Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Rapakiwi

  • Rank

Contact Methods

  • Website URL
  1. Yes, you are right. My apology. I had forgotten that this thread was on Thunderbird. In earlier discussions, I found that many people (using many mailing agents on many operating systems) report their spam without opening it (Miss Betsy being one), likely in wise fear of web bugs and malware; and others (including me) were unaware of the safety features (if any) that various mailing agents imposed upon their 'Junk folders'. There are dozens of mailing agents. Most people used subject lines to easily recognize spam, and 'Delivery Status Notification' (sorry about the typo) was just an example of a subject line designed to fool the non-paranoid person into quickly opening it. (You recognized this one as spam by opening the letter yourself and finding a hyperlink inside.) Normal people shouldn't have to open mail unsafely or read full headers and check the ip addresses using, for example, http://www.domaintools.com/ Apple's approach opens these safely in the junk folder (as does many others, I'm sure), but what should the normal person do; especially if such deceptive spam appears in their inbox? (Using a PC should be like driving a car.) Yes, you are correct: this is the help section. I didn't mean to address this subject to help Axxxim, who has no need of help. My posts everywhere are addressed to normal people (hence my language), just to help 'clean the sidewalk I walk on'. Individual help I offer by e-mail; but posts are for everyone. Axxxim did raise an important point the normal person should be aware of, and the normal spam reporter needs to solve. (Yes, you have already, I know.) The 'you' that follows refers to a normal person. Apple's solution is to treat all new mail as suspicious, and open it in the Junk folder. Apple Mail's Junk folder is a 'sandbox', in which one can open any letter safely. Only if the letter is from someone in your Address Book, a previous recipient, or mail you manually marked 'Not Junk', will the new letter appear in your Inbox rather than the Junk folder. After a while, the normal user finds all Junk becomes spam. Problems occur when you have sent carbons to your own address, and spam sent from 'your account name' appear in your Inbox with an innocuous subject line, such as 'Re: Yesterday. Habit may cause many (such as me) to open it (which is why I have it automatically checked for at least malware first, using a method which will not protect one from malware installed by a computer to which I was automatically redirected when the letter was opened. (When this happens, I pull the ethernet and run two malware checkers (whose databases were updated when the machine booted in the morning). Rapakiwi
  2. Lking, China is likely too busy negotiating baby formulas with Taiwan to consider aggression. However, Axxxim's point (I think) is a good one, once raised by Miss Betsy. How do you verify that a letter is spam without opening it? Even after running it through your ISP's filters and your own malware filters, opening it can open many little 1x1-pixel GIF images back in ... 'China': web bugs. SpamCop's 'filter' (please substitute the correct acronym) I can't speak of. However, the classic web bug, I've noticed, has recently been replaced with innocent-looking little company logos or signatures small enough to preferably be sent as a real image rather than a hyperlink. I should guess it hard to automatically filter these out: they could be colorful buttons, for example. You know this, so this is written for others. Your method of 'white listing' all but your reliable correspondents is an excellent strategy, advocated by Apple. However, it doesn't solve the problem of what to do with the letter titled 'Deliver Status Notification (Failure)' currently in my Junk Folder. I received a genuine one yesterday. This one I know is spam, likely with web bugs, because it was not sent from an automated mailer or Postmaster, but from me. :-) In the 90's, I used to just unplug the ethernet cable before reading all mail. This would work when reading suspect mail (and manually removing suspect files). Apple's Junk folder (junk status) prevents opening any images on the sender's site; but I don't know whether others' do. This subject is in apropos for this thread. Perhaps someone could re-post Axxxim's amusing little post to a new thread, if the administrators feel this subject is one that spam reporters (average folk) should be more aware of. I have no doubt it is discussed in a help file I should have read. Rapakiwi Persona non Grata
  3. Rapakiwi

    Submitted spam - no response anymore

