suffice to say there are several paths >> rather than argue the point. I used to be aware of several of them >> when I was working with the SBA and FTC but I'd be hard pressed to >> find them again at this late date. > > (from http://www.ccr.gov/faq.aspx#who) > --- > Q: Who is required to register in CCR? > A: Since October 1, 2003, it is federally mandated that any > organization wishing to do business with the federal government under > a FAR-based contract must be registered in CCR before being awarded a > contract. You can find more information on CCR and the registration > process in our User's Guide. > > Q: What do I need to know about registering in CCR?? > A: Anyone (sole proprietors, corporations, partnerships and > governmental organizations) desiring to do business with the federal > government must register in CCR. However, CCR registration is not > required for individuals seeking grants. > --- > > FAR is "Federal Acquistion Regulations". > > More than one person has told me this is true, including a purchasing > agent for a company I work with, who has done Federal work. > > I also don't want to disagree, or have an argument, and I am > certainly no expert. But these statements seem pretty clear, and > simply obvious. No problem and no worry; your experiences are certainly more current than mine and I'd be pretty dumb to dispute some of those refrences. Based on how long that's been around, I have to wonder if we didn't "sign up" via links and references and may not have, at that time, been fully aware of who/what we were doing where. As you likely well know, there's no end to acronyms in gvt "stuff". Ain't nostalgia fun to remember? lol > > But, in the spirit of my comment in another thread, "pretty clear" and > "simply obvious" probably don't apply to the US Government! Boy, you got that right! Twayne From nobody at devnull.spamcop.net Wed Feb 25 14:59:59 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Feb 25 15:00:09 2009 Subject: [Scspamcop] Thanks Re: ping Mike Easter re xover References: Message-ID: Mike Easter wrote: > Twayne wrote: > >> I assume "XOVER" must be a part of the comms protocol; I'm completely >> unfamiliar with it and barely familiar with helo etc.. > > nntp has an overview, and typically the newsserver admin configures it > thusly: > > Subject: > From: > Date: > Message-ID: > References: > Bytes: > Lines: > > > Well written Mike, and right on target. Thanks much, Twayne From me at privacy.net Wed Feb 25 17:16:26 2009 From: me at privacy.net (Michael R N Dolbear) Date: Wed Feb 25 17:20:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> Message-ID: <01c99796$40770400$LocalHost@default> RW wrote > Michael R N Dolbear wrote: > > > 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) > > 88.250.73.250 is an open proxy > > "is an open proxy" is a generic term used when an IP is found on the > CBL. An njabl listing will result is "open relay" and the text for a > SORBS listing will vary depending on the response code. > > I suppose CBL listing text could be change to "bot", as most listings on > the CBL are for spam-bots. It is technically an open proxy, though only > accessible by the master controller. Thanks, we live and learn. I expect Wazoo will be along to put that info somewhere or point out where I could have found it. But if a spam source is going to be classified on the basis of CBL I would prefer a "probably" in there and "bot" only for those whose RDNS text or dynamic IP suggests that it is indeed a zombie. -- Mike D -- Mike D From user at domain.invalid Thu Feb 26 01:04:34 2009 From: user at domain.invalid (Farelf) Date: Thu Feb 26 01:05:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: >... > That is why I always create a unique email alias address when signing up on > any site. If I start getting email to that address from someone else, I can > find the site I originally used the address on, read their policies, and > decide whether there is a valid business reason for this other person or > company to be emailing me on that address. If in doubt, I contact the > original company (where I signed up) and ask them. > Good policy, I would (tend to) use similar in future. From nobody at spamcop.net Thu Feb 26 01:10:12 2009 From: nobody at spamcop.net (Antispam Knight) Date: Thu Feb 26 01:15:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Blue Rock" wrote in message news:go457n$pb8$1@news.spamcop.net... > "Antispam Knight" wrote in message > news:go2mfp$flp$1@news.spamcop.net... >> >> >> "Blue Rock" wrote in message >> news:go1d08$2s1$1@news.spamcop.net... >>> >>> "Twayne" wrote in message >>> news:gnvipb$oag$1@news.spamcop.net... >>>> Blue Rock wrote: >>>>> "Ellen" wrote in message >>>>> news:gnv9d7$30i$1@news.spamcop.net... >>>>>> Blue Rock wrote: >>>>>>> Several months ago, I decided to sign my business up on the >>>>>>> governemnt's Central Contractor Registration (CCR) web site >>>>>>> (ccr.gov). At that time, it was possible that I might be getting >>>>>>> some government contractor work. At the time I signed up, I >>>>>>> received a warning that emailing marketers may use the email >>>>>>> address used to sign up to send me marketing information, but I did >>>>>>> not find any statement that I was agreeing to receive such >>>>>>> marketing information as a condition of signing up on the >>>>>>> government site. >>>>>> >>>> >>>> ... >>>> >>>> >>> of any of the snipped information; snippage is for relevance to my >>>> comments only: >>>> >>>>> >>>>> Many web publishers issue similar warnings - that if you place an >>>>> email address on a web-site published by them, it will be publicly >>>>> accessible, and used to advertise to you. These are warnings that >>>>> your address may be harvested, and used for spam, not an agreement >>>>> with the publisher of the site. So, does that mean that I should not >>>>> report any spam received at an address that has been placed on any >>>>> public web site? >>>>> Finally, I signed up on a government site. Any agreement that I made >>>>> (tacit or otherwise) is with the US Government. Magnetmail, and the >>>>> other companies sending me marketing materials are not part of the US >>>>> Government. They (or their customers, who are also not the US >>>>> government) harvested my email address from the government web site, >>>>> and are using it to send me materials advertising their products or >>>>> services. How are they any different from the guy who harvested my >>>>> address from the government web site, and sent me an advertisement >>>>> for pills, or for a watch, or for a low-interest loan? >>>> >>>> >>>> This was an interesting thread. In past lives I have had many dealings >>>> with gvt critters & their holes, I mean, offices and rules & regs, and >>>> this just wasn't jiving right. >>>> >>>> Unfortunately, it would appear that you did unwittingly requiest some >>>> of that spam. >>>> Please read the excerpt below I found when briefly searching their >>>> FAQs: >>>> http://www.ccr.gov/faq.aspx#needtoknow >>>> ------------------- >>>> Q: Is my company going to be included in any marketing lists? >>>> >>>> A: Certain CCR information, like phone numbers, is available through >>>> the Freedom of Information Act (FOIA). *Email addresses are never made >>>> available publicly* through CCR. >>>> In D&B, users have the option of being included in D&B's marketing >>>> campaign. If you choose not to be included in this marketing list, >>>> please *request to be removed* from D&B's marketing file by calling >>>> 866-705-5711. *D&B does not publish email addresses.