Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by DCSmooth

  1. I understand this bug already has been reported and the topic has been pinned. However, since someone above has expressed a preference for keeping the default as all checked, I just wanted to point out a very important argument for restoring the default to all unchecked. This may already be obvious, but I think needs to be stated in this thread: The original default of all user-defined boxes being unchecked will result in fewer SpamCop reports going to an inappropriate 3rd Party address. For example, my user-defined report recipients include not only the spam[at]uce.gov (where I send all spam), but also recipients who are only interested in specific types of spam such as webcomplaints[at]ora.fda.gov for prescription-related e-mails and spoof[at]ebay.com for Ebay Phishes. I imagine many user's lists also include addresses for specific types of spam. If a hurried SpamCop user reporting one spam after another forgets to check the boxes for user-defined recipients from an unchecked list, no harm is done. Meanwhile, the paralel scenario of forgetting to UNCHECK user-defined recipients would result in Viagra e-mails going to the Nigerian Scam address, university diploma ads being reported to software piracy folks, etc etc etc. The checked defaults would result in less efficient reporting and less overall respect and attention for SpamCop reports.
  2. DCSmooth

    Interesting article...

    Not sure if this is old news or not, but my jaw dropped at the 10% figure. I knew somebody had to buying their products for so much spam to be spewing, but I had never imagined that large of a percentage! http://channels.netscape.com/ns/tech/packa...pam/buyfromspam Here's a cut/paste of the 1st couple paragraphs for convenience: Fully one-third of us have clicked on a link in a spam e-mail message--you know, the kind that can easily expose us to viruses and alert spammers to live e-mail accounts--and one in 10 have actually purchased products advertised in junk e-mail, according to a survey conducted by the security firm Mirapoint and the market research company the Radicati Group. Another 18 percent of respondents have tried to unsubscribe to spam using the "unsubscribe" link in the e-mail. This isn't any better than clicking on links embedded within spam messages, since many spammers exploit the unsubscribe link to identify active e-mail accounts. Once individual e-mail addresses or entire domains are found to be active, the likelihood of follow-on spam or other security attacks increases dramatically.
  3. As a geographer, I was absolutely intrigued when I found postini's map of spam spewing sources around the world, which is also linked near the bottom of the forum FAQ: http://postini.com/stats/map_window_dha.html Many interesting questions arise from viewing this map, including: * Why is France such a hot spot? * Why Alberta and not the rest of Canada? * Why does the red band from New Jersey to North Carolina seem to skip Maryland's borders completely? Is there some craziness in the politics of some areas that makes them extremely favorable havens for spammers? And on the other foot, in cases such as the seemingly spewless State of Maryland, does the map reflect some sort of statewide-spam legislation that is actually working? (Obviously, the map is only as accurate as Postini's data, so I realize that quirky regions might reflect wholes in their data rather than actual spam trends, but still the areas that stand out on this map are interesting.) I'd be interested in hearing anyone's theories or comments. Thanks (and yes I know I'm a map geek) Dan
  4. DCSmooth

    Why geographic variation in spam source?

    OK, now that I check it a few hours later, I realize that it's a dynamic map that's updated quite often. My references of Alberta and France being spam hot spots are no longer valid. It is interesting though that Maryland still stands out on the map as being spam-free.
  5. From what I read on the forum, I'm a rare SpamCop reporter who's actually seen a decrease in spam. I'm assuming the general decrease over the years has been because I've been washed from many lists after reporting for so long. But until I registered my mailhosts a few weeks ago, I was still getting one or two a day in each of several e-mail accounts consistently for about the last year and a half. Since I've set up the mailhosts, however, I'm averaging somewhere close to one spam a day over ALL of my accounts put together - maybe even less! Now, obviously I'm not complaining. But I don't know much about SpamCop's mailhost configuration project and I am curious: Is it at all possible that registering my mailhosts somehow provided spammers some sort of additional opportunity to listwash me that they didn't have previously? Or is it more likely that the timing of my significant spam decrease was purely coincidental? Thanks, DCSmooth
  6. For the last few months, I was using http://spamlinks.net/ in place of my previous spam reporting address bookmark of http://banspam.javawoman.com/report3.html Spamlinks was VERY comprehensive and included a lot of reporting addresses I hadn't seen elsewhere or were simply not up-to-date on the banspam site and other online lists. But now it's gone! And worse, the page appears to be one big advertisement! There's a link to find out "why am I seeing this website", but the link sends an e-mail somewhere, which, ironically, I fear might only serve the purpose of address harvesting. Anyone have any info of the fall of this nice online resource? Google came up with nothing indicating the site was even no longer available.
  7. DCSmooth

