Jump to content

gwelsh

Members
  • Content Count

    24
  • Joined

  • Last visited

Everything posted by gwelsh

  1. gwelsh

    Cisco Ironport blocking

    I had this issue as well but it appears to have been fixed at some point this morning. I had been using SpamCop all along as (I thought) was required in the notification: one ISP-provided email address forwarding to SpamCop, which forwarded to a second ISP-provided mailbox, which is where I kept my mail. However, on Tuesday evening email to my [at]spamcop.net address started bouncing with "User unknown in virtual mailbox table" error. I panicked as I recalled a notice saying there would be no recovering/rescuing lost accounts. I did try one thing: I logged into www.spamcop.net and went to Preferences, Change Email address or name and saved my forwarding address (with no changes.) I don't know if this helped to correct the situation (it didn't seem to have an immediate effect) or whether the transition was proceeding anyway and it just happened to be my turn this morning. (It helped me a lot when the SpamCop home page mentioned that they were aware of a forwarding issue and were working on it. Thanks to whoever took the time to post that. I know when I'm trying to fix something urgent my instinct does not include taking time out to update a status page!) Hopefully everyone affected in this way has either been restored or will be soon; I don't know if saving your forwarding address helps or not (probably not) or whether a lot of people doing so unnecessarily might cause enough load to slow down the transition (again, probably not) but at least there's hope for anyone whose address is not yet working. However, I have to agree with everyone who has posted that anyone who has used their SpamCop address for anything but hidden purposes (given it to people or used it for any kind of registration) should be looking to update everyone/everything with a new address supported by an organization whose primary business is hosting email.
  2. Moderator Edit: Moved from the Reporting Forum ection to the E-mail Account Forum section, then merged it into the existing Topic on the same subject. Only get "Cannot log into IMAP mailserver as x[at]spamcop.net" (Can't get into webmail, either: "Could not connect to database for SQL SessionHandler.") Hasn't been this way for very long, but don't see any maintenance notices. Hopefully this has been noticed and someone's looking into it. Thanks.
  3. [sidebar: did APNIC request not to be disturbed or is SpamCop configured not to bother ARIN, RIPE, APNIC, LACNIC, etc. contact addresses (which is, in my not at all humble opinion, perfectly reasonable.)] The fundamental problem here is that SpamCop is not picking up on the proper WHOIS data. SpamCop's WHOIS for 124.42.123.69 shows only 124.0.0.0 - 124.255.255.255, but APNIC WHOIS (at http://wq.apnic.net/apnic-bin/whois.pl) returns a a more specific contact for 124.42.96.0 - 124.42.127.255 (see below.) I mention this only because I've requested report routing corrections in the past and have been told that the problem was with the lookup and that deputies can't possibly be expected to put in separate routing exceptions for every block allocated from the regional registry (which, again, I consider to be a reasonable position.) So, while it may be worth adding a report route for this particular block because it hosts so many spamvertised pages - which is also why it may not be worth reporting them since the operators are probably well aware of their activites - it would be worth far more to find out why SpamCop isn't getting the information it needs and updating the code if necessary. inetnum: 124.42.96.0 - 124.42.127.255 netname: SINNETHT descr: BEIJING GUANGHUAN HENGTONG DIGITAL TECHNOLOGY CO.,LTD. descr: Room506, Tower C, Hui Long Sen International Enterprises Technology Area, descr: No.18 Xi Hua Nan Lu, Beijing Economic Teconology Delopment Zone country: CN admin-c: WH271-CN tech-c: WH271-CN mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CN-SINNETHT status: ALLOCATED PORTABLE changed: ipas[at]cnnic.cn 20070903 source: CNNIC person: Wang Huijun nic-hdl: WH271-CN e-mail: chenbin[at]sinnet.com.cn address: Room506, Tower C, Hui Long Sen International Enterprises Technology Area, address: No.18 Xi Hua Nan Lu, Beijing Economic Teconology Delopment Zone. phone: +86-010-64181150 fax-no: +86-010-64181819 country: CN changed: ipas[at]cnnic.net.cn 20070807 mnt-by: MAINT-CNNIC-AP source: CNNIC
  4. It might not have been your fault: sometimes something in a message trips this warning. I've received "Message body parser requires full, accurate copy of message" errors even when the message was held by SpamCop and therefore had to be a full and accurate copy. If I was a spammer, I'd find out exactly what trips this exception and make sure that ALL of my spam included it. <grin> But then, if it happened a lot, SpamCoup would have to remove it. Nothing's perfect and I could live with the fact that SpamCop won't parse/report a message here and there but it bothers me that the explanation given if you click "More information on this error.." used to (may still; I haven't checked it lately) insist that the problem was human error even though in some cases it can't have been. The explanation is incomplete and frustrating to people who are trying to figure out what's happening.
  5. That's very unfortunate, since I believe that Yahoo! is responsive to complaints about GeoCities-hosted spam sites. You're not the first to say that but, that too, is very unfortunate since IIRC back in the days of prehistory SpamCop's philosophy was exactly the opposite: that reporting a compromised system after it has been hijacked to relay spam was too late, not to mention a neverending battle to exhaust a practically infinite resource. The real value was in taking down the spammer's web sites, interfering with their revenue. In some cases this is no longer true due to 'bulletproof' spam hosting but, where it's likely or even possible that the spammer may be shut down and may have to move on, I'll take a moment to contribute to that. You are not the first person to say that, either, and you may well be correct but if everyone in history had just decided to accept what was there or forget about it in stead of trying to help and improve things, we'd be living in a pretty crappy world. None of us would be here if Julian had ever accepted that e-mail was e-mail, like it or leave it. Maybe nothing that I will ever do will result in significant improvement, but I refuse to sit back and not try. I do like SpamCop, and shame on all you "like it or leave it" people for failing to recognize others' efforts to try to improve a good thing. On a more positive note, I see lots of info on how to contact JT, the deputies, and other fine folk who, unfortunately, have no control over the reporting mechanism. Does anyone have contact information for 'the powers that be'? Thanks to all who contribute, in whatever capacity.
  6. Just for fun, I put that address in the parsing window and got: ALL Geocities URLs have extreme trouble parsing, i.e. I haven't seen one work first time yet, and the average number of reloads (it varies) before SpamCop actually does something with the URL seems to be going up. this is very unfortunate, because it would seem that at least one prolific spammer is using Geocities as his host of choice. HOWEVER, "ca.geocities.com" parses first time both times I tried it. If anyone is looking into this bug, that might be a clue.
  7. gwelsh