* >>>> If you are a small business and part of the Dynamic Small Business >>>> Search (DSBS), your business contact information, including email >>>> addresses, *may be available. *You can *request to have your email >>>> address removed* by sending an email to DSBShelpdesk@basetech.com. >>>> For Equifax (formerly known as Austin Tetra), users who no longer wish >>>> to receive promotional materials from Equifax or its affiliates and >>>> partners may opt out of receiving marketing communications by replying >>>> with "unsubscribe" in the subject line of the email or by sending an >>>> email to clientsvc@austintetra.com. >>>> ----------------- >>>> Like it says, CCR makes NO email addresses publicly availble. But then >>>> they add a lot of shit to that, which seems to nullify the claim >>>> entirely. >>>> >>> >>> What that FAQ means, is that during the process of registering on the >>> CCR site, you may have to deal with one or more other sites. Two of >>> those other sites (D&B and Equifax) are businesses that may want to send >>> you marketing information of their own. The third (DSBS) is another >>> government site which may publicly display your email address. >>> >>> EVERYONE registering on CCR must obtain a D&B number, which means they >>> must also register on D&B's site. I did so, but I opted out of >>> receiving their marketing information. I also used a different email >>> address, and that email address is not receiving anything. None of the >>> spam I am receiving comes from D&B anyway. >>> >>> Some people wanting to do business with the government may have to get a >>> credit rating, so they might have to deal with Equifax. That did not >>> apply to me, so I did not even go to their site. None of the spam I am >>> receiving comes from Equifax anyway. >>> >>> My email address was publicly displayed in the governemnt DSBS. This >>> happens automatically if you indicate you are a small business, during >>> the registration. This is the only place where the address shows up >>> publicly, and it is where the spammers are harvesting my email address. >>> >>> NOTHING in the FAQ states that you are agreeing to receive such >>> marketing information, (except that which would come from D&B or >>> Equifax). I have signed up for plenty of sites (credit cards, banks, >>> on-line stores, etc.) that make it very clear how they will use your >>> email address, whether or not they send you marketing materials, and how >>> to opt-out if you don't want them. This FAQ is nothing like that. >>> NOTHING in the CCR privacy policy states that you are agreeing to >>> receive such marketing information, either. >>> >>> So, I disagree that I have tacitly agreed to receive spam. >>> >>>> Based on this Q/A and a couple others of similar content, it looks to >>>> me like you need to make a few phone calls to get off those lists, >>>> wherever your mail addy is being listed. IMO you are the victim of >>>> having had to do a lot of reading in the right places to know what you >>>> should have known. Typical unfortunately of our bass turd gummint >>>> critters, and thoroughly disgusting. >>>> >>> >>> Since I am not receiving marketing materials from Equifax or D&B, >>> calling or writing either of them will do nothing. D&B had a box to >>> check to NOT receive their marketing info when I signed up, and so far >>> they have honored that request. >>> >>> Although I agree that I could contact DSBS, and have them remove my >>> email address, I don't think that is necessary. The spammers have >>> already harvested the address anyway, and I would like to provide some >>> means for a potental customer to contact me. >>> >>>> While it makes sense there HAS to be a method of contact, it does NOT >>>> appear that it's anything that's intended to be in the clear and that >>>> would be so easily harvested by spammers, especially considering the >>>> sensitive personal nature of some of the information they collect! As >>>> sort of an aside here, I would be forced to allow my paranoia to rise >>>> high enough to worry about the exposure of my ss number and some other >>>> identity-theft information, and seek strong evidence that was was NOT >>>> possible to do! My short ftp stint led me to a few pages of what I >>>> think were embedded ssn's next to full names but I'm not certain that's >>>> what it was/is. The number format was right though, and every single >>>> one of them passed my ssn program for probably being legitimate ssns. >>>> >>> >>> I am not sure what ftp site you looked at. I never had to enter my SSN. >>> I probably had to enter my company's TID, but that is probably available >>> someplace anyway. >>> >>>> If the site can be believed, sensitive data should ONLY be able to be >>>> accessed via fairly closely guarded accounts and bots wouldn't be >>>> crawling those very easily so the sources of the spam are probably as >>>> referenced in that FAQ entry above. >>>> >>> >>> You can very easily search either the CCR site, or the DSBS site. I see >>> absolutely no reason why a bot could not do so. If you look up my >>> company "Blue Rock Systems", you will find that the CCR site does not >>> list any email address, but the DSBS site does. None of the other >>> information displayed on either of these searches is "sensitive". >>> >>>> If it were me I think I'd get on the horn and start asking some deep >>>> questions in a firm and mehodical manner, keeping FOIA in mind if they >>>> gave you trouble. >>>> You are alleging somethign that is very disturbing to be happening at >>>> an actual .gov web site. I would be very interested in hearing what >>>> transpires for you in your endeavors to get you address hidden. >>>> Actually, you should probably use their panel to change the email addy >>>> you use and simply retire the current one since it sounds like it's >>>> probably on a lot of lists already. IMO what's going on is totally >>>> unacceptable of any gvt agency/office/person/critter/whatever. >>>> >>> >>> When I started receiving hard-core spam at that email address, less than >>> a week after I registered, I contacted the CCR, using the contact form >>> on their web site. I received absolutely no reply. >>> >>> I decided not to pursue it any further. The email address is publicly >>> displayed. It is easy for spammers to find. There is nothing the >>> government can really do about that. >>> >>> If spammers send email to me, I report them to SPAMCOP. Hopefully that >>> hurts the spammers, if they get listed. I have set my email up so that >>> the whole process can be done in minutes, so it doesn't matter that much >>> to me. >>> >> Interesting discussion. I too have signed up on CCR, a couple of years >> ago. I too, created a unique email addy for CCR. >> Over the period hence, I can count on one hand the number of spams I have >> received through that email addy. After the second spam, a few months >> back, I whitelisted the apprpriate TLD's, and haven't seen a spam since. >> Now, anybody from any of the agencies with which I deal, can email me, >> but others get rejected at SMTP time. Works for me--ymmv. I don't think I >> reported those spams I received. They were straight up. >> AK > > The quantity of hard-core spam I have recieved on the address is very low. > I would have to go back and check, but I think I could also count it on > one hand. > > But, the amount of CANSPAM-compliant spam I get, from US companies