Jump to content

A.J.Mechelynck

Membera
  • Content Count

    240
  • Joined

  • Last visited

Everything posted by A.J.Mechelynck

  1. A.J.Mechelynck

    The never ending story cnc-noc.net

    Lucky you: mine comes from all over the world (France, Brazil, the USA, Russia, Korea, you name it). No easy way for me to get rid of it by blocking just one country.
  2. A.J.Mechelynck

    When to drop reporting to an ISP

    800 per day! That ought to have triggered the call to battle stations all over the company before the week was over! Or else, they didn't really care about those Internet customers. In the interest of any remaining ones, I hope the buying company had better policies.
  3. A.J.Mechelynck

    Forona/Swift/Yipes spam - Are They Somehow Special?

    AFAICT, slightly more than half of my spam comes from Swiftco, Forona & Yipes. Looks like they're indeed the latest "black hat kid on the block" and that I'm indeed not alone in being seriously bothered by this new source of spam. Let's hope that we'll see some action faster than for Korean spam ;-)
  4. A.J.Mechelynck

    When to drop reporting to an ISP

    Reporting spam with SpamCop has two functions: It sends abuse reports to mail servers' administrators, in the hope that they'll take action against misbehaving senders; It contributes to putting or keeping the sender on the SpamCop blocking list. For corporate users with fixed IP addresses, having one's connection blocked by spam filters is of course quite annoying, to say the least; for dynamically-addressed lines it's subtler: there, if the ISP takes no action against spammers, we can hope that constant reporting of various addresses of a single server will cause "well-behaving" customers to either complain, or "vote with their feet" and take their business elsewhere (or both); but I don't expect this to happen in a manner significant enough to make the ISP admins care about it (where they originally didn't), unless reports continue to flow (and spam-blocking continues to happen) for quite some time, maybe several years.
  5. A.J.Mechelynck

    Forona/Swift/Yipes spam - Are They Somehow Special?

    abuse#forona.com[at]devnull.spamcop.net abuse#swiftco.net[at]devnull.spamcop.net abuse[at]yipes.com In recent times (I'm talking a month or two) I've been seeing the above reporting addresses on a substantial percentage of my spam. They are always together (usually as both the "origin" of spam and the only "spamvertised link"), and spam coming out of there never corresponds to any known open relay. Anyone else seen them? -- Admins: I have a kind of hunch that this thread would fit better in some other forum than the Lounge, but I cannot decide which one. If you can, go ahead and move it.
  6. A.J.Mechelynck

    Reporting Difficulties

    In my experience, the reports have indeed been sent, but whatever decides whether or not to present the "Unreported spam - Report Now" link gets confused and shows it when it oughtn't to. I report spam via the web interface, and what I'd been seeing (but not anymore) was, just after reporting spam, a "Report Now" link going back to the just reported spam item. The parser found that reports had already been sent, didn't offer to send them again, but sometimes showed the same "Report Now" link at the bottom, again for the same spam. Repeatedly clicking that "Report Now" link finally made it disappear.
  7. A.J.Mechelynck

    Failed to load spam header

    ...and shortly after I posted post #7 above, it suddenly started working and I could report 6 spams without one error. I'm not yet taking any bets though; it could be a fluke.
  8. A.J.Mechelynck

    Failed to load spam header

    The "variable" number of attempts has climbed for me, until I can't seem to get any successful parse at all. I notice that every single attempt is listed in my reporting history; "Failed to load spam header" gives "no reports filed", just as if I had canceled the reports from the parse page.
  9. A.J.Mechelynck

    Reporting Difficulties

    Yeah, there is a separate forum thread about that. The admins are trying to get it resolved. In the meantime, usually after submitting the same spam repeatedly the error goes away. But it has taken me up to ten tries before getting to the parse page.
  10. A.J.Mechelynck

    Reporting Difficulties

    P.S. Unlike City Slicker, I send all my spam by pasting it in the SC webpage, not by email. At first, clicking the "Report now" link once was enough to make it (temporarily) disappear, but lately I've had to click it again below the "Reports have already been sent" page. Let's hope the problem will "cure itself" but FWIW, I don't see particularly high spam rates on the daily stats (click the white-and-green histogram near top right of this page) after the outage as compared to before.
  11. A.J.Mechelynck

    The never ending story cnc-noc.net

    I've never received responses to spam complaints to the Far East either, but I do receive legitimate mail now and then from China and Korea, usually in English (or broken English) and sometimes with the line "On <year> <month> <day>, Tony Mechelynck wrote" in Chinese or Korean at the top. I get these on the peer-help mailing list about the Vim text editor, and their existence is one reason why I don't block China and Korea — or any individual country for that matter. And I'm not even in Eastern Europe (but in Belgium) but Vim is a very "international" software package, used all over the world on Windows, Linux, Mac and other personal computers, and even on IBM mainframes. Like everyone (apparently), I do get quite a lot of cnc-noc spam, and I faithfully report it, not in the hope of having the spammer's account shut down (I guess the cnc-noc abuse desk, if there is one, understands only Chinese), but of keeping them on the SCBL.
  12. A.J.Mechelynck

