From bcs1 at spamcop.net Sun Mar 1 01:54:49 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 1 01:55:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:gocrib$b6l$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" > >>> OK. That's 24 lines of garbage and broken. The one that worked was 19 >>> lines. The other b0rken one was 22 lines. >>> >>> So far my most brilliant conclusion (w.a.g. wild*ssguess) is that if >>> the parser eats 20 or more lines of header garbage, its brain gets >>> sleepy and can't perform properly. Where 20 is about 20-22. > >> where are you counting the things at Mike? > > I wasn't really very serious -- but I was counting all of those junk lines > with the asterisks. > > This newest one had 22 lines squeezed in just above the qmail line, they > start with a leading space, then asterisk, then a number like a > spamassassin score, then the name of the spamrule. That makes one with 22 > lines which was broken and one with 22 lines which wasn't, so the 'too > much junk' theory isn't consistent. > >> i don't mind looking to see if there's some correlation with that and >> whether it breaks the parsing.. > > I wish I could figure out where it is/ they are/ coming from. A filter is > stamping the lines and I think they are 'noisy' and interfering with the > parse sometimes. > well, i can turn off spamassin.. (i own the server) think it might help? Information: The spam filter for bill at bcs-bcs dot com was switched off. i guess we'll see... From g.hyde at bigNOSPAMpond.net.au Sun Mar 1 06:41:38 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Sun Mar 1 06:45:09 2009 Subject: [Scspamcop] Spam - what flavor is it? Message-ID: http://www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz I've seen these spams come along now and then, what exactly are they? The parse came up a little differently when it went through it a second time around, what is obvious though, is that it's another hacked german computer that has some kind of bot on it. It's been reported as spam, I normally just ignore them because they don't seem to appear with any consistent pattern. Google also gets named in the link scan for body text, however, that gets devnulled. Cheers ... Geoffrey Hyde From blacklist-me at davjam.org Sun Mar 1 10:46:03 2009 From: blacklist-me at davjam.org (David Bolt) Date: Sun Mar 1 11:00:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: On Sun, 1 Mar 2009, Geoffrey Hyde wrote:- >http://www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz > >I've seen these spams come along now and then, what exactly are they? This one is for pills. The web page is hosted on Google docs, but the real pills site is on factsupreme.com (91.209.58.51) which is listed by Spamhaus under two SBL listings and a single ROKSO listing. The first of these, SBL73114: is for the single IP address. The second listing, SBL73115: is for the /24. The ROKSO listing, ROK8138: is for the "Canadian Pharmacy" spam operation. >The parse came up a little differently when it went through it a second time >around, what is obvious though, is that it's another hacked german computer >that has some kind of bot on it. Nothing fresh there. >It's been reported as spam, I normally just ignore them because they don't >seem to appear with any consistent pattern. > >Google also gets named in the link scan for body text, however, that gets >devnulled. And nothing fresh there either. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 From MikeE at ster.invalid Sun Mar 1 12:02:42 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 1 12:05:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> I wish I could figure out where it is/ they are/ coming from. A >> filter is stamping the lines and I think they are 'noisy' and >> interfering with the parse sometimes. >> > well, i can turn off spamassin.. (i own the server) If I understand what you are saying up here is that you admin bcs-bcs.com which is running SA. > think it might help? > Information: The spam filter for bill at bcs-bcs dot com was switched > off. ... and then down here you are saying that the spamfilter for the mailbox bill is switched off. > i guess we'll see... So then nebula.bcs-bcs.com receives a mail, stamps it with a normal Received traceline, stamps it with a qmail line, and then stamps it above that with all of that horrendous SA data on top of all of the headers. Then the fetchmail.cesmail.net gets those junked up headers and stamps its line above all of that junk. I don't think you have to turn *off* SA, but there is something wrong with its configuration about where it is putting those * SA lines. If it puts them there like that, especially with that leading whitespace, then all of that SA data gets merged into the fetchmail.cesmail.net's Received traceline, which is part of what the parser is trying to interpret. That is, the parser should just have to interpret each normal traceline: Received: from rDNS (helo) (send.IP) by receive.name with mailstuff timestamp ... the parser should not have to interpret a traceline which looks like this Received: from rDNS (helo) (send.IP) by receive.name with mailstuff timestamp andtons andton andton andtons ofSAdata The parser has to 'inhale' that line; whereas if it hadn't been merged into the line by the condition of the leading whitespace before the asterisk, it would be able to stop the 'interpretation' of the Received traceline by recognizing the next header fieldname, such as Received: A header fieldname is a string without spaces followed by a colon. Every fieldname begins that way including the traceline fieldnames which are Received The way your SA is inserting its leading data with the leading space (and no fieldname to put it all into) and where it is putting the data is creating a 'monster' out of the fetchmail's line. -- Mike Easter kibitzer, not SC admin From lm-rmv3 at cryptpad.com Sun Mar 1 13:00:59 2009 From: lm-rmv3 at cryptpad.com (Leon Mayne) Date: Sun Mar 1 13:05:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: "Geoffrey Hyde" wrote in message news:godsa7$8jn$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz > > I've seen these spams come along now and then, what exactly are they? I'd be careful asking like that, you'll have Mike jumping down your throat... From bcs1 at spamcop.net Sun Mar 1 15:15:41 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 1 15:20:09 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:goef36$bv$1@news.spamcop.net... > > If I understand what you are saying up here is that you admin bcs-bcs.com > which is running SA. correct > >> think it might help? >> Information: The spam filter for bill at bcs-bcs dot com was switched >> off. > > ... and then down here you are saying that the spamfilter for the mailbox > bill is switched off. yes, i turned it off while writing the response > >> i guess we'll see... > > So then nebula.bcs-bcs.com receives a mail, stamps it with a normal > Received traceline, stamps it with a qmail line, and then stamps it above > that with all of that horrendous SA data on top of all of the headers. I assume (hate that word) so, but SA is runign in it's default configuration > > Then the fetchmail.cesmail.net gets those junked up headers and stamps its > line above all of that junk. > > I don't think you have to turn *off* SA, but there is something wrong with > its configuration about where it is putting those * SA lines. > If it puts them there like that, especially with that leading whitespace, > then all of that SA data gets merged into the fetchmail.cesmail.net's > Received traceline, which is part of what the parser is trying to > interpret. > [snipped] > > A header fieldname is a string without spaces followed by a colon. Every > fieldname begins that way including the traceline fieldnames which are > Received > > The way your SA is inserting its leading data with the leading space (and > no fieldname to put it all into) and where it is putting the data is > creating a 'monster' out of the fetchmail's line. makes sense to me... *shrug I've only gotten 5 spams since then though, so idk yet, but i'm watcjing it. Bill From MikeE at ster.invalid Sun Mar 1 15:24:50 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 1 15:25:07 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: Leon Mayne wrote: > "Geoffrey Hyde" www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz >> >> I've seen these spams come along now and then, what exactly are they? > > I'd be careful asking like that, you'll have Mike jumping down your > throat... It is true that I don't like the way that GH handles the process, the event, the sequence of events; which I can guess at in part, and observe in part. My guess is that this spam is not being caught by a filter, but landing in his inbox. I don't like that. My guess is that he sees the subject and the from in their with his goodmail and he wonders what that means besides being spam. I don't like that either. My next guess is that he opens the spam because he is curious about it, sees a rendered html with a curious website name and he wonder what that is about. I don't like that. More guesses follow. Then, that's where he stops with his curiosity bothering him and he submits the spam to his regular spamcop mailhosted account. There are some things I don't like about that and some things that I accept. The parser tells him how it will notify for the source and fails to tell him how it will notify for the body. There are more things that I don't like about that. He is spending his time and spamcop's resources on something that could have been handled much much more efficiently. He doesn't like the lack of body notify information, so he churns the spam again which I like even less than the first wasted churn. After all that is over, he doesn't recognize what is going on, and I don't like that either, because he has been spending enough time and energy on spam that he could be researching some things which he seems to be interested in, instead of just being a spammee who is a pawn in the hands of the spamming process. So now, on top of all of the other things that I don't like, he shows us the tracker and expects/wants us/someone to satisfy the curiosities which were kindled by the way he handled the spam in the first place. He alleges that he does that because he can't be bothered spending his time working on these issues which arouse his curiosity. I don't like that either. I would rather see GH handle his spam differently, I would rather see GH handle his spam submissions differently, and I would rather see GH handle his interests and curiosities differently. Those are some of the reasons that I'm critical of GH's spamhandling style here sometimes. Sometimes I just sit quietly by and some other times I make a critical remark. It is possible a few of my guesses about the process and the mechanics may be in error, but I think most the above are correct. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Mar 1 15:26:48 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 1 15:30:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? Message-ID: eek! s/their/there/ Mike Easter wrote: > My guess is that he sees the subject and the from in their with his ... he sees the subject and the from in there with his > goodmail and he wonders what that means besides being spam. I don't > like that either. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Mar 1 15:50:00 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 1 15:50:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> So then nebula.bcs-bcs.com receives a mail, stamps it with a normal >> Received traceline, stamps it with a qmail line, and then stamps it >> above that with all of that horrendous SA data on top of all of the >> headers. > > I assume (hate that word) so, but SA is runign in it's default > configuration I've never seen SA headers just like that before; rather, I've never before seen SA headers just like that. Typically stuff like that is put into the field values for a header fieldname, either one SA dataline per xline header fieldname or else an xline fieldname with a 'string' of SA values/data, which would have those leading spaces to indicate a continuation of the fieldvalues for the fieldname above. That 1 xline per dataline is also the way the proxy-client filter SpamPal does it. It seems like this is qmail and SA working together, yes? >> The way your SA is inserting its leading data with the leading space >> (and no fieldname to put it all into) and where it is putting the data >> is creating a 'monster' out of the fetchmail's line. > > makes sense to me... > *shrug -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Mar 1 16:49:38 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Sun Mar 1 16:50:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: Leon Mayne wrote: > "Geoffrey Hyde" wrote in message > news:godsa7$8jn$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz >> >> I've seen these spams come along now and then, what exactly are they? > > I'd be careful asking like that, you'll have Mike jumping down your > throat... Leon, any idea what a self fulfilling prophecy is? What's your purpose in summoning the kibitzer druids? Heck, I darned near responded with my own thoughts too, but decided against it. Regards, Twayne From g.hyde at bigNOSPAMpond.net.au Sun Mar 1 17:13:15 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Sun Mar 1 17:15:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: "Mike Easter" wrote in message news:goequ5$30f$1@news.spamcop.net... > Leon Mayne wrote: >> "Geoffrey Hyde" > > www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz >>> >>> I've seen these spams come along now and then, what exactly are they? >> >> I'd be careful asking like that, you'll have Mike jumping down your >> throat... > > It is true that I don't like the way that GH handles the process, the > event, the sequence of events; which I can guess at in part, and observe > in part. Mostly I just toss these types of spamitem. But if you're going to go on a voyage of what you don't like, suit yourself. I'm just trying to figure out what the heck they mean to people who have received thousands of them. I'm not going to respond to the ignorant nonsense in the rest of your post. All I wanted to know is what flavour of spam I'm dealing with. Cheers ... Geoffrey Hyde From nobody at spamcop.net Sun Mar 1 17:25:29 2009 From: nobody at spamcop.net (bar0) Date: Sun Mar 1 17:30:07 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: "Geoffrey Hyde" wrote in message news:gof1a6$ngv$1@news.spamcop.net... ..... > I'm not going to respond to the ignorant nonsense in the rest of your > post. All I wanted to know is what flavour of spam I'm dealing with. Acid and smoky with a hint of overripe durian. From MikeE at ster.invalid Sun Mar 1 19:48:42 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 1 19:50:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: bar0 wrote: >>flavour > Acid and smoky with a hint of overripe durian. Durian?! I had to go look that one up. Very weird fruit. I've never seen or heard of it. //The unusual flavour and odour of the fruit have prompted many people to express diverse and passionate views ranging from deep appreciation to intense disgust.// ... and "The durian is commonly known as the "King of the Fruits",[35] a label that can be attributed to its formidable look and overpowering odour.[54]" Oh; so far I think I like this the best... http://en.wikipedia.org/wiki/File:The_Esplanade_4,_Singapore,_Dec_05.JPG or http://snipr.com/cwf3c Singapore's Esplanade building, nicknamed "The Durian" ... because http://snipr.com/cwf5z -- Mike Easter kibitzer, not SC admin From bakesph at comcast.net Mon Mar 2 03:40:10 2009 From: bakesph at comcast.net (Steve Baker) Date: Mon Mar 2 03:40:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: On Sun, 1 Mar 2009 12:24:50 -0800, "Mike Easter" wrote: >After all that is over, he doesn't recognize what is going on, and I don't >like that either, But how is one supposed to "recognize what is going on" without asking such questions? >because he has been spending enough time and energy on >spam that he could be researching some things which he seems to be >interested in, instead of just being a spammee who is a pawn in the hands >of the spamming process. Jeez, it's no mystery why lots of folks think you're a dickhead. (Mike and I have a long history. We get along, but we don't agree on everything. ;-)) -- Steve Baker From user at domain.invalid Mon Mar 2 06:14:45 2009 From: user at domain.invalid (Farelf) Date: Mon Mar 2 06:15:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: Mike Easter wrote: > bar0 wrote: > >>> flavour > >> Acid and smoky with a hint of overripe durian. > > Durian?! I had to go look that one up. Very weird fruit. I've never > seen or heard of it. > I have seen signs outside local hotels in West Java forbidding guests to take the fruit to their rooms. Even where it is common, reactions to it are mixed. From g.hyde at bigNOSPAMpond.net.au Mon Mar 2 07:25:36 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Mon Mar 2 07:30:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: "Farelf" wrote in message news:gogf33$rn4$1@news.spamcop.net... > Mike Easter wrote: >> bar0 wrote: >> >>>> flavour >> >>> Acid and smoky with a hint of overripe durian. >> >> Durian?! I had to go look that one up. Very weird fruit. I've never >> seen or heard of it. >> > > I have seen signs outside local hotels in West Java forbidding guests to > take the fruit to their rooms. Even where it is common, reactions to it > are mixed. Durian looks rather similar externally to what we know over here as soursop: http://www.google.com.au/search?hl=en&q=soursop&meta= I dunno if that link will work but you should tack on the = on the end of it if it doesn't. I think the internal seeds of the fruit are a bit different though. I've only tasted a little of it as a kid, a long time ago, and I have to say the taste didn't ring any special bells for my taste buds. They can grow quite large fruit, if cared for properly, and I think they're a good vitamin source as well, from what little I recall of them. If left on the ground for a relatively short length of time they can rot quite fast. Cheers ... Geoffrey Hyde From bcs1 at spamcop.net Mon Mar 2 08:29:36 2009 From: bcs1 at spamcop.net (Bill) Date: Mon Mar 2 08:30:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:goesdb$933$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" > > It seems like this is qmail and SA working together, yes? > yes it is From MikeE at ster.invalid Mon Mar 2 08:55:14 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 2 08:55:07 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter" >> It seems like this is qmail and SA working together, yes? >> > > yes it is Well... I was implying that the configurational result is actually based on qmail handling SA's data/information, and that perhaps it was the qmail configuration which is to blame/responsible for how the SA stuff is getting pasted into the header and it isn't a 'default' configuration of SA - which isn't the mailhandler. -- Mike Easter kibitzer, not SC admin From Ag2000CO at Starband.net Mon Mar 2 09:52:39 2009 From: Ag2000CO at Starband.net (LKing) Date: Mon Mar 2 09:55:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: Mike Easter wrote, On 3/1/2009 3:24 PM: > Leon Mayne wrote: >> "Geoffrey Hyde" > > www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz >>> I've seen these spams come along now and then, what exactly are they? >> I'd be careful asking like that, you'll have Mike jumping down your >> throat... > > It is true that I don't like ... Well Mike, you took that bate, hook, line... From MikeE at ster.invalid Mon Mar 2 10:55:01 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 2 10:55:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: LKing wrote: > Mike Easter wrote, On 3/1/2009 3:24 PM: >> Leon Mayne wrote: >>> "Geoffrey Hyde" >> >> www.spamcop.net/sc?id=z2659444571zb1aac81c079efccd3ead245bec2f03bbz >>>> I've seen these spams come along now and then, what exactly are they? >>> I'd be careful asking like that, you'll have Mike jumping down your >>> throat... >> >> It is true that I don't like ... > > Well Mike, you took that bate, hook, line... I keep thinking that if I can convince GH to use quickreporting, then he could take all of that time he saves and use it for the following better antispam activities; - get/use a filter to keep spam out of his inbox, - stop reading spamsubjects and froms mixed with goodmail and stop opening spam, - practice reading headers so that he can do it more informed than the parser provides, - dissect spambody links from the properties instead of opening and rendering spam, - evaluate/determine payload website content without risking getting hurt by browser/OS insecurities - understand how many of his spambodies don't result in worthwhile notifies - know which of his spams are actually viruses unfiltered by his provider Then GH could be helping to teach spam newbies some things about spam. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon Mar 2 12:56:17 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Mar 2 13:00:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: bar0 wrote: > Geoffrey Hyde wrote: >> I'm not going to respond to the ignorant nonsense in the rest of your >> post. All I wanted to know is what flavour of spam I'm dealing with. > > Acid and smoky with a hint of overripe durian. It's March 1, and none too soon to proclaim this best post of the month. C&C warning next time, please. From tmcgraw at spamcop.net Mon Mar 2 13:23:08 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Mar 2 13:25:07 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: Tim McGraw wrote: > It's March 1 Geez, what calendar was I looking at? From bcs1 at spamcop.net Mon Mar 2 14:34:26 2009 From: bcs1 at spamcop.net (Bill) Date: Mon Mar 2 14:35:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:gogofj$7qu$1@news.spamcop.net... > Bill wrote: >> "Mike Easter" > >>> It seems like this is qmail and SA working together, yes? >>> >> >> yes it is > > Well... I was implying that the configurational result is actually based > on qmail handling SA's data/information, and that perhaps it was the qmail > configuration which is to blame/responsible for how the SA stuff is > getting pasted into the header and it isn't a 'default' configuration of > SA - which isn't the mailhandler. > ahhh.. couldn't say, qmail is installed with Plesk(as did SA) and i don't mess with it outside of the one spf checking issue we had... i mean not that i couldn't, but my understanding is that the qmail there is a slightly different config for integration with plesk, so i don't mess with anything there... @ $75.00 a pop for them to look at it, i can't afford to bork it... anyway, here's one without SA turned on... http://www.spamcop.net/sc?id=z2663161725z76bc1e0e8ea6be26d899902fa03ffba0z looks like SA's lines were what was giving SC trouble because everyone since i turned it off usually follows this pattern here, gets to the line past my server and sends the report. Bill From lm-rmv3 at cryptpad.com Mon Mar 2 15:51:16 2009 From: lm-rmv3 at cryptpad.com (Leon Mayne) Date: Mon Mar 2 15:55:09 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:goevtg$kfq$1@news.spamcop.net... > Leon, any idea what a self fulfilling prophecy is? What's your purpose in > summoning the kibitzer druids? Heck, I darned near responded with my > own thoughts too, but decided against it. :-) I just remember asking about the purpose of a spam email once and managed to start a flame war. Bearing in mind I like to write antispam programs in my spare time I think I was justified in researching it. From MikeE at ster.invalid Mon Mar 2 17:12:26 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 2 17:15:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: Bill wrote: > "Mike Easter >> Bill wrote: >>> "Mike Easter" >>>> It seems like this is qmail and SA working together, yes? >>> yes it is >> >> Well... I was implying that the configurational result is actually >> based on qmail handling SA's data/information, and that perhaps it was >> the qmail configuration which is to blame/responsible for how the SA >> stuff is getting pasted into the header and it isn't a 'default' >> configuration of SA - which isn't the mailhandler. >> > ahhh.. > couldn't say, qmail is installed with Plesk(as did SA) and i don't mess > with it outside of the one spf checking issue we had... Plesk means a lot of different things, Plesk server, Plesk Parallels Panel, windows v linux versions > i mean not that i couldn't, but my understanding is that the qmail > there is a slightly different config for integration with plesk, so i > don't mess with anything there... > @ $75.00 a pop for them to look at it, i can't afford to bork it... > > > anyway, here's one without SA turned on... > > http://www.spamcop.net/sc?id=z2663161725z76bc1e0e8ea6be26d899902fa03ffba0z > > > looks like SA's lines were what was giving SC trouble because everyone > since i turned it off usually follows this pattern here, gets to the > line past my server and sends the report. Well, I think it is a given that the parser is going to do better without having the fetchmail line be b0rken with the SA junk attached to its tailend because of the leading whitespace -- but if I were running a mailserver, I would like for SA to be doing some work for me, but just without messing up the headers. I'm saying that it seems that you should be able to have SA working without having *those kind* of headers associated with it. And I don't think you should have to pay someone for some $$ support to solve this problem. I'm not a mail admin, but there must be plenty of them around in newsgroups. If we can figger out the best usenet group to post a SC tracker in that will show those weird headers and say whatever kind of Plesk is involved, someone will surely say, "just do this" and everything will be aok again, SA running and not messing up the headers. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Mar 2 17:17:57 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 2 17:20:07 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: Leon Mayne wrote: > "Twayne" wrote in message > news:goevtg$kfq$1@news.spamcop.net... >> Leon, any idea what a self fulfilling prophecy is? What's your >> purpose in summoning the kibitzer druids? Heck, I darned near >> responded with my own thoughts too, but decided against it. > > :-) > I just remember asking about the purpose of a spam email once and > managed to start a flame war. Bearing in mind I like to write antispam > programs in my spare time I think I was justified in researching it. spamless@nil.nil follows spam payloads around to the website/s to decipher the encrypted scripts which are found there and I don't 'fuss at' him for accessing payload links -- because that is 'advanced spamfighting' -- just like figuring out who is getting the money at a payload. But, let's don't be confusing advanced spamfighting strategies with spamreading and spamcurious which is not integrated into advanced techniques at all. "Oh, I like to curiously open and read the spam in my inbox mixed in with my goodmail because I'm an advanced spamfighter." "You can tell I'm an advanced spamfighter because I'm a spamcop reporter." -- Mike Easter kibitzer, not SC admin From bcs1 at spamcop.net Mon Mar 2 20:27:58 2009 From: bcs1 at spamcop.net (Bill) Date: Mon Mar 2 20:30:08 2009 Subject: [Scspamcop] Re: yet again SC tries to hit on my server as the source References: Message-ID: "Mike Easter" wrote in message news:gohljr$mai$1@news.spamcop.net... > Bill wrote: >> "Mike Easter >>> Bill wrote: >>>> "Mike Easter" >>>>> It seems like this is qmail and SA working together, yes? >>>> yes it is >>> >>> Well... I was implying that the configurational result is actually >>> based on qmail handling SA's data/information, and that perhaps it was >>> the qmail configuration which is to blame/responsible for how the SA >>> stuff is getting pasted into the header and it isn't a 'default' >>> configuration of SA - which isn't the mailhandler. >>> >> ahhh.. >> couldn't say, qmail is installed with Plesk(as did SA) and i don't mess >> with it outside of the one spf checking issue we had... > > Plesk means a lot of different things, Plesk server, Plesk Parallels > Panel, windows v linux versions Yes, mine is the plesk control panel version 9 I have the power pack addon, dr Web Av and spam assasin none of the other addons like virtuozzo or anything, just a 100 domain license > >> i mean not that i couldn't, but my understanding is that the qmail >> there is a slightly different config for integration with plesk, so i >> don't mess with anything there... >> @ $75.00 a pop for them to look at it, i can't afford to bork it... >> >> >> anyway, here's one without SA turned on... >> >> > http://www.spamcop.net/sc?id=z2663161725z76bc1e0e8ea6be26d899902fa03ffba0z >> >> >> looks like SA's lines were what was giving SC trouble because everyone >> since i turned it off usually follows this pattern here, gets to the >> line past my server and sends the report. > > Well, I think it is a given that the parser is going to do better without > having the fetchmail line be b0rken with the SA junk attached to its > tailend because of the leading whitespace -- but if I were running a > mailserver, I would like for SA to be doing some work for me, but just > without messing up the headers. agreed... > > I'm saying that it seems that you should be able to have SA working > without having *those kind* of headers associated with it. And I don't > think you should have to pay someone for some $$ support to solve this > problem. hahaha yeah, I pay about $100.00 a year for my SUS, but support still costs except when their upgrade hosed the server last time, they did fix that for free.. well mostly fixed it... > > I'm not a mail admin, but there must be plenty of them around in > newsgroups. If we can figger out the best usenet group to post a SC > tracker in that will show those weird headers and say whatever kind of > Plesk is involved, someone will surely say, "just do this" and everything > will be aok again, SA running and not messing up the headers. > > yeah, that would be good, and it's probably something simple too... Bill From g.hyde at bigNOSPAMpond.net.au Mon Mar 2 22:59:04 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Mon Mar 2 23:00:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: "Mike Easter" wrote in message news:gohlu6$mrm$1@news.spamcop.net... > "Oh, I like to curiously open and read the spam in my inbox mixed in with > my goodmail because I'm an advanced spamfighter." > > "You can tell I'm an advanced spamfighter because I'm a spamcop reporter." Cite one post other than this one where I've used the word "advanced" and "spamfighter" consecutively. You'll find that nowhere am I claiming to be either. Cheers ... Geoffrey Hyde From borgholio at storymind.com Tue Mar 3 13:28:54 2009 From: borgholio at storymind.com (Borgholio) Date: Tue Mar 3 13:30:07 2009 Subject: [Scspamcop] popgate.cesmail.net no longer working? Message-ID: I first noticed a couple days ago that Spamcop is not POPing my Hotmail or AOL accounts. It is giving me "invalid password" errors. I have confirmed the email and password information so I know they're valid. I am currently using popgate.cesmail.net as the POP server. Should I change that to popgate2.cesmail.net? From bcs1 at spamcop.net Tue Mar 3 14:35:35 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 14:40:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Borgholio" wrote in message news:gojst2$jh9$1@news.spamcop.net... >I first noticed a couple days ago that Spamcop is not POPing my Hotmail or >AOL accounts. It is giving me "invalid password" errors. I have confirmed >the email and password information so I know they're valid. I am currently >using popgate.cesmail.net as the POP server. Should I change that to >popgate2.cesmail.net? I had the same issue, but someone told me to use pop3.live.com however i'm not getting my hotmail popped either, evidently it's something to do with hotmail's changes? but pop3.live.com says caannot contact server, so idk... Bill From nobody at devnull.spamcop.net Tue Mar 3 14:45:25 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Mar 3 14:50:07 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: Leon Mayne wrote: > "Twayne" wrote in message > news:goevtg$kfq$1@news.spamcop.net... >> Leon, any idea what a self fulfilling prophecy is? What's your >> purpose in summoning the kibitzer druids? Heck, I darned near >> responded with my own thoughts too, but decided against it. > > :-) > I just remember asking about the purpose of a spam email once and > managed to start a flame war. Bearing in mind I like to write > antispam programs in my spare time I think I was justified in > researching it. You probably couldn't see it, but my tongue was poking into my cheek. I mean nothing offensive to you or to Mike. Sorry. Twayne From nobody at devnull.spamcop.net Tue Mar 3 14:54:15 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Mar 3 14:55:08 2009 Subject: [Scspamcop] Re: Spam - what flavor is it? References: Message-ID: Mike Easter wrote: ... > > But, let's don't be confusing advanced spamfighting strategies with > spamreading and spamcurious which is not integrated into advanced > techniques at all. > > "Oh, I like to curiously open and read the spam in my inbox mixed in > with my goodmail because I'm an advanced spamfighter." > > "You can tell I'm an advanced spamfighter because I'm a spamcop > reporter." lol, those last two paras are good enough for a sig line! I gotta admit I did read a couple spams not too long ago: They came from what appeared to be government sites I'd had past dealings with. It was quickly obvious they were spam but they so enticed me I'd read every word before I even realized it! There's an article about them here if you're interested: http://www.ic3.gov/media/2007/070627.aspx I only ever got the 2 at once, but I hear they're still making the rounds. Interestingly enough, not a single media I listen to/watch has ever covered anything about it. So much for press releases. I do reference it on my own web pages and the ones I manage tough. Cheers, Twayne From nobody at devnull.spamcop.net Tue Mar 3 14:55:59 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Mar 3 15:00:08 2009 Subject: [Scspamcop] PS Re: Spam - what flavor is it? References: Message-ID: PS I forgot to mention: " The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). " From bcs1 at spamcop.net Tue Mar 3 18:46:44 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 18:50:11 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Borgholio" wrote in message news:gojst2$jh9$1@news.spamcop.net... >I first noticed a couple days ago that Spamcop is not POPing my Hotmail or >AOL accounts. It is giving me "invalid password" errors. I have confirmed >the email and password information so I know they're valid. I am currently >using popgate.cesmail.net as the POP server. Should I change that to >popgate2.cesmail.net? Just an fyi... popgate2.cesmail.net works for me... Bill From Pearson_H_J at yahoo.com Tue Mar 3 19:13:38 2009 From: Pearson_H_J at yahoo.com (Jim) Date: Tue Mar 3 19:15:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? In-Reply-To: References: Message-ID: Bill wrote: > "Borgholio" wrote in message > news:gojst2$jh9$1@news.spamcop.net... >> I first noticed a couple days ago that Spamcop is not POPing my Hotmail or >> AOL accounts. It is giving me "invalid password" errors. I have confirmed >> the email and password information so I know they're valid. I am currently >> using popgate.cesmail.net as the POP server. Should I change that to >> popgate2.cesmail.net? > > Just an fyi... > popgate2.cesmail.net > works for me... > > Bill > > I use pop3.live.com for my hotmail account From bcs1 at spamcop.net Tue Mar 3 19:22:41 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 19:25:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Jim" wrote in message news:gokh3r$tbv$1@news.spamcop.net... Should I change that to >>> popgate2.cesmail.net? >> >> Just an fyi... >> popgate2.cesmail.net >> works for me... >> >> Bill >> >> > I use pop3.live.com for my hotmail account Hiya Jim, I tried that, SC said unable to contact server.. glad it's working for someone though... Bill From H_J_hhhhhhhh at yahoo.com Tue Mar 3 19:25:02 2009 From: H_J_hhhhhhhh at yahoo.com (Jim) Date: Tue Mar 3 19:30:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? In-Reply-To: References: Message-ID: Bill wrote: > "Jim" wrote in message > news:gokh3r$tbv$1@news.spamcop.net... > Should I change that to >>>> popgate2.cesmail.net? >>> Just an fyi... >>> popgate2.cesmail.net >>> works for me... >>> >>> Bill >>> >>> >> I use pop3.live.com for my hotmail account > > Hiya Jim, > I tried that, SC said unable to contact server.. > glad it's working for someone though... > > Bill > > > Forgot use ssl From bcs1 at spamcop.net Tue Mar 3 19:30:42 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 19:35:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Jim" wrote in message news:gokhp8$uif$1@news.spamcop.net... >>> I use pop3.live.com for my hotmail account >> >> Hiya Jim, >> I tried that, SC said unable to contact server.. >> glad it's working for someone though... >> >> Bill >> >> >> > Forgot use ssl giving it a try... Thanks Sir... Bill From borgholio at storymind.com Tue Mar 3 19:49:18 2009 From: borgholio at storymind.com (Borgholio) Date: Tue Mar 3 19:50:09 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? In-Reply-To: References: Message-ID: Bill wrote: > "Borgholio" wrote in message > news:gojst2$jh9$1@news.spamcop.net... >> I first noticed a couple days ago that Spamcop is not POPing my Hotmail or >> AOL accounts. It is giving me "invalid password" errors. I have confirmed >> the email and password information so I know they're valid. I am currently >> using popgate.cesmail.net as the POP server. Should I change that to >> popgate2.cesmail.net? > > Just an fyi... > popgate2.cesmail.net > works for me... > > Bill > > Works for my hotmail but my AOL is still giving me invalid password errors. From bcs1 at spamcop.net Tue Mar 3 20:15:55 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 20:20:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Borgholio" wrote in message news:gokj69$kcr$4@news.spamcop.net... > Bill wrote: >> "Borgholio" wrote in message >> news:gojst2$jh9$1@news.spamcop.net... >>> I first noticed a couple days ago that Spamcop is not POPing my Hotmail >>> or AOL accounts. It is giving me "invalid password" errors. I have >>> confirmed the email and password information so I know they're valid. I >>> am currently using popgate.cesmail.net as the POP server. Should I >>> change that to popgate2.cesmail.net? >> >> Just an fyi... >> popgate2.cesmail.net >> works for me... >> >> Bill >> >> > > Works for my hotmail but my AOL is still giving me invalid password > errors. damn, i forgot about my aoHell account.... how many are we allowed to have in mailhosts? Bill From bbbbbbbbbbbbb_H_J at yahoo.com Tue Mar 3 21:01:23 2009 From: bbbbbbbbbbbbb_H_J at yahoo.com (Jim) Date: Tue Mar 3 21:05:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? In-Reply-To: References: Message-ID: I can't help you with AOL/AIM From bcs1 at spamcop.net Tue Mar 3 21:10:37 2009 From: bcs1 at spamcop.net (Bill) Date: Tue Mar 3 21:15:07 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? References: Message-ID: "Jim" wrote in message news:gokndt$g5j$1@news.spamcop.net... >I can't help you with AOL/AIM LOL... i can't get the mailhost confirmation to work with Hotmail though.. tried twice now and am almost at the end of the hour this time with nothing in my inbox... *sigh.. it hates me... LOL Bill From Damien at littledevil.com Wed Mar 4 14:13:01 2009 From: Damien at littledevil.com (Damien) Date: Wed Mar 4 14:15:08 2009 Subject: [Scspamcop] USAJOBS--Oops! Bad Link to SpamCop Message-ID: Folks, While looking through a security notice on the 'Official Job Site of the United States Federal Government" (http://www.usajobs.gov/securitytips.asp) I spotted a link to SpamCop, for tips on interpreting email headers. I thought this was a great endorsement of Spamcop. Unfortunately the link (http://www.spamcop.com/help_with_headers) is broken. This doesn't paint either SpamCop or the Federal Government in a very good light. So if someone can fix the page on Spamcop.com that would probably be easier than asking the government site to fix it. cheers, --Damien From tmcgraw at spamcop.net Wed Mar 4 14:38:38 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Mar 4 14:40:08 2009 Subject: [Scspamcop] Re: USAJOBS--Oops! Bad Link to SpamCop In-Reply-To: References: Message-ID: Damien wrote: > While looking through a security notice on the 'Official Job Site of the > United States Federal Government" (http://www.usajobs.gov/securitytips.asp) > I spotted a link to SpamCop, for tips on interpreting email headers. > > I thought this was a great endorsement of Spamcop. Unfortunately the link > (http://www.spamcop.com/help_with_headers) is broken. > > This doesn't paint either SpamCop or the Federal Government in a very good > light. So if someone can fix the page on Spamcop.com that would probably be > easier than asking the government site to fix it. "According to posts on SpamCop.net's forum, SpamCop.com is a newer service owned by a company named Interspectrum, which uses the service to market its anti-spam products. The use of the same name for the same type of service may constitute trademark infringement, and may be confusing to new users who expect the more established of the two services to be hosted on the .com top-level domain." http://en.wikipedia.org/wiki/SpamCop#Fake_similar_organizations From Damien at littledevil.com Wed Mar 4 15:47:02 2009 From: Damien at littledevil.com (Damien) Date: Wed Mar 4 15:50:09 2009 Subject: [Scspamcop] Re: USAJOBS--Oops! Bad Link to SpamCop References: Message-ID: Yikes, you're right! I've been tripped by the dot-com before, too! Has 'SpamCop' been trademarked? Tim McGraw wrote in news:gomlc0$jbn$1@news.spamcop.net: > Damien wrote: >> While looking through a security notice on the 'Official Job Site of >> the United States Federal Government" >> (http://www.usajobs.gov/securitytips.asp) I spotted a link to >> SpamCop, for tips on interpreting email headers. >> >> I thought this was a great endorsement of Spamcop. Unfortunately the >> link (http://www.spamcop.com/help_with_headers) is broken. >> >> This doesn't paint either SpamCop or the Federal Government in a very >> good light. So if someone can fix the page on Spamcop.com that would >> probably be easier than asking the government site to fix it. > > "According to posts on SpamCop.net's forum, SpamCop.com is a newer > service owned by a company named Interspectrum, which uses the service > to market its anti-spam products. The use of the same name for the > same type of service may constitute trademark infringement, and may be > confusing to new users who expect the more established of the two > services to be hosted on the .com top-level domain." > http://en.wikipedia.org/wiki/SpamCop#Fake_similar_organizations > From me at privacy.net Wed Mar 4 20:26:43 2009 From: me at privacy.net (Frog Prince) Date: Wed Mar 4 20:30:07 2009 Subject: [Scspamcop] Re: USAJOBS--Oops! Bad Link to SpamCop References: Message-ID: "Damien" wrote in message news:gompc6$uug$1@news.spamcop.net... : Yikes, you're right! I've been tripped by the dot-com before, too! : Has 'SpamCop' been trademarked? : : Even if it was done after the fact there is a defacto TM once the mark is in commercial use. Only problem is there is limited bit in the TM until it is formally registered. From Klamm at x.x Thu Mar 5 06:18:35 2009 From: Klamm at x.x (Klamm) Date: Thu Mar 5 06:20:08 2009 Subject: [Scspamcop] A question about spam Message-ID: It I have a mail account where I receive a lot of spam and I redirect incoming mails to another mail account, this second account will begin to receive spam? (I?m talking about new spam, not the spam I actually receive in the first account) From nobody at spamcop.net Thu Mar 5 07:43:47 2009 From: nobody at spamcop.net (bar0) Date: Thu Mar 5 07:45:08 2009 Subject: [Scspamcop] Re: A question about spam References: Message-ID: "Klamm" wrote in message news:op.uqbgc9cx4jg7le@pc77... > It I have a mail account where I receive a lot of spam and I redirect > incoming mails to another mail account, this second account will begin to > receive spam? (I´m talking about new spam, not the spam I actually receive > in the first account) Unless you also spray your mail to elsewhere, have a virus or Trojan reporting your email accounts to others, or correspondents with that address with the same problem, or report spam from that account with Spamcop or other tools, no more spam should arrive than if you only opened the mail account and never used or announced it. From g.hyde at bigNOSPAMpond.net.au Thu Mar 5 07:44:07 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Thu Mar 5 07:45:08 2009 Subject: [Scspamcop] Re: A question about spam References: Message-ID: "Klamm" wrote in message news:op.uqbgc9cx4jg7le@pc77... > It I have a mail account where I receive a lot of spam and I redirect > incoming mails to another mail account, this second account will begin to > receive spam? (I´m talking about new spam, not the spam I actually receive > in the first account) One thing you should be aware of is the possibility of the new account's inbox overfilling and overflowing as misdirected "returned mail" backscatter to unintended forged recipients in the spam. This can depend somewhat on what the ISP hosting your mail account does when mail overflows an inbox, they may have a policy which prevents this from occurring, but most ISP's don't even know their returned mail messages are hitting forged recipients until they get a report about it. You should take a proactive stance and make sure mail from this account is removed or collected long before it fills the inbox. Cheers ... Geoffrey Hyde From bcs1 at spamcop.net Thu Mar 5 12:50:38 2009 From: bcs1 at spamcop.net (Bill) Date: Thu Mar 5 12:55:08 2009 Subject: [Scspamcop] Hotmail fail when adding MailHosts? Message-ID: I am working on try #3 for setting up my hotmail mailhost, and still, i never get the "test" email.. any ideas? Sent test email to myaddresssssss@hotmail.com through mx2.hotmail.com. Sent test email to myaddresssssss@hotmail.com through mx4.hotmail.com. Sent test email to myaddresssssss@hotmail.com through mx3.hotmail.com. SpamCop has just sent you 3 test messages to myaddresssssss@hotmail.com. Please allow for up to an hour for those messages to reach you, and then follow the enclosed instructions. Some errors were encountered sending test email, but other tests were sent without trouble. This is probably normal, but here is a detailed list of errors: Detailed errors: Connecting to mx1.hotmail.com.: smtpSend:smtpOpen: smtpsend connection error from smtp server (550 No expected reply from SMTP) Bill From bcs1 at spamcop.net Fri Mar 6 17:57:50 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Mar 6 18:00:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? References: Message-ID: "Bill" wrote in message news:gop3de$ibg$1@news.spamcop.net... >I am working on try #3 for setting up my hotmail mailhost, and still, i >never get the "test" email.. > > any ideas? > > Sent test email to myaddresssssss@hotmail.com through mx2.hotmail.com. > Sent test email to myaddresssssss@hotmail.com through mx4.hotmail.com. > Sent test email to myaddresssssss@hotmail.com through mx3.hotmail.com. > > SpamCop has just sent you 3 test messages to myaddresssssss@hotmail.com. > Please allow for up to an hour for those messages to reach you, and then > follow the enclosed instructions. > Some errors were encountered sending test email, but other tests were sent > without trouble. This is probably normal, but here is a detailed list of > errors: > Detailed errors: > Connecting to mx1.hotmail.com.: > smtpSend:smtpOpen: smtpsend connection error from smtp server (550 No > expected reply from SMTP) > > Bill > > still nothing, trying again... From bcs1 at spamcop.net Sun Mar 8 03:17:26 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 8 03:20:07 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Bill" wrote in message news:gos9pe$n2a$1@news.spamcop.net... > so, am i doing it wrong?, not holding my mouth right?, wearing the wrong color shirt?? From g.hyde at bigNOSPAMpond.net.au Sun Mar 8 08:03:33 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Sun Mar 8 08:05:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Bill" wrote in message news:govre7$5ci$1@news.spamcop.net... > > "Bill" wrote in message > news:gos9pe$n2a$1@news.spamcop.net... >> > so, am i doing it wrong?, not holding my mouth right?, wearing the wrong > color shirt?? Who have you tried contacting? You might try emailing ellen AT admin DOT spamcop DOT net - or look for posts by SpamCop deputies/admins like Don or Ellen and seeing if you can decode their spamproofed address to the real one - they will look into the problem for you and tell you how to proceed with fixing it. HTH. Cheers ... Geoffrey Hyde From bcs1 at spamcop.net Sun Mar 8 12:14:43 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 8 12:15:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Geoffrey Hyde" wrote in message news:gp0c6v$h18$1@news.spamcop.net... > > "Bill" wrote in message > news:govre7$5ci$1@news.spamcop.net... >> >> "Bill" wrote in message >> news:gos9pe$n2a$1@news.spamcop.net... >>> >> so, am i doing it wrong?, not holding my mouth right?, wearing the wrong >> color shirt?? > > Who have you tried contacting? You might try emailing ellen AT admin DOT > spamcop DOT net - or look for posts by SpamCop deputies/admins like Don or > Ellen and seeing if you can decode their spamproofed address to the real > one - they will look into the problem for you and tell you how to proceed > with fixing it. > > HTH. > > Cheers ... > > Geoffrey Hyde I have not, I've always posted problems in the newsgroups for help. I sent an email to Ellen now though. Thanks Bill From bcs1 at spamcop.net Sun Mar 8 16:01:52 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 8 16:05:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Geoffrey Hyde" wrote in message news:gp0c6v$h18$1@news.spamcop.net... > Thanks Geoffrey, Problem fixed almost immediately by Richard. Bill From g.hyde at bigNOSPAMpond.net.au Mon Mar 9 00:16:36 2009 From: g.hyde at bigNOSPAMpond.net.au (Geoffrey Hyde) Date: Mon Mar 9 00:20:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Bill" wrote in message news:gp187g$64t$1@news.spamcop.net... > > "Geoffrey Hyde" wrote in message > news:gp0c6v$h18$1@news.spamcop.net... >> > Thanks Geoffrey, > Problem fixed almost immediately by Richard. Glad I could help. Just so you know, I'm a free SpamCop reporter, and I'm not in any way associated with SpamCop or it's administrators. But I do know some email addresses which I post if it could help solve your problem and nobody's replied for a while. Cheers ... Geoffrey Hyde From bcs1 at spamcop.net Mon Mar 9 03:26:35 2009 From: bcs1 at spamcop.net (Bill) Date: Mon Mar 9 03:30:08 2009 Subject: [Scspamcop] Re: Hotmail fail when adding MailHosts? Day 5 and counting.... References: Message-ID: "Geoffrey Hyde" wrote in message news:gp257f$5rc$1@news.spamcop.net... > Glad I could help. Just so you know, I'm a free SpamCop reporter, and I'm > not in any way associated with SpamCop or it's administrators. > > But I do know some email addresses which I post if it could help solve > your problem and nobody's replied for a while. > > > Cheers ... > > Geoffrey Hyde > That's cool, and it's appreciated too... I've been a paid member for years, but most of my knowledge is just to setup the pop addresses and click the button LOL Thanks again.. Bill From nobody at spamcop.net Wed Mar 11 01:32:46 2009 From: nobody at spamcop.net (RW) Date: Wed Mar 11 01:35:10 2009 Subject: [Scspamcop] Planned Maintenance Window - Thursday, March 12, 2009 Message-ID: Planned Maintenance Window - Thursday, March 12, 2009 Scheduled server maintenance and software upgrades will be taking place starting at 2:00 p.m. PDT Thursday, March 12, 2009. During this time the SpamCop Reporting Service website may not be available for a period of up to two hours in duration. Emailed spam submissions will be accepted, but processing will be delayed during the maintenance process. This will not affect the SpamCop/CESmail email service, newsgroups or forums. Richard From nobody at spamcop.net Wed Mar 11 01:33:25 2009 From: nobody at spamcop.net (RW) Date: Wed Mar 11 01:35:10 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 In-Reply-To: References: Message-ID: RW wrote: > Planned Maintenance Window - Thursday, March 12, 2009 > > Scheduled server maintenance and software upgrades will be taking place > starting at 2:00 p.m. PDT > Thursday, March 12, 2009. During this time the SpamCop Reporting Service > website may not be > available for a period of up to two hours in duration. Emailed spam > submissions will be accepted, > but processing will be delayed during the maintenance process. > > This will not affect the SpamCop/CESmail email service, newsgroups or > forums. This is the awaited upgrade to SC v4.5 :-) Richard From avoozl at spamcop.net Wed Mar 11 20:34:45 2009 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Wed Mar 11 20:35:08 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 References: Message-ID: "RW" wrote in message news:gp7if5$tij$2@news.spamcop.net... > This is the awaited upgrade to SC v4.5 :-) > > Richard What's SC v4.5?? From nobody at devnull.spamcop.net Wed Mar 11 23:44:35 2009 From: nobody at devnull.spamcop.net (Patto) Date: Wed Mar 11 23:45:08 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 In-Reply-To: References: Message-ID: RW wrote: > RW wrote: >> Planned Maintenance Window - Thursday, March 12, 2009 >> >> Scheduled server maintenance and software upgrades will be taking place >> starting at 2:00 p.m. PDT >> Thursday, March 12, 2009. During this time the SpamCop Reporting Service >> website may not be >> available for a period of up to two hours in duration. Emailed spam >> submissions will be accepted, >> but processing will be delayed during the maintenance process. >> >> This will not affect the SpamCop/CESmail email service, newsgroups or >> forums. > > This is the awaited upgrade to SC v4.5 :-) > > Richard v4.5 - does it fix anything? Does it improve anything? From MikeE at ster.invalid Thu Mar 12 00:14:42 2009 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 12 00:15:08 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 References: Message-ID: groups trimmed to spamcop Patto wrote: > RW wrote: >> This is the awaited upgrade to SC v4.5 :-) > v4.5 - does it fix anything? Does it improve anything? Everything. Perfect code. Doncha' think? Cross your fingers and hope that improvements are purely progressive and/but only slightly incomplete/imperfect; and that there isn't breakage and regressions more problematic than whatever got fixed. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Mar 12 00:50:13 2009 From: nobody at spamcop.net (RW) Date: Thu Mar 12 00:55:08 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 In-Reply-To: References: Message-ID: RW wrote: > Planned Maintenance Window - Thursday, March 12, 2009 > > Scheduled server maintenance and software upgrades will be taking place > starting at 2:00 p.m. PDT > Thursday, March 12, 2009. During this time the SpamCop Reporting Service > website may not be > available for a period of up to two hours in duration. Emailed spam > submissions will be accepted, > but processing will be delayed during the maintenance process. > > This will not affect the SpamCop/CESmail email service, newsgroups or > forums. > > Richard Due to some unexpected hardware problems, this maintenance/upgrade has been delayed until Tuesday March 17. Probably around the same time, but will update once we know for sure. Richard From nobody at spamcop.net Thu Mar 12 00:58:57 2009 From: nobody at spamcop.net (RW) Date: Thu Mar 12 01:00:08 2009 Subject: [Scspamcop] Re: Planned Maintenance Window - Thursday, March 12, 2009 In-Reply-To: References: Message-ID: Patto wrote: > RW wrote: >> RW wrote: >>> Planned Maintenance Window - Thursday, March 12, 2009 >>> >>> Scheduled server maintenance and software upgrades will be taking >>> place starting at 2:00 p.m. PDT >>> Thursday, March 12, 2009. During this time the SpamCop Reporting >>> Service website may not be >>> available for a period of up to two hours in duration. Emailed spam >>> submissions will be accepted, >>> but processing will be delayed during the maintenance process. >>> >>> This will not affect the SpamCop/CESmail email service, newsgroups or >>> forums. >> >> This is the awaited upgrade to SC v4.5 :-) >> >> Richard > > v4.5 - does it fix anything? Does it improve anything? The upgrade will be virtually transparent to the users, though it will fix the nagging copyright notice :-) Mostly it fixes some things that will provide behind the scenes stability and also gives us some tools to tweak some things we couldn't tweak before. It incorporates fixes for a long list of bug reports we've been reporting for quite a while. In the last year or so Ironport has gone away from hot patches, instead stacking things into version builds, unless it is a critical issue. These go through extensive beta testing before going live. Those that have been around for years will remember the infamous hot patches that would break things severely, sometimes for days at a time. Richard From Pearson_H_J at yahoo.com Thu Mar 12 06:50:37 2009 From: Pearson_H_J at yahoo.com (Jim) Date: Thu Mar 12 06:55:08 2009 Subject: [Scspamcop] Re: popgate.cesmail.net no longer working? In-Reply-To: References: Message-ID: Jim wrote: > I can't help you with AOL/AIM I got spamcop to pop AOL use pop.aol.com with "use ssl" checked From nobody at spamcop.net Thu Mar 12 18:14:05 2009 From: nobody at spamcop.net (Bar0) Date: Thu Mar 12 18:15:08 2009 Subject: [Scspamcop] Anybody noticed artists and "record companies" promoting via myspace spam lately? Message-ID: I've just received 2 solicitations today from an artist and a record company to be a friend of theirs on my space. Has anyone noticed myspace as a new vector for mass spamming? I'm sure there's always been a trickle of unwelcome myspace invitations, but these are from artists and companies I've never heard of, not that I visit the kind of sites where I might be exposed to that anyway. From borgholio at storymind.com Thu Mar 12 19:37:52 2009 From: borgholio at storymind.com (Borgholio) Date: Thu Mar 12 19:40:08 2009 Subject: [Scspamcop] Re: Anybody noticed artists and "record companies" promoting via myspace spam lately? In-Reply-To: References: Message-ID: Bar0 wrote: > I've just received 2 solicitations today from an artist and a record > company to be a friend of theirs on my space. > > Has anyone noticed myspace as a new vector for mass spamming? > > I'm sure there's always been a trickle of unwelcome myspace invitations, > but these are from artists and companies I've never heard of, not that I > visit the kind of sites where I might be exposed to that anyway. I have not experienced a "mass" spamming, but spam nonetheless. I have reported it to Myspace using the "mark as spam" function. From nobody at spamcop.net Thu Mar 12 19:52:42 2009 From: nobody at spamcop.net (bar0) Date: Thu Mar 12 19:55:08 2009 Subject: [Scspamcop] Re: Anybody noticed artists and "record companies" promoting via myspace spam lately? References: Message-ID: "Borgholio" wrote in message news:gpc6c6$hf2$1@news.spamcop.net... > Bar0 wrote: >> I've just received 2 solicitations today from an artist and a record >> company to be a friend of theirs on my space. >> >> Has anyone noticed myspace as a new vector for mass spamming? >> >> I'm sure there's always been a trickle of unwelcome myspace invitations, >> but these are from artists and companies I've never heard of, not that I >> visit the kind of sites where I might be exposed to that anyway. > > I have not experienced a "mass" spamming, but spam nonetheless. I have > reported it to Myspace using the "mark as spam" function. I don't have a "MySpace" these were received out of the blue in my mail. From connyank at cox.net Fri Mar 13 15:03:43 2009 From: connyank at cox.net (jg) Date: Fri Mar 13 15:05:08 2009 Subject: [Scspamcop] Odd school reports Message-ID: http://www.spamcop.net/sc?id=z2694946709zf4e96f30fc48e1d7c9ec8eac92fce557z Been getting these via my gmail account just about monthly. Funny thing, my younger brother is a teacher in the state of Conn for years but not at the school showing in the "reports". I sent him some copies to forward to his tech people but that seemed to just fly over their heads. My first thought was maybe someone got ahold of his address book but he claims never to have had my gmail addy. I may have sent him some correspondence in the past via google but if so it has been lost in O/S changes, AFAICT. Have reported via spamcop in the past but they keep coming. My current ISP seems involved as well but I can't figure out what is happening. In finally getting round to phoning the state, I've found all contacts listed in the ARIN base for 72.10.120.66 to be out of the office - maybe late lunch back there. So I thought I'd inquire here to check out the parsing and maybe forward a copy of the report to the Conn. education system. Any ideas? From tmcgraw at spamcop.net Fri Mar 13 15:22:31 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Mar 13 15:25:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: jg wrote: > http://www.spamcop.net/sc?id=z2694946709zf4e96f30fc48e1d7c9ec8eac92fce557z > > Been getting these via my gmail account just about monthly. > > > > So I thought I'd inquire here to check out the parsing and maybe forward > a copy of the report to the Conn. education system. > > Any ideas? I would not ding saavis for the k12.ncspearson.com link in the future. In fact, they may be able to help. They are (apparently) the company that designed the system they are using. From nobody at spamcop.net Fri Mar 13 16:45:34 2009 From: nobody at spamcop.net (Bar0) Date: Fri Mar 13 16:50:08 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "jg" wrote in message news:gpeamq$29l$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z2694946709zf4e96f30fc48e1d7c9ec8eac92fce557z > > Been getting these via my gmail account just about monthly. > > Funny thing, my younger brother is a teacher in the state of Conn for > years but not at the school showing in the "reports". > I sent him some copies to forward to his tech people but that seemed to > just fly over their heads. > My first thought was maybe someone got ahold of his address book but he > claims never to have had my gmail addy. I may have sent him some > correspondence in the past via google but if so it has been lost in O/S > changes, AFAICT. > Have reported via spamcop in the past but they keep coming. > My current ISP seems involved as well but I can't figure out what is > happening. > > In finally getting round to phoning the state, I've found all contacts > listed in the ARIN base for 72.10.120.66 to be out of the office - maybe > late lunch back there. > > So I thought I'd inquire here to check out the parsing and maybe forward > a copy of the report to the Conn. education system. > > Any ideas? Simple, the students parental email address was given as your gmail, or miscoded, said miscoding being the same as your address. From MikeE at ster.invalid Fri Mar 13 16:51:09 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 13 16:55:07 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: jg wrote: www.spamcop.net/sc?id=z2694946709zf4e96f30fc48e1d7c9ec8eac92fce557z > > Been getting these via my gmail account just about monthly. This appears to be an email from Lisa Schang to Catalina Baker concerning the math grades for Felicia Baker. It contains an html attachment which was b64 encoded. Spamcop mungeing prevents us from seeing how the item was To: addressed. Opening the html provides a detailed report card of sorts which also contains the teacher's email address and a link to the Brookfield Public School site. The teacher's email address is schangl brookfield.k12.ct.us and the item is sourced from 72.10.120.66 rDNS mail.brookfield.k12.ct.us I believe that the straightup missive is legitimate, not bogus, however mistaken it might have been sent. > I sent him some copies to forward to his tech people but that seemed to > just fly over their heads. I probably would've replied to the teacher that she's mailing/ reporting to/ the wrong addy. > Any ideas? -- Mike Easter kibitzer, not SC admin From Ag2000CO at Starband.net Fri Mar 13 17:41:30 2009 From: Ag2000CO at Starband.net (LKing) Date: Fri Mar 13 17:45:08 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: Bar0 wrote, On 3/13/2009 4:45 PM: > > Simple, the students parental email address was given as your gmail, or > miscoded, said miscoding being the same as your address. I had a similar experience, but by phone. A local high school uses an automated phone call to report to parents when a student is not in school. It took several calls to the school to get the phone number corrected. Based on the number of calls (and comments) I got the kid was quite the truant. From connyank at cox.net Fri Mar 13 17:44:00 2009 From: connyank at cox.net (jg) Date: Fri Mar 13 17:45:09 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 12:22 PM Tim McGraw scribbled: On 03/13/2009 12:22 PM Tim McGraw scribbled: >> >> >> So I thought I'd inquire here to check out the parsing and maybe forward >> a copy of the report to the Conn. education system. >> >> Any ideas? > > I would not ding saavis for the k12.ncspearson.com link in the future. > > In fact, they may be able to help. They are (apparently) the company > that designed the system they are using. maybe so - saavis' past spam reputation notwithstanding. Seems ashame that such a coincidence is nothing more - I was thinking hacked machine but could not see anything bad in the content. From connyank at cox.net Fri Mar 13 17:50:54 2009 From: connyank at cox.net (jg) Date: Fri Mar 13 17:55:06 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 01:45 PM Bar0 scribbled: >> >> Any ideas? > > Simple, the students parental email address was given as your gmail, or > miscoded, said miscoding being the same as your address. > could be but since my brother lives about 5 miles from said teachers school & works within the same school system and I'm out here in Calif., it doesn't seem so simple. Hadn't thought of emailing the teacher directly - I'll give it a try. If you're correct, what grade do we give the teacher (poor Felicia got 50% in multi facts)? From connyank at cox.net Fri Mar 13 18:08:20 2009 From: connyank at cox.net (jg) Date: Fri Mar 13 18:10:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 01:51 PM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z2694946709zf4e96f30fc48e1d7c9ec8eac92fce557z >> Been getting these via my gmail account just about monthly. > > This appears to be an email from Lisa Schang to Catalina Baker concerning > the math grades for Felicia Baker. It contains an html attachment which > was b64 encoded. Spamcop mungeing prevents us from seeing how the item > was To: addressed. it was addressed to /my/ gmail account address but the To was in fact Baker, Catalina - ya think they'd polish up the addressing to make it a bit more human > > Opening the html provides a detailed report card of sorts which also > contains the teacher's email address and a link to the Brookfield Public > School site. The teacher's email address is schangl > brookfield.k12.ct.us and the item is sourced from 72.10.120.66 rDNS > mail.brookfield.k12.ct.us saw that > > I believe that the straightup missive is legitimate, not bogus, however > mistaken it might have been sent. > > I probably would've replied to the teacher that she's mailing/ reporting > to/ the wrong addy. > OK, I've gone and done that - time will tell. Its a bit too much of a coincidence for me to swallow at first sight - as I've mentioned, my brother works within the same school system and lives less than 5 miles from the Brookfield school. I'm thinking hacked machine and chasing windmills all around. odd From connyank at cox.net Fri Mar 13 18:12:10 2009 From: connyank at cox.net (jg) Date: Fri Mar 13 18:15:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 02:41 PM LKing scribbled: > Bar0 wrote, On 3/13/2009 4:45 PM: >> Simple, the students parental email address was given as your gmail, or >> miscoded, said miscoding being the same as your address. > > I had a similar experience, but by phone. A local high school uses an > automated phone call to report to parents when a student is not in > school. It took several calls to the school to get the phone number > corrected. Based on the number of calls (and comments) I got the kid > was quite the truant. I'm beginning to thaw to the possibility - but my email handle isn't the type you would simply mis input so that possibility never occurred to me. From Ag2000CO at Starband.net Fri Mar 13 20:00:59 2009 From: Ag2000CO at Starband.net (LKing) Date: Fri Mar 13 20:05:08 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: jg wrote, On 3/13/2009 5:50 PM: > On 03/13/2009 01:45 PM Bar0 scribbled: > > > >>> Any ideas? >> Simple, the students parental email address was given as your gmail, or >> miscoded, said miscoding being the same as your address. >> > > could be but since my brother lives about 5 miles from said teachers > school & works within the same school system and I'm out here in Calif., > it doesn't seem so simple. > Hadn't thought of emailing the teacher directly - I'll give it a try. > > If you're correct, what grade do we give the teacher (poor Felicia got > 50% in multi facts)? 50% - that could explain a lot. I don't see any payload here. Email the teacher. stamps are cheap. From nobody at spamcop.net Fri Mar 13 20:32:47 2009 From: nobody at spamcop.net (bar0) Date: Fri Mar 13 20:35:08 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "jg" wrote in message news:gpelnq$t6p$2@news.spamcop.net... > On 03/13/2009 02:41 PM LKing scribbled: > >> Bar0 wrote, On 3/13/2009 4:45 PM: >>> Simple, the students parental email address was given as your gmail, or >>> miscoded, said miscoding being the same as your address. >> >> I had a similar experience, but by phone. A local high school uses an >> automated phone call to report to parents when a student is not in >> school. It took several calls to the school to get the phone number >> corrected. Based on the number of calls (and comments) I got the kid >> was quite the truant. > > I'm beginning to thaw to the possibility - but my email handle isn't the > type you would simply mis input so that possibility never occurred to me. The Kid , who may deliberately have filled a form with (he thought) a fake address or the parent may have thought the same thing. From nobody at spamcop.net Fri Mar 13 20:33:39 2009 From: nobody at spamcop.net (bar0) Date: Fri Mar 13 20:35:09 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "jg" wrote in message news:gpekg9$q6t$1@news.spamcop.net... > On 03/13/2009 01:45 PM Bar0 scribbled: > > > >>> >>> Any ideas? >> >> Simple, the students parental email address was given as your gmail, or >> miscoded, said miscoding being the same as your address. >> > > could be but since my brother lives about 5 miles from said teachers > school & works within the same school system and I'm out here in Calif., > it doesn't seem so simple. > Hadn't thought of emailing the teacher directly - I'll give it a try. > > If you're correct, what grade do we give the teacher (poor Felicia got > 50% in multi facts)? gmail addresses are generic made by the user and unlikely to indicate provenance by state. From nobody at spamcop.net Fri Mar 13 20:36:14 2009 From: nobody at spamcop.net (bar0) Date: Fri Mar 13 20:40:07 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "bar0" wrote in message news:gpeu16$jh5$1@news.spamcop.net... > > "jg" wrote in message > news:gpekg9$q6t$1@news.spamcop.net... >> On 03/13/2009 01:45 PM Bar0 scribbled: >> >> >> >>>> >>>> Any ideas? >>> >>> Simple, the students parental email address was given as your gmail, or >>> miscoded, said miscoding being the same as your address. >>> >> >> could be but since my brother lives about 5 miles from said teachers >> school & works within the same school system and I'm out here in Calif., >> it doesn't seem so simple. >> Hadn't thought of emailing the teacher directly - I'll give it a try. Birthday paradox. From nobody at spamcop.net Fri Mar 13 21:48:36 2009 From: nobody at spamcop.net (RandallW) Date: Fri Mar 13 21:50:08 2009 Subject: [Scspamcop] some spam not parsing proper Message-ID: Recently some of my spam has been giving the parser trouble; the headers seem to be sorted, but there's a barf when the body is checked for links. Here is the most recent example: http://www.spamcop.net/sc?id=z2696064187z3dcf0e3aed42190636e35b69a6496672z From connyank at cox.net Sat Mar 14 00:50:30 2009 From: connyank at cox.net (jg) Date: Sat Mar 14 00:55:08 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 05:33 PM bar0 scribbled: > gmail addresses are generic made by the user and unlikely to indicate > provenance by state. > > sorry, what does that mean? From connyank at cox.net Sat Mar 14 01:00:27 2009 From: connyank at cox.net (jg) Date: Sat Mar 14 01:05:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 05:36 PM bar0 scribbled: > Birthday paradox. > > your point exactly? don't recollect convening a math class... From connyank at cox.net Sat Mar 14 01:10:35 2009 From: connyank at cox.net (jg) Date: Sat Mar 14 01:15:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 05:32 PM bar0 scribbled: > "jg" wrote in message > news:gpelnq$t6p$2@news.spamcop.net... >> On 03/13/2009 02:41 PM LKing scribbled: >> >>> Bar0 wrote, On 3/13/2009 4:45 PM: >>>> Simple, the students parental email address was given as your gmail, or >>>> miscoded, said miscoding being the same as your address. >>> I had a similar experience, but by phone. A local high school uses an >>> automated phone call to report to parents when a student is not in >>> school. It took several calls to the school to get the phone number >>> corrected. Based on the number of calls (and comments) I got the kid >>> was quite the truant. >> I'm beginning to thaw to the possibility - but my email handle isn't the >> type you would simply mis input so that possibility never occurred to me. > > The Kid , who may deliberately have filled a form with (he thought) a fake > address or the parent may have thought the same thing. > > sheesh - lets see if any feedback occurs... From tmcgraw at spamcop.net Sat Mar 14 01:28:02 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Mar 14 01:30:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper In-Reply-To: References: Message-ID: RandallW wrote: > Recently some of my spam has been giving the parser trouble; the headers > seem to be sorted, but there's a barf when the body is checked for links. > Here is the most recent example: > > http://www.spamcop.net/sc?id=z2696064187z3dcf0e3aed42190636e35b69a6496672z That's a spamitem for college degrees with just a phone number and no links. From andrewb at zagam.net Sat Mar 14 06:45:28 2009 From: andrewb at zagam.net (Andrew Buckeridge) Date: Sat Mar 14 06:50:08 2009 Subject: [Scspamcop] Is insanity a valid defence for sending spam? Message-ID: <20090314194528.2653bbbf.andrewb@zagam.net> Winging Pom and ignorance or insanity defence. http://news.spamcop.net/pipermail/spamcop-mail/2004-December/014767.html The fact that Microsoft don't care about Idiot Exploiter should not be an excuse for continuing to use it. Responsible Microsoft users (if there is such a thing) will run Mozilla or something else. It is widespread vulnerabilities that spammers exploit. As most ISPs have an SMTP service for mail submission where they can run their reputation filters and apply their acceptable use policy I think that it is reasonable to list web proxies and dial up pools where vulnerabilities are found. I use Ian Gulliver's dsbltesters to protect our network and list any one including customers, suppliers, etc. without fear or favour when vulnerabilities are found. The fact that the Image Exploit could send an email proved that the system was vulnerable to relay. Is okay for some one to use vulnerable software on the Internet? If some thinks that it is okay to run vulnerable software on the Internet then I think that they are seriously deluded. As to weather this is due to mental illness or religious beliefs is something best left to psychiatrists. Extra-judicial fix? For non-Microsoft Internet users who would like to use email may want to take matters in to their own hands. I would suggest rendition for organ harvesting as a cost recovery strategy. Judicial fix? No. Under the mental health act they have to be a danger to themselves or others. This only harms the victim by trashing their INBOX. Running vulnerable systems on the Internet is a reckless act and it is the users of those vulnerable systems who should be punished if they damage other Internet users. In Australia intent must be proven or at least that the act was reckless. > CRIMES ACT 1900 - SECT 308E > Unauthorised impairment of electronic communication > 308E Unauthorised impairment of electronic communication > > (1) A person who: > > (a) causes any unauthorised impairment of electronic > communication to or from a computer, and > > (b) knows that the impairment is unauthorised, and > > (c) intends to impair electronic communication to or from the > computer, or who is reckless as to any such impairment, > > is guilty of an offence. > > Maximum penalty: Imprisonment for 10 years. Technology fix? The technology fix for this is for ISPs to provide separate IP pools for Microsoft users and volunteer those pools to a dial up list and name them in such a way as to indicate threat. The ISP should stop those pools from reaching SMTP. (I have found this very irritating with my laptop, but I can understand why responsible ISPs are now doing this.) http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt Uses domains like connection media followed by dyn.example.com or sta.example.com does not necessarily indicate bandwidth and therefore threat. It is the type of system behind the media that really indicates threat. The HINFO was the mechanism for this, but it is incomplete. Using the SI peak up baud rate like 33k, 64k, 768k, 2M, etc. would make more sense than obscure media names like OC3 (155M I presume). An ADSL G.lite PC user [A.B.C.D] would have PTR D.C.B.A.768k.dyn.ms.example.com A modem Unix user [A.B.C.D] would have PTR D.C.B.A.33k.dyn.x.example.com An Ethernet Unix user [A.B.C.D] would have PTR D.C.B.A.10M.sta.x.example.com A Fast Ethernet Unix user [A.B.C.D] would have PTR D.C.B.A.100M.sta.x.example.com An ADSL G.lite Classic Apple Mac (OS<10) user [A.B.C.D] would have PTR D.C.B.A.768k.dyn.am.example.com or as their OS is unsupported they could just be put in ms.example.com. From MikeE at ster.invalid Sat Mar 14 08:20:57 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 14 08:25:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: RandallW wrote: > Recently some of my spam has been giving the parser trouble; the headers > seem to be sorted, but there's a barf when the body is checked for > links. Here is the most recent example: > www.spamcop.net/sc?id=z2696064187z3dcf0e3aed42190636e35b69a6496672z The body doesn't contain any website links; payload is telno for this example; but I can see a problem with parsing these headers if there *were* a body URL, because SC doesn't see the body properly. Your mailserver has an interesting way of stamping its headers. Not only does it stamp the mailfrom, but also the rcptto/s, and curiously leaves the 'DATA' smtp transaction term in place, which it stamps not only unconventionally, but, more importantly, noncompliantly. The headers are supposed to be properly configured with fieldterms each of which is a string with no spaces followed by a colon and a space and then populated by the field value. No line should begin with anything but a fieldterm or leading whitespace where a long fieldvalue has wrapped. Your server puts a DATA line in there which is neither whitespace nor a proper fieldterm ending with a colon and a space. I suspect that is why SC is saying Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Mar 14 08:40:44 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 14 08:45:07 2009 Subject: [Scspamcop] Re: Is insanity a valid defence for sending spam? References: <20090314194528.2653bbbf.andrewb@zagam.net> Message-ID: Andrew Buckeridge wrote: > http://news.spamcop.net/pipermail/spamcop-mail/2004-December/014767.html I don't think that using a 2004 message posted into the spamcop.mail newsgroup is at all useful as an illustration for some point which you are trying to discuss; because I don't think that the 2004 configuration of whatever was the Internet Explorer behavior at the time, or how the site listme.dsbl.org behaved in 2004 -- which dsbl blocklist is now dead. >From the link: "I tested this further and yes, indeed, every time I loaded a page from dsbl.org into Internet Explorer, a new request to block my IP address was added." > As most ISPs have an SMTP service for mail submission where they can run > their reputation filters and apply their acceptable use policy I think > that it is reasonable to list web proxies and dial up pools where > vulnerabilities are found. Is this above the point you are trying to make? > I use Ian Gulliver's dsbltesters to protect our network and list any > one including customers, suppliers, etc. without fear or favour when > vulnerabilities are found. The fact that the Image Exploit could send > an email proved that the system was vulnerable to relay. >From the wikipedia: "DSBL is a dead RBL as of May 2008. Its administrators continued to run their authoritative nameservers for several months after their decommissioning announcement; as of March 9, 2009, even those servers are offline. At this point, using any *.dsbl.org lookups in an RBL check results in DNS failures and can even prevent an SMTP server from starting a conversation. Therefore it is highly recommended that mailserver administrators remove *.dsbl.org from their configurations." http://en.wikipedia.org/wiki/Distributed_Sender_Blackhole_List The wikipedia article goes on to explain how dsbl.org's list used to work when it was viable. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Mar 14 09:28:23 2009 From: nobody at spamcop.net (bar0) Date: Sat Mar 14 09:30:09 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "jg" wrote in message news:gpfd31$jmm$1@news.spamcop.net... > On 03/13/2009 05:33 PM bar0 scribbled: > > >> gmail addresses are generic made by the user and unlikely to indicate >> provenance by state. >> >> > sorry, what does that mean? > gmail addresses are created by the user, not by gmail using some algorithm, so, seen from the outside there is no set of rules by which we can judge where they might have come from. From nobody at spamcop.net Sat Mar 14 09:29:10 2009 From: nobody at spamcop.net (bar0) Date: Sat Mar 14 09:30:10 2009 Subject: [Scspamcop] Re: Odd school reports References: Message-ID: "jg" wrote in message news:gpfdlm$niq$1@news.spamcop.net... > On 03/13/2009 05:36 PM bar0 scribbled: > >> Birthday paradox. >> >> > your point exactly? > don't recollect convening a math class... It has to do with how you got lucky and are receiving this kids parental notices. From MikeE at ster.invalid Sat Mar 14 12:52:01 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 14 12:55:07 2009 Subject: [Scspamcop] Re: too many Links? References: Message-ID: posted to spamcop & .spam; fups to spamcop Bill wrote: > I'm pretty sure i saw this before, but i can't find the thread now, so > here you go > > http://www.spamcop.net/sc?id=z2697997156z52bab27533d38dfd6a0bbe250bf34115z > > still reports, but are spammers able to put so many links into their > spam that SC gives up on reporting the websites and because of that the > spammer's actual "spammed" order site or whatever would escape > reporting? Post discussion messages with a tracker (such as this one) into a discussion group like spamcop and not .spam. spamcop.spam is a dead group currently being used only for posting 'junk' -- such as once upon a time posting entire spams for discussion before the tracker became so useful for discussing entire spams. Consider/Assume that no one reads .spam. When I parse that spam using the tracker, SC sez Resolving link obfuscation http://provider.healthcare.cigna.com/ Host provider.healthcare.cigna.com (checking ip) = 208.242.14.233 host 208.242.14.233 = provider.healthcare.cigna.com (cached) http://news.google.com http://topics.nytimes.com/top/news/business/companies/ Host topics.nytimes.com (checking ip) = 199.239.137.224 host 199.239.137.224 (getting name) no name http://news.cnet.com/ Host news.cnet.com (checking ip) = 216.239.122.178 host 216.239.122.178 = c18-rb-gtm2-tron-xw-lb.cnet.com (cached) http://www.americanheart.org/presenter.jhtml?identifier=3011975 Host www.americanheart.org (checking ip) = 216.185.112.5 host 216.185.112.5 = vip1.heart.org (cached) http://www.uhc.com/find_a_physician.htm Host www.uhc.com (checking ip) = 168.183.130.45 host 168.183.130.45 = plymouth.uhc.com (cached) http://news.yahoo.com http://msnbc.msn.com/ Host msnbc.msn.com (checking ip) = 207.46.150.50 host 207.46.150.50 = msnbcenespanol.com (cached) http://www.hpso.com/ Host www.hpso.com (checking ip) = 198.65.118.134 host 198.65.118.134 (getting name) no name ... and the tracker sez that if reported today that reports would be sent to 6 addresses; but those so notified would not be spamvertisers. However, the tracker sez that the report was only sent to the source IP provider Reports regarding this spam have already been sent: Re: 77.35.136.162 (Administrator of network where email originates) It is commonplace for the parser to 'decide' to not deobfuscate body links because it has other more important things to do. In this case, many of the links are IBs innocent bystanders. Many SC reporters don't seem to know how to uncheck IBs. Many SC reporters should quickreport instead of regular report IMO. -- Mike Easter kibitzer, not SC admin From comicsnorwoodNOS at PAMgmail.com Sat Mar 14 15:16:47 2009 From: comicsnorwoodNOS at PAMgmail.com (Norwood) Date: Sat Mar 14 15:20:08 2009 Subject: [Scspamcop] Someone entering my email into "make money fast" sceme websites, Message-ID: Is this illegal? What actions can I take? From bcs1 at spamcop.net Sat Mar 14 15:43:13 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Mar 14 15:45:09 2009 Subject: [Scspamcop] Re: too many Links? References: Message-ID: "Mike Easter" wrote in message news:gpgnbd$q6o$1@news.spamcop.net... > posted to spamcop & .spam; fups to spamcop > > When I parse that spam using the tracker, SC sez > > > Resolving link obfuscation > http://provider.healthcare.cigna.com/ > Host provider.healthcare.cigna.com (checking ip) = 208.242.14.233 > host 208.242.14.233 = provider.healthcare.cigna.com (cached) > http://news.google.com > http://topics.nytimes.com/top/news/business/companies/ > Host topics.nytimes.com (checking ip) = 199.239.137.224 > host 199.239.137.224 (getting name) no name > http://news.cnet.com/ > Host news.cnet.com (checking ip) = 216.239.122.178 > host 216.239.122.178 = c18-rb-gtm2-tron-xw-lb.cnet.com (cached) > http://www.americanheart.org/presenter.jhtml?identifier=3011975 > Host www.americanheart.org (checking ip) = 216.185.112.5 > host 216.185.112.5 = vip1.heart.org (cached) > http://www.uhc.com/find_a_physician.htm > Host www.uhc.com (checking ip) = 168.183.130.45 > host 168.183.130.45 = plymouth.uhc.com (cached) > http://news.yahoo.com > http://msnbc.msn.com/ > Host msnbc.msn.com (checking ip) = 207.46.150.50 > host 207.46.150.50 = msnbcenespanol.com (cached) > http://www.hpso.com/ > Host www.hpso.com (checking ip) = 198.65.118.134 > host 198.65.118.134 (getting name) no name > > ... and the tracker sez that if reported today that reports would be sent > to 6 addresses; but those so notified would not be spamvertisers. > > However, the tracker sez that the report was only sent to the source IP > provider > > Reports regarding this spam have already been sent: > Re: 77.35.136.162 (Administrator of network where email originates) > > It is commonplace for the parser to 'decide' to not deobfuscate body links > because it has other more important things to do. > > In this case, many of the links are IBs innocent bystanders. Many SC > reporters don't seem to know how to uncheck IBs. Many SC reporters should > quickreport instead of regular report IMO. > > > > -- > Mike Easter > kibitzer, not SC admin > Yeah, I knew that there were IB's in it, and the original report didn't even show any but the ones the reports have already been sent to. also, knowing that there were some IB's in it, i was curious if the use of so many links was something spammers could use to choke SC and by virtue of that keep their own spamvertised site safe from reporting? just got another one too, shows two report addys for the source, (same source?) but no sign of the spamvertised website being reported because of all the IB's.. http://www.spamcop.net/sc?id=z2698615909zcf66451fcf6c5c064714118fc3131ae9z From connyank at cox.net Sat Mar 14 15:51:09 2009 From: connyank at cox.net (jg) Date: Sat Mar 14 15:55:07 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/14/2009 06:28 AM bar0 scribbled: > "jg" wrote in message > news:gpfd31$jmm$1@news.spamcop.net... >> On 03/13/2009 05:33 PM bar0 scribbled: >> >> >>> gmail addresses are generic made by the user and unlikely to indicate >>> provenance by state. >>> >>> >> sorry, what does that mean? >> > gmail addresses are created by the user, not by gmail using some algorithm, > so, seen from the outside there is no set of rules by which we can judge > where they might have come from. > > I think I understand that but thats not where I meant to be going. From Ag2000CO at Starband.net Sat Mar 14 16:04:21 2009 From: Ag2000CO at Starband.net (LKing) Date: Sat Mar 14 16:05:08 2009 Subject: [Scspamcop] Re: Someone entering my email into "make money fast" sceme websites, In-Reply-To: References: Message-ID: [Norwood] wrote, On 3/14/2009 3:16 PM: > Is this illegal? > > What actions can I take? Sorry I'm not really sure I understand what you mean. There are several ways your subject could be interpreted. Are "they" putting your email in the FROM:, Return-TO:, Reply-Path:, or are they entering your email "into" the websites? How do you know? Lou From MikeE at ster.invalid Sat Mar 14 16:07:39 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 14 16:10:08 2009 Subject: [Scspamcop] Re: too many Links? In-Reply-To: References: Message-ID: Bill wrote: > "Mike Easter" >> ... and the tracker sez that if reported today that reports would be sent >> to 6 addresses; > i was curious if the use of > so many links was something spammers could use to choke SC and by virtue of > that keep their own spamvertised site safe from reporting? SC will 'gag' on too many links, as in the current tracker. www.spamcop.net/sc?id=z2698615909zcf66451fcf6c5c064714118fc3131ae9z But I wouldn't spend too much time trying to 'read the mind' of a spam process. The basis behind too many links is more likely to simply be social engineering the body content rather than trying to choke SC. -- Mike Easter From MikeE at ster.invalid Sat Mar 14 16:26:31 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 14 16:30:08 2009 Subject: [Scspamcop] Re: Someone entering my email into "make money fast" sceme websites, In-Reply-To: References: Message-ID: [Norwood] wrote: Subject: Someone entering my email into "make money fast" sceme websites, > Is this illegal? No, more like a 'dirty trick'. > What actions can I take? It depends. Maybe none. It depends on whether or not your adversary has left any tracks. The last time some online adversary - someone I annoyed in a newsgroup - was attacking me with a dirty trick, I was showing a good address in my newsgroup eply-To; so he used that address to bogus subscribe me to a number of gay and lesbian mailing lists. However, the mailing list managers hadn't just fallen off the turnip truck. Many of them sent a confirmation letter, along with the IP address of the entity which had subscribed me. I was able to determine the newsgroup conflict which had resulted in the bogus subscriptions and which newsgroup adversary had the IP address corresponding to the mailing list subscriptions -- that is, the adversary had been posting to a newsserver provided by his online connectivity provider and which provider stamped an NPH nntp posting host line. Thus I was able to notify his provider of his actions on the basis of both which message id/s as well as IP address had been bogus subscribing me, with the evidence of the bogus subscription confirmation letter. As a general rule, since your issue is unlikely to unfold that way, I would recommend just ignoring the issue and defending yourself against FFA free for all spam consequences of the bogus MMF subscribing. I also recommend being 'nice' on the internet so that you don't make many enemies who feel like pulling dirty tricks on you. Also, I recommend against starting a message by typing in the subject. A message should be created by creating the message body first, using only unambiguous complete sentences. Then the subject should be created by giving the messagebody a very very brief title. A respondent shouldn't have to paste your subject into the body for context, as I did. The subject is not a part of the body ie not a part of the message content itself. -- Mike Easter From V at nguard.LH Sat Mar 14 18:18:47 2009 From: V at nguard.LH (VanguardLH) Date: Sat Mar 14 18:20:08 2009 Subject: [Scspamcop] Re: Is insanity a valid defence for sending spam? References: <20090314194528.2653bbbf.andrewb@zagam.net> Message-ID: Andrew Buckeridge wrote: > Winging Pom and ignorance or insanity defence. > > http://news.spamcop.net/pipermail/spamcop-mail/2004-December/014767.html Read faster or skip some articles. You're still over 4 years behind. From nobody at spamcop.net Sat Mar 14 20:00:03 2009 From: nobody at spamcop.net (RandallW) Date: Sat Mar 14 20:00:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: "Mike Easter" wrote in message news:gpg7f5$560$1@news.spamcop.net... > > www.spamcop.net/sc?id=z2696064187z3dcf0e3aed42190636e35b69a6496672z > > The body doesn't contain any website links; payload is telno for this > example; but I can see a problem with parsing these headers if there > *were* a body URL, because SC doesn't see the body properly. > > Your mailserver has an interesting way of stamping its headers. > > Not only does it stamp the mailfrom, but also the rcptto/s, and curiously > leaves the 'DATA' smtp transaction term in place, which it stamps not only > unconventionally, but, more importantly, noncompliantly. > > The headers are supposed to be properly configured with fieldterms each of > which is a string with no spaces followed by a colon and a space and then > populated by the field value. No line should begin with anything but a > fieldterm or leading whitespace where a long fieldvalue has wrapped. > > Your server puts a DATA line in there which is neither whitespace nor a > proper fieldterm ending with a colon and a space. > > I suspect that is why SC is saying > > > Parsing text part > error: couldn't parse head > Message body parser requires full, accurate copy of message > More information on this error.. > no links found > > > -- > Mike Easter > kibitzer, not SC admin > > An antivirus proggy ( on my computer, not the sending computer ) doesn't change or modify headers, right? I haven't seen that DATA bit in headers of spam until the past month and a half, which sort of coincides with my antivirus being replaced with another brand ( Panda ). From MikeE at ster.invalid Sun Mar 15 02:01:31 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 15 02:05:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: RandallW wrote: > "Mike Easter" >> Your mailserver has an interesting way of stamping its headers. > An antivirus proggy ( on my computer, not the sending computer ) doesn't > change or modify headers, right? I haven't seen that DATA bit in > headers of spam until the past month and a half, which sort of > coincides with my antivirus being replaced with another brand ( Panda ). This condition appears to me to be caused by how the/your mailserver is being admin/ed. I looked for an old tracker of yours posted 2008 Nov to compare, but the SC db didn't have it. This header has a qmqp stamp; I don't recall that, but I might not have noticed before if the headers weren't funky like this. 2008 Nov tracker http://www.spamcop.net/sc?id=z2415693959z95803a0d5038711d07eae391feb2f8c5z http://cr.yp.to/proto/qmqp.html Quick Mail Queueing Protocol wiki - Quick Mail Queuing Protocol (QMQP) is a network protocol designed to share e-mail queues between several hosts. It is designed and implemented by Daniel J. Bernstein in qmail. Whoever is admin/ing that server doesn't leave any evidence in the headers of what the mailserver's name or IP address is, simply calling itself by variations of localnet and internal IP. -- Mike Easter kibitzer, not SC admin From user at domain.invalid Sun Mar 15 05:04:27 2009 From: user at domain.invalid (Farelf) Date: Sun Mar 15 05:05:10 2009 Subject: [Scspamcop] Re: some spam not parsing proper In-Reply-To: References: Message-ID: RandallW wrote: > > An antivirus proggy ( on my computer, not the sending computer ) doesn't > change or modify headers, right? I haven't seen that DATA bit in headers of > spam until the past month and a half, which sort of coincides with my > antivirus being replaced with another brand ( Panda ). > Like Mike says in his reply. Here is another example of this pesky construction, even worse (possibly/probably due to something in attglobal.net/prserv.net forwarding to iinet.net.au?), mailed submissions break in the header but pasted-in don't. Still doesn't pick up the body though (and there were some links in some of these, but only throw-away Chinese auto-registered). AV was NIS (Norton/Symantec). Same spam handled each way: http://www.spamcop.net/sc?id=z2581127020zaa2a53869e753c814c39262c79fb416ez http://www.spamcop.net/sc?id=z2581137306zc89e397fbda15a686bbedeb6681bb4baz Other examples in: http://forum.spamcop.net/forums/index.php?showtopic=10066 (linear post 12). Never did figure out exactly what stopped the body from parsing (as an intellectual exercise - but the intellect was unequal to the task ). Looked at the obvious mime boundary lines (apparent early termination), the "Data(s)" in the header without colon, combination of both - nothing worked. Anyway, lots more examples, different handling to yours, same result. From MikeE at ster.invalid Sun Mar 15 10:30:40 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 15 10:35:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: Farelf wrote: > Here is another example of this pesky > construction, Yours isn't qmail qmqp like RandallW's, but it does have the common feature of being a qmail-ldap. > Never did figure out exactly what stopped the body from parsing (as an > intellectual exercise - but the intellect was unequal to the task ). I was too lazy to do a full experimental reconstruction of RandallW's to suit an idealized model. Besides taking out the bad DATA line, I would've/could've made a body to match the content-type of the header which body contained a link to find. Simply taking out the DATA line and putting in a link without delimiters didn't work. > Looked at the obvious mime boundary lines (apparent early > termination), the "Data(s)" in the header without colon, combination of > both - nothing worked. Anyway, lots more examples, different handling > to yours, same result. -- Mike Easter kibitzer, not SC admin From user at domain.invalid Sun Mar 15 11:58:24 2009 From: user at domain.invalid (Farelf) Date: Sun Mar 15 12:00:09 2009 Subject: [Scspamcop] Re: some spam not parsing proper In-Reply-To: References: Message-ID: Mike Easter wrote: > I was too lazy to do a full experimental reconstruction of RandallW's to > suit an idealized model. Besides taking out the bad DATA line, I > would've/could've made a body to match the content-type of the header > which body contained a link to find. Simply taking out the DATA line and > putting in a link without delimiters didn't work. > Hey, that's cheating! But no, that didn't work, at least my attempt just now didn't: http://www.spamcop.net/sc?id=z2701334412z753c5d7ffcc8e873063767e8c4c3ef05z From MikeE at ster.invalid Sun Mar 15 13:23:39 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 15 13:25:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: Farelf wrote: > Mike Easter wrote: > >> I was too lazy to do a full experimental reconstruction of RandallW's >> to suit an idealized model. Besides taking out the bad DATA line, I >> would've/could've made a body to match the content-type of the header >> which body contained a link to find. Simply taking out the DATA line >> and putting in a link without delimiters didn't work. >> > > Hey, that's cheating! But no, that didn't work, at least my attempt > just now didn't: > > http://www.spamcop.net/sc?id=z2701334412z753c5d7ffcc8e873063767e8c4c3ef05z Oh, I get it. The mailfrom/rcptto 'header' fieldnames have spaces. No good. Here's yours with the spaces fixed http://www.spamcop.net/sc?id=z2701609321z92476753409af1558719d1f33930d12cz SC finds the/your link but couldn't resolve it when I parsed it: Finding links in message body Parsing HTML part Resolving link obfuscation http://aadjaea.cn Host aadjaea.cn (checking ip) IP not found ; aadjaea.cn discarded as fake. Host aadjaea.cn (checking ip) IP not found ; aadjaea.cn discarded as fake. Tracking link: http://aadjaea.cn/ [report history] Cannot resolve http://aadjaea.cn/ RandallW's doesn't have a link in it, but fixing the spaces will at least get an examination of the body: http://www.spamcop.net/sc?id=z2701620883z5cbb8cf84555bae513b892c4369a8011z Fixed with space elimination for mailfrom/rcptto and colon for data: http://www.spamcop.net/sc?id=z2701620883z5cbb8cf84555bae513b892c4369a8011z Finding links in message body Recurse multipart: Parsing text part Parsing HTML part No html links found, trying text parse no links found -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Mar 15 18:33:26 2009 From: nobody at spamcop.net (RandallW) Date: Sun Mar 15 18:35:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: Only a small amout of my spam has the problem. Is it a result because some spam has CC addresses and others have BCCs? Or am I completely off? From MikeE at ster.invalid Sun Mar 15 21:21:03 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 15 21:25:07 2009 Subject: [Scspamcop] Re: some spam not parsing proper References: Message-ID: RandallW wrote: > Only a small amout of my spam has the problem. Is it a result because > some spam has CC addresses and others have BCCs? Or am I completely > off? It looks to me like there are/ may be/ 2 different servers: Received: (qmail 4013 invoked from network ... Received: ... by eros.localnet.sys (qmail-ldap-1.03) with QMQP... Delivered-To: CLUSTERHOST inbound10.localnet.com x Received: (qmail 25462 invoked from network) ... Received: ... by inbound10.localnet.com (qmail-ldap-1.03) with SMTP... If there /are/ two servers, the suspect is that bottom one; its last two lines above. If you are inclined to compare headers for whether or not they contain the bad smtp transaction lines DATA, MAIL FROM, and RCPT TO, you might compare whether or not the good ones vs the bad ones contain the elements of the last two lines above. -- Mike Easter kibitzer, not SC admin From user at domain.invalid Mon Mar 16 01:35:07 2009 From: user at domain.invalid (Farelf) Date: Mon Mar 16 01:35:08 2009 Subject: [Scspamcop] Re: some spam not parsing proper In-Reply-To: References: Message-ID: Mike Easter wrote: > > Oh, I get it. The mailfrom/rcptto 'header' fieldnames have spaces. No > good. > > Here's yours with the spaces fixed > http://www.spamcop.net/sc?id=z2701609321z92476753409af1558719d1f33930d12cz Well, I'll be darned, I never noticed those blanks (and I do, or used to, know their effect) - thanks! > > SC finds the/your link but couldn't resolve it when I parsed it: > > Finding links in message body > Parsing HTML part > Resolving link obfuscation > http://aadjaea.cn > Host aadjaea.cn (checking ip) IP not found ; aadjaea.cn discarded as > fake. > Host aadjaea.cn (checking ip) IP not found ; aadjaea.cn discarded as > fake. > Tracking link: http://aadjaea.cn/ > [report history] > Cannot resolve http://aadjaea.cn/ Not surprised - all the hallmarks of the .cn auto-registry service industry being behind that 'domain'. You pays your $140 per thousand (last time I looked, further discounts for *real* volumes no doubt) and spam like mad with the links. That link was used a month ago, definitely NXD now, if it ever was 'live'**. I just changed the dates in the manufactured version of the spam to minimize red photons. **But I sometimes think the perpetrators get a little out of sync, linking with nothing in place. Or maybe they actually do get closed down PDQ. Nah, I don't believe the latter. > > RandallW's doesn't have a link in it, but fixing the spaces will at least > get an examination of the body: > > http://www.spamcop.net/sc?id=z2701620883z5cbb8cf84555bae513b892c4369a8011z > > Fixed with space elimination for mailfrom/rcptto and colon for data: > > http://www.spamcop.net/sc?id=z2701620883z5cbb8cf84555bae513b892c4369a8011z > > Finding links in message body > Recurse multipart: > Parsing text part > Parsing HTML part > No html links found, trying text parse > no links found > > Yes, I am sure if there was anything with current DNS records, SC would have a good shot at resolving it. From MikeE at ster.invalid Mon Mar 16 09:13:55 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 16 09:15:08 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... References: Message-ID: Borgholio wrote: > GREAT AMAL HAMZAAD Instead of being bemused by the content/reading of your spam; if you are going to be interested in it, it seems to me that you should be interested in the source process -- because that may tell you whether the item is sourced straightup or by a spam machine proxy bot. > CONTACT . Mohammed Abdul Rahman ... also the pseudonym of an important gitmo cagee, Tunisian Lufti Bin Ali > Tel; 234 803-064-9883 I don't understand this telno's intent. After you dial the international access code, 234 will get you Nigeria, but .ng doesn't have an 803 area code, and the .ng areacode + telno are supposed to total 8 digits, not 10. > EMAIL mohammedraman4@yahoo.com > Note: send a text message to telephone number 234 803-064-9883 by > stating your name and your email address, or you call If you