    Step 1. Have you a local ISP? I'm given five free local accounts by mine, and my wife pays only $20 a month for our speedy 1 Mbit/second DSL. Apple, in my experience, listens to no one. Apple I still recommend for my family, though every time an 'upgrade' appears, unhappy surprises occur to someone. (There are many hardware, software, & settings variants among Apples. One never knows who will be surprised.) Step 2. Return to step 1. Strangely, I had been reading about mail on the (censored) Apple Discussions after Thanksgiving, when all mail from mac.com stopped reaching my family. No one on the Board had experienced this. When I went to .Mac (Cupertino's site), I found mac.com being changed to me.com -- and, though a developer (of free, scientific software) and security list recipient, I hadn't been told. The site now looked designed for 10.5 (hint). The site claimed my password failed, but logged me in anyway. (That's Apple!) The two weeks of mail was there, in the Inbox. Upon logging in to .Mac, it all poured into the Apple Mail on my desk: but all into the Junk folder! I noticed something different: the server had a Junk filter that could be turned on and off. (It clearly had one before, but we weren't given this strange option.) It was off by default. Ah! It always assumes mail from a new recipient Junk, and turning it on would teach it who was naughty & who was nice (synchronizing it with my address book and previous recipients). All would work well. Turning it on for the day blocked all my wife's incoming mail again, possibly because the IMAP account told it instead that her correspondents (now in my Junk folder, thank you) had become personae non grata, and held them there. Thank you, Apple. Though I logged back onto .Mac and turned off the server's Junk filter (whatever that means, for I haven't seen one spam letter in six years), and I assured my Junk settings were identical on server and agent (on my desk), it has a long memory: all mail is now sent to me as Junk, despite the senders' being in my Address Book and in my 'previous recipients'. Ch*$#&! When I have the time, I'll turn the server's 'Junk' switch back on, then mark my hordes of mail properly, manually sync the 'account settings', and see whether the server will learn to send it to me. I really doubt it. For this reason, my advice would be to go to step 1. Most respectfully, Rapakiwi
  4. Indeed, all good things come to an end, such as 'finger', then 'return receipts'. Because this thread began with a discussion of fast switching of ip addresses on one name server, then the fast switching of name servers themselves, I draw your attention to this proposed software change to, or 're-design' of legitimate name servers to ameliorate some of the 'fastflux' spam problem. http://tools.ietf.org/html/draft-bambenek-doubleflux-01 Note that it is already a violation of ICANN contract for a safe little site name, such as canadianpharmacy.cn, to be sold a different ip address if it is guilty of fraud. (Of course, what 'guilty of fraud' means, only ICANN knows.) :-) Rapakiwi
  5. Sorry, but here's an addendum to it for Thunderbird users. While adjusting Thunderbird, I asked it to warn me of 'e-mail scams' and 'spam'. Though I received hundreds of spam letters with frightening web links, no warning ever appeared. (Phish I'm no longer sent, after I started reporting it: almost all my spam comes from one organization, in Asia.) Finally, today, a dire warning of an e-mail scam appeared. It was my monthly book catalog from Dover Publications. I don't know about others, but I consider most of their books outstanding bargains. The message is, at the moment, use more security than that offered by Thunderbird. :-) Rapakiwi
  6. Exactly! Even I can agree with that statement! :-) This last note is to thank those who attempted to analyze specific spam letters from tiny fragments I posted. I read and always appreciate the links offered me (especially those from Wazoo, which I always read), but my only interest was in knowing why I needed to examine reports to ISPs supporting illicit websites. Clearly that would be the only ip address NOT hidden from me. I just hadn't time to do this. No matter; I've found a happy solution that may help others, even Microsoft users. This letter may offer ideas (and does offer links) for Mac users. My ending post. Victims During my absence (a blocking list sending letters was a migraine-aura typo, BTW), I thought of a way of quickly reporting spam to both KnujOn and SpamCop, reporting 'spamvertized' websites. The sites I just couldn't ignore, since the very professional letters selling sex-enhancing drugs and diplomas are purposefully written in an illiterate manner. These appear designed to hook young Americans, who are using their parents' credit cards. Perhaps yours. 