Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Mikey

  1. Perhaps before we blame SC reporters for reporting viruses or auto-responders we should at least figure out if that is the reason they were listed. Just because one person at his ISP told him that "infected machines" caused the problem does not make it true or correct or exclusively correct. I've had more than one help desk tell me they are listed in the RFC Ignorant blacklist because of spam. No. No you aren't. Information is a good thing. A little information is a dangerous thing. Mr. Marooned, can you have your ISP forward any SC bounces they have? Or better yet, get us an IP address for the mail server? We have had countless people out here claiming that SC is blocking them, often based on comments made by their ISP, only to find out SC never blocked them. There are several reasons for these errors that are beyond the scope of your question. I'm not trying to pick a fight, I'm not claiming you are doing anything wrong. Point is, there a many super folks out here who can offer advice and help, but they need the geeky details to dig to the bottom of the problem. You are in the right place. (My earlier comment of the "wrong" place is now out of context since the post was moved by Wazoo.)
  2. Might be in the wrong forum here but..... Does she have whitelisting capability? That is, can she submit a list of approved recipients to her hosting company? Some ISPs allow you to do this via their webmail, others require you to do it through a shell account (which might be a lot of work if she's not a geek like some of us out here). Are they using SC through a filtering program like Spamassassin or is it a pure DNS blacklist on their server front-end? Whitelisting in Spamassassin is pretty easy if that's the case. Short of allowing her to do it, she might try calling their help-desk and sweet-talking someone on duty. Not too likely unless its a small, mom-and-pop ISP. Obviously places like Earthlink and Verizon (here in the states) can't do that for everyone or they would have a whitelist of 2 million addresses. You can also try appealing to the SC administrators here in the SC Help Forum, but if your servers are listed, its probably for a good reason and you won't have much luck swaying them from their automated protocol. One other thought. Just go to Yahoo, Hotmail or hotpop and get a free account. Kind of a pain, but it will work.
  3. Whoa. Might want to have a doctor look at that. Border Gateway Protocol (4). Not something the average third tier ISP would deal with but I suppose there could be issues there..... Can you show us the actual LART you got from your ISP or was that done over the phone? Seems that we've seen this before out here. People seem to use the term "SpamCop" as a generic term. Kind of like Kleen-X or Band-Aid (brand names for tissue and bandage). Although some of the other posters have done some snooping around and it doesn't look like you were listed anywhere so I would guess they are blowing smoke up your leg. Have them show you the actual SpamCop message, not just the Yahoo posting. The definition of spam is pretty obvious and ranting on religion or any other subject may not be to someone's liking, but it ain't spam. "I can't define spam, but I know it when I see it." -- Anon
  4. This has been talked about on here before. I know there are several of these out there although I thoght the JAVA one I saw a couple months ago was called something else other than Jackpot. Found it... Its called tarproxy at http://www.martiansoftware.com/articles/spammerpain.html I've looked at this one: http://www.spamcannibal.org/cannibal.cgi but I think it requires a kernel recompile if you don't have the tarpit version of iptables. You can simply run the LaBrea tarpit http://www.sourceforge.net/labrea/ and dump known address spaces in there (like the entire comcast DSL block from http://www.blackholes.us). I've observed this working against Sendmail and it holds them for at least 10 minutes. Of course most spammer ratware (not Sendmail) is opening up hundreds or thousands of sockets so it probably doesn't have too much effect. The thing about tarproxy and Jackpot is that they will actually interact with the MTA whereas LaBrea simply ties them up at the IP SYN/ACK level. Always thought Java was a strange choice of language for this. Whatever works I guess....
  5. Actually there are some surprisingly cheap options out there. If you go here: http://www.findmyhosting.com you can fine stuff as cheap as about $10/year. Of course I have NO idea what the reliability or performance of such a system would be. Then again its not a big deal for me because its not like my business would be relying on it. I'm sure most of these people seriously over-subscribe and have 20,000 people hosted on the same box. I've found a couple on there that look promising, just thought I'd put the feelers out to see if anyone knew of a vociferous (like me!) anti-spam operation who wouldn't be likely to end up listed here at SC. I'd like to support the community. Thanks OT! 73
  6. Isn't that over 12 posts a day?
  7. HeeHee! Here's what Steve had to say about it. http://www.spamhaus.org/news.lasso?article=152 Some interesting insight into the techniques and highlighting what a bunch of hooey the CAN spam act is.
  8. ROCK ON! And I have a friend who forwards all his LARTs to FTC.gov and just the other day he was bemoaning the fact it didn't do any good. He was wrong! "Consumers forwarded 490,000 of the company's e-mails to the FTC since January, the consumer-protection agency said." Ya, its just a drop in the bucket. The bucket is getting bigger. But I'll take every drop I can get. It would be nice if the FTC put those seized assets back into the spam-fighting community but they will probably spend it all fighting these guy's shyster lawyer for the next 5 years.