    URLs not reported

    But, when I copy the URL and paste it into the SpamCop reporting window, SpamCop resolves it fine. OK, so the DNS servers were slow but now SpamCop knows the answer... so I go back to the spam in the reporting queue, it still doesn't report them. Also, whenever SpamCop is inable to resolve a URL, it reports that fact. It does not do so in these cases. I therefore believe that the problem is not that SpamCop cannot resolve the URL.
  8. gwelsh

    URLs not reported

    OK, here's a URL that won't be recognized no matter how many times I reload... and, since I can't get at the rest of my queued spam until I give up on this one. http://www.spamcop.net/sc?id=z801601960zb5...67868c2715a2d9z Finding links in message body Parsing text part Resolving link obfuscation http://uneaten.net/cs/?ronn http://uneaten.net/rm.php?ronn Please make sure this email IS spam: ... etc. BUT... parse http://uneaten.net/cs/?ronn on its own and I get: Parsing input: http://uneaten.net/cs/?ronn [report history] Routing details for 221.11.133.82 Report routing for 221.11.133.82: abuse[at]cnc-noc.net Statistics: 221.11.133.82 not listed in bl.spamcop.net More Information.. 221.11.133.82 not listed in dnsbl.njabl.org 221.11.133.82 not listed in dnsbl.njabl.org 221.11.133.82 not listed in cbl.abuseat.org 221.11.133.82 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 221.11.133.82 not listed in relays.ordb.org. Reporting addresses: abuse[at]cnc-noc.net ... no problem. But I can reload the original spam and it still does nothing with the URL. Maybe there's a reason why SpamCop is declining to report, but it would be nice to know what that reason is.
  9. gwelsh

    URLs not reported

    The reason the tracking URL I provided might have indicated that reports were sent is that, like someone else who posted here, I keep reloading the page (or going back to the "Unreported spam Saved: Report Now" link) until SpamCop decides to stop ignoring the URLs. Yeah, I hate spammers that much. But it's frustrating to me and, almost certainly more important, generating a lot of useless load on SpamCop if multiple people have to re-analyze their spam 10, 20, or 30 times before SpamCop works properly.
  10. gwelsh

