Jump to content

PGTips91

Members
  • Content Count

    46
  • Joined

  • Last visited

Community Reputation

0 Neutral

About PGTips91

  • Rank
    Member
  • Birthday 06/26/1941

Contact Methods

  • AIM
    PGTips91
  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Auckland, NZ
  1. PGTips91

    Amazing reduction in Spam

    Hi Mike, In order to complete your checking, perhaps you need to start again reporting spam and then report back whether the number of spam emails received goes back up. Otherwise you have not proved cause and effect between the drop in numbers following cessation of reporting, it could be just a coincidence. Could it not be that your reporting brought an end to the spam, eventually, rather than your cessation of reporting, although the latter was closer in time? Paul
  2. PGTips91

    What will it take to eliminate SPAM?

    New Internet (IPv6) Workshop Just by way of illustration, the latest proposal for Internet Protocol, IPv6, has been under development since 1995! Paul
  3. PGTips91

    What will it take to eliminate SPAM?

    I did not actually propose legislation in my initial post. That was inferred from my use of 'the Companies Office' as an illustration of the kind of verification needed to back up the commercial use of the Internet. Unless the identity of the person or organisation that you are dealing with is known or can be ascertained with certainty then normal legal processes cannot be used. With proper identification, normal commercial laws and practice would be well able to make it uneconomic for Spammers to continue. Most providers already have provision in their Terms Of Use that could be used if the legal identity and address of the Spammer were known. Since most people have to pay for their Internet access, their provider would have to know their legal identity and address. My call has been uniformly for the Internet community to cooperate in the matter of getting rid spam. I don't think that legislators can understand the problem well enough to solve it nor do I believe that they are independent enough of pressure groups to be unbiased. Paul
  4. PGTips91

    What will it take to eliminate SPAM?

    These quotes are taken from none other than IronPort's own documentation, [pdf file at Email Authentication.] I rest my case that the system is 'broken' and needs fixing - especially with proper authentication of the sender. Looked at from another perspective, spam as a world-wide problem, is costing in the order of fifty billion dollars a year and rising.. Surely the answer must be to change the protocols so that Spammers are not given the chance to hide their identity and escape liability. I don't accept the argument that "millions have been spent on looking for a solution, so if it could be done it would have been done already". How much has really been done? In my research of the currently in-use and proposed protocols, I discovered to my amazement that the authors names are all listed - just a short list - and these have been around as RFC's since the late 90's. It would seem that everything is being tried without first changing the protocols so as to give them a much needed security layer! No wonder none of these proposals have worked very well or gained widespread acceptance. Unfortunately most of the money spent looking for a solution has been invested in the hope of making more money from the situation rather than with the aim of everyone being better off equally. There simply hasn't been the will or the incentive to tackle the underlying problems in the antiquated protocols that are in use. Maybe it would take a lot of people co-operating together and quite a bit of money to solve the problem, but at $50,000,000,000,000 per annum I think that, in normal circumstances, people would think it worthwhile spending quite a bit of money, time and effort in achieving that goal. What is required is that the task of providing a solution be removed from competing players with their necessarily superficial approaches and the co-ordination of an industry-wide effort through an independent body with independent funding. This body would be commissioned with the task of speeding up the process of designing, testing and gaining wide implementation of a set of protocols capable of ensuring the continuance of email as a secure, efficient method of communication - without the burden of the parasitic infestation of Spammers eating out its vitals like tape-worms in a malnourished child. There would be room in this model for an ongoing taskforce that would be charged with keeping the protocols ahead of any effort by the Spamming community to subvert the new protocols. There would be room for an advisory body to provide documentation, training and general education to enable the Internet community to cope with these necessary changes and to keep on top of the technicalities. After all, if Spammers are employing professional programmers to stay ahead in the present system it would be wise to keep the initiative with the wider Internet community by employing the same level of expertise to keep the protocols ahead of abuse in each new development in technology, as a public good shared by all. Since the cost-savings would vastly outweigh the funding required, everyone would be better off. There are good models for this approach. As one example take IPv6 Forum at Home. There was a better example which I have lost the link to, but this will illustrate the point. By bringing together academics, industry leaders and technical people with a common goal, the task can be expedited. IPv6 needs to be implemented in the near future and this could be coordinated with that process. Some radical new thinking and co-ordinated action is needed. Paul
  5. PGTips91

    What will it take to eliminate SPAM?