don't access international, area 234 is some cities in Ohio, but the prefix 803 doesn't work there (the idea being to throw away the last 3 digits if it did). A googlewebsearch on the number just gets you a website posting of this same content in Jan 9 at http://www.justlanded.com/deutsch/Dubai/Foren/Business/Manpower-Supply There are also several websites promoting the magic of the great amal hamzaad; as well as people posting their spam. -- Mike Easter kibitzer, not SC admin From connyank at cox.net Mon Mar 16 11:21:46 2009 From: connyank at cox.net (jg) Date: Mon Mar 16 11:25:08 2009 Subject: [Scspamcop] Re: Odd school reports In-Reply-To: References: Message-ID: On 03/13/2009 01:51 PM Mike Easter scribbled: > > I probably would've replied to the teacher that she's mailing/ reporting > to/ the wrong addy. > >> Any ideas? Your idea was the correct one, which I did. Am sitting here now feeling kinda stupid - I was so convinced my bro's box had been hacked and was running amuck within the Conn. school system, I was blinded to the simple fact of incorrect input (my email nym is nowhere near a real name). Others in the thread went further, implying misadventure by parent/child, another possibility I never considered. Anyway, the teach replied laughing, saying she'd get it fixed. Guess the parents didn't care about getting reports - too bad. From borgholio at storymind.com Mon Mar 16 12:44:42 2009 From: borgholio at storymind.com (Borgholio) Date: Mon Mar 16 12:45:09 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... In-Reply-To: References: Message-ID: Mike Easter wrote: > Borgholio wrote: >> GREAT AMAL HAMZAAD > > Instead of being bemused by the content/reading of your spam; if you are > going to be interested in it, it seems to me that you should be interested > in the source process -- because that may tell you whether the item is > sourced straightup or by a spam machine proxy bot. > Meh, no not really. Spam is spam to me, I simply found the subject and content amusing. From MikeE at ster.invalid Mon Mar 16 13:00:55 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 16 13:05:07 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... References: Message-ID: Borgholio wrote: > Mike Easter wrote: >> Borgholio wrote: >>> GREAT AMAL HAMZAAD >> >> Instead of being bemused by the content/reading of your spam; if you >> are going to be interested in it, it seems to me that you should be >> interested in the source process -- because that may tell you whether >> the item is sourced straightup or by a spam machine proxy bot. >> > > Meh, no not really. Spam is spam to me, I simply found the subject and > content amusing. I think I'm arguing that - IMO - spambodyreading is (usually) silly; spamheader reading is (sometimes) informative. You give us your spambody - 'see what I've been reading' - and I say, "Where's the beef (headers)?" ...or, said another way, if you would feed the complete spam into the parser and give us a tracker instead of pasting just a spambody into .spam, then those who 'like to' read spambodies could read the spambody, and those who 'prefer to' read the headers could do so. A spam 'object' (for study or discussion) is not just a spambody, it is the whole enchilada. -- Mike Easter kibitzer, not SC admin From garagekeeper at hotmail.com Mon Mar 16 15:13:34 2009 From: garagekeeper at hotmail.com (mjj) Date: Mon Mar 16 15:15:08 2009 Subject: [Scspamcop] Re: Is insanity a valid defence for sending spam? References: <20090314194528.2653bbbf.andrewb@zagam.net> Message-ID: Responsible users don't surf the net run with Admin privileges or do motorcycles stunts without helmets. Have you been doing either or both of these? MylesJ "Andrew Buckeridge" wrote in message news:20090314194528.2653bbbf.andrewb@zagam.net... > Winging Pom and ignorance or insanity defence. > > http://news.spamcop.net/pipermail/spamcop-mail/2004-December/014767.html > > The fact that Microsoft don't care about Idiot Exploiter should not > be an excuse for continuing to use it. Responsible Microsoft users (if > there is such a thing) will run Mozilla or something else. > > It is widespread vulnerabilities that spammers exploit. > > As most ISPs have an SMTP service for mail submission where they can run > their reputation filters and apply their acceptable use policy I think > that it is reasonable to list web proxies and dial up pools where > vulnerabilities are found. > > I use Ian Gulliver's dsbltesters to protect our network and list any > one including customers, suppliers, etc. without fear or favour when > vulnerabilities are found. The fact that the Image Exploit could send > an email proved that the system was vulnerable to relay. > > Is okay for some one to use vulnerable software on the Internet? > > If some thinks that it is okay to run vulnerable software on the > Internet then I think that they are seriously deluded. As to weather > this is due to mental illness or religious beliefs is something best > left to psychiatrists. > > Extra-judicial fix? > > For non-Microsoft Internet users who would like to use email may want > to take matters in to their own hands. I would suggest rendition for > organ harvesting as a cost recovery strategy. > > Judicial fix? No. > > Under the mental health act they have to be a danger to themselves or > others. This only harms the victim by trashing their INBOX. > > Running vulnerable systems on the Internet is a reckless act and it is > the users of those vulnerable systems who should be punished if they > damage other Internet users. In Australia intent must be proven or at > least that the act was reckless. > >> CRIMES ACT 1900 - SECT 308E >> Unauthorised impairment of electronic communication >> 308E Unauthorised impairment of electronic communication >> >> (1) A person who: >> >> (a) causes any unauthorised impairment of electronic >> communication to or from a computer, and >> >> (b) knows that the impairment is unauthorised, and >> >> (c) intends to impair electronic communication to or from the >> computer, or who is reckless as to any such impairment, >> >> is guilty of an offence. >> >> Maximum penalty: Imprisonment for 10 years. > > Technology fix? > > The technology fix for this is for ISPs to provide separate IP pools for > Microsoft users and volunteer those pools to a dial up list and name > them in such a way as to indicate threat. > > The ISP should stop those pools from reaching SMTP. (I have found this > very irritating with my laptop, but I can understand why responsible > ISPs are now doing this.) > > http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt > > Uses domains like connection media followed by dyn.example.com or > sta.example.com does not necessarily indicate bandwidth and therefore > threat. It is the type of system behind the media that really indicates > threat. The HINFO was the mechanism for this, but it is incomplete. > > Using the SI peak up baud rate like 33k, 64k, 768k, 2M, etc. would make > more sense than obscure media names like OC3 (155M I presume). > > An ADSL G.lite PC user [A.B.C.D] would have > PTR D.C.B.A.768k.dyn.ms.example.com > > A modem Unix user [A.B.C.D] would have > PTR D.C.B.A.33k.dyn.x.example.com > > An Ethernet Unix user [A.B.C.D] would have > PTR D.C.B.A.10M.sta.x.example.com > > A Fast Ethernet Unix user [A.B.C.D] would have > PTR D.C.B.A.100M.sta.x.example.com > > An ADSL G.lite Classic Apple Mac (OS<10) user [A.B.C.D] would have > PTR D.C.B.A.768k.dyn.am.example.com > or as their OS is unsupported they could just be put in ms.example.com. From blacklist-me at davjam.org Mon Mar 16 20:24:16 2009 From: blacklist-me at davjam.org (David Bolt) Date: Mon Mar 16 20:30:08 2009 Subject: [Scspamcop] Another truncated abuse address: info-tel.net Message-ID: The parser is still truncating addresses with a hyphen in the domain name. The tracker below shows it picking abuse@info-tel.net and then deciding to use abuse@info: Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s | openSUSE 10.3 32b | openSUSE 11.0 32b | openSUSE 10.2 64b | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b TOS 4.02 | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 From nobody at devnull.spamcop.net Mon Mar 16 21:47:48 2009 From: nobody at devnull.spamcop.net (Patto) Date: Mon Mar 16 21:50:07 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... In-Reply-To: References: Message-ID: Mike Easter wrote: > Borgholio wrote: >> GREAT AMAL HAMZAAD > > Instead of being bemused by the content/reading of your spam; if you are > going to be interested in it, it seems to me that you should be interested > in the source process -- because that may tell you whether the item is > sourced straightup or by a spam machine proxy bot. What is this whole thing about...? From MikeE at ster.invalid Mon Mar 16 22:19:42 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 16 22:20:08 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... References: Message-ID: Patto wrote: > Mike Easter wrote: >> Borgholio wrote: >>> GREAT AMAL HAMZAAD >> >> Instead of being bemused by the content/reading of your spam; if you >> are going to be interested in it, it seems to me that you should be >> interested in the source process -- because that may tell you whether >> the item is sourced straightup or by a spam machine proxy bot. > > What is this whole thing about...? See spambody in .spam news://news.spamcop.net/gpkveh$g35$1@news.spamcop.net Naturally I would rather have a tracker. For Borgholio: How to make a tracker: 1 select and obtain the complete spam 2 privatize the header&body content 3 webparse it & copy the tracking URL 4 cancel the report & paste the tracker in here 1 ... in the manner described by the SC faq http://www.spamcop.net/fom-serve/cache/19.html How do I get my email program to reveal the full, unmodified email? 2 ... by modestly and unambiguously mungeing any private information you don't want to expose, such as your name or email address which might appear anywhere in the header or body. Avoid excessive or confusing mungeing. 3 login to the SC webparser, paste in the spam, and click Process Spam button; then copy the tracking URL from the top 'Here is your TRACKING URL' of the appearance http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez 4 ... after parsing, the report is 'live' until the cancel button is used. After cancelling the tracker disappears; the munged spam report should be cancelled because it has been materially changed and because you don't want to leave a tracker live. -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Mon Mar 16 23:18:56 2009 From: borgholio at storymind.com (Borgholio) Date: Mon Mar 16 23:20:08 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... In-Reply-To: References: Message-ID: Mike Easter wrote: > Patto wrote: >> Mike Easter wrote: >>> Borgholio wrote: >>>> GREAT AMAL HAMZAAD >>> Instead of being bemused by the content/reading of your spam; if you >>> are going to be interested in it, it seems to me that you should be >>> interested in the source process -- because that may tell you whether >>> the item is sourced straightup or by a spam machine proxy bot. >> What is this whole thing about...? > > See spambody in .spam > news://news.spamcop.net/gpkveh$g35$1@news.spamcop.net > > Naturally I would rather have a tracker. > Since you are curious, here ya go: http://www.spamcop.net/sc?id=z2706460359ze5920f1cd2b7150f78d69ae0beac0587z From MikeE at ster.invalid Tue Mar 17 04:50:47 2009 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 17 04:55:08 2009 Subject: [Scspamcop] Re: The Great Hamzaad? Umm... References: Message-ID: Borgholio wrote: > Mike Easter wrote: >> Naturally I would rather have a tracker. >> > > Since you are curious, here ya go: > www.spamcop.net/sc?id=z2706460359ze5920f1cd2b7150f78d69ae0beac0587z Thanks. Not sourced from a proxybot, but instead from a .fr mail provider often seen as a source in sightings. It may have come from this webmailer http://webmail.ovh.net/ Apparently it allows emailing as anonymous@ns2541.ovh.net Don't forget to cancel your tracker report - done. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Mar 17 11:36:46 2009 From: nobody at spamcop.net (Ellen) Date: Tue Mar 17 11:40:08 2009 Subject: [Scspamcop] Scheduled Maintenance Thursday March 19, 2009 Message-ID: The maintenance has been rescheduled from today to Thursday. I do not have the exact time yet -- I will update you when I do. Please propagate as needed. Ellen SpamCop From MikeE at ster.invalid Tue Mar 17 12:37:50 2009 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 17 12:40:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 19, 2009 References: Message-ID: Ellen wrote: > The maintenance has been rescheduled from today to Thursday. I do not > have the exact time yet -- I will update you when I do. > > Please propagate as needed. Please announce the schedule for the debate on the time format of the maintenance announcement as soon as possible. I want to get some popcorn. :-) -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Mar 17 14:57:38 2009 From: nobody at spamcop.net (Ellen) Date: Tue Mar 17 15:00:07 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 19, 2009 In-Reply-To: References: Message-ID: Mike Easter wrote: > > Please announce the schedule for the debate on the time format of the > maintenance announcement as soon as possible. I want to get some popcorn. > > :-) > > > rotfl -- I was thinking about that as I posted :-) E From nobody at spamcop.net Wed Mar 18 01:13:03 2009 From: nobody at spamcop.net (RW) Date: Wed Mar 18 01:15:08 2009 Subject: [Scspamcop] Re: Another truncated abuse address: info-tel.net In-Reply-To: References: Message-ID: David Bolt wrote: > The parser is still truncating addresses with a hyphen in the domain > name. The tracker below shows it picking abuse@info-tel.net and then > deciding to use abuse@info: > > > > > Regards, > David Bolt > This one has already been fixed, but the abuse address bounces: Cached whois for 194.126.173.20 : abuse@info abuse@info-tel.net bounces (8 sent : 7 bounces) Using best contacts No reporting addresses found for 194.126.173.20, using devnull for tracking. Remote-MTA: dns; [157.158.2.47] Diagnostic-Code: smtp; 5.4.7 - Delivery expired (message too old) [Default] 450-'4.1.1 : Recipient address rejected: undeliverable address: unknown user: "abuse"' (delivery attempts: 52) Richard From nobody at spamcop.net Wed Mar 18 01:17:21 2009 From: nobody at spamcop.net (RW) Date: Wed Mar 18 01:20:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 19, 2009 In-Reply-To: References: Message-ID: Ellen wrote: > Mike Easter wrote: > >> >> Please announce the schedule for the debate on the time format of the >> maintenance announcement as soon as possible. I want to get some >> popcorn. >> >> :-) >> >> >> > > rotfl -- I was thinking about that as I posted :-) They must luvya since nobody picked on my time posting. That, or they know it'll be a month before I'm back to read the replies ;-) Anyhow, it's been announced it'll be 1400 PDT. Same time, same place, just different day. Richard From nobody at spamcop.net Thu Mar 19 15:27:06 2009 From: nobody at spamcop.net (Ellen) Date: Thu Mar 19 15:30:08 2009 Subject: [Scspamcop] Cancelled: SpamCop 4.5.0-084 Release Message-ID: This maintenance is going to be rescheduled. I do not have a new date/time yet. Subject: SpamCop 4.5.0-084 Release Ellen SpamCop From nobody at devnull.spamcop.net Thu Mar 19 19:54:09 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Thu Mar 19 19:55:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 19, 2009 References: Message-ID: "RW" wrote in message news:gpq051$sjd$2@news.spamcop.net... > Ellen wrote: >> Mike Easter wrote: >> >>> Please announce the schedule for the debate on the time format >>> of the >>> maintenance announcement as soon as possible. I want to get >>> some popcorn. >>> >>> :-) >> rotfl -- I was thinking about that as I posted :-) > > They must luvya since nobody picked on my time posting. That, or > they know it'll be a month before I'm back to read the replies ;-) > > Anyhow, it's been announced it'll be 1400 PDT. Same time, same > place, just different day. For a bit of explanation, history, whatever ... the great debate usually comes up when the time is offered as 1400 PDT (-0700) .... leaving folks to wonder if they are supposed to subtract/add 7 hours from/to the 1400 or the PDT in trying to figure out just what their 'local' time offset might end up being ... (just noting that not all folks in the world recognize just what that PDT stands for) From MikeE at ster.invalid Fri Mar 20 21:16:52 2009 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 20 21:20:08 2009 Subject: [Scspamcop] Re: Just how black is xo.com's hat? References: Message-ID: Chris Schram wrote: www.spamcop.net/sc?id=z2715465517z28afa83e1f0cc50419d72104c5318d0z www.spamcop.net/sc?id=z2715465196z1ed691ddf7325d5b886afec696ffa80z www.spamcop.net/sc?id=z2715464475z79c6e403133cf66261d48ec954fde86z None of those trackers loaded for me. SC sez: Failed to load spam header: ... for all 3. > I'm setting a nice steady stream of spam that QuickReports back to > abuse@xo.com. All or most of these messages have my spamcatcher address > in the Subject line. This is the address I use for all my Usenet > postings. (I hardly ever read spam, so I don't know what similarity > there is in the content.) Since I can't see any of the spam, I don't know the nature of the sourcing. It is common practice for many providers to not remedy user IPs which are sourcing, such as proxies. > I'm wondering why SpamCop even bothers to send reports to these guys. > They don't appear to be repentant in the least. Are you able to make the trackers work for you, or are they trackers which are 'stale' and old? Just commenting 'in the blind' - absent any spam evidence I can see - the way I would comment on XO would be to use spamhaus as a reference. You can look up the providers for any country. spamhaus sez this about xo Found 13 SBL listings for IPs under the responsibility of xo.com Then I look at the nature of the listings, for large blocks and for ROKSO spamgangs. For xo, all but 2 are largish blocks, 2 /22, 2 /23, 2 /24, 1 /25, 2 /27, 1 /28 and the 2 /32 singletons. Of those there are two blocks for rokso/s which are a /24 and a /27 which have been so blocked since '08 Nov & '09 Jan -- where the rokso is Peter Greenwood. Then, if you like to look at spamhaus' database on Greenwood, it is here http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Peter%20Greenwo od If you use that spamhaus link, you can follow the links around to see his other listings besides those with xo. If you read my opinions around here about how SC should notify, I'm of the opinion that the default mode should be to not notify unless a provider has asked SC to notify them. I especially think that should be the case for spamvertisers. I might configure differently about the sources. In all cases I would have the reporter 'control' whether or not s/he wanted hir default to be to notify or not notify; so for example a person could be a regular reporter who didn't notify spamvertiser providers, but the default was to notify source providers unless the reporter unchecked the notify -- which a reporter might choose to do for xo. Or, a reporter could opt to not notify any provider, unless that provider had arranged with spamcop to be notified. By my model, the source IPs would be fed to the SCbl and the website would not be resolved to an IP, but instead the website would by default be fed into the system that results in the sc-surbl blocklist. -- Mike Easter kibitzer, not SC admin From NowhereMan at nowhereland.com Sat Mar 21 00:03:46 2009 From: NowhereMan at nowhereland.com (NowhereMan) Date: Sat Mar 21 00:05:09 2009 Subject: [Scspamcop] SpamCop can't find 193.48.246.132 Message-ID: SpamCop can't find 193.48.246.132 http://www.spamcop.net/sc?id=z2716345735za9957129f2eadd7e07c3707bc25b9c02z whois.ripe.net 193.48.246.132 (nothing found) No reporting addresses found for 193.48.246.132, using devnull for tracking. ------------------------ Yet geektools.com/whois (UltraDNS?) finds some filtered contact information and dnssstuff.com finds more, but initially the email addresses are filtered. Can SpamCop get past the RIPE email contact filtering automatically? From MikeE at ster.invalid Sat Mar 21 07:54:51 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 21 07:55:08 2009 Subject: [Scspamcop] Re: SpamCop can't find 193.48.246.132 References: Message-ID: NowhereMan wrote: > SpamCop can't find 193.48.246.132 SC can't find an email addy for the tech/admin DL1594-RIPE www.spamcop.net/sc?id=z2716345735za9957129f2eadd7e07c3707bc25b9c02z > > whois.ripe.net 193.48.246.132 (nothing found) > > No reporting addresses found for 193.48.246.132, using devnull for > tracking. ------------------------ > > Yet geektools.com/whois (UltraDNS?) finds some filtered contact > information and dnssstuff.com finds more, but initially the email > addresses are filtered. > > Can SpamCop get past the RIPE email contact filtering automatically? I don't completely understand SC's problem about the email filter workaround requiring the -B option, but in this case RIPE doesn't hold an email address for DL1594-RIPE even using the -B filter defeater. % Information related to 'DL1594-RIPE' person: Didier Leclere address: Institut Polytechnique de Sevenans address: F-90010 Belfort CEDEX, France phone: +33 84 58 30 20 fax-no: +33 84 58 30 30 nic-hdl: DL1594-RIPE changed: Annie.Renard@inria.fr 19940810 changed: ripe-dbm@ripe.net 19990615 source: RIPE SC wants an email fieldname and value, not a changed fieldname and value. The above is about the /24 block for the IP. The RIPE listing for the /16 block /does/ show an email address for TI123-RIPE irt: IRT-CERT-Renater e-mail: certsvp@renater.fr admin-c: TI123-RIPE tech-c: TI123-RIPE ... and abuse.net /does/ have reg'd addresses for renater whois -h whois.abuse.net renater.fr ... postmaster@renater.fr CertSVP@Renater.fr (for renater.fr) which renater is in a lot of roles for the Sevenans polytechnic inst, including routing for the /16 block. Most likely a deputy would rather notify the admin/tech for the renater /16 than just devnull the Sevenans /24. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Mar 21 07:54:02 2009 From: nobody at spamcop.net (Ellen) Date: Sat Mar 21 08:05:08 2009 Subject: [Scspamcop] Re: Just how black is xo.com's hat? In-Reply-To: References: Message-ID: trackers: http://www.spamcop.net/sc?id=z2715465517z28afa83e1f0cc50419d72104c5318d00z http://www.spamcop.net/sc?id=z2715465196z1ed691ddf7325d5b886afec696ffa80dz http://www.spamcop.net/sc?id=z2715464475z79c6e403133cf66261d48ec954fde86az Ellen Mike Easter wrote: > Chris Schram wrote: > www.spamcop.net/sc?id=z2715465517z28afa83e1f0cc50419d72104c5318d0z > www.spamcop.net/sc?id=z2715465196z1ed691ddf7325d5b886afec696ffa80z > www.spamcop.net/sc?id=z2715464475z79c6e403133cf66261d48ec954fde86z > > None of those trackers loaded for me. SC sez: > Failed to load spam header: > > ... for all 3. > >> I'm setting a nice steady stream of spam that QuickReports back to >> abuse@xo.com. All or most of these messages have my spamcatcher address >> in the Subject line. This is the address I use for all my Usenet >> postings. (I hardly ever read spam, so I don't know what similarity >> there is in the content.) > > Since I can't see any of the spam, I don't know the nature of the > sourcing. It is common practice for many providers to not remedy user IPs > which are sourcing, such as proxies. > >> I'm wondering why SpamCop even bothers to send reports to these guys. >> They don't appear to be repentant in the least. > > Are you able to make the trackers work for you, or are they trackers which > are 'stale' and old? > > Just commenting 'in the blind' - absent any spam evidence I can see - the > way I would comment on XO would be to use spamhaus as a reference. You > can look up the providers for any country. spamhaus sez this about xo > > Found 13 SBL listings for IPs under the responsibility of xo.com > > Then I look at the nature of the listings, for large blocks and for ROKSO > spamgangs. For xo, all but 2 are largish blocks, 2 /22, 2 /23, 2 /24, 1 > /25, 2 /27, 1 /28 and the 2 /32 singletons. Of those there are two blocks > for rokso/s which are a /24 and a /27 which have been so blocked since '08 > Nov & '09 Jan -- where the rokso is Peter Greenwood. > > Then, if you like to look at spamhaus' database on Greenwood, it is here > http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Peter%20Greenwo > od > > If you use that spamhaus link, you can follow the links around to see his > other listings besides those with xo. > > If you read my opinions around here about how SC should notify, I'm of the > opinion that the default mode should be to not notify unless a provider > has asked SC to notify them. I especially think that should be the case > for spamvertisers. I might configure differently about the sources. In > all cases I would have the reporter 'control' whether or not s/he wanted > hir default to be to notify or not notify; so for example a person could > be a regular reporter who didn't notify spamvertiser providers, but the > default was to notify source providers unless the reporter unchecked the > notify -- which a reporter might choose to do for xo. > > Or, a reporter could opt to not notify any provider, unless that provider > had arranged with spamcop to be notified. By my model, the source IPs > would be fed to the SCbl and the website would not be resolved to an IP, > but instead the website would by default be fed into the system that > results in the sc-surbl blocklist. > From nobody at spamcop.net Sat Mar 21 08:00:59 2009 From: nobody at spamcop.net (Ellen) Date: Sat Mar 21 08:05:09 2009 Subject: [Scspamcop] Re: SpamCop can't find 193.48.246.132 In-Reply-To: References: Message-ID: NowhereMan wrote: > SpamCop can't find 193.48.246.132 > > http://www.spamcop.net/sc?id=z2716345735za9957129f2eadd7e07c3707bc25b9c02z > > whois.ripe.net 193.48.246.132 (nothing found) > > No reporting addresses found for 193.48.246.132, using devnull for > tracking. > ------------------------ > > Yet geektools.com/whois (UltraDNS?) finds some filtered contact > information and dnssstuff.com finds more, but initially the email > addresses are filtered. > > Can SpamCop get past the RIPE email contact filtering automatically? > > > > > > It's not the B flag -- it's that there is no email address in the person listing for the IP lookup. I added the abuse address from AS2200 to the /24. Ellen SpamCop From MikeE at ster.invalid Sat Mar 21 08:56:08 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 21 09:00:07 2009 Subject: [Scspamcop] Re: Just how black is xo.com's hat? References: Message-ID: Ellen wrote: > trackers: > www.spamcop.net/sc?id=z2715465517z28afa83e1f0cc50419d72104c5318d00z error: couldn't parse head bad headerline wrapping by recipient's userservices.net server www.spamcop.net/sc?id=z2715465196z1ed691ddf7325d5b886afec696ffa80dz error: couldn't parse head ... same problem www.spamcop.net/sc?id=z2715464475z79c6e403133cf66261d48ec954fde86az error: couldn't parse head ... and again. xo sources: 208.36.66.62 output server 4.1-4.6 neutral SBRS 209.116.134.241 output server 4.5 poor SBRS 209.116.134.149 output server 4.5-4.6 poor SBRS ... where 4.x magnitudes are from 12.6 to 31.6 to 39.8 (thousands) per day, and where SBRS is the senderbase reputation score rating and poor to neutral values reflect the likelihood of that output server's mail being blocked. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon Mar 23 12:30:14 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Mar 23 12:35:09 2009 Subject: [Scspamcop] [media] quality control Message-ID: From: http://www.talkingpointsmemo.com/archives/2009/03/wow_i_needed_that.php As part of their efforts to make the scale and scope of Bernie Madoff's crimes clear to Judge Denny Chin in deciding the terms of his plea, confinement and eventual sentencing, the folks at the US Attorney's Office for the Southern District of New York submitted emails from Madoff's victims describing the injury they had suffered and the punishment they believed Madoff deserved. When you read through the emails, though, you do sort of wonder what level of vetting was applied to these emails or who some of those people even are. And when you get to the email on page 36 you get the sense that the quality control on which emails they threw on the pile maybe wasn't all that high. Here's the text of that email ... From: [redacted] Sent: Saturday, March 07, 2009 6:38 PM Subject: REPLY ME My Name is Mr. [redacted] but my origin is from Republic of Congo. I have an inherited fund I want to invest in a business in your country with a help of a local. I don't know about what business but I found it wise to invest the funds in your country with your collaboration with me. Ever since I move to Dubai due to the problem in my country, I have not been able to invest the funds in Dubai due to security reasons. Now I am seeking foreign assistance to transfer the funds in your country based on the news of their development. If you can assist, I am willing to give you 10% of the funds that is US$3.5Million. You will understand that my entire life and future depend on this money and I shall be very grateful if you can assist me. The major thing I demand from you is the absolute assurance that the funds will be safe and you will not sit on it when it is transferred into your account. I will be willing to coming to your country once everything has been done and the funds are in your bank to discuss on lucrative investment in your country. I hope to hear from you so that we might get to talk better on this issue. Please do give me your contact information in order for me to call you ASAP. If this email offends your moral value, do accept my apology. Hope to hear from you soon. Best Regards, [redacted] From nobody at spamcop.net Mon Mar 23 11:20:13 2009 From: nobody at spamcop.net (Trent) Date: Mon Mar 23 17:25:08 2009 Subject: [Scspamcop] Is the Spamcop server time off or parser screwed up? Message-ID: I reported 7 spams I received today all at once through submission. They all came back as "too old" to report. In every instance , the parsed data comes back indicating I received the message on March 20, but my own headers show received today. From Ag2000CO at Starband.net Mon Mar 23 18:35:53 2009 From: Ag2000CO at Starband.net (LKing) Date: Mon Mar 23 18:40:09 2009 Subject: [Scspamcop] Re: Is the Spamcop server time off or parser screwed up? In-Reply-To: References: Message-ID: Trent wrote, On 3/23/2009 11:20 AM: > I reported 7 spams I received today all at once through submission. They all > came back as "too old" to report. > > In every instance , the parsed data comes back indicating I received the > message on March 20, but my own headers show received today. > The "too old" refers to the date/time your ISP received the email not the date you received it or the date you submitted it. Use -U to look at the header and look for the March 20 date in the header. Lou From nobody at spamcop.net Mon Mar 23 13:29:18 2009 From: nobody at spamcop.net (Trent) Date: Mon Mar 23 19:30:09 2009 Subject: [Scspamcop] Re: Is the Spamcop server time off or parser screwed up? References: Message-ID: "LKing" wrote in message news:gq92sk$2bv$1@news.spamcop.net... > Trent wrote, On 3/23/2009 11:20 AM: >> I reported 7 spams I received today all at once through submission. They >> all came back as "too old" to report. >> >> In every instance , the parsed data comes back indicating I received the >> message on March 20, but my own headers show received today. >> > The "too old" refers to the date/time your ISP received the email not the > date you received it or the date you submitted it. Use -U to look > at the header and look for the March 20 date in the header. > > Lou Again,. Dated March 23. No March 20 in the headers, and I check my email 2-3 times a day so I know when I receive stuff. From MikeE at ster.invalid Mon Mar 23 19:53:29 2009 From: MikeE at ster.invalid (Mike Easter) Date: Mon Mar 23 19:55:08 2009 Subject: [Scspamcop] Re: Is the Spamcop server time off or parser screwed up? References: Message-ID: Trent wrote: > I reported 7 spams I received today all at once through submission. > They all came back as "too old" to report. > > In every instance , the parsed data comes back indicating I received the > message on March 20, but my own headers show received today. Show us a tracker and we can talk about it. Either you can use the tracker created when the parser said too old, or you can create a new privatized and cancelled tracker from the same spam. How to make a tracker: 1 select and obtain the complete spam 2 privatize the header&body content 3 webparse it & copy the tracking URL 4 cancel the report & paste the tracker in here 1 ... in the manner described by the SC faq http://www.spamcop.net/fom-serve/cache/19.html How do I get my email program to reveal the full, unmodified email? 2 ... by modestly and unambiguously mungeing any private information you don't want to expose, such as your name or email address which might appear anywhere in the header or body. Avoid excessive or confusing mungeing. 3 login to the SC webparser, paste in the spam, and click Process Spam button; then copy the tracking URL from the top 'Here is your TRACKING URL' of the appearance http://www.spamcop.net/sc?id=z1505491930z5db2559eebcde98291b8e783c95d61cez 4 ... after parsing, the report is 'live' until the cancel button is used. After cancelling the tracker disappears; the munged spam report should be cancelled because it has been materially changed and because you don't want to leave a tracker live. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Mar 23 21:28:05 2009 From: nobody at spamcop.net (RW) Date: Mon Mar 23 21:30:08 2009 Subject: [Scspamcop] Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) Message-ID: Let's cross our fingers this is finally going ahead. Scheduled server maintenance and software upgrades Thursday, March 26, 2009, starting at 2:00pm PDT. During this time the SpamCop Reporting Service website may not be available for a period of up to two hours in duration. Emailed spam submissions will be accepted, but processing will be delayed during the maintenance process. This will not affect the SpamCop/CESmail email service, newsgroups or forums. Richard From nobody at spamcop.net Tue Mar 24 01:43:27 2009 From: nobody at spamcop.net (RW) Date: Tue Mar 24 01:45:08 2009 Subject: [Scspamcop] Re: Is the Spamcop server time off or parser screwed up? In-Reply-To: References: Message-ID: Trent wrote: > I reported 7 spams I received today all at once through submission. They all > came back as "too old" to report. > > In every instance , the parsed data comes back indicating I received the > message on March 20, but my own headers show received today. > I had a look at these. You submitted them Monday March 23 at 4:11:28pm -0400 PAYPAL PAYBACK RAFFLE DRAW shows your server received it March 20: Received: from cpsmtpo-eml01.kpnxchange.com ([213.75.38.150]) by col0-mc2-f38.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 20 Mar 2009 15:38:20 -0700 Email. shows it was received March 20: Received: from msgmmp-2.gci.net ([209.165.130.12]) by bay0-mc10-f19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 20 Mar 2009 22:36:27 -0700 YOUR BMW 2009 AWARD shows it was received March 21: Received: from bob.montserrat.edu ([74.10.75.77]) by COL0-MC4-F7.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Mar 2009 02:07:12 -0700 Offer high quailty Vigara in licensed onilne phamracy. also shows March 21: Received: from BLU135-W9 ([65.55.111.72]) by blu0-omc2-s12.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Mar 2009 02:26:36 -0700 Ditto for GOOD DAY. : Received: from smtp-wm.kw.com ([66.179.173.68]) by col0-mc2-f42.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Mar 2009 05:42:36 -0700 And finally, same with Like Cowboys and Other Rough Types? : Received: from mail.icm-nj.com ([204.9.74.96]) by bay0-mc6-f7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 21 Mar 2009 09:22:29 -0700 All were over the 48 hours submission limit, some by only a few hours. Richard From gezgin at spamcop.net.which.is.not.invalid Tue Mar 24 11:20:21 2009 From: gezgin at spamcop.net.which.is.not.invalid (Opinicus) Date: Tue Mar 24 11:25:09 2009 Subject: [Scspamcop] Sort held spam on something else? Message-ID: At present when you go to http://mailsc.spamcop.net/reportheld?action=heldlog the held spam is sorted according to its (I guess) arrival order with numbers like "[247649]". I think it would be more useful/meaningful if I could sort on subject line or sender. How hard would implementing such a feature in SpamCop be? -- Bob http://www.kanyak.com From nobody at devnull.spamcop.net Tue Mar 24 15:53:15 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Tue Mar 24 16:25:09 2009 Subject: [Scspamcop] Re: Sort held spam on something else? References: Message-ID: "Opinicus" wrote in message news:gqato3$q1p$1@news.spamcop.net... > At present when you go to > http://mailsc.spamcop.net/reportheld?action=heldlog the held spam > is sorted according to its (I guess) arrival order with numbers > like "[247649]". > > I think it would be more useful/meaningful if I could sort on > subject line or sender. How hard would implementing such a feature > in SpamCop be? SpamCop Newsgroups http://forum.spamcop.net/scwik/SpamCopNewsgroups What is VER (Very Easy Reporting)? http://forum.spamcop.net/forums/index.php?showtopic=5012 Note comments dealing with the "adding features to VER" scenario ... noting that ownership, maintainers, codebase, etc. has gone through many changes since those posts. Hmmm, see that some of this stuff needs to be added to the Wiki ... From tmcgraw at spamcop.net Tue Mar 24 16:58:03 2009 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Mar 24 17:00:08 2009 Subject: [Scspamcop] Re: Sort held spam on something else? In-Reply-To: References: Message-ID: Wazoo wrote: > SpamCop Newsgroups > http://forum.spamcop.net/scwik/SpamCopNewsgroups > > What is VER (Very Easy Reporting)? > http://forum.spamcop.net/forums/index.php?showtopic=5012 > Note comments dealing with the "adding features to VER" scenario ... > noting that ownership, maintainers, codebase, etc. has gone through > many changes since those posts. > > Hmmm, see that some of this stuff needs to be added to the Wiki ... From the forum page: JT's latest Post on the subject, VER "won't necessarily go away but there won't be much development taking place on it. New features and the like will all need to go into the webmail interface. Major bugs will be fixed in VER, but we're not going to be adding features." I have never been able to report Held mail through Horde. Or, rather, if I do, they never show up in my report history, so I'm quite skeptical. From nobody at devnull.spamcop.net Tue Mar 24 18:06:39 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Tue Mar 24 18:10:08 2009 Subject: [Scspamcop] Re: Sort held spam on something else? References: Message-ID: "Tim McGraw" wrote in message news:gqbhgs$p2$1@news.spamcop.net... > Wazoo wrote: >> >> What is VER (Very Easy Reporting)? >> http://forum.spamcop.net/forums/index.php?showtopic=5012 >> Note comments dealing with the "adding features to VER" scenario >> ... noting that ownership, maintainers, codebase, etc. has gone >> through many changes since those posts. > > I have never been able to report Held mail through Horde. Or, > rather, if I do, they never show up in my report history, so I'm > quite skeptical. The last Forum discussion about this 'problem' dealt with the enabling of Quick-Reporting ..???? On the other hand, your experience doesn't seem to match the other user's description either ??? http://forum.spamcop.net/forums/index.php?showtopic=10191 Technically, this is a function only available to a SpamCop e-mail account, so still should be taken up either in the mail.spamcop.net newsgroup or the Forum itself in the Reporting Help section. From nobody at devnull.spamcop.net Tue Mar 24 23:20:03 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Tue Mar 24 23:20:09 2009 Subject: [Scspamcop] Re: [media] quality control References: Message-ID: LOL!! Vetted? Maybe by a veterinarian! "Redacted"! My gosh, why? It's as phoney as the rest of it is! Tim McGraw wrote: > From: > http://www.talkingpointsmemo.com/archives/2009/03/wow_i_needed_that.php > > As part of their efforts to make the scale and scope of Bernie > Madoff's crimes clear to Judge Denny Chin in deciding the terms of > his plea, confinement and eventual sentencing, the folks at the US > Attorney's Office for the Southern District of New York submitted > emails from Madoff's victims describing the injury they had suffered > and the punishment they believed Madoff deserved. > > When you read through the emails, though, you do sort of wonder what > level of vetting was applied to these emails or who some of those > people even are. And when you get to the email on page 36 you get the > sense that the quality control on which emails they threw on the pile > maybe wasn't all that high. > > Here's the text of that email ... > > From: [redacted] > Sent: Saturday, March 07, 2009 6:38 PM > Subject: REPLY ME > > My Name is Mr. [redacted] but my origin is from Republic of Congo. I > have an inherited fund I want to invest in a business in your country > with a help of a local. I don't know about what business but I found > it wise to invest the funds in your country with your collaboration > with me. > Ever since I move to Dubai due to the problem in my country, I have > not been able to invest the funds in Dubai due to security reasons. > Now I am seeking foreign assistance to transfer the funds in your > country based on the news of their development. > > If you can assist, I am willing to give you 10% of the funds that is > US$3.5Million. You will understand that my entire life and future > depend on this money and I shall be very grateful if you can assist > me. The major thing I demand from you is the absolute assurance that > the funds will be safe and you will not sit on it when it is > transferred into your account. > > I will be willing to coming to your country once everything has been > done and the funds are in your bank to discuss on lucrative investment > in your country. > > I hope to hear from you so that we might get to talk better on this > issue. Please do give me your contact information in order for me to > call you ASAP. > > If this email offends your moral value, do accept my apology. > > Hope to hear from you soon. > > Best Regards, > > [redacted] From MikeE at ster.invalid Wed Mar 25 10:18:13 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 25 10:20:09 2009 Subject: [Scspamcop] Re: [media] quality control References: Message-ID: Twayne wrote: > LOL!! I have a theory and/or an opinion. But first, a few remarks by way of illustration. > Vetted? Maybe by a veterinarian! Now, suppose I wanted to make a comment or ask a question about what you meant when you said, "vetted, maybe by a vet" -- how would I go about providing context to my question? what my question was questioning? How is it apparent (when I make a reply) where the word 'vetted' is coming from? > "Redacted"! My gosh, why? It's as phoney as the rest of it is! Likewise, what if I am saying, "Redacted? What is Twayne talking about redacted? What is redacted/ what has been redacted? Why are we talking about redacted? What does he mean 'why'?" Do you think I should 'paraphrase' the article Tim cited? Do you think I should cut and paste pieces and parts of the article into a chronological or conversational 'order' so that we can see what we are all talking about? Or -- Do you think I should place my remarks up above your remarks, so that we have a top posted thread going on here? Back to my theory-opinion. I believe that you communicate - your communication style to which you are most accustomed - in such as email and 'other places' is TOFU - textover fullquote under - ie top posting. And that you do not 'believe in' contextualizing or trimming. You feel that the concept is 'lacking' (in substance) and that tofu works perfectly well. It works in corporate environments and it works in email and it will/can work wherever it is employed. Further, that those who 'insist on' trimming and contextualizing are just going on about something or other that isn't really worth the trouble. However and ontheotherhand, there seems to be some kind of popular opinion or attitude in some places about how unacceptable top posting is, so whenever you are in an environment in which top posting is not accepted by the crowd, you solve the 'problem' or incompatibility by top posting on the bottom. That way you still don't have to trim or context and yet you aren't actually top posting when you bottom post. In this particular case and example, since I've been 'ranting' about bottom posting, you decided, "What the hell. He's going to rant whether I top post on the top or on the bottom, I might as well top post on the top where I prefer to do it." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Mar 25 11:35:21 2009 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 25 11:40:08 2009 Subject: [Scspamcop] Re: [media] quality control References: Message-ID: Tim McGraw wrote: www.talkingpointsmemo.com/archives/2009/03/wow_i_needed_that.php TPM is more or less a muckraking blogger type source. The backstory is that the US Atty NY State's (USANYS) ofc solicited comments about the Madoff plea, sentencing, etc. It seems to me that they probably asked some victims to write snailmail letters addressed/directed to Judge Chin's attention but mailed to the usanys, and they also put out a general solicitation to the public by publishing an email address... The court filing urges potential victims who wish to be heard at the hearing to send notice to the U.S. attorney's office by 10 A.M., March 11 by e-mailing usanys.madoff@usdoj.gov. ... and consequently someone in the USANYS was asked to assemble the snailmail and emails so received and wrap it all up into a .pdf or 2 with appropriate redacting of the names of the victims and writers. The result of that assignment can be seen in the snurled links to the .pdf/s below. http://snipr.com/ejaw2 - this is a .pdf at msnbc - the .pdf contains a cover letter to Judge Chin from the usanys and the content of 74 emails received, which emails were arbitrarily (and inappropriately) grouped into 5 'classes'. Whoever in the usanys office who was given the task decided to accomplish it by using their email print function and printing out the rendered emails in the format of From, (date sent), To, Subject; then they used their black marker pen to obscure elements of the content and then scanned it into a .pdf for email submission to the judge. There is a second .pdf which is similarly scanned and 'redacted' snailmails http://snipr.com/ejbbc The snailmails from the victims are appropriate and appropriately redacted. The emails contain a lot of junk which is inappropriately organized and inadequately redacted. The .pdf contains not only the 419 spam, which is the subject of the TPM blog, but also spammish email trailer content and incredimail junk which is attached to the email. The 419 is just the most 'egregious' of the badly handled email issue. If you - the USANYS office - are going to be publishing an email address on the web, you shouldn't be sending the resultant spammage to the judge, whether the spam is 419 or incredimail or other webmail promotions. -- Mike Easter kibitzer, not SC admin From me at privacy.net Wed Mar 25 21:07:57 2009 From: me at privacy.net (Michael R N Dolbear) Date: Wed Mar 25 21:10:10 2009 Subject: [Scspamcop] Re: Sort held spam on something else? References: Message-ID: <01c9adab$74f388e0$LocalHost@default> Tim McGraw wrote in article > I have never been able to report Held mail through Horde. Or, rather, if > I do, they never show up in my report history, so I'm quite skeptical. ? Can you do Quick reporting from VER, ie from http://mailsc.spamcop.net/reportheld?action=heldlog If not, have you set up mailhosts ? -- Mike D From nobody at devnull.spamcop.net Wed Mar 25 22:25:48 2009 From: nobody at devnull.spamcop.net (Twayne) Date: Wed Mar 25 22:30:08 2009 Subject: [Scspamcop] Re: [media] quality control References: Message-ID: Ahh, lemme see here. If you read that post, you remember it. If you didn't read it, it's irrelevant and makes one wonder why you read THE NEXT post in the first place. And if your name is Mike Easter, you just got punkd! [;-) Cheers, Twayne Mike Easter wrote: > Twayne wrote: >> LOL!! > > I have a theory and/or an opinion. But first, a few remarks by way of > illustration. > >> Vetted? Maybe by a veterinarian! > > Now, suppose I wanted to make a comment or ask a question about what > you meant when you said, "vetted, maybe by a vet" -- how would I go > about providing context to my question? what my question was > questioning? How is it apparent (when I make a reply) where the word > 'vetted' is coming from? > >> "Redacted"! My gosh, why? It's as phoney as the rest of it is! > > Likewise, what if I am saying, "Redacted? What is Twayne talking > about redacted? What is redacted/ what has been redacted? Why are > we talking about redacted? What does he mean 'why'?" > > Do you think I should 'paraphrase' the article Tim cited? Do you > think I should cut and paste pieces and parts of the article into a > chronological or conversational 'order' so that we can see what we > are all talking about? Or -- Do you think I should place my remarks > up above your remarks, so that we have a top posted thread going on > here? > > Back to my theory-opinion. > > I believe that you communicate - your communication style to which > you are most accustomed - in such as email and 'other places' is TOFU > - textover fullquote under - ie top posting. And that you do not > 'believe in' contextualizing or trimming. You feel that the concept > is 'lacking' (in substance) and that tofu works perfectly well. It > works in corporate environments and it works in email and it will/can > work wherever it is employed. Further, that those who 'insist on' > trimming and contextualizing are just going on about something or > other that isn't really worth the trouble. > > However and ontheotherhand, there seems to be some kind of popular > opinion or attitude in some places about how unacceptable top posting > is, so whenever you are in an environment in which top posting is not > accepted by the crowd, you solve the 'problem' or incompatibility by > top posting on the bottom. That way you still don't have to trim or > context and yet you aren't actually top posting when you bottom post. > > In this particular case and example, since I've been 'ranting' about > bottom posting, you decided, "What the hell. He's going to rant > whether I top post on the top or on the bottom, I might as well top > post on the top where I prefer to do it." From nobody at spamcop.net Thu Mar 26 13:09:24 2009 From: nobody at spamcop.net (RW) Date: Thu Mar 26 13:10:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) In-Reply-To: References: Message-ID: RW wrote: > Let's cross our fingers this is finally going ahead. > > Scheduled server maintenance and software upgrades Thursday, March 26, > 2009, starting at 2:00pm PDT. During this time the SpamCop Reporting > Service website may not be available for a period of up to two hours in > duration. Emailed spam submissions will be accepted, but processing will > be delayed during the maintenance process. > > This will not affect the SpamCop/CESmail email service, newsgroups or > forums. > > Richard AFAIK everything is still a go and this process will be starting in a couple of hours. Visitors will see the SpamCop reporting website in "Maintenance Mode" through the process. Emailed spam submissions will still be accepted, but processing will be delayed. It will no doubt take a few hours to catch up with the backlog when things are brought back up. Richard From nobody at spamcop.net Thu Mar 26 19:29:11 2009 From: nobody at spamcop.net (Ellen) Date: Thu Mar 26 19:30:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) In-Reply-To: References: Message-ID: RW wrote: > RW wrote: > Visitors will see the SpamCop reporting website in > "Maintenance Mode" through the process. > > Emailed spam submissions will still be accepted, but processing will be > delayed. It will no doubt take a few hours to catch up with the backlog > when things are brought back up. > > Richard The maintenance is running longer than expected. Thanks for your patience. Ellen SpamCop From nobody at spamcop.net Thu Mar 26 20:18:32 2009 From: nobody at spamcop.net (RW) Date: Thu Mar 26 20:20:08 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) In-Reply-To: References: Message-ID: Ellen wrote: > RW wrote: >> RW wrote: >> Visitors will see the SpamCop reporting website in "Maintenance Mode" >> through the process. >> >> Emailed spam submissions will still be accepted, but processing will >> be delayed. It will no doubt take a few hours to catch up with the >> backlog when things are brought back up. >> >> Richard > > > > The maintenance is running longer than expected. Thanks for your patience. > > > Ellen > SpamCop We're told another 1/2 hour or so Richard From nobody at spamcop.net Thu Mar 26 21:55:42 2009 From: nobody at spamcop.net (Steven Underwood) Date: Thu Mar 26 22:00:09 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) References: Message-ID: "RW" wrote in message news:gqh60n$g71$1@news.spamcop.net... > > We're told another 1/2 hour or so > > Richard While I see that the reporting site appears to be up, I am getting the following error trying to reach the VER site from my logged in account: Cannot find login information. Not logged in? VER tends to be a lot quicker getting messages into the queue as opposed to forwarding from webmail, but I will revert back to that if necessary. From nobody at spamcop.net Thu Mar 26 22:48:08 2009 From: nobody at spamcop.net (RW) Date: Thu Mar 26 22:50:09 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) In-Reply-To: References: Message-ID: Steven Underwood wrote: > > > "RW" wrote in message > news:gqh60n$g71$1@news.spamcop.net... >> >> We're told another 1/2 hour or so >> >> Richard > > While I see that the reporting site appears to be up, I am getting the > following error trying to reach the VER site from my logged in account: > > Cannot find login information. Not logged in? > > VER tends to be a lot quicker getting messages into the queue as opposed > to forwarding from webmail, but I will revert back to that if necessary. I'm getting some 'failed to load spam header' error when parsing. Reloading once or twice gets the parse. I suspect the error your seeing is also the databases catching up with each other. I suspect the servers are overloaded with trying to catch up. I'm not going to ring any alarm bells just yet. Things look good in the crons, though one cron that normally takes a minute or so has been running for an hour. Only apps 4 and 7 are showing room to take on load, but not much. The other 10 must be churning away. Richard From nobody at devnull.spamcop.net Thu Mar 26 23:54:30 2009 From: nobody at devnull.spamcop.net (Patto) Date: Thu Mar 26 23:55:09 2009 Subject: [Scspamcop] Strange going-ons... Message-ID: I send a group of spam messages to SC, receive a confirmation "has received x emails", then proceed to http://www.spamcop.net/ I click on the 'Report Now' link, and SC brings up, e.g. http://www.spamcop.net/sc?id=z2734993992zda2bce77d70854a4b359bfcd7876a0d2z I click on 'Send Spam Report(s) Now', and the thing seems to be gone. The 'Report Now' link comes back, but interestingly its color is of a link already visited. When I click on it, the same spam as above comes back, but as 'already sent'. This seems to report itself with every second submission. This behavior is new as per today. From nobody at spamcop.net Fri Mar 27 00:27:11 2009 From: nobody at spamcop.net (RW) Date: Fri Mar 27 00:30:08 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: Patto wrote: > I send a group of spam messages to SC, receive a confirmation "has > received x emails", then proceed to http://www.spamcop.net/ > > I click on the 'Report Now' link, and SC brings up, e.g. > http://www.spamcop.net/sc?id=z2734993992zda2bce77d70854a4b359bfcd7876a0d2z > > I click on 'Send Spam Report(s) Now', and the thing seems to be gone. > The 'Report Now' link comes back, but interestingly its color is of a > link already visited. When I click on it, the same spam as above comes > back, but as 'already sent'. > > This seems to report itself with every second submission. This behavior > is new as per today. Thanks Patto. I think this is all related to the systems still trying to catch up. Sysops also reported a database hard crash, which has now been brought back up. SpamCop is very much a strange puppy. I think operations forget the loads that go through SC and the effects this has for a number of hours when the system is taken down. The longer its down, the larger and longer the effect. I think all totaled, they had the system down for about five hours. That would equate to about five million spam backed up in the corpus for processing. Richard From nobody at devnull.spamcop.net Fri Mar 27 00:28:43 2009 From: nobody at devnull.spamcop.net (Patto) Date: Fri Mar 27 00:30:09 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: Patto wrote: > I send a group of spam messages to SC, receive a confirmation "has > received x emails", then proceed to http://www.spamcop.net/ > > I click on the 'Report Now' link, and SC brings up, e.g. > http://www.spamcop.net/sc?id=z2734993992zda2bce77d70854a4b359bfcd7876a0d2z > > I click on 'Send Spam Report(s) Now', and the thing seems to be gone. > The 'Report Now' link comes back, but interestingly its color is of a > link already visited. When I click on it, the same spam as above comes > back, but as 'already sent'. > > This seems to report itself with every second submission. This behavior > is new as per today. This is the latest one: http://www.spamcop.net/sc?id=z2735077515z8fbea25e41887db3966fa300050d4c6az but it behaves differently; it just brings up the 'Report Now' link, again, and again, and again. Previously it brought up the link once, then continued to the next. Now this one seems to go on endless... From nobody at spamcop.net Fri Mar 27 01:12:09 2009 From: nobody at spamcop.net (RW) Date: Fri Mar 27 01:15:07 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: Patto wrote: > Patto wrote: >> I send a group of spam messages to SC, receive a confirmation "has >> received x emails", then proceed to http://www.spamcop.net/ >> >> I click on the 'Report Now' link, and SC brings up, e.g. >> http://www.spamcop.net/sc?id=z2734993992zda2bce77d70854a4b359bfcd7876a0d2z >> >> >> I click on 'Send Spam Report(s) Now', and the thing seems to be gone. >> The 'Report Now' link comes back, but interestingly its color is of a >> link already visited. When I click on it, the same spam as above comes >> back, but as 'already sent'. >> >> This seems to report itself with every second submission. This >> behavior is new as per today. > > This is the latest one: > http://www.spamcop.net/sc?id=z2735077515z8fbea25e41887db3966fa300050d4c6az > but it behaves differently; it just brings up the 'Report Now' link, > again, and again, and again. Previously it brought up the link once, > then continued to the next. Now this one seems to go on endless... Yeah, seeing a few reports of this as well as a couple of other small issues. There seems to be a problem in the system refresh or moving on, or whatever you wanna call it. Sysops is aware and we're watching this. Still think it's related to things catching up. Richard From arrNOT_EXISTon at ComFakeKalDomain.net Fri Mar 27 04:31:30 2009 From: arrNOT_EXISTon at ComFakeKalDomain.net (Ian Manners) Date: Fri Mar 27 04:35:09 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: All I'm getting right now is :- SpamCop v 4.5.0.084 ? 1992-2009 Cisco Systems, Inc. All rights reserved. Failed to load spam header: 2735576097 / 841414cb3fd4e99b03bd27e316fe20a6 on any spam I submit using the interface, also have the same problem with 'link' when I submit via email so I cancelled the lot. Cheers IBManners From arrNOT_EXISTon at ComFakeKalDomain.net Fri Mar 27 05:26:01 2009 From: arrNOT_EXISTon at ComFakeKalDomain.net (Ian Manners) Date: Fri Mar 27 05:30:07 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: > SpamCop v 4.5.0.084 ? 1992-2009 Cisco Systems, Inc. All rights reserved. > Failed to load spam header: 2735576097 / 841414cb3fd4e99b03bd27e316fe20a6 Now working :-) Cheers IBManners From nobody at spamcop.net Fri Mar 27 06:45:15 2009 From: nobody at spamcop.net (Ellen) Date: Fri Mar 27 06:50:08 2009 Subject: [Scspamcop] copy/paste spam failure to parse error Message-ID: I am seeing an error when pasting a spam into the parse box on the website: Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 We are notifying Operations and engineering about this. If you can successfully copy/paste spam into the webform please drop a short post to this newsgroup. Thanks Ellen SpamCop From blacklist-me at davjam.org Fri Mar 27 08:02:43 2009 From: blacklist-me at davjam.org (David Bolt) Date: Fri Mar 27 08:30:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error References: Message-ID: On Fri, 27 Mar 2009, Ellen wrote:- >I am seeing an error when pasting a spam into the parse box on the website: > >Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 > >We are notifying Operations and engineering about this. > >If you can successfully copy/paste spam into the webform please drop a >short post to this newsgroup. Looks like whatever was broken is now fixed. Just copied and pasted a spam and received no errors. Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 10.3 32b | openSUSE 11.0 32b | | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 10.3 PPC | RISC OS 3.6 | RISC OS 3.11 | TOS 4.02 From connyank at cox.net Fri Mar 27 08:44:55 2009 From: connyank at cox.net (jg) Date: Fri Mar 27 08:45:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: On 03/27/2009 03:45 AM Ellen scribbled: > I am seeing an error when pasting a spam into the parse box on the website: > > Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 > > We are notifying Operations and engineering about this. > > If you can successfully copy/paste spam into the webform please drop a > short post to this newsgroup. > > > Thanks > > > Ellen > SpamCop Not yet... From nobody at spamcop.net Fri Mar 27 09:04:08 2009 From: nobody at spamcop.net (Ellen) Date: Fri Mar 27 09:05:07 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: David Bolt wrote: > On Fri, 27 Mar 2009, Ellen wrote:- > >> I am seeing an error when pasting a spam into the parse box on the website: >> >> Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 >> >> We are notifying Operations and engineering about this. >> >> If you can successfully copy/paste spam into the webform please drop a >> short post to this newsgroup. > > Looks like whatever was broken is now fixed. Just copied and pasted a > spam and received no errors. > > > Regards, > David Bolt > Still not working for me -- thanks for the info. Ellen Spamcop From bert at iphouse.com Fri Mar 27 09:11:43 2009 From: bert at iphouse.com (Bert Hyman) Date: Fri Mar 27 09:15:08 2009 Subject: [Scspamcop] Re: Strange going-ons... References: Message-ID: In news:gqhilo$ndf$1@news.spamcop.net Patto wrote: > I click on 'Send Spam Report(s) Now', and the thing seems to be gone. > The 'Report Now' link comes back, but interestingly its color is of a > link already visited. When I click on it, the same spam as above comes > back, but as 'already sent'. Me too. Exiting and re-entering my browser cleared things up though. -- Bert Hyman St. Paul, MN bert@iphouse.com From nobody at spamcop.net Fri Mar 27 09:46:09 2009 From: nobody at spamcop.net (Ellen) Date: Fri Mar 27 09:50:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: Larry in AZ wrote: >>>> >>> >>> Still not working for me -- thanks for the info. >> For me, a few parse and some don't. Same error message. > > But they work if I forward via email. > thanks Ellen From user at domain.invalid Fri Mar 27 11:01:24 2009 From: user at domain.invalid (Farelf) Date: Fri Mar 27 11:05:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: Ellen wrote: > I am seeing an error when pasting a spam into the parse box on the website: > > Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 > Worked on 4th try (IE7): http://www.spamcop.net/sc?id=z2736401501z6848f924898018dd4dced63063787cf3z () From ppearson at nowhere.invalid Fri Mar 27 11:04:12 2009 From: ppearson at nowhere.invalid (Peter Pearson) Date: Fri Mar 27 11:05:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error References: Message-ID: On Fri, 27 Mar 2009 06:45:15 -0400, Ellen wrote: > I am seeing an error when pasting a spam into the parse box on the website: > > Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 I just got a similar error, differing only in the numbers: Failed to load spam header: 2736430959 / fd656a0fc730e5bf15cee88f0e129706 - Peter -- To email me, substitute nowhere->spamcop, invalid->net. From connyank at cox.net Fri Mar 27 11:12:02 2009 From: connyank at cox.net (jg) Date: Fri Mar 27 11:15:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: On 03/27/2009 06:41 AM Larry in AZ scribbled: >>> >>> Still not working for me -- thanks for the info. >> For me, a few parse and some don't. Same error message. > > But they work if I forward via email. > I found that hitting Open Location (Firefox) while in the error screen screen pushes the parse through - 2 out of 3, other one went through OK. This is copy and paste into web parser. No more to test since 6:15 PST - slow day... From nobody at spamcop.net Fri Mar 27 12:00:06 2009 From: nobody at spamcop.net (Ellen) Date: Fri Mar 27 12:05:08 2009 Subject: [Scspamcop] Re: copy/paste spam failure to parse error In-Reply-To: References: Message-ID: Peter Pearson wrote: > On Fri, 27 Mar 2009 06:45:15 -0400, Ellen wrote: >> I am seeing an error when pasting a spam into the parse box on the website: >> >> Failed to load spam header: 2735866410 / 805239687db8961c08c1bcb33d628258 > > I just got a similar error, differing only in the numbers: > > Failed to load spam header: 2736430959 / fd656a0fc730e5bf15cee88f0e129706 > > - Peter > yes the numbers will differ -- I should have mentioned that in my previous post. Sometimes if you retry enough times you can get the spam to parse Ellen From bcs1 at spamcop.net Fri Mar 27 12:17:25 2009 From: bcs1 at spamcop.net (Bill) Date: Fri Mar 27 12:20:08 2009 Subject: [Scspamcop] Re: Strange going-ons... References: Message-ID: "RW" wrote in message news:gqhn77$324$1@news.spamcop.net... > > Yeah, seeing a few reports of this as well as a couple of other small > issues. There seems to be a problem in the system refresh or moving on, > or whatever you wanna call it. Sysops is aware and we're watching this. > Still think it's related to things catching up. > > Richard I'm seeing it too, but since you guys are already aware of it... also the report now link issue of not moving to the next queue'd for reporting spam. I was able to switch to the held mail tab then back for one of them, but that only seemed to work once. Thanks Bill From me at privacy.net Fri Mar 27 17:43:31 2009 From: me at privacy.net (Michael R N Dolbear) Date: Fri Mar 27 17:45:09 2009 Subject: [Scspamcop] Re: Scheduled Maintenance Thursday March 26, 2009 - (SpamCop 4.5.0-084 Release) References: Message-ID: <01c9af1e$f71073a0$LocalHost@default> Steven Underwood wrote > While I see that the reporting site appears to be up, I am getting the > following error trying to reach the VER site from my logged in account: > > Cannot find login information. Not logged in? > > VER tends to be a lot quicker getting messages into the queue as opposed to > forwarding from webmail, but I will revert back to that if necessary. I'm still getting that at 1800 GMT , but only if I go to (from SC mail or bookmark) http://mailsc.spamcop.net/reportheld?action=heldlog (and I can look at my old reports so it does know I'm logged in) If I login at the "cannot find login ..." message I get sent to a different VER url http://www.spamcop.net/reportheld?action=heldlog Which works. What's going on ? -- Mike D From nobody at spamcop.net Fri Mar 27 20:23:59 2009 From: nobody at spamcop.net (RW) Date: Fri Mar 27 20:25:07 2009 Subject: [Scspamcop] All Fixed?? Message-ID: Reports from Engineering are they found a problem between the master and slave databases. This has been fixed now, so the parsing problems/errors should be gone. They also found a coding in the held mail coding, which has been fixed. Held mail '500' errors should now be gone They've also fixed the apnic problem and abuse.net problem, so those should be fixed. Let us know if you're still seeing any error or come across any new ones. Thanks, Richard From ecm2001.download at xxxx54545.rapidshare.com Fri Mar 27 23:35:23 2009 From: ecm2001.download at xxxx54545.rapidshare.com (ecm2001 rapidshare download torrent ) Date: Fri Mar 27 23:40:09 2009 Subject: [Scspamcop] ecm2001 crack torrent rapidshare download 57400710144836480355 Message-ID: We can crack or emulate any protection type: Dongle, Hardlock, Hasp, Serial, Password, Hasp4, Flexlm, Sentinel, Wibu, Eutron Smartkey, Hasphl, Proteq, All the Protections!! email = xshowsoft@gmail.com email = xshowsoft at gmail.com ecm2001 download ecm2001 rapidshare ecm2001 torrent ecm2001 crack ecm2001 v 5.3 ecm2001 v 5.4 ecm2001 v 5.5 ecm2001 v 6.0 ecm2001 v 6.1 ecm2001 v 6.2 ecm2001 v 6.3 ecm2001 v5.3 ecm2001 v5.4 ecm2001 v5.5 ecm2001 v6.0 ecm2001 v6.1 ecm2001 v6.2 ecm2001 v6.3 If you have some protected program, and want to crack it, we can help you! Ecm2001 v6.3 professional, all checksums enabled download email = xshowsoft@gmail.com email = xshowsoft at gmail.com g#SO,]_g*y1(,qgJJeZO From gezgin at spamcop.net.which.is.not.invalid Sat Mar 28 00:41:38 2009 From: gezgin at spamcop.net.which.is.not.invalid (Opinicus) Date: Sat Mar 28 00:45:07 2009 Subject: [Scspamcop] Re: All Fixed?? References: Message-ID: "RW" wrote > Let us know if you're still seeing any error or come across any new ones. It's 04:40 UTC and I'm still getting "Cannot find login information. Not logged in?" when I try and enter from http://mailsc.spamcop.net//reportheld?action=heldlog -- Bob http://www.kanyak.com From NowhereMan at nowhereland.com Sat Mar 28 01:18:34 2009 From: NowhereMan at nowhereland.com (NowhereMan) Date: Sat Mar 28 01:20:08 2009 Subject: [Scspamcop] SpamCop Can't Parse RIPE IP Address 62.60.136.28 Message-ID: http://www.spamcop.net/sc?id=z2738121244z81116a854a69638e015530fc695add08z When performing a DNS lookup with UltraDNS % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. ------- DNSStuff initially shows WHOIS - 62.60.136.28 mail iconEmail link to results Generated by www.DNSstuff.com Location: Iran (high) [City: Tabriz, Azarbayjan-E Bakhtari] ARIN says that this IP belongs to RIPE; I'm looking it up there. Using 10 day old cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address). % This is the RIPE Whois query server #3. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html %ERROR:203: address passing not allowed for 70.86.70.34 % % Sorry, you are not allowed to pass addresses on the query line . % Please contact us for such permission. For the moment, continuing % this will cause permanent denial of access. [The following lines added by www.dnsstuff.com per requirement by RIPE] This service is subject to the terms and conditions stated in the RIPE NCC Database Copyright Notice. Contact dnsstuff.com's 'info2@' address to report problems regarding the functionality of the service From anthony.edwards at uk.easynet.net Sat Mar 28 04:01:26 2009 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Sat Mar 28 04:05:08 2009 Subject: [Scspamcop] Re: SpamCop Can't Parse RIPE IP Address 62.60.136.28 References: Message-ID: On Sat, 28 Mar 2009 00:18:34 -0500, NowhereMan wrote: > > http://www.spamcop.net/sc?id=z2738121244z81116a854a69638e015530fc695add08z > > When performing a DNS lookup with UltraDNS > > % Note: This output has been filtered. > % To receive output for a database update, use the "-B" flag. > > ------- > DNSStuff initially shows > > WHOIS - 62.60.136.28 > mail iconEmail link to results > Generated by www.DNSstuff.com > > Location: Iran (high) [City: Tabriz, Azarbayjan-E Bakhtari] > > ARIN says that this IP belongs to RIPE; I'm looking it up there. abuse@abuse:~$ whois -h whois.ripe.net -B 62.60.136.28 % This is the RIPE Whois query server #3. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Information related to '62.60.136.0 - 62.60.136.255' inetnum: 62.60.136.0 - 62.60.136.255 netname: IRANSCIENCE-IDC descr: Iranscience network Data Center & Storage Network country: IR admin-c: SR3604-RIPE tech-c: SR3604-RIPE status: ASSIGNED PA mnt-by: IROST-MNT mnt-lower: IROST-MNT mnt-routes: IROST-MNT changed: ipdomain@irost.com 20070721 source: RIPE person: Sohrab Rahbar address: Iranian Research Organisation for Science,Technology address: No.71- Forsat Ave.Enghelab Street address: Tehran, Iran phone: +98 21 88834352 fax-no: +98 21 88826627 nic-hdl: SR3604-RIPE changed: ipdomain@irost.com 20060819 source: RIPE % Information related to '62.60.128.0/18AS15611' route: 62.60.128.0/18 descr: IROST-route origin: AS15611 mnt-by: IROST-MNT changed: ipdomain@irost.net 20020202 changed: chizari@irost.com 20030122 source: RIPE > Using 10 day old cached answer (or, you can get fresh results). > Hiding E-mail address (you can get results with the E-mail address). > > % This is the RIPE Whois query server #3. > % The objects are in RPSL format. > % > % Rights restricted by copyright. > % See http://www.ripe.net/db/copyright.html > > %ERROR:203: address passing not allowed for 70.86.70.34 > % > % Sorry, you are not allowed to pass addresses on the query line . > % Please contact us for such permission. For the moment, continuing > % this will cause permanent denial of access. > [The following lines added by www.dnsstuff.com per requirement by RIPE] > This service is subject to the terms and conditions stated in the RIPE NCC Database Copyright Notice. > Contact dnsstuff.com's 'info2@' address to report problems regarding the functionality of the service Presumably 70.86.70.34 is part of the dnsstuff.com infrastructure? It appears that RIPE may be limiting query functionality from that IP address for some reason (a perceived excessive volume of queries, perhaps?). -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 020 7900 4444 Easynet Ltd * DDI: 0161 888 3507 http://www.easynet.com * Fax: 0845 333 4503 From nobody at spamcop.net Sat Mar 28 09:45:32 2009 From: nobody at spamcop.net (Ellen) Date: Sat Mar 28 09:50:09 2009 Subject: [Scspamcop] Outlook - forward as attachment Message-ID: If anyone is using Outlook and forward as attachment to submit spam to SC for parsing I would appreciate it if you would either write to me at deputies @ admin.spamcop.net or reply here. I have a user with an odd problem and as I don't use Outlook I am a little stymied figuring out how to proceed. Posted to spamcop and geeks with follow-ups to geeks Thanks! Ellen Bah not posted to geeks cause I was just informed I can't post to geeks so I wonder what that's all about From nobody at spamcop.net Sat Mar 28 09:48:29 2009 From: nobody at spamcop.net (bar0) Date: Sat Mar 28 09:50:09 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: Message-ID: "Ellen" wrote in message news:gql9m5$9lo$2@news.spamcop.net... > If anyone is using Outlook and forward as attachment to submit spam to > SC for parsing I would appreciate it if you would either write to me at > deputies @ admin.spamcop.net or reply here. I have a user with an > odd problem and as I don't use Outlook I am a little stymied figuring > out how to proceed. I didn't know that was possible without unsupported add-ons or plugins, unless we're talking about Outlook _Express_. From MikeE at ster.invalid Sat Mar 28 11:27:15 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sat Mar 28 11:30:08 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: Message-ID: bar0 wrote: > "Ellen" >> If anyone is using Outlook and forward as attachment to submit spam to >> SC for parsing I would appreciate it if you would either write to me at >> deputies @ admin.spamcop.net or reply here. I have a user with an >> odd problem and as I don't use Outlook I am a little stymied figuring >> out how to proceed. > > I didn't know that was possible without unsupported add-ons or plugins, > unless we're talking about Outlook _Express_. I don't know if you include a VBA macro as an add-on or plug-in, but there was a recent thread in .mail initiated by Erik Ch. Ohrnberger about his OL macro. news://news.spamcop.net/gqau05$qmh$2@news.spamcop.net Subject: SpamCop reporting issues Date: Tue, 24 Mar 2009 11:24:53 -0400 He got his problem worked out -- it wasn't his macro but his provider wow obstructing SC submissions. He now emails submits thru' gmail. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Mar 28 12:42:29 2009 From: nobody at spamcop.net (bar0) Date: Sat Mar 28 12:45:08 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: <0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com> Message-ID: "SpamCop Admin" wrote in message news:0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com... > Just so there is no confusion... > > We understand that later versions of Microsoft Outlook feature a > "Forward as Attachment" function just like Outlook Express. Yes, it (they?) do(es) in OL 2003, however, it sends a bowdlerized version of the email, with only the usual "display" or visible headers, not the headers you'd see under the options menu. ie not the "full" headers, but rather the From, Subject, CC, and Date, lines and perhaps some other lines selectable by some customization. Something similar to what you'd get from Eudora Forward, or Yahoo Forward (unless you hold down the key). From bcs1 at spamcop.net Sat Mar 28 13:15:40 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Mar 28 13:20:09 2009 Subject: [Scspamcop] spam in .social??? Message-ID: here's the information from clicking reply to group. "ecm2001 rapidshare download torrent " wrote in message news:gqk5vo$8rr$8@news.spamcop.net... > We can crack or emulate any protection type: Dongle, > Hardlock, Hasp, Serial, Password, Hasp4, Flexlm, Sentinel, > Wibu, Eutron Smartkey, Hasphl, Proteq, All the Protections!! Bill From bcs1 at spamcop.net Sat Mar 28 13:18:29 2009 From: bcs1 at spamcop.net (Bill) Date: Sat Mar 28 13:20:09 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: "Bill" wrote in message news:gqllvt$e0p$1@news.spamcop.net... > here's the information from clicking reply to group. > > > "ecm2001 rapidshare download torrent " > wrote in message > news:gqk5vo$8rr$8@news.spamcop.net... >> We can crack or emulate any protection type: Dongle, >> Hardlock, Hasp, Serial, Password, Hasp4, Flexlm, Sentinel, >> Wibu, Eutron Smartkey, Hasphl, Proteq, All the Protections!! > > > Bill > > > oh, it's in here too ecm2001 crack torrent rapidshare download 57400710144836480355 Bill From nobody at spamcop.net Sat Mar 28 17:34:46 2009 From: nobody at spamcop.net (Steven Underwood) Date: Sat Mar 28 17:35:08 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: Message-ID: "Ellen" wrote in message news:gql9m5$9lo$2@news.spamcop.net... > If anyone is using Outlook and forward as attachment to submit spam to > SC for parsing I would appreciate it if you would either write to me at > deputies @ admin.spamcop.net or reply here. I have a user with an > odd problem and as I don't use Outlook I am a little stymied figuring > out how to proceed. > > Posted to spamcop and geeks with follow-ups to geeks > > > Thanks! > > > Ellen > > Bah not posted to geeks cause I was just informed I can't post to geeks so > I wonder what that's all about > Replied in email with my account information. I use the functionality, without any add-ons with Outlook 2003 at work. To easily forward as attachment, I have a blank message in my reporting folder so I can always select at least 2 messages to forward which then defaults to the Forward as Attachment mode. P.S. Just realized my reply address in that email may be the invalid one I use here... the login email address is no longer valid for replies, but the "Email address where would you like to receive email responses from your reports?" is. From nobody at spamcop.net Sat Mar 28 17:40:12 2009 From: nobody at spamcop.net (Steven Underwood) Date: Sat Mar 28 17:45:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: "Bill" wrote in message news:gqlm55$e8r$1@news.spamcop.net... > > "Bill" wrote in message > news:gqllvt$e0p$1@news.spamcop.net... >> here's the information from clicking reply to group. >> >> >> "ecm2001 rapidshare download torrent " >> wrote in message >> news:gqk5vo$8rr$8@news.spamcop.net... >>> We can crack or emulate any protection type: Dongle, >>> Hardlock, Hasp, Serial, Password, Hasp4, Flexlm, Sentinel, >>> Wibu, Eutron Smartkey, Hasphl, Proteq, All the Protections!! >> >> >> Bill >> >> >> > > oh, it's in here too > > ecm2001 crack torrent rapidshare download 57400710144836480355 > > > Bill > > Full headers show: Path: news.spamcop.net!not-for-mail From: "ecm2001 rapidshare download torrent " Newsgroups: spamcop Subject: ecm2001 crack torrent rapidshare download 57400710144836480355 Date: Sat, 28 Mar 2009 00:35:23 -0300 Organization: ecm2001 download rapidshare torrent Lines: 43 Sender: ecm2001 rapidshare download torrent Message-ID: Reply-To: ecm2001.download@xxxx54545.rapidshare.com NNTP-Posting-Host: 201.79.6.39 X-Trace: news.spamcop.net 1238211381 9083 201.79.6.39 (28 Mar 2009 03:36:21 GMT) X-Complaints-To: news@news.spamcop.net NNTP-Posting-Date: Sat, 28 Mar 2009 03:36:21 +0000 (UTC) X-Priority: 3 X-Library: Indy 9.00.10 Xref: news.spamcop.net spamcop:171253 From gezgin at spamcop.net.which.is.not.invalid Sat Mar 28 23:54:04 2009 From: gezgin at spamcop.net.which.is.not.invalid (Opinicus) Date: Sat Mar 28 23:55:09 2009 Subject: [Scspamcop] Re: All Fixed?? References: <823ss4dkddfmgnp0l1afp41dg6paue6ivp@4ax.com> Message-ID: "SpamCop Admin" wrote > Opinicus wrote: >>-It's 04:40 UTC and I'm still getting "Cannot find login information. Not >>-logged in?" when I try and enter from >>-http://mailsc.spamcop.net/reportheld?action=heldlog > I'm seeing the same thing when I'm logged into mailsc and try to get > to Held Mail. > I'll file a bug to get that fixed. It's now 29 March 2009 @ 04:51 GMT and I'm still getting "Cannot find login information. Not logged in?" when I try and enter from http://mailsc.spamcop.net/reportheld?action=heldlog. What is the ETA on this bug-squashing? -- Bob http://www.kanyak.com From iwantsex at 0.7673872nowathome.com Sun Mar 29 10:19:50 2009 From: iwantsex at 0.7673872nowathome.com (iwantsex@0.7673872nowathome.com) Date: Sun Mar 29 10:20:09 2009 Subject: [Scspamcop] 0.3334977 I Have To See This ...0.6432563 Message-ID: 0.7139805 I Have To See This ... 