    URLs not reported

    My two cents ($CDN; that's about a penny and a half American): From http://www.spamcop.net/sc?id=z800050261z9e...471dce20cd4346z ----- Resolving link obfuscation http://grudgingly.net/rm.php?sash99 http://grudgingly.net/cs/?sash99 Please make sure this email IS spam: ----- ... BUT... if I just paste the URL into a SpamCop reporting window, SpamCop evaluates it just fine: ----- Parsing input: http://grudgingly.net/cs/?sash99 [report history] Routing details for 211.147.228.108 De-referencing gddc.com.cn[at]abuse.net abuse net gddc.com.cn = ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net Report routing for 211.147.228.108: ctsummary[at]special.abuse.net, abuse[at]gddc.com.cn, anti-spam[at]ns.chinanet.cn.net ctsummary[at]special.abuse.net redirects to ct-abuse[at]sprint.net ct-abuse[at]sprint.net redirects to ct-abuse[at]abuse.sprint.net abuse[at]gddc.com.cn bounces (19 sent : 10 bounces) Using abuse#gddc.com.cn[at]devnull.spamcop.net for statistical tracking. anti-spam[at]ns.chinanet.cn.net bounces (102 sent : 23203 bounces) Using anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net for statistical tracking. Routing details for 211.147.228.108 Statistics: 211.147.228.108 not listed in bl.spamcop.net More Information.. 211.147.228.108 not listed in dnsbl.njabl.org 211.147.228.108 not listed in dnsbl.njabl.org 211.147.228.108 not listed in cbl.abuseat.org 211.147.228.108 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 211.147.228.108 not listed in relays.ordb.org. Reporting addresses: ct-abuse[at]abuse.sprint.net Third parties interested in reports: abuse[at]gzidc.com ----- OK, bad example as this LART would likely be ignored anyway. But the URL exists and SpamCop knows it exists... so why isn't it offering to report it? Moderator:Removed munge of Tracking URL
  11. gwelsh

    How clueless can I b?

    For Betsy & Derek: Outlook Web Access is not Outlook, it is an ASP-based web application meant to approximate the basic functions of Outlook, allowing people to access MS Exchange mailboxes using a web browser in stead of a mail client such as Outlook. It is very useful when people are out of the office or their laptops are fried and they still need to access their e-mail. I suppose one could also use it in place of the more expensive MS Outlook program itself. For Candie: I use a 5.5-based OWA and I'm pretty sure that I cannot obtain the kind of header information required by SpamCop; version 2000 or 2003 may be different. If there's some way you could POP a copy of your mail with Outlook Express or access it with Outlook (either way, you'll have to talk to the mail administrator), then you should be able to access the headers no problem. I recommend OE first because it doesn't require you to use the 'workaround' form that outlook may require, but be sure to check the box that says "leave mail on server" when configuring it or you'llfind your Exchange mailbox emptied!
  12. gwelsh

    Is SpamCop Working?

    Yes, absolutely, though how much obviously varies. One proof is the lawsuit filed against SpamCop. Many SpamCop users are discouraged because the amount of spam they get increases in stead of decreasing or even stopping, but that is the natural way of spammers: once one of them has your address, more and more will get it. However, I am certain that SpamCop does slow the rate at which spam increases and helps to inconvenience spammers. As I like (probably too much) to say, we fight spam for the same reason we fight crime: not because we really believe that we'll ever completely eliminate it, but because we don't want to live in a world where either goes unopposed.
  13. I'd really like to hear if anyone knows of any evidence that the Chinese admins take action against spammers' web sites. Thanks...
  14. gwelsh