'Additional Comments from Recipients' Rather than type a personal message on each report, as I used to do (and took too much time), I prepared on Mac's 'Tiger' OS a simple text letter with my most common remarks, under headings based upon KnujOn's classification (Phish, Drugs, Counterfeits, Software, &c). Thunderbird Forwards by Attachment Now, when I forward spam (by attaching it to an empty file) using the forward toolbar button on Thunderbird, I forward all the day's drug spam to both Drugs <rx[at]coldrain.net> and SpamCop's address given me. Quite soon, SpamCop will ask me to verify my report (which is very good). Select an Appropriate Paragraph, Drag & Drop In the corner of my Desktop is my text file. I examine the report, the spam, select an appropriate 'generic' paragraph from my text letter, drag it to the box on SpamCop, and modify the comments specifically for that spam letter. This removes the slowest part of reporting spam to SpamCop, and appears satisfactorily fast. That solved my problem of wanting to quickly report illicit websites as well as spam letters. (spam is not my profession.) The Haku & KnujOn extensions to add-on The Add-Ons to Thunderbird that forward my junk folder to various agencies are not for me: forwarding the spam to more specialized addresses and giving it (at SpamCop) my real e-mail address and personal remarks are worth the extra effort, if I could afford the time. Now I believe I can. I do find these useful, though: Alerts are more Important to me Growl for Mac's 'Tiger' OS http://www.versiontracker.com/dyn/moreinfo/macosx/24638 Growl Mail for Apple Mail notifications http://growl.info/extras.php#GrowlMail Growl Thunderbird Notifications (now built-in, I think) https://addons.mozilla.org/en-US/thunderbir...owl&cat=all Growl used to work well (before Apple crippled my G3 iBook) with ClamXav Sentry and Apple Mail. One's Speaker has a Use Mail in my Inbox is scanned automatically for malware, and the 'music video' alert pops up a translucent black screen with sender & subject, so I know whether to stop working. Mail in the Junk folder is announced by voice, and malware is announced by both (with a persistent message window). I either found or recorded spam.aiff, malware.aiff, and error.aiff, which I put in /Users/Me/Library/Sounds/ So, a simple collection of my favorite paragraphs with audio alerts allows me to now report spam in a timely manner with little effort. Thank you all very much anyway for all your advice and helpful links. Rapakiwi PS. Occasionally I do receive solicited mail with hyperlinks. Never have I opened one without checking whether it is a real link to a friendly domain, or a name or image of that domain that would take me to Baluchistan. (Now on a Mac one can just wave the pointer over it.)
  7. Oh, I thought 'this guy' was you, sorry. :-) So, I assume from your posts that the SCBL only reports illicit web stores (in English): it does not black-, white-, or greylist them (bit of jargon here). I admire the SCBL, but I don't use it. I have to get back to bed (for I am here just to quickly send tonight's spam to KnujOn's various addresses). I've recently reported only one spam to SpamCop, just to test whether it accepts Thunderbird's 'forward by attachment' results (for Mac's implementation of some mail RFCs has bugs, leaving .eml about, &c). The 'inline' attachment option was also accepted, but the link in the body wasn't reported. (This paragraph is for Mac users.) SpamCop seems to accept these Thunderbird forwards just fine without any 'add-ons' (which attach the source without any Apple bugs); so I trust those to KnujOn are acceptable (though I'll double-check). Thank SpamCop for the great reports! To clarify your puzzlement, one report (a year or two ago) contained a link to opera.com. Because all previous links to, say, ЗдравÑтвуйте!.ru, had reports prepared, I anticipated one about opera.com, which I should delete, lest (I excessively worried) it might make it to the SCBL. It didn't appear. Thus I concluded you had a list of legitimate sites (common corporations who would not respond well to being reported by you) about which you did not prepare reports. BTW, thanks for the last link, which I'll check out. However, I've pretty much decided to report all the method that reports only headers. One user kind noted that even reports of phish elsewhere must be examined by hand: this I didn't know. Why, I still don't know; but I'll ask at CastleCops. I also have my old spam (yes, I archive spam); so I'll run through the SpamCop parser what I had analyzed by hand some days ago and see if SpamCop can find more from its envelopes (English, not networking jargon): in English, a letter has an envelope and a signature. On the envelope, the mailer (the post office) applies a stamp when the letter is posted. (If SpamCop's use is for Knurds only, I'll change my language, for I worked as a computer professional between legitimate jobs. Don't waste your time puzzling over details sufficient only to illustrate a point. As for your earlier remarks that the 'problem' here is a refusal to fulfill my contractual responsibility, then allowing ignorant people access to the internet, I think you should take the time to get out more. My best, Rapakiwi