0.7673872 0.3334977 Now Visit http://www.clicklinknow.com/dating/ 0.6432563 From nobody at spamcop.net Sun Mar 29 11:07:20 2009 From: nobody at spamcop.net (bar0) Date: Sun Mar 29 11:10:08 2009 Subject: [Scspamcop] Re: All Fixed?? References: <823ss4dkddfmgnp0l1afp41dg6paue6ivp@4ax.com> Message-ID: "Opinicus" wrote in message news:gqmrcs$ok2$1@news.spamcop.net... ... > > It's now 29 March 2009 @ 04:51 GMT and I'm still getting "Cannot find > login information. Not logged in?" when I try and enter from > http://mailsc.spamcop.net/reportheld?action=heldlog. > > What is the ETA on this bug-squashing? and I'm still seeing stretches of the cannot parse header on C&P submissions From nobody at spamcop.net Sun Mar 29 13:32:49 2009 From: nobody at spamcop.net (Steven Underwood) Date: Sun Mar 29 13:35:07 2009 Subject: [Scspamcop] Re: All Fixed?? References: <823ss4dkddfmgnp0l1afp41dg6paue6ivp@4ax.com> Message-ID: "Flatus Ohlfahrt" wrote in message news:Xns9BDD76903BC2flatusohlfahrtsorg@216.154.195.61... > It really is frustrating not having mention of this problem in > the 'News' section of the site--more frustrating than the > problem itself. To be fair, the "News" section you speak of is on the Email site and that site is not having any issues. The reporting side of operations (it is 2 separate companies) is having the issue connecting to the mail storage area. That being said, I have asked for an announcement to be made... not sure if it will be or if it will even be seen before the issue is solved.. From bcs1 at spamcop.net Sun Mar 29 13:50:22 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 29 13:55:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: "Steven Underwood" wrote in message news:gqm5fv$vbv$1@news.spamcop.net... > Full headers show: > Path: news.spamcop.net!not-for-mail > From: "ecm2001 rapidshare download torrent " > > Newsgroups: spamcop > Subject: ecm2001 crack torrent rapidshare download 57400710144836480355 > Date: Sat, 28 Mar 2009 00:35:23 -0300 > Organization: ecm2001 download rapidshare torrent > Lines: 43 > Sender: ecm2001 rapidshare download torrent > > Message-ID: > Reply-To: ecm2001.download@xxxx54545.rapidshare.com > NNTP-Posting-Host: 201.79.6.39 > X-Trace: news.spamcop.net 1238211381 9083 201.79.6.39 (28 Mar 2009 > 03:36:21 GMT) > X-Complaints-To: news@news.spamcop.net > NNTP-Posting-Date: Sat, 28 Mar 2009 03:36:21 +0000 (UTC) > X-Priority: 3 > X-Library: Indy 9.00.10 > Xref: news.spamcop.net spamcop:171253 > > well Steven, we got another... Bill Path: news.spamcop.net!not-for-mail From: iwantsex@0.7673872nowathome.com Newsgroups: spamcop Subject: 0.3334977 I Have To See This ...0.6432563 Date: Sun, 29 Mar 2009 14:19:50 +0000 (UTC) Organization: SpamCop Lines: 4 Message-ID: NNTP-Posting-Host: 71.188.113.235 X-Trace: news.spamcop.net 1238336390 27783 71.188.113.235 (29 Mar 2009 14:19:50 GMT) X-Complaints-To: news@news.spamcop.net NNTP-Posting-Date: Sun, 29 Mar 2009 14:19:50 +0000 (UTC) Body: Xref: news.spamcop.net spamcop:171268 0.7139805 I Have To See This ... 0.7673872 0.3334977 Now Visit http://www.clicklinknow.com/dating/ 0.6432563 From nobody at spamcop.net Sun Mar 29 14:36:51 2009 From: nobody at spamcop.net (bar0) Date: Sun Mar 29 14:40:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: "Bill" wrote in message news:gqoccu$2gh$1@news.spamcop.net... >... > > well Steven, > we got another... > > Bill > > > Path: news.spamcop.net!not-for-mail.... ....and we really didn't need any parts of it again! From iwantsex at 0.5258269nowathome.com Sun Mar 29 15:11:32 2009 From: iwantsex at 0.5258269nowathome.com (iwantsex@0.5258269nowathome.com) Date: Sun Mar 29 15:15:08 2009 Subject: [Scspamcop] 0.9210362 I Feel Curious ... 0.4271039 Message-ID: 0.6433216 I Feel Curious... 0.5258269 0.9210362 Now Visit http://www.clicklinknow.com/dating/ 0.4271039 From iwantsex at 0.4928334nowathome.com Sun Mar 29 15:15:33 2009 From: iwantsex at 0.4928334nowathome.com (iwantsex@0.4928334nowathome.com) Date: Sun Mar 29 15:20:09 2009 Subject: [Scspamcop] 0.3499309 Now Click Here To Have It ... 0.6850973 Message-ID: 0.4140189 Now Click Here To Have It ... 0.4928334 0.3499309 Now Visit http://www.clicklinknow.com/dating/ 0.6850973 From iwantsex at 0.3809559nowathome.com Sun Mar 29 15:15:57 2009 From: iwantsex at 0.3809559nowathome.com (iwantsex@0.3809559nowathome.com) Date: Sun Mar 29 15:20:10 2009 Subject: [Scspamcop] 0.2380535 Got To See This ... 0.5732199 Message-ID: 0.3021415 Got To See This ... 0.3809559 0.2380535 Now Visit http://www.clicklinknow.com/dating/ 0.5732199 From iwantsex at 0.2032106nowathome.com Sun Mar 29 15:55:31 2009 From: iwantsex at 0.2032106nowathome.com (iwantsex@0.2032106nowathome.com) Date: Sun Mar 29 16:00:08 2009 Subject: [Scspamcop] 0.4021108 See The Pleasure Inside ... 0.344659 Message-ID: 0.7825935 See The Pleasure Inside ... 0.2032106 0.4021108 Now Visit http://www.clicklinknow.com/dating/ 0.344659 From iwantsex at 0.8303449nowathome.com Sun Mar 29 16:07:58 2009 From: iwantsex at 0.8303449nowathome.com (iwantsex@0.8303449nowathome.com) Date: Sun Mar 29 16:10:08 2009 Subject: [Scspamcop] 0.3964555 Now Click Here To See ... 0.7062141 Message-ID: 0.7769383 Now Click Here To See ... 0.8303449 0.3964555 Now Visit http://www.clicklinknow.com/dating/ 0.7062141 From nobody at devnull.spamcop.net Sun Mar 29 16:39:43 2009 From: nobody at devnull.spamcop.net (Wazoo) Date: Sun Mar 29 16:40:07 2009 Subject: [Scspamcop] Re: All Fixed?? References: <823ss4dkddfmgnp0l1afp41dg6paue6ivp@4ax.com> Message-ID: "Flatus Ohlfahrt" wrote in message news:Xns9BDD76903BC2flatusohlfahrtsorg@216.154.195.61... > On Sun, 29 Mar 2009 15:07:20 GMT, bar0 wrote in > news:gqo2rb$49u$1@news.spamcop.net: >> "Opinicus" wrote >> in message news:gqmrcs$ok2$1@news.spamcop.net... >> ... >>> It's now 29 March 2009 @ 04:51 GMT and I'm still getting >>> "Cannot find login information. Not logged in?" when I try >>> and enter from >>> http://mailsc.spamcop.net/reportheld?action=heldlog. > > "Cannot find login information. Not logged in?" > > It really is frustrating not having mention of this problem in > the 'News' section of the site--more frustrating than the > problem itself. And for the flip side .... the mailsc address invoked states that a SpamCop/CESmail.net account is in use. As support for those e-mail accounts was suggested to be handled over in the Forum, one would note that there are numerous Topics/Discussion existing on various issues, functions, and services impacted by this upgrade. I have made an attempt to co-locate some/most of this data into a single spot in the Announcements section of the Forum. http://forum.spamcop.net/forums/index.php?showtopic=10210 From asterix at no_where.net Sun Mar 29 18:41:51 2009 From: asterix at no_where.net (Asterix) Date: Sun Mar 29 17:40:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: <1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net> bar0 wrote: > "Bill" wrote in message > news:gqoccu$2gh$1@news.spamcop.net... > >... > > > > well Steven, > > we got another... > > > > Bill > > > > > > Path: news.spamcop.net!not-for-mail.... > > ....and we really didn't need any parts of it again! Guess somebody with a spamcop account got their Wintel box trojaned - again. Can you track the account and warn the poor sod? -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From nobody at spamcop.net Sun Mar 29 17:54:07 2009 From: nobody at spamcop.net (bar0) Date: Sun Mar 29 17:55:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: <1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net> Message-ID: "Asterix" wrote in message news:1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net... > bar0 wrote: > >> "Bill" wrote in message >> news:gqoccu$2gh$1@news.spamcop.net... >> >... >> > >> > well Steven, >> > we got another... >> > >> > Bill >> > >> > >> > Path: news.spamcop.net!not-for-mail.... >> >> ....and we really didn't need any parts of it again! > > Guess somebody with a spamcop account got their Wintel box trojaned - > again. Can you track the account and warn the poor sod? I think anyone with a newsreader can access these NG's, AFAIK there are no accounts. I've never used my SC account anywhere in setting OE up to read news here. I think it's a disgruntled spam-er-emailer with a new kit and affiliate ID for adultspamming.com From MikeE at ster.invalid Sun Mar 29 18:08:14 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 29 18:10:09 2009 Subject: [Scspamcop] Re: spam in .social??? References: <1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net> Message-ID: Asterix wrote: > Guess somebody with a spamcop account got their Wintel box trojaned - > again. Can you track the account and warn the poor sod? You don't need an account to spam these groups. All you need is the name of the newsserver which is public information, ie published on the web. I recommend that they be ignored, which is more efficient than filtering. As we used to say, "Jus' ig' 'im!" -- Mike Easter kibitzer, not SC admin From Ag2000CO at Starband.net Sun Mar 29 18:12:39 2009 From: Ag2000CO at Starband.net (LKing) Date: Sun Mar 29 18:15:08 2009 Subject: [Scspamcop] Re: spam in .social??? In-Reply-To: References: <1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net> Message-ID: bar0 wrote, On 3/29/2009 5:54 PM: > "Asterix" wrote in message > news:1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net... >> bar0 wrote: >> >>> "Bill" wrote in message >>> news:gqoccu$2gh$1@news.spamcop.net... >>>> ... >>>> >>>> well Steven, >>>> we got another... >>>> >>>> Bill >>>> >>>> >>>> Path: news.spamcop.net!not-for-mail.... >>> ....and we really didn't need any parts of it again! >> Guess somebody with a spamcop account got their Wintel box trojaned - >> again. Can you track the account and warn the poor sod? > > I think anyone with a newsreader can access these NG's, AFAIK there are no > accounts. I've never used my SC account anywhere in setting OE up to read > news here. I think it's a disgruntled spam-er-emailer with a new kit and > affiliate ID for adultspamming.com > > Daniel Frascella Jr Daniel Frascella Jr (nowclickhere@yahoo.com) +1.6095109813 Fax: 38 Division Street Trenton, NJ 08611 US is the name I get from whois From anthony.edwards at uk.easynet.net Sun Mar 29 19:13:34 2009 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Sun Mar 29 19:15:09 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: <0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com> Message-ID: On Sat, 28 Mar 2009 10:05:37 -0600, SpamCop Admin wrote: > Just so there is no confusion... > > We understand that later versions of Microsoft Outlook feature a > "Forward as Attachment" function just like Outlook Express. This was possible using Outlook 97 also, although it wasn't called that. One had to first create a new email message then attach the email to be forwarded to it, which would then be sent as a message/rfc822 attachment. It couldn't be done in Outlook 97 by forwarding an email in the usual way. -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 020 7900 4444 Easynet Ltd * DDI: 0161 888 3507 http://www.easynet.com * Fax: 0845 333 4503 From bcs1 at spamcop.net Sun Mar 29 20:32:36 2009 From: bcs1 at spamcop.net (Bill) Date: Sun Mar 29 20:35:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: Message-ID: "bar0" wrote in message news:gqof47$csv$1@news.spamcop.net... > > "Bill" wrote in message > news:gqoccu$2gh$1@news.spamcop.net... >>... >> >> well Steven, >> we got another... >> >> Bill >> >> >> Path: news.spamcop.net!not-for-mail.... > > ....and we really didn't need any parts of it again! > There's like 6 or 7 of them all different now... From nobody at spamcop.net Sun Mar 29 21:44:13 2009 From: nobody at spamcop.net (bar0) Date: Sun Mar 29 21:45:09 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: <0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com> Message-ID: "Anthony Edwards" wrote in message news:gqovau$pbl$1@news.spamcop.net... > On Sat, 28 Mar 2009 10:05:37 -0600, SpamCop Admin > > wrote: >> Just so there is no confusion... >> >> We understand that later versions of Microsoft Outlook feature a >> "Forward as Attachment" function just like Outlook Express. > > This was possible using Outlook 97 also, although it wasn't called > that. One had to first create a new email message then attach > the email to be forwarded to it, which would then be sent as a > message/rfc822 attachment. > > It couldn't be done in Outlook 97 by forwarding an email in the > usual way. wierd, my wetlook only gives me a bowdlerized attachment with insuffucuent headers. OTOH, OE does it fine. From nobody at devnull.spamcop.net Sun Mar 29 23:14:06 2009 From: nobody at devnull.spamcop.net (Patto) Date: Sun Mar 29 23:15:08 2009 Subject: [Scspamcop] Re: Strange going-ons... In-Reply-To: References: Message-ID: It is Monday morning, and it is still doing it, but far less frequently now (once for the entire weekend spam). Patto wrote: > I send a group of spam messages to SC, receive a confirmation "has > received x emails", then proceed to http://www.spamcop.net/ > > I click on the 'Report Now' link, and SC brings up, e.g. > http://www.spamcop.net/sc?id=z2734993992zda2bce77d70854a4b359bfcd7876a0d2z > > I click on 'Send Spam Report(s) Now', and the thing seems to be gone. > The 'Report Now' link comes back, but interestingly its color is of a > link already visited. When I click on it, the same spam as above comes > back, but as 'already sent'. > > This seems to report itself with every second submission. This behavior > is new as per today. From nobody at devnull.spamcop.net Sun Mar 29 23:24:14 2009 From: nobody at devnull.spamcop.net (Patto) Date: Sun Mar 29 23:25:08 2009 Subject: [Scspamcop] Re: 0.3964555 Now Click Here To See ... 0.7062141 In-Reply-To: References: Message-ID: iwantsex@0.8303449nowathome.com wrote: > 0.7769383 Now Click Here To See ... 0.8303449 > > 0.3964555 Now Visit /* removed */ 0.7062141 Obviously it is not a problem to spam the SpamCop newsgroup, as as usenet spam can no longer be reported to SC! From MikeE at ster.invalid Sun Mar 29 23:52:36 2009 From: MikeE at ster.invalid (Mike Easter) Date: Sun Mar 29 23:55:08 2009 Subject: [Scspamcop] Re: 0.3964555 Now Click Here To See ... 0.7062141 References: Message-ID: Patto wrote: > iwantsex@0.8303449nowathome.com wrote: >> 0.7769383 Now Click Here To See ... 0.8303449 > Obviously it is not a problem to spam the SpamCop newsgroup, as as > usenet spam can no longer be reported to SC! Managing spam in newsgroups requires a lot of administration - heavy-handed administering of spamcop's newsgroups is not in the cards. Huge and hugely profitable and expensively administered newsservers such as giganews don't really manage spam competently; and it would be impractical for a simple little news place like spamcop's to even attempt to do so. Even if the newsserver was to go to the trouble to authenticate for spamcop registrants, signup for spamcop is both free and trivial. Not only that, but in the past, some news misbehaviors were generated by regulars/reporters. Separate from the complicated business of such as cleanfeed and antispam cancelbots and active/intense administration such as is done on the server end by indvidual.net, the best thing for the reader to do about news spam on the client end is to ignore it. If you can't ignore it, get a newsreader filter to ignore it for you. The more noise that is made about it, the more 'unsettling' such a minor issue will seem to be. -- Mike Easter kibitzer, not SC admin From anthony.edwards at uk.easynet.net Mon Mar 30 08:36:43 2009 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Mon Mar 30 08:40:09 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: <0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com> Message-ID: On Sun, 29 Mar 2009 20:44:13 -0500, bar0 wrote: > > "Anthony Edwards" wrote in message > news:gqovau$pbl$1@news.spamcop.net... >> On Sat, 28 Mar 2009 10:05:37 -0600, SpamCop Admin >> >> wrote: >>> Just so there is no confusion... >>> >>> We understand that later versions of Microsoft Outlook feature a >>> "Forward as Attachment" function just like Outlook Express. >> >> This was possible using Outlook 97 also, although it wasn't called >> that. One had to first create a new email message then attach >> the email to be forwarded to it, which would then be sent as a >> message/rfc822 attachment. >> >> It couldn't be done in Outlook 97 by forwarding an email in the >> usual way. > > wierd, my wetlook only gives me a bowdlerized attachment with insuffucuent > headers. OTOH, OE does it fine. Outlook can only forward as an attachment the email that it has, in some Exchange Server environments only a small subset of SMTP header information is made available to local user recipients (the default configuration of recent Exchange Server versions, as I understand things). Are you in an Exchange Server environment yourself? Kind regards Anthony Edwards -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 020 7900 4444 Easynet Ltd * DDI: 0161 888 3507 http://www.easynet.com * Fax: 0845 333 4503 From nobody at no.no Mon Mar 30 10:05:50 2009 From: nobody at no.no (helge) Date: Mon Mar 30 10:10:08 2009 Subject: [Scspamcop] Still no fix (was: Re: All Fixed??) In-Reply-To: References: <823ss4dkddfmgnp0l1afp41dg6paue6ivp@4ax.com> Message-ID: Flatus Ohlfahrt skrev: > On Sun, 29 Mar 2009 15:07:20 GMT, bar0 wrote in > news:gqo2rb$49u$1@news.spamcop.net: > >> "Opinicus" wrote >> in message news:gqmrcs$ok2$1@news.spamcop.net... >> ... >>> It's now 29 March 2009 @ 04:51 GMT and I'm still getting >>> "Cannot find login information. Not logged in?" when I try >>> and enter from >>> http://mailsc.spamcop.net/reportheld?action=heldlog. >>> >>> What is the ETA on this bug-squashing? >> >> and I'm still seeing stretches of the cannot parse header >> on C&P submissions >> >> > > "Cannot find login information. Not logged in?" snip I still see that after I have logged in from the webmail held mail page to http://mailsc.spamcop.net/ and then use the held mail button. Usually I am able to use the cookie login. Time 1600 UTC+2 helge From nobody at spamcop.net Mon Mar 30 11:30:19 2009 From: nobody at spamcop.net (Bar0) Date: Mon Mar 30 11:35:09 2009 Subject: [Scspamcop] Re: Outlook - forward as attachment References: <0eiss4tm1d8mavtb64uc265jte4pe3pknj@4ax.com> Message-ID: "Anthony Edwards" wrote in message news:gqqecr$oog$1@news.spamcop.net... > On Sun, 29 Mar 2009 20:44:13 -0500, bar0 wrote: >> >> "Anthony Edwards" wrote in message >> news:gqovau$pbl$1@news.spamcop.net... >>> On Sat, 28 Mar 2009 10:05:37 -0600, SpamCop Admin >>> >>> wrote: ... >> >> wierd, my wetlook only gives me a bowdlerized attachment with >> insuffucuent >> headers. OTOH, OE does it fine. > > Outlook can only forward as an attachment the email that it has, in > some Exchange Server environments only a small subset of SMTP header > information is made available to local user recipients (the default > configuration of recent Exchange Server versions, as I understand > things). > > Are you in an Exchange Server environment yourself? No, Not yet, that is coming. I am still POPing mail, and I just tried again, and all I get are the "user" headers, no received lines. I created a new mail and dragged the spam item into the body area, which caused the creation of an eml attachment. which is the bowdlerized item. Just to be sure I submitted it to SC, and got the classic can't find your spam in the message. Scrooling down SC's reply to the message that SC got, I see it began with the "From" line, no "Received" lines. From asterix at no_where.net Mon Mar 30 15:14:06 2009 From: asterix at no_where.net (Asterix) Date: Mon Mar 30 14:10:08 2009 Subject: [Scspamcop] Re: spam in .social??? References: <1ixd5pw.1yo6jg1aq9gp8N%asterix@no_where.net> Message-ID: <1ixeqsr.17w6ujq18qwzd0N%asterix@no_where.net> bar0 wrote: > > Guess somebody with a spamcop account got their Wintel box trojaned - > > again. Can you track the account and warn the poor sod? > > I think anyone with a newsreader can access these NG's, AFAIK there are no > accounts. I've never used my SC account anywhere in setting OE up to read > news here. Your right - I haven't checked my settings for many years, so I forgot about that... -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From nobody at spamcop.net Mon Mar 30 15:42:05 2009 From: nobody at spamcop.net (Antispam Knight) Date: Mon Mar 30 15:45:08 2009 Subject: [Scspamcop] blizzardhosting.net[216.17.107.72] Message-ID: Are others seeing deliberately borken spams pimping these clowns? I'm seeing about 3-4/day. Hosted by phatservers.net and owned by marqueemediaonline.com. AK From nobody at spamcop.net Mon Mar 30 15:57:20 2009 From: nobody at spamcop.net (Ellen) Date: Mon Mar 30 16:00:08 2009 Subject: [Scspamcop] Hotpatch Maintenance Monday March 30 Message-ID: Subject: SpamCop 4.5.0-101 Hot Patch Deployment Date/Time of Maintenance: Monday, March 30, 2009, 2:00pm PDT Expected Duration: 1 hours Impact: Our SpamCop cluster will have intermittent availability during the 1 hour window. Customer Impact: Direct customers of our SpamCop service will notice intermittent connectivity during the downtime. This hotpatch addresses the mailsc/held mail/etc errors of the last couple of days. Please propagate as needed. Ellen SpamCop From nobody at spamcop.net Mon Mar 30 16:03:52 2009 From: nobody at spamcop.net (Ellen) Date: Mon Mar 30 16:05:08 2009 Subject: [Scspamcop] Hotpatch Maintenance Monday March 30 Message-ID: Subject: SpamCop 4.5.0-101 Hot Patch Deployment Date/Time of Maintenance: Monday, March 30, 2009, 2:00pm PDT Expected Duration: 1 hours Impact: Our SpamCop cluster will have intermittent availability during the 1 hour window. Customer Impact: Direct customers of our SpamCop service will notice intermittent connectivity during the downtime. This hotpatch addresses the mailsc/held mail/etc errors of the last couple of days. Please propagate as needed. Ellen SpamCop From nobody at spamcop.net Mon Mar 30 18:08:41 2009 From: nobody at spamcop.net (Steven Underwood) Date: Mon Mar 30 18:10:09 2009 Subject: [Scspamcop] Re: Hotpatch Maintenance Monday March 30 References: Message-ID: "Ellen" wrote in message news:gqr8j8$6b1$2@news.spamcop.net... > > This hotpatch addresses the mailsc/held mail/etc errors of the last > couple of days. > > Ellen > SpamCop This appears to be working from my location... thank you for the work to get this completed. From nobody at spamcop.net Mon Mar 30 20:00:11 2009 From: nobody at spamcop.net (bar0) Date: Mon Mar 30 20:05:08 2009 Subject: [Scspamcop] Re: blizzardhosting.net[216.17.107.72] References: Message-ID: "Antispam Knight" wrote in message news:gqr7ad$19f$1@news.spamcop.net... > Are others seeing deliberately borken spams pimping these clowns? I'm > seeing about 3-4/day. > Hosted by phatservers.net and owned by marqueemediaonline.com. > AK Haven't seen a spam from Blizzard for years, I concluded that I've been placed on their suppression list, my mail providers block them, or they cleaned up. At one time they sourced a blizzard of spam. Are you sure there isn't a joe by a spammer unhappy at being turfed going on? From nobody at spamcop.net Mon Mar 30 21:22:53 2009 From: nobody at spamcop.net (Antispam Knight) Date: Mon Mar 30 21:25:08 2009 Subject: [Scspamcop] Re: blizzardhosting.net[216.17.107.72] References: Message-ID: "bar0" wrote in message news:gqrmeg$1dv$1@news.spamcop.net... > > "Antispam Knight" wrote in message > news:gqr7ad$19f$1@news.spamcop.net... >> Are others seeing deliberately borken spams pimping these clowns? I'm >> seeing about 3-4/day. >> Hosted by phatservers.net and owned by marqueemediaonline.com. >> AK > > Haven't seen a spam from Blizzard for years, I concluded that I've been > placed on their suppression list, my mail providers block them, or they > cleaned up. At one time they sourced a blizzard of spam. Are you sure > there isn't a joe by a spammer unhappy at being turfed going on? > No, I don't know that. If you'd care to take a look see http://www.spamcop.net/sc?id=z2744889854z0b51d51dfae3c9e67885a1f7ec1c9dffz They're all borken in the same way, and all identical except for the source. AK