    spam Growth Not only has the percentage of spam been increasing, but as Spammers have to try harder to get through the spam filters, the size of each email is also increasing. Many of those that I receive are mainly JPEG files and when I see a larger than normal email I can almost predict that it will be spam. These, with hidden 'innocuous' text and with no detectable URLs, are passing through the spam filters. The need for reform still remains in spite of several partial solutions proposed nearly a decade ago. The current system has been almost unchanged since the beginning of the Internet. Does anyone remember how much spam there was ten years ago? Proprietary solutions will not work on their own and are in a kind of parasitic relationship with spam anyway. Until the wider community of email users get involved in demanding and providing a solution we will continue to sink under this avalanche of unwanted garbage. Paul
  6. PGTips91

    Too many links message

    Hi Wazoo, I take your point about this topic having been thrashed to death over a long time. I'm sorry that I did not search the forums and see that before posting my observations. Also, because I am not familiar with the breadth of topics that have come up here I would not know where else would be better to post. I was reluctant to start a new topic for the same reason. I posted here because I felt that there was a similar issue involved. By all means, if you can merge with an existing topic for various techniques used by Spammers, do so. I would appreciate your help in keeping this forum more readable and searchable. Thanks, Paul
  7. PGTips91

    Too many links message

    Yes, but it did pass the spam filter and it did pass the reporting process. And it did display when I looked at it in Webmail. So quite possibly it was a deliberate ploy. I will watch and see if I get more like this. Another ploy I have seen lately is a jpeg with the payload and some seemingly informative text that follows that lets it through the spam filters. Like this. I don't buy into the idea that Spammers are just stupid. They know a lot more than the bulk of users and they must make money out of their schemes in the main. Misguided is a better description in my mind. Paul This is a multi-part message in MIME format. --Boundary_(ID_y+kezEbrcrMU2OfOTFREvw) Content-type: text/html; charset=us-ascii Content-transfer-encoding: 8BIT <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFC" text="#C2C856"> <p> <a href="http://039.rapishawtfiftey.com"><IMG SRC="cid:part1.04030903.09030402[at]itndpjqad[at]hotmail.com" border="0" ALT=""></a></p><p><font color="#FFFFF4">Jesus. ?? ? ??? Denisse Richards He came in while I was looking and he got mad.</font></p><p><font color="#FFFFF9">Not great, and there were plenty of details still to be worked out, but it looked okay. When one was sleeping it was as if the tide was in, and there was some relief. No rolling out of bed. And. It had been almost a week, and her failure to notice was a small miracle. On September 9th she went on trial for the murder of Girl Christopher, a female child one day of age. Why, that she didn't hold all the cards after all — that I had a certain passive hold over her. Linux</font></p></body></ht --Boundary_(ID_y+kezEbrcrMU2OfOTFREvw) Content-id: <part1.04030903.09030402[at]itndpjqad[at]hotmail.com> Content-type: image/gif; name=bittern.GIF Content-transfer-encoding: base64 Content-disposition: inline; filename=bittern.GIF
  8. PGTips91

    Too many links message

    Here is another slightly off topic reference to a new trick by spammers to bypass the parser. This time the message is all in the Subject Line: -- SUBJECT: Fw[83]: Hi ... Mon, 06 Feb 2006 22:51:57 +0200 paulgtaylor91[at]clear.net.nz Do You have enough pwoer to provide your patrner high quality S-EX on St.Valentine day? Get a MON-STER pwoer, nothing can bring your ererction down! Show your partner the PWOER of your LOEV and she will always remember You. Loev will ALWAYS be associated with YOU! Your order will be PRIVATE, nobody will know what You use. Follow this link and get SSPECIAL DISSCOOUNT for that period: http://Amghmdl639mnmjsgyeh1y93gyy.unspargl.com/ The parser sees this: -- Finding links in message body Parsing text part no links found Please make sure this email IS spam: From: Robert Smith <uohpuj[at]sesmail.com> (Fw[83]: Hi ... Mon, 06 Feb 2006 22:51:57 +0200 x Do You have enough pwoer to provide your patrner high quality S-EX on St.Valentine day? Get a MON-STER pwoer, nothing can bring your ererction down! Show your partner the PWOER of your LOEV and she will always remember You. Loev will ALWAYS be associated with YOU! Your order will be PRIVATE, nobody will know what You use. Follow this link and get SSPECIAL DISSCOOUNT for that period: http://Amghmdl639mnmjsgyeh1y93gyy.unspargl.com/) Lsijlans Qxgoumienib Mon, 06 Feb 2006 22:51:57 +0200 View full message But putting the URL from the subject line into the parser gives this result: -- SpamCop v 1.516 Copyright (C) 1998-2005, IronPort Systems, Inc. All rights reserved. Parsing input: http://Amghmdl639mnmjsgyeh1y93gyy.unspargl.com/ Host amghmdl639mnmjsgyeh1y93gyy.unspargl.com (checking ip) = 218.89.137.53 host 218.89.137.53 (getting name) no name Routing details for 218.89.137.53 [refresh/show] Cached whois for 218.89.137.53 : ipadmin[at]my-public.sc.cninfo.net anti-spam[at]ns.chinanet.cn.net Using abuse net on ipadmin[at]my-public.sc.cninfo.net abuse net sc.cninfo.net = postmaster[at]mail.sc.cninfo.net, security[at]mail.sc.cninfo.net, ctsummary[at]special.abuse.net, postmaster[at]sc.cninfo.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net Using best contacts postmaster[at]mail.sc.cninfo.net security[at]mail.sc.cninfo.net ctsummary[at]special.abuse.net postmaster[at]sc.cninfo.net ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net Statistics: 218.89.137.53 not listed in bl.spamcop.net More Information.. 218.89.137.53 not listed in dnsbl.njabl.org 218.89.137.53 not listed in dnsbl.njabl.org 218.89.137.53 not listed in cbl.abuseat.org 218.89.137.53 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 218.89.137.53 not listed in relays.ordb.org. Reporting addresses: postmaster[at]mail.sc.cninfo.net security[at]mail.sc.cninfo.net ct-abuse[at]abuse.sprint.net postmaster[at]sc.cninfo.net The tracking link is here. Paul
  9. PGTips91