and > organizations advertising small business services, mostly sent through > Magnetmail, is comparatively high, amounting to 3 or 4 a day. > > When you registered on CCR, did you also get listed on the Dynamic Small > Business Search? Is your email address publicly displayed on that site? > (You can check by searching at: > http://dsbs.sba.gov/dsbs/search/dsp_dsbs.cfm). I am lsited there, and I > am pretty certain this is how these spammers have gotten my email address. > If you search on the CCR site directly, they do not list any email > addresses there. > > We are not listed on the search site. Did you do something special (like opt-in) to get on the search site? AK From g.hyde at bigNOSPAMpond.net.au Thu Feb 26 01:15:05 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Thu Feb 26 01:20:08 2009 Subject: [Scspamcop] Warning messages have no effect outside of the US. Message-ID: http://www.spamcop.net/sc?id=z2651097704z7cc03cb3c6f127999bea5d4191f7b92ez Apparently this spammer "thinks" it's a good idea - thinking being a relative term here - to add in some piece of information saying that it's "canspam" legal. Well, since the spammer just hit someone outside of the US, that law no longer applies, Australia has vastly different laws to the US. These spammers should be held accountable for faulty mailings, whether they're based in the US or some other place is irrelevant. Cheers ... Geoffrey Hyde From bakesph at comcast.net Thu Feb 26 03:36:02 2009 From: bakesph at comcast.net (Steve Baker) Date: Thu Feb 26 03:40:08 2009 Subject: [Scspamcop] Re: ping Mike Easter re xover References: Message-ID: On Wed, 25 Feb 2009 11:11:28 -0800, "Mike Easter" wrote: >> I assume "XOVER" must be a part of the comms protocol; I'm completely >> unfamiliar with it and barely familiar with helo etc.. > >nntp has an overview, and typically the newsserver admin configures it >thusly: > >Subject: >From: >Date: >Message-ID: >References: >Bytes: >Lines: > >So, thus a bot can go to a newsserver and download a zillion overviews and >very very efficiently harvest a lot of From. Notice that there is no >Reply-To in that overview above. > >Thus the bot doesn't have to download all of the header or any of the body >to get the From. I'd guess that XHDR is more commonly used for harvesting, though; you get only the specified header line. Unless maybe XHDR might be too slow? Or maybe NNTP servers might be on the lookout for excessive XHDR commands whereas XOVER is used by everyone? Any insight? -- Steve Baker From bakesph at comcast.net Thu Feb 26 03:58:25 2009 From: bakesph at comcast.net (Steve Baker) Date: Thu Feb 26 04:00:07 2009 Subject: [Scspamcop] Re: Warning messages have no effect outside of the US. References: Message-ID: On Thu, 26 Feb 2009 16:15:05 +1000, "Geoffrey Hyde" wrote: >http://www.spamcop.net/sc?id=z2651097704z7cc03cb3c6f127999bea5d4191f7b92ez > >Apparently this spammer "thinks" it's a good idea - thinking being a >relative term here - to add in some piece of information saying that it's >"canspam" legal. Well, since the spammer just hit someone outside of the >US, that law no longer applies, Australia has vastly different laws to the >US. > >These spammers should be held accountable for faulty mailings, whether >they're based in the US or some other place is irrelevant. That's all just spammer BS, anyway. They mention "Bill HR 1910 passed by the 106th US Congress", which was passed by the House, but wasn't passed by the Senate, and so never became law; it *wasn't* "passed by the 106th US Congress". And they're not CAN-SPAM (the US law passed in 2003) compliant, either. Rule #1) Spammers lie. Rule #2) If a spammer appears to be telling the truth, see Rule #1. -- Steve Baker From bcs1 at spamcop.net Thu Feb 26 15:24:26 2009 From: bcs1 at spamcop.net (Bill) Date: Thu Feb 26 15:25:07 2009 Subject: [Scspamcop] yet again SC tries to hit on my server as the source Message-ID: I originally posted this in the other forum, but decided to cancel that one and post it here. http://www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z and what's weird is that the first time it parsed it, it shows this Possible relay: 69.147.228.100 69.147.228.100 has already been sent to relay testers Received line accepted 189.30.225.95 discarded as a forgery, using 69.147.228.100 Tracking message source: 69.147.228.100: Display data: "whois 69.147.228.100@whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse@nobistech.net 69.147.224.0 - 69.147.255.255:abuse@nobistech.net No reporting addresses found for 69.147.228.100, using devnull for tracking. and further: Report Spam to: Re: 69.147.228.100 (Administrator of network where email originates) To: nomaster@devnull.spamcop.net (Notes) then when i open it in a new window, it finds the reporting address and all, but still for my host. Thanks Bill From g.hyde at bigNOSPAMpond.net.au Thu Feb 26 17:49:46 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Thu Feb 26 17:50:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Bill" wrote in message news:go6tpr$8oi$1@news.spamcop.net... >I originally posted this in the other forum, but decided to cancel that one >and post it here. > > > http://www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z > > and what's weird is that the first time it parsed it, it shows this Presumably what SpamCop is choking on is all of those * prefixed lines. It doesn't know how to handle an * prefixed line so it simply stops reading from the bottom up and names your host as source. That is an awfully non-compliant method of listing spam database information, your host should really be putting it in as X-header information or omitting it from the Received: headers entirely. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Thu Feb 26 19:11:45 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 26 19:15:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z Those headers are noncompliant as a result of being mangled by something. It is a wonder that SC is able to handle what looks like a continuation of one of the Received tracelines with a sequence of 22 lines which have a leading whitespace followed by * as one example.... * 0.0 FB_GVR BODY: Looks like generic viagra But somehow the parser makes it thru' many lines of that to get to the next line. The results I am seeing are different from what you pasted. What I see shows SC getting it right and finding the .br openproxy source. If reported today, reports would be sent to: Re: 189.30.225.95 (Administrator of IP block - statistics only) 189.30.225.95 = 189-30-225-95.paemt701.dsl.brasiltelecom.net.br 189.30.225.95 listed in cbl.abuseat.org -- Mike Easter kibitzer, not SC admin From g.hyde at bigNOSPAMpond.net.au Thu Feb 26 19:54:30 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Thu Feb 26 20:00:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:go7b3p$1qo$1@news.spamcop.net... > Bill wrote: > > www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z > > Those headers are noncompliant as a result of being mangled by something. > > It is a wonder that SC is able to handle what looks like a continuation of > one of the Received tracelines with a sequence of 22 lines which have a > leading whitespace followed by * as one example.... > > * 0.0 FB_GVR BODY: Looks like generic viagra > > But somehow the parser makes it thru' many lines of that to get to the > next line. I wonder if Ellen or someone at SpamCop is tweaking the parser to handle such cases like these mangled Received: lines? The link now comes up here as being too old to file a SpamCop report but successfully parses through a very long line consisting of all those asterisked lines to the line above it. However, it does not successfully chain to the next Received: line. Big difference between chaining and parsing. If JT or someone at SpamCop has the new version of SpamCop up and ready to go, I would hope that they've put in some sort of filtration adjustment for garbage lines inserted into the headers before they let it loose. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Thu Feb 26 20:11:19 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 26 20:15:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> But somehow the parser makes it thru' many lines of that to get to the >> next line. > However, it does not > successfully chain to the next Received: line. Big difference between > chaining and parsing. The parser chains the tracelines all the way to the bottommost which is where the sourceline is. 189.30.225.95 sources with a bogus bcs helo to the bcs-bcs server. There's a SC SA line for the total of 17 which is about what all of those spurious * lines add up to; so I'm wondering if the SC server is what stamped the 'bad' lines. They are sitting right underneath the first cesmail server's line. I seem to recall some other previous SC bug in which it appeared that SC was tripping and mangling the headerlines near the bottom of the headers. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Feb 27 00:46:00 2009 From: nobody at spamcop.net (RW) Date: Fri Feb 27 00:50:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source In-Reply-To: References: Message-ID: Bill wrote: > I originally posted this in the other forum, but decided to cancel that one > and post it here. > > > http://www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z > > and what's weird is that the first time it parsed it, it shows this > > > > Possible relay: 69.147.228.100 > 69.147.228.100 has already been sent to relay testers > Received line accepted > > 189.30.225.95 discarded as a forgery, using 69.147.228.100 > Tracking message source: 69.147.228.100: > Display data: > "whois 69.147.228.100@whois.arin.net" (Getting contact from whois.arin.net ) > Found AbuseEmail in whois abuse@nobistech.net > 69.147.224.0 - 69.147.255.255:abuse@nobistech.net > > No reporting addresses found for 69.147.228.100, using devnull for tracking. > > and further: > Report Spam to: > Re: 69.147.228.100 (Administrator of network where email originates) > To: nomaster@devnull.spamcop.net (Notes) > > then when i open it in a new window, it finds the reporting address and all, > but still for my host. > > > Thanks > Bill The hint is here: "189.30.225.95 discarded as a forgery, using 69.147.228.100" Since the parse is now approving the chain test: "Chain test:nebula.bcs-bcs.com =? nebula.bcs-bcs.com nebula.bcs-bcs.com and nebula.bcs-bcs.com have same hostname - chain verified" Since that is absent in what you posted and the parser moved up a line, it tells us there was a dns lookup problem. This is why it is often difficult to diagnose a problem. Unless we see what you saw, we can only hazard a guess. Richard From bcs1 at spamcop.net Fri Feb 27 00:51:19 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 00:55:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:go7b3p$1qo$1@news.spamcop.net... > Bill wrote: > > www.spamcop.net/sc?id=z2647713010zc4a8ee118ec503dd979015581b533cf6z > > Those headers are noncompliant as a result of being mangled by something. > > It is a wonder that SC is able to handle what looks like a continuation of > one of the Received tracelines with a sequence of 22 lines which have a > leading whitespace followed by * as one example.... > > * 0.0 FB_GVR BODY: Looks like generic viagra > > But somehow the parser makes it thru' many lines of that to get to the > next line. > > The results I am seeing are different from what you pasted. What I see > shows SC getting it right and finding the .br openproxy source. > > If reported today, reports would be sent to: > Re: 189.30.225.95 (Administrator of IP block - statistics only) > > 189.30.225.95 = 189-30-225-95.paemt701.dsl.brasiltelecom.net.br > 189.30.225.95 listed in cbl.abuseat.org > > > -- > Mike Easter > kibitzer, not SC admin > yeah, today it looks right... not the other day though, and those headers are coming from the same system that SC pops all my bcs dash bcs dot com mail from... IDK unless the spammers are finding some way to be more "clever" with their stuff. From bcs1 at spamcop.net Fri Feb 27 00:56:25 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 01:00:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "RW" wrote in message news:go7umo$59e$1@news.spamcop.net... > The hint is here: > > "189.30.225.95 discarded as a forgery, using 69.147.228.100" > > Since the parse is now approving the chain test: > > "Chain test:nebula.bcs-bcs.com =? nebula.bcs-bcs.com > nebula.bcs-bcs.com and nebula.bcs-bcs.com have same hostname - chain > verified" > > Since that is absent in what you posted and the parser moved up a line, it > tells us there was a dns lookup problem. > > This is why it is often difficult to diagnose a problem. Unless we see > what you saw, we can only hazard a guess. > > Richard I guess since i got two different responses, and now Mike has shown that SC is parsing a third result, i should have posted the entire thing here at first of the two or saved it to notepad, then you guys could have had something that might have helped a bit more. I just didn't want to have some massive post and break the netiquite... From bcs1 at spamcop.net Fri Feb 27 01:01:31 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 01:05:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Bill" wrote in message news:go7vaa$6i3$1@news.spamcop.net... if i see it again, i'll save it.... From g.hyde at bigNOSPAMpond.net.au Fri Feb 27 02:58:06 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Fri Feb 27 03:00:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Bill" wrote in message news:go7vaa$6i3$1@news.spamcop.net... > I guess since i got two different responses, and now Mike has shown that > SC is parsing a third result, i should have posted the entire thing here > at first of the two or saved it to notepad, then you guys could have had > something that might have helped a bit more. > I just didn't want to have some massive post and break the netiquite... If it's to show a particular problem with a spamitem parsing at a particular point in time, then cutting and pasting the relevant lines(s) from a SpamCop paste is never inappropriate. I'm just another SpamCop user and I have seen large amounts of cut/pasted text from SpamCop parses, DNS lookups, NIC lookups, and other sources, so it doesn't bother me in the slightest. The worst that could happen is I'll skim over your post and goto the next if there's nothing to write a reply for. You're far more likely to get good responses if you post details early on. Cheers ... Geoffrey Hyde From nobody at spamcop.net Thu Feb 26 21:10:49 2009 From: nobody at spamcop.net (Ellen) Date: Fri Feb 27 06:50:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > I wonder if Ellen or someone at SpamCop is tweaking the parser to handle > such cases like these mangled Received: lines? nope -- only engineering does tweeks ... > > The link now comes up here as being too old to file a SpamCop report but > successfully parses