Jump to content

showker

Membera
  • Content Count

    165
  • Joined

  • Last visited

Everything posted by showker

  1. showker

    URL Shrinking Website != Spam

    Also, be further advised: Domain length shortening services have come under the scrutiny of many "public" entities like libraries and public schools. In an effort to curb the use of "TinyURL" (and others) being used to send and spread porno content, many public school systems merely block all TinyURL domains. How did we first discover this? One of our sister sites sends an email technology newsletter each Monday morning. (have since 1994) However we began getting lots and lots of complaints from subscribers that the "Links don't work" We had begun using TinyURL as a method of shortening rediculously long domains into managable lengths so they wouldn't get truncated in email. Turns out the readers who's links stoped working were receiving the newsletter through a system which had begun blocking all TinyURL domains. One administrator said: "We started blocking after we discovered the kids were using TinyURL to mask game, pirate software and porno site links in their forums and web pages ... strictly against our policy -- so we block." Food for thought. :-)
  2. showker

    No Spam? WTH?

    Our unfiltered spam traps have indeed experienced a dramatic reduction in spam over tha past four days. It's actually to the point that I had to check my POP setups to see if they're still working -- they are. Our average throughput has been between 500 and 800 spams daily since the turn of the century. There have been brief ups and downs, but that's a running average. Our Knujon reports verify that -- until this past weekend. Today's Knujon upload contains 767. So it's creeping back up. However, having said that, we believe domain tasting is attributing to an increase in "same spammer" spam, as nearly a third of each day's spam is either directly or indirectly originating from the "Herbal Remedies" spammer in China selling male enhancement products. We've detected and identified as many as 125 different domains used in any given 24 hours by the SAME spammer. Last week we had 68 identical spams with the only difference being a nonsensical domain which changed only one or two letters. The culprit: Canadian Pharmacy. We believe if ICANN would end domain tasting, the world would see an immediate 30% reduction in spam. Keep posting.
  3. I would sincerely appreciate it if someone could reply with a link to an online chart that shows the ASCII equivalents for email encoded with "equal" characters. ("=") Quite often the "=" in URLs is "=3D" and periods "=2F" But I haven't been able to find a chart anywhere that will show me the other characters. What is that called? SAMPLE: > =C3=CE=D1=D3=C4=C0=D0=D1=D2=C2=C5=CD=CD=CE=C3=CE > =C7=C0=CA=C0=C7=C0<BR>=CF=F0=E0=EA=F2=E8=F7=E5=F1=EA=E8=E5 > =E7=ED=E0=ED=E8=FF<BR>=CE=F2=E2=E5=F2=FB =ED=E0 =E2=F1=E5 > =C2=E0=F8=E8 =E2=EE=EF=F0=EE=F1=FB<BR> > =C2 =EA=E0=F7=E5=F1=F2=E2=E5 =F0=E0=E7=E4=E0=F2=EE=F7=ED=EE=E3=EE > =EC=E0=F2=E5=F0=E8=E0=EB=E0 - > =E0=E2=F2=EE=F0=F1=EA=E8=E5 =F0=E0=E7=F0=E0=E1=EE=F2=EA=E8 > <BR> END SAMPLE. Can someone explain ??? Thanks Fred
  4. showker

    Is it really doing any good?