    Reporting Difficulties

    Starting today, I've been seeing the "Unreported spam — Report Now" link on the "Sending Reports" page — and when I click it, I get the parse page for the same spam, with "Reports have already been sent", and sometimes, at the bottom, again "Unreported spam — Report Now" … for the same spam again. It's been taking up to three tries by now (the "true" reports and dismissing two "already sent" parses) to make the link disappear… until next time. Whose feet are being played with? Could this be related to the "Failed to load spam headers" error which has recently started appearing? (And FYI I'm running only one SpamCop reporting tab in only one browser window.)
  13. A.J.Mechelynck

    Failed to load spam header

    Not for me — well, not always. What I've been doing when it happens is repeatedly pasting the same data into the Reporting page's textarea, and at one point — on the second, third, …, sometimes tenth try the error finally goes away. Well, happy to know you guys are working on it.
  14. For any people interested, I'm releasing to public domain an HTML page displaying all 4 graphs in a format which looks nice in my browser (at 1024x768, minus the browser's menus and toolbars): it's at http://users.skynet.be/antoine.mechelynck/other/spamstat.htm To view one particular graph full-size, just use "View Image" after right-clicking it. If your definition is better than mine, you may want to save the source of that page somewhere on your HD and change the "height" attribute in the <img> tags; or if you have a "wide" screen, you may want to display all 4 pictures side-by-side rather than in a 2x2 tabular format. have fun!
  15. A.J.Mechelynck

    Stats graphs have moved

    SpamCop stats graphs have moved. Not a big deal, since the tiny graph at top right of every forum page is also a link, and that link has been updated to point to the new URI. However, the spamgraph.shtml page, accessible from links in the "Site map" and "statistics" pages linked from http://www.spamcop.net/ , still tries to load its images from the old address (and fails). If you want to get quick to big graphs showing how spam reporting rate evolved during the last day / week / month / year, bookmark the URI linked to by the tiny graphlet at top right of this forum page.
  16. A.J.Mechelynck

    Birthdays of note

    Not even that indeed, and even less a forgotten "gold" pile to inherit or a stash of young models' "artistic" portraits. Just plain commercial, I'd say — not "make-believe" commercial (but actually a swindle) as so many spams are nowadays. Yet that's still UCE, and considering the number of addressees, I'd say it's UBE too — spam every way you define it. Notice the all caps — but considering the date, and the printers I used on mainframes around that time, I suppose lowercase letters weren't yet in common use...
  17. A.J.Mechelynck

    New: Invalid timezone in BT/Yahoo headers

    Once I was conscious of the problem, and of the fact that it never happened on "Save As", I checked the spam source before pasting it from the View Source into the SC web form: if there were Korean glyphs (twice) I used "save as", viewed the saved-as in gvim, and pasted from there. But yes, I do install the next SeaMonkey trunk nightly every day around 13:00 UTC, and with the next build (today's) I didn't see the problem anymore. If it doesn't reappear tomorrow I guess I'll close that bug report WORKSFORME. My current version is "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008050201 SeaMonkey/2.0a1pre" where the 8 digits after "Gecko" are a datestamp in the form YYYYMMDDHH (for the US Pacific time zone, and referring IIUC to the start of the compilation process, which can take several hours).
  18. Starting today, BT/Yahoo servers are reporting a "timezone" of 퍍 (that's ampersand, crosshatch, five, four, zero, nine, three, semicolon), which causes SpamCop to report that the messages are "minus six hours old". See for instance http://www.spamcop.net/sc?id=z1848308038zd...29b9692b0257a8z
  19. A.J.Mechelynck

    Birthdays of note

    I guess I'm lucky; and yet I use legit email addresses wherever I post (including the Vim mailing lists, the Mozilla newsgroups, bug comments at bugzilla.mozilla.org, one Usenet group, ... The address I use most is [at]gmail.com, which does some pre-filtering but by diverting, not by dropping, so I can see that there anyway, there is less spam than legit mail: Periodically I check the Gmail "trash" folder, containing the mail I've read by POP, for false negatives, then the "spam" folder, containing what Gmail held back, for false positives (and after checking I clear them both): there are always fewer "conversations" (usually single-email) in spam than there are (and usually with several emails each) in Trash. I'd guess that all in all, and including Gmail, my spam turns around maybe 30% to 40% of my total mail. Quite few errors, BTW: I suspect Gmail uses Bayesian filters, which I dutifully train by "reporting spam" on false negatives and setting "not a spam" on false positives. The above is not meant as advertising for a competitor (of [at]spamcop.net and [at]cesmail.net): Gmail is far from perfect, especially if you use a Mozilla browser without "Firefox" in its name as shown in the user-agent string, e.g. SeaMonkey, or one of BonEcho (Firefox 2 nightlies), GranParadiso (Firefox 3 beta releases) or Minefield (Firefox 3 nightlies). It is also better to close its tab when you're (temporarily) done with the webmail interface.
  20. A.J.Mechelynck