    Too many links message

    Sorry for not quoting my previous post. I was referring to my last reference there which was slightly off topic, but related. Thanks for your elucidation of the problems faced by the parser. Paul
  10. PGTips91

    Too many links message

    Just reporting now and getting the problem of part URL used as tracking URL: Resolving link obfuscation http://mid.populus Host mid.populus (checking ip) IP not found ; mid.populus discarded as fake. http://mid.populusoft.com/ http:// Normalizing slashes: http:// Tracking link: http://mid.populus No recent reports, no history available Cannot resolve http://mid.populus Tracking link: http:// [report history] ISP does not wish to receive report regarding http:// http:// is not a hostname Cannot resolve http:// On refreshing, I receive a resolution, but with a repeat of the above: Resolving link obfuscation http://mid.populus Host mid.populus (checking ip) IP not found ; mid.populus discarded as fake. http://mid.populusoft.com/ Host mid.populusoft.com (checking ip) = 58.56.12.91 host 58.56.12.91 (getting name) no name http:// Normalizing slashes: http:// Tracking link: http://mid.populus No recent reports, no history available Cannot resolve http://mid.populus Tracking link: http:// [report history] ISP does not wish to receive report regarding http:// http:// is not a hostname Cannot resolve http:// Tracking link: http://mid.populusoft.com/ [report history] Resolves to 58.56.12.91 Routing details for 58.56.12.91 [refresh/show] Cached whois for 58.56.12.91 : ipreport[at]sdtele.com anti-spam[at]ns.chinanet.cn.net abuse net chinanet.cn.net = anti-spam[at]chinanet.cn.net, ctsummary[at]special.abuse.net, postmaster[at]chinanet.cn.net Using last resort contacts anti-spam[at]chinanet.cn.net ctsummary[at]special.abuse.net postmaster[at]chinanet.cn.net ipreport[at]sdtele.com ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net postmaster[at]chinanet.cn.net bounces (99 sent : 20164 bounces) Using postmaster#chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. The Tracking URL for the above is here.
  11. PGTips91

    Too many links message

    Hi Petzl, Yes, it is gratifying to see that there is a responsiveness at SpamCop. I have already seen an improvement in finding URLs with a server name prefixed to the domain name. So the trick of putting spurious server names that kept changing to put SpamCop off the scent is no longer working for the Spammers. Great to see. The trick of using a Google redirect is still confusing SpamCop, though. It finds the Google URL and chooses to not report it, ignoring the redirect URL that is really being pointed to. When I manually strip the http://www.google.com/url?q= off the link and paste it in by itself, the parser does find the IP address. For a recent example see this Tracking URL. It would not be difficult to test for the string "url?q=" to find redirects. On a different but related topic, I have noticed a number of times that the parser, when looking for embedded URLs, finds a number of irrelevant parts which it wastes time evaluating even though they could not be properly formed URLs. This does seem to be an error in the parser that is wasting CPU cycles. It may have been fixed in the latest revision, but I will keep a lookout to see if it really has been fixed. Paul
  12. PGTips91