    Ooops! You are correct -- I meant to say APNIC. But that was a little rash on my part -- they would never block in that fashion. You missed the point -- as do so many others. It's not about the email at all. We've already established that "filtering" and "blocking" the sender of email spam is totally ineffective and a total waste of the resources. The "task force" would organize and implement a block on the IP address of the spamvertised web site -- if not the entire spread of IP addresses owned by the particular ISP. Note I also said the Task Force would weed out the most prolific and begin there. FOR INSTANCE: There is one spam cartel advertising "Megadik" using some 200 different domains as 'landing' pages for their ads. The owner of ALL of the domains (according to Whois, which is suspect) is supposedly in China. Since November 15th the honeypots have received some 3,500 spams from this entity -- they've all been reported -- they're all on the various DNSBLs, but they continue to spam. However the Task Force would investigate and discover that of all that spam, there is only TWO destinations. TWO. This is something NO filter or black list could figure out because it's the THIRD link found in the trail of links to the spammer's revenue source. I know, I've been tracking them. This takes maybe five minutes. But a human has to do it. NOT a filter or DNSBL. So they block the RANGE of IP addresses which are the ultimate targets of all that spam. That range of IP addresses is now invisible to the Initiative member's constituency. Game Over. NOW YOU'RE TALKING !!!! You finally got it !!! Having the owners of Megadik file a suit would be like a gift from heaven. But consider, these cyber criminals aren't going to bring suit! What are they going to say??? "Your honor, we're suing this Task Force because they're preventing us from distributing pornography (a violation of Title 18 of the Federal Code) and keeping us from making money by stealing people's identities!" What's the Judge going to say??? (In reality, this is what ICANN should be doing, but they aren't. The Task Force could be set up like ICANN so they're "un-suable") That may be correct in many cases. However - as these forums prove again and again, there are specific spammers IN these "mature DNSBLs" but the spammer continues to operate and spread their spam. Yup. You are correct. However in many, many of the worst and most prolific cases, ALL of the domains owned by the spammer funnel down to one or two specific outlaw ISPs providing nameserver or DNS services. One specific case we've been tracking has ALL of their ecommerce destinations on ONE ISP, across ONE range of IPs. Knock those out and you've thwarted that spammer's revenue source until he can re-deploy. Once all his domains and web pages are made 'unavailable' he's got to rebuild on another. Yes, it IS indeed a cat and mouse game. It may take months to get the attention of these rogue ISPs by killing blocks of their IP addresses. But once you've knocked out a sufficient number of their ranges, word will spread and they'll start to figure out that if they let the spammer back into their system, they're going to lose more of the "product" which they need to stay afloat. That's why it's called the "Self-Regulatory Initiative" ISPs MUST get over being lazy and money hungry to the point that they ignore their responsibility to the web community as a whole. You have to understand that this is NOT about email spam. It's about turning OFF the IP blocks providing DNS for the spammer's "revenue" Thank you. NOW you are coming to the point. Why is it so difficult for the Net industry to see this??? You may have reported "thousands" of reports. But did you chase down the whole trail leading to the origin of the offenses? There are tens of thousands of criminal domain operations either hosted by Joker, or on Joker's name servers. It would take only ONE or maybe TWO episodes of JOKER getting blocked by the "Big Six" ISPs to finally get it through his thick skull that providing these services to criminals is 'eventually' going to be very unprofitable. Besides, in the by-laws managing the Task Force, JOKER would have a method by which he could petition to get his IP ranges back. Will he do it just to protect his criminal constituency? We don't know. C'mon man. Surely you've evolved beyond that -- if you've chased as much cybercrime as you claim to ! That's why there's spam in the first place. No one has any teeth, and everyone is afraid to stand up for what is right. "Political Correctness" Sure, many of us "wish" they wouldn't fly planes into buildings or set of bombs in subways too. That is correct. YOU'VE NAILED THE MAIN PROBLEM How many of Joker registered domains have correct Whois ? Why isn't ICANN policing THEIR OWN regulations? We call and track spammer domain owners via physical means. We have YET to find a Joker registered hosted domain that has accurate Whois information. In fact, it looks very suspicious. As if Joker is paying ICANN to look the other way. If Joker is providing DNS and Nameserver services in the commission of a felony, then they are in part aiding and abetting. Get those DNS ranges blocked by the "Big Six" and you quickly get Joker's attention. But what's he going to say? In the case of the Canadian Pharmacy, Joker may be innocent -- this will be proven by the Task Force who validates where the Canadian Pharmacy is physically hosted. THOSE are the IP targets, NOT the registrar. If you own a mall, and a criminal sets up shop IN the mall, then the mall organization has some responsibility. If the business starts at the mall, but them moves to another location to begin the criminal activities, the mall is no longer implicated. But this conversation is simple reinforcement that the ENTIRE Internet industry needs an overhaul. ICANN needs to be disolved and a REAL regulatory entity put in its place. There should be NO domain kiting. There should be NO rogue registrars. Kill those two practices, and you've killed 90% of the spam. Period. The other 10% would then be managable with your outdated filters and black holes. C'mon... if we were fighting this war on the streets of our neighborhoods, I'll bet you wouldn't be so nice to the enemy. Why are we tollerating him on the internet. :angry:
  5. showker

    Deciphering encoded spam ? Help?

    Okay. I use Spamcop's web based email interface, so it's all geek in that program. I use the web based interface because I simply don't want to bring it down to my computer. Rick, You seem to be very knowledgable about all this. I really enjoy your web site and have referenced several items in my Delicious page. Let me ask yet a further question: Would it be illegal for an entity to offer an award for "Proof of Concept" of a botnet that would counter spam IPs and botnets? Seems if it works one way -- it should surely work the other way too. What do you suppose the reaction would be if someone put up --say-- $100,000.00 -- to the first programmer who could successfully accomplish and sustain that? Or, do you think anyone capable of such a feat is already hired out by the criminals, making much more, and not interested? Thanks in advance
  6. showker

    Is it really doing any good?