    New: Invalid timezone in BT/Yahoo headers

    The error is in the View Source window: "Save As" gives an .eml file on disk without the Korean glyphs, see https://bugzilla.mozilla.org/show_bug.cgi?id=431787 -- AFAICT, the error starts wherever a header includes a plus sign (as in European timezones +0000 or +0200 but not in -0700 used by gmail.com) and propagates at least to the next space.
  21. A.J.Mechelynck

    New: Invalid timezone in BT/Yahoo headers

    Ho, hoh: here's a similar symptom from a different ISP: http://www.spamcop.net/sc?id=z1849375030z2...68a345f01e50eaz That might mean a bug in SeaMonkey instead (I'm using "trunk nightly" builds, i.e., the "bloody-red edge of development".) However, now that I check it, the source of my spam emails is OK (this one has timezones of -0400 which get translated to & #54125;) -- so the error must be either in SeaMonkey/browser or at SpamCop, after I paste the spam into the reporting form. Sorry, take back the above: the two top Received-lines have the Korean glyph, one of them followed by (CEST), the other not, so the bug must be in SeaMonkey Mail/News.
  22. A.J.Mechelynck

    New: Invalid timezone in BT/Yahoo headers

    no, it's just that six hours have elapsed since then. Compare with the time when I started this topic: if I knew about that spam at the time, it could never still be "zero hours yum-fresh". 54093 decimal is D34D hex; and U+D34D falls in the range AC00-D7AF "Hangul Syllables" (i.e., the Korean national writing system), see them in PDF at http://www.unicode.org/charts/PDF/UAC00.pdf That entity has no business being there, where a timezone code (such as +0200 for Central European Summer Time) ought to be. It looks like a BT/Yahoo bug, since I don't understand how a spammer could mess with Received headers (note, however, that the Date header, which a spammer can set, has the same bizarre entity).
  23. A.J.Mechelynck

    Birthdays of note

    Amazing that spam (and I mean UBE/UCE, not the red stuff) is twice the age of the Internet. At least the spam I get is much less than 80% and I'm not sure of the reason (SpamCop maybe, and others like it?) Anyway much more "desired" mail from bugzilla.mozilla.org (which I read, act upon if needed, then throw away) than "undesired" spam (which I report to SC if I see it before it's 9 hours old) finds its way to my "Trash" mailbox. I wonder how those 80% were arrived at.
  24. A.J.Mechelynck

    Helping to stop misdirected bounces

    I am, though I'm awaiting with some trepidation an answer from deputies[at] telling me whether I'll be banned for having done "material changes to spam", namely, added "[no body in email]" do bodiless spams, something which used to be explicitly allowed but has disappeared from the FAQ, and also "shortening" a "To:" line which happened to exceed 50K all by itself. See http://forum.spamcop.net/forums/index.php?showtopic=8895 -- formerly I wouldn't have been banned without a warning first, but I read in the latest FAQ that the penalty for every breach of the rules is now immediate termination of account without warning, at least for free accounts... -------- Lurkers, the rest of this post is off-topic; continue reading at your own risk only: it is not about SpamCop! Or else, stop. -------- Have a nice trip. With a good keyboard, such as my present fr-BE for openSUSE Linux, which can use the circumflex dead key on consonants: Ĉĉ ÄœÄ Ä¤Ä¥ Ĵĵ ÅœÅ, Esperanto is a breeze. And for Å­ (or without a "good" keyboard) I can use the abcTajpu extension to Firefox, or paste from the gvim editor. Or (on a French keyboard) I can use ù which is not "exactly the same" but is similar enough to have been used for 120 years on French typewriters which didn't have the breve sign. IMHO, the effect of the Internet in general on the Esperanto can only be positive, since the Esperantist people are a diaspora, living few and far between but all over the world, and such peoples are kept together, when they are, by communications. (The Basque or the Estonians can walk or drive to each other's houses, but we Esperantists rely on long-distance snail-mail, phone, and now email, blogging and chat.) I've been upgrading my openSUSE Linux OS from version 10.2 to 10.3 over the weekend -- I'd say the hardest part was to find the correct HTTP entry point to get the free downloadable version. These Novell salesmonkeys seem to have taken over the site to make it practically impossible to get the distribution for free; but it is doable, and I've done it now: nothing that obstination couldn't solve. I expect a higher-than-average ADSL traffic this month: we're the 4th, and I've already "consumed" about half my 12G monthly allowance; but I have a "fuel reserve" which carries over from month to month, and there are still 3.4 gig in it. It ought to be enough; and if it isn't, an extra 5G reserve costs only 5€.
  25. A.J.Mechelynck

    Extremely long "To:" line

    I've encountered today (for the 2nd time; the first was some weeks ago) a spam with an extremely long "To:" line, pushing the length of the headers over the 50K barrier (i.e., SC asks me to accept truncation at 50K, then later finds that there was no body text). What I've done to make it parse is to put the 3rd address on that line between <>, add before it "[etc.; truncated]" and edit away the rest of the line (starting at the comma following that 3rd address). See the edited headers (with, of course, munged addresses) at http://www.spamcop.net/sc?id=z1507695546ze...7d04eb0672f838z I hope I haven't committed a breach of SC regulations.
×