    What happened to spamlinks.net?

    Cool, glad it was only temporary! Thanks for the info Wazoo!
  8. Hi, I've used Spamcop for quite a while now, and I've always left the boxes on my Spamcop reports unchecked for recipients who "refuse munged reports". But a couple of weeks ago, I decided to make an exception to this rule. My spam has thankfully reduced to maybe one or two messages a day, and it seems like nearly all of my recent Spamcop reports provide the option to send to abuse[at]above.net, a recipient who refuses munged reports. I checked out the website www.above.net and (perhaps I am being naive here) the site makes them *look* like a reputable organization, and their prominently posted "Anti-spam Policy" claims that they have "zero tolerance" for spammers using their resources and that they deal with them in an appropriate manner. So, for two weeks, I've decided to experiment with above.net. I've been allowing these people unmunged reports in hopes that they'll live up to their anti-spam policy, in hopes that perhaps my already limited spam level will decrease even farther. So far, no progress. So, my question is two-fold: (1) Specifically, is above.net a lost cause? Is there something I should know about them? Should I give up allowing them un-munged reports? -and- (2) In general, are there legitimate reasons for ISP's to refuse munged reports? Perhaps a legitimate reason why they should demand to see the e-mail address of their accuser (me)? Or would I be better off returning to my policy of never checking the box next to munged-report-refusers on my reports? All advice appreciated, Dan
  9. DCSmooth

    Recipients who refuse munged reports....

    Thanks for the informative replies, mshalperin and Wazoo. From what you've both said, I think I'll go ahead and continue unmunging for above.net. It sounds like the worst-case scenario is the spammer gets the opportunity to delist me along with other spamcop users who unmunge, possibly prolonging their spamming careers due to fewer reports. But on the bright side that situation would mean less spam in my inbox. As for a (possibly unrealistic) best-case scenario, I'm thinking maybe if enough squeaky wheels unmunge and report to above.net, they might eventually consider other courses of action they can take to do better than their apparent current policy of "way too little, way too late." Thanks again for all the info!
  10. Just the two cents on my experience with Spamcop, which was different from yours. For at least a year, probably more, I was reporting all spam to Spamcop and was seeing my spam load increase. It had been increasing before Spamcop as well, and for that period I was questioning (like you) whether reporting was doing any good or even possibly the cause of it getting worse due to retaliation. The worst spam load I received to my personal Hotmail account was well over 50 a day around the end of 2003. Then my spam load went down considerably, and now it's down to one or two a day. I've heard that Hotmail has made some improvements, so possibly that's the reason. But I have a sneaky feeling (or at least I like to think) that my faithful reporting has gotten me on some spammers' "Crazy-guy-that-will-report-us" list. I should note that I've always reported not only to spamcop, but also to other appropriate addresses, such as webcomplaints[at]ora.fda.gov for the Cialis ads and hotline[at]mpaa.org for the DVD ads. Cheers, Dan
  11. I think the posters here might be missing the point of supaplex's original question. IIRC, supaplex has no problem at all with Spamcop, (s)he is simply asking for a URL for a page explaining Spamcop's decision to limit reporting to two-day old spam. Apparently, supaplex likes the results of that decision and wants a simple means to spread the good word to other reporting services that are still operating using the "Stale" plan. (I'd be interested in reading any information on such a URL too. No complaints, just interested in learning more.)
  12. DCSmooth