    A SOLUTION THAT WOULD WORK LOL. Now think about that for a moment. Back in 2000, we authored the "ISP Self-Regulatory Anti-spam Initiative" It was based on several cold, hard, facts: 1) Legislation cannot do anything about spam and cybercrime, 2) Law enforcement cannot do anything about spam and cybercrime, and 3) Users cannot do anything about spam and cybercrime. So it was an in-your-face logical deduction that the ONLY entity who could actually do anything about spam is the Internet Industry itself. The initiative is simple: The largest ISPs in the U.S. come together and share in the formation of an internet task force. This would be composed of a half dozen skilled internet sleuths who would work each day to gather the latest spam, throw away the losers, and identify the spamvertised sites and IP blocks of those most prolific or dangerous spammers. This might cost a half-million a year, divided amongst such players as AOL, MSN, EarthLink, Yahoo, Google, Comcast, Verizon. So, pocket change. As soon as the Task Force would validate an intruder, they would enter the IP blocks into the "master" blocking list which feeds ALL of the participating ISPs. Since they would be blocking at root server level, those cyber crooks and their spamvertised sites would INSTANTLY become invisible -- inaccessible to the entire constituency of that ISP. Presto! Any ISP who did not sign in to the Initiative, and pony up their share of the expense would run the risk of getting "turned off" in the event spam emanated from their IP blocks -- at which THEY too would become instantly invisible. ISPs who did not participate would also be denied use of the Task Force and would continue to get spammed. "Innocent" ISPs or Block owners who were dragged into oblivion by virtue of hacks, zombies, etc., would be provided a recension method where by they FIX the problem, join the Initiative, and get turned back on. This includes turning over the tracking records for the subscriber responsible for the criminal activities. Any ISP to stupid, or too arrogant to participate, like www.Joker.com would eventually become invisible to the greater population of the U.S. Yes, Joker could continue spamming China and the other non-participants, but they would no longer exist to people using the Initiative supported ISPs. In fact, the spammers would not even know they're no longer visible except revenue from the big ISPs would suddenly end. People would not know the ISP was blocking it -- they would simply see much, much less spam. They wouldn't get the spam, so it wouldn't matter that they couldn't click on the link in the spam. If they clicked on a link to the spam site, they would simply get: "Domain cannot be found." or some such. Game over. Problem solved. Now, consider for a moment what would happen if AOL, MSN, EarthLink, Yahoo, Google, Comcast, Verizon and some of the other million-plus ISPs simply turned OFF all of ARIN. None of their users can even access IPs located on ARIN. None of their users can get to anyone using or hosted by those ISPs. Suddenly you'd find a lot of otherwise questionable ISPs cleaning up their act and disallowing spammers to use their systems. Suddenly you'd see a lot of ISPs joining the Initiative. The Initiative instrument was actually a lot more complete than this, with legal, engineering and so forth, but you get the picture. The honest people cut off the dishonest people so they're never seen again, but the dishonest people can continue to spam each other all they want. The unfortunate truth is, we gave up trying to sell the program after getting nowhere with MSN or AOL. They simply didn't want to hear about a solution to spam. Period. :angry:
  7. showker

    Is it really doing any good?

