Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by shmengie

  1. shmengie

    AOL Protocol

    I'm fairly un-informed about AOL policies, however, an associate of mine has informed me that AOL is a PITA. If your IP or ISP's SMTP server sends too many e-mails to AOL, you or your ISP must register w/them somehow to get on their white list, otherwise emails to them bounce.
  2. shmengie

    next generation spammers

    http://www.spamcop.net/sc?id=z772587994z11...aee40216c68f0dz Name: congress.su.dissemble.at.ibirxt.com Address:,,,, Which translates to a bunch dsl/cable hosts, AFAICT. comcast, ameritech, comcast, rr and verizon. For some reason spamcop only identified the one ip address at rr (, according to the tracking url. This is the second spam that resolves to a web-addy like this. My guess is the latest generation of spam-bot infected computers are also webhosting... What a joke. Maybe I should be greatful my ip isn't in the list. -Joe
  3. shmengie

    I Got Harvested - RATS

    That's just plain hateful. I hate the thought, but suspiction lies in your friend's computer being infested with some form of virus/trojan that reads browser input looking for stuff like credit card numbers and email addresses. I know it's a possibility, but would rather believe it isn't. The most likely other place for sniffing network traffic (IMO) is cable modem networks. I used to have a cable modem and could see all traffic in the node I was attached to. I never bothered to look for anything, but found it interesting to peek at what was going on. It wouldn't supprise me to learn that a virus strain has become sophisticated enough to do this sort of network sniffing. Another potential breech is wireless networking, but this has a much more limited potential audience of listeners, given the range of wireless. Wireless networks should not be un-encrypted. Encryption is no guarentee, but can make it difficult enough to deter the casual voyer.
  4. shmengie

    ISP's need extra incentive

    I think if an ISP's address's generate more than 50% spam vs. legatimate e-mail, their internet connection should be terminated. Let them pay their providers a re-subscription fees if they want to re-connect. If they hit the 50% mark again, down goes their connection. This will probably never happen, but it sure would provide them some extra incentive to act on the spam issue. Maybe the Internet 2 roll-out can stipulate this form of mandate. That might actually get ISP's to clean up their act in advance.
  5. I find it curious that after this message was posted, the stock spams seem to have slowed/stopped.
  6. shmengie

    193.* address range

    Wrote a message few months back about the whois record pointing to a contact a pointing to an previously used, now nonexistend domain. The responce I got was that the ip subnet was hijacked. It went from non-existent contact to another contact in Russia which bounced. I guess igor[at]hostelecom.ru.com didnt' like all the mail that flooded in with that whois record went live. I recieved a reply from APNIC the other day that they would contact the ISP and have the whois record updated Finally, no more bounces!!! Was a little happy to see today that spamcop reports are now reaching the isp too.
  7. shmengie

    Help! Im not sending this spam

    Here's another thread in this forum which may shed some light for you. http://forum.spamcop.net/forums/index.php?...indpost&p=26552
  8. shmengie

    Help! Im not sending this spam

    Hi Laura-Lou, There is little to nothing you can do about this. The e-mail in question most likely does not originate from you or your SMTP server. If someone you know is accusing you, have them use spam cop, which will indicate to some degree the actual source of the e-mail. Although the origin may be from within the same isp, based on the odds, that is not the case. My guess is that someone who has you in their address book, is infected with a robot virus. That virus/robot may be pulling your e-mail address out of the hat, to be the originator of the spam. From the spammer's/virus author's point of view, it makes it *more* likely the spam will be read and possibly acted upon.
  9. I've been innundated with spam. I like the idea of reporting it all, but it's simply not possible for me to spend 2 hours every morning submitting to spamcop. I've also contacted my isp and requested that they implement SCBL. They've indicated intrest, but it doesn't appear that it's happened as yet. The past two weeks have been horrible for me, so I rewrote MailReport. It's a do-it-urself spam reporting tool. I've tweeked it to do better whois lookups, though that still needs a little more tweaking, and cut down on the number of clicks required to send spam reports. Of course, over the day and a half it took me to re-write this program, about 140 spams built up in my Junk box. I managed to report them all in about 50 min, upon completing the first draft of the re-write. I still report spam to spamcop when I'm not innundated, but if I could forward reports to spamcop in my little proggie, I'd be very happy to. I've thought about automating that, but understand it's against the rules, so I haven't even considered it. However, if I could get some ppl here to check this program out, and offer advice, I'd be pleased to make corrections and additions given time. I intend to turn it into an open source project hosted by SourceForge.net if they'll accept it. Although I don't know if it's a good idea to place this tool in the hands of the general public. Which is *another reason* I raise the offer here. If you've got python experience, I might send the source. However, I have a windows installable version. I use PostgreSQL to store reporting information. Although I've not tested it w/out stuff a database full of spam, it should work w/out PostgreSQL. In ether case, the database tables will probably be changing sometime in the future, and you'll have to install postgres and run a few scripts to get that setup, should you wish to use that feature. Let me know if you are interested. -Joe
  10. shmengie