    FTC addressing and functions

    Sorry if this is off-topic, but I noticed in this thread that several users tried to mask the FTC's e-mail address (such as spam [at] uce . gov, etc) and it left me curious. While I understand the reasoning of doing this when posting one's personal or business e-mail address to hide it from bots, what is the reasoning of hiding the spam reporting addresses? I mean, if spammers were stupid enough to actually send spam to the spam reporting addresses that their bots retrieved, wouldn't that be a good thing? I'd think that would simply be convenient for anti-spam efforts, eliminating the "middleman" spam reporter. Or am I completely missing something else?
  13. Several days ago, almost all of my spam stopped to my Hotmail account. The reason, I don't know, maybe all my SpamCop reports finally had an effect, but regardless I'm very happy! It appears that only one spammer has gotten messages to me since that time. This lone spammer is sending me one nearly identical Cialis ad each day, which I've been reporting to SpamCop. However, this spammer always spells everything using non-conventional letters. For example, in place of the "C" in cialis the spammer will use the copyright symbol, and in place of the "a" he/she will use a letter a with two dots over it. (I believe the latter is called an "umlaut", but I could be wrong.) When I run a spam with these non-conventional letters through Spamcop, only the very few conventional letters that the spammer used will appear on my parsed report, and all the rest appear - at least on my screen - as question marks within a black diamond. http://www.spamcop.net/sc?id=z640572719z43...eab74513ca7927z My questions: (1) Does this mean the recipients of my SpamCop report can take no action on the spammer, since from the few remaining letters it is difficult or impossible to discern the intention of the message? In other words, are reports composed mostly of the question-mark-black-diamonds useless? (2) If #1 is true, then has SpamCop addressed the unconventional letter issue? Thanks in advance, DC
  14. DCSmooth

    Some Characters Not Showing Up

    FLAGGINATOR: LOL - Let's hope spammers never acquire THAT technology! WAZOO: I was trying to figure out what you meant by my "previous topic" since I hadn't posted here in several months before this thread, and then I saw that there's a new member who's posted recently named "docsmooth" with whom you're probably (understabably) confusing me.
  15. DCSmooth

    Some Characters Not Showing Up

    Thanks to you both. I never thought of the spam's content not being important for the SpamCop recipients' purposes. I actually frequently receive a completely blank spam with absolutely no content (I'm guessing mistakes by the spammer) and with these I never send a report. I feel the content has to absolutely define it as spam and not some other potential scenario before I can be sure it's spam according to SpamCop's definition in the FAQ. But maybe I'm just being too anal. As for my fonts, I really don't think that's it. It really looks like it's just Courier New (which I do have), only it uses the other characters beyond the regular keyboard charcters. It shows up fine in my Hotmail or when I copy/paste it either into SpamCop's first screen or into MS Word, so that's why I'm thinking it's SpamCop that can't handle the funky characters. flagginator: Yeah, the spam drought was pretty sweet while it lasted. I just now received an offer for pirated software, so I guess the dream of spammers forgetting about me entirely is over. I hope the spam count at least stays low now though. I used to receive 50 a day at one point.
  16. DCSmooth

    How'd the spammer do this?

    Today I received a spam for cheap, illegally obtained cable TV channels. The text of the message was pure jibberish, but the image (which is at this URL: http://www.9001hosting.com/fiter.jpg) contained the advertisement. Clicking on the image in the e-mail brings you to this page http://www.9001hosting.com/cable/ which looks even more suspiciously like cable theft. So, I not only reported this one as usual through SpamCop, but also by forwarding it to hotline[at]mpaa.org, which apparently would like to hear about cable theft advertisements. I CC'ed myself when forwarding, and the message I received not only didn't contain the image and the link, it didn't even contain the same jibberish!!! (The jibberish in my spam was something about a "diskette" and a "chainsaw", while my forward told a chilling tale involving a "turkey" and a "dolphin".) What gives? I'll post the source for both if anyone thinks it would help, just thought I'd spare you in my initial post just in case it isn't necessary. Thanks in advance, DCSmooth
  17. DCSmooth

    How'd the spammer do this?