  8. Ms Betsy, Always a pleasure to hear from you. Thank you for clarifying Lou's opinion, which I somehow missed. I examined only about five spam addresses to conclude they were of little value. A while ago, if you remember, I examined dozens and found a strong correlation between web store ISP and spam sending ISP, which would make address reporting useful. Unfortunately, these were the ISPs likely owned by World-wide organized crime syndicates, so reporting would be of little value. If everyone used the SCBL (or whatever it's now called), I should be pleased to report. I'm getting migraine again, so I can't remember whether I can report by forwarding attachments without reviewing & confirming or not now. (At the moment I can't.) If so, I shall reconsider the value of SpamCop to me (for I don't mind spam). I may be gone for a few days, but then I'll check. The link is great! Thank you! You realize that helping police the worst on the net is just a social obligation. My research must take the bulk of my time. This morning I zipped away 6 spam from the night, each to a different address at KnujOn. It took less than one minute. Bruce The Irritating PS Long ago some of us at supercomputer centers were consulted by the Gore Commission about how to release NSFnet to the public. Corporations such as IBM wanted to control it, but we urged it be controlled directly by Congress, the way the five NSF supercomputers were. ICANN is a private company, though non-profit; however, I shall find out whether Congress (whether you and I) have any real influence over it. In any case, I have many suggestions. :-) Microsoft imposed outrageous contracts upon others for decades; why can't ICANN's contract address the recommendations of international law enforcement agencies, and just propagate itself when registrars sell blocks of ip addresses, all the way to the individual user? Perhaps our new Administration, State Department, and Congress would be interested in helping formulate ICANN's new contract in coordination with concomitant new treaties. :-) Thank you very much for giving me the best link yet!
  9. Yes, that's exactly what I read when I followed Wazoo's initial link to 'Quick SpamCop'. Exactly. That's the problem. My unhappiness, I suspect, is simply because I'm not thinking of other users. My situation is a good one. First, I safely & carefully pre-examine everything I send to SpamCop. Most people can't safely open the letter. Next, being a member of the poor as well as ignorant, I no longer travel. Never have I received an e-mail with a hyperlink to a store outside the United States. However, were SpamCop to report hyperlinks in the body of the message, I should still check the (imaginary) option 'Don't report links to sites in my host country' (didn't I write that once before?). What I was expecting from SpamCop was a way to easily report Canadian pharmacies in Russia to supervising officials. Though ICANN doesn't police, it does prohibit (by contractual agreement) 'FDA-Recommended Canadian Pharmacy' from moving its website if the owner has committed fraud. By initially clicking all the 'don't report if ..' safety options, SpamCop (would, in my imagination) initially send no reports to store's ISPs (as now). This really isn't the problem, I suspect. The real problem may also be more than allowing ignorant people to use the internet. The real problem may be SpamCop's blacklist (someone will no doubt offer me the cognoscenti's acronym). Mailers always go down, and the mail is just stored (if possible) until it's up; but if a tiny home business is shutdown for more than a day, it could be devastating. This is why I, too, am not enthusiastic about blacklisting (greylisting) 'Mom & Pop' websites, while whitelisting corporate ones, as SpamCop appears to do (in a very reasonable manner). Yet, I'm requesting the ability to shutdown a store be made even easier! Well, not really. I'm not interested (though I admire!) SpamCop's blacklist: I want only supervisors to know what they are, perhaps inadvertently, helping sell. It needn't even be reported as 'spam': it could be reported separately, to those supervisors who want to be informed: they could choose the urgency of the message. In this case, knowing that 'bookfinder.com' sells books is likely to cause no one harm. This isn't SpamCop's mandate. SpamCop does one thing, and it does it extremely well. However, if you know where I can find another organization that can report illicit stores as fast as it does phish (or even general spam here), I should use it. I shall. The documents were very vague. I'm never examined Mailhost simply because the first document said, as you do here, 'Quick Spamcop' uses only the envelope (header, for Wazoo), whereas, as you've noted, I want parts of the letter (body, for Wazoo) reported. The specific question in my initial post you express very well. Thank you. The extended question is: Is SpamCop capable of changing, as the needs of us (ignorant masses) change? Rapakiwi