    Forum configuration

    Actually, my only gripe is that there is much ambiguity between the fourm and the newgroups. I used the newsgroups for years but, earlier this year, I had a problem and asked about it in the newsgroups but never got an answer; I came to the forum because someone suggested that it had replaced the newsgroups. Then I had a comment on routing and put it on the forum, but was told that it didn't belong there and I should have used the newsgroups! It's great that the SpamCop folk want to improve the forum, but maybe they should start by deciding what things belong exclusively to one place and put that information right up front where even a fool like me can't possibly ignore it.
  15. Thank you all for your replies, but... I think we're talking apples & oranges. I'm not blaming the Chinese for having lots of exploited systems used to distribute spam, a la Comcast. However, the vast majority of the spam I get advertises web pages hosted in China, and the reports go and go and go but the spam continues and the LARTs seem to have no effect. I know that there have been other black hat ISPs, but I have never seen so many spamvertised sites remain seemingly unaffected for so long before, not when the spammers hosted in Costa Rica, not when they hosted in Romania, and not when they started hosting in Russia. I get very frustrated when I see news items about the Chinese governemnt cracking down on spam by blocking mail from this spam source or that spam source but apparently ignoring the fact that many if not most of the web sites advertised are hosted in their own country and that, by permitting this, they are making life very cozy for the spammers.
  16. Not a word of a lie, but SpamCop just said to me: "Yum, this spam is fresh! Message is old" Mind you, I never understood those with a taste for old cheese, either.
  17. I don't see a .routing forum here, so here it goes. SpamCop says: Tracking message source: 62.97.180.205: Routing details for 62.97.180.205 [refresh/show] Cached whois for 62.97.180.205 : staff[at]smrtcall.net Using last resort contacts staff[at]smrtcall.net RIPE says: remarks: ******************************************************** remarks: Abuse/spam reports must be sent to: remarks: abuse-role[at]smrtcall[dot]net remarks: remarks: For other issues contact: tech[at]smrtcall[dot]net remarks: remarks: BE WARNED: staff[at]smrtcall.net is an unmaintained mailbox remarks: ********************************************************
  18. Once again I have a phantom message; this is how it looks in the Held Mail screen: Check All Reset [3046] ( Preview ) () If I click on Preview, I get: ============================================================================== Previewing raw email. Use your browser's back button to return to menu. ============================================================================== error:Cannot find 3046 SpamCop may not be able to display it, but it certainly can forward it and, when it arrives at its final destination, it looks like this: Return-path: <eifzxkudfzhx[at]msn.com> Envelope-to: [my private ISP mailbox] Delivery-date: Thu, 08 Apr 2004 19:11:00 +0000 Received: from mail by smtp-03.primus.ca with spam-scanned (Exim 3.36 #1) id 1BBevU-0002Z2-0A for [my private ISP mailbox]; Thu, 08 Apr 2004 19:11:00 +0000 Received: from smtp6.pvt.primus.ca ([127.0.0.1]) by smtp-03.primus.ca with esmtp (Exim 3.36 #1) id 1BBevU-0002Yt-0A for [my private ISP mailbox]; Thu, 08 Apr 2004 19:11:00 +0000 Received: from smtp-03.primus.ca (smtp6.pvt.primus.ca [127.0.0.1]) by smtp6.pvt.primus.ca (VaMailArmor-2.0.1.16) id 09844-2DBA0D49; Thu, 08 Apr 2004 15:11:00 -0400 Received: from c60.cesmail.net ([216.154.195.49]) by smtp-03.primus.ca with esmtp (Exim 3.36 #1) id 1BBevU-0002Ye-0A for [my private ISP mailbox]; Thu, 08 Apr 2004 19:11:00 +0000 Received: from unknown (HELO beta.cesmail.net) (192.168.1.150) by c60.cesmail.net with SMTP; 08 Apr 2004 15:11:01 -0400 Received: (qmail 16754 invoked by uid 0); 8 Apr 2004 19:11:01 -0000 Received: (qmail 25052 invoked from network); 6 Apr 2004 20:42:37 -0000 Received: from unknown (192.168.1.213) by blade1.cesmail.net with QMQP; 6 Apr 2004 20:42:37 -0000 Received: from ptd-24-198-38-47.maine.rr.com (24.198.38.47) by blade3.cesmail.net with SMTP; 6 Apr 2004 20:42:37 -0000 Received: from 180.128.255.128 by 24.198.38.47; Tue, 06 Apr 2004 17:37:44 -0400 Date: 8 Apr 2004 19:11:01 -0000 From: root[at]beta.cesmail.net Cc: recipient list not shown: ; Delivered-To: [my SpamCop address] Message-ID: <L[20-25 X-SpamCop-Checked: X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.16; VAE: 6.24.0.7; VDF: 6.24.0.58; host: mail.primus.ca) X-spam-Checker-Version: SpamAssassin X-spam-Status: No, hits=2.1 required=7.0 [no message body] This happens to me often enough that I'd really want to know what happened and, in particular, whether I could be losing legitimate messages. Thanks,
  19. I spoke too soon: I have another one today. In webmail's held mail page, it looks like this: 1 Unknown Date Invalid Address [No Subject] 722 If I open it, I see: Subject: [No Subject] Headers: Show All Headers There was no text in this message part If I click on "Show All Headers" I see: Delivered-To: spamcop-net-[my SpamCop address] Message-ID: <Q[20-25 Received: (qmail 4880 invoked from network); 11 Apr 2004 10:09:50 -0000 from unknown (192.168.1.101) by blade4.cesmail.net with QMQP; 11 Apr 2004 10:09:50 -0000 from unknown (HELO 216.154.195.36) (203.151.216.3) by mailgate.cesmail.net with SMTP; 11 Apr 2004 10:09:49 -0000 from 42.64.80.76 by 203.151.216.3; Sun, 11 Apr 2004 09:08:52 -0200 Return-Path: <dbfwuv[at]yahoo.com> X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4 X-spam-Level: ******** X-spam-Status: hits=8.0 tests=DATE_MISSING,FORGED_RCVD_NET_HELO,FROM_NO_LOWER, INVALID_MSGID,RCVD_NUMERIC_HELO version=2.63 X-SpamCop-Checked:
  20. I use web mail extremely rarely and IMAP not at all; when I first saw this problem, I was forwarding e-mail to my 'secret' ISP address. The situation did not change when I changed to POPping from SpamCop, and it has recurred since I went back to forwarding. Unfortunately, in order to get the results I posted here, I forwarded the message. Although I've seen many of these, they don't come at regular intervals and I don't know when I'm going to get another chance to poke at one sitting there waiting. I would love nothing better than to know for certain that these messages are the result of invalid SMTP sessions or invalid delivered messages. I'm spoiled: I am a corporate mail administrator and I'm used to having access to copious logs to investigate anything that bothers me. Thanks.
  21. Sometimes when I bring up my "held mail" list, there are entries like these: Check All Reset [2844] ( Preview ) () [2845] ( Preview ) () If I click on "Preview", I get only: ============================================================================ == Previewing raw email. Use your browser's back button to return to menu. ============================================================================ == error:Cannot find 2844 To make matters worse, I suspect that I am not receiving all mail that was sent to me. False alarm? Problem with my account? Thanks
  22. Further information: I tagged one of these babies (which SpamCop told me it couldn't find) for release and POPped it; here is the entire source of the message I received: Return-Path: <tqcbbyol[at]233wmedns.com> Delivered-To: spamcop-net-<x>[at]spamcop.net Received: (qmail 29523 invoked from network); 16 Mar 2004 08:25:18 -0000 Received: from unknown (HELO blade3.cesmail.net) (192.168.1.213) by blade6.cesmail.net with SMTP; 16 Mar 2004 08:25:18 -0000 Received: (qmail 23488 invoked from network); 16 Mar 2004 08:25:18 -0000 Received: from adsl-67-125-217-122.dsl.lsan03.pacbell.net (67.125.217.122) by blade3.cesmail.net with SMTP; 16 Mar 2004 08:25:18 -0000 X-Message-Info: J[1 X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: ** X-spam-Status: hits=2.9 tests=DATE_MISSING,FROM_NO_LOWER version=2.63 X-SpamCop-Checked: Perhaps this was created by a prematurely aborted SMTP session? Thanks,
  23. gwelsh