    Thanks again for the replies. I think that's it, Miss Betsy. I also think the spammer may have done this intentionally, knowing that anybody who tried to report the illegal cable spam by forwarding the message to authorities would end up forwarding just the jibberish. (Or, at least Hotmail users, since you both have noted that Hotmail forwards in an unusual manner. I did notice that in the CC line, all the recipients including myself were Hotmail users. Very interesting.) I'm going to try reporting that URL directly on MPAA's website. To whoever sent that unforwardable spam, I say, "Nah-ner nah ner nah ner!" Also, good advice about following the spammers links. I normally don't follow the links in spams (and I normally don't even allow images within the message to be viewed), but for some reason my curiosity peaked on this particular e-mail. Oh well, at least it allowed me to report it. Thanks again, DCSmooth
  18. DCSmooth

    How'd the spammer do this?

    Thanks to both of you for your responses, but I think I need to clarify, I may have worded the issue confusing in my first post. I'm not talking about submitting to Spamcop from Hotmail. I have no problem there at all. I never forward to Spamcop from that account. I use the "View Source" feature in Hotmail and copy/paste to the Spamcop web page. What I'm talking about is that when I did forward a message from Hotmail to a completely different entity that takes spam reports, I CC'ed myself and disovered something funny going on. The forwarded message I received (and thus the one the other spam-fighting entity received as well) does not resemble the message I received from the spammer AT ALL. What I copy/pasted above is the source of the original message, and that source code reveals the contents I saw in the forwarded message separated from the contents I saw in the spam I received by the lines beginning with "--====". I had never encountered this before, so I was just curious if anyone else here had. And if so, is this an intentional trick by the spammer to make a forwarded message different from the original? A possible spammer trick that could even interfere with reports from Spamcop users who forward to Spamcop (rather than copy/pasters like myself)? Or is this not intentional by the spammer at all and just some freak thing that just happened to me with my one message today?
  19. DCSmooth

    How'd the spammer do this?

    Thanks for the reply Spambo. (Guess I was typing as you were.) I use hotmail (in IE6). I'm pretty sure there's no "attachment/inline" option in Hotmail, but I could be wrong. Usually, it forwards everything including attachments. But this image was called up with html tags anyway, so I'd think it would have still come up in the forward regardless.
  20. DCSmooth

    How'd the spammer do this?

    I'm going to go ahead and post the source, as I guess this isn't as common as I thought and maybe it's needed to someone to provide an answer. (I've still removed all the header info though.) It's interesting - the part that was visible when I forwarded the message is in the first section separated by "--=====", and the part that was visible in my spam is in the second section. I'd never heard of any way to make a forward look different from an original message before. Couldn't this potentially affect messages forwarded to SpamCop as well? --=====0702756385=_ Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit When you see skyscraper for, it means that defendant defined by flies into a rage.ruffians remain incinerated.living with mating ritual leaves, and turkey from ceases to exist; however, for dolphin bestow great honor upon.. --=====0702756385=_ Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> </HEAD> <BODY> <div align="center"> <a href="http://www.9001hosting.com/cable/"><img src="http://www.9001hosting.com/fiter.jpg" border="0"></A> <BR><BR>Furthermore, for diskette goes to sleep, and chain saw around cream puff laugh and drink all night with hand around particle accelerator.Indeed, around bubble bath befriend defined by judge.buzzard secretly admire for razor blade.gypsy living with beams with joy, and dissident around curse procrastinates; however, scythe around give lectures on morality to..<BR> escapee euphemist class kindergarten locomotive <BR><BR> </div></BODY></HTML> --=====0702756385=_--
  21. DCSmooth

