Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About A_Friend

  • Rank
  • Birthday 08/27/1969

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    Munich, Germany
  1. A_Friend

    Happy Thanksgiving

    Same here in rightpondia. Yesterday was a particularly slow day. Today it's business as usual :-( Maybe next year we should try it the other way 'round: Stuff the turkey with spammers, not the spammers with turkey... Anyway, happy Thanksgiving to all of you (better late than never ;-) )
  2. A_Friend

    Firewall listed

    Hi Scott, it seems like your bridgehead server is accepting any mail that comes his way: telnet 25 Trying Connected to g2ha.naples.navy.mil ( Escape character is '^]'. 220 g2a.naples.navy.mil ESMTP Wed, 22 Nov 2006 11:29:28 +0100 (CET) helo my_domain.xxx 250 g2a.naples.navy.mil Hello mi1.al-systems.com [], pleased to meet you mail from:me[at]my_domain.xxx 250 2.1.0 me[at]my_domain.xxx... Sender ok rcpt to:derimdwicmewocnwod_rismwujcs.wufnmewop18950302[at]navy.mil 250 2.1.5 derimdwicmewocnwod_rismwujcs.wufnmewop18950302[at]navy.mil... Recipient ok data 354 Enter mail, end with "." on a line by itself Test . 250 2.0.0 kAMATSWD024658 Message accepted for delivery quit 221 2.0.0 g2a.naples.navy.mil closing connection Connection closed by foreign host. Hmm, I don't believe you have a user named derimdwicmewocnwod_rismwujcs.wufnmewop18950302[at]navy.mil ;-) So this mail gets relayed to other mail servers until finally one server has the guts to say: "Hey, there is no such user!" Depending on the config of this machine this might result in a non-delivery message being sent back to the alleged sender. However, since spammers regularly fake the from-address, it's more likely the bounce will end up at some innocent bystander. More about bounces (aka blow-back, aka backscatter) here: http://www.spamcop.net/fom-serve/cache/329.html There are three ways to solve this problem: 1. The Good Way Your bridgehead server should know what addresses exist on the other servers. This way you can directly reject any message to a non-existing recipient without generating a bounce. However, this would imply you have access to a complete directory of all users, either via AD or LDAP. If this is not feasible, you can try... 2. The Not-So-Good-But-Acceptable Way Ask all administrators to disable NDRs on their mail servers. For E2K3, you launch the Exchange System Manager, then go to Global Settings -> Internet Message Format. Select the Advanced tab. Uncheck Allow non-delivery reports. For E2K, you need to download a patch from Microsoft. If your colleagues won't cooperate, you still have... 3. The Hard-But-Hey-It-Works Way Discard outgoing NDRs on your bridgehead server. This isn't very nice, I know, but it should solve the problem. There might be other solutions, but that's all I can come up with on short term... Good luck, A. Friend
  3. A_Friend

    SpamCop Victimising Victims

    If you use C/R AND send mail to uninvolved third parties AND those affected will report you: Yes. There are some C/Rs that send the challenge right within the rejection message in the SMTP dialogue, thereby making sure challenges are only sent to the original sender while he is *still* connected. This is the only way you can make sure not to trouble others. You may contact the deputies. However, spam is spam. And spammers will be blacklisted. I don't like the idea of receiving answers to mails I never sent in the first place. Using auto replies is another bad idea nowadays. Imaging a spammer forging *your* email address as the sender. So you receive houndreds or thousands of "non-deliverable", "out-of-office", "on-vacation", etc. replies. You'd like that? Probably not. Neither do I. You may want to read: http://www.spamcop.net/fom-serve/cache/329.html It pretty much explains everything. Confirmed Opt-In is not Challenge/Response. Good luck, A. Friend
  4. A_Friend

    SpamCop Victimising Victims

    Asking nicely yields nice answers. Let me add a few points to my predecessors' answers: - C/R does not filter, it delegates the decision wether a message is spam or not to someone else. It's just "passing the buck". - Therefore, if a spammer manages to bypass the challenge (e.g. by using OCR), it's not spam anymore! - Some people may find it impossible to pass the challenge (e.g. the blind or visually impaired) - When two C/R systems collide, they may deadlock each other (challenging the challenge) - C/R always implies your time is more valuable than mine. If I receive messages from a C/R system I never sent mail to, it's unsolicited. Why should I not consider this spam? No. C/R just passes the buck. One more thing: Let's assume someone is using C/R. I did not send him any mail, nevertheless I receive a challenge from his system because some spammer forged my address as the sender. What should I do? a ) I ignore the challenge and won't be able to send him any email ever again, even if I wanted to do so? b ) I acknowledge the challenge so the spam gets through. The recipient will probably blacklist me. Again I have no chance to contact him ever again. Catch 22. Good luck, A. Friend
  5. A_Friend

    SpamCop Victimising Victims

    Well, apparently I could say more, but OTOH, the topic of C/R has been extensively handled. So why should I write the same arguments again and again? Look here for the last discussion of a CR-system (TDMA): http://forum.spamcop.net/forums/index.php?...ost&p=50064 That's all I have to say about C/R. Can you dispute at least *one* of those arguments? Good luck, A. Friend P.S: Threatening legal action without any substantial judicial knowledge is a sure-fire way to be the laughing stock in here. With a little more reading you could have easily avoided this embarrassment. Next time, I suggest you either read more or talk to a lawyer first. -- “Speak when you are angry and you will make the best speech you will ever regret.” - Ambrose Bierce
  6. A_Friend

    SpamCop Victimising Victims

    Cart00ney, cart00ney! Can you spot the looney? SCNR A. Friend
  7. A_Friend

    Spamcop Sucks Big Time!