through a very long line consisting of all those > asterisked lines to the line above it. However, it does not successfully > chain to the next Received: line. Big difference between chaining and > parsing. Looks to me like it is chaining -- and parsing correctly. Not quite sure what was being seen before and unfortunately it is not recreating :-( And yes those headers are *cough* *cough* interesting ... Ellen From MikeE at ster.invalid Fri Feb 27 08:01:44 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 27 08:05:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > I guess since i got two different responses, and now Mike has shown > that SC is parsing a third result, i should have posted the entire > thing here at first of the two or saved it to notepad, then you guys > could have had something that might have helped a bit more. > I just didn't want to have some massive post and break the netiquite... No. You should have posted (just) the tracker here. If you want to post all of the garbage that belongs to the verbose output of a parse, IMO you can post that over in spamcop.spam It doesn't really 'fit' into a discussion group any more than the spam or its headers. Pasting a 'few' (2-4) lines in here extracted from a parse is one thing, but pasting an entire parse in is the same kind of ugly as spam or spamheaders. -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Fri Feb 27 08:11:30 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 08:15:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:go8o7e$592$1@news.spamcop.net... > > > No. You should have posted (just) the tracker here. > > If you want to post all of the garbage that belongs to the verbose output > of a parse, IMO you can post that over in spamcop.spam > > It doesn't really 'fit' into a discussion group any more than the spam or > its headers. > > Pasting a 'few' (2-4) lines in here extracted from a parse is one thing, > but pasting an entire parse in is the same kind of ugly as spam or > spamheaders. Yeah, that's kinda how i looked at it, but then again, in a case like this where i got 2 diff results, and as you pointed out, now we are getting a 3rd, it might have been helpful if i had saved both of them... in any case, i can always throw a text file up on my server and link to it here rather than spew garbage into the forum... Bill From bcs1 at spamcop.net Fri Feb 27 13:20:48 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 13:25:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:go8o7e$592$1@news.spamcop.net... here's another one of those with a ton of crap in the header.. in case it's useful to anyone. this time the parser seems to leave my server alone aside from acknowledging it, in fact it's wierd that it shows the fetchmail server as the possible relay (if i'm reading it right) http://www.spamcop.net/sc?id=z2655549824zfd83d09a9a6dde0f840521b3e9fac1e2z From me at privacy.net Fri Feb 27 14:00:27 2009 From: me at privacy.net (Michael R N Dolbear) Date: Fri Feb 27 14:05:08 2009 Subject: [Scspamcop] Re: reporting your own ISP References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> Message-ID: <01c9990d$36e6f4e0$LocalHost@default> RW wrote > Michael R N Dolbear wrote: > > > 88.250.73.250 listed in cbl.abuseat.org ( 127.0.0.2 ) > > 88.250.73.250 is an open proxy > > "is an open proxy" is a generic term used when an IP is found on the > CBL. An njabl listing will result is "open relay" and the text for a > SORBS listing will vary depending on the response code. Scanning, I see that that isn't quite what happens. CBL yes, as above but the only njabl listings I get give "open proxy" too. 218.59.29.39 listed in dnsbl.njabl.org ( 127.0.0.9 ) 218.59.29.39 is an open proxy http://www.spamcop.net/sc?id=z2654939419z4044ff9575405b16042a42a26a48b90 bz the only SORBS listing was 220.136.50.42 listed in dnsbl.sorbs.net ( 127.0.0.10 ) which has no associated text. -- Mike D From MikeE at ster.invalid Fri Feb 27 14:09:25 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 27 14:10:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > this time the parser seems to leave my server alone aside from > acknowledging it, in fact it's wierd that it shows the fetchmail server > as the possible relay (if i'm reading it right) In the parser's language, in this context 'relay' simply means a server MTA in the chain. Relay trusted (64.88.168.84) www.spamcop.net/sc?id=z2655549824zfd83d09a9a6dde0f840521b3e9fac1e2z 64.88.168.84 has already been sent to relay testers That is SC saying, "I know this IP" - and I know it to be a server because I've seen it before as part of a chain, that's why I already sent it to the relay testers. If an IP in a chain is new to SC, it might break the chain at an unfamiliar 'relay' MTA; depending upon which of its algorithmic logics it is using. It uses a different logic for your spam parses - generic, not mail-hosted - than it uses for the spamparses for someone who is configured as mailhosted. >From the perspective of a non-mailhosted account, SC has to use logic which is devised for 'all' (generic) spams, whereas if a reporter configures as mailhosted, then SC gets to use logic which is devised for the spams which have headers like those on record for the reporter's mailhosts. That gives the parser a decided 'advantage' in examining/parsing a spam -- much as it gives a regular ol' human parser an advantage to parse headers with which s/he is familiar, as opposed to parsing completely unknown headers. It helps to solve some idiosyncratic puzzles which may be a part of some server's - some MTA's - some 'relay's' - Received traceline stamp. I still think the garbage is fouling the logic of the generic parse, because it seems to me that there is some logic missing right after the junk. This is a generic non-mailhosted (experimental) parse of the same headers without the junk. http://www.spamcop.net/sc?id=z2655631776zf4b7a918b6ee3bd573fb925805aaa68az The source result is the same If reported today, reports would be sent to: Re: 190.82.36.121 (Administrator of network where email originates) ... but the piece of logic where the chaining is restarted based on Checking POP client chain: ... POP hack, restarting chain. ... is present in my experimental model, but it is missing/twisted in your garbaged example. Checking POP client chain: Chain test:host =? 64.88.168.84 Chain test failed That is an invitation for the parser to make a mistake -- which invitation is not a good thing. A SC admin is not going to be happy if you are submitting spams which are being parsed with twisted/suboptimal logic because it makes SC admins unhappy if the parser makes mistakes -- which it did *not* in the examples, but it was 'flirting' with a mistake. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Feb 27 14:40:46 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 27 14:45:07 2009 Subject: [Scspamcop] Re: reporting your own ISP References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> <01c9990d$36e6f4e0$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > RW >> "is an open proxy" is a generic term used when an IP is found on the >> CBL. An njabl listing will result is "open relay" and the text for a > >> SORBS listing will vary depending on the response code. > > Scanning, I see that that isn't quite what happens. > > CBL yes, as above but the only njabl listings I get give "open proxy" > too. > > 218.59.29.39 listed in dnsbl.njabl.org ( 127.0.0.9 ) > 218.59.29.39 is an open proxy > http://www.spamcop.net/sc?id=z2654939419z4044ff9575405b16042a42a26a48b90 > bz > > the only SORBS listing was > 220.136.50.42 listed in dnsbl.sorbs.net ( 127.0.0.10 ) > which has no associated text. I'm not sure exactly which (fine) points are being discussed or debated here, maybe none; and I may be posting some information that all are familiar with already, but I will do it anyway just in case anyone including me is confused. Both njabl and sorbs have a great many blocklists. One of njabl's is open proxy 127.0.0.9, and sorbs 127.0.0.10 just means a dynamic, which inandofitself doesn't make it a spamsource. Some of the details; I'll leave off sorbs verbose description of its blocklists in favor of just the return codes: The NJABL.ORG dnsbl zones are currently available in query mode as a dnsbl format DNS zone and can be copied via rsync. Currently, all entries resolve to one of the following: 127.0.0.2 - open relays 127.0.0.3 - dial-up/dynamic IP ranges. This type is deprecated. We no longer list dial-up/dynamic IP ranges. For that data, we recommend the Spamhaus PBL. 127.0.0.4 - Spam Sources - This will include both commercial spammers as well as some dial-up direct-to-mx spammers and open proxies as it's not always possible to differentiate between these sources. For commercial spammers, once we have spam on file from some of their IPs, we may add their entire IP range if it can be reliably determined. 127.0.0.5 - Multi-stage open relays - Before adding multi-stage open relays to our list, we make an attempt to notify the NIC contacts for their IP space and give them at least one week to fix their systems. This type is deprecated. We no longer list multi-stage open relays. 127.0.0.6 - Passively detected "bad hosts" - These hosts have done things a proper SMTP server should not do. They're very likely to be spam proxies. We can't say much more about this. No supporting evidence is made available for listing these IPs. 127.0.0.8 - Systems with insecure formmail.cgi or similar CGI scripts which turn them into open relays - This includes the output IP when a server with an insecure formmail CGI smarthosts outgoing email through another server or servers. 127.0.0.9 - Open proxy servers http.dnsbl.sorbs.net 127.0.0.2 socks.dnsbl.sorbs.net 127.0.0.3 misc.dnsbl.sorbs.net 127.0.0.4 smtp.dnsbl.sorbs.net 127.0.0.5 new.spam.dnsbl.sorbs.net 127.0.0.6 recent.spam.dnsbl.sorbs.net 127.0.0.6 old.spam.dnsbl.sorbs.net 127.0.0.6 spam.dnsbl.sorbs.net 127.0.0.6 escalations.dnsbl.sorbs.net 127.0.0.6 web.dnsbl.sorbs.net 127.0.0.7 block.dnsbl.sorbs.net 127.0.0.8 zombie.dnsbl.sorbs.net 127.0.0.9 dul.dnsbl.sorbs.net 127.0.0.10 badconf.rhsbl.sorbs.net 127.0.0.11 nomail.rhsbl.sorbs.net 127.0.0.12 -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Fri Feb 27 23:13:09 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Feb 27 23:15:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:go9dos$2eg$1@news.spamcop.net... I went ahead and added my server as a mailhost.. here's the tracking url.. http://www.spamcop.net/sc?id=z2656304448z80ab3feabb4441f3f8f6f4e72b3a1653z I have to admit it looks different than the other parsing method.. Bill From MikeE at ster.invalid Sat Feb 28 00:03:03 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 28 00:05:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" > I went ahead and added my server as a mailhost.. I think that's a good idea, rather, that's a good idea. Notice how 'easily' the parser picks up the bogus/forged line in a mailhosted parse. That is, the result is the same if the headers are parsed as non-mailhosted, SC gets it right either way, but you can see from the verbose of this experimental non-mailhosted parse^1 of the same headers that the logic is different; there's more 'labor' involved in my experimental parse below. > here's the tracking url.. > > http://www.spamcop.net/sc?id=z2656304448z80ab3feabb4441f3f8f6f4e72b3a1653z > > I have to admit it looks different than the other parsing method.. It partly looks different because there's no garbage here. The headers are major different because of missing garbage. The verbose is 'strategically' different because of different logic. I don't know yet exactly where that garbage was coming from which is missing in this example. You'll have to just keep watching and see how it/ your spam parsings/ evolves. But it will be better if you are mailhosted -- with the caveat that if a/your mailhost changes, the reporter needs to be aware of that change so that he/you can make SC aware of any mailhost changes. ^1 http://www.spamcop.net/sc?id=z2656607167z6acecc9c4350f7b2391d08e7e1b8c73bz -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Sat Feb 28 00:31:47 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 28 00:35:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:goaght$43o$1@news.spamcop.net... Yeah i did the mailhost setup thingy just before i submitted that report and verified the email it sent, ect ect.. i thought that's why the reporting output looked different. I guess we'll see.. From news0807REMOVECAPS at orrery.e4ward.com Sat Feb 28 06:21:21 2009 From: news0807REMOVECAPS at orrery.e4ward.com (Ian Smith) Date: Sat Feb 28 06:25:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Farelf wrote: > Blue Rock wrote: >> ... >> That is why I always create a unique email alias address when signing >> up on any site. If I start getting email to that address from someone >> else, I can find the site I originally used the address on, read their >> policies, and decide whether there is a valid business reason for this >> other person or company to be emailing me on that address. If in >> doubt, I contact the original company (where I signed up) and ask them. >> > > Good policy, I would (tend to) use similar in future. www.e4ward.com ...is excellent. regards, Ian From user at domain.invalid Sat Feb 28 07:55:43 2009 From: user at domain.invalid (Farelf) Date: Sat Feb 28 08:00:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Ian Smith wrote: > Farelf wrote: >> Blue Rock wrote: >>> ... >>> That is why I always create a unique email alias address when signing >>> up on any site. If I start getting email to that address from >>> someone else, I can find the site I originally used the address on, >>> read their policies, and decide whether there is a valid business >>> reason for this other person or company to be emailing me on that >>> address. If in doubt, I contact the original company (where I signed >>> up) and ask them. >>> >> >> Good policy, I would (tend to) use similar in future. > > www.e4ward.com > > ...is excellent. > > regards, Ian Thanks Ian, looks perfect, added to my bookmarks. From tmcgraw at spamcop.net Sat Feb 28 12:52:48 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Feb 28 12:55:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Farelf wrote: > Ian Smith wrote: >> Farelf wrote: >>> Blue Rock wrote: >>>> ... >>>> That is why I always create a unique email alias address when >>>> signing up on any site. >>> Good policy, I would (tend to) use similar in future. >> www.e4ward.com >> >> ...is excellent. >> >> regards, Ian > Thanks Ian, looks perfect, added to my bookmarks. Once you register for a service like this, sneakemail.com or spammotel.com, paid users will have to add it to mailhosts. From nobody at devnull.spamcop.net Sat Feb 28 13:23:02 2009 From: nobody at devnull.spamcop.net (Blue Rock) Date: Sat Feb 28 13:25:08 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe References: Message-ID: "Tim McGraw" wrote in message news:gobtlg$608$1@news.spamcop.net... > Farelf wrote: >> Ian Smith wrote: >>> Farelf wrote: >>>> Blue Rock wrote: >>>>> ... >>>>> That is why I always create a unique email alias address when signing >>>>> up on any site. >>>> Good policy, I would (tend to) use similar in future. >>> www.e4ward.com >>> >>> ...is excellent. >>> >>> regards, Ian >> Thanks Ian, looks perfect, added to my bookmarks. > > Once you register for a service like this, sneakemail.com or > spammotel.com, paid users will have to add it to mailhosts. ...if you are going to be reporting email that is received via that service on SPAMCOP. From bcs1 at spamcop.net Sat Feb 28 13:45:35 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 28 13:50:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:goaght$43o$1@news.spamcop.net... > > Mike, here's one of those ones with the million header entires, but then it says nothing to do.... http://www.spamcop.net/sc?id=z2657969345ze5fc4c25d6f40ac7a1f8b37c041b1280z i have setup my mailhosts for both the bcs domain and my fuse account and of course my spamcop was done auto.. maybe, i'm just not understanding this, or how it's supposed to work? i'm going to post the whole spam in .spam too.. Bill From nobody at devnull.spamcop.net Sat Feb 28 15:12:54 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Sat Feb 28 15:15:07 2009 Subject: [Scspamcop] Re: reporting your own ISP References: <01c995d8$898d8e80$LocalHost@default> <01c996a8$848439e0$LocalHost@default> <01c9990d$36e6f4e0$LocalHost@default> Message-ID: Mike Easter wrote: > Michael R N Dolbear wrote: >> RW Lots of good information today Mike. Thanks! Cheers, Twayne > >>> "is an open proxy" is a generic term used when an IP is found on the >>> CBL. An njabl listing will result is "open relay" and the text for >>> a >> >>> SORBS listing will vary depending on the response code. >> >> Scanning, I see that that isn't quite what happens. >> >> CBL yes, as above but the only njabl listings I get give "open proxy" >> too. >> >> 218.59.29.39 listed in dnsbl.njabl.org ( 127.0.0.9 ) >> 218.59.29.39 is an open proxy >> http://www.spamcop.net/sc?id=z2654939419z4044ff9575405b16042a42a26a48b90 >> bz >> >> the only SORBS listing was >> 220.136.50.42 listed in dnsbl.sorbs.net ( 127.0.0.10 ) >> which has no associated text. > > I'm not sure exactly which (fine) points are being discussed or > debated here, maybe none; and I may be posting some information that > all are familiar with already, but I will do it anyway just in case > anyone including me is confused. > > Both njabl and sorbs have a great many blocklists. One of njabl's is > open proxy 127.0.0.9, and sorbs 127.0.0.10 just means a dynamic, which > inandofitself doesn't make it a spamsource. > > Some of the details; I'll leave off sorbs verbose description of its > blocklists in favor of just the return codes: > > The NJABL.ORG dnsbl zones are currently available in query mode as a > dnsbl format DNS zone and can be copied via rsync. Currently, all > entries resolve to one of the following: > 127.0.0.2 - open relays > 127.0.0.3 - dial-up/dynamic IP ranges. This type is deprecated. We no > longer list dial-up/dynamic IP ranges. For that data, we recommend the > Spamhaus PBL. > 127.0.0.4 - Spam Sources - This will include both commercial > spammers as well as some dial-up direct-to-mx spammers and open > proxies as it's not always possible to differentiate between these > sources. For commercial spammers, once we have spam on file from some > of their IPs, we may add their entire IP range if it can be reliably > determined. 127.0.0.5 - Multi-stage open relays - Before adding > multi-stage open relays to our list, we make an attempt to notify the > NIC contacts for their IP space and give them at least one week to > fix their systems. This type is deprecated. We no longer list > multi-stage open relays. 127.0.0.6 - Passively detected "bad hosts" > - These hosts have done > things a proper SMTP server should not do. They're very likely to be > spam proxies. We can't say much more about this. No supporting > evidence is made available for listing these IPs. > 127.0.0.8 - Systems with insecure formmail.cgi or similar CGI scripts > which turn them into open relays - This includes the output IP when a > server with an insecure formmail CGI smarthosts outgoing email through > another server or servers. > 127.0.0.9 - Open proxy servers > > > http.dnsbl.sorbs.net 127.0.0.2 > socks.dnsbl.sorbs.net 127.0.0.3 > misc.dnsbl.sorbs.net 127.0.0.4 > smtp.dnsbl.sorbs.net 127.0.0.5 > new.spam.dnsbl.sorbs.net 127.0.0.6 > recent.spam.dnsbl.sorbs.net 127.0.0.6 > old.spam.dnsbl.sorbs.net 127.0.0.6 > spam.dnsbl.sorbs.net 127.0.0.6 > escalations.dnsbl.sorbs.net 127.0.0.6 > web.dnsbl.sorbs.net 127.0.0.7 > block.dnsbl.sorbs.net 127.0.0.8 > zombie.dnsbl.sorbs.net 127.0.0.9 > dul.dnsbl.sorbs.net 127.0.0.10 > badconf.rhsbl.sorbs.net 127.0.0.11 > nomail.rhsbl.sorbs.net 127.0.0.12 From MikeE at ster.invalid Sat Feb 28 15:18:46 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 28 15:20:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" > Mike, here's one of those ones with the million header entires, but > then it says nothing to do.... > www.spamcop.net/sc?id=z2657969345ze5fc4c25d6f40ac7a1f8b37c041b1280z The parser is making a mistake. I think it thinks the source is your mailhost. Abbreviated Received traceines *comment from bcs-bcs.com [69.147.228.100] by fetchmail.cesmail.net *serves recipient from e180233016.adsl.alicedsl.de (HELO oj1piw2) (85.180.233.16) by nebula.bcs-bcs.com *sourceline "" below indicates pastes from the verbose. 3: Received: from e180233016.adsl.alicedsl.de (HELO oj1piw2) (85.180.233.16) by nebula.bcs-bcs.com with SMTP; 28 Feb 2009 07:29:33 -0600 That line is the source line; that nebula is your provider. Hostname verified: e180233016.adsl.alicedsl.de I don't know why it is saying that. Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Those lines makes sense You have failed to configure your own mail host, from which you pop mail Mailhost: e180233016.adsl.alicedsl.de ( 85.180.233.16 ) Those lines don't make sense. > i have setup my mailhosts for both the bcs domain and my fuse account > and of course my spamcop was done auto.. > > maybe, i'm just not understanding this, or how it's supposed to work? Something is wrong. Maybe (either seeing or not seeing) the garbage in your mailhost configuration process interfered with the sanity of the mailhost configuration. > i'm going to post the whole spam in .spam too.. OK, but the whole spam is accessible at the tracker by clicking on the 'View entire message' link right before the 'Parsing header' part starts. The whole spam won't change. What can change are parts of the verbose and the notify. The tracker stores the spam (and how it was notified). Whenever the tracker is (re-)accessed, the spam is parsed (again). If something about the parsing process and results changes from one parse to another, the verbose and the results can change -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Sat Feb 28 16:55:31 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 28 17:00:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:goc66r$obh$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" > >> Mike, here's one of those ones with the million header entires, but >> then it says nothing to do.... >> > www.spamcop.net/sc?id=z2657969345ze5fc4c25d6f40ac7a1f8b37c041b1280z > > The parser is making a