    Thank you Miss Betsy. But let me add another aspect to this discussion. One person said: There are hundreds, possibly thousands of people who really do not understand what's actually going on. Additionally, I'm continually surprised that no one is really addressing the facts. There SHOULD be a pinned post that explains to people. The only reason I can figure why the "industry" is keeping users in the dark is that they're making too much money off the anti-spam industry. Let's share -- and hopefully spread some undeniable facts: 1) Do NOT expect any filtering or black hole efforts to "stop" spam. This is one of the great myths perpetrated on the computer-using public. Filters do not stop spam, they will NEVER stop spam, no matter how good or expensive they are. Hundreds of thousands of people have bought into this myth. Filters merely "hide" the spam from the user. The spam is still there in ever-growing numbers. 2) No automated spam prevention method will EVER work SpamCop is an automated system. It does NOT stop spam, nor does it claim to. It doesn't even make spam less, nor does it claim to. SpamCop merely reads each reported spam, attempts to make the best guess of where it came from and then pops out a complain to the assumed "spammer". In return you get "filtered" mail based on the numbers. (Read point #1 above) The SpamCop "machine" doesn't have the slightest clue as to who to report to nor if reporting is actually getting where it's going. (We have tracked dozens and dozens of SpamCop reports to addresses, and find most of the addresses SpamCop reports to have been turned off long ago. They bounce -- or go to another robot.) SpamCop merely attempts to report to the admins at the source of the email. 100% of the sources of spam are forged or simply don't exist. An automated system cannot know this. Else the practice of "reporting" would have ended long ago. The percentage of SpamCop complaint reports that do get through are generally acted upon by the abuse admin involved. Unfortunately, the life of a spam site is now an average 8 hours. So, SpamCop complaints that do indeed fall on a 'live' address, are too late. The admin shuts down the account, feeling good about himself, but the spammer is already THREE account ahead... or is long gone. Automation doesn't work, cannot work, and will NEVER work. Period. Get over it. 3) Cutting off the revenue flow is the ONLY solution Until you interrupt the link between the message in the spam and the point of income for the advertiser, you are wasting you time and money. This translates to : shutting down the spamvertised site. Domain Kiting, and Rogue Registrars sanctioned by ICANN automatically launch hundreds of thousands of web pages to accept the results of spam ecommerce, or to gather search engine rankings and "affiliates" links. The spammers send a burst of spam, then harvest the income in the first 4 to 8 hours, then close the accounts -- only to open them again later. They use stolen identities for a very brief time to set up new accounts and points of payment. By the time anyone catches up, they're gone, untrackable. However, the spammer generally has only one or two portals where the income actually is rendered. All the other 'fake' sites merely redirect and funnel users back to that point of payment. The only way to combat this onslaught is to go after that point of payment. Automation cannot do this. It takes human intervention. And then, since the criminals are outside the U.S., the only way is to actually stop them is to: A) direct a DDOS against the ecommerce point of payment Convince the payment mechanism to shut them down C) Convince the upstream provider to close down the IP block. In reality, only "A" would be effective since : A) they're usually too stupid to understand what they've done wrong They don't speak English C) They're making too much money off it D) They're afraid of reprisals from crime cartels and the mob. 4 Reporting to SpamCop is a valuable practice Even though SpamCop will NEVER stop spam (in it's present state) it does feed data and statistics which can be utilized in pursuit of 'real' criminals. (Aside from the 5% or so spammers that SpamCop is actually able to get shut down.) 5. Entities like "CAUCE" and "Antiphishing Organization" are null These entities exists ONLY as lip service to the industry, and to fulfill their own gratification. They have no effective part in ending or even curtailing spam in any way, shape or form. Period. You are wasting your time reporting to them. 6. Entities like FCC, FTC, and FBI are bean-counters only Any reports to them become only a statistic in tracking databases. They are never even opened by machine nor human beyond primitive parsing for statistical tracking only. They even admit to this in their documentation. You are wasting your time reporting to them 6. Entities like Knujon are effective and do work Primarily because there's a human parsing the spam, finding the correct place to complain, and pushing to get the spamvertised sites, zombies, botnets, and compromised machines shut down. Sadly, only about 2 in 1,500 actually do get shut down. So that effort, regardless of how valiant, is not nearly enough. So, now that we've established the facts -- any questions? We can only hope that some day, someone at SpamCop will figure out how to parse the email to find and respond to each and every reported spamvertised site. At that point SpamCop would be a major force in ending spam. However, reprisals from the organized online crime community would then probably end SpamCop's existence. You'll recall the events surrounding the demise of Blue Frog. There's no solution unti IPv6 is finally established as the norm. Until then some of us will continue to fight the real fight... and everyone else will continue to block, filter and bellyache about spam. :-)
  8. showker

    Googlepages portals

    Why "thanks" ?
  9. showker

    Deciphering encoded spam ? Help?

    So, that brings us to the next question: Are they so stupid they don't realize that the spam is simply unreadable -- and doing nothing but wasting their time and ours???? Is there ANYONE who can read the spam directly in their browser?
  10. showker

    [Resolved] Google site search results

    Thank you DavidT ... that post was informative!
  11. showker

    Is it really doing any good?