    YOU should find a better solution instead of ranting! TMDA generates backscatter - it sends challenges, even if the sender address is forged. So effectively *YOU* become a *SPAMMER*. TMDA offloads the decision wether a mail is spam or not to the sender. If I send you spam and I confirm the challenge, it's not spam anymore. You have given me permission to act on your behalf. TMDA can easily deadlock with other C/R systems. Two C/Rs can easily challenge each other until the heat death of the universe, so important mails end up in limbo. And last but not least, TMDA burdens the sender with additional work, implying that *your* time is more valuable than *mine*. No thanks! Everybody who's using a C/R system is on the same evolutionary level as a spammer. A. Friend Suggested reading: http://www.spamcop.net/fom-serve/cache/329.html http://spamlinks.net/filter-cr.htm http://kmself.home.netcom.com/Rants/challenge-response.html
  8. A_Friend

    Spammer using my domain for "From" addresses

    So do we all (well, at least most of us). An advice to get rid of this flood: Those NDRs should be sent by the postmaster role account, you could try to use this as filter criteria. And Wazoo is right: Don't cut off the "non delivery" part. Anybody who sends backscatter (i.e. accepts mail firsts, then blows back to innocent third parties like you) is almost as bad as the spammer itself. Heck, even the *number 1* ISP in my country is blacklisted since he's unable to configure his mailservers correctly. For more info about this problem, you may want to read: http://www.spamcop.net/fom-serve/cache/329.html
  9. A_Friend

    HELP me

    Wow... you made almost any possible mistake in your first post! Wrong forum, generic title, no information about the problem, no error message... Please read the pinned items: [How-to] Post a Question (and prevent stupid/rude answers) Want to post about your email being blocked? Why Am I Blocked? FAQ, Please read before posting You should not expect a good answer without providing any information. Good luck, A. Friend
  10. A_Friend

    spam in attachment

    So do I. Very often it's some kind of P&D spam. Random words in the text body with attached GIF- or PNG-Files containing the real spam. - OCR is too time-consuming and cost-prohibitive. Besides, spammers sometimes split the message into several smaller images, cutting exactly in the middle of a text line. - Checksums are useless as normally several lines of ramdom pixels are found at the bottom of the image. - Bots are changed frequently to avoid DNSBLs. - Normal filters can't do nothing about that. Either rejecting mails with these attachments or blocking all dynamic IP space seems to be the best solutions. Sorry, no silver bullet. Good luck, A. Friend
  11. Is there a way to look up old, expired listings? I'm currently using bl.spamcop.net for tagging with very good results, however every now and then I'm getting a "false positive". Which isn't really a problem as long as I can do a prompt lookup and point the user to the listing: "Look here, this server *IS* sending spam, so mails from this IP *WILL* be tagged as spam. If you don 't like that, talk to the sender, it's *THEIR* problem. If this affects business mail and you want to ask us to whitelist them, please fill in *THIS* form." Well, but they're (l)users, so I don't expect them to come to me right away. So, what can I tell them if the listing has expired in the meantime? Is there any way to tell why a server was listed? Right now, using the normal query I can't even tell wether the server has been listed in the past. Good luck, A. Friend
  12. A_Friend

    On Spamcop block list and need off

    If you're right (btw: how did you get this IP?) the original poster indeed does have a big problem. DNSStuff currently shows this address listed at: CBL DNSBLNETAUT1 NETHERUNSURE SBL-XBL SORBS-WEB SPAMCOP WPBL ( http://www.dnsstuff.com/tools/ip4r.ch?ip= ) Looks like an inadequately secured server. If this server really belongs to Mr. Spamvictim, his rantings are even more inappropriate. He badly needs some help. A. Friend
  13. A_Friend

    On Spamcop block list and need off

    You come here, rant about how spamcops affect your business, don't realize you have harmed other people by not taking elementary safety precautions to protect your servers, fail to provide any relevant information, come back after two weeks, claim you don't have time (or can't be bothered) to read any documentation, ignore the fact this is a peer-to-peer forum, insult people who tried to help you and generally show every possible sign of cluelessness. Now, either get some clue or stay blacklisted - it's your choise! Otherwise this should be moved to the Lounge so everybody can have good laugh...
  14. This IP seems to be delisted now: not listed in bl.spamcop.net However, Senderbase is up again: Report on IP address: Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.4 23009% Last 30 days 2.6 261% Average 2.1 23009%?!?! Something's definitels wrong here... Good luck, A. Friend
  15. A_Friend

    Stock Spam

    Well, constant dripping wears away the stone. Good luck, A. Friend