  10. Well, that store closed its shutters; so I can't state who owned the ISP. I can say that I caught it while still alive, and I used the 'whois' internet service at APNIC and ARIN regional internet registries to find its physical location as best as possible. I certainly hope that ISP was not connected with the illicit store, using spamming as a delivery device. Otherwise, reports of the store's activities to its ISP would not help remove it. I wish to again emphasize to people that I never opened the door of any store. By an 'illicit ISP', I refer to those who are connected with spammers. I didn't know these existed until I studied my spam before my absence. These might include ... well, all of mine: those who allow initial forged 'Received' lines, allow me to send a million letters a day, using 'TheBat!' ... you get the idea. My principal way of discovering these was not hard: one letter, posted from A, had a store on B; and another letter, posted from B had a store on A. Both mailing address & store changed their ips daily, but stayed on the same servers. Note quite that easy, but almost. Why must it work that way? If it's rules have failed us, isn't it our responsibility to fix them? I am attempting to work within the current rules of this broken system, just to reduce a bit of personal tragedy. But, of course, there could be many 'me's. Aren't you a Mac user? :-) Yes, but my neighbor doesn't live in China or Turkey. Consider the current locations of these domain servers, owned by XIN NET in Beijing:- ns3.njdbidew.com. 170605 IN A APNIC Korea's Korea Telecom ns2.njdbidew.com. 170605 IN A APNIC China's Nokia China Investment Company ns1.njdbidew.com. 170605 IN A LACNIC Argentina's Buenos Aires Cablevision S.a ns4.njdbidew.com. 170605 IN A RIPE Estonia's Parnu One of the latest of the illicit web stores (selling just counterfeit items, for a credit card) immediately wanted to directed me to 'http://rhmj.tathem.cn' (though I didn't let it). The domain 'tathem.cn' (indeed owned by a company in Beijing), is today given by the above servers a block of ip addresses in Tennessee, owned by Charter Communications. I have no doubt you will tell me how responsible Charter Communications is. That's fine; but who just stole my bank account? So, should one tell Charter they own a little bit of China, or should we send the FBI to Beijing? I won't even get into IAP servers that intercept http requests and forward them to others, encircling the World and ending in a store in rural Paraguay. :-) My quote from APNIC was just to remind us that there is no current way of eliminating international internet crime but the dissemination of information (in the way of reports) to the responsible (thank you, ICANN). KnujOn and others are apparently working with legal authorities. Some organizations need to inform abuse personnel as soon as possible. SpamCop does this if I use the copy & paste method, but not if I forward the spam to them. That was my original query: will this soon change? Rapakiwi
  11. Yes, thank you, but I didn't post in the help section; so my message was in English. I'm 'afraid' the stores of yesterday are gone today, so not much data is to be had. By 'expose', I suggest that reports to responsible ISPs unknowingly housing illicit stores (in the report to the store's contact) is 'exposure', for the store in San Mateo is gone today. 'Illicit' stores might be recognized, for example, by many consumer seals, all GIF images. I'm hoping, as you read earlier, to use 'Quick SpamCop' to send reports to web stores and their ISPs (and registrars, I wish). People doing this, I assume, is why these stores are so ephemeral. I may answer some of your questions in my post below. However, I obtained my information by combining pieces of various SpamCop documents. I'd like to emphasize to people that I never entered a store, but used ICANN's regional internet registry's servers to anonymously obtain information about other servers on the internet. I shall give 'Quick SpamCop' another examination. Thank you! Rapakiwi
  12. That's good to read. All my 'Received' lines end in dates (which helps me find forged ip addresses). The warnings in the 'Quick SpamCop' documentation suggested the 'Return-Path' and even 'From' might be used to determine the mailer. So, I expected the worst. It occurred to me that it could be just a dead watch battery :-) , but all my spam comes, I suspect, from illegal ISPs. Found something possibly great since I posted. If I ctrl-click on an illicit website, a contextual menu pops up with the option 'Report E-mail Scam'. This takes one to this site, which includes reporting sites deleterious to the user's experience: http://www.google.com/safebrowsing/report_phish/ Of course, clicking an illicit gmail site will not bring it up. :-) (Before SpamCop came, I had dreadful times working with Google's 'security'.) I've not checked whether this will help people who are tempted to click on an illicit site, whether it will prevent java scri_pt from opening one, and whether the sites are reported to any profit-free internet crime organizations; but the sudden interest in removing these sites from search engines (though not domain servers), I find very encouraging. In the year 2000, the United States had the opportunity to create a cooperation among law enforcement agencies in all countries, and to and harass international crime syndicates of all kinds. If these were preoccupied with rapidly moving from country to country, they might have less time to organize & execute criminal activities. Perhaps later. My best, Rapakiwi Paroled from Dartmoor
