'Bomb proof' registrars...

[Wazoo]

From: "Wazoo"

To: <deputies[at]admin.spamcop.net>

Subject: More FAQ & KnowledgeBase data questions

Date: Thu, 13 Oct 2005 16:19:35 -0500

http://forum.spamcop.net/forums/index.php?act=faq

If not aware, I'm attempting to build up a FAQ /

knowledgebase tool I installed into the Forum.  A

long, slow, tedious task, converting HTML and BBCode

into a legible result .. but that's what I get the big bucks

for <g>  Anyway, there are some issues that I'm

wondering how to work.  For example, there are

some "Contact Us:" scripts that appear in some items ...

some of these link to another web-page, I can do that ...

but some are only using a "form" on that particular web-

page, assumedly to 'hide' the address involved ... in

bringing that page data into the knowledgebase, at

present, I've no idea how to simulate/duplicate the

data needed to 'convert' to that page to provide the

'same' link on the knowledgebase page.  Probably

silly to ask for the code, but .. the primary data would

appear to be the 'special' address being sent to and the

message 'header' data for that contact message ... maybe

just as silly to ask ....  for example, the last "Contact" entry

on http://www.spamcop.net/fom-serve/cache/401.html

"FORM action=/w3m" seems to be a repeated call ...

http://www.spamcop.net/fom-serve/cache/81.html

and the link "to" found on

http://www.spamcop.net/fom-serve/cache/128.html

Currently titled "How am I billed for SpamCop?"

Should be: "How am I charged for SpamCop?" as

the FAQ entry really doesn't discuss "billing" ....

(I'm thinking invoice involved.)

http://www.spamcop.net/fom-serve/cache/288.html

and the link "to" found on

http://www.spamcop.net/fom-serve/cache/286.html

Currently titled "Upgrade to a premium member account"

However, just about everywhere else (?) this account is

called "Report-Only" or "Fuel" ....???

There is only one other use of the word "premium" on

http://www.spamcop.net/fom-serve/cache/109.html

based on a Google ....

http://www.spamcop.net/fom-serve/cache/283.html

includes a now-dead link to David Carter Tod's B-64

tool ... I chased this around for a while, see that he

registered his own Domain (good through Sep 2006)

but no hosted site exists.  There are other web-based

de/encoders out there, but I've not run across one

that worked as well as this one, so not prepared to

offer up a suggested replacement.

This was one of those replied to with "official" and the Forum isn't .....

Further dialog can be found at http://news.spamcop.net/pipermail/spamcop-...ber/105890.html .. (then go "Thread") .. it's not like this specific item has not been made known ...

[Wazoo]

Might I suggest a separate Lounge ( and an easy way to find it ) explicitly dedicated to 'bugs' and how to report?  Possibly a link to the rules.  I found this link SC Material Changes to spam sort of buried several layers deep.

Problem in trying to guess at what you are actually struggling with .... The "many layers deep" .. the request for a "link to the Rules" .. etc. suggest that you've not followed any of the links at the top of "this" page to the SpamCop FAQ .. am forced to also go with appearances that you did not follow the Start Here - before you make your first Post where some of this is defined / explained/ etc.

I swear, I (and others) are trying to do something about "where to get answers" ...

I apologize in advance <taking advantage of my newbie status> if I missed it as I was reviewing the ground rules initially.

While I was reviewing the rules at SC Material Changes to spam I discovered a reference to a Base 64 tool that was not available (at least to me) at Base 64 Tool Link.

36231[/snapback]

Yes, that's just one of the issues with the "Official" FAQ .... see my previous post, which point to posts that deal with my trying to resolve some of the many others ...

[dbiel]

The issue of my discovery of a potential bug in SC's parser has been addressed in another branch of this thread.

36231[/snapback]

If you are refering to "Cannot resolve http://xqqmm>.fxrkm2iyntezogm4ndblndhmm...om#stxspx" We would not consider this to be a bug, rather a built in limitation of the parser. Reporting it will do go good as there is no intent to alter the parser's limitations that would "fix the bug" as you seem to see it.

[Jeff G.]

If you are refering to "Cannot resolve http://xqqmm>.fxrkm2iyntezogm4ndblndhmm...om#stxspx" We would not consider this to be a bug, rather a built in limitation of the parser. Reporting it will do go good as there is no intent to alter the parser's limitations that would "fix the bug" as you seem to see it.

36244[/snapback]

If we lop off the first atom ("xqqmm>.", containing the unauthorized ">" greater-than character) and try to parse http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy...ater.com#stxspx, we get the following, which doesn't make too much sense in this context:

Parsing input: http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy...ater.com#stxspx

Host fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy2.spriingwater.com (checking ip) = 222.36.42.116

host 222.36.42.116 (getting name) no name

No recent reports, no history available

Cannot resolve http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy...ater.com#stxspx

No valid email addresses found, sorry!

    * There are several possible reasons for this: The site involved may not want reports from SpamCop.

    * SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing.

    * SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address.

    * There may be no working email address to receive reports.

