Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by newhorizon

  1. Yes, the dynamics do cause some issues, leaving some of use with nothing more to offer than a shrug for specific answers as "it works now" .... yet, actually things like your example are known issues, so usually the answers can be delved ...


    Well, you know better than I about how folks react to all this schtuff. But lemme nevertheless audaciously submit that it's reasonable for us run-of-the-mill spam victims to assume that the "reference URL" always shows what was shown at the time of the report. When those expectations are dashed, me-thinks it's a bit of an "ouch" for them, even if only a shrug for you.

    Not looking for a reply. Just throwing an opinion out there...

  2. you over specified a bit,...
    I get that a lot.

    ...FWIW, I'd say a minute or two.

    I guess I'm a slow reader - I couldn't come close to reading all 55 of those notes in under 1 or 2 mins. Maybe when I reach the rank of "Advanced Member" like most of the rest of you, I'll know how to carefully read more quickly.

    Well meanwhile, come the end of this year, I hope y'all be patient with me if I come back and check again about dbiel's suggestion to add the rest of the icons into the bottom of the page of the list of topics....

  3. ... You've got me laughing so hard right now .... There's the FAQ that continues to be overlooked, ignored, or simply not seen ... there's a Topic within the Lounge dealing with "Forum configuration changes" (maybe you've seen it, but I'll bet not <g>)

    Silly me for not providing a C&C warning.

    So I goes to the search page, I types in "Forum configuration changes" (incl double quotes), I selects "SpamCop Lounge" and clicks on "Perform the Search". The above note is the only match. :(

    Does anybody have an estimate for how much time a person - especially some newbie - needs to search, read, and/or otherwise root around this forum before feeling that s/he can "safely" post a suggestion?

    Not rhetorical.

  4. ... the actual spam-parsing bit uses a whole different approach at parsing the entire header structure ....

    That doesn't explain it, imho.

    Going back to my tracking URL (shown in post #1), it now shows:

    >Resolving link obfuscation


    > host (getting name) no name

    >Tracking link: http://888-luvu.com/z/

    >[report history]

    >Resolves to

    >Routing details for

    [... etc ...]

    Which is different than what you (Wazoo) and I saw earlier where this same URL resolved the same domain to

    So I guess something changed.

    And now I've learned that a given tracking URL can change what it shows us over time. Me-thinks that the dynamic content of a tracking URL makes it difficult for folks (like us) to have a discussion about what happened at the time the reports were sent...? :huh:

  5. Tracking link: http://888-luvu.com/z/

    Resolves to


    the IP is within a block of "reserved" numbers that shouldn't be showing up on the 'net' ...

    I'm still lost, but for a different reason. At

    http://www.spamcop.net/sc?track=http%3A%2F...luvu.com%2Fz%2F we see:

    >Parsing input: http://888-luvu.com/z/

    >host (getting name) no name


    >Reporting addresses:




    So it's looking like 888-luvu.com resolves to in

    one case but resolves to in another case?

    Maybe I'm missing something painfully obvious...? :blink:

  6. ... so I'm still kind of going with that a few lines of screen space are saved by dropping them off (or not adding them in?) ...

    Maybe you're right - but I gotta say that I can't buy into the notion that conserving screen space is worth leaving icons entirely unexplained.

    In any case, it seems from this thread we're in agreement that adding those icons is a good suggestion. Yet altho' Wazoo's educated speculation is perhaps informative, I hope y'all will understand when I say I'm left to wonder why folks would be inclined to post suggestions if they're apparently just /dev/null'd (ie, neither (a) implemented nor (B) is the actual reason provided why the request is denied).

    BTW, is it just my screen, or are the "Poll (New)" and "Poll (No New)" icons exactly the same? And btw (again), how about "Not New" instead of "No New"?

  7. Ah, gotchya. Good reason. :D

    Historically, I've found SpamCop useful not only for sending abuse reports, but for simply determining an externally-valid abuse address (by typing ONLY the IP address or the domain name into SC's text box).

    With SC sometimes using non-public addresses only, this usefulness seems to be fading. :(

    I guess I'll stick to http://www.abuse.net/lookup.phtml (but it doesn't allow IP addresses).

    No need to reply - just kvetching. ;)

  8. Ok, note dropped off in JT's direction to see about putting them back. 

    (Fast-forward roughly 15 weeks...)