mistake. I think it thinks the source is your > mailhost. yeah, idk, i'm pretty much lost here, i've changed nothing on the server now for a long time aside from the Plesk panel's upgrade the borked spf checking and once i fixed that, the issues have been intermittent, one spam will process properly, the next will say my server's the source, and then this one says nothing to do. I have SC set to pop email off my server and I use the SC server to get all of my mail with the exception of actually popping the server to get the mailhost configuration email which the system says it accepted and i did the same thing to the fuse email account as well. i don't know, maybe Ellen will know what's up if she gets to see it here's another one that i did right after that came from the same server, didn't give any errors... http://www.spamcop.net/sc?id=z2657969404za983038b777e2b329b0463e2e309b8fbz From MikeE at ster.invalid Sat Feb 28 17:26:01 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 28 17:30:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> www.spamcop.net/sc?id=z2657969345ze5fc4c25d6f40ac7a1f8b37c041b1280z >> >> The parser is making a mistake. I think it thinks the source is your >> mailhost. > > > yeah, idk, i'm pretty much lost here, i've changed nothing on the > server now for a long time aside from the Plesk panel's upgrade the > borked spf checking and once i fixed that, the issues have been > intermittent, one spam will process properly, the next will say my > server's the source, and then this one says nothing to do. > I have SC set to pop email off my server and I use the SC server to > get all of my mail with the exception of actually popping the server to > get the mailhost configuration email which the system says it accepted > and i did the same thing to the fuse email account as well. > > i don't know, maybe Ellen will know what's up if she gets to see it > > here's another one that i did right after that came from the same > server, didn't give any errors... > www.spamcop.net/sc?id=z2657969404za983038b777e2b329b0463e2e309b8fbz Somehow I am unable to appreciate the 'difference' from a parsing perspective in those two items, one of which was parsed correctly for a mailhosted account and one which was not. I think the mailhost guru is going to have to help you. -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Sat Feb 28 17:31:12 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 28 17:35:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:gocdle$cs0$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" > >>> www.spamcop.net/sc?id=z2657969345ze5fc4c25d6f40ac7a1f8b37c041b1280z >> > www.spamcop.net/sc?id=z2657969404za983038b777e2b329b0463e2e309b8fbz > > Somehow I am unable to appreciate the 'difference' from a parsing > perspective in those two items, one of which was parsed correctly for a > mailhosted account and one which was not. > > I think the mailhost guru is going to have to help you. > > yeah... idk. here's another one too says nothing to do and has the same mailhost message in it. http://www.spamcop.net/sc?id=z2658325498zbd81f9724e2c4826c4a6c92be4f3d5dfz i hope i haven't broken spamcop.... or i guess the other side of the coin is, i hope this information helps them make it better.. Bill From MikeE at ster.invalid Sat Feb 28 17:51:54 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 28 17:55:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> I think the mailhost guru is going to have to help you. > http://www.spamcop.net/sc?id=z2658325498zbd81f9724e2c4826c4a6c92be4f3d5dfz OK. That's 24 lines of garbage and broken. The one that worked was 19 lines. The other b0rken one was 22 lines. So far my most brilliant conclusion (w.a.g. wild*ssguess) is that if the parser eats 20 or more lines of header garbage, its brain gets sleepy and can't perform properly. Where 20 is about 20-22. > i hope i haven't broken spamcop.... > > or i guess the other side of the coin is, i hope this information helps > them make it better.. There seems to be no end of unique possibilities for things that can cause confusion. -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Sat Feb 28 20:39:36 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Feb 28 20:40:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:gocf5u$flu$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" >>> I think the mailhost guru is going to have to help you. > >> > http://www.spamcop.net/sc?id=z2658325498zbd81f9724e2c4826c4a6c92be4f3d5dfz > > OK. That's 24 lines of garbage and broken. The one that worked was 19 > lines. The other b0rken one was 22 lines. > > So far my most brilliant conclusion (w.a.g. wild*ssguess) is that if the > parser eats 20 or more lines of header garbage, its brain gets sleepy and > can't perform properly. Where 20 is about 20-22. > >> i hope i haven't broken spamcop.... >> >> or i guess the other side of the coin is, i hope this information helps >> them make it better.. > > There seems to be no end of unique possibilities for things that can cause > confusion. > here's another one that worked http://www.spamcop.net/sc?id=z2658573200zd4e6f6c98b1065f45cd27f109a86a1f9z where are you counting the things at Mike? i don't mind looking to see if there's some correlation with that and whether it breaks the parsing.. Thanks Bill From user at domain.invalid Sat Feb 28 21:02:44 2009 From: user at domain.invalid (Farelf) Date: Sat Feb 28 21:05:09 2009 Subject: [Scspamcop] Re: CCR Spam from Magnetmail/Datapipe In-Reply-To: References: Message-ID: Blue Rock wrote: > "Tim McGraw" wrote in message > news:gobtlg$608$1@news.spamcop.net... >> Farelf wrote: >>> Ian Smith wrote: >>>> Farelf wrote: >>>>> Blue Rock wrote: >>>>>> ... >>>>>> That is why I always create a unique email alias address when signing >>>>>> up on any site. >>>>> Good policy, I would (tend to) use similar in future. >>>> www.e4ward.com >>>> >>>> ...is excellent. >>>> >>>> regards, Ian >>> Thanks Ian, looks perfect, added to my bookmarks. >> Once you register for a service like this, sneakemail.com or >> spammotel.com, paid users will have to add it to mailhosts. > > ...if you are going to be reporting email that is received via that service > on SPAMCOP. > > Thanks Tim, BR, noted. From MikeE at ster.invalid Sat Feb 28 21:23:18 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Feb 28 21:25:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> OK. That's 24 lines of garbage and broken. The one that worked was 19 >> lines. The other b0rken one was 22 lines. >> >> So far my most brilliant conclusion (w.a.g. wild*ssguess) is that if >> the parser eats 20 or more lines of header garbage, its brain gets >> sleepy and can't perform properly. Where 20 is about 20-22. > where are you counting the things at Mike? I wasn't really very serious -- but I was counting all of those junk lines with the asterisks. This newest one had 22 lines squeezed in just above the qmail line, they start with a leading space, then asterisk, then a number like a spamassassin score, then the name of the spamrule. That makes one with 22 lines which was broken and one with 22 lines which wasn't, so the 'too much junk' theory isn't consistent. > i don't mind looking to see if there's some correlation with that and > whether it breaks the parsing.. I wish I could figure out where it is/ they are/ coming from. A filter is stamping the lines and I think they are 'noisy' and interfering with the parse sometimes. -- Mike Easter kibitzer, not SC admin