What we should get in that case is what we do get if we continue and lop off "#stxspx":

Parsing input: http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy2.spriingwater.com

Host fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy2.spriingwater.com (checking ip) = 222.36.42.116

host 222.36.42.116 (getting name) no name

No recent reports, no history available

Routing details for 222.36.42.116

[refresh/show] Cached whois for 222.36.42.116 : crnet_mgr[at]chinatietong.com crnet_tec[at]chinatietong.com

Using abuse net on crnet_mgr[at]chinatietong.com

abuse net chinatietong.com = postmaster[at]chinatietong.com, crnet_mgr[at]chinatietong.com, crnet_tec[at]chinatietong.com

Using best contacts postmaster[at]chinatietong.com crnet_mgr[at]chinatietong.com crnet_tec[at]chinatietong.com

Cannot resolve http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy...ater.com#stxspx is BS, it just did resolve (unless the Parser is using a different definition of "resolve" than the rest of us).

[Wazoo]

There is a bit more. again, e-mail has gone upstream in my test results. One would hope that there may yet be a post provided by one of the official folks on this ... this Topic was listed as the source of the query, data and Tracking URLs, commentary, the usual .... of course, I also included that it might be a "duplicate enquiry" based on the phrase "I did learn how to reach SpamCop-Abuse" .. not knowing what that really meant.

[dbiel]

Interesting difference in point of views!

But I was a more than a bit surprised by Jeff G.'s reply

Cannot resolve http://fxrkm2iyntezogm4ndblndhmmgyxmtk2mwy...ater.com#stxspx is BS, it just did resolve (unless the Parser is using a different definition of "resolve" than the rest of us).

when we already do know that the parser does handles web site resolution much differently that most browsers, most notably in using a much shorter resolution time period and how it handles illegal formats.

Yet if we look at a current parce it does reslolve at this time http://www.spamcop.net/sc?id=z828164852z50...50356c0886b48az

Re: http://xqqmm>.fxrkm2iyntezogm4ndblndhmm...priingwater.com (Administrator of network hosting website referenced in spam)

  Reportid: 1558754311 To: postmaster[at]chinatietong.com

  Reportid: 1558754314 To: crnet_mgr[at]chinatietong.com

  Reportid: 1558754318 To: crnet_tec[at]chinatietong.com

Re: 200.231.249.126 (Third party interested in email source)

  Reportid: 1558754306 To: spamcop[at]imaphost.com

If reported today, reports would be sent to:

Re: 200.231.249.126 (Administrator of network where email originates)

[rusty.not]

Wow. I am reluctant to believe I jumped into this thread two days ago by naively asking about a possible bug in SpamCop's parser when I pasted several spam emails and got "cannot resolve" reports. To review rewind to:

Jeff G. responded with ... to a SpamCop Admin via service[at]admin.spamcop.net.

I am still relying on my <newbie> status.

Dbiel instructed me on when not to send reports. One more strand to this web I'm trapped in.

Wazoo wazoo'ed me about my 'loose' messaging style,

Problem in trying to guess at what you are actually struggling with .... The "many layers deep" .. the request for a "link to the Rules" .. etc. suggest that you've not followed any of the links at the top of "this" page to the SpamCop FAQ .. am forced to also go with appearances that you did not follow the Start Here - before you make your first Post where some of this is defined / explained/ etc.

I swear, I (and others) are trying to do something about "where to get answers" ...

{..snip}

36237[/snapback]

So... Dbiel instructed me on the rules, .. but didn't link to them so I went back and reread them... which led me to my suggestion to put all these rules and FAQs in one place ( and time) otherwise I must scan them before every post for changes, additions, and updates.

So... Dbiel challenged my assertion by stating; , " If you are refering to "Cannot resolve http://xqqmm>.fxrkm2iyntezogm4ndblndhmm...om#stxspx" We would not consider this to be a bug, rather a built in limitation of the parser. Reporting it will do go good as there is no intent to alter the parser's limitations that would "fix the bug" as you seem to see it."

So... we arrive at the 24carat question. Where does it state in the FAQ, AUP etc that this is not a bug but, rather, a limitation. Does Dbiel speak for Mr Julian, Moderators, and Admins?

Now... an html lesson from Rusty:

1) Mouse over the above link "Cannot resolve http..." Notice the Status bar at the bottom of the browser.

2) Observe the "Shortcut to #stxspx at ..." This shows that '#stxspx' is interpreted as a Bookmark within the URL. It is probably nonexistent, the SPAMMER's way to short circuit the PARSER at SC. Works the same way [TOP of Document] navigation links work.

Finally an apology to Wazoo for wasting his time and an admission I was careless when I used the phrase "I did learn how to reach SpamCop-Abuse". I was too asleep to check the reference from Jeff G. "service[at]admin.spamcop.net" <newbie blushing: realizing this Lounge IS rocket-science>

If SC Brass intends that html bookmarks-within-documents be beyond the scope of the reports, fine. If they want to add this into the codebase, wonderful! I hate to see SPAMMERS evade the COP.