    Spirited debate for Spamcop users

    Why do you say "unscrupulous spamcop users"?!? They are not spamcop users who drew your name out of a hat and harassed you, they are all recipients of your mailing list. Why are you not referring to them as "unscrupulous recipients of my bulk e-mail"?!? You also seem to be under the impression that compliance with the CAN-spam act makes your e-mail legitimate. However, you may still be in violation of your Terms of Service/Acceptable Use Policy and of other laws both in the United States and in other jurisdictions worldwide. I ask you to ponder this analogy: there's probably no federal law against sticking your tonge out at someone but, if you walk around sticking it out at everyone you see confident that you're legitimate, you're still eventually going to get a punch in the face and there will be a lot of other annoyed people who didn't go that far but are applauding the person who did. Another analogy: there are laws regulating gun use and most people obey them (while it seems that only a few bulk mailers obey the CAN-spam act), but does that mean that it's necessarily safe to let a stranger with a gun into your house? Of course not, because you have no idea whether that person is trustworthy. The fact is that most unsubscribe requests are a waste of time, but some simply encourage the spammers to send more mail to 'confirmed' victims. You are apparently a stranger to the recipients of your mail, and they do not trust you with their unsubscribe requests. The world of commerce existed (and seemed to be doing quite well, thank you) long before e-mail was invented, and it does not depend on e-mail to continue. The fact that people make a living from something does not make it right, and I hope that I don't need to provide a (potentially inflamatory) example to illustrate this. Finally, I leave you with one thought: people hate spam for many reasons and individual mailings may be wrong or even illegal for any number of reasons, but there is one reason why it is always wrong to send advertising to people without their PRIOR permission: the recipient pays the bulk of the delivery cost, and taking advantage of that is theft. Even 'good' bulk mailers who comply with the CAN-spam act are thieves; my final analogy: I steal (something small, don't want to ruin anyone's lives) from every house in a city... but it's alright because I'll gladly stop stealing from anyone who's willing to tell me who they are so I know which house to take off my list.
  24. I'm not using IMAP; when this started happening I was forwarding to my 'secret' ISP-given e-mail address and, since then, I've changed to polling using POP3. Thanks.
×