  13. Thanks for finding the right spot. My post was long because I combined my query about whether SpamCop is going to change its procedures (hint, hint) with a contribution to (at least) Mac users. Though I do indeed find SpamCop's organization and documentation too sophisticated and often too technical to follow, I knew the answer: 'of course not'. I appreciated and read the hyperlinks your recommended. The spam that comes to me is extremely professional, designed to look amateurish - to appeal, I suspect, to a specific kind of person. Last night I personally examined the envelopes from yesterday's spam, all illicit. All the letters appeared to be from illicit ISPs (or mail servers, at least), and most all the originating ip addresses appeared forged. Every 'From', 'Reply-To', and 'Return-Path' were bogus. Two were from 'me'. The letter titled 'High-quality service is guaranteed' was labeled as comaror.kr by the mailer, but the ip address reported it from kornet.kr. Consequently, I don't think 'Quick SpamCop' is for me. In contrast, the enclosed hyperlinks were genuine. Reading the letter immediately opened a web page on a Hong Kong server (owned by Typhoon Games, Ltd), which bounced me to a web store on an ISP in San Mateo, California (owned by Xo Communications, in Herdon, Virginia) that sells 'sex-enhancing' drugs. Because the recipient (I) live in Northern California, this fact is useful. (In contrast, the 'Canadian Pharmacy' store in rural Romania, bounced to by a computer in China (with no websites itself), mailed to me from an American insurance company apparently situated in Vietnam is of less use.) As Miss Betsy knows, my silly idea was to use my illicit spam to report & expose these websites until the cost of moving them exceeds profits gained from emptying American bank accounts and credit companies. For, to quote ICANN, 'APNIC does not operate networks using this IP address range and is not able to investigate spam or abuse reports relating to these addresses. For more help, refer to http://www.apnic.net/info/faq/abuse.' Because 'Quick SpamCop' would, in my case, serve no purpose but to blacklist myself, this query is resolved only in the sense that I can't help anyone by using its services, so I cannot use it nor expect to in the near future. Thank you for the useful information, however. Most sincerely, Rapakiwi, PhD
  14. Dear spam Cops, Can I forward my spam to SpamCop and not have to log-on to review it? If I must log on, I might as well just copy the source to the (CastleCops-like) windows it provides, as I always did. Such added effort only makes sense to me if I report all spam only once daily, after the computer boots in the morning. Only then would it be reasonable to take the time to log into SpamCop by browser, verify all my reports, & mail them. This is not good for SpamCop. Why SpamCop needs Rapid Reporting Mozilla's (platform-independent) Thunderbird lets me instantly classify spam & forward various kinds (phish, for example) to various organizations ('Phish' can be a group of collected addresses). Or, I can mail everything in my junk folder to various agencies, then delete it (with the press of a toolbar button from 'Habu'). At the moment, my computer's voice tells me that spam has arrived, and within a minute I can examine it safely (blocking MIME), classify it, & forward it to an appropriate agency. But I don't believe I can do this with SpamCop because of my having to start my browser (which must swap out Thunderbird) and examine SpamCop's report. However, I want to use SpamCop to get phish and illicit sites off the internet as fast as possible! I'm only a scientist with little time to report my research, not a full-time cop. If I must decide between reporting my research or spam reports, I'll naturally chose the thing only I can do. However, using free services on the internet means, to the internet citizen, one helps as much as one benefits. There are many spam reporting organizations that I can easily zip a letter to; but they likely only rapidly take down phishing sites. (KnujOn, however, wants to kill lethal medicinal sites, which prey upon us poor.) SpamCop & KnujOn Complement One Another The aged may remember that in posts long ago I had mistakenly been attempting to use SpamCop to perform the services of KnujOn. KnujOn appears interested in illicit spam, preventing the stealing of identities (and USD 600 million per annum, and lives taken by counterfeit medicines). However, the wheels of justice grind slowly (if at all). Reports of KnujOn's becoming personae non grata at ICANN are most encouraging, however. (Jon