    YES IT DOES WORK... but is simply not enough to make a "trend" change. It would WORK A LOT BETTER if someone would throw some money at the problem. (Keep reading.... ) WHAT DOES INDEED WORK: I administrate a number of online forums and response forms, and always attempt to 'report' those spammers -- since they're really out side of the SpamCop / Knujon sphere. These crooks find "FREE" online forums and blogs, where anyone can sign up and start a 'thread' -- but where the admins weren't watching, and would basically let anything go. The spammer * builds a post with links to "affiliate" pages (eg "google-search.info") * goes to the unwatched forum * posts a whole page of links -- that redirect (eg "canadian-pharmacy") Sometimes there are multiple 'hijacked' forums. I report each and every one to the admins of the sites where the spammer has set up shop. Sometimes I post to their "CONTACT" form, and others to the admins of the site, ISP, pipeline provider. I also include the IP of the "sender" because my forums and response forms includ the 'writer' IP: example: > 125.14.1.190 > 84.161.30.238 EACH AND EVERY TIME I get a "Thank You" from the site owner, and the pages have been removed. They are very thankful. Last week's episode used these links: http://www.lyricsday.com/forum/viewtopic.php?p=8638 - viagra http://scripts.mit.edu/~bgsa/phpBB/viewtopic.php?t=165 - celebrex http://payson.tulane.edu/techeval/forums/v...opic.php?t=7258 - zyban NOTE they even use esteemed sites like MIT and Tulane. I run a HIGH shut-down rate except when they hijack foreign sites where I cannot read the web pages to find contact names and addresses. So, when you ask "DOES IT WORK" ... the answer is: with the right kind of reporting, yes, it does work. But it takes a little time. Most people aren't willing to put out a little effort. The sad fact is, there aren't enough people reporting and fighting back. The top organization in the world -- could stop spam completely in about a week. Unfortunately that organization has been turned over to an international band of flakes and bureaucrats. ICANN. You can thank the Clinton administration. The second truly SAD fact is that INDUSTRY people who could actuall DO SOMETHING about spam and online crime, (for the most part) are not interested because they're making too much money off it. Any entity with deep pockets and a global reach could END spam tomorrow if they would/wanted to. They're too busy making money to be bothered about it. (MSN, Google, Yahoo, FaceBook, MySpace, AOL) You'd think that an entity worth 6-BILLION would pony up a couple of million to set up a Squash spam task force. But for some reason they don't. My highest regards go out to SPAMCOP and all involved for putting up such a HEROIC fight all these years. But unfortunately there is NO automated reporting system that will ever work to 100% satisfaction. It takes human action... and money to pay the humans well. I would do it if someone would listen. ... and that's all I have to say about that. Fred
  12. showker

    [Resolved] Spam Decrease?

    There was a decrease in the summer, but then into the fall was back up to around 200 spams every 6 hours. HOWEVER -- the last 8-hour period (up to 5 am this morning) is the FIRST time in a LONG time there were 0 (zero) spams in my Inbox. This was so alarming, I figured my server had flaked out and stopped popping the mail. I checked. It appears to be okay. What happened? spam takes a holiday?
  13. showker

    Blocked by xbl.spamhaus.org

    Thanks guys... I checked each IP address, and it was the sender's -- not the list. My lists are getting to the point where they're not worth it any more... they're heavily moderated, but continue to get 50 attempted spams for every authentic post. If it weren't for the loyal following of the list, I would have shut it down yesterday. Thanks
  14. TODAY, two posts on my listserv, which has been running unblocked since 1994, got BLOCKED -- and I don't know if it's the listserv getting blocked, or the "users" who posted. Both are in India. I tried the SpamCop IP lookup to see if any of the IPs were blocked by SpamCop and they're NOT. However, at the end of the header it said: > X-SpamCop-Disposition: Blocked xbl.spamhaus.org One of the guys had indeed sent a spam to the list -- advertising links, etc., -- but I just want to make sure the list itself is not blocked. It's whitelisted on my SpamCop -- but was still put in the HOLD folder Can anyone steer me in the right direction??? Thanks
  15. showker

    Reporting Pump and Dump Penny Stocks

    In January '06 I ran a 13 week series on the "Pump and Dump" spammers. With some considerable research and tracking, we did bring in the SEC on the project. You'll remember, then in October they suspended trading on a dozen of the top offenders. See: Pump and Dump Stock Schemes, and the follow-up. The series then followed in the User Group Network "Safe Netting" department. But we haven't done anything on it recently because it looks like only a handful of stocks. The series then ran through April, following the scams and stock reports, actually listing the stocks, company contacts, etc. We did receive threats, and a number of companies asking to be "removed" from their list. One rather prolific spammer threatened a law suit -- we said, "See you in court" ... they were never heard from again -- AND -- after that they stopped including their URL "Stock Tips" link in the spams. P&D stock scams are difficult to trace and connect the actual spammer with the company. Through investigation, we found the majority were, indeed, involved directly with the trading company. Yet others were believed to be driven by organized crime cartels in the middle east, China and Russia. In ALL cases of a GIF graphic used to elude spam trackers, we would include the link-to within the HTML, including the stock ID and company. EFFECTIVE, but takes human intervention, and much time! After the SEC suspension, the P&Ds actually all but disappeared. But this summer, they started back up again. I've been told the SEC watches this situation, and is now tracking. But there have been no new suspensions, unfortunately. I think they're basically just overwhelmed. Keep reporting them! SEC has a facility for reporting AND believe it or not is acting... See: SEC Charges Three in Pump and Dump Price Manipulation Scheme Involving spam E-Mails Touting Penny Stocks Post this link to your web site, and tell as many people as possible to read it: the “pump and dump†scheme SEE the SEC Internet Enforcement Program POST your Complaints: SEC Center for Complaints and Enforcement Tips The best way to stop it is not to buy the stock, and let the pumpers get dumped.
  16. showker

