Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by A.J.Mechelynck

  1. A.J.Mechelynck

    Average reporting time off by timezone?

    As-salaamu `alaykum, ve-aleichem shalom... Not a small task!
  2. A.J.Mechelynck

    Average reporting time off by timezone?

    OK. for example: [...I try to report] false negatives [i.e. spam that wasn't seen as spam by my spam filters] by web [i.e. by pasting them onto the SpamCop spam-input form] [in order] to put them [the false negatives] on the [spamCop blocking] list [which lists dotted-quad IP addresses known to have been sources of spam in the recent past] listed spam: spam coming from a "known" source [because it is on the SpamCop Blocking List or on one or more of similar lists] DNSBLs: Domain-Name-Server Blocking Lists: blocking lists (aka blacklists) that operate as DNS servers: let's say I want to ask the SC blocking list if IP address is currently listed. I do a DNS request for the domain name "". If it resolves (usually to in the case of the SCBL), then the address is currently listed. If it does not resolve, then the address is currently unlisted. Other DNSBLs operate in the same way, with something else instead of ".bl.spamcop.net" (the "zone" of the BL). Pour "false negatives on the web", oui. (Portugese won't help me much, I fear...) I'm sorry, did not want to be offensive, maybe I'm just too tired to understand the complex structure of your phrase... But this little incident made me discover your interesting hompage... Спаси´бо и До свида´ния ! "by" web, not "on the" web; see the English exegesis above. ("Je signale les faux négatifs par le web" -- not very helpful I suppose.) Пожалуйста, and...
  3. A.J.Mechelynck

    Average reporting time off by timezone?

    I understood "Yum, this spam is fresh" and "Report Now" - for the rest, I miss some essential elements of grammar (verbs?) ... What is it you don't catch? I don't have much to go by on your profile (only time zone -5, and that could be USA, Perú or Quebec, without yet takng summer time into account -- I suppose it could be summer time in the extreme West of Brazil). OTOH, "Max" is a fairly international first name. Would a French translation help you? I don't know Spanish or Portuguese well enough. Verbs (not counting participles used purely as adjectives): try, report, see, put, is, use, sort, being, using, come around to, Report, keep, spew. I don't miss any. It is true, however, that colloquial English has a tendency to omit some conjunctions (that...) and relative pronouns (which, whom, ...), a tendency which can be unsettling to the non-native.
  4. A.J.Mechelynck

    Average reporting time off by timezone?

    Don't get me wrong, I also try to make sure that all spammers get the attention they deserve <g> ... it's just that time / priority / obligations mixture that drives these decisions ... and Lord knows, I'm not that good at even doing that at times <g> .. Sure, sure... "Policies vary", I said. You have yours, and I have mine. If I were working the nine-to-five squirrel cage I would probably need other policies than I have now. Even so, I'm considering undefining my spamtrap alias to reduce the flow (a mail alias that was never used except to send mail from myself [at]netscape.net to myself [at]belgacom.net -- you'd wonder who gave that address to the spammers -- or how AOL enforces its "privacy policy" -- unless they got it by trying every 7-letter combination). I sometimes say that if my head wasn't bound to my shoulders, I'd leave it on the bedcushion every time I wake up and go. What do you use distilled water for? Chemistry maybe? Anyway you haven't use that particular jug for a week or more.
  5. A.J.Mechelynck

    Average reporting time off by timezone?

    Hm -- didn't those "stuck" servers forward what they passed to some server you polled with POP? The latter would (or should) have put its Received-line (and timestamp) on the mail. Oh, well, I don't know anything about the workings of Hotmail... Policies vary... I (try to) report all my spam: false negatives by web as soon as I see them, to put them on the list (Yum, this spam is fresh!); listed spam (on at least one of the several DNSBLs I use to sort my inbox, SC being one of them) using submit-by-mail and, when I come around to it, the Report Now link, to keep them on the list at least as long as they spew. Some of it used to be Yum-fresh too, but I have been out of home more often than usually these days, and at the moment there is a backlog of some 20 hours (going down slowly) on my listed-spam reports. ISPs always have the possibility to stop additional reports by declaring (clicking?) "I don't want to receive any more reports on this issue" or "This issue has been resolved".
  6. A.J.Mechelynck

    Average reporting time off by timezone?