    Too many links message

    Hi, I have been getting some of these 'too many URLs' messages. Most recent one is at : -- Tracking URL Resolving link obfuscation http://uuao.nanoectione.com/?ayip Host uuao.nanoectione.com (checking ip) IP not found; uuao.nanoectione.com discarded as fake. http://ohhh.nanoectione.com/?vrwh Host ohhh.nanoectione.com (checking ip) = 220.231.20.231 host 220.231.20.231 (getting name) no name http://xdlg.nanoectione.com/?hfwg Host xdlg.nanoectione.com (checking ip) IP not found; xdlg.nanoectione.com discarded as fake. http://cvvg.nanoectione.com/?vfwy Host cvvg.nanoectione.com (checking ip) IP not found; cvvg.nanoectione.com discarded as fake. http://bwiv.nanoectione.com/?bjow Host bwiv.nanoectione.com (checking ip) IP not found; bwiv.nanoectione.com discarded as fake. http://kqgm.nanoectione.com/?fevn Host kqgm.nanoectione.com (checking ip) IP not found; kqgm.nanoectione.com discarded as fake. http://nldd.nanoectione.com/?dplw Host nldd.nanoectione.com (checking ip) IP not found; nldd.nanoectione.com discarded as fake. http://qlfd.nanoectione.com/?okdc Host qlfd.nanoectione.com (checking ip) IP not found; qlfd.nanoectione.com discarded as fake. Too many links. It is interesting to me that the parser found and resolved one link but failed to report it. Also, it appears that the server names are random and designed to put the parser off. When clicking on these links in the spam email they do resolve to the same web page even though they do not work in a DNS search. This does seem to be a definite technique used by Spammers to subvert the reporting of the Spamvertised site. Although this aspect is secondary to SpamCop I would like to see at least some attempt to provide a more reliable parsing. As to the amount of CPU time required, I have to refresh the web page several times in order to get a properly parsed result in many cases. I simply do not believe that this is not more costly than having the parser do the work better the first time. Come on SpamCop. Get it right the first time. This is the most efficient method. Paul
  13. PGTips91

    The Old Post Office - 103sponend.com

    If you read the first posting on this thread http://forum.spamcop.net/forums/index.php?...indpost&p=36350 the 'explanation' does not seem to hold water. If the client made a 'mistake' and bought a list that added 5% of poisoned email addresses, why could they not simply remove them [go back to the list from a backup, maybe]? Besides, the first post was on November 21. It doesn't take that long to resolve an unintentional error. Just my take after reading through this whole discussion as I was looking for other information. Paul
  14. PGTips91

    What will it take to eliminate SPAM?

    No, Steven, I based my thinking on the idea that all traffic on the Internet [physical network] proceeds as packets sent using the DNS, HTTP and other protocols, and that this would include the email system. Therefore I assume that each email would progress along a path similar to that revealed by a Traceroute search which would show multiple hops from the sender to the receiver, of the order of 20 or so typically. If I were to send an email, it would go, first to my own email server, Proxy+, then to my ISP,currently smtp.wxc.co.nz, then they would transfer it to ... and finally the ISP of the recipient would get the packet(s). With my proposal, instead of using smtp [simple Mail Transfer Protocol], I would have to use a new protocol - [smtp?? - Secure Mail Transfer Protocol] - and this would check at the border of the secure network that it was coming from a legitimate sender and drop it at the border if it did not pass the right IP information about me or my ISP [held on DNS servers]. This would mean that all smtp servers participating in the secure network would have to be recorded in the DNS records for their domain, something that is already being done partially, so it cannot be an insoluble problem. Carrying on from what I have said above, you would need to authenticate yourself to your ISP before 'sending' any email messages and they would have to authenticate you as a legitimate member of the secure email network. Of course, each layer of authentication would require a legally binding agreement between both parties that enabled penalties to be imposed for breaches of the agreement with fuller sanctions for repeated breaches, such as banning from the secure network for a limited or unlimited time depending on the severity of the breaches. In short, I don't see any insuperable problems with this scheme. Paul
  15. PGTips91

    Seems like more spam now

    Hi Steven, Thank you for your contributions to this thread. Maybe I should not have used the word "whitelist" as that would presuppose that someone would have to maintain a separate list, which would never be up to date, just like blacklists can never be up to date. Rather the concept is to include the information in the DNS system. The responsibility to supply the information would rest with all those ISPs and without their cooperation they would be excluded from the secure email network. I know that there are systems, based on the current insecure email system, that try to do some of what I am proposing. The difference in what I propose is that there be a completely separate secure email system, with proper commercial/legal protections to ensure compliance by participating individuals or entities. Entry to the network would be by commercially binding agreement with some overseeing entity or entities with penalties for breeches of the agreement [read sending spam, hosting spammers, allowing open relays, etc]. From my limited research I think that this is a novel approach. If I am wrong and there are already proposals to do something like this I'd be glad to hear about it. Paul
×