    Amazing reduction in Spam

    Since August we've seen a dramatic decrease in spam. Usually when there's a dip, I'm paranoid it's one of our mail servers on the blink... and it usually is. However, this is not the case this time. In the past year we have averaged 300 to 400 spams EACH 8-hour period. Since late August, that number has rapidly decreased to an average 90 to 125 per 8-hour period. Is this because of the "gray listing" that SpamCop initiated? I'm totally unclear about that new "feature" -- I didn't read the email alert very thoroughly, and did not answer to participate... at least I thought I wasn't participating. Has the amount of spam actually decreased? Or have the spammers finally learned it's not a good idea to spam ME ??? Thanks for reading Fred
  17. Does anyone know if the current wave of "Postcard" spam contains potential dangerous .EXE content? I note the links all go to a download site of an EXE file, but from a Mac, I cannot tell what the file is or does. I do know the domains "blamed" are being spoofed (eg: Postcards.com), and that of the ones we're tracking, the servers are located in Egypt, Iran and Palestine -- suggesting terrorist activity. Any knowledge on what those EXE files actually do? Thanks Fred
  18. showker

    Spam: "You have received a postcard..."

    Thank you for the response. We are currently receiving 2 to 6 of these every 8 hours. To "See" the postcard, they tell you to Key the following IPs into the browser: 80.195.251.182 68.82.14.202 75.28.105.59 Since yesterday, there have been 16 different IP blocks referenced. Today they seem to be repeating, starting over.
  19. showker

    What about 'picture' spam?