    AFAIK, its an average of the time between the timestamp on the top (latest) received-line ("when the spam arrived at your mail server" -- not your mail client) and when you reported it -- averaged on all spam since the "reporting time" feature was added or since you subscribed with SC at that email address (whichever is later), until the moment you see the value displayed. Let's say you sleep 8 hours, shave (or put on make-up, depênding ), dress, eat breakfast, go to work for 8 more hours including travel time and lunch break, come home, light up your computer, and download the mail that came in for your home account(s) while you were away. The mail that you "receive" at that moment has already waited at your server for between 0 and 16 hours for you to activate your mail client (and modem) and get the mail. That "waiting time" is (IIUC) included in the "reporting time" taken into the average for the corresponding spam emails.
  7. A.J.Mechelynck

    Block spam based on URLs they contain

    It's available for Windows as the "URL-Body" plugin for the spampal mail filter.
  8. I can understand being uppity about the non-address portions, but not the e-mail address proper. Suffice it to say that somewhere downstream, the activity that you despise so has indeed happened and apparently on the spamcop side. It should have been obvious from my p.s. that it isn't necessary to disparage my choice of clients and servers as the problem was with the To:l address (which Eudora doesn't mung), not the content of the forward.I was not being uppity, I just pointed a difference of opinion. I thought you were talking about the "SpamCop-Hash" which is one of the items included in the body of the test email. As for the address itself, "AbCdEfGh[at]DomAin.tLd" is equivalent to "abcdefgh[at]domain.tld" as per the regulations concerning the mailto protocol; it should be handled identically by all mail routers and arrive at the same end-user. The notion that some robot bitched to you about that kind of transformation in the email's destination address did not cross my mind. If that is true, then so much the better. But double-checking (in the Cc, see below) does no harm. My suggestion about returning the test email with another mail client was meant as a "last resort", i.e., if nothing else avails. Always happy to help.
  9. Not an unreasonable thing? Well, apparently you and I don't see eye to eye about what is reasonable. When I mention (for instance) DuPont or SuSE in an email, I want those names to arrive exactly as I sent them, mixed-case and all. Have you tried cc-ing yourself on the configuration email (where you send the test-email back)? Eudora is notorious for not letting you extract the full headers and body exactly as it got them. Maybe a last-resort possibility would be to use a different client to return the configuration email? (Hint: Netscape 7, and presumably Mozilla, which are downloadable for free, have a configurable option to read mail without removing it from the server, even on POP servers. And maybe some others can to it too.)
  10. Me too, I was talking of the case when the spam comes to the Mailhosts from some other, unrelated, mail router already marked "trusted" by deputies (but that was in the part you snipped). I got that case twice (both times coming from hotmail) and both times I got a message in red saying that I hadn't completed my configuratiuon and that I must configure all of my mailhosts. Of course, no matter how many times I repeat the configuration process, the SC configuration emails won't reach my .isp.belgacom.be servers (for [at]skynet.be and [at]belgacom.net) by way of Hotmail, so I have no way of removing that "unfriendly" red line in the rare case (twice since this past Wednesday, among something linke 150 spam /24h) when the spammer uses neither direct-to-MX nor open-proxy routing, but goes through a bona-fide outgoing-email server (probably for a throwaway account). Both times that Hotmail received-line was the bottommost (earliest) one, so both times the SC report went to the ISP responsible for whoever injected the mail (even though it didn't go through that ISP's mail servers), giving them a chance to hit the spammer where it hurts, by (hopefully) having his modem go dead... Of course, when Belgacom next puts new mail routers into service, I may get that message again, this time about something about which I will be able to do something. But even though I don't expect that before a year or two from now, it would be simpler to add such new mail routers to the mailhosts lists from the parse page than by going through the present configuration rigmarole, especially if those new routers were to be used "in transit" for some mails and not for others. But there are arguments against it too. I thought you were talking about "all" trusted mail routers, whether they were trusted by being explicitly in the mailhosts list, or implicitly by having their domains in the mailhosts list, or by having a global "trusted" flag set by deputies. Aside from the "You must complete your configuration" message mentioned above, I also get relatively often the message "Forgery detected or configuration incomplete. Please verify the source IP detected" (or words to that effect) fut AFAICT it was always about a bogus received-line (a few minutes ago, for a message injected at .verizon.net, trying to pass that verizon router as belonging to .yahoo.com).
  11. A.J.Mechelynck

    Avoiding LOGIN page?

    Not IE in this case. Well, NS7 has it (I have tested it on a few sites, but not SC mail). I would expect that Mozilla (which I don't have) would have it too. And then again, I don't know them all... Of course. (And I mentioned it.)
  12. The way I understand it, nogin's proposal #2 is to flag hosts according to whether ot not they reject SCBL-listed spam attempting to go through their servers, and if they don't, to count the spam that goes through their servers as though it had come from said servers. So, (again, IIUC) if that proposal were put into practice, then either: if I changed nothing, then the 100 to 200 daily spam I get via my own ISP's servers would contribute towards moving them onto the SCBL, thus potentially compromising those of my fellow [at]skynet.be users who do use the spam-filtering option (assuming that the SCBL is one of the DNSBLs used by my ISP's spam filter), or else jeopardising the utility of the SCBL itself, or of the option not to use it, for my ISP (and any ISP with similar policies); or if, in order to avoid such listing, I set the "spam protection" option (or if, $DEITY forbid, my ISP changed policies and decided to set it mandatorily for everyone), and if I somehow found a way to set the SC "I reject based on SCBL" flag on my ISP's incoming-mail servers, then I would cease receiving any mail from SCBL-listed sources, even if the particular email in question were actually legit (false positive). And I wouldn't even know that a rejection had taken place.
  13. A.J.Mechelynck

    Avoiding LOGIN page?