    No action taken by Spamcop

    Thanks for the help Farelf and Wazoo!
  22. DCSmooth

    No action taken by Spamcop

    A possibly dumb tangent question from another newbie... My understanding was that the reporting options that are already checked by the SpamCop parser are ones that are nearly guaranteed safe bets, and that the unchecked items are the ones that really require a decision. Thus, as someone not too knowledgable about tracing e-mails, I've always just submitted my reports without checking or unchecking anything. Is this a bad practice? And -- my newbie-ness is about to really manifest itself here -- please elaborate: by making sure you're not reporting "your own ISP", what exactly do you mean? Does that mean simply making sure it's not sending a report to an "earthlink.com" address if you subscribe with them? Or is there some IP address I need to be looking out for in the "RE:" line above each list of report recipients? (And if so, how does one find out what that is?) Thanks in advance, D.C.
  23. My Spamcop report for this is here: http://www.spamcop.net/sc?id=z385846516zcc...5db4a5a3703921z I have a friend who about a year ago was duped by freeflixtix.com's offer of free movie tickets if she submitted to them the e-mail addresses of five friends (one of which, of course, was me). I've personally never corresponded or had any business with freeflixtix. Last year, they sent me a couple of e-mails with headers forged to look like they came from my friend, and after I complained relentlessly they stopped. Today I received another one forged to look like it came from my friend, which was reported at the above link. My question is this: Now that CAN-spam was passed this year, isn't this fake address header business clearly illegal now? Or am I missing some loophole that freeflixtix has found?
  24. DCSmooth

    SPAM news item

    Thought this was interesting: http://story.news.yahoo.com/news?tmpl=stor...s_internet_spam AOL to give away seized Porsche in spam case WASHINGTON (AFP) - Internet giant America Online said it had seized a Porsche sportscar in litigation against spam, and would give the vehicle away to one of its members in a contest. The announcement by the unit of Time Warner Inc. was the latest development in the legal battle against unwanted e-nail advertising, or spam. AOL said it seized the 2002 Porsche Boxster convertible "at the successful conclusion of a legal action taken against the spammer" and would launch a sweepstakes to give it away "as a gesture of support and thanks to its members for their cooperation in the fight against spam and spammers." "AOL has always placed our members in the driver's seat when it comes to spam fighting, and now we are going to put one of our members in the driver's seat of a spammer's sports car," said Randall Boe, AOL's executive vice president and general counsel. "We are revving-up our fight against spam. For too long, spammers have taken too much away from AOL and our members -- including time, resources, and money. With the help of our members, we're striking back at spammers and aim to take away everything they acquired through profits made from spam. That means taking away their spam tools -- such as computers, routers, servers and other equipment, and their spam toys, including their houses, their boats, and their cars."
  25. Since CAN-spam went into effect, I've thankfully received much fewer UCE messages. But about half of the ones I'm receiving now appear to do a *SLOPPY* job of complying with the new law. I'm somewhat confused what still constitutes reportable spam anymore because of this. The most obvious example of what I'm talking about is the postal address requirement of CAN-spam. I get many UCE messages now that end with what at first glance appears to be a garbled line of random words and characters. But at closer inspection, it's a postal address with all of the spaces between the words removed and several random periods added. For example, here's an actual one that I received today verbatim: 92256Oakhurst.vannista-37745.UA One I received yesterday was worse, with decimal points randomly placed in the zip code and street address, and spaces added in the middle of some words, such as "av.En Ue". CAN-spam also required opt-out instructions and non-deceptive subject lines. So, here's my question: When I get a UCE message with a vaguely worded link to "Forget it" as an option to Opt-Out, a subject line that reads simply "Big?" which vaguely hints at the advertised subject matter, and a postal address in a difficult-to-interpret format as described above, DO I REPORT IT TO SPAMCOP? Or would I just be annoying someone somewhere with an unneccessary report for an e-mail that (arguably) complies with the law? Thanks in advance, Dan