    Has anyone else seen an increase in spam which is merely a single PDF attachment? Our spam trackers have opened a number of these and found them to be the typical "pump and dump" stock scam graphic of mangled text in a graphic. This ploy will NEVER be parsed in SpamCop's spam filters. Comments? Noderator edit: merged this 'new' Topic into this existing Discussion, seeing it as just a variation on the 'picture spam' issue.
  20. This is the first time this has ever happened. I thought SpamCop reports on their own behalf, not the recipient of the email. Am I being spoofed? However, the email clearly says : > From: showker[at]spamcop.net > Subject: spam Report from showker[at]spamcop.net I'm getting dozens of bounces each hour from an admin : > Date: 19 May 2007 17:15:53 -0000 [13:15 EDT] > From: MAILER-DAEMON[at]mx53.cesmail.net > To: showker[at]spamcop.net > Subject: failure notice > Headers: Show All Headers > Hi. This is the qmail-send program at mx53.cesmail.net. > I'm afraid I wasn't able to deliver your message to the following addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > <ver.showker+spamcop.net-1179594838-b223f9d3e2c0e549c9fb13feaa8be157[at]spam.spamcop.net>: > 204.15.82.27 failed after I sent the message. > Remote host said: 554 #5.3.0 Server Error > > --- Below this line is a copy of the message. > > Return-Path: <showker[at]spamcop.net> > Received: (qmail 27058 invoked from network); 19 May 2007 17:13:58 -0000 > Received: from unknown (HELO delta.cesmail.net) (192.168.1.30) > by mailgate.cesmail.net with SMTP; 19 May 2007 17:13:58 -0000 > Received: (qmail 4184 invoked by uid 99); 19 May 2007 17:13:58 -0000 > Message-ID: <20070519131358.htue8g84w0w0k48g[at]webmail.spamcop.net> > Date: Sat, 19 May 2007 13:13:58 -0400 > To: ver.showker+spamcop.net-1179594838-b223f9d3e2c0e549c9fb13feaa8be157[at]spam.spamcop.net > From: showker[at]spamcop.net > Subject: spam Report from showker[at]spamcop.net > MIME-Version: 1.0 > Content-Type: message/rfc822 > User-Agent: Internet Messaging Program (IMP) 4.0-cvs > > Return-Path: <ColeenMcelroy[at]ariannausa.com> > Delivered-To: spamcop-net-showker[at]spamcop.net > Received: (qmail 5087 invoked from network); 19 May 2007 14:56:08 -0000 > X-spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on blade1 > X-spam-Level: * > X-spam-Status: hits=1.4 tests=HELO_DYNAMIC_NTL,UNPARSEABLE_RELAY version=3.1.8 > Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) > by blade1.cesmail.net with SMTP; 19 May 2007 14:56:08 -0000 > X-IronPort-AV: E=Sophos;i="4.14,556,1170651600"; > d="scan'208";a="479865128" > Received: from mx53.cesmail.net ([216.154.195.53]) > by c60.cesmail.net with ESMTP; 19 May 2007 10:56:11 -0400 > Delivered-To: 1-showker[at]graphic-design.com > Received: from graphic-design.com [216.12.76.135] > by mx53.cesmail.net with POP3 (fetchmail-6.2.1) > for showker[at]spamcop.net (single-drop); Sat, 19 May 2007 10:56:08 -0400 (EDT) > Received: (qmail 92980 invoked from network); 19 May 2007 14:42:24 -0000 > Received: from spc1-cosh2-0-0-cust746.cosh.broadband.ntl.com (82.27.146.235) > by furniture-systems.com with SMTP; 19 May 2007 14:42:24 -0000 > Received: from localhost.ackermanelectric.com (abstracter.com [localhost.adrostral.com]) > by localhost.ackermanelectric.com with ESMTP id 772AF5CCC > for <alloeotic[at]Apiales.org>; Sat, 19 May 2007 10:42:00 -0500 > Date: Sat, 19 May 2007 10:42:00 -0500 > From: "Lending Center" <ColeenMcelroy[at]ariannausa.com> > To: showker[at]graphic-design.com, showkera[at]graphic-design.com, showkeray[at]graphic-design.com, showkew[at]graphic-design.com, sigal_barnea[at]graphic-design.com, silva[at]graphic-design.com, simmons[at]graphic-design.com, simpson[at]graphic-design.com, sims[at]graphic-design.com > Subject: Please complete your application Sat, 19 May 2007 10:42:00 -0500 > Content-Type: text/plain > Content-Transfer-Encoding: 7bit > Message-Id: <1044132112.3345.0.blizzard[at]ackermanelectric.com> > To: showker[at]graphic-design.com, showkera[at]graphic-design.com, showkeray[at]graphic-design.com, showkew[at]graphic-design.com, sigal_barnea[at]graphic-design.com, silva[at]graphic-design.com, simmons[at]graphic-design.com, simpson[at]graphic-design.com, sims[at]graphic-design.com > Subject: Please complete your application Sat, 19 May 2007 10:42:00 -0500 > X-SpamCop-Checked: 192.168.1.105 216.154.195.53 216.12.76.135 82.27.146.235 > > Dear Home-0wner > > Are you fed up with paying too much mortgage interest?. Your approval is waiting. > > You can receive $258,000 for > $602 per month. > > Please respond Now. > http://www.geocities.com/jarvissqn69635 > > > Jules Peters > Loan Center > > > Do just once what others say you can't do, and you will never pay attention to their limitations again. -James R. Cook > > >
  21. Amongst all the clutter of this thread, I'd like to ask a simple one... Assuming Joker.com is a perpetual 'safe harbour' for spammers, phishers and other online criminal activities ... (and he is, I've had umpteen run-arounds with Joker over the years... ) would it not be prudent to just BLOCK all of Joker at server level? but am reluctant to block all of him, simply not knowing how many innocent users might also be blocked from the sites hosted on the server. Can someone shed some light on IP BLOCKING at server level? Thanks Fred PS: if this is off-topic, tell me. These forums are huge, and one has no way of knowing where to post!
  22. showker

    SpamCop reporting of spamvertized URLs

    POP QUIZ: ... let's see how well you understand the content of this thread: FIRST TOSS-UP: Your kid's playground is surrounded by dark shadowy figures in trench coats giving away drugs and prono -- trying to steal their the identities to break into your bank accounts. What do you do? ANSWER: (pick one) [_] Punish the kids... they should protect themselves better [_] Punish the school... they should build better fences [_] Close the playground... kids have no business there anyway [_] Lock up the dark shadowy figures in trench coats OKAY... ROUND 2 There's a local terrorist organization who rents trucks to deliver bombs to the subway and various government buildings. WHAT DO YOU DO? ANSWERS: (pick one) [_] Send complaints to the truck rental agency? [_] Lock up the trucks [_] Close the streets leading to the bombed targets [_] Make the bombed targets buy better security [_] Lock up the persons who rented the truck? SUMMARY: How come your answers don't match the thread? Is something wrong with this scenario? Just asking.
  23. showker