    Some browsers have the ability to "remember" your passwords for you (Look into the "Preferences" menu -- or howsoever your browser calls it). If you select that option in a browser which has it, and a user-name-and-password input page comes up, then, if you already have at least once filled in that page manually, the browser will autocomplete them (showing the username openly but replacing the password with asterisks). You have to click the Submit button yourself. Of course, since it is a potential security breach, that kind of option should be used only on computers used by you alone, or (maybe preferably) not used at all. And if you become aware that your password may have been compromised, you should (as a minimum) immediately change it, and maybe also consider not having the browser "remember" it again. Remember also that if (for instance) your computer gets stolen, you will have to login with explicit username and password from some other location. To do that you will have to remember the password "in your own head". Now if your password is -- let's say -- "abq5wz8k", maybe you can remember it, but you will certainly remember it better by using it. (Just my 0.02 €)
  14. I don't agree, and here is why: My own ISP has an optional spam-filtering option, which, if set, removes any email "detected as spam" before the user sees it. Since I am one of those who prefer a few false negatives to even a single false positive, I have intentionally turned that option off on my accounts, and I do my own filtering on incoming mail, using the SCBL and several others, and diverting rather than refusing. Some emails (e.g. those addressed "To" a ML to which I am subscribed) are re-directed away from the "spam" folder by a mail-client "rule" whether or not my spam filter has marked them as "probable spam". Thus, on the mail I get, my ISP does (if it obeys my settings) no spam filtering whatsoever; nevertheless, I don't want to see it listed for having relayed spam to me. I prefer to get all my mail, sort it myself into legit (unlisted), spam (listed), spam (not yet listed = false negative) and legit (but listed = false positive), so I can (-a-) get my legit mail even if listed, and (-b-) report false negatives immediately (by web) to put them on the list, and also the listed spam if and when I have time (by mail) to keep it on the list. Hm... It does have pros and cons (the "cons" being related to the possibility that clueless users might click it indiscriminately and add to their mailhost list a number of hosts which don't belong there.) Last week I had a similar suggestion, but I made it by private mail to Ellen & Julian. The idea was similar, but with a slight variation. I suggested that, in the cases when the parser now says "You haven't completed your configuration", a set of radio buttons be added after the jump-to point of the "Skip to reports" link, maybe something like this: "blah-blah-blah.hotmail.com" is trusted but not configured. Does it belong to your own ISP ? ( ) Yes ( ) No (x) Don't know "Yes" would add it to the user's mailhosts immediately. "No" would accept the recived-line (as it does now), not add the unconfigured trusted host to the user's mailhosts, and avoid the scolding line "You haven't completed your configuration" "Don't know" would produce a message at the top of the "Reports sent" page, with a wording maybe "softer" than it is now, let's say: Your mailhosts configuration seems incomplete. Please reconfigure. i.e. with a link to the mailhost configuration page. This would make it easier for users with complex configurations, but of course it is not immune to clueless users clicking "Yes" indiscriminately. I hoped that a clueless user would leave it at "Don't know" but my hopes are not necessarily well-founded in that matter. Of course Julian will have the final say.
  15. A.J.Mechelynck

    No answers yet

    Hi Julian We already exchanged private mail about this thing, but I thought I'd post it here. Whenever my ISP's incoming mail routers get a spam from a "trusted" site (such as hotmail.com) I get scolded by red lines in the parse telling me I must configure all my mailhosts (including, in the example cited, the hotmail.com outgoing-mail servers). Of course, no matter how many times I configure my belgacom.net and skynet.be mail accounts, the SpamCop test email won't reach them via hotmail.com. Apparently (AFAICT, which isn't much) the parser robot does "the right thing" anyway and accepts the (hotmail) received-line. What rubs me the wrong way is just the red lines telling me I've been a "bad boy" and not done all my homework :-/ . This is a low-incidence event (one case past Wednesday and one today [sunday, time zone +0002 MET DST], maybe an hour or two ago; both involving handoffs from hotmail.com) over (IIRC) between 100 and 200 spams/24h. Apart from this small problem, the mailhost system seems to be working correctly for me -- AFAICT, and for the time being. -- Best regards, Tony.