[Wazoo]

The HTML code-bit in reference is called an "anchor tag" .... to most of the rest of your last post, please see my last post .... my test results were sent upstream to those paid staff members. All of us are waiting for a response from one of those folks.

The "rules and FAQs in one place" ..... I take it you've not followed some links I've already provided to the history of my tryimg to do just that, in addition to adding data that has never existed in the "original / official" FAQ ...???? Why does it sound like you've still not followed the Start here ... link yet?

[dbiel]

In reply to rusty.not:

Some comments about this forum and its structure that might be helpful in understanding replies and avoiding overreacting to them (note: applies to all including moderators)

1)The forum is over 95% peer user based, very little official involvement. Just one user trying to help another user, Admin, Moderators, Members, none get paid for anything they do here.

2)Because of the forum thread structure, posts are frequently read as independent posts and the related context, if not included in the post itself is often missed.

3)Individual responders will often address only one part of the issue and sometimes may address it totally out of context. If a response it out of context, simply ignore it. Try to read it at face value. If it provides useful information, make use of it, if not skip it.

4)Try not to take any post personally and remember that many answers are directed to not only the person asking the question but also to those who might follow the thread later. Remember also that it is just another user responding unless by chance it is one of the official SpamCop representatives, easy to identify by the logo

5)Try to remember that your question/topic may be new to you, but it may be a hot topic here which will have an effect on the replies.

6)Those that generally respond to posts have spent a lot time working on the FAQ here to try to make the forum a easier place for Newbies and tend to overreact when those efforts appear to be totally ignored.

Note: percentage edited per comments by Jeff G.

[Jeff G.]

1)The forum is 99.9% peer user based

36265[/snapback]

Actually, given the following Total Cumulative Posts, that number is best represented as 97.4%.

Ellen - 466

jefft - 277

julian - 33

Richard W - 37

SpamCopAdmin - 91

Total of SpamCop Staff - 904

Everyone - 35570

Everyone else - 34666

Percentage by SpamCop Staff - 2.61

Percentage by everyone else - 97.4

[rusty.not]

The HTML code-bit in reference is called an "anchor tag" .... {..snip}

36253[/snapback]

Thanks -- been a long time since I studied my html. I hoped my point about how browsers interpret them vs how the PARSER handles them led me to believe the example represented a 'bug'.

{snip..}The "rules and FAQs in one place" ..... I take it you've not followed some links I've already provided to the history of my tryimg to do just that, in addition to adding data that has never existed in the "original / official" FAQ ...???? {..snip}

36253[/snapback]

I'm sorry if I'm radiating resistance. I followed link after link... , both in your thorough chronological efforts and through the FAQ links (hence my earlier comment in this thread) it seemed the important "stuff" was found after several.

{Snip..} Why does it sound like you've still not followed the Start here ... link yet?

36253[/snapback]

See previous answer. There is so much stuff here I need to don my scuba tank before I dive in.

To dbiel: Thanks very much for the encouraging explanation.

---- Help ---

BTW - I'm trying out the phpSpell dialog. Any way to make it a 'sizeable' pop-up?

Thanks.

[Jeff G.]

---- Help ---

BTW - I'm trying out the phpSpell dialog.  Any way to make it a 'sizeable' pop-up?

Thanks.

36296[/snapback]

That's a great suggestion!

[dbiel]

I am just extremely thankful that Wazoo was able to build the spell check into the forum. It is a huge improvement over copying and pasting between Word and the Forum and I find it works very well. Thank you Wazoo.

[Jeff G.]

About 18 days later, you should get another email that looks like the following:

34904[/snapback]

I've been submitting bogus registrations since Oct 3rd, and haven't gotten anything back after the submittal confirmation email. (submitted ~70 domains since then, many of the quite obvious forgery variety).

35371[/snapback]

Sorry about that, my calculation was off a month. The delay on the latest follow-up email message was 47 days (submitted November 21, 2005, follow-up January 7, 2006). It appears that the follow-up email messages are currently sent out every morning between 01:20 and 01:30 PST -0800 (between 04:20 and 04:30 EST -0500; between 09:20 and 09:30 UTC -0000) when Daylight Savings Time is not in effect in the US, and between 01:20 and 01:30 PDT -0700 (between 04:20 and 04:30 EDT -0400; between 08:20 and 08:30 UTC -0000) when Daylight Savings Time is in effect in the US.

[SargeAnt]

Thank all very much for clearing this issue. Still I cannot agree that registrar's responsibility is different from provider's.

Well, if registrars have no obligation to take on spammers, why should providers do so? Providers' responsibility is not legally regulated either, so they are free not to do anything. They could say the same way as registrars: our responsibility is to make the net function, and the content is up to the clients, please don't bother us.

This is nonsense.

Which means that registrar must be held responsible

[StevenUnderwood]

Providers' responsibility is not legally regulated either, so they are free not to do anything. They could say the same way as registrars: our responsibility is to make the net function, and the content is up to the clients, please don't bother us.

They can and some do. We refer to them as blackhats.