    Any word?

    The icons have changed in design - we've got triangles instead of dots now. But they're still not explained in the legend.

  9. However, the bounces that are causing mail servers to be listed are because of the operators method of handling mail and bounces. Instead of issuing a 550 during the smtp transaction stage, they are accepting the mail and then bouncing it back to the forged return address.

    I wasn't sure if you're advocating 550's over bouncing, and I'm not really a mail server SysAdmin, but I think, if you'll permit me the audacity, that bouncing is the only way to go where the enterprise's SMPT server has little or no knowledge of which addresses are valid throughout the enterprise. Eg: maybe the SMTP server for almamater.edu has no knowledge of the Email addresses at chem.almamater.edu, math.almamater.edu, alum.almamater.edu. And so it's up to the sub-domains to do the (delayed) bouncing.

    If this makes no sense, you may resoundingly ignore me.

    Oh, and somebody once told me that 550's (as opposed to delayed bounces) can help a dictionary attack go much faster. (not good)

  10. There's no evidence of thin skin in any of newhorizon's posts that I can see, simply a bit of very, very understandable frustration.

    Frustration, yes. But those who know me well know my skin is thinner than it oughtta be. So me-thinks you're BOTH right. :D

    Under the Topic at Forum configuration, additions, changes, input requested , there's a suggested Forum with a description of;

    I want to spend more time looking that over than I have today. Off hand, looks good. Later.

  11. Do you think the definition could be added to the list of icons at the bottom of the forum screen?

    I'm not seeing the sense of leaving off the blue envelopes with black dots. So count me as being very much in favor of the above.

  12. If you took a look at recently posted topics, you would see that Wazoo has already used your suggestion in a discussion of how the forums could be made more useful.

    How much time would I have needed to spend to keep tabs on other topics to be able to discern that? (Yes, OK, don't tell me: if I had read them, I'd know *this* answer too!) :|

    So anyway, that's a "nay" to the suggestion box idea...?

    if you had 'lurked' a little, you would have known that the Lounge is actually being used for very different purposes than what is stated in the title

    I understand what netiquette says about lurking.

    But it says nothing about faulting a newbie for not dismissing what's clearly stated. :(

  13. have moved it to the Lounge anyway, as it really isn't a "Help" situation ... if this is bit upsetting, I'll invite you to contribute to a Topic "here" dealing with changing, adding, modifying these Forums for a better place for these things


    Yeah, moving this thread about a proposed SpamCop feature into a forum where SpamCop discussions are *discouraged* seemed strange. :huh:

    But I got over it. :)

  14. Sounds like that "add reporting address" business is a hot issue.

    But I humbly/kindly submit that it's non-sequitor here.

    I'm just suggesting that a 'mailto' link would be a handier alternative to clicking on the Email client's icon on the desktop. That's all.

    I'm not always clueful, but I'm thinkin' the 'mailto' link wouldn't get around any restrictions nor opens new doors to abusive practices? Instead, me-thinks such a 'mailto' link would help encourage the reporting of spam --- which is a good thing --- even if not via SpamCop.

    Does Julian read these here notes, or should I go and bother some other forum?

    Or I'm tempted to start a poll, but I'm too new here to know how they're received.

  15. > First thought is that by clicking and "sending the report yourself" ....

    I think by "sending the report yourself" you mean sending a *SpamCop* report yourself. But that's not really what I meant.

    Stepping back a bit: once SpamCop says that so-and-so refuses SpamCop reports, I find myself with 2 options: send an Email to the abuse address myself, or do nothing. If I wanted to do nothing, I wouldn't be here! :)

    Sending an Email to the abuse address myself isn't the same as manually sending a *SpamCop* report, imho; I'm just sending my OWN complaint (which wouldn't make SpamCop a liar) and a 'mailto' link on the SpamCop page struck me as being 1) easy to do and 2) handy for the user.

  16. Lemme throw this thought out there and see if it sticks... :)

    If when reporting spam via the web interface and SpamCop says something like

    "abuse[at]auna.es is not accepting SpamCop reports",

    howz about making that abuse address a clickable mailto link to make it just a tad easier for the user to send a report him/herself?

  17. Sorry, let me back up: the incident in my original post is a month old.

    I'm afraid I need to ask you to disregard much of it. Sorry again.


    I find I can now register mailhosts from my job (via my employer's ISP) -

    no more "...traverse more than one domain." error messages.