Postel is likely rolling in his grave at ICANN's choice to ignore crime.) SpamCop blocks spam, quickly: as a side-effect, it reports the site's activities (to everyone up to ICANN, I wish) in a letter. I don't know whether it places the illicit store's site on the SCBL before it can claim more victims; but I hope it does. Both KnujOn's and SpamCop's services are important for me to use. Using Apple Mail & Thunderbird To report spam quickly & easily on my little Mac (running 10.4.11), I've installed two mailing agents: Apple Mail (for my spam-free accounts) and Thunderbird (for my unhappy spam-trap). Apple mail is unique in that its Junk folder allows the viewing of mail, yet avoids web bugs and malware. However, unless one is running MacOSX 10.5, it won't forward dangerous HTML mail, even as an attachment. This is an Apple Mail problem. Thunderbird announces when spam arrives (using GrowlMail, though it can do this itself), and the combination ClamXav Sentry & Growl throws up a persistent warning screen that prevents my opening a letter (RFC822.eml) tainted by mailware, or has even a phishy smell. Thunderbird for MacOSX http://www.versiontracker.com/dyn/moreinfo/macosx/20359 Thunderbird for Portable Drives http://www.versiontracker.com/dyn/moreinfo/macosx/29719 The Ease of Selectively Reporting to Knujon, FTC, SEC, FDA, ACMA, DSLReports, Millersmile, &c: Knujon.net has, well, nine mailing addresses, which I symbolize by a one-word 'Tag': Phish, Drugs, Counterfeits, &c, and Unknown. Because Thunderbird's Junk folder doesn't protect one, I turned off all associations of MIME objects (photos, movies, hyperlinks) but plain text. 1. Knujon on Thunderbird I rapidly view the text in each spam and tag it according to Knujon's classification. Then I view letters of one tag, such as 'Phish', select them all, and forward them as attachements to, for example, Phish <phishing[at]coldrain.net> which Thunderbird fills in itself from my 'Collected Addresses'. The 'Sent' folder records what I have reported. This takes less than a minute for three or four spams. Note that I have already carefully examined the spam. Anything not spam I have moved to the Inbox, anything questionable I just deleted. On the toolbar, just above the list of letters, I've placed 'Tag', 'Forward', & 'Report' (by Habu). The Habu Thunderbird Add-On https://addons.mozilla.org/en-US/thunderbir...abu&cat=all 2. SpamCop on Thunderbird After reporting this, I was hoping to select all letters in my Junk mailbox, forward them to my special e-mail address at SpamCop, then move them to the Trash. (An add-on by Habu will mail all letters in the Junk folder to any combination of these: address of your choice, SpamCop, KnujOn, various US governmental organizations, and the Australian government. Then Habu will discard all the spam.) No reporting organization requires further action on our part ...but SpamCop. This is a Problem SpamCop's requiring further action is a problem because some of us haven't much of a life left. I should be willing to contribute a book (USD 15) for the ability to check 'Don't send report to From address', 'Don't send report if address may be forged', 'Don't send report to hyperlinks', 'Don't report sites in one's host country' &c. In other words, I should like to make 'safe' choices in advance, assuring that only proper reports are sent, any questionable ones not. Is there some reason why SpamCop can't do this (forcing its own choices if necessary)? Those with time will likely customize their reports, as is now required. Other organizations seem to post-process what they receive, taking on this burden themselves. (Many, of course, are financed by taxes.) Is this available Now? Suggestion. At the moment, security sites and computer companies recommend users trash their spam. Were SpamCop to make such an option available, everyone could click (for example) Habu's green dot on the toolbar to automatically report spam before trashing it. (Wow!) The default choices of 'Rapid SpamCop' could include 'Don't send any reports', until the user logs in and reads the instructions about releasing each default restriction imposed by SpamCop on 'safe' reporting. It would also be nice, after an illness, to ship everything to SpamCop and have them choose among the twenty reports, ignoring old ones while sending the new ones. (I've noticed that spammers are dating letters in advance, so your mailer will open them first; and dating some '1976', so SpamCop will ignore them. I should have to take the time to examine the complete envelope before knowing whether to send this to SpamCop or not. Other organizations deal with them. Because my little iBook must swap a mailing agent and browser, I should like to set up an account on SpamCop described above, so I can report spam as I do to other reporting agencies. Is this possible? As mailing agents add features, such as safe viewing in the Junk folder, they could add a button like Habu's. It might be a good idea to prepare for this. Thanks