    Blocking IP range

    Okay... Comcast vs. the BAD GUYS I've read all of the references given in this thread, (over several days) and have come to the conclusion that this realm belongs to the ivory tower geeks -- and there's just no "simple" answer or solution. I don't care about Comcast subscribers. Only a fool would block Comcast. Besides any spam from them is probably forged. Since I research the "sender" or "spamvertiser" of the spam, form post, or forum posting, I'm not that concerned with the email of it. It's enlightening to discover WHO will PROFIT from the criminal attempt. So... several NEW QUESTIONS emerge from this thread: A sample this morning was put through the SpamCop reporting system -- which reported that the spam came from a computer in Arlington, VA. However, the actual spam included gibberish, and a GIF file promoting pharmacutical products at one : www . RXfarm . org. Obviously SpamCop can't read embedded GIF files. Tracking the domain, I learn it's located on a server in MEXICO. The domain uses NS servers in New Jersey and Mexico City. Now I know that it's either a U.S. criminal who has set up shop on some butt-wipe ISP in Mexico, or a Mexican criminal. Blocking this ISP does me no good other than preventing anyone on that network from reaching my server... right? Is that a correct asumption to make? However, in another, similar spam... and then robot forms entry from the SAME IP address, I learn that the offending criminal who has done the dirty work is located at that specific IP. If I block THAT IP address, he cannot get to my server RIGHT? Is THAT a correct asumption to make? These are the ones I tracked this morning: 218.49.123.31 Korea (frequent offenders) 221.165.196.116 210.183.41.56 200.158.124.204 Brazil (frequent offenders) 202.57.177.170 thailand (frequent offenders) 217.197.156.143 - Czech Republic (frequent offenders) 212.191.77.244 - Poland (frequent offenders) 87.68.65.225 - Israel (probably terrorists) 62.149.128.160 Aruba Italy (frequent offenders) 200.79.160.7 Mexico (the online drug pharmacy mentioned) Since I had to pay for a block of IP addresses, am I to assume that everyone in the world who operates a domain MUST have at least ONE of these numbers assigned to them? (I had to buy 32 of them) http://200.79.160.7/ goes directly to a domain, a web site on a server. Is it a correct assumption that this domain is on a computer server in a physical location where others are also hosted... as in an ISP ? Doesn't it also suggest that the OWNER of that IP number, probably has others? Possibly many others? So, if I block : 200.79.160/20 am I blocking ALL of the possible IPs this Mexican ISP has to offer? The last two sets of numbers seem to be significant, but the first two don't -- because they lead all over the planet. Thanks everyone... this is the most meaningful thread I've been involved in here to date.
  24. showker

    Blocking IP range

    Can anyone point to a DEFINITION of "IP address" in plane, simple language? Does it mean a single computer? (Sorry for the stupid question, but there doesn't seem to be a topic here for "stupid questions") I've been tracking them and working with them -- blindly not knowing exactly what each of the sets of numbers actually mean. AND... possibly, Farell, could share what the "slash" does / means. RE: 204.13.64.0/21 Does that mean a 'range' of numbers? Say, from zero to twenty-one? ... and , does that slash technique work on all servers? Is there a plane-language web site that explains all this? I've added a bunch of IP addresses to our server block-list. But I suspect there's a better way to block entire populations. For instance, how would I block the ENTIRE COUNTRY OF BRAZIL? Or, CHINA? I've tried figuring it out. But it just doesn't make sense. I get spam from 88.224.248.53 which is Turkey. People from Turkey have no business on my server. But then I get spam from another "88" ip number, and it's Comcast in Texas. Well, of course I don't want to block Comcast in Texas. So what gives??? How can I block ALL OF TURKEY ??? Someone should write a simple tutorial that us non-geeks can understand... AND implement.
  25. showker

    I want to block all of Joker.com

    SPEAKING OF ICANN... I've had it with those people. For some unknown reason, they have NO TEETH to even enforce their own regulations. I cannot understand why no one else notices. I've reported hundreds (maybe thousands, I've lost count) of FALSE WHOIS entries which NEVER got fixed. They're probably in Joker.com's pocket. If someone (an attorney, perhaps? Any attorneys registered here?) had the teeth and balls to go after ICANN, I will finance it. Once upon a time, I approached the top five computer science university departments with a challenge to produce a legal "false whois" anti-virus in exchange for an endowment grant of $500,000.00. I got all kinds of response wanting the endowment, but NOT one who would commit to the project -- for fear of reprisals. Criminals can program all sorts of awesome internet devices to perpetuate their criminal activities, but there doesn't seem to be a single honest programmer who will match their skills. Doesn't that seem upside-down? Before ICANN, there was accountability on the internet, and spam was unheard of. Thanks to the Clinton Democrats, the internet was sold to an international band of criminals who set up a mountain of bureaucracy so that they could NOT be held accountable for their policies and actions. Hopefully, IPv6 will cure all that. So, if anyone who reads this (and I suspect no one will read it beyond the forum admins) who actually knows how to go after ICANN legally, let me know. ICANN needs to be disolved, and a new administration put in place. Period. Fred
×