    I liked their old format too. But it's seems easier to find some things now.
  11. shmengie

    Request for infected e-mail

    Calm AV is hosted by sourceforge.net http://sourceforge.net/projects/clamav/ http://www.clamav.net/ CalmWin and a few other projects are based on calm av. http://sourceforge.net/projects/clamwin/ http://www.clamwin.com/
  12. shmengie

    Request for infected e-mail

    I'd look into Calm Antivirus. They've gotta have a decent database that's somehow accessible.
  13. shmengie

    How to report BBS spam - wwwboard

    I would report the website to the ISP whom hosts the website. Don't expect much action taken, but you might at least help the spammer move to the their next ISP victem. The vampire effect is the another course of action, but that's not necissairly a good idea.
  14. shmengie

    This particular spam won't stop

    I recieve spam more rarely from the same ip address across the pond than here in the US. Comcast customers are the most frequent repeat offenders. Maybe Asian ISPs have more "dynamic" ip addresses??? Websites hosted in china seem to be the least likely to be terminated tho.
  15. shmengie

    "Virus removed from your message!"

    I wouldn't report those messages, other than striking up a conversation with the person who's bounced the message to you. Someone who has you in their address book is infected with a virus. The only way I know to resolve this type of issue is to write the isp of the origniating infected message. Bounces too often have any/all useful information removed from the original e-mail. Appearently the author of the anti-virus wares chooses to blame the named "originator" instead of pinpointing the actual originating address as the culprit. If you recieve an infected e-mail, you need to report to the isp where the infection originated, unless you can guess who might be the infected party. In that case contact them directly and point them to some of the free tools or have their anti-virus wares updated. ISP's will shut off infected computers connections, so if it's a friend of yours it would be nice of you to contact them first. But you're stuck guessing, because ip address often don't provide very difinative identification. Now it seems strange to me that a virus would send mail under your e-mail address, yet never send e-mail to you. So if you've recieved infected messages with somone elses address (would would make sense), it may be coming from the same infected computer, trying to entice you into clicking on the infection. Report these! If you don't recieve viri in the mail, encourage the bounce originators to report the infected mail. If the viri continue to spread, we'll never see an end of the spam. So far, they propogate better than rabbits. 80 percent (if not more) of all spam is relayed thru zombies this viri creates. I've taken it upon myself to report all viri I recieve to the originating ISP. After living with a years worth of viri in the mail, after a couple of months reporting (LOL?) it's completely ceased.
  16. shmengie

    Spammers getting bored?

    I've noticed a notable increase in spam over the past few days. This year I've reported spam 110 days Averaging 48.05 reports a day. 58 | 2005-04-15 | Fri 52 | 2005-04-16 | Sat 48 | 2005-04-17 | Sun 43 | 2005-04-18 | Mon 64 | 2005-04-19 | Tue 57 | 2005-04-20 | Wed 67 | 2005-04-21 | Thu 77 | 2005-04-22 | Fri Argh... 3.6 hours to go before that 77 stops climbing Mostly stock spams... Funny thing tho, seems none of the pill popping spams resolve to actual websites anymore. I have noticed an increase in the $make$ money at home scams.
  17. shmengie

    False spam reports and ISP's supporting them?

    I don't intentionally use spamcop to report that type of spam. 40-50 spams a day makes shmengie a persistent reporting machine. Sometimes get too carried away and send out a report on an associate of mine. Hate when I do that, because I then must report myself as being bad. I really wish the spam would end or be the exception rather than the norm. I once reported one of Hanaro's replies, to my reports, as a spam to hanaro. They quit accepting my reports for a while after that One e-mail acoc**t is hurrendously spammed. Cannot alter the server configuration, to use a blacklist I could forgo using that account, but I've used it with soo many contacts, I haven't considered that a viable option. Because I recieve so much spam daily, I've found it difficult to use spamcop with out spending a large portion of my day. For this reason, I wrote a program which allows me to report directly to the Originating ISP of the spam... I even extended it to parse the spams and write a note to the web site ISPs referenced in the spam. This is the tool I use to report the psuedo spams. AFAIK no blacklists are involved in this method of reporting. After I dig my way out of the stack of spams that arrive overnight, I then start submitting spams to spamcop as well as using my reporting tool. Usually spamcop and my tool are in sync with whom to report spam. But they aren't always, so I find this is slightly more thorough means to report/handle spam. The amount of time lost in web-transit during spam reporting with spamcop is filled nicely by using my tool as well. Often the isp's recieve a couple of reports about the same spam, but none have raised an issue with me for this. Some day, I may make this reporting tool publically available as an open-source project. But... For now, it's too kludgey for me to feel comfortable with that. There are a few down sides too... I've recieved virus's in the mail from foriegn countries, where as that had not happened before using this tool. I suspect that I reported a spammer to himself, and he figured he'd fix my wagon and virus me. > The amount of spam recieved has neither diminished nor increased since I started reporting with this tool. All in all, it's kind-of a wash, but the quality and volume I report has increased, so I guess it's worth the effort. I feel better, which is all that matters (to me). A couple of days ago, I did recieve confirmation (personalized email) that a website operator who spammed me, was shut-down. That felt very good.
  18. shmengie

    False spam reports and ISP's supporting them?