    So I do that and I try to report this spam:

    > From - Thu Apr 22 10:12:14 2004

    > X-UIDL: 1082642966.13992.qmail.fcc.net,S=3472

    > X-Mozilla-Status: 0001

    > X-Mozilla-Status2: 00000000

    > Return-Path: x

    > Delivered-To: x

    > Received: (qmail 13979 invoked by uid 89); 22 Apr 2004 14:09:26 -0000

    > Received: from unknown (HELO psmtp.com) (

    > by 0 with SMTP; 22 Apr 2004 14:09:26 -0000

    > Received: from source ([]) by exprod6mx90.postini.com ([]) with SMTP;

    > Thu, 22 Apr 2004 10:09:18 EDT

    > Received: from by; Thu, 22 Apr 2004 07:32:26 -0700

    > Message-ID: <OAAD____________FOYR[at]yahoo.com>

    > From: "Charlene Nguyen" <txajs[at]yahoo.com>

    > Reply-To: "Charlene Nguyen" x

    > To: x

    > Subject: Italian-crafted Rolex - only $65 - $140!! Free SHIPPING!!

    > Date: Thu, 22 Apr 2004 11:28:26 -0300

    > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)

    > MIME-Version: 1.0

    > Content-Type: multipart/alternative;

    > boundary="--679170753373396366"

    > X-Priority: 3

    > X-MSMail-Priority: Normal

    and I get:

    > Parsing header:

    > 0: Received: from unknown (HELO psmtp.com) ( by 0 with SMTP; 22 Apr 2004 14:09:26 -0000

    > Possible forgery. Supposed receiving system not associated with any of your mailhosts

    > Will not trust anything beyond this header

    > No source IP address found, cannot proceed.

    > Add/edit your mailhost configuration

    > Finding full email headers

    > Submitting spam via email (may work better)

    > Example: What spam headers should look like

    > Nothing to do.

    So I delete my mailhost info and try reporting it again. SpamCop duly does:

    > Tracking message source:


    fcc.net is the ISP I use from home. Meanwhile, my outbound

    SMTP server at work is smtp.covadmail.net. (I don't understand

    this schtuff enuf to know why my Email appears to come from exprod6mx16.postini.com instead, but I gather that's a moot point?)

    On SpamCop, after I configure mailhosts (using my fcc.net Email address)

    from work, the items in the "Hosts/Domains" drop-down list are:

    > ncn.net.ncn.mail1.psmtp.com

    > dls.net.mail5.psmtp.com

    > mtaonline.net

    > david.mtaonline.net

    > exprod6mx87.postini.com

    > exprod6mx12.postini.com

    > postini.com

    > exprod6mx55.postini.com

    > exprod6mx56.postini.com

    > exprod7mx5.postini.co

    > exprod5mx98.postini.com

    > exprod6mx25.postini.com

    > psmtp.com

    > exprod6mx83.postini.com

    > exprod5mx48.postini.com

    > exprod5mx73.postini.com

    > exprod5mx52.postini.com

    > exprod6mx50.postini.com

    > When you POP from work, are you doing it from a client machine ....

    Yep, from a run-of-the-mill Netscape mail client. IHO(*)

    > Did you setup the mailhost configuration for both the ISP and your work hosts?

    Not understanding that question.

    The only mailhosts SpamCop allows me to set up are the ones

    indicated above. I'm not seeing how to configure more mailhosts than what

    SpamCop finds...? I'm missing something obvious, perhaps?

    (*) IHO = I Hate Outlook

  18. I suspect I'm just clueless, but let me ask...

    I report spam by cutting/pasting into the SpamCop web page.

    I tried this new mailhost thing and got:

    "Sorry, the email sample you submitted for x

    appears to traverse more than one domain."

    The Email account I have is provided to me by the ISP

    I use for my dail-up service from home. And the domain name in

    my Email address is the domain name of this ISP.

    Straight-forward stuff. :)

    But I also POP3 this same mailbox from my job which uses a different

    ISP for connectivity. And trying to setup my mailhosts schtuff

    from my job gave me the above message.

    So it's kinda looking like with this mailhosts thingy in place, I can not

    report spam sent to the above-mentioned Email box when connecting

    via an ISP which doesn't own my mailbox's domain. Is that right,

    or am I totally in the dark?