  9. O.k. So I need a spot to host files, maybe FTP access but HTTP would be fine too. I don't plan on running a business or anything like that although I might set up some E-mail accounts. Very small-time, just personal stuff. Does anyone have a list of companies or hosting sites that have a good reputation with SC? Obviously there are lots of them on some of the other forums here that DON'T have a good reputation and I can go over to ROKSO and find some other ones to stay away from. Point is, I'd rather not support the scumbags and I'd also rather not have to deal with getting myself off of blacklists if some other moron on my (shared) mail server gets me listed. Here's my wishlist. Flames welcome. 1. Cheap!! Less that $30 a year 2. At least 200 MB of disk storage 3. Linux host 4. MySQL, PHP, CGI, Perl 5. Content Management stuff would be nice but not required. 6. SSH access 7. Lack of spamming morons and a hosting company that keeps it that way. Am I asking for too much?
  10. So.... suppose I want to send a copy of a pump-and-dump spam to the SEC *and* NASDAQ spam desks. Or maybe I want to send a copy to the Interpol *AND* the FDA drug-spam desk. SC only gives me one extra spot for "additional recipients". Can I put multiple addresses in there separated by a semi-colon or am I really limited to one additional recipient per spam?
  11. Ya folks, sorry, I wasn't too clear there. Didn't mean to confuze.... 1. This is NOT the result of something I entered manually. It was a response to one of the automatically generated LART addresses from SC. 2. You'll note the question mark after the Prodigy in my original post. I don't remember ever seeing prodigy in any of the recipients pulled up by SC after it parsed the spam. I can only assume that there is actually a different address in the To: as sent by SC. I wonder if this is the old Prodigy content provider from the early 90's. Compuserve anyone? The Source? Man.... am I dating myself. Looks like Dr. Spambo has some info in his last post. Must be Southwest Bell. 3. This is about the third time I've seen this over the past couple months. I don't think it is anything new although perhaps it comes and goes as someone cleans the box out.
  12. Don't know if anyone else is seeing this: User's mailbox is full: <abus3swbe11[at]prodigy.net> Unable to deliver mail. Nice to know an abuse desk doesn't read their mail. Can someone in the head-shed switch it to "postmaster" or "root" or something?
  13. Post hoc ergo propter hoc arguments not withstanding...... ;-) Let me say there is some things going on in the mail server world that may not be apparent to the casual observer. When you feed your tasty spam into places like SpamCop or some of the other anti-spam sites, you are doing much more than simply (hopefully) alerting the spammer's ISP. You are feeding blacklists. By reporting the spammers, you are getting them listed in these blacklists so those of us that use DNS-based blacklists can find these scumbags in the SpamCop database and bounce them out of our mail servers before they even complete the SMTP transaction. So first, don't feel bad. You are doing a service even though it seems futile. Secondly, if people don't report them, they would likely never get shut down. Just because the ISP doesn't personally inform you that they are doing anything doesn't mean that they haven't canned the guy. Lastly, THANK YOU! You are adding to the blacklist databases that are used by thousands of us around the world.
  14. I'm probably reading this too superficially, but it seems to me that his biggest problem lies with his ISP/host provider(s). It sounds like the ISPs simply run for the hills when they get their first spamcop notice (be it a real, forged, or mistake message). Instead of spending a couple of minutes to actually check out the complaint and deal with spamcop, they simply cut the guy loose. The ironic thing is that is EXACTLY what we wish providers would do to REAL spammers -- drop kick them immediately.
  15. If you have the ability to run blacklists on your server, Spamhaus.org currently has them blocked. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12094 I had the same problem with a "friend" but freeflix never did more than knock on the door due to the above BL.
  16. Of course 20 minutes after I posted this, it just found one..... Go figure.
  17. Did someone back-off the parsing for spamvertized websites? I haven't seen it find one of these in at least 2 days (about 100 submissions). I'm sure there is a huge potential for false hits there. At first I just thought it was because the system was under heavy load -- just a guess. But now I'm pretty sure it is simply not looking for them, for whatever reason. I do my submissions via the webpage instead of forwarding them to the [key][at]spam.spamcop.net address if that makes any difference. Also noticed someone made the submission window bigger on the cut-and-paste page. Thanks!
  18. Ah... true, grasshopper...BUT.... At least on my machine, F3 only appears to work if the message is open (i.e. you are viewing it). If you are just highlighting the message in the list (say your inbox) it doesn't appear to work. Not a problem if you trust an E-mail enough to view it. If it looks suspiciously funky, I like to open it in properties view first. But that is a good tip, I never knew about CTRL-F3. See, you learn something every day out here..... Thanks Old Bean.