    FWIW: I've reported legatimate spam on purpose. I know it may not be what you want to hear, but its true. One company I manage e-mail for, when I person leaves the organization, their e-mail gets bounced to me. When those ppl sign up for news letters purposefully or not, I end up getting spammed. Unless the link for unsubscription is clearly visible in these cases, I consider this unwanted message no better than professional spam. Since I've recieved soo much spam in my life (4048 this year alone), that I took the time to write a program to report this unwanted by-product. However, spam-cop often does pull a few more addresses than my program, so I usually report via both spam-cop and my program. Since this doesn't guarentee I'll stop recieving this psudo "spam", I also take the time to find the unsubscribe link as well. I hate, having to do that. An explaination of why the person is recieving commercial e-mail should be first and an easy-out 1 click web link second, should be the can-spam policy, IMO.
  19. shmengie

    IBM tool to spam us with "Challenge messages"

    I would hate it, if everyone used that system. Out of my 4 e-mail addresses, there's not one that has a relationship between me and my isp. I'd have to be on everyone in the worlds white list or I get to send no mail. blah.
  20. shmengie

    Strange spam

    I mentioned to my roomate a week or so ago, that that spam he recieved contained a link to an image. I guessed it was some sort of counter. Since neither of our e-mailers display links to offsite images, I tought little of it at the time. Today, I recieved yet another nonsence spam, and tracked down the link. <IMG src=3d"http://gjmatvienkoxdfg=2ecom/bdfadbb619845f8e312afd7d7/inexplicabl= e=2ejpg" border=3d0> which decodes to: http://gjmatvienkoxdfg.com/bdfadbb619845f8...nexplicable.jpg Name: gjmatvienkoxdfg.com Address: [informations about ] IP range : - Infos : CHINANET Chongqing Province Network Infos : Data Communication Division Infos : China Telecom Country : China (CN) Abuse E-mail : abuse[at]cta.cq.cn Source : APNIC After careful thought, I realized this link isn't to count me, because my e-mailer won't display the image. But I bet anything that whom-ever is identified by the /bdfadbb619845f8e312afd7d7/ section of that link who's emailer does display or tries to display that image, will recive the malware/spam proxy software that can infect their computer. I believe chinanet is a spammers safe-haven, so this makes a lot of sense to me. What I haven't figured out: how do I combat this issue?
  21. shmengie

    Why not whitelists

    AOL works over broadband. Which a convoluted issue. When you read the fine print, *other charges* and/or *other contracts* may apply. Althought it sounds like a lot of users continue to use AOL even tho they not the Broadband provider... AOL broadband customers are reported by spamcop as originating from their actual broadband provider, which really invalidates the comparision between AOL and Broadband providers.
  22. I've been submitting reports from Thunderbird source w/out incident. The "From" line is an antiquated standard used on unix systems, to separate mail messages in the mailbox. Since Mozilla runs on mutiple platforms (including Unix/Linux) I guess they chose that as the start of the mail. Crazyness: If you send a mail to yourself on (presumably any e-mailer) and have a blank line before a prior to a line that starts with the word "From", the e-mail will obfuscate the "from" so that it won't be recognised as a blanks line preceding the "From" keyword. Tho I haven't tracked it down, I think the e-mailer is responsible for mangeling the from, it could be the SMTP server that does this job. Other extra headers usually starting with "X" have no meaning, unless the e-mail reader is looking for them, and are quitely ignored.
  23. shmengie

    Why not whitelists

    I was curious, so I took a look. After reflection, I don't see the relavance. Does AOL still have Cable customers? I'm going under the assumption they don't, and in that event your comparing apples to oranges. I applaud AOL for their antivirus initiative, and suspect that may actually influence the numbers, but aside from that, dail-up and cable/dsl are two different beasts.
  24. shmengie

    I send maybe 10 emails a day

    Appearently one/some of your customers don't appreciate this feature...
  25. shmengie

    Habitual offenders

    These "habitual offenders" are big ISP shops. The addresses you actually recieve the "spam" from usually are NOT repeat offenders. I've recieved about maybe 30 spams from duplicate IP addresses out of 3000+ spams. That's about 1 percent. If the ISP shops you referenced were blacklisted (all of their customers would have to be blacklisted) and (probably) some of your correspondents would may not be able to send mail to you. That would cause a serious communication breakdown for a lot of people.