  19. [Flame on] Geez, I've held my tongue through about a dozen of these kind of postings over the past month. I'm sure they were going on for eons before I got here. Sorry Lost Highway, I know you were just asking nicely so don't take this personally. I don't know how many times people can say this: SpamCop does not block mail. If you have a problem getting mail to someone, talk to the administrator of the server you're having problems with. SMTP transactions are not guaranteed reliable. Futhermore, people seem to think the dynamic blocklists are some kind of spooky magic. Server administrators could easily hard-code the exact same lists into their firewalls and servers to accomplish the exact same thing. Many do. Do people complain to them about those "blacklists" or do the dynamic people take all the hits because they are more public and visible? Yes, you can abuse blacklists. Just like hijacking netblocks, smurfing, DDoS-ing and a dozen other blackhat capers, you can pull pretty much anything off if you are sneaky. You are at the whim of the masses once you join the Internet. If you don't like it, set up a VPN, get some nailed up T1s or pull some dark fiber between your remote sites and build your own network. Those of us that used the osirusoft blacklist woke up one day to find that we were bouncing the entire IPv4 address space. We got over it. The world kept spinning. It was the administrators choice to use that blacklist. We made the decision and suffered the consequences. Its pretty simple: If you make money off of anything that goes on over the Internet, you better try to control as many things in the data path as you can. The internet is a free media to the extent that people let you use their media/resources/equipment. If you don't have control over their equipment (e.g. mail servers) then you better make nice with them... because the rest of us don't care. Last time I checked, nobody was forced to use Spamcop or any of the hundreds of other lists out there ( http://www.dnsstuff.com/tools/ip4r.ch?ip= ). Just as you are allowed to publish your newsletters, the administrator of this site is allowed to put whatever he wants on his servers. If you don't find it useful, don't use it. [Flame off]
  20. gsimmons, This is an explanation of how to get your information in Outlook 2000: http://www.spamcop.net/fom-serve/cache/122.html Oddly enough, its much easier to get the whole thing in Outlook Express than it is in Outlook. Its a pain in the shorts. At the bottom of that page you'll see some third-party add-ons that might help. I haven't tried any of them. In Outlook express its just right-click/properties/Details/Message Source/CTRL-A/CTRL-C and you're done. Its a bit easier in Mozilla and Firebird (http://www.mozilla.org) you just do CTRL-U/CTRL-A/CTRL-C. The mouse doesn't work though, been a bug for the last four versions....
  21. I find this combination to be pretty deadly. Not for the faint of heart though.... FEATURE(dnsbl, `dnsbl.sorbs.net', `"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl FEATURE(dnsbl,`sbl-xbl.spamhaus.org',`"550 Mail from site rejected; see http://www.spamhaus.org"')dnl FEATURE(enhdnsbl,`bl.spamcop.net',`"550 Server blocked see: http://spamcop.net/bl.shtml?"$&{...`t')dnl FEATURE(dnsbl, `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl They keep the list here pretty well updated: http://www.dnsstuff.com/tools/ip4r.ch?ip= Please, no flames about sendmail. I see plenty of those on trash-dot (mostly by people who don't have a clue) ;-)
  22. 650,000 subscribers X $80 = $52 Million per year. That will buy a lot of technical support! Not trying to be an ass, the numbers just caught my attention. Seriously, for that kind of money, you could buy your own servers and give all your customers their own accounts so you could control your own destiny. As for morons who report their own incoming newsletters, I would agree with the poster who surmised it was an accident. Someone wasn't paying attention to the details..... It got swept up with all the other spams and someone didn't look close enough. Have you tried running your newsletters through SpamAssassin or K9 or the others to see how they score? Maybe someone was trusting their filters (or misconfigured them) and you got caught in the undertow.
  23. I hate to jump into the fray here, but a couple of thoughts came to mind. First, Sinbad, have you changed anything recently in your setup? Did you go to a new mail program? Did you get a new account with someone? Did you change PCs? It would be good to eliminate everything on your end. If we can do that, then we know the problem is down stream. I know from my job, the first thing you always want to ask when things suddenly, violently go bad is, "What's changed?" Its a vital question because, obviously, if things were working and now they're not, SOMETHING did change. If you can confirm that nothing, NOTHING, is different on your end, we might be able to find the problem somewhere else. To the crowd here.... I noticed he said EVERY E-mail is being blocked. I wonder if he was sending from his DSL account via some other server. That is, I wonder if, for whatever reason, he has is outbound SMTP server on a different domain. Would that cause this? It may allow him to sign in with his username and account but when it attempts to complete the SMTP transaction, it checks the BLs and barfs. Perhaps whoever runs his server just recently decided to turn on the BLs or has them implemented in a funny way so that it actually accepts the mail but then sends him a bounce when it tries to pass it off to the next MTA. Obviously uol.com.br is not going to blacklist its own users so I think that is a red herring. I'd be curious to see the entire header(s) of the bounce to see exactly who is doing the bouncing.
  24. What stuff? You mean the stats were not reporting correctly or things were being